Ventrilo Tech Support  

Go Back   Ventrilo Tech Support > Main Category > Server

Reply
 
Thread Tools Display Modes
Old 06-23-2009, 09:35 PM   #1
Thunk84
Junior Member
 
Join Date: Jun 2009
Posts: 5
Default Sub admins can give accounts more authority than the admin

On our vent server, we have two people with full admin accounts. We have several people, though, that we want to create new user accounts in case the two main people are not on. They have authority to "Add Users" on the admin tab, but the do not have authority to "In reserved list" or "Add Phantoms" in the Network tab.

I noticed today, that while a subadmin can't edit their own permissions (it's blocked by the server), they *can* create a new account and they can give that account higher permissions than they themselves have. For example, the subadmins can create an account that can add phantoms, even though the sub admins themselves cannot. I believe they can create accounts that have "server admin" rights even though they themselves do not have server admin rights.

I was expecting accounts created by a sub admin to not be able to create accounts with more authority than the sub admin. Am I configuring something wrong on the sub admins? Or is this a known issue?

Thanks,

Last edited by Thunk84; 06-24-2009 at 12:10 PM. Reason: corrected "people are on" to "people are not on" in first, sentence. Clarified second paragraph.
Thunk84 is offline   Reply With Quote
Old 06-24-2009, 09:21 AM   #2
Prog-Rocker
just tryin to help
 
Join Date: Jul 2006
Location: Local Space/Time Continuum
Posts: 23,468
Default

in the admin tab, do those users also have the 'server admin' permission?
Prog-Rocker is offline   Reply With Quote
Old 06-24-2009, 12:07 PM   #3
Thunk84
Junior Member
 
Join Date: Jun 2009
Posts: 5
Default

Hi Prog-Rocker,

No, they do not have "server admin" checked. They have add user, edit user, delete user, ban user, and channel auth.

I guess I can take away the "add user" and "edit user" rights, but we really wanted the sub admins to be able to handle that kind of stuff.

Thanks,
Thunk84 is offline   Reply With Quote
Old 06-24-2009, 12:28 PM   #4
Prog-Rocker
just tryin to help
 
Join Date: Jul 2006
Location: Local Space/Time Continuum
Posts: 23,468
Default

let me test this,

what version of server are you connecting to?

Last edited by Prog-Rocker; 06-24-2009 at 12:30 PM.
Prog-Rocker is offline   Reply With Quote
Old 06-24-2009, 12:54 PM   #5
Prog-Rocker
just tryin to help
 
Join Date: Jul 2006
Location: Local Space/Time Continuum
Posts: 23,468
Default

'add users' permission can't assign admin permissions to other users they create. the admin tab is grayed out. tho they can give 'add phantom'

it's also possible that they logged in with the admin password after connecting and then created the new accts. you can check for this using RCON

loggrep 50 ADMIN

(case sensitive)
Prog-Rocker is offline   Reply With Quote
Old 06-24-2009, 03:16 PM   #6
Thunk84
Junior Member
 
Join Date: Jun 2009
Posts: 5
Default

Hey Prog,

I don't have the server URL with me at work, I'll get you version number when I get home tonight. I'll also see if I can put up some screenshots of what I'm seeing. I actually created two accounts for myself, one with admin and one without. So, I know that I had not logged in with the admin password.

But, in any case, you did confirm the biggest issue: that a user with "add user" but not "phantom" permissions can indeed create a new user and give them phantom permissions. We want many users to be able to create new users, but we want very few users to have the advantages available on the network tab.

Thanks!
Thunk84 is offline   Reply With Quote
Old 06-24-2009, 03:18 PM   #7
Thunk84
Junior Member
 
Join Date: Jun 2009
Posts: 5
Default

Actually, let me ask an alternative question: is there anyway to ensure there's a "joined channel" announcement when a phantom joins? That's the root of our issue.
Thunk84 is offline   Reply With Quote
Old 06-25-2009, 11:51 AM   #8
tb123
Member
 
Join Date: May 2009
Location: Inside my vent server
Posts: 32
Default

phantoms are listen only so there technically not a "user joined" wave file sound .. you can make it so if they dont have authorization to the channel they can not add a phantom to that channel.

check out my post on "channel basics" http://www.ventrilo.com/forums/showthread.php?t=37638
tb123 is offline   Reply With Quote
Old 06-25-2009, 11:58 AM   #9
Thunk84
Junior Member
 
Join Date: Jun 2009
Posts: 5
Default

Thanks, TB123, but I think you missed my main concern: we have already limited all users from creating phantoms; however, anyone that can create new users can give anyone else the ability to create phantoms. I had expected users to be unable to grant permissions that they themselves do not have.

So, it seems our only option to truly disable phantoms is to take away create/edit permissions from all users. This will be a painful transition for our group; several folks will see this as a demotion. Oh well.
Thunk84 is offline   Reply With Quote
Old 06-25-2009, 02:58 PM   #10
Prog-Rocker
just tryin to help
 
Join Date: Jul 2006
Location: Local Space/Time Continuum
Posts: 23,468
Default

i have forwarded the phantom situation to the Devs for consideration.
Prog-Rocker is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -5. The time now is 04:44 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2021, vBulletin Solutions, Inc.