Moodle

Create an admin recovery script rather like what Gallery does

Details

  • Type: New Feature New Feature
  • Status: Open Open
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: 1.9.3
  • Fix Version/s: None
  • Component/s: Administration
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE

Description

This came out of a conversation over lots of pasta with Skodak.....

In order to recover lost administration rights, implement something similar to Gallery. The outline is as follows...

  • Create a "hidden" (but documented) script in the admin folder..... recoveradmin.php or somesuch
  • It invites you to create a file in the moodle root with a given name and a randomly generated key therein and then refresh the page
  • The rest of the process is locked out until this file is found to be correct - obviously, this needs to be locked down properly (I'll look/steal what Gallery does)
  • Once you're in there it will do this...
      • Allow a new manual user to be created and assigned to the administrator role
      • Reset the administrator role (and assignment rights) to default
      • Reset the User Policy settings to default (a source of locked out admins)
  • The above should be options probably
  • The Moodle site will NOT run with the key file in place as an additional security feature.

Issue Links

This issue has been marked as being related by:
MDL-16549 Should not be able to remove moodle/site:doanything from the Administrator Role, or add it to other roles Critical Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Tim Hunt added a comment -

MDL-16549 will help prevent people screwing up the definition of the admin role.

Moodle 1.6 prevented admins from unassigning the admin role form themself. We should reinstate that feature (MDL-17067), it stops a number of screw-ups:

  • It means that there is always at least one admin
  • It means you cannot hand over admin responsibility to someone else until you have shown them at least how to unassign the admin role from yourself.

However, I don't think we can completely eliminate the need for what is proposed here, so go for it.

Show
Tim Hunt added a comment - MDL-16549 will help prevent people screwing up the definition of the admin role. Moodle 1.6 prevented admins from unassigning the admin role form themself. We should reinstate that feature (MDL-17067), it stops a number of screw-ups:
  • It means that there is always at least one admin
  • It means you cannot hand over admin responsibility to someone else until you have shown them at least how to unassign the admin role from yourself.
However, I don't think we can completely eliminate the need for what is proposed here, so go for it.
Hide
Permalink
Howard Miller added a comment -

We discussed this as a fix for 1.9.4 (there are no DB changes or regressions) as well as 2.0. As it looks like 1.9 might be around for a while yet it seemed sensible. But, yes, the various improvements in 2.0 might hopefully lessen the need for this.

Show
Howard Miller added a comment - We discussed this as a fix for 1.9.4 (there are no DB changes or regressions) as well as 2.0. As it looks like 1.9 might be around for a while yet it seemed sensible. But, yes, the various improvements in 2.0 might hopefully lessen the need for this.

People

Vote (1)
Watch (2)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.5#665-sha1:422aead) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.