PDA

View Full Version : Security Tips Regarding Admin Permissions


vB.Org System
11 Apr 2010, 20:50
Although it should be apparent that no one should be given Admin access unless they are completely trustworthy, we do recognized that sometimes these things do occur. While we still strongly recommend that you only give Admin access to people you thoroughly trust, you can still minimize potential security issues by limiting the permissions you make available to your Admins. The place to do that is here:

Admin CP -> Usergroups -> Administrator Permissions

You may need to make yourself a Super Admin in order to do this. Edit this section of config.php:

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = 'x';

...and replace x with your userid (not user name.)

In particular you should not allow these permissions for any Admin that is not 100% trustworthy:

Can Administer Styles
Can Administer Languages
Can Administer FAQs


More... (http://www.vbulletin.com/forum/showthread.php?348755-Security-Tips-Regarding-Admin-Permissions&goto=newpost)