Forum

Results 1 to 6 of 6
  1. #1
    Join Date
    January 2010
    Location
    Germany
    Posts
    27

    Channel admin rights: is this intentional (and if, why)?

    Hello everybody,
    I don't have a problem per se, but I am wondering if this is intentional and why this would be considered useful/subject to change in the future:

    When, on a standard server, you create a channel as a guest, you gain channel admin rights (naturally). With that comes the permission i_group_needed_member_add_power with a value of fifty. On a lot of servers I connected to, this allows you to add yourself to other server-wide groups, sometimes groups containing admin rights.

    This is no mystery to me as it seems attractive to create sub-admin groups with lesser rights than the server admin and with a lower needed member add power.

    I think that either:
    • you should not be able to add yourself to server-wide groups as a channel admin
    • the fact that the channel admin has rights to add himself to server-wide groups should be advertised more
    • the add powers should differentiate between server and channel groups


    I understand that it is logical to have enough rights as a channel admin to add other channel admins on your own server. I do not get however why it is necessary to be able to aquire a servergroup while being a channel admin.

    Is this simply a limitation of the (current) permission system?

  2. #2
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    This is something you need to adjust on your server. This is how someone can come on your server as a guest, get channel admin, and then grant themselves server admin because CA could possibly give them enough add power to add themselves to the SA group.


    By default a server group has a needed add power of 75 which would require SA to add someone to that group. If you've lowered this needed power then a CA could add themselves to the SA group.

  3. #3
    Join Date
    January 2010
    Location
    Germany
    Posts
    27
    I know that, and I have adjusted my server properly. Just seeing that many server admins apparently are unaware of this issue, and that I don't really see the point in letting channel admins add themselves to servergroups (as channel admins are meant to only have rights in the channel they are admin of, don't they?), I think this might be an issue that the community needs to be made aware of.

    It just does not occur to all people that channel admins have such rights, so the fact is ignored and unsafe server groups are created.

  4. #4
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    I really don't think most people realize they are allowing this which is why they would have it set that way. By default you cannot do this so they had to have made a change to their permissions to allow this.

    I agree those that don't know this is possible need to be made aware of the issue. In the end you can't protect everyone from themselves....

  5. #5
    Join Date
    January 2010
    Location
    Germany
    Posts
    27
    Quote Originally Posted by poisonpanik View Post
    I really don't think most people realize they are allowing this which is why they would have it set that way. By default you cannot do this so they had to have made a change to their permissions to allow this.
    I think it is very much possible by default. Imagine this:

    A serveradmin wants to create a group capable of kicking clients and creating permanent channels. He might name the group "Local admin" or whatever, and give the group members the right to add other local admins, because he trusts them. So, he would for example set the needed_member_add_power and member_add_power to 50 (or whatever value below 50).

    At this moment, he would need to be aware that channel admins also have that power, and could now add themselves to that group. But why exactly would he be aware of that fact? I find it is unrealistic to believe that all serveradmins crawl through all the group permissions to find that they created something unsecure, because of the logic behind channel admins.

    But I too see, that this might be a difficult issue to resolve and might just be ignored because of the "specific" kind of steps needed to create such circumstances.

    Quote Originally Posted by poisonpanik View Post
    I agree those that don't know this is possible need to be made aware of the issue. In the end you can't protect everyone from themselves....
    I might blow things out of proportion here, but I was just curious as to why this was possible in the first place.

  6. #6
    Join Date
    February 2006
    Location
    Texas, USA
    Posts
    4,143
    This really just comes down to understanding the permission system and how each tier interacts with the rest of them. If you take the default settings you get with a server the first time you run it this is not possible. Should you change something or create something new then it is on you, the user, to ensure you have not created a problem.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Resolved] Reset channel admin rights
    By Black Tiger in forum Permission System
    Replies: 1
    Last Post: July 30th, 2015, 09:51 AM
  2. Kick-Rights for Channel-Admin
    By chip1602 in forum Windows
    Replies: 6
    Last Post: April 12th, 2010, 09:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •