GNOME Bugzilla – Bug 690246
System shouldn't let you desactivate the only admin user
Last modified: 2013-07-18 02:44:40 UTC
If there is no other admin accounts in the system, it is very difficult to switch account back after changing account type to "Standard". This is because we can't "sudo" anymore. The only way to fix it is entering single user mode and editing /etc/group. I think there should be some warning at least if the user is the only administrator in the system and he tries to become "Standard" user (by accident in my case). For example, Windows systems don't let you do this in similar situation.
Why would that be interesting? You don't need to sudo or edit /etc/group to set the administrator user type, you'll need to enter the administrator password (instead of the user's own password). Either that, or you'll have to be clearer about what the problem is.
You are right. I missed some details: this problem is on Ubuntu system, where there is no administrator password and root is not real user. More then that, it was originally posted at https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/907452, later I was asked to post it here. You would be right saying that it's Ubuntu issue, not GNOME. I think Ubuntu needs little modification of control-center. Thanks for reply.
Disabling the root account and requiring users to use sudo to get root privileges is a valid configuration and is how Ubuntu has always set things up by default. The developers of Fedora 18 considered setting this by default but I wasn't able to get the latest nightly image to let me do it from the installer http://installer-land.blogspot.com/2012/10/root-password-in-fedora-18.html
Created attachment 245604 [details] [review] Patch to prevent the only Administrator from being demoted I've developed a patch to resolve this issue: "user-accounts: prevent the only Administrator from being demoted If there is only one account of type Adminstrator and it is demoted to type Standard the user can be left unable to unlock panels and perform other Administrator tasks - prevent this by only allowing the Account Type to be changed when the account is a standard user or, in the case that the account is an Administrator, when there is one or more other Administrators."
Review of attachment 245604 [details] [review]: Patch looks fine. It would also be good to remove the "Disable this account" option from the password dialog to prevent the only Administrator account from being disabled.
Thanks for the review Thomas. Chris Cummins handled preventing the user disabling their own account in https://bugzilla.gnome.org/show_bug.cgi?id=700715 which recently landed in the gnome-3-8 branch: https://git.gnome.org/browse/gnome-control-center/commit/?h=gnome-3-8&id=a107db388fff055b8be370cee5454de4e8489387 If appropriate following Thomas' review, could someone merge this patch to master and gnome-3-8?
Created attachment 246012 [details] [review] user-accounts: prevent the only admin from being deleted or disabled This patch also prevents the only administrator account from being deleted or disabled.
Review of attachment 246012 [details] [review]: I had misunderstood your suggestion, this patch looks great to me - thanks.
Comment on attachment 246012 [details] [review] user-accounts: prevent the only admin from being deleted or disabled Attachment 246012 [details] pushed as 3af1b72 - user-accounts: prevent the only admin from being deleted or disabled
Nice patch, Joshua. Thank you for fixing this.
Created attachment 247200 [details] [review] Bug fix for accounting of disabled administrator accounts Thomas pointed out that it's still possible to deactivate the only *active* admin user when there are inactive admin users on the system - the attached patch should rectify that.
Review of attachment 247200 [details] [review]: It looks good for me.
*** Bug 703864 has been marked as a duplicate of this bug. ***
*** Bug 696337 has been marked as a duplicate of this bug. ***