Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.944
diff -u -p -r1.944 user.module
--- modules/user/user.module	29 Nov 2008 09:33:51 -0000	1.944
+++ modules/user/user.module	14 Dec 2008 22:04:47 -0000
@@ -1572,10 +1572,17 @@ function _user_edit_submit($uid, &$edit)
 /**
  * Delete a user.
  *
+ * @note User #1 cannot be deleted
  * @param $edit An array of submitted form values.
  * @param $uid The user ID of the user to delete.
  */
 function user_delete($edit, $uid) {
+  // Don't allow deletion of user #1
+  if ($uid == 1) {
+    drupal_set_message(t('Failed to delete user 1: This user is the superuser or root administrator, and cannot be deleted.'), 'error');
+    return;
+  }
+
   $account = user_load(array('uid' => $uid));
   drupal_session_destroy_uid($uid);
   _user_mail_notify('status_deleted', $account);
Index: modules/user/user.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v
retrieving revision 1.24
diff -u -p -r1.24 user.pages.inc
--- modules/user/user.pages.inc	24 Nov 2008 00:40:45 -0000	1.24
+++ modules/user/user.pages.inc	14 Dec 2008 22:04:47 -0000
@@ -238,7 +238,8 @@ function user_profile_form($form_state, 
   $form['_category'] = array('#type' => 'value', '#value' => $category);
   $form['_account'] = array('#type' => 'value', '#value' => $account);
   $form['submit'] = array('#type' => 'submit', '#value' => t('Save'), '#weight' => 30);
-  if (user_access('administer users')) {
+  // User 1 cannot be deleted so we don't display the delete button.
+  if (user_access('administer users') && $account->uid != 1) {
     $form['delete'] = array(
       '#type' => 'submit',
       '#value' => t('Delete'),
Index: modules/user/user.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.test,v
retrieving revision 1.22
diff -u -p -r1.22 user.test
--- modules/user/user.test	25 Nov 2008 13:14:29 -0000	1.22
+++ modules/user/user.test	14 Dec 2008 22:04:48 -0000
@@ -193,6 +193,79 @@ class UserDeleteTestCase extends DrupalW
   }
 }
 
+class UserRootAdminNoDeleteTestCase  extends DrupalWebTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('Deny user #1 deletion'),
+      'description' => t('Tries to delete user #1, only to be disallowed'),
+      'group' => t('User')
+    }
+  }
+
+  /**
+   * Checks if the delete button for user #1 is not visible.
+   */
+  function deleteButtonMissing() {
+    // Try the edit user page for the delete button
+    $this->drupalGet('user/1/edit');
+    $this->assertNoRaw('value="' . t('Delete') . '"', t('Delete button should not appear on user/1/edit'));
+  }
+
+  /**
+   * Tries to delete user #1 trough the direct delete link, and checks for error message.
+   */
+  function directLinkDisabled()
+    $this->drupalPost('user/1/delete', NULL, t('Delete'));
+    $this->assertText(t('Failed to delete user 1: This user is the superuser or root administrator, and cannot be deleted.'), t('User #1 should not be deleteable trough the direct link.'));
+  }
+
+  /**
+   * Tries deletion of user #1 trough the mass deletion form, and checks for error message.
+   */
+  function massDeleteHandling() {
+    $edit = array('operation' => 'delete', 'accounts[1]' => '1');
+
+    $this->drupalPost('admin/user/user', $edit, t('Submit'));
+    $this->drupalPost(NULL, NULL, t('Delete all'));
+    $this->assertText(t('Failed to delete user 1: This user is the superuser or root administrator, and cannot be deleted.'), t('User #1 should not be deleteable trough the mass deletion form.'));
+  }
+
+  /**
+   * Test failure to delete root administrator as root administrator
+   */
+  function testDeleteRootAdminSelf() {
+    // login as the root administrator
+    $root_admin = user_load(1);
+    $this->drupalLogin($root_admin);
+
+    $this->deleteButtonMissing();
+    $this->directLinkDisabled();
+    $this->massDeleteHandling();
+  }
+
+  /**
+   * Test failure to delete root administrator as another administrator
+   */
+  function testDeleteRootAdminOther() {
+    // login as another administrator.
+    $admin_user = $this->drupalCreateUser(array('administer users'));
+    $this->drupalLogin($admin_user);
+
+    $this->deleteButtonMissing();
+    $this->directLinkDisabled();
+    $this->massDeleteHandling();
+  }
+
+  /**
+   * Small unit-test to check the user_delete() function.
+   */
+  function testDeleteRootAdminPHP() {
+    // test PHP functionality
+    user_delete(1);
+    $this->assertTrue(user_load(1), t('user_delete() should not allow Deletion of user #1'));
+  }
+}
+
 class UserPictureTestCase extends DrupalWebTestCase {
   protected $user;
   protected $_directory_test;