From f2a37597cf3e603cbd12b0c866506a8bb84b7ae5 Mon Sep 17 00:00:00 2001 From: Badlop Date: Mon, 19 Oct 2009 17:02:37 +0000 Subject: [PATCH] In default config, only local accounts can create rooms and pubsub nodes. SVN Revision: 2683 --- doc/guide.html | 10 ++++++---- doc/guide.tex | 9 +++++---- doc/release_notes_2.1.0.txt | 1 + src/ejabberd.cfg.example | 11 +++++++---- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/doc/guide.html b/doc/guide.html index 8346c80b3..08f8bb14a 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -2306,11 +2306,11 @@ is replaced at start time with the real virtual host name.
{access, AccessName}
You can specify who is allowed to use the Multi-User Chat service. By default everyone is allowed to use it.
{access_create, AccessName}
To configure who is -allowed to create new rooms at the Multi-User Chat service, this option -can be used. By default everybody is allowed to create rooms. +allowed to create new rooms at the Multi-User Chat service, this option can be used. +By default any account in the local ejabberd server is allowed to create rooms.
{access_persistent, AccessName}
To configure who is allowed to modify the ’persistent’ room option. -By default everybody is allowed to modify that option. +By default any account in the local ejabberd server is allowed to modify that option.
{access_admin, AccessName}
This option specifies who is allowed to administrate the Multi-User Chat service. The default value is none, which means that only the room creator can @@ -2791,7 +2791,9 @@ is replaced at start time with the real virtual host name.
{access_createnode, AccessName}
This option restricts which users are allowed to create pubsub nodes using -ACL and ACCESS. The default value is pubsub_createnode.
{max_items_node, MaxItems}
+ACL and ACCESS. +By default any account in the local ejabberd server is allowed to create pubsub nodes. +
{max_items_node, MaxItems}
Define the maximum number of items that can be stored in a node. Default value is 10.
{plugins, [ Plugin, ...]}
diff --git a/doc/guide.tex b/doc/guide.tex index e8f8fad2f..57a754548 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -3028,11 +3028,11 @@ Module options: \titem{\{access, AccessName\}} \ind{options!access}You can specify who is allowed to use the Multi-User Chat service. By default everyone is allowed to use it. \titem{\{access\_create, AccessName\}} \ind{options!access\_create}To configure who is - allowed to create new rooms at the Multi-User Chat service, this option - can be used. By default everybody is allowed to create rooms. + allowed to create new rooms at the Multi-User Chat service, this option can be used. + By default any account in the local ejabberd server is allowed to create rooms. \titem{\{access\_persistent, AccessName\}} \ind{options!access\_persistent}To configure who is allowed to modify the 'persistent' room option. - By default everybody is allowed to modify that option. + By default any account in the local ejabberd server is allowed to modify that option. \titem{\{access\_admin, AccessName\}} \ind{options!access\_admin}This option specifies who is allowed to administrate the Multi-User Chat service. The default value is \term{none}, which means that only the room creator can @@ -3572,7 +3572,8 @@ Options: \hostitem{pubsub} \titem{\{access\_createnode, AccessName\}} \ind{options!access\_createnode} This option restricts which users are allowed to create pubsub nodes using - ACL and ACCESS. The default value is \term{pubsub\_createnode}. % Not clear enough + do not use abbreviations. + ACL and ACCESS. + By default any account in the local ejabberd server is allowed to create pubsub nodes. \titem{\{max\_items\_node, MaxItems\}} \ind{options!max\_items\_node} Define the maximum number of items that can be stored in a node. Default value is 10. diff --git a/doc/release_notes_2.1.0.txt b/doc/release_notes_2.1.0.txt index 1a68682e0..9d93b2495 100644 --- a/doc/release_notes_2.1.0.txt +++ b/doc/release_notes_2.1.0.txt @@ -65,6 +65,7 @@ - New syntax to specify the network protocol: tcp or udp - Report error at startup if a listener module isn't available - Only listen in a port when actually ready to serve requests +- In default config, only local accounts can create rooms and PubSub nodes * Core architecture - More verbose error reporting for xml:element_to_string diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example index f9c522b31..a69261f08 100644 --- a/src/ejabberd.cfg.example +++ b/src/ejabberd.cfg.example @@ -415,11 +415,14 @@ %% Admins of this server are also admins of MUC service: {access, muc_admin, [{allow, admin}]}. +%% Only accounts of the local ejabberd server can create rooms: +{access, muc_create, [{allow, local}]}. + %% All users are allowed to use MUC service: {access, muc, [{allow, all}]}. -%% Everybody can create pubsub nodes -{access, pubsub_createnode, [{allow, all}]}. +%% Only accounts in the local ejabberd server can create Pubsub nodes: +{access, pubsub_createnode, [{allow, local}]}. %% In-band registration allows registration of any possible username. %% To disable in-band registration, replace 'allow' with 'deny'. @@ -494,8 +497,8 @@ {mod_muc, [ %%{host, "conference.@HOST@"}, {access, muc}, - {access_create, muc}, - {access_persistent, muc}, + {access_create, muc_create}, + {access_persistent, muc_create}, {access_admin, muc_admin} ]}, %%{mod_muc_log,[]},