Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 09 Sep 2018, 02:26
AwesomeShark305 AwesomeShark305 is offline
 
Join Date: Feb 2015
Unhappy How to make it where Admins can change other admins

So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.
Reply With Quote
  #2  
Old 09 Sep 2018, 02:56
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by AwesomeShark305 View Post
So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.
If the Super Administrator is also defined as unalterable in the config file, there is NO way anyone can make any changes to his account.

You should have only ONE Super Administrator. The rest of them should just be regular admins with permissions only you can set. If you're going to add another SA, make damn sure it is someone you trust implicitly.

Make sure to check the config file and set yourself as unalterable/undeletable.
Reply With Quote
  #3  
Old 09 Sep 2018, 03:48
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
What Max said. You can also add any user ID to the config.php file as an undeletable / unalterable user. It doesn't have to be an administrator although that is the general use.
Reply With Quote
  #4  
Old 09 Sep 2018, 17:18
AwesomeShark305 AwesomeShark305 is offline
 
Join Date: Feb 2015
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?
Reply With Quote
  #5  
Old 09 Sep 2018, 18:10
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Originally Posted by AwesomeShark305 View Post
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?
You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.
Reply With Quote
  #6  
Old 09 Sep 2018, 22:11
AwesomeShark305 AwesomeShark305 is offline
 
Join Date: Feb 2015
Originally Posted by In Omnibus View Post
You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.
My site is used in reference to a gaming community spread across Xbox, PlayStation, & PC gaming. my admins are not the problem. The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.
Reply With Quote
  #7  
Old 09 Sep 2018, 22:54
MarkFL's Avatar
MarkFL MarkFL is offline
 
Join Date: Feb 2014
Real name: Mark
You need to look in the file "includes/config.php" for a section like this:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.
__________________
Former vBulletin.org Staff Member



Support for my products (as well as updates/new product publishing) has been moved to MHB - vBulletin Products and TAZ - Add-ons
Reply With Quote
  #8  
Old 09 Sep 2018, 23:35
AwesomeShark305 AwesomeShark305 is offline
 
Join Date: Feb 2015
Originally Posted by MarkFL View Post
You need to look in the file "includes/config.php" for a section like this:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.


I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.
Reply With Quote
  #9  
Old 09 Sep 2018, 23:40
MarkFL's Avatar
MarkFL MarkFL is offline
 
Join Date: Feb 2014
Real name: Mark
No one can alter the account of someone set as undeletable/unalterable from within the AdminCP (administration of users). Of course anyone who knows MySQL can run a query, either in a plugin or manually (if they are permitted to run manual queries) to alter anyone's account, if they know what they're doing.
__________________
Former vBulletin.org Staff Member



Support for my products (as well as updates/new product publishing) has been moved to MHB - vBulletin Products and TAZ - Add-ons
Reply With Quote
  #10  
Old 10 Sep 2018, 00:55
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Originally Posted by AwesomeShark305 View Post
I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.
That is IMPOSSIBLE if you have the settings correct in the config file.

Period.
Originally Posted by AwesomeShark305 View Post
Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?
It's a thing because you do NOT have the config.php file modified correctly.
Originally Posted by AwesomeShark305 View Post
The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.
There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.

Last edited by Max Taxable; 10 Sep 2018 at 02:30.
Reply With Quote
  #11  
Old 10 Sep 2018, 04:22
AwesomeShark305 AwesomeShark305 is offline
 
Join Date: Feb 2015
Originally Posted by Max Taxable View Post
That is IMPOSSIBLE if you have the settings correct in the config file.

Period.It's a thing because you do NOT have the config.php file modified correctly.There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.


// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1,3,4';

// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1,3,4';

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1';

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1,3,4';


I am using numbers...

--------------- Added 10 Sep 2018 at 04:24 ---------------

I am not trying to make my account undetectable. I am trying to make it where if you are a Super Administrator, not regular admin can change you primary usergroup and then ban your account.
Reply With Quote
  #12  
Old 10 Sep 2018, 04:30
MarkFL's Avatar
MarkFL MarkFL is offline
 
Join Date: Feb 2014
Real name: Mark
With those settings, only the user with userid 1 cannot be altered via the AdminCP.
__________________
Former vBulletin.org Staff Member



Support for my products (as well as updates/new product publishing) has been moved to MHB - vBulletin Products and TAZ - Add-ons
Reply With Quote
  #13  
Old 10 Sep 2018, 10:20
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
"I am not trying to make my account undetectable."

un·de·tect·a·ble
ˌəndəˈtektəb(ə)l/Submit
adjective
not able to be detected.

----------------------------------

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1'; <-- Add the user id's of account that you dont want being changed.


undeletable
Adjective
(not comparable)

(computing) That cannot be deleted; indelible.
(computing) That can be undeleted.


un·al·ter·a·ble
ˌənˈôlt(ə)rəbəl/Submit
adjective
not able to be changed.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 01:43.

Layout Options | Width: Wide Color: