PermissionsEx

PermissionsEx

14M Downloads

Any op can go into a command block and promote themselves

MC-Admin40 opened this issue · 3 comments

commented

to completely separate the permissions given as op from pex perms, the only way would be to have some distinction or togglable ability to be able to activate a command to promote yourself if opped and in gamemode 1. If you cannot fix this, can you at least list an alternative to point me in the right direction as to how im gonna trust mods if i let them change config to not mess with their rank.

commented

A few important things to know:

• In short, don't use OP on a server that uses any plugins. OP is for Vanilla servers that do not use any plugins at all. OP is essentially an "Admin" rank that can do everything and any servers that use a permissions plugin (like PermissionsEx or GroupManager) will should have their own "Admin" rank that specifies what permissions users in that group get— and, in this case, access to Command Blocks or the ability to promote oneself should not be one of the group's permissions.

• When using a permissions system (like PEX or GM), any permission node which is not directly given to a group or user means that the group or user can not use that permission/command/activity. In the case of PermissionsEx— don't give the group or user any PEX permission nodes that allow them to promote themselves.

• Every server begins with the server.properties file containing the setting enable-command-block=false, so a server owner has to specifically go into the server settings to enable them. If a group or user is not allowed access to command blocks, the permission to use them should not be given to the group or user. (As mentioned above.)

• If a wildcard permission node is being used— alongside a plugin such as Modifyworld —to give users full access to all blocks and activities, access to command blocks should be negated at the top of the groups' or users' permissions list, like so:

    permissions:
    - -modifyworld.blocks.destroy.(137|210|211)
    - -modifyworld.blocks.place.(137|210|211)
    - -modifyworld.blocks.interact.(137|210|211)
    - modifyworld.*

• If a wildcard permission node is being used— alongside a plugin such as EssentialsAntiBuild —to give users full access to all blocks and activities, access to command blocks should be negated at the top of the groups' or users' permissions list, like so:

    permissions:
    - -essentials.build.break.137:*
    - -essentials.build.break.210:*
    - -essentials.build.break.211:*
    - -essentials.build.place.137:*
    - -essentials.build.place.210:*
    - -essentials.build.place.211:*
    - -essentials.build.interact.137:*
    - -essentials.build.interact.210:*
    - -essentials.build.interact.211:*
    - essentials.build.*

And, of course, keep in mind that EssentialsAntiBuild has config.yml settings to prevent the placing/using/breaking/moving-by-pistons of blocks (see: Old System Support) and to alert the proper authorities if anyone attempts to place/use/break specific blocks (see: Build Alert System).

commented

op should be assumed to give complete power. Don't give op to people you don't trust completely (at least as far as your server goes)

commented

god, those two plugins are so frustrating with perms, but ill get to adding them. i don't use either because they override everything when loaded from scratch. I'll try with modifyworld since essentials is a gigantic plugin.