Version: latest v1.x.x
Is it possible to introduce a "super" admin that cannot be demoted or modified in any way? The reason I ask is that if someone manages to access another administrators account, they can demote all the other admins and will have full control over the forum and potentially hold it to ransom. If you can set up a trusted super admin, maybe via a config file, then they would be able to log on and rescind the offending administrator permission and thus recover the forum.
I have several people on my forum that will need permissions to be able to add categories and other things in the back end, but on the off chance they leave themselves logged in somewhere or a malicious actor guesses their password, I don't want that to be the end of it - I'd rather log on and recover everything without having to resort to restoring a backup via the command line unless I absolutely have to.
Thoughts / comments?
tgmatt
All 5 comments
I think it makes sense for uid=1 to be the super admin.
barisusakli
on 13 Dec 2016
I'm not sure how that would work as it would mean you can never promote anyone else to that permission rank. phpBB does it by having the first person "uid=1, I guess" be a founder and allows them to make other people founders. Regular administrators are not able to modify the founder administrators, so that would probably be an ideal solution.
Long term I think the permission system needs a good overhaul as some things like adding categories should be grantable instead of just making a user a full admin.
tgmatt
on 16 Dec 2016
In my opinion, administrators should only be people you wholeheartedly trust to run your board. Anything less, and they're global moderators if you want to give them site-wide moderation capabilities.
Gmods also have access to the flags and ip ban interfaces, so that is pretty site-wide in terms of an administrative capacity.
I'm against adding a "super admin" because the onus in keeping access limited should be on the admins themselves to use a strong password, so their account cannot be compromised. When a system is compromised, you may as well restore from backup _anyway_, as you don't know what else may have changed.
Sure, you can restore or rebuild content, but it can all be taken away again if that malicious actor changes the password of another admin so they have another way in, etc.
julianlam
on 28 Dec 2016
Is it possible to introduce a "super" admin that cannot be demoted or modified in any way?
The feature does exist, not in the way you described it though, kinda indirectly. If you are the 'super admin', you can, anytime, connect to your server via ssh and add your profile id to the administrators group in a database.
MegaGM
on 29 Dec 2016
I'd rather log on and recover everything without having to resort to restoring a backup via the command line
I am not sure what this even means. If a malicious user gains access to an admin account and messes things up. There is no concept of "recover everything" by just logging in as a so called "super user". You can't bring back purged/deleted categories, users etc. You have to go back to a backup.
All you can do with this "super user" is gain access to ACP and modify all settings that were changed. There will be no recovery of lost data. It's easier to restore from a backup.
pichalite
on 4 Jan 2017
Related issues
julianlam
路
4Comments
antoine-pous
路
3Comments
tom-rade
路
3Comments
darKnight0037
路
3Comments
djensen47
路
5Comments
Most helpful comment
The feature does exist, not in the way you described it though, kinda indirectly. If you are the 'super admin', you can, anytime, connect to your server via ssh and add your profile id to the administrators group in a database.