Check that uid 1 account is blocked

Created on 9 August 2011, over 13 years ago
Updated 19 January 2023, almost 2 years ago

The administrative account (uid 1) is commonly targeted by attackers because this account has superuser privileges which cannot be blocked or limited. Attacks that do things like change the administrator password, or even brute force or social engineering attacks could compromise the administrator password. Because the administrative account has such wide privileges it is a good idea to create a role for administrators and explicitly create these less privileged accounts. The administrative account can be unblocked by users with the "administer users" permission if you need to use the account at a later time. This model follows the general Unix one of not running as root.

Feature request
Status

Fixed

Version

2.0

Component

Code

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024