Privileged sessions
The Privileged sessions plugin allows administrators and privileged users to log in with a low-privilege
account and escalate to a privileged session only when needed — similar to sudo on Linux. Privileged
sessions can be protected with existing MFA factors for additional security.
This approach reduces the risk of accidental or unauthorised administrative actions during routine daily work.
Features
Section titled “Features”- Low-privilege daily accounts with on-demand privilege escalation
- Configurable roles and contexts per privileged user
- Optional MFA verification before starting a privileged session
- Useful for working around bugs that appear when a user holds both teacher and student roles in the same course
Configuration
Section titled “Configuration”- Navigate to Site administration > Users > Permissions > Privileged users.
- Press Add privileged user.
- Select the user to grant sudo access.
- Define the roles and contexts where the user will have privileged access.
- Optionally enforce MFA for additional security.
Starting a privileged session
Section titled “Starting a privileged session”- Log in with your regular low-privilege account.
- Click the user menu in the top right.
- Select Start privileged session.
- Press Continue or supply your MFA verification code.
- End the privileged session once your management tasks are complete.
Installation
Section titled “Installation”This plugin requires the MuTMS library. Install from the Moodle plugins database or via Git:
For Moodle 5.1.x, clone plugins into public/admin/tool/... instead of the paths shown below.
All MuTMS plugins use MOODLE_500_STABLE for Moodle 5.1.x.
git clone -b MOODLE_405_STABLE https://github.com/moodle/moodle.gitcd moodlegit clone -b MOODLE_405_STABLE https://github.com/mutms/moodle-tool_mulib.git admin/tool/mulibgit clone -b MOODLE_405_STABLE https://github.com/mutms/moodle-tool_musudo.git admin/tool/musudoThen continue with the standard Moodle installation.