Epic #81948
closedIntroduce system maintainers
0%
Description
The bigger picture of this epic has been described in more detail on https://decisions.typo3.org/t/typo3-system-management-the-big-picture/252
TL;DR: Separate current install tool into "system recovery" and "system management", replace current install tool password by system maintainers (backend users with extended permissions)
Existing backend users can be assigned with the role (just the meaning, generic roles are not implemented in this epic) of being a "system maintainer". Backend users (and system maintainers) can be created and assigned in a separate "system recovery" module (which is also not part of this epic). In the long run, the install tool password will vanish and be replaced with the new "system maintainer" role - for the time in between, until "system recovery" is ready, both authentication mechanisms are supported (install tool password and system maintainer username/password). Defining security aspects like saltedpasswords, rsaauth, openid, ... is also target of system recovery - thus, system maintenance can rely on these settings being defined and are working.
System maintainers are assigned by a static list of usernames or uids in a new TYPO3_CONF_VARS
property. Using a new property like e.g. be_users.is_maintainer
would have to be kept in sync with external authentication data-providers (like LDAP) and also would be the first target of possible security vulnerabilities concerning SQL injection. Besides that, using usernames in that list eases deployment on different environment, where the uid values might be different, but usernames are the same.
Updated by Georg Ringer over 7 years ago
Using usernames instead of uid would mean that any admin used cab change the username of a system admin to something else and then his own username into the one of an system admin.