Closed Bug 253375 Opened 20 years ago Closed 20 years ago

Cannot restrict privileges of ex-administrator

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: pavel.rybnicek, Assigned: justdave)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Build Identifier: 

Hello,
I installed Bugzilla and established myself administrator. Now I created new 
account, set this new user as administrator and tried to restrict my 
privileges. It is not possible.

Reproducible: Always
Steps to Reproduce:
1. install Bugzilla
2. create new user
3. set this new user as administrator
4. restrict privileges of original administrator

Actual Results:  
Message
Cannot change permissions of superuser.

Expected Results:  
The permissions should be changed

I have Bugzilla version 16.5

I think the error is in editusers.cgi at line 771:

 if($groupsetold eq $::superusergroupset) ...

There should be a check that user ís not administrator, not the check the user 
has full permissions.
This is part of the design of 2.16 and is no longer true in 2.17/2.18

In any case, it will not be changed in the 2.16 branch.  You can create and
retire administrators manually in 2.16 by using the mysql command-line to change
the groupset.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
It is impractical to adequately test for this condition within the methods used
in 2.16.x to detect an administrator.  Your best bet in 2.16 is to run some SQL
from the mysql command line client...

UPDATE profiles SET groupset=0 WHERE login_name='oldadmin';

You *can* remove admin privs from other admins in 2.17.1 and newer.
OK, thanks.
Status: RESOLVED → VERIFIED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.