If admins, including uid 1, get locked out provide documentation on how to unblock them without being able to log in.

CommentFileSizeAuthor
#3 administrator_user_should_not_be_blocked-3095886.patch652 bytesniky_chavan
#2 3095886.patch658 bytesniky_chavan

Comments

makbul_khan8 created an issue. See original summary.

niky_chavan’s picture

niky_chavan commented
StatusFileSize
new 3095886.patch658 bytes

When using User expire module if there are 2 user having admin role then user with uid=1 (drupal default administrator user) should never get blocked.

niky_chavan’s picture

niky_chavan commented
StatusFileSize
new administrator_user_should_not_be_blocked-3095886.patch652 bytes

Added new patch for user expire

sorabh.v6’s picture

sorabh.v6
He/His
Primary language Hindi
commented
Assigned: makbul_khan8 » Unassigned
Status: Active » Needs review

I believe it should work with the patch in #3

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Category: Bug report » Feature request

Thanks for the contribution. I can see how this might make sense in some cases.

Philosophically I disagree with this proposal. The special behavior of UID 1 is a bug, IMO. We should not treat it specially in a security focused module like this one. See #540008: Add a container parameter that can remove the special behavior of UID#1 for some reasons why uid 1 should not be treated specially.

My proposal is to mark it as "won't fix" and document why on the project page to confirm the philosophy, but want to see if there's any feedback on my perspective in case I'm missing something.

sorabh.v6’s picture

sorabh.v6
He/His
Primary language Hindi
commented

I like your idea @greggles but I know many people do not want uid 1 to expire especially when the site is in the development phase. Maybe, a checkbox to turn this on/off for uid 1 will be helpful. With this, we can give the decision on the site admin's hand.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

It seems useful to have docs in the README to show how to unblock a uid 1 from database/command line. We can link to those from the project page.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented
Title: Don't expire administrator user with uid 1 in any case » Document how to unblock a user, including uid 1
Issue summary: View changes
Status: Needs review » Needs work

The original issue summary is "As per drupal standard we should not expire administrator user with uid 1."

I don't think it's a standard to reduce security related to uid 1. If anything that should have the highest levels of security applied to it.

Re-titling and providing a new issue summary to focus on the new goal of providing documentation.

shelane’s picture

shelane
Primary language English
commented
Component: Code » Documentation
Status: Needs work » Fixed

This is the link I have added to the project page and README file:
https://www.drupal.org/node/947312

  • shelane committed 1931ee0 on 8.x-1.x 
    Issue #3095886 by niky_chavan, greggles, shelane: Document how to...
greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
commented

That's a great solution. Thank you!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.