command: "update" and "rescan" need only "CONTROL" permission

From http://bugs.debian.org/513291 "In mpd.conf, the "admin" permission covers updating the db and killing mpd. "Since there are quite some usecases in which the user can upload music to the mpd's directory by means of anonymous FTP or so, it is desirable that any user may issue a db update, while killing the mpd should not be possible. "I'd suggest to remove the db update from the admin group and either add it to "control" or an own group."
2011-02-27 23:35:00 +01:00 · 2011-02-27 23:35:00 +01:00 · 2abad0f479
parent 2fb40fe728
commit 2abad0f479
2 changed files with 3 additions and 2 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 ver 0.17 (2011/??/??)
 * protocol:
  - support client-to-client communication
+  - "update" and "rescan" need only "CONTROL" permission
 * input:
  - cdio_paranoia: new input plugin to play audio CDs
  - curl: enable CURLOPT_NETRC
--- a/src/command.c
+++ b/src/command.c
@ -2070,7 +2070,7 @@ static const struct command commands[] = {
 	  handle_replay_gain_mode },
 	{ "replay_gain_status", PERMISSION_READ, 0, 0,
 	  handle_replay_gain_status },
-	{ "rescan", PERMISSION_ADMIN, 0, 1, handle_rescan },
+	{ "rescan", PERMISSION_CONTROL, 0, 1, handle_rescan },
 	{ "rm", PERMISSION_CONTROL, 1, 1, handle_rm },
 	{ "save", PERMISSION_CONTROL, 1, 1, handle_save },
 	{ "search", PERMISSION_READ, 2, -1, handle_search },
@ -2091,7 +2091,7 @@ static const struct command commands[] = {
 	{ "swapid", PERMISSION_CONTROL, 2, 2, handle_swapid },
 	{ "tagtypes", PERMISSION_READ, 0, 0, handle_tagtypes },
 	{ "unsubscribe", PERMISSION_READ, 1, 1, handle_unsubscribe },
-	{ "update", PERMISSION_ADMIN, 0, 1, handle_update },
+	{ "update", PERMISSION_CONTROL, 0, 1, handle_update },
 	{ "urlhandlers", PERMISSION_READ, 0, 0, handle_urlhandlers },
 };