One of the projects I wrote allows end-users to specify a custom command string in a configuration entry to restrict access to specific options.
The plugin is designed such that
the default behavior for a new command string is to fail open on unknown overrides, with the intent that server operators would explicitly deny access, then remove those custom command overrides to remove restrictions (keeping the command string in the configuration entry).
Is there a way to, without modifying the plugin itself, deny access to every user (possibly including root) by default? It looks like setting a broad flag-based override in
admin_overrides.cfg stomps a specific granular "allow" override in
admin_groups.cfg (so you can't restrict to root and include group-specific allowances), and I'm not sure what other options there are.
__________________