Black Tiger Posted January 29, 2019 Posted January 29, 2019 Hello. My friends forum has 8 admins. We can set the option for the admingroup "Can access site when it is offline?" to disabled. In this case, all 8 adminis, including the root admin, can not access the site anymore. We can only view the offline message. And visit the AdminCP. Is it possible somehow to have 2 admins (root admin and 1 other) to be able to access the forum when it's offline? Then another question. I converted the forums for a friend of mine, and put in my e-mail address when setting up the fresh forum before converting. Now my admin account from the old forum is converted to the Administrator account on the new forum (Invision). So now I'm the root administrator (the admin which can not be deleted). Is there a way that my friend, who owns the forums also can be root administrator (can not be deleted)? Or that I can have my normal admin account back and he is change to root admin? Without any of us having to delete our account?
AlexWright Posted January 29, 2019 Posted January 29, 2019 Either give the option for all admins to access it offline, or make a new admin group that has that permission.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 Ah pity, I hoped there was an easier solution. Because what's the use or benefit of even having this option if even the root admin is denied access? Maybe somebody knows question 2.
Pete T Posted January 29, 2019 Posted January 29, 2019 4 hours ago, Black Tiger said: Ah pity, I hoped there was an easier solution. Because what's the use or benefit of even having this option if even the root admin is denied access? Maybe somebody knows question 2. When did convert will know your email from old database so would match them up if have access to database you change the group ID number normal 4 to different number. As for offline if setting turn off even for root admin then correct will not allow you to see the forum as knows don't have access not matter if root admin. I hope the above helps you
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 Thank you but that was not what I was asking. Group number 4 is voor admins. At this moment I'm correctly merged to admin, like all other admins I have group number 4. But my account is merged into the root admin account (the non-removable admin account) when setting up the fresh forum needed before conversion. That's also working as designed. But I need another admin to also be non-removable c.q. non-deleteble admin because I'm only tech admin, not the owner. And I don't know how I can do that. So make an admin undeleteble.
Pete T Posted January 29, 2019 Posted January 29, 2019 2 minutes ago, Black Tiger said: Thank you but that was not what I was asking. Group number 4 is voor admins. At this moment I'm correctly merged to admin, like all other admins I have group number 4. But my account is merged into the root admin account (the non-removable admin account) when setting up the fresh forum needed before conversion. That's also working as designed. But I need another admin to also be non-removable c.q. non-deleteble admin because I'm only tech admin, not the owner. And I don't know how I can do that. So make an admin undeleteble. 4 is root my friend its one by default setup as admin as see from config file 'guest_group' => 2, 'member_group' => 3, 'admin_group' => 4, you can remove any one in 4.0.x if move them to different group.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 You write the same that I write my friend, we both state that admin is group 4. 🙂 And I do have all admins in group 4. I just thought that like with vB, there was a way to define some admins to be not undeletable (by other admins or anyone) like is possible in vBulletin. But due to your answer I presume there is no such option in Invision? So if somebody hacks an admin account he's able to delete other admins... I figured Invision would be a bit more secure on that part.
Pete T Posted January 29, 2019 Posted January 29, 2019 1 hour ago, Black Tiger said: You write the same that I write my friend, we both state that admin is group 4. 🙂 And I do have all admins in group 4. I just thought that like with vB, there was a way to define some admins to be not undeletable (by other admins or anyone) like is possible in vBulletin. But due to your answer I presume there is no such option in Invision? So if somebody hacks an admin account he's able to delete other admins... I figured Invision would be a bit more secure on that part. Admin groups should have second secure option like Two Factor Authentication, or have ip only to accress the admin cp, you can go down route changing folder name and remove the admin cp link there lots you can do.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 I normally create a .htaccess with password since a couple of admins have dynamic ip's which change every week. And some don't like fuzzing with Two factor every time they have to login. But I will advise it to them anyway. Undeletable admins is maybe a nice extra feature for newer versions. 😉
Pete T Posted January 29, 2019 Posted January 29, 2019 38 minutes ago, Black Tiger said: I normally create a .htaccess with password since a couple of admins have dynamic ip's which change every week. And some don't like fuzzing with Two factor every time they have to login. But I will advise it to them anyway. Undeletable admins is maybe a nice extra feature for newer versions. 😉 Can't see that work said to say don't see how that would bring any value to ips because let say the main admin got hacked no one could get back in as they have main access.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 What exactly don't you understand? Admins are always able to get into the admincp. If the main admin would get hacked, the hacker can't delete him because he's undeletable. In vBulletin this was defined in the config.php So to be able to delete the main admin the hacker would have to have access to the public_html via ftp to be able to change the config.php. So that's the additional value. And if I remember correctly the admin name, group and e-mail adress could alsno not be change, at least the name and group I'm sure off, as long as he was stated as undeletable admin. Edit: And it was possible to define multible admins there. Even users if I remember correctly.
Pete T Posted January 29, 2019 Posted January 29, 2019 1 hour ago, Black Tiger said: What exactly don't you understand? Admins are always able to get into the admincp. If the main admin would get hacked, the hacker can't delete him because he's undeletable. In vBulletin this was defined in the config.php So to be able to delete the main admin the hacker would have to have access to the public_html via ftp to be able to change the config.php. So that's the additional value. And if I remember correctly the admin name, group and e-mail adress could alsno not be change, at least the name and group I'm sure off, as long as he was stated as undeletable admin. Edit: And it was possible to define multible admins there. Even users if I remember correctly. i am fully understanding your not but leave at that.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 I don't understand what I would miss in the big picture. Why should my option not work in cloud plus? I never used that. And even if it did not work there, it's still nice for self hosted customers. add password to admin folder if someone wanted hack you the delete option could be easy by passedv No there you are mistaken. You're forgetten that this is stated in the config file. So the delete option can not be passed as a hacker would have to change the config file pysically on the server. That's why I can't imagine this would not work in a cloud situation. So in Invision's case it would be the conf_global.php with something like this: Edit this section of includes/config.php: // ****** UNDELETABLE / UNALTERABLE USERS ****** // The users specified here will not be deletable or alterable from the control panel by any users. // To specify more than one user, separate userids with commas. $config['SpecialUsers']['undeletableusers'] = 'x'; ...with 'x' being your userid number, not user name. So cloud or no cloud, a hacker can't delete or change an admin! It's a nice feature.
Pete T Posted January 29, 2019 Posted January 29, 2019 2 minutes ago, Black Tiger said: I don't understand what I would miss in the big picture. Why should my option not work in cloud plus? I never used that. And even if it did not work there, it's still nice for self hosted customers. No there you are mistaken. You're forgetten that this is stated in the config file. So the delete option can not be passed as a hacker would have to change the config file pysically on the server. That's why I can't imagine this would not work in a cloud situation. So in Invision's case it would be the conf_global.php with something like this: Edit this section of includes/config.php: // ****** UNDELETABLE / UNALTERABLE USERS ****** // The users specified here will not be deletable or alterable from the control panel by any users. // To specify more than one user, separate userids with commas. $config['SpecialUsers']['undeletableusers'] = 'x'; ...with 'x' being your userid number, not user name. So cloud or no cloud, a hacker can't delete or change an admin! It's a nice feature. cloud is item that ips manager it has no ftp accress so would not work, plus in time we had 4.x.x i not know any site to be hacked because self hosted people use every settings that comes via default like one already named to reduce issue that you claim vb has !! so that why i not going waste my time telling you in time had my site 10 years with ips now never been hacked because i use all my knowledge and tools ips provide to make sure never happen.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 Quote cloud is item that ips manager it has no ftp accress Aha that explains things. Please don't be harse. If you're talking about experiences, I'm busy with forums for 18 years now from which at least 12 years of vBulletin and several PHPBB forums too, and SMF. You know as good as I know that not everybody likes the two factor security and if you did not see a ips board, will not say it can't happen. If you see my suggestion for a nice feature as a waste of your time, I wonder why you even respond to it, as it's just a nice extra feature, nothing more. So no need to worry about it if YOU don't like it.
Pete T Posted January 29, 2019 Posted January 29, 2019 14 minutes ago, Black Tiger said: Aha that explains things. Please don't be harse. If you're talking about experiences, I'm busy with forums for 18 years now from which at least 12 years of vBulletin and several PHPBB forums too, and SMF. You know as good as I know that not everybody likes the two factor security and if you did not see a ips board, will not say it can't happen. If you see my suggestion for a nice feature as a waste of your time, I wonder why you even respond to it, as it's just a nice extra feature, nothing more. So no need to worry about it if YOU don't like it. If wanted a root admin function "not true root admin" then can be done but issue was not about this at the start this topic was about offline accress.
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 Correct, but one can ask additional questions, correct? But never mind, it was just a question, it's not a "must be".
Ramsesx Posted January 29, 2019 Posted January 29, 2019 4 minutes ago, Black Tiger said: But never mind, it was just a question, it's not a "must be". You can use this forum for all suggestions you might have: https://invisioncommunity.com/forums/forum/499-feedback-and-ideas/
Black Tiger Posted January 29, 2019 Author Posted January 29, 2019 Yep I know, will do that later on, first fixing the conversion issues.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.