Hello to all, On a freshly installed server with the latest version of debian and ispconfig. For security reasons I wanted to change the default login : admin I created a new user in the system tab. I gave him the administrator rights. On another browser I checked that I could connect with and make all the necessary changes as admin. Then I deactivated "admin" by unchecking the box. Everything works except what should be done in the "system" tab if I want to reactivate "admin" I get the error "Security permission check: admin_allow_new_admin failed. " I have read well the security changes integrated in 2014 to secure an exploit . https://www-howtoforge-com.translat...l=auto&_x_tr_tl=fr&_x_tr_hl=fr&_x_tr_pto=wapp Is there a simple way to fix this without modifying /usr/local/ispconfig/security/security_settings.ini and risk reducing the security of the whole thing?
That's not a good idea as your newly created admin account is limited and is not able to fully administrate the system. The original admin account is always required and deactivating the master admin makes your system partially unusable. The limited admin that you have now is not allowed to reactivate or change the master admin user, so you can't reactivate the admin account. What you can do if you don't want to have a user with username 'admin' is to simply change the name of the admin user under System > CP users. To fix the issue that you created by deactivating the admin user: Login to phpmyadmin as root user, go to the dbispconfig database and there the sys_user table. Edit the record for the admin user and change the value in the active field from 0 to 1.
