Ah ha. I see what you're going for. My personal approach is to try to never give users a level of access where they might break the site, even accidentally. But that does often require additional work that I realize is not always practical, if you're dealing with limited time or budgets.
If Domenic doesn't persuade you, and you're still going to go to the point of creating a custom module, may I suggest that you require users to re-enter their OWN password, rather than sharing the user 1 password with every one? Really, you're asking for trouble by sharing that password with anyone who doesn't absolutely need it. All the Best, Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095 -- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender. On Mon, Aug 9, 2010 at 10:39 AM, James Benstead <[email protected]> wrote: > Hi Matt, > It's "deliberate inconvenience" if you like. The site will have a manager > who will, through their regular account, be able to upload and manage > content, process Ubercart orders, etc. I'd like them to quickly be able to > switch to the root account for more technical (and therefore dangerous) > tasks. The act of entering a password will give them the sense that what > they are doing implies a risk. Also, the root account will have a slightly > different theme. Possibly plastered with skull and crossbone motifs ;) > --Jim > -- > My IM and Skype details are at http://state68.com/contact > > > On 9 August 2010 18:33, Matt Chapman <[email protected]> wrote: >> >> Hi James, >> >> I curious about your reasoning for requiring a password? It seems like >> an example of "security" that only inconveniences the legitimate >> users. >> >> Both the modules mentioned provide an explicit permission to switch, >> ensuring that only authorized users have the capability, and both >> allow you to permit it without sharing a password that could be >> accidentally exposed to unauthorized users. >> >> It seems to me your proposed module weakens security for no practical >> benefit. Am I missing something? >> >> All the Best, >> >> Matt Chapman >> Ninjitsu Web Development >> ph: 818-660-6465 (818-660-NINJA) >> fx: 888-702-3095 >> >> -- >> The contents of this message should be assumed to be Confidential, and >> may not be disclosed without permission of the sender. >> >> >> >> On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <[email protected]> >> wrote: >> > Thanks - both of these modules solve half of the problem (i.e., the >> > switching part) - but neither seem to allow me to force the user to >> > enter >> > the root password in order to switch to the root account. Very useful, >> > though; two new questions: >> > >> > If I were to build a module that was dependent on either masquerade or >> > devel >> > switch user to provide the functionality I'm talking about, which module >> > would be the best foundation? >> > Is there a simple way I can mash-up this module with the regular user >> > module >> > to do this? I'm guessing there must be. >> > >> > Thanks again, guys; the best bit about Drupal (and the Drupal community) >> > is >> > not having to re-invent the wheel ;) >> > --Jim >> > -- >> > My IM and Skype details are at http://state68.com/contact >> > >> > Paolo Mainardi: >> > http://drupal.org/project/masquerade >> > On 9 August 2010 17:40, Pedro Faria de Miranda Pinto >> > <[email protected]> >> > wrote: >> >> >> >> You can use devel module with switch user block >> >> >> >> On Mon, Aug 9, 2010 at 1:35 PM, James Benstead >> >> <[email protected]> >> >> wrote: >> >>> >> >>> I'm very interested in UI design, and mapping the design of Drupal >> >>> admin >> >>> interfaces to pre-existing, long-standing frameworks. I'm currently >> >>> looking >> >>> for a module that allows a "site manager" to quickly switch to and >> >>> from the >> >>> root user of a D6 site - in my mind's eye this module displays a block >> >>> with >> >>> a password field and a submit button; entering the root password and >> >>> hitting >> >>> the button is broadly equivalent to "sudo su" in Unix. Once the user >> >>> has >> >>> root privileges, a click on the "step down" button in the same block >> >>> returns >> >>> them to their saved regular session. >> >>> My question: does a module exists that does this, or gets close to >> >>> this? >> >>> Or is it possible to cobble together this functionality by using >> >>> existing >> >>> functionality in already-existing D6 modules? >> >>> Thanks, >> >>> --Jim >> >>> -- >> >>> My IM and Skype details are at http://state68.com/contact >> >> >> >> >> >> >> >> -- >> >> Pedro Faria de Miranda Pinto >> >> http://www.eusouopedro.com >> >> http://www.phpavancado.net >> > >> > > >
