Minetest: Create admin/priveleged user on servers by default

Created on 2 Aug 2019  Â·  3Comments  Â·  Source: minetest/minetest

Problem

If someone joins with the username of the admin (set by name = admin in minetest.conf), they can gain privileges undesired by server owner. Currently the server displays warning messages until someone is logged in as this user. As things stand now, there is _almost always_ a time after initial server start in which server privileges can be hijacked.

Solutions

The user should be created automatically using either:

  1. a random password that can be changed via console, or;
  2. a password set in config files, having both a name = and password = makes sense.
Feature request No core dev support long term Unconfirmed bug
Source
picture ghost

Most helpful comment

FYI: name defaults to empty value. As soon you host a server it will be assigned to your name as well. Your issue here seems to be that you'd like to use the same minetest.conf for the client and your dedicated server. Using different files would make more sense in this case.
https://github.com/minetest/minetest/blob/3ad9a8f3a978b41a88ebf8a88690ad658cd132c7/src/defaultsettings.cpp#L32

picture SmallJoker on 2 Aug 2019
👍2

All 3 comments

You can set default_password for the first time that you start your server.

Desour picture Desour on 2 Aug 2019

FYI: name defaults to empty value. As soon you host a server it will be assigned to your name as well. Your issue here seems to be that you'd like to use the same minetest.conf for the client and your dedicated server. Using different files would make more sense in this case.
https://github.com/minetest/minetest/blob/3ad9a8f3a978b41a88ebf8a88690ad658cd132c7/src/defaultsettings.cpp#L32

SmallJoker picture SmallJoker on 2 Aug 2019
👍2

In fact you are warned as such when issuing --terminal

On Fri, Aug 2, 2019, 3:08 PM SmallJoker notifications@github.com wrote:

FYI: name defaults to empty value. As soon you host a server it will be
assigned to your name as well. Your issue here seems to be that you'd like
to use the same minetest.conf for the client and your dedicated server.
Using different files would make more sense in this case.

https://github.com/minetest/minetest/blob/3ad9a8f3a978b41a88ebf8a88690ad658cd132c7/src/defaultsettings.cpp#L32

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/minetest/minetest/issues/8741?email_source=notifications&email_token=AFS4UYRLATORNPPBA4CMGT3QCSA3LA5CNFSM4IJAHMRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3OTD6A#issuecomment-517812728,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFS4UYQS7BILISJJ3GELWKLQCSA3LANCNFSM4IJAHMRA
.

ghost picture ghost on 4 Aug 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

paramat picture paramat  Â·  3Comments
HybridDog picture HybridDog  Â·  3Comments
HybridDog picture HybridDog  Â·  3Comments
kilbith picture kilbith  Â·  3Comments
FaceDeer picture FaceDeer  Â·  3Comments