User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Build Identifier: Hello, I installed Bugzilla and established myself administrator. Now I created new account, set this new user as administrator and tried to restrict my privileges. It is not possible. Reproducible: Always Steps to Reproduce: 1. install Bugzilla 2. create new user 3. set this new user as administrator 4. restrict privileges of original administrator Actual Results: Message Cannot change permissions of superuser. Expected Results: The permissions should be changed I have Bugzilla version 16.5 I think the error is in editusers.cgi at line 771: if($groupsetold eq $::superusergroupset) ... There should be a check that user ís not administrator, not the check the user has full permissions.
This is part of the design of 2.16 and is no longer true in 2.17/2.18 In any case, it will not be changed in the 2.16 branch. You can create and retire administrators manually in 2.16 by using the mysql command-line to change the groupset.
It is impractical to adequately test for this condition within the methods used in 2.16.x to detect an administrator. Your best bet in 2.16 is to run some SQL from the mysql command line client... UPDATE profiles SET groupset=0 WHERE login_name='oldadmin'; You *can* remove admin privs from other admins in 2.17.1 and newer.