Forums / Install & configuration / Issue: Editor has Administrator priviliges. Solution?
elliot smelliot
Monday 19 May 2003 11:26:48 am
Per document, http://www.ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install, I am trying to run a student newspaper at my High School, and I would like reporters and editors to be able to add and modify articles (content), but whenever I try to take the “Users” permission away from the Editor’s role, it doesn’t allow the Editor to log in. I view this as a problem, since I don’t want any editor capable of taking over the whole system.
On the message board, this was recommended:
“Re: Roles and user 'drafts' help needed. To fix proplem with drafts you need to add new line at kernel/content/module.php line 194. "functions" => array( 'create' ),after that modification user will be able to access”
Paul Borgermans
Monday 19 May 2003 12:29:42 pm
You must the editors al least a login right as one of the rules in the role fro them. You mustdisallow editing content of class user . Make sure you also apply the security patch posted earlier today.
hth
Paul
eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
Tuesday 17 June 2003 3:54:05 pm
This issue is still truly unresolved. Can anyone make a suggestion or write out step by step instructions to fix this horrible issue. Thx.
Script start
Module start 'content'
Module end 'content'
Script end
Time used to render debug report: 0.0001 secs