This tutorial will help you understand how permissions work on Mumble. Details about this topic can be found in ACL and Groups, where there are some examples, descriptions of special groups, etc.
What we are going to do
We are going to set a server, with a General chat channel where everyone can talk. We are also creating a Custom channels channel where anyone who is authed can create and administrate his own channel. Then, as a normal authed user, we will create a couple of channels for a FPS game where people can talk either to their team or to everyone just by pressing one key.
Enough talking, let's get to work.
Setting permission for the whole server
First, we will need to set up a password for the SuperUser. If you haven't done that yet, you can do it by typing this at a console/command prompt:
murmur -supw somepassword
Then, we open Mumble and connect to the server using SuperUser and the password we have just set. You should be looking at something like this now:
Let's start with the permissions. Open the ACL editor, you can do thi will use the menu alternative. Once we are there, you can see a windows with two tabs. The first one is for defining people who is in a group, etc. The second one is used to assign permissions to groups. Right now, in that tab, you should have two rules set:
- The first one allows people on the auth group to create channels in the root channel and its subchannels.
- The second one allows people in the group admins to Write, that means edit permissions.
For now, we will delete the rule related with the auth group by selecting it and clicking remove. We said that we don't want anyone in the root channel, as we will make a General chat channel for that. So we will add a rule to keep them out. To do that, click add, and click every checkbox in the deny column except the Traverse one.
The reason to leave traverse unchecked is because it will forbid people to enter this channel and subchannels. Since every other channel is a subchannel of root, this will effectively forbid people from entering any channel. So we leave it unchecked. It is not neccesary to mark the allow check, because Traverse is allowed by default. Default settings are:
- Allow: Traverse, Enter, Speak and AltSpeak
- Deny: Write, Mute/Deafen, Move/Kick, Make Channel and Link channel
If you are wondering, yes, we could have left Write, Mute/Deafen, Move/Kick, Make Channel and Link channel unchecked and they will still be forbidden. There is no reason to leave those rights denied as they will be by default. Now your screen should be looking like this (except that you have disabled some useless checks):
In Mumble, rules are applied from top to bottom. Right now, the:
@admins allow write
rule is useless as it will get over written by the
@all deny write ...
So we will have to fix it. Simply select the rule referring to all and click up. That should put that on top. You have now established some default settings for the whole server :)
Creating the General chat channel and setting its permissions
This channel will serve as a chat room for everyone that gets to join our channel. Since we don't allow them to speak in the root channel, and they must join this channel if they want to chat, maybe we should put a welcome message to the server that warns about that. Anyways, here we go. First, create the channel. This is as easy as clicking Channel->Add (or right-clicking in the channel you want and click add to create a subchannel, but you know, root isn't shown, so we will use the menu one). In the box that appears type the channel name, click OK and we are done.
Now, we want to give the right for everyone to speak here. So we head to Edit ACL (remember to select the new channel before). You will see the rules of the root channel, but if you select them, you will see that all the options are grayed out. That's because they are inherited from the parent channel (in this case, Root). If you uncheck the Inherit ACL's option, they will disappear, but we don't want that. Just add a new rule that allow everyone (group=all) to Speak or AltSpeak and click ok to save it. We are now done with this channel. Easy, no?.
Creating the Custom channels channel and configuring it
As we said, we will let anyone who is registered to create his own channel here. The first step is easy, create the channel just as we did before. You should have something like this just in front of your nose:
Now we'll be giving Make channel rights to authed people. Just go to ACL editor, add a new rule, in the group list select or write auth and select the allow make channel checkbox. Warning: If you type the group name, make sure you press enter when you've finished. This will update the rule group. You can see that if tou type and don't press enter, it will not change the group in the top listing.
And now we have a pretty channel when people can create his own channel. Note that they cannot even enter Custom channels channel but they still can create subchannels. Isn't it cool?
In this part, we will be playing a registered and authed player with a veeeeery original name: AuthedPlayer. He will be creating his own channels to host a little public channel and two private subchannels, one for each team of a FPS game. He would like that they can talk to their team or to both teams. We are seeing how to do this with the AltSpeak right, linking channels and more.
Creating the main channel
After logging in, we may play a little to check that we can't enter the root channel once we leave it (the first time you connect you will land here), that we cannot enter the Custom channels channel, etc. Once we have checked that permissions are working as expected we start creating our first channel. We simply right click in Custom channels (remember that you can still use the menu) and click add to create a new channel. As I am very creative I called it My Private Channel. Automatically we are added to the admins group in that channel, so we can Write on it (remember the rules in the root channel? they are inherited all the way down to our channel). But that also mean that we get the Make channel permission inherited, so everyone who is authed can make a channel inside ours. We don't like that so...
Our rule will overwrite the inherited one, because inherited rules are always put at top. So now that we have our channel secured, we will give permission to enter and speak:
Note that we have disabled Applies to sub-channels. As subchannels will not be public, we don't want them to have the Enter permission granted. If we haven't disabled this option, we have to create yet another rule just to deny the Enter permission. This way is easier. And now, we have this channel ready for service. Let's continue with the subchannels.
Creating the team subchannels
To be continued right now... I'm just saving just in case