Skip to content

Add super user privilege #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
richardscull merged 12 commits into from
Jan 11, 2026
Merged

Add super user privilege #97

richardscull merged 12 commits into from
Jan 11, 2026

Conversation

@richardscull
Copy link
Member

@richardscull richardscull commented Jan 11, 2026
edited
Loading

This PR introduces new UserPrivilege of SuperUser, this privilege can be obtained through hidden !claimowner command. For the security, the command requires two things to be true:

  • User should provide a secret key, which would be printed in server console on startup if no other SuperUser exists.
  • No other users should have SuperUser privilege.

Since SuperUser is one of the highest roles, it can't be given to anyone else using API or Bancho commands, so if you want to transfer SuperUser to another account, add DEMOTE_SUPERUSER_ON_STARTUP_USE_THIS_IF_SOMEONE_STOLEN_YOUR_SUPERUSER_ACCOUNT=true in the .env for your environment at startup. It will demote previous user who had SuperUser and print new secret key in console.

Also, all Developer privileged commands/actions now require SuperUser instead. To this, only SuperUser will not be kicked from the server if the maintenance mode will be enabled.

This PR should help self-hosters who don't have direct DB access or don't have the knowledge to get initial privileges for the superuser account.

@richardscull richardscull self-assigned this Jan 11, 2026
@richardscull richardscull added enhancement New feature or request Minor release This pull request introduces small enhancements, non-breaking feature updates, and improvements. labels Jan 11, 2026
@richardscull richardscull marked this pull request as ready for review January 11, 2026 18:22
@richardscull richardscull merged commit 9f4fcef into master Jan 11, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@richardscull richardscull

Labels

enhancement New feature or request Minor release This pull request introduces small enhancements, non-breaking feature updates, and improvements.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@richardscull