Forums / Install & configuration / Issue: Editor has Administrator priviliges. Solution?

Issue: Editor has Administrator priviliges. Solution?

Next topic

Author	Message
elliot smelliot	Monday 19 May 2003 11:26:48 am Per document, http://www.ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install, I am trying to run a student newspaper at my High School, and I would like reporters and editors to be able to add and modify articles (content), but whenever I try to take the “Users” permission away from the Editor’s role, it doesn’t allow the Editor to log in. I view this as a problem, since I don’t want any editor capable of taking over the whole system. On the message board, this was recommended: “Re: Roles and user 'drafts' help needed. To fix proplem with drafts you need to add new line at kernel/content/module.php line 194. "functions" => array( 'create' ), after that modification user will be able to access”
Paul Borgermans	Monday 19 May 2003 12:29:42 pm You must the editors al least a login right as one of the rules in the role fro them. You mustdisallow editing content of class user . Make sure you also apply the security patch posted earlier today. hth Paul eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
elliot smelliot	Tuesday 17 June 2003 3:54:05 pm This issue is still truly unresolved. Can anyone make a suggestion or write out step by step instructions to fix this horrible issue. Thx.

Author

Message

Monday 19 May 2003 11:26:48 am

Per document, http://www.ez.no/developer/ez_publish_3/bug_reports/urgent_security_risk_privilege_escalation_in_default_install, I am trying to run a student newspaper at my High School, and I would like reporters and editors to be able to add and modify articles (content), but whenever I try to take the “Users” permission away from the Editor’s role, it doesn’t allow the Editor to log in. I view this as a problem, since I don’t want any editor capable of taking over the whole system.

On the message board, this was recommended:

“Re: Roles and user 'drafts' help needed.
To fix proplem with drafts you need to add new line at kernel/content/module.php line 194.
"functions" => array( 'create' ),
after that modification user will be able to access”

Paul Borgermans

Monday 19 May 2003 12:29:42 pm

You must the editors al least a login right as one of the rules in the role fro them. You mustdisallow editing content of class user . Make sure you also apply the security patch posted earlier today.

hth

Paul

eZ Publish, eZ Find, Solr expert consulting and training
http://twitter.com/paulborgermans

elliot smelliot

Tuesday 17 June 2003 3:54:05 pm

This issue is still truly unresolved. Can anyone make a suggestion or write out step by step instructions to fix this horrible issue. Thx.