davew
Wed, 03 Sep 2008 07:55:18 -0700
>Tue Sep 02 2008 10:36:16 EDT from [EMAIL PROTECTED] >Subject: Re: Upgraded to 7.37 lost admin user > > >This same thing happened to me when upgrading from 7.32 to 7.37 via >easy-install. I tried not to panic, and went through the install setup again >from the menu. > >This allowed me to get back in as "Citadel". I had NOT previously added, >changed, or otherwise tweaked the "Citadel" admin user; all along I was using >the suggested defaults that came with the VM image version of Citadel I >deployed. > > It seems maybe there's something wrong with the installer process for 737? > >Also, should the admin user "Citadel" no longer be logging into WebCit for >administrative duties? The administrator of a citadel system can have any user name. It does not need to be "Citadel". In fact it is a bad idea to use anything like that as it could lead to confusion and we might want to use things like that for internal system names in the future. One of the changes for 7.37 was to remove special priviledges from the user with number 1. Prior to 7,37 the first user to be created on a clean system (user no. 1) was automatically granted admin priviledges. This was a bit of a security hole as an unsuspecting installer might install the software and never log in, thinking that the name specified at setup would be the only admin user. Having removed the admin priviledges from user no. 1 it made it essential that the user name specified at setup MUST be the admin user. This change also had the side effect that if the admin user changes the name of the "System Administrator" in Administration->site wide config that user name will gain admin priviledges and may also result in the original admin loosing priviledges if they have not already set their level to "Aide". Consider this scenario. New system installed. run setup and give admin user as "test" with password "12345". Setup creates user "test", assigns password and sets "System administrator name" to "test". user "test" logs in and changes "System administrator name" to "daft". The system does not have a user called "daft" and some other person logs in as a new user with name "daft". "daft" is now the system administrator with all priviledges associated. Evidently for security reasons IT IS ESSENTIAL THAT THE SYSTEM ADMINISTRATOR MUST CONTROL THE USER NAME GIVEN IN "System Administrator Name". You can change it but you must MAKE SURE the user exists and that you control the account (have password). You should also ensure that the username you use for admin work HAS "Aide" priviledges prior to changing the "System Administrator Nmae" other wise you may loose priviledges.