vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   How to make it where Admins can change other admins (https://vborg.vbsupport.ru/showthread.php?t=326716)

AwesomeShark305 09-08-2018 11:26 PM
How to make it where Admins can change other admins
 
So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.

Max Taxable 09-08-2018 11:56 PM
Quote:
Originally Posted by AwesomeShark305 (Post 2596280)
So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.
If the Super Administrator is also defined as unalterable in the config file, there is NO way anyone can make any changes to his account.

You should have only ONE Super Administrator. The rest of them should just be regular admins with permissions only you can set. If you're going to add another SA, make damn sure it is someone you trust implicitly.

Make sure to check the config file and set yourself as unalterable/undeletable.

In Omnibus 09-09-2018 12:48 AM
What Max said. You can also add any user ID to the config.php file as an undeletable / unalterable user. It doesn't have to be an administrator although that is the general use.

AwesomeShark305 09-09-2018 02:18 PM
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

In Omnibus 09-09-2018 03:10 PM
Quote:
Originally Posted by AwesomeShark305 (Post 2596286)
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?
You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.

AwesomeShark305 09-09-2018 07:11 PM
Quote:
Originally Posted by In Omnibus (Post 2596289)
You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.
My site is used in reference to a gaming community spread across Xbox, PlayStation, & PC gaming. my admins are not the problem. The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.

MarkFL 09-09-2018 07:54 PM
You need to look in the file "includes/config.php" for a section like this:

PHP Code:
    //    ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
    //    The users specified here will be allowed to view the admin log in the control panel.
    //    Users must be specified by *ID number* here. To obtain a user's ID number,
    //    view their profile via the control panel. If this is a new installation, leave
    //    the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';

    //    ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
    //    The users specified here will be allowed to remove ("prune") entries from the admin
    //    log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';

    //    ****** USERS WITH QUERY RUNNING PERMISSIONS ******
    //    The users specified here will be allowed to run queries from the control panel.
    //    See the above entries for more information on the format.
    //    Please note that the ability to run queries is quite powerful. You may wish
    //    to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '1';

    //    ****** UNDELETABLE / UNALTERABLE USERS ******
    //    The users specified here will not be deletable or alterable from the control panel by any users.
    //    To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';

    //    ****** SUPER ADMINISTRATORS ******
    //    The users specified below will have permission to access the administrator permissions
    //    page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1'
For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.

AwesomeShark305 09-09-2018 08:35 PM
Quote:
Originally Posted by MarkFL (Post 2596291)
You need to look in the file "includes/config.php" for a section like this:

PHP Code:
    //    ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
    //    The users specified here will be allowed to view the admin log in the control panel.
    //    Users must be specified by *ID number* here. To obtain a user's ID number,
    //    view their profile via the control panel. If this is a new installation, leave
    //    the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1';

    //    ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
    //    The users specified here will be allowed to remove ("prune") entries from the admin
    //    log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1';

    //    ****** USERS WITH QUERY RUNNING PERMISSIONS ******
    //    The users specified here will be allowed to run queries from the control panel.
    //    See the above entries for more information on the format.
    //    Please note that the ability to run queries is quite powerful. You may wish
    //    to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '1';

    //    ****** UNDELETABLE / UNALTERABLE USERS ******
    //    The users specified here will not be deletable or alterable from the control panel by any users.
    //    To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';

    //    ****** SUPER ADMINISTRATORS ******
    //    The users specified below will have permission to access the administrator permissions
    //    page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1'
For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.


I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.

MarkFL 09-09-2018 08:40 PM
No one can alter the account of someone set as undeletable/unalterable from within the AdminCP (administration of users). Of course anyone who knows MySQL can run a query, either in a plugin or manually (if they are permitted to run manual queries) to alter anyone's account, if they know what they're doing.

Max Taxable 09-09-2018 09:55 PM
Quote:
Originally Posted by AwesomeShark305 (Post 2596292)
I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.
That is IMPOSSIBLE if you have the settings correct in the config file.

Period.
Quote:
Originally Posted by AwesomeShark305 (Post 2596286)
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?
It's a thing because you do NOT have the config.php file modified correctly.
Quote:
Originally Posted by AwesomeShark305 (Post 2596290)
The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.
There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.

AwesomeShark305 09-10-2018 01:22 AM
Quote:
Originally Posted by Max Taxable (Post 2596294)
That is IMPOSSIBLE if you have the settings correct in the config file.

Period.It's a thing because you do NOT have the config.php file modified correctly.There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.


// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1,3,4';

// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1,3,4';

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1';

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1,3,4';


I am using numbers...

--------------- Added [DATE]1536549864[/DATE] at [TIME]1536549864[/TIME] ---------------

I am not trying to make my account undetectable. I am trying to make it where if you are a Super Administrator, not regular admin can change you primary usergroup and then ban your account.

MarkFL 09-10-2018 01:30 AM
With those settings, only the user with userid 1 cannot be altered via the AdminCP.

snakes1100 09-10-2018 07:20 AM
"I am not trying to make my account undetectable."

un?de?tect?a?ble
ˌəndəˈtektəb(ə)l/Submit
adjective
not able to be detected.

----------------------------------

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1'; <-- Add the user id's of account that you dont want being changed.


undeletable
Adjective
(not comparable)

(computing) That cannot be deleted; indelible.
(computing) That can be undeleted.


un?al?ter?a?ble
ˌənˈ?lt(ə)rəbəl/Submit
adjective
not able to be changed.


All times are GMT. The time now is 07:30 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03892 seconds
  • Memory Usage 1,805KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (13)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete