Disable user delete from jabber clients

Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?

Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?

cribz wrote: Hi, a user

cribz wrote:

Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?

Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?

Read instruction more http://www.process-one.net/docs/ejabberd/guide_en.html#htoc56

mod_adhoc access control?

K0NCTANT1N wrote:

Read instruction more http://www.process-one.net/docs/ejabberd/guide_en.html#htoc56

Thanks, indeed I already had denied access to mod_register to anyone, as described in the user guide:

{access, register, [{deny, all}]}.

{modules,
[
  ...
  {mod_register, [{access, register}]},
  ...
]}.

...but the user was able to delete his account anyway!

So I guess this is a mod_adhoc problem. But I didn't find any documentation about settin access controls on mod_adhoc. Is this possible?

It will be so

It will be so:

{modules,
[
  ...
  %% {mod_register, [{access, register}]},
  ...
]}.

cribz wrote: Hi, a user

cribz wrote:

Hi, a user accidentally deleted his ejabberd account using his jabber client. How can I prevent this?

Is there a way to set ACLs in order to prevent users from running the "delete user" command (or maybe all administration commands?), and only allow "admin" users to run potentially unsafe commands?

mod_register only has Access options to control registration, not unregistration.

The only solution is to disable mod_register completely. Accounts can still be deleted using ejabberdctl, WebAdmin and Adhoc Commands.

Syndicate content