As a newbie admin I was surprised to learn that there exists a /moddb command that allows anyone with server admin role to install and remove mods. That immediately got me thinking:
* Doesn't it trivially lead to a limited privilege escalation, from a player with an admin role to being able to do anything on the target box as the user that's running the server? Just push a malicious harmony mod to the db, install it on the server with /moddb and you're done. I don't think VS moddb is moderated to en extent that such an attack would be impossible.
* If that's the case, is there a way to disable the moddb command for all users, including admin? I don't run my server as root of course, but I'd still rather not have any admin I appoint snooping around the box as a regular user either. I'd also rather have admin be unable to do that either, in case vs ever has an exploit that gives a user admin rights.