I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
http://drupal.org/project/masquerade On Mon, Aug 9, 2010 at 6:35 PM, James Benstead <james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Paolo Mainardi CTO Twinbit Blog: http://www.paolomainardi.com -- Please consider the environment before printing this email --
You can use devel module with switch user block On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com>wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session.
My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules?
Thanks,
--Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions: 1. If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? 2. Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be. Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria@gmail.com>wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com>wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session.
My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules?
Thanks,
--Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
Hi James, I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users. Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users. It seems to me your proposed module weakens security for no practical benefit. Am I missing something? All the Best, Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095 -- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender. On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com> wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
Hi Matt, It's "deliberate inconvenience" if you like. The site will have a manager who will, through their regular account, be able to upload and manage content, process Ubercart orders, etc. I'd like them to quickly be able to switch to the root account for more technical (and therefore dangerous) tasks. The act of entering a password will give them the sense that what they are doing implies a risk. Also, the root account will have a slightly different theme. Possibly plastered with skull and crossbone motifs ;) --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:33, Matt Chapman <matt@ninjitsuweb.com> wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com> wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto < predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <
james.benstead@gmail.com>
wrote:
I'm very interested in UI design, and mapping the design of Drupal
admin
interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
On Aug 9, 2010, at 10:39 AM, James Benstead wrote:
The act of entering a password will give them the sense that what they are doing implies a risk. Also, the root account will have a slightly different theme. Possibly plastered with skull and crossbone motifs ;)
Wouldn't the changed theme be enough? I sympathize that you want to make it really, really clear that they're about to get the keys to the kingdom (cue the sudo banner!), but the sad reality is that you can't engineer stupidity or apathy out of users. I don't mean to disparage users. Put another way: the users who have access that ARE qualified don't need the extra warning; the ones who AREN'T qualified won't pay any attention. Both groups will enter the password once and choose "Remember this password," rendering all your hard work moot anyway. Think it through... -D
On 9 August 2010 18:49, Domenic Santangelo <domenics@gmail.com> wrote:
On Aug 9, 2010, at 10:39 AM, James Benstead wrote:
The act of entering a password will give them the sense that what they are doing implies a risk. Also, the root account will have a slightly different theme. Possibly plastered with skull and crossbone motifs ;)
Wouldn't the changed theme be enough? I sympathize that you want to make it really, really clear that they're about to get the keys to the kingdom (cue the sudo banner!), but the sad reality is that you can't engineer stupidity or apathy out of users.
The changed theme would be something, and may have to do for this project - but my general philosophy is that if I hit a limit with Drupal for a particular project, I o my best to write a generalised solution to that limit (or to pass the idea on to someone else), either for the project itself or afterwards. As for engineering stupidity or apathy out of users, I quite agree: however, it is possible, I believe, to engineer systems that *account* for that stupidity/apathy - or, my preferred term, humanity ;)
I don't mean to disparage users. Put another way: the users who have access that ARE qualified don't need the extra warning; the ones who AREN'T qualified won't pay any attention. Both groups will enter the password once and choose "Remember this password," rendering all your hard work moot anyway.
Now *that* is a very good point. But at least then it's the user that's caused the problem and not me, and when they come back to me six months down the line saying "hey, I broke the site, fix it", I can point them to the line of the documentation I've provided saying "if you do this, the site will break, and I'll charge you to fix it". J.
Think it through...
-D
Ah ha. I see what you're going for. My personal approach is to try to never give users a level of access where they might break the site, even accidentally. But that does often require additional work that I realize is not always practical, if you're dealing with limited time or budgets. If Domenic doesn't persuade you, and you're still going to go to the point of creating a custom module, may I suggest that you require users to re-enter their OWN password, rather than sharing the user 1 password with every one? Really, you're asking for trouble by sharing that password with anyone who doesn't absolutely need it. All the Best, Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095 -- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender. On Mon, Aug 9, 2010 at 10:39 AM, James Benstead <james.benstead@gmail.com> wrote:
Hi Matt, It's "deliberate inconvenience" if you like. The site will have a manager who will, through their regular account, be able to upload and manage content, process Ubercart orders, etc. I'd like them to quickly be able to switch to the root account for more technical (and therefore dangerous) tasks. The act of entering a password will give them the sense that what they are doing implies a risk. Also, the root account will have a slightly different theme. Possibly plastered with skull and crossbone motifs ;) --Jim -- My IM and Skype details are at http://state68.com/contact
On 9 August 2010 18:33, Matt Chapman <matt@ninjitsuweb.com> wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com> wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
Matt, that's a great solution. Thanks! J. --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:54, Matt Chapman <matt@ninjitsuweb.com> wrote:
Ah ha. I see what you're going for.
My personal approach is to try to never give users a level of access where they might break the site, even accidentally. But that does often require additional work that I realize is not always practical, if you're dealing with limited time or budgets.
If Domenic doesn't persuade you, and you're still going to go to the point of creating a custom module, may I suggest that you require users to re-enter their OWN password, rather than sharing the user 1 password with every one? Really, you're asking for trouble by sharing that password with anyone who doesn't absolutely need it.
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 10:39 AM, James Benstead <james.benstead@gmail.com> wrote:
Hi Matt, It's "deliberate inconvenience" if you like. The site will have a manager who will, through their regular account, be able to upload and manage content, process Ubercart orders, etc. I'd like them to quickly be able to switch to the root account for more technical (and therefore dangerous) tasks. The act of entering a password will give them the sense that what they are doing implies a risk. Also, the root account will have a slightly different theme. Possibly plastered with skull and crossbone motifs ;) --Jim -- My IM and Skype details are at http://state68.com/contact
On 9 August 2010 18:33, Matt Chapman <matt@ninjitsuweb.com> wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <
james.benstead@gmail.com>
wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a
block
with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
The same reason that sudo asks for a password again if you don't use it for a while: someone may have sat down at your computer. It would actually be better to ask for a password prior to doing *anything* that could be damaging, but that's a separate issue. Try posting a comment on linked-in for example: auto-login allows you to read, but not write. - Ken Winters On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com
wrote: Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <predofaria@gmail.com
wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <james.benstead@gmail.com
wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
Screw it. Let's write a module with sufficient AI that it spots when users are being stupid and presents them with a series of unsolved math problems (Riemann hypothesis, etc) that they have to solve before being let back in. After 24 hours the site returns to normal. :P --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:53, Ken Winters <kwinters@coalmarch.com> wrote:
The same reason that sudo asks for a password again if you don't use it for a while: someone may have sat down at your computer.
It would actually be better to ask for a password prior to doing *anything* that could be damaging, but that's a separate issue. Try posting a comment on linked-in for example: auto-login allows you to read, but not write.
- Ken Winters
On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com> wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto < predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead < james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net
On 2010-08-09, at 12:48 PM, James Benstead wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account.
I think sudo's method of entering your own password, rather than the root password, makes the most sense. I'd consider accepting patches against Masquerade that require re-authentication before switching. If you decide to go that way, please file an issue over in the queue. --Andrew
Thanks, Andrew - I think I'll implement the current version of Masquerade for the moment (great module, btw - I use it on all of my dev sites) and then work on integrating this functionality in a patch when I've got more time - will allow me to learn more about Drupal security, too. Masquerade is a "brand" module in my view so there's really no need to fork it. --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:56, Andrew Berry <andrewberry@sentex.net> wrote:
On 2010-08-09, at 12:48 PM, James Benstead wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account.
I think sudo's method of entering your own password, rather than the root password, makes the most sense. I'd consider accepting patches against Masquerade that require re-authentication before switching. If you decide to go that way, please file an issue over in the queue.
--Andrew
On 9 Ago 2010 19h00 WEST, james.benstead@gmail.com wrote:
Thanks, Andrew - I think I'll implement the current version of Masquerade for the moment (great module, btw - I use it on all of my dev sites) and then work on integrating this functionality in a patch when I've got more time - will allow me to learn more about Drupal security, too. Masquerade is a "brand" module in my view so there's really no need to fork it.
--Jim
You might also consider admin role http://drupal.org/project/adminrole, in slightly different vein. It allows to concede other users some of the powers of UID 1. You can't run update.php with it. But it allows you to exercise some degree of latitude in allocating privileges on a Drupal site. Usually when you enable a new module the users with role "administrator" inherit all the privileges regarding that module permissions. It's a different route. I don't think that sudo <everything> like Ubuntu does is a good policy. You tend to loose the perspective on how powerful the sudo facility is IMO. HTH, --- appa
Thanks Antonio - and yes, I use adminrole.module on all of my sites too - another "brand" module in my view. Does anyone know if adminrole.module and masquerade.module are integrated? Or whether such integration is straightforward/desirable? I'm thinking specifically of masquerade.module + (security patch) integrating with adminrole.module, to provide a one-click solution to the problem I originally described. --Jim -- My IM and Skype details are at http://state68.com/contact 2010/8/9 Antonio P. P. Almeida <appa@perusio.net>
On 9 Ago 2010 19h00 WEST, james.benstead@gmail.com wrote:
Thanks, Andrew - I think I'll implement the current version of
Masquerade for the moment (great module, btw - I use it on all of my dev sites) and then work on integrating this functionality in a patch when I've got more time - will allow me to learn more about Drupal security, too. Masquerade is a "brand" module in my view so there's really no need to fork it.
--Jim
You might also consider admin role http://drupal.org/project/adminrole, in slightly different vein. It allows to concede other users some of the powers of UID 1. You can't run update.php with it. But it allows you to exercise some degree of latitude in allocating privileges on a Drupal site. Usually when you enable a new module the users with role "administrator" inherit all the privileges regarding that module permissions.
It's a different route. I don't think that sudo <everything> like Ubuntu does is a good policy. You tend to loose the perspective on how powerful the sudo facility is IMO.
HTH, --- appa
On 9 Ago 2010 19h00 WEST, james.benstead@gmail.com wrote: Oops. Sorry I meant it's *not* a good policy IMO to sudo everything like Ubuntu does. Sorry for the typo. --- appa
Agreed - for a CLI like drush "sudo" is my ideal, but since most people interact with Drupal via the GUI it's probably impractical to implement such fine-grained functionality. --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 19:39, Antonio P. P. Almeida <appa@perusio.net> wrote:
On 9 Ago 2010 19h00 WEST, james.benstead@gmail.com wrote:
Oops. Sorry I meant it's *not* a good policy IMO to sudo everything like Ubuntu does. Sorry for the typo.
--- appa
Did anyone bother to check to see if such a module already exists? http://drupal.org/project/sudo -Mike On Aug 9, 2010, at 11:50 AM, James Benstead wrote:
Agreed - for a CLI like drush "sudo" is my ideal, but since most people interact with Drupal via the GUI it's probably impractical to implement such fine-grained functionality.
--Jim -- My IM and Skype details are at http://state68.com/contact
On 9 August 2010 19:39, Antonio P. P. Almeida <appa@perusio.net> wrote: On 9 Ago 2010 19h00 WEST, james.benstead@gmail.com wrote:
Oops. Sorry I meant it's *not* a good policy IMO to sudo everything like Ubuntu does. Sorry for the typo.
--- appa
On Aug 10, 2010, at 12:21 PM, Michael Prasuhn wrote:
Did anyone bother to check to see if such a module already exists?
Read the OP more closely: On Aug 9, 2010, at 9:35 AM, James Benstead wrote:
in my mind's eye this module displays a block with a password field and a submit button
On Aug 9, 2010, at 9:35 AM, James Benstead wrote:
My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules?
Seems to fit that description, and I didn't see any feature requests in that module's queue either. From my discussions with the author of the current sudo module, the problem seems to be that there is no safe way to ensure that the user is only temporarily using those permissions. There is far too much risk that the user would never be reverted back to their original account, so the sudo module just adds the new roles when loading the user with hook_user depending on the values in the session. -Mike On Aug 10, 2010, at 2:05 PM, Domenic Santangelo wrote:
On Aug 10, 2010, at 12:21 PM, Michael Prasuhn wrote:
Did anyone bother to check to see if such a module already exists?
Read the OP more closely:
On Aug 9, 2010, at 9:35 AM, James Benstead wrote:
in my mind's eye this module displays a block with a password field and a submit button
I think this is what you're looking for: http://drupal.org/project/masquerade From: development-bounces@drupal.org [mailto:development-bounces@drupal.org] On Behalf Of James Benstead Sent: Monday, August 09, 2010 7:36 PM To: development Subject: [development] "Sudo" Module I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
participants (10)
-
Andrew Berry -
Antonio P. P. Almeida -
Domenic Santangelo -
Idan Arbel -
James Benstead -
Ken Winters -
Matt Chapman -
Michael Prasuhn -
Paolo Mainardi -
Pedro Faria de Miranda Pinto