MazorNoob

There's a few terms here: * VS admin is the "admin" role of the player. You can send commands to the server and the server lets you do "anything". That doesn't mean letting the server process execute arbitrary code, only having the server do what it's written to do. * Server user is the user that the VS server is running as on the box. Think of it as a user account on Windows. It can do some things, can't do others. * Root is the administrator on the box. It can do anything. My concern is elevating privileges from the first point to the second. Mods that hook up to the game via Harmony could in principle do anything, so a VS admin that can install a mod can make the server run arbitrary code, meaning he can do anything as the user running it. It's not catastrophic, but annoying.

There's a difference between "this player can administrate the server" and "this player can put nasty things into server user's .bashrc and ~/.local/bin".

As a newbie admin I was surprised to learn that there exists a /moddb command that allows anyone with server admin role to install and remove mods. That immediately got me thinking: * Doesn't it trivially lead to a limited privilege escalation, from a player with an admin role to being able to do anything on the target box as the user that's running the server? Just push a malicious harmony mod to the db, install it on the server with /moddb and you're done. I don't think VS moddb is moderated to en extent that such an attack would be impossible. * If that's the case, is there a way to disable the moddb command for all users, including admin? I don't run my server as root of course, but I'd still rather not have any admin I appoint snooping around the box as a regular user either. I'd also rather have admin be unable to do that either, in case vs ever has an exploit that gives a user admin rights.