search

mumble-voip / grumble

Alternative Mumble server
http://mumble.info/grumble
Other
276 stars 87 forks source link

Why `SuperUser` can't speak or whisper #72

Closed pedropalau closed 4 years ago

pedropalau commented 4 years ago

https://github.com/mumble-voip/grumble/blob/6f8c2bf2f51fddc1cb09e3385bc4e9db5dc43ba9/pkg/acl/acl.go#L95

I've looking into this code, and found that the SuperUser can't talk or whisper and that is strange, so we want to know what is the reason behind this decision.

We are using Grumble in Wahay.

rubenseyer commented 4 years ago

The SuperUser is a special account for initial configuration not suitable for regular use (kind of like you wouldn't use the root/Administrator account on your own computer all the time), so this discourages regular use. The proper way to do this, no matter which server implementation you use, is to set up ACLs for registered users with certificates so that you have fine-grained permission control. (But see #71.)

I don't know if this fits nicely into your use-case. I guess you're not very keen on registration and certificates, so an alternative is to use access tokens and give that group the required permissions. In that case, as long as they know the token (password), the user can have rights AND be identified as themselves. But it is less secure compared to certificates, of course, because they can in theory be brute-forced.

pedropalau commented 4 years ago

Thanks @rubenseyer for your reply, and yes, I agree with everything you say and it makes perfect sense.

We are using Grumble in Wahay to start a local server and then users can join that server throw the Tor network using onion services. Therefore, in our case it's no a security problem granting all the privileges to the SuperUser in each meeting, because the server is not active long enough to be attacked.

We have a Grumble fork here and if you want to take a look at the Wahay code check it out here.

We would appreciate any contribution to the project.