Jump to content

Can't edit/demote admins


Guest neen

Recommended Posts

Posted

Is this supposed to be a "feature"?!

This seems like a very great security risk. What if someone turns rogue and decides to wipe out half the forums?

I know I can restrict them in the ACP....but this seems kind of....silly, to not be able to demote another admin when you are the root admin.

Posted

No, it won't let me.

When I load their profile in the ACP, it says this under Member Group Options:

Primary Member Group: Root Admin or Administrator (Can't Change)

When I try to edit my own profile, it tells me: "You are not permitted to edit root administrators."

Posted

No, it won't let me.



When I load their profile in the ACP, it says this under Member Group Options:



Primary Member Group: Root Admin or Administrator (Can't Change)



When I try to edit my own profile, it tells me: "You are not permitted to edit root administrators."



Are you sure? I can edit every admin's profile. Are you in the root admin group?
Posted

Are you sure? I can edit every admin's profile. Are you in the root admin group?


I'm positive, and yes I am in the root admin group (as my secondary group), as specified by the error message above.
Posted

I'm positive, and yes I am in the root admin group (as my secondary group), as specified by the error message above.



Well I tested it, and true enough, you will not be able to edit any root administrator if you're in secondary group as root admin. Perhaps you need root admin as your primary group to do that. :)
Posted

If you're a root admin as a secondary group you are not a true root admin, should you be editing other admin, or are you just getting some hacking practice in?

:rolleyes:

Posted

If you're a root admin as a secondary group you are not a true root admin, should you be editing other admin, or are you just getting some hacking practice in?



:rolleyes:



*DING*

If you're a root admin as a secondary account, you are only an admin. Try going to ACP->Admin->SQL Toolbox. You can't do that either.
Posted

If you're a root admin as a secondary group you are not a true root admin, should you be editing other admin, or are you just getting some hacking practice in?



:rolleyes:


Well, It's my own board.

The reason I did that was because I didn't want users to see the difference between the two groups - I wanted them to appear as one, but I don't want the other admins in the root admin group..

Technically, it should work as expected, since you are supposed to inherit greater permissions!

So, can we confirm this as a bug? Or is this actually a feature?
Posted

It seems more like a bug, since you are supposed to inherit the greater permissions...



Except that IPS widely recognises having Administrators/Root Administrators as a Secondary Groups is a security risk because it is all too easy for them to go unnoticed by the administration. This is a feature not a bug and IMO should stay as it is.
Posted

It's been there as long as there has been a difference between "Root Admin" and "Admin". I believe it's a security feature.


but it was only implemented correctly in 2.1.x

you can promote yourself to root admin in 2.0.x and below
Posted

Except that IPS widely recognises having Administrators/Root Administrators as a Secondary Groups is a security risk because it is all too easy for them to go unnoticed by the administration. This is a feature not a bug and IMO should stay as it is.


"List All Administrators" in Admin CP shows who has admin access through a secondary groups
Posted

If you have member A who is a primary root admin, and member B who is a secondary root admin account, we don't want member A being able to edit member B's status - in 99% of most cases, member B would be "higher up" than member A. It's working as intended.

Posted

If you have member A who is a primary root admin, and member B who is a secondary root admin account, we don't want member A being able to edit member B's status - in 99% of most cases, member B would be "higher up" than member A. It's working as intended.


My setup is this:

I have many admin on my site. I want to appear as one of these admin to normal members, and be in the same group as these admin, but I want to have the "power" of the root admin.

It seems to me that there should be some sort of override available to someone in the primary root admin group. What it could do is grant "root admin" powers through a checkbox in the Member Group part of a user's profile. Naturally, only someone in the root admin group should be able to do this, and it should require the user's secondary group to be set to the root admin group.

Is there a solution to this aside from putting them all in the admin group?
Posted

"List All Administrators" in Admin CP shows who has admin access through a secondary groups



That was a VERY recent change. Until then, you'd have no idea until they launched a full scale attack that they held administrative priviledges
Posted

My setup is this:



I have many admin on my site. I want to appear as one of these admin to normal members, and be in the same group as these admin, but I want to have the "power" of the root admin.



It seems to me that there should be some sort of override available to someone in the primary root admin group. What it could do is grant "root admin" powers through a checkbox in the Member Group part of a user's profile. Naturally, only someone in the root admin group should be able to do this, and it should require the user's secondary group to be set to the root admin group.



Is there a solution to this aside from putting them all in the admin group?



Can I just quickly ask WHY you'd want to do this? There really isn't a benefit to it. If you really must not be a Root Administrator, just create a second account and rebind all your posts to it - and have the Root Administrator as a "Do Not Use Except In Case Of Emergency" thing. In fact, that also improves your security in the same way as on Windows you shouldn't browse the internet logged in as Administrator.
Posted

Can I just quickly ask WHY you'd want to do this? There really isn't a benefit to it. If you really must not be a Root Administrator, just create a second account and rebind all your posts to it - and have the Root Administrator as a "Do Not Use Except In Case Of Emergency" thing. In fact, that also improves your security in the same way as on Windows you shouldn't browse the internet logged in as Administrator.


I can do that, and I thought of doing that actually.

I wanted to do it this way because it made it easier. I just wanted the members to see me in the same group as the others, since we are really all equal.
Posted

Can I just quickly ask WHY you'd want to do this? There really isn't a benefit to it. If you really must not be a Root Administrator, just create a second account and rebind all your posts to it - and have the Root Administrator as a "Do Not Use Except In Case Of Emergency" thing. In fact, that also improves your security in the same way as on Windows you shouldn't browse the internet logged in as Administrator.


I can do that, and I thought of doing that actually.

I wanted to do it this way because it made it easier. I just wanted the members to see me in the same group as the others, since we are really all equal.
Posted

Can I just quickly ask WHY you'd want to do this? There really isn't a benefit to it. If you really must not be a Root Administrator, just create a second account and rebind all your posts to it - and have the Root Administrator as a "Do Not Use Except In Case Of Emergency" thing. In fact, that also improves your security in the same way as on Windows you shouldn't browse the internet logged in as Administrator.


I can do that, and I thought of doing that actually.

I wanted to do it this way because it made it easier. I just wanted the members to see me in the same group as the others, since we are really all equal.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...