Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?
Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?
cribz wrote: Hi, a user
Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?
Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?
Read instruction more
mod_adhoc access control?
Read instruction more http://www.process-one.net/docs/ejabberd/guide_en.html#htoc56
Thanks, indeed I already had denied access to mod_register to anyone, as described in the user guide:
{access, register, [{deny, all}]}.{modules,
[
...
{mod_register, [{access, register}]},
...
]}.
...but the user was able to delete his account anyway!
So I guess this is a mod_adhoc problem. But I didn't find any documentation about settin access controls on mod_adhoc. Is this possible?
It will be so
It will be so:
{modules,[
...
%% {mod_register, [{access, register}]},
...
]}.
cribz wrote: Hi, a user
Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?
Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?
mod_register only has Access options to control registration, not unregistration.
The only solution is to disable mod_register completely. Accounts can still be deleted using ejabberdctl, WebAdmin and Adhoc Commands.