ACLs and Groups for Mumble Channels
Hello and welcome to another one of my Mumble Guides. Today I am going over ACLs for Murmur server management. ACL stands for Access Control Lists, it limits what users can and cannot do in a room. For instance you can make it so that only registered users can access certain rooms. Only certain users can speak in certain rooms, and much much more.
I will be going over:
- Why ACLs and Groups are useful and important
- The basics of ACLs and how to use them
- Some ACL recipes that are from the Mumble Wiki
Why are Access Control Lists (ACLs) are important
ACLs give a lot of customization for murmur channels. ACLs are important because they give control over the server. Who can say what, and who can't. Who can enter and traverse between channels, and who gets suppressed or denied if they enter. I personally use them so that registered users get options to create extra chat rooms, whereas unauthorized users only get the chat rooms that I allow them to have. They can't create any temporary rooms or whisper between channels.
So I can regulate what people can do on the server. It is a really great feature, but there is a slight problem. ACLs can be confusing. There is a Wiki page on ACLs provided by the Mumble community, but I have found a lot of people still not understanding how they work.
Why Groups are Important
Groups are important because it gives you more of a handle on the server. Like ACLs you are able to make the rules apply to certain groups. This is particularly good for Clan instances that have multiple ranks. You could then make a channel that is only for clan leaders. The rules could then go as far as, anyone can message the moderators channel, but they can't enter the channel. There are many possibilities that could apply to groups.
Like ACLs, groups are channel based - unless the inheritable flag is checked in the parents and inherit flag is checked under subchannels.
Groups have 3 elements that can be applied to users:
- Members - Potential users that can be added to the group.
- Inherited members - Users inherited from the same group in the parent channel.
- Excluded members - Users that were inherited but are removed.
ACL Group Types:
- @all - Everyone
- @auth - Everyone registered to the server
- @in - Everyone inside the current channel
- @out - Everyone outside the current channel
How to Open the ACL Window
When applying ACLs to a channel, Right click a channel > Edit > ACL tab
The window on the above should appear with the following sections:
Active ACLs: This is where all the ACLs for the channel are stored. The order of these will affect how the rules are applied to the channel.
Inheriting ACL: This option allows any parent ACLs to be passed down to the child that is currently being edited.
Context: Self explanatory, but either applies to the Sub channel or only the current channel being edited. If both are selected then all children will have this rule along with the current channel being edited.
User/Group: This allows the rule to be applied to a Group, Subgroup, or a User.
Permissions: This is where all the sugar goes in seasoning our little regulation monstrosities. If any of these permissions are unclear, refer to the following:
- Write ACL: Allows/Denies users/groups to write their own ACLs
- Traverse: Allows/Denies users/groups to move through/travel through channels
- Enter: Allows/Denies users/groups from entering a channel(s)
- Speak: Allows/Denies users/groups to speak in channels
- Mute/Deafen: Allows/Denies users/groups from muting or deafening
- Move: Allows/Denies users/groups from moving others to or from a channel
- Make Channel: Allows/Denies users/groups from making permanent channels
- Link Channel: Allows/Denies user/groups from linking channels together
- Whisper: Allows/Denies users/groups from whispering to another channel/user. (aka: altspeak)
- Text Message: Allows/Denies users/groups from messaging in a certain channel(s)
- Make Temporary: Allows/Denies users/groups from making temporary channels
- Kick: Allows/Denies users/groups from kicking others from the server
- Ban: Allows/Denies users/groups from banning people from the server
- Register User: Allows/Denies users/groups from registering other users
- Register Self: Allows/Denies users from registering themselves
Root: Is the root channel that all Murmur servers have. It cannot be deleted, but it can be renamed.
If you had these flipped the other way around, with Auth being done first and All being last, it would allow Auth players but then read that all players cannot enter. Thus resulting in locking the channel from everyone.
Other Recipes of On the Wiki
Examples here - Here are some good examples for games and clan management.
The Basics of ACLs and How to Use Them
Now that is out of the way, let's really begin. The most important thing to remember are, ACLs respect an order. That means reading ACLS from top to bottom is not the same as reading them from bottom to top. Its like making a Pizza, the sauce is normally between the bread and the cheese. Pizza wouldn't be the same if that was inverted.
Lets create a rule that makes it so that only Authenticated people can enter channel A. First of all, we need to make it so that All users cannot enter or traverse through channel A. We do this by the following:
Edit Channel A by right clicking the channel and selecting Edit. Next go to the ACL Tab and click the Add button. Make sure the Applies to this channel and subchannels check boxes are selected. Next make sure the group is on all and select the deny column on Enter and Traverse
After that we want to add a rule to the Auth group. So click the add button again. This time select the auth group in groups. Now select Enter and Traverse under the allow column.
Click OK and now test to see if it is working.
I hope this guide has helped you better understand some things about ACLs. If there is anything on this guide that is unclear or needs to be clarified. Please let me know and I will go over it in finer excruciating detail. Be sure to check out my other guides below!! Remember to share and up-vote!