#44 Superadmin should not be able to delete or disable himself

closed-wont-fix
nobody
None
1
2013-12-01
2008-10-23
No

A superadmin should not be able to shoot himself in the foot^W^W^W^W^Wdelete or disable himself (in the list/edit admin section) because this will lock him out of postfixadmin.

This can be done by
a) not showing the delete link for the currently logged in superadmin
b) like a, but at server side before deleting the admin
c) while editing an admin, unchecking the superadmin checkbox should be impossible for the currently logged in superadmin
d) c) should also be checked server-side

Discussion

  • Christian Boltz

    Christian Boltz - 2010-06-22
    • priority: 5 --> 1
     
  • Christian Boltz

    Christian Boltz - 2010-06-22

    e) use bullet-proof shoes ;-)

    Seriously: setup.php can easily create a new superadmin - therefore the reason to implement self-protection has gone to nearly zero.

    I'm lowering the priority to lowest. I'll accept patches, but I won't implement it myself.

     
  • Christian Boltz

    Christian Boltz - 2012-04-09

    I don't remember someone asking for help how to re-create an accidently deleted superadmin account, and with setup.php it is quite easy nowadays.

    In other words: no need for additional protection ;-)

    (This doesn't mean I'll reject a patch for AdminHandler if someone is bored enough ;-)

     
  • Christian Boltz

    Christian Boltz - 2012-04-09
    • status: open --> closed-wont-fix
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks