Greg, I don't have edit permissions, so here are some thoughts.<br><br>In this particular case, the argument is:<br><br>User 1 does not behave like other users, so testing module functionality as user 1 is generally a bad idea, since you won't get to see the actual role-restricted behavior of your module. This is especially true of node access modules.
<br><br>In general, two additional points:<br><br>* In our uses, we always have multiple administrators. So we treat user 1 like Unix root or sudo. Not everyone should act under sudo at all times, and we never login as 'root'. You need to be able to trace who did what. (However, that said, user 1 does leave a record, so perhaps the analogy doesn't quite hold up.)
<br><br>* Our corporate security policy is violated by user 1 because user 1 violates the rule of least privilege. Moreover, since we have multiple sysadmins who install Drupal sites, our user 1 tends to be a role account, which is a violation of our security policy (one person to an account).
<br><br>Now this second point isn't relevant to the entire Drupal community, obviously, but it also makes a case for replacing the special user 1 entirely with a default 'administrative user' role that is assigned to user 1 and can then be assigned to other users.
<br><br>So, in practice, we always create the site. Create a new 'administrator' role. Give that role all privileges. Create a new user as an administrator. Then logout as user 1 and never use that account again. To run
update.php, we just set the access check to FALSE.<br><br>It may also be that our security policies are bad, but that's beyond my control.<br><br>- Ken Rickard<br>agentrickard<br><br><div><span class="gmail_quote">On 7/26/07,
<b class="gmail_sendername">Steven Jones</b> <<a href="mailto:darthsteven@gmail.com">darthsteven@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Two Administrators<br><br>On 26/07/07, Cog Rusty <<a href="mailto:cog.rusty@gmail.com">cog.rusty@gmail.com</a>> wrote:<br>> On 7/26/07, Greg Knaddison - GVS <<a href="mailto:Greg@growingventuresolutions.com">Greg@growingventuresolutions.com
</a>> wrote:<br>> > On 7/26/07, Ken Rickard <<a href="mailto:agentrickard@gmail.com">agentrickard@gmail.com</a>> wrote:<br>> > > Development testing should never be done as user #1 unless testing<br>
> > > installation or update routines. In fact, nothing but install and update<br>> > > should be done as user #1.<br>> > ><br>> > > See <a href="http://drupal.org/node/22284">http://drupal.org/node/22284
</a><br>> ><br>> > I see your point here about how it has been confusing to Ron that uid1<br>> > could see everything, but I'm not sure I follow the rest of the logic.<br>> > To me, I don't see a problem with using uid1. I know lots of folks
<br>> > feel strongly about this, but there's also a prominent case[1] or<br>> > two[2] of smart people doing otherwise. There is even the whole<br>> > masquerade code in the devel module which makes it easy to switch
<br>> > between uid1 and a normal user during development to facilitate Ron's<br>> > exact situation.<br>> ><br>> > Just yesterday I edited bullet item 1 on 22284 to include all of the<br>> > arguments on this issue that I was able to glean from the folks that
<br>> > were in IRC when I was digging into the issue. Given that<br>> > investigation and rewrite, I don't understand the strength of the<br>> > "don't use uid 1" argument.<br>> >
<br>> > So, if folks feel strongly one way or another could they please edit<br>> > that page (or respond here) with some of the reasons why you should<br>> > "never use user #1".<br>><br>>
<br>> Ok, I added a 4th reason:<br>> "On a community site, if the top administrator is using account #1 for<br>> all things, including personal content in blogs, forums, etc, and<br>> later administration passes to someone else, the previous
<br>> administrator's content will be in account #1 and will have to be<br>> moved, which is not a very trivial task."<br>><br>><br>> > If you're going to say "for the same reasons as you never use root on
<br>> > unix" then please take the time to enumerate those reasons - I'm not<br>> > sure I believe that comparison so having the list of reasons would<br>> > help the discussion.<br>> ><br>
> > Regards,<br>> > Greg<br>> ><br>> > [1] <a href="http://drupal.org/user/1">http://drupal.org/user/1</a><br>> > [2] <a href="http://groups.drupal.org/user/1">http://groups.drupal.org/user/1
</a><br>> ><br>> > --<br>> > Greg Knaddison<br>> > Denver, CO | <a href="http://knaddison.com">http://knaddison.com</a><br>> > World Spanish Tour | <a href="http://wanderlusting.org/user/greg">
http://wanderlusting.org/user/greg</a><br>> ><br>><br><br><br>--<br>Regards<br>Steven Jones<br></blockquote></div><br>