Disable admin user

[GoogleCodeExporter]

There should be a way to disable the standard admin user, if there is at least 
one other administrator account.
Standard accounts named "admin" are always kind of bad security wise. There's a 
"restricted" icon (don't know how to call it) on the default admin account to 
disable the ability to disable the account, but I don't exactly see the point 
for it.

If there's a reason for this please excuse me :)

What version of the product are you using?
1.0.2

Original issue reported on code.google.com by Mihawk.90@googlemail.com on 6 Dec 2013 at 1:07

[GoogleCodeExporter]

The admin account is non-removeable as it is intended to be the last straw if 
e.g. all admins lose their passwords. That's why you can reset the password in 
the setup tool without (!) giving the previous password (which is a much bigger 
security issue if you leave the setup folder online).

As the admin account has no standard password I don't think it is that much of 
an security issue as long as the admin is aware that passwords like "1234" are 
a really bad idea. But that is true for any other admin account, too.

Nevertheless - you can of course remove the admin account - it's just disabled 
in the UI. Simply drop the user from the user table via phpMyAdmin.

I'll think about an option to re-create the admin user with the setup tool for 
1.1

Original comment by arne.cl...@gmail.com on 6 Dec 2013 at 1:25

• Changed state: Accepted
• Added labels: FixScheduledFor-1.1.0

[GoogleCodeExporter]

Original comment by arne.cl...@gmail.com on 3 Mar 2014 at 7:24

• Changed state: Fixed