Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The attached patch prevents editing email & password fields on user/1/edit
for everybody except user/1.
"Administer Users" is a very useful permission, but unfortunately provides users with an opportunity to become the superuser. I would like to re-implement the D5 feature of paranoia.
It is recognised that contrib modules regularly implement extra php permissions. Becoming user/1 gives the user the ability to execute php via these modules.
Comment | File | Size | Author |
---|---|---|---|
#1 | paranoi_edit_user1.patch | 1.26 KB | sime |
Comments
Comment #1
simeComment #2
dddave CreditAttribution: dddave commentedComment #3
Gábor HojtsyApplied this to drupal.hu and it works fine.
Comment #4
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedThanks, patch applied.