One of the new features in MODX 2.2.1 is the ability to indicate if a user is a "sudo" user. This humble checkbox is one to be extremely careful with, as it allows a user to completely bypass ANY access control you may have set up. This bypass is in the core, and will therefore also affect any custom access policies you built up and access policies by 3PCs, such as Quip.

When to use sudo users

Its goal is to allow the concept of a super user or administrator which is not affected by the security setting... you can imagine that to be helpful when you are working on actually setting up the security (to prevent yourself from getting locked out), or when you want to make sure someone has access to it all. This was a much requested feature from the forums.

More importantly: when NOT to use them

Please do not set a front-end user to be a "sudo" user. All access permissions means all access permissions, and if they find out the link to your manager (cause, being security aware, you used the advanced distribution to move it, right?) they are free to do ANYTHING, from editing resources to deleting your account or other wrecking things.

Sudo users don't even need to be assigned to any user groups in order to get full access.

Sudo users are to be used for providing access to everything in the manager and all front-end contexts - if you don't feel at ease with someone having that access, do NOT set them as a sudo user. Simple as that.

How to set a user as Sudo user in MODX

If you are updating to MODX 2.2.1, you will find that any users which are assigned to the Administrator user group with Super User permissions will have been marked as a sudo user. The first account you create via the installer (for a new install) will also be set to be a sudo user by default.

To set other users as sudo users, open Security > Users in your MODX 2.2.1 manager, and edit a user you want to give full access. You'll see the below screen. Simply tick the Sudo user box, and save the user.

How to set a user as Sudo user in MODX

Programmatically setting a user as sudo user

As we're dealing with what is pretty much root permissions, it is not possible to simply use sudo in a modUser->set() or modUser->fromArray() method - this is filtered out and will return false. This is to prevent auto assignment exploits (like the ones that caused an uproar in the Rails & Github communities recently).

Instead, you will want to use the modUser->setSudo(true|false) method. Pass it a boolean true to mark a user as sudo user.

Conclusion thingy

Do not start handing out sudo permissions! It's an extremely easy way to lose control over your manager if the user is not to be trusted. Every user set as sudo user could get its password guessed and cause you some major problems. But it's a great feature for developers setting up the security who don't like getting locked out!

interesting addition
but only superadmins can set this sudo option for other users or
any admin user group can check this option for other users(groups which have user object access policies)
if any admin group can set this option it will violate the security rules and able to change him/others as super admins
if the above is correct thats not at all accepted

Thanks for your comment.. that is a very good point! I have to admit I didn't check that out prior to writing this blog.

Right now (and that's basically the case since 2.0 or even before) anyone that can access the manage users screen can change any users' properties and also permissions, including their own. This means that prior to 2.2.1 anyone with access to that page could set any access to anyone. To some extent you could say that in terms of abuse this new feature eases that, though it doesn't create a new possibility.

I'd like to stress that it's not possible to set yourself as a sudo user from the Profile (ie clicking your name in the top right).

There's probably going to be an update at some point to prevent assigning access above your own, however that means having ranked user groups (a way to indicate which one is more authorative over an other) which isn't an option right now.

Thanks for the quick reply
i have not yet tested 2.2.1 but just want to inform u this new feature should not break the well designed modx user security
a normal site admin (with user management permissions) should not be able to make some one else as superadmin (i mean sudo user can have any permissions)
if u confirm this i can go for upgrade as my client want modx update :)

anyways i wish you a very good luck with ur new responsibility as core modx pro .hope i will join the board soon :)

Awesome!! It's about time, IMHO :P Thanks for the update, Mark.

Thanks for sharing this Mark!
This is what i am looking for. I know that there will be more upcoming update's for ACL's setup to make more easier setup.
Once again a BIG thanks!

Comments are closed :(

While I would prefer to keep comments open indefinitely, the amount of spam that old articles attract is becoming a strain to keep up with and I can't always answer questions about ancient blog postings. If you have valuable feedback or important questions, please feel free to get in touch.