Security Levels

From King Arthur's Gold Wiki
Revision as of 19:52, 19 July 2012 by Shadlington (Talk | contribs)

Jump to: navigation, search
This page might not be up-to-date (build 454).

King Arthur's Gold uses a system called 'Security Levels' (or 'seclevs' for short) to manage player access to various features on its servers. There are default, hardcoded levels setup but it is strongly advised that server owners take the time to setup their own specific seclev definitions.

Basics

The contents of the file securitysetup.cfg in kagServer/Base/Security (where kagServer is the path to the kagServer's directory) should look something like this:

# Security setup

# Set to 1 to allow only the names in the whitelist or 0 to disallow the names in the blacklist
whitelist_active = 0
whitelist_file = Security/whitelist.cfg
blacklist_file = Security/blacklist.cfg

# Path to file where security levels are defined
seclevs_file = Security/seclevs.cfg

The contents of the file defined by seclevs_file should look something like this (with additional commenting):

# If 0, defers to hardcoded settings
levels_active = 1

# Level file paths go here as a ;-delimited list
levels_files = Security/superadmin.cfg; Security/admin.cfg; Security/guard.cfg; Security/vip.cfg; Security/premium.cfg; Security/normal.cfg;

If you set levels_active to 0 or the file is otherwise missing/unreadable, then default, hardcoded seclevs will be loaded for you.

levels_files should be a semi-colon-delimited list of files that define individual security levels. The ordering of this list matters for 2 reasons: 1) When users are being matched to a security level in order to determine their level of access, they will be matched to the first seclev in the list that matches either their username or their role. 2) When users do not match any security level they will be assigned to the last seclev in the list - this last level is essentially the default.

The contents of one of the files defined by levels_files should look something like this (all lists are semi-colon-delimited):

name = Name of the seclev
users = usernames; go; here;
roles = roles; go; here;
commands = rcon; commands; go; here;
features = features; go; here;

The name variable simply provides the human-readable name of the seclev.

The users list defines usernames that will match to this seclev (if they haven't already matched to a seclev higher up the list).

The roles list defines roles that will match to this seclev (if they haven't already matched to a seclev higher up the list).

The commands list defines the rcon commands that players matching this seclev have access to.

The features list defines the seclev-controlled features that players matching this seclev have access to.


Roles

The roles list defines roles that will match to this seclev (if they haven't already matched to a seclev higher up the list).

Roles are special flags that define what kind of user a player is.

There are 4 available: premium (premium players), guard (KAG guards), kagstaff (KAG staff) and rcon (people logged into rcon).

So if you were to have 'roles = guard; kagstaff' in a seclev, then all KAG Guards and members of the KAG Team would be matched to that seclev, if they hadn't already matched a seclev higher up the list.

The only one that can change mid-game is rcon, which will be active when a player logs into rcon (/rcon /login [password]) and become inactive again when they logout (/rcon /logout).

Commands

The commands list defines the rcon commands that players matching this seclev have access to.

For example, to enable the rcon command /kick, used for kicking players from the game, you would add 'kick' to the commands list

There is one special keyword used for enabling all rcon commands at once - 'ALL'. So in this case your commands list would look like:

commands = ALL;

Scripting commands (like waterLevel()) are not compatible with this system - if you want to use them you must have a seclev with the ALL keyword in its commands list

A full list of available rcon commands can be found here.

Features

Feature Description
admin_color Show admin names in the red/orange admin color.
always_change_team Able to change team regardless of (im)balance.
ban_immunity Ban immunity.
editor Use of map editor.
invincible Player will be invincible.
join_full Join full server.
join_reserved Join if reserved slots free. [Not currently available]
kick_immunity Kick immunity.
map_vote Able to vote to go to next map.
mark_any_team Able to mark players on any team - still need mark_player.
mark_player Able to mark players to be kicked.
name_mouseover Can see player names when hovering cursor above them.
pingkick_immunity Ping kick immunity.
silent_rcon Your rcon activity is not posted to the console of those that can view it.
skip_votewait Skip the wait required to vote/mark players.
spectator Use of spectator mode.
view_collapses View who caused collapses.
view_console Can view server console messages in your own console.
view_rcon Can view non-silent rcon activity.


Advanced Usage

Because you can restrict access to every /rcon command, including /login itself, its possible to create two levels for your administrators that they can swap in and out of according to need.

To do this, first ensure that none of your non-admin levels have 'login' in their commands list. Then add 'login' (or 'ALL') to your lower-level admin seclev and make sure that it is assigned to your administrators by adding their names to the users list. Also ensure that your higher-level admin seclev is not assigned to your administrators by name but is assigned to the 'rcon' role and that it has 'logout' (or 'ALL') in its commands list.

Now when your administrators join your server they will have access to all their normal admin powers by default, but will be able to go up a level by logging into rcon (and back down again by using /rcon /logout). As they are the only ones with access to /login you can safely keep the password very easy to remember, too. You may find it useful to include features that you would only want to have active temporarily in this higher admin level - like invincibility.


Default Levels

The default, hardcoded levels are equivalent to the following security level files:

name = Server Admin
users = 
roles = rcon;
commands = ALL;
features = admin_color; always_change_team; ban_immunity; editor; join_full; kick_immunity; map_vote; mark_any_team; mark_player; name_mouseover; pingkick_immunity; silent_rcon; skip_votewait; spectator; view_collapses; view_console; view_rcon;
name = KAG Staff
users = 
roles = kagstaff;
commands = ban; banhost; banid; freezeid; help; kick; kickhid; kickhost; kickid; listbans; login; msg; nextmap; players; restartmap; swapid; unban; unbanhost; unfreezeid;
features = always_change_team; ban_immunity; join_full; kick_immunity; map_vote; mark_any_team; mark_player; name_mouseover; pingkick_immunity; skip_votewait; spectator; view_collapses; view_rcon;
name = Guard
users =
roles = guard;
commands = ban; banhost; banid; freezeid; help; kick; kickhid; kickhost; kickid; listbans; login; players; swapid; unban; unbanhost; unfreezeid;
features = always_change_team; join_full; map_vote; mark_any_team; mark_player; name_mouseover; pingkick_immunity; skip_votewait; spectator; view_collapses;
name = Normal
users =
roles =
commands = help; login;
features = map_vote; mark_player; spectator;