Announcement

Collapse
No announcement yet.

Admin changing other Admin passwords?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] Admin changing other Admin passwords?

    Hi,

    Is there a way that I can make it so that forum Administrators can't change other Administrators' (specifically the SuperAdmin's) password? Not that I don't trust my fellow Administrators , it just doesn't seem like a good idea that one Admin could have a breakdown one day and decide to lock everyone out of the CP.

    Cheers.

    ----------------------

    Ahh wait, never mind, found it . Thanks.
    Last edited by Bundle; Fri 30th Apr '10, 4:15am. Reason: problem solved :)
    http://www.thebundlejungle.com - Pregnancy and parenting forums
    Offering help, support and general chat about all things related to pregnancy and parenting!

  • #2
    I think it only depends on what admin account is specified on the config file. If the admins are protected then you cannot change them unless you change that file. I suggest talking to all members involved in the site to ensure you are enstated as such - if you are co owner I would be quite strong about the point
    My site: www.sanctuary4gamers.com My Twitter and if you like video games, my podcast (itunes)

    Comment


    • #3
      I've tested it using a new Administrator account and any Admin can definitely change other Admin's accounts, including the one specified as SuperAdmin in the config file.
      http://www.thebundlejungle.com - Pregnancy and parenting forums
      Offering help, support and general chat about all things related to pregnancy and parenting!

      Comment


      • #4
        Can't you have yourself as admin, everyone else as super moderators and modify that groups permissions to give them everything they need. Obviously except the ability to change your password?
        sigpic

        Comment


        • #5
          Originally posted by M@tt View Post
          Can't you have yourself as admin, everyone else as super moderators and modify that groups permissions to give them everything they need. Obviously except the ability to change your password?
          Well the problem was that I need them to be able to alter regular users details if necessary, but this meant they could also get into the main Admin account and essentially lock everyone out (not that I expect anyone to, just being careful!).

          Turns out you can specify users to "lock" in the config.php file so that no alterations can be made via the Admin CP, as suggested in the first reply. I just wasn't looking hard enough.
          http://www.thebundlejungle.com - Pregnancy and parenting forums
          Offering help, support and general chat about all things related to pregnancy and parenting!

          Comment


          • #6
            Ah yeah, I see what you guys are talking about. Anyone got any advice on the most secure way to set this up? I'm thinking have an account setup with complete admin priviledges which is uneditable/locked etc while the admin account that you use day in/day out should be with just straight admin/deletable priviledges so that if your normal user account gets hacked, you can still login and make changes to your normal day-to-day admin account. Is this what most people do or is there a better way?
            sigpic

            Comment


            • #7
              Open config.php in the includes folder and look for the comment section that states "// ****** UNDELETABLE / UNALTERABLE USERS ******"
              Read the description and make the appropriate change.

              This is the best way to do this unless there is something outside of the box that I'm not aware of.
              Jacob
              IT Automation Professionals
              www.ITAutomationPros.com
              jacob@itautomationpros.com

              Comment


              • #8
                The users specified here will not be deletable or alterable from the control panel by any users.
                I'm just wondering what the definition of this line is exactly. So lets say I have an account called "SA" which is setup as an undeletable/unalterable user, if someone hacks into this account.. Can this account itself change it's own password? So I could be virtually screwed until I restore? Or does this setting stop absolutely 'any' account from making alterations?

                Cheers (sorry for hijacking your thread bundle, figured it wasn't worth starting a new one)
                sigpic

                Comment


                • #9
                  Originally posted by M@tt View Post
                  I'm just wondering what the definition of this line is exactly. So lets say I have an account called "SA" which is setup as an undeletable/unalterable user, if someone hacks into this account.. Can this account itself change it's own password? So I could be virtually screwed until I restore? Or does this setting stop absolutely 'any' account from making alterations?

                  Cheers (sorry for hijacking your thread bundle, figured it wasn't worth starting a new one)
                  It basically locks the user against being changed in any way via the Admin CP. Not just password but anything... avatar, email address, usergroups etc etc. so admin with access to alter users can't change anything via the control panel, including yourself.

                  However, It DOESN'T stop you from changing your own account through the standard forum funtions that all members have access to via My Profile / User CP... through that you can still change your password, avatar etc. as normal. So yeah, if someone hacks directly into your admin account they can change the password.
                  http://www.thebundlejungle.com - Pregnancy and parenting forums
                  Offering help, support and general chat about all things related to pregnancy and parenting!

                  Comment


                  • #10
                    Actually my experience was to the contrary. When I set an account to undel\unalt, I can't change any info in the ACP or in via password reset functionality in the profile, even if it's my own account. You sure about that Bundle? You've got me second guessing now. I better check again. If you're right then that's goofy.
                    Jacob
                    IT Automation Professionals
                    www.ITAutomationPros.com
                    jacob@itautomationpros.com

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...
                    X