Difference between revisions of "Security(Admin)"
(Created page with "{{CoffeeMUDAdministratorTOC}} CoffeeMUD provides flexibility in determining which builders have access to which systems within the MUD. The [http://www.coffeemud.net/guides/Ar...") |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{CoffeeMUDAdministratorTOC}} | {{CoffeeMUDAdministratorTOC}} | ||
− | + | SECURITY in CoffeeMud is on a player by player basis. SYSOP status is defined as the ultimate security to do anything, anywhere, at any time. Access to all commands in all areas will be available. SYSOP status is defined in the CoffeeMud ini file entry SYSOPMASK which establishes the player characteristics that designate SYSOPS. All players who meet the requirements of the mask are automatically SYSOPS. | |
+ | |||
+ | The [http://www.coffeemud.net/guides/ArchonGuide.html#Security Archon's Guide security section] has more details on setting up security groups. | ||
=Managing Security Permissions= | =Managing Security Permissions= | ||
− | Security groups can be created and managed | + | Security groups can be created and managed through the MUD Grinder Control Panel [[Security(ControlPanel)|Security]] tab or in the ini file (the control panel modifies the ini file). A Security GROUP consists of a group name, and a set of strings or codes representing privileges for that group. Each group is prefixed in the INI file with the "GROUP_". However, you should not use the "GROUP_" when adding group privileges to the Security field of a player. For instance, if you have "GROUP_BUILDER" defined in the INI file, then you would add "BUILDER" to Security when modifying a player in order to make that user part of the BUILDER group. The security codes which make up each group are implicitly global, but can be qualified as area-only using the keyword "AREA". |
+ | |||
+ | ==Security Tags== | ||
+ | The following are the default strings or codes which, when found in a players security settings or in a group definition, confer the listed privileges. Each of these settings may be entered as listed below, or prefixed with the word "AREA" followed by a space, followed by the key. This has the effect of making that privilege only available in or at areas where the Player is listed in the areas "Staff" setting. For example, the security code "ANNOUNCE" by itself confers the global ability to use the ANNOUNCE command. The security code "AREA ANNOUNCE" means that the ANNOUNCE command can only be used inside areas where the player is listed as Staff. | ||
+ | |||
+ | *ABOVELAW=Immunity to the Arrest behavior. | ||
+ | *AFTER=The ability to use the command of the same name. | ||
+ | *AHELP=The ability to access administrative help files. | ||
+ | *ALLSKILLS=This code gives the player access to ALL skills,songs,prayers,spells at their next login. | ||
+ | *ANNOUNCE=The ability to use the command of the same name. | ||
+ | *AS=The ability to use the command of the same name. | ||
+ | *AT=The ability to use the command of the same name. | ||
+ | *BAN=The ability to use the command of the same name, as well as DESTROY BAN, LIST BAN, and access the BAN MUDGrinder feature. | ||
+ | *BEACON=The ability to use the command of the same name. | ||
+ | *BOOT=The ability to use the command of the same name. | ||
+ | *CHARGEN=The ability to use the command of the same name. | ||
+ | *CLOAK=The ability to use the command of the same name, as well as see those who are cloaked. | ||
+ | *CMDAREAS=The ability to Create, Modify, and Destroy areas. Also gains access to the MUDGrinder area tool. | ||
+ | *CMDCLANS=The ability to Modify or Destroy clans. | ||
+ | *CMDCLASSES=The Ability to Create, Modify, Destroy custom classes. | ||
+ | *CMDABILITIES=The Ability to Create, Modify, Destroy custom abilities. | ||
+ | *CMDEXITS=The Ability to Create, Modify, Link, Unlink, or Destroy exits. | ||
+ | *CMDITEMS=The Ability to Create, Modify, Destroy items in rooms. | ||
+ | *CMDMOBS=The Ability to Create, Modify, Destroy mobs in rooms. This code also prevents Mobile mobs from wandering away and confers other similar priviledges. | ||
+ | *CMDRECIPES=The Ability to Create, Modify, Destroy Common Skill recipe items. | ||
+ | *CMDPLAYERS=The Ability to Modify or Destroy players. Also has the ability to view Player settings in the MUDGrinder. | ||
+ | *CMDQUESTS=The Ability to Create, Modify, Destroy quests. Also has the ability to access the quests and file editors in the MUDGrinder. | ||
+ | *CMDRACES=The Ability to Create, Modify, Destroy custom races. | ||
+ | *CMDFACTIONS=The Ability to Create, Modify, and Destroy factions. | ||
+ | *CMDROOMS=The ability to Create, Modify, and Destroy rooms. Also gains access to the MUDGrinder area tool. | ||
+ | *CMDSOCIALS=The Ability to Create, Modify, Destroy socials. | ||
+ | *COMPONENTS=The Ability to Create, Modify, Destroy spell/skill components. | ||
+ | *EXPERTISE=The Ability to Create, Modify, Destroy spell/skill expertises. | ||
+ | *TITLES=The Ability to Create, Modify, Destroy player auto-titles. | ||
+ | *CARRYALL=Overrides item carrying restrictions. | ||
+ | *CATALOG=The ability to use the catalog command of mobs and items. | ||
+ | *COPYITEMS=The Ability to copy existing items. | ||
+ | *COPYMOBS=The Ability to copy existing items. | ||
+ | *COPYROOMS=The ability to copy existing rooms. | ||
+ | *DUMPFILE=The ability to use the command of the same name. | ||
+ | *EXPORT=The ability to export mobs, items, or rooms. | ||
+ | *EXPORTFILE=The ability to export to a file. Requires EXPORT or EXPORTPLAYERS. | ||
+ | *EXPORTPLAYERS=The ability to export player data. | ||
+ | *FS: <path>=The ability to read/write files in the local path given. No preceding / chars! | ||
+ | *GMODIFY=The ability to use the command of the same name. | ||
+ | *GOTO=The ability to use the command of the same name, as well as walk through doors. | ||
+ | *IDLEOK=This code makes the player exempt from any idletimer settings from the coffeemud.ini file. | ||
+ | *I3=The ability to manage the CHANNELS aspect of I3. | ||
+ | *IMMORT=Players with this code never ever die. | ||
+ | *IMPORTITEMS=The ability to import items into a room. | ||
+ | *IMPORTMOBS=The ability to import mobs into a room. | ||
+ | *IMPORTPLAYERS=The ability to import players from a file. | ||
+ | *IMPORTROOMS=The ability to import rooms or areas from a file. | ||
+ | *JOURNALS=The ability to administer all journals. | ||
+ | *JSCRIPTS=The ability to approve javascript in Scriptabler behaviors. | ||
+ | *KILLSTUCK=The ability to LIST and DESTROY entries in the STUCK list. | ||
+ | *KILLBUGS=The ability to LIST and DESTROY entries in the BUG list. | ||
+ | *KILLDEAD=The ability to kill anyone by entering 'kill [name] dead' | ||
+ | *KILLIDEAS=The ability to LIST and DESTROY entries in the IDEAS list. | ||
+ | *KILLTYPOS=The ability to LIST and DESTROY entries in the TYPOS list. | ||
+ | *LISTADMIN=The ability to LIST ticks, the log, reports, or threads. | ||
+ | *LOADUNLOAD=The ability to load and unload resources. Also gains access to resource manager in MUDGrinder. | ||
+ | *MERGE=The ability to merge mob or item changes from a file or database. | ||
+ | *MXPTAGS=The ability to insert MXP tags using the^ <^ >^ & syntax. | ||
+ | *NOEXPIRE=This character never expires, but always remains active. | ||
+ | *NOPURGE=The ability to add, LIST, or DESTROY entries on the NOPURGE list. | ||
+ | *ORDER=The ability to order mobs around. Also grants the ability to GIVE without failure, and use Take and Dress without failure. The global version of this code also allows ordering players. | ||
+ | *PKILL=The ability to override PKILL flag settings. | ||
+ | *POSSESS=The ability to use the command of the same name. | ||
+ | *PURGE=The ability to use the command of the same name. | ||
+ | *RESET=The ability to use the command of the same name as it applies to rooms or areas. | ||
+ | *RESETUTILS=The ability to use the command of the same name as it applies to the miscellaneous RESET tools. | ||
+ | *RESTRING=The ability to use the command of the same name. | ||
+ | *SESSIONS=The ability to use the command of the same name. | ||
+ | *SHUTDOWN=The ability to use the command of the same name. | ||
+ | *SNOOP=The ability to use the command of the same name. | ||
+ | *STAT=The ability to use the command of the same name. | ||
+ | *SUPERSKILL=This code makes it impossible for the player to fumble a spell or skill that they have. | ||
+ | *SYSMSGS=The ability to use the command of the same name. | ||
+ | *TASKS=The ability to ADD, LIST and DESTROY entries in the TASKS list. | ||
+ | *TICKTOCK=The ability to use the command of the same name. | ||
+ | *TRAILTO=The ability to use the command of the same name. | ||
+ | *TRANSFER=The ability to use the command of the same name. | ||
+ | *VFS: <path>=The ability to read/write files in the vfs path given. No preceding / chars! | ||
+ | *WHERE=The ability to use the command of the same name. | ||
+ | *WIZINV=The ability to use the command of the same name, as well as see those who are WIZINV. | ||
=Assigning Users Security Permissions= | =Assigning Users Security Permissions= | ||
− | To assign a user a security permission or security group, MODIFY USER (username) and edit their Securities field. You can also edit the user from the Player Manager editor in the MUD Grinder. Multiple security permissions or security groups may be added to a single user in a comma-delimited list in this field. | + | Players who are not SYSOPS may also be granted specific privileges. Each of the privileges may be limited to specific areas, or available globally. Privileges are defined in the Security section of a players settings. Each security code listed for a player may be either a list of security Groups, or a specific security code. |
+ | |||
+ | Remember that the name of the group is the part AFTER the word "GROUP_". So, for example, the name of the group defined by the entry GROUP_SUBOP is actually SUBOP. | ||
+ | |||
+ | To assign a user a security permission or security group, MODIFY USER (username) and edit their Securities field. You can also edit the user from the Player Manager editor in the MUD Grinder. Multiple security permissions or security groups may be added to a single user in a comma-delimited list in this field. | ||
+ | |||
+ | Here is an example Security setting for a player: | ||
+ | Security: BUILDER, AREA GOTO, SNOOP, VFS: RESOURCES/TEXT/ | ||
+ | The above would give a player access to the BUILDER group defined by GROUP_BUILDER in your INI file. It would also give access to the GOTO command, but only insofar as it relates to areas where the player is listed as Staff. Lastly, it gives global access to the Snoop command. | ||
=Notes= | =Notes= | ||
. | . |
Latest revision as of 21:06, 27 June 2023
CoffeeMUD |
---|
Administrator Builder Player |
=CoffeeMUD Administrator Information= |
---|
Installation Help Development Modification Feature Requests Mud Grinder ini Security CMARE Share Wiki |
SECURITY in CoffeeMud is on a player by player basis. SYSOP status is defined as the ultimate security to do anything, anywhere, at any time. Access to all commands in all areas will be available. SYSOP status is defined in the CoffeeMud ini file entry SYSOPMASK which establishes the player characteristics that designate SYSOPS. All players who meet the requirements of the mask are automatically SYSOPS.
The Archon's Guide security section has more details on setting up security groups.
Contents
Managing Security Permissions
Security groups can be created and managed through the MUD Grinder Control Panel Security tab or in the ini file (the control panel modifies the ini file). A Security GROUP consists of a group name, and a set of strings or codes representing privileges for that group. Each group is prefixed in the INI file with the "GROUP_". However, you should not use the "GROUP_" when adding group privileges to the Security field of a player. For instance, if you have "GROUP_BUILDER" defined in the INI file, then you would add "BUILDER" to Security when modifying a player in order to make that user part of the BUILDER group. The security codes which make up each group are implicitly global, but can be qualified as area-only using the keyword "AREA".
Security Tags
The following are the default strings or codes which, when found in a players security settings or in a group definition, confer the listed privileges. Each of these settings may be entered as listed below, or prefixed with the word "AREA" followed by a space, followed by the key. This has the effect of making that privilege only available in or at areas where the Player is listed in the areas "Staff" setting. For example, the security code "ANNOUNCE" by itself confers the global ability to use the ANNOUNCE command. The security code "AREA ANNOUNCE" means that the ANNOUNCE command can only be used inside areas where the player is listed as Staff.
- ABOVELAW=Immunity to the Arrest behavior.
- AFTER=The ability to use the command of the same name.
- AHELP=The ability to access administrative help files.
- ALLSKILLS=This code gives the player access to ALL skills,songs,prayers,spells at their next login.
- ANNOUNCE=The ability to use the command of the same name.
- AS=The ability to use the command of the same name.
- AT=The ability to use the command of the same name.
- BAN=The ability to use the command of the same name, as well as DESTROY BAN, LIST BAN, and access the BAN MUDGrinder feature.
- BEACON=The ability to use the command of the same name.
- BOOT=The ability to use the command of the same name.
- CHARGEN=The ability to use the command of the same name.
- CLOAK=The ability to use the command of the same name, as well as see those who are cloaked.
- CMDAREAS=The ability to Create, Modify, and Destroy areas. Also gains access to the MUDGrinder area tool.
- CMDCLANS=The ability to Modify or Destroy clans.
- CMDCLASSES=The Ability to Create, Modify, Destroy custom classes.
- CMDABILITIES=The Ability to Create, Modify, Destroy custom abilities.
- CMDEXITS=The Ability to Create, Modify, Link, Unlink, or Destroy exits.
- CMDITEMS=The Ability to Create, Modify, Destroy items in rooms.
- CMDMOBS=The Ability to Create, Modify, Destroy mobs in rooms. This code also prevents Mobile mobs from wandering away and confers other similar priviledges.
- CMDRECIPES=The Ability to Create, Modify, Destroy Common Skill recipe items.
- CMDPLAYERS=The Ability to Modify or Destroy players. Also has the ability to view Player settings in the MUDGrinder.
- CMDQUESTS=The Ability to Create, Modify, Destroy quests. Also has the ability to access the quests and file editors in the MUDGrinder.
- CMDRACES=The Ability to Create, Modify, Destroy custom races.
- CMDFACTIONS=The Ability to Create, Modify, and Destroy factions.
- CMDROOMS=The ability to Create, Modify, and Destroy rooms. Also gains access to the MUDGrinder area tool.
- CMDSOCIALS=The Ability to Create, Modify, Destroy socials.
- COMPONENTS=The Ability to Create, Modify, Destroy spell/skill components.
- EXPERTISE=The Ability to Create, Modify, Destroy spell/skill expertises.
- TITLES=The Ability to Create, Modify, Destroy player auto-titles.
- CARRYALL=Overrides item carrying restrictions.
- CATALOG=The ability to use the catalog command of mobs and items.
- COPYITEMS=The Ability to copy existing items.
- COPYMOBS=The Ability to copy existing items.
- COPYROOMS=The ability to copy existing rooms.
- DUMPFILE=The ability to use the command of the same name.
- EXPORT=The ability to export mobs, items, or rooms.
- EXPORTFILE=The ability to export to a file. Requires EXPORT or EXPORTPLAYERS.
- EXPORTPLAYERS=The ability to export player data.
- FS: <path>=The ability to read/write files in the local path given. No preceding / chars!
- GMODIFY=The ability to use the command of the same name.
- GOTO=The ability to use the command of the same name, as well as walk through doors.
- IDLEOK=This code makes the player exempt from any idletimer settings from the coffeemud.ini file.
- I3=The ability to manage the CHANNELS aspect of I3.
- IMMORT=Players with this code never ever die.
- IMPORTITEMS=The ability to import items into a room.
- IMPORTMOBS=The ability to import mobs into a room.
- IMPORTPLAYERS=The ability to import players from a file.
- IMPORTROOMS=The ability to import rooms or areas from a file.
- JOURNALS=The ability to administer all journals.
- JSCRIPTS=The ability to approve javascript in Scriptabler behaviors.
- KILLSTUCK=The ability to LIST and DESTROY entries in the STUCK list.
- KILLBUGS=The ability to LIST and DESTROY entries in the BUG list.
- KILLDEAD=The ability to kill anyone by entering 'kill [name] dead'
- KILLIDEAS=The ability to LIST and DESTROY entries in the IDEAS list.
- KILLTYPOS=The ability to LIST and DESTROY entries in the TYPOS list.
- LISTADMIN=The ability to LIST ticks, the log, reports, or threads.
- LOADUNLOAD=The ability to load and unload resources. Also gains access to resource manager in MUDGrinder.
- MERGE=The ability to merge mob or item changes from a file or database.
- MXPTAGS=The ability to insert MXP tags using the^ <^ >^ & syntax.
- NOEXPIRE=This character never expires, but always remains active.
- NOPURGE=The ability to add, LIST, or DESTROY entries on the NOPURGE list.
- ORDER=The ability to order mobs around. Also grants the ability to GIVE without failure, and use Take and Dress without failure. The global version of this code also allows ordering players.
- PKILL=The ability to override PKILL flag settings.
- POSSESS=The ability to use the command of the same name.
- PURGE=The ability to use the command of the same name.
- RESET=The ability to use the command of the same name as it applies to rooms or areas.
- RESETUTILS=The ability to use the command of the same name as it applies to the miscellaneous RESET tools.
- RESTRING=The ability to use the command of the same name.
- SESSIONS=The ability to use the command of the same name.
- SHUTDOWN=The ability to use the command of the same name.
- SNOOP=The ability to use the command of the same name.
- STAT=The ability to use the command of the same name.
- SUPERSKILL=This code makes it impossible for the player to fumble a spell or skill that they have.
- SYSMSGS=The ability to use the command of the same name.
- TASKS=The ability to ADD, LIST and DESTROY entries in the TASKS list.
- TICKTOCK=The ability to use the command of the same name.
- TRAILTO=The ability to use the command of the same name.
- TRANSFER=The ability to use the command of the same name.
- VFS: <path>=The ability to read/write files in the vfs path given. No preceding / chars!
- WHERE=The ability to use the command of the same name.
- WIZINV=The ability to use the command of the same name, as well as see those who are WIZINV.
Assigning Users Security Permissions
Players who are not SYSOPS may also be granted specific privileges. Each of the privileges may be limited to specific areas, or available globally. Privileges are defined in the Security section of a players settings. Each security code listed for a player may be either a list of security Groups, or a specific security code.
Remember that the name of the group is the part AFTER the word "GROUP_". So, for example, the name of the group defined by the entry GROUP_SUBOP is actually SUBOP.
To assign a user a security permission or security group, MODIFY USER (username) and edit their Securities field. You can also edit the user from the Player Manager editor in the MUD Grinder. Multiple security permissions or security groups may be added to a single user in a comma-delimited list in this field.
Here is an example Security setting for a player: Security: BUILDER, AREA GOTO, SNOOP, VFS: RESOURCES/TEXT/ The above would give a player access to the BUILDER group defined by GROUP_BUILDER in your INI file. It would also give access to the GOTO command, but only insofar as it relates to areas where the player is listed as Staff. Lastly, it gives global access to the Snoop command.
Notes
.