master_account and the backup feature

The following warnings occurred:

Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)

File	Line	Function
/global.php(961) : eval()'d code	26	errorHandler->error
/global.php	961	eval
/printthread.php	16	require_once

master_account and the backup feature - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: master_account and the backup feature (/showthread.php?tid=699)

master_account and the backup feature - mudmin - 08-30-2017

One thing that we might want to consider is that the backup function allows any admin to download the full source code and db of a project that might be closed source. I had to take away several people's admin privileges on my own projects because of this. What are your thoughts on making backups master only? Or maybe if we take away some of the messages, all admins could hit the backup button, but not see any of the logging or download backups?

master_account and the backup feature - Brandin - 08-31-2017

I'm not okay with this as I for security purposes keep my User ID 1 as a placeholder account and ban it, and make a secondary account for myself with full admin access, but no master access. Purely a security thing as I don't want someone to get access to my account and have complete and utter access to every aspect of the system even if I do whatever to lock them out. (eg I sign in from the Dev Account and remove their permission levels, but they still got access bc they are master).

I would use it in the following manner if you were to restrict it:
Jr Admin - Click backup
Sr Admin - Can download and logging

Or in my terms of what I use:
Administrator
Database Admin (would be same as Jr Admin above)

master_account and the backup feature - mudmin - 09-01-2017

We can think through that. Either way, I think we need a little bit of limitation on the backup feature. Also, when we were having problems with the recursive backups, I accidentally filled up my server Smile

That's kind of a problem.

master_account and the backup feature - Brandin - 09-01-2017

That is totally a problem Wink

You might want to fix that!

I think two admin levels might be best...especially since not everyone is using master account, and clearly it is not always in everyones configurations (as per a recent issue in another thread)

master_account and the backup feature - mudmin - 09-01-2017

Right.

Forcing out a new permission level gets sticky because the permissions are usually hard coded into the php, but I'm sure we can get creative.

master_account and the backup feature - Brandin - 09-01-2017

Why don't we add a variable to the user profiles? That can only be modified based on whatever criteria we set? And if they have a value of whatever (1 I guess) in that spot they have access to all of admin_backup, where if they dont and only have the admin permission, they lose whatever we set

master_account and the backup feature - mudmin - 09-01-2017

What permission level would you recommend be able to set that variable?

master_account and the backup feature - Brandin - 09-01-2017

Master Account would be fine to set this variable. Ultimately you can change this in the DB (change the value) if you needed to give someone permission and something fatal happened or whatever