All geek questions in one place

Drupal extended ACLs for untrusted administrators

I have a multi-node Drupal-6 installation containing sites from different clients.

Each site has an administrator role, which primarily includes a client account. We want to grant as many rights as possible to this privileged user, but this can lead to security leaks using only the Drupal Core permission management system.

The main thing to avoid is that the client account can run PHP code on the server (this would be similar to registering on the server, since the www-data .. user sounds very bad).

To avoid this, it is not enough to refuse to evaluate the PHP code for this role. Since the administrator role must have permissions to manage users, he can also change the password of user No. 1 and enter the site as a superadmin.

The second goal would be to deny also some “confusing” administrative pages (such as module selection), but not others (for example, setting up information about sites, choosing a theme, etc.).

I found a User One module that seems to fix the first problem, but I have no idea how to solve the second. I found several modules, but no one seems to fit. It seems that most ACLs are believed to protect content , not the site itself, as if the site administrator always had the server itself.

+4
source share
4 answers

I just wrote a PermMill module to fix a too big permission issue.

The code is not yet on the official drupal.org CVS, but soon ...

I hope this module can be useful to someone else who reaches this question.

[UPDATE] 2010-04-15 19:30 +0200: I just uploaded the code to CVS, and the first 6.x-1.x-dev archive will be released tomorrow at around 0:00 AM GMT ..

0
source

I feel your pain — quite a lot of administrative functionality is not detailed enough with respect to access control settings, and although there are many modules that address one or more specific flaws, I have not yet found a common module for this.

Nevertheless, given your setup on several sites, you can take a closer look at the domain access module and its somewhat “offspring”. Although this is mainly intended to run a set of affiliate sites in different domains that use some content while maintaining a different content domain, it also contains many settings to help organize and administer such a setting. In this way, he can offer some of the features you are looking for. But be careful - the module is quite a beast in complexity, and I would recommend using it only if it is suitable for your installation as a whole, and not for receiving only one or two ACL functions.

+1
source

Remove administrators from the role so that they cannot change passwords. Encourage users to reset their password.

Regarding the assignment of user roles, you can use the role delegation module, and the node override module for publishing a node.

http://drupal.org/project/role_delegation

http://drupal.org/project/override_node_options

The second module will allow you to remove the “administer nodes” permission, removing most of the "excess power" from the role.

0
source

You can remove the php module from the modules directory. Until you use any php pages, you can delete it.

0
source

Source: https://habr.com/ru/post/1305735/

More articles:


All Articles