Mattermost Delete Channel “fixed”

Users of Mattermost have probably noticed the less-than-optimal interface design where de Delete option is right above the Leave option in the Channel menu. On a busy server, you can imagine having quite a few incidents where people accidentally completely delete a channel.

In the Open Source version of Mattermost, everybody van do anything, because there is no sensible security model with roles. Mattermost Inc. seems to think that the Open Source community is not entitled to roles, which I (and others with me) strongly disagree with.

Forking Mattermost, learning Golang and enabeling security, improving a few other issues for the open source community along the way is a plan. But there is a simpler workaround for people running Mattermost inside Nginx.

Open /etc/nginx/sites-enabled/mattermost and find the “location” sections. Add the highlighted lines (this modifies one location, and adds a new one):

location ~ /api/v[0-9]+/(users/)?websocket$ {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    client_max_body_size 50M;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
    proxy_pass http://127.0.0.1:8065;

    if ($request_method = DELETE) {
       return 403;
       break;
    }
}
location ~ /api/v[0-9]+/channels/[\d\w]*$ {
    client_max_body_size 50M;
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
    proxy_cache mattermost_cache;
    proxy_cache_revalidate on;
    proxy_cache_min_uses 2;
    proxy_cache_use_stale timeout;
    proxy_cache_lock on;
    proxy_pass http://127.0.0.1:8065;

    # See https://stackoverflow.com/questions/4833238/nginx-conf-redirect-multiple-conditions#4939522
    if ($request_method = DELETE) {
        set $block_delete 1;
    }
    # Allow deletes originatig from this ip address.
    if ($remote_addr = 44.137.37.17) {
        set $block_delete 0;
    }
    if ($block_delete = 1) {
        return 403;
        break;
    }
}
location / {
    client_max_body_size 50M;
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_buffers 256 16k;
    proxy_buffer_size 16k;
    proxy_read_timeout 600s;
    proxy_cache mattermost_cache;
    proxy_cache_revalidate on;
    proxy_cache_min_uses 2;
    proxy_cache_use_stale timeout;
    proxy_cache_lock on;
    proxy_pass http://127.0.0.1:8065;
}

Restart nginx with the command “service nginx restart”. After this modification, nobody can delete a channel. Crude but effective. If you have tips on how to parse the headers with nginx to allow certain users to access the DELETE methods, please let me know.

Background:
We run a chat server for (mostly Dutch) licensed HAM radio operators on our own 44.x.x.x network segment of the internet also known in the Netherlands as “hamnet”. We wanted a modern chat service with mobile applications to spice up the HAM radio world, ping eachother on field days, share thoughts and links to information, and enable colaboration for the growing number HAM radio programmers working on open source software.

The server is paid for and run by people who care about sharing. Although Mattermost is not our focus area, we do try to contribute to Mattermost with bug reports, fixes and running the beta chat clients. Our usergroup is almost 500 people, and growing. Depending on events or contests roughly 20% of our users are actively reading and contributing to one or more channels:

Mattermost did mention their “monday license program” in their responses, but as you can see we are already halfway their 1000 user limit and growing. We have no intention of sending any legal documents or statutes to a company which then decides if we can access our own existing content.

From where we are standing, with the open source tools we use, Mattermost looks like an odd duck. Most of the open source tools we use and contribute to have common-sense safety and security built in, Linux, nginx, haproxy and letsencrypt  being a few strong examples. In contrast, the Mattermost team cripples the Open Source version with weak passwords and no implementation of even the most basic security roles. For a tool which pretends to be mature and safe enough to be exposed to the Internet, the workaround as described in this blogpost should not be needed.

Please help us convince the Mattermost Team of the importance of security in all versions of their products. Making money with support and features is okay, but basic common sense security should be the default for any open source project. We even think that improving security and speed makes Mattermost a more viable competitor against Slack and Telegram, to name two.

Open Source is about sharing, not about farting in the general direction of the very people contributing to it.

Advertisements

39 Responses to Mattermost Delete Channel “fixed”

  1. Ian Tien says:

    Hi Rolfje,

    First, thank you for using Mattermost for Hamnet Chat. You’ve clearly put a lot of time and energy into the project and I’m very happy to have you part of the community, along with your feedback, reports, and contributions.

    Second, thank you for sharing your thoughts, in this blog post, in our GitHub project, on Twitter and other channels. It is extremely important to us to hear everyone’s point of view–especially those that think differently.

    Third, thank you for contributing the options here to implement the features you were seeking. More education in the community is a good thing and I appreciate your investment.

    Regarding 1000-user limit for non-profits, if that is holding Hamnet Chat from using Mattermost properly, I’d ask your help to complete an application with the number of users you would want to support: https://about.mattermost.com/mattermost-mondays/

    It takes some manually steps for us to change the default license size, but it’s not prohibitive.

    The non-profit license for Mattermost Enterprise Edition is intended for use cases like Hamnet Chat–as a commercial product, it is designed to limit the freedom of its users.

    In the open source version, anyone can create or archive channels, in the commercial version you can take away a user’s freedom to do this.

    The commercial version allows you to limit a user’s freedom to mention a channel’s users, it lets you remove the freedom to invite others, or to join new teams, or use certain types of credentials and not others. The commercial version lets you reduce or increase the freedom of users without their agreement. Features like these become necessary when organizations become large.

    The open source version, Mattermost Team Edition, is created for “teams”. Teams know each other by name. They trust each other. They are trusted to choose their own names, to manage channels, to join and leave as they wish, and to be educated about security.

    Hamnet Chat is up to 446 users right now. If we asked any of the 446 users how they defined Hamnet, I think it’s unlikely anyone would say “a team”. Because of this, “Mattermost Team Edition” doesn’t seem to me like the correct software to use.

    Personally, I believe that all we have in this world is time–we never get our time back. If you believe Hamnet Chat will benefit from Mattermost’s enterprise features, I’d ask that you consider the interests of your community and upgrade to the non-profit version.

    I believe your time is valuable. You’re clearly someone who is intelligent and driven. I’d love to work with you on the “good stuff”, which is exploring and designing the features for Hamnet that don’t yet exist, writing and sharing best practices on running your community on Mattermost (I’m very interested in what you’ve learned), improving multi-language support (btw, you can default users to Dutch UI in the non-profit version), and much more that we can do.

    This all said, it’s completely your decision on how you choose to engage with Mattermost.

    My only request: Please don’t stop.

    Yours warmly,

    Ian Tien

  2. rolfje says:

    Hello Ian,

    Thanks for reaching out and being open to discussion.

    If the product is indeed “intended for use cases like Hamnet Chat” like you say, the lack of strong password enforcing and lack of a proper user rights model contradicts with that. As you will know, in a large group of people there are always those few “funny guys” who do stuff which does not go well with the group. In chat systems like this, it is time consuming to restore these problems. I’ve created scripts on the server to work around these problems but this feels quite strange, as said before.

    The answer you post on this blogpost is along the same lines as all other answers I get from the Mattermost team, I admire your consistency. I’ve addressed my concerns with your policy clearly in the github issues and in this blogpost and I will not re-iterate all those points here.

    I do want to stress the most important one: We expected Mattermost to be an open source product along the lines with Linux (used by Mattermost, with all security features in it, for free), haproxy, letsencrypt (the SSL service you use in your product, with all security features in it, for free), postgress (the database you use in Mattermost, with all security features in it, for free), golang (the language you use, with all security features in it, for free), gitlab/github (with all security features in it, for free). All of these products have strong user rights models. None of these products require you or us to yearly send over legal documents. None of these products require us to pay anything. All that they ask is our contribution to the open source community so we help eachother make the world a better place.

    Our current user group are of all walks of life, including board members of big companies. Mattermost is promising and nice for hobby stuff, but needs improvements to compete with the rest of the market on a more mature level. Mattermost positions itself to be compared with the products that are out there, like Slack, HipChat, Facebook, Telegram, Rocket Chat and others.

    Compared to these products, Mattermost is lacking the following:

    • Basic security roles: Only channel owners should be able to delete channels, transfer ownership of channels.
    • Basic security settings: Password length settings should be enforced instead of silently ignored.
    • Basic features: All clients should support endless scrolling (a “load earlier messages” link is simply not done in 2017)
    • Layout and markup: Rendering of (markdown) messages is not looking well, particularly on mobile clients. It is missing “polish”
    • Speed and reliability on the mobile clients (Native clients for Telegram, Facebook, Threema are WAY faster and much more reliable than Mattermost for all mobile platforms)

    The lack of these features make that it is hard to convince people to move from their shiny free closed source platforms to our free open source Mattermost installation, even if only for hobby. Pointing to a lengthy document stating that it is “by design” is no longer acceptable in the age of Twitter.

    We started out on the idea that Mattermost looked very promising and could be improved. Based on the lacking of basic security and the way that the Mattermost team thinks about using it as a “feature” makes most users sceptical about acceptance of pull requests, and the product as a whole. A discussion about security on github resulted not in solving the problem, but removing a much needed feature altogether. After this, further contributions felt a bit pointless to us.

    What if you change the Team Edition into “SINGLE Team edition” and add the basic security features people expect nowadays? And what if you gave the enterprise (or full feature but single team) license to people who actively made at least one contribution (pull request or bug report) to Mattermost? Surely that would be worth something, and would simplify your monday program for everyone.

    We’re not in it for the mugs.

  3. rolfje says:

    GianCarlo created another workaround for the same problem, which even checks if you’re an admin:
    http://www.akitaonrails.com/2016/08/12/hacking-mattermost-team-edition

  4. The above method, not yous seems no longer to work, there no longer is ant indication of the method in the audits table, I wonder if this was deliberate to stop the workaround. I too am desperately searching for a solution, I do not know golang.

    • rolfje says:

      Hello Darren,
      The filter does not work on the audits table. It monitors the API calls, which do not regularly change. I suspect that there is a propblem with your configuration. Can you tell me which version of Mattermost you are running?

  5. I have built my own, it works perfectly 🙂

  6. Another thing I tried to post earlier was that I have not tried your solution, it was akitaonrails solution that no longer works.

  7. WordPress has just sent back the email I sent you.

  8. I posted other things that do not seem to have posted, I\’m using 4.7.2 and I compiled it myself by just changing https://github.com/mattermost/mattermost-server/blob/30197584d5a215a3b25bffa79a034ed9e360cf52/app/license.go#L155 to return map[string]string{\”IsLicensed\”: \”false\”} And I know the internet isn\’t a one way street hence if you want it, the tar.gz package and the platform binary are available at: http://repo.sip247.com/debian/ You will then get a new option \’Policy\’ in the general settings of the gui. There still seems to be an issue where users can remove others from a channel but I\’m digging into the go right now.

  9. I hope you can decipher the above, I keep getting errors when trying to post.

  10. return map[string]string{”IsLicensed”: ”true”}

  11. Please feel free to delete those comments and turn them into something readable 🙂

  12. I have also managed now to modify the code so that only admin can remove members from public channels but I’m not sure if that would be universally wanted.

  13. Tomislav says:

    My colleague always said: “If one person called you stupid, than they are stupid. If 100 persons called you stupid, you should consider the possibility that you really are stupid”
    The same can be applied to the problem with the basic security here. They (mattermost) never considered that you might have a problematic team member and that they (team member) might delete something out of spite.
    It is a stupid decision not to implement this. That is the reason my company switched to Slack. The decision makers figured that if basic edition lacks basic features – don’t even try the enterprise edition.
    I however work with a civil defense group (Radio Communication Systems in Crisis Situations) and we need a platform to exchange IMs (when the network is operational, of course) and to reduce our decision making time and coordination time. our TEAM is very dislocated and we have to be sure that no one can delete a channel by accident or on purpose.
    So, a big thanks to Darren and everyone else here!

  14. Darren Williams says:

    Yes it is free but I’m not interesting in distributing anything really, just interested in getting it to function the way I want it to and sharing it with those trying to achieve the same.

  15. Diogo Rocha says:

    I have been trying to solve this solution in some ways but I can not, can you help make such a change?

  16. icewater says:

    Ian Tien’s side of the discussion on github, with the patronizing, and the laughably transparent justifications and deflections for fatally hobbling the team edition of Mattermost, was nauseating to read.

    Is there a generally-accepted-as-the official-alternative fork of Mattermost we can rally around?

  17. Christopher Wells says:

    Coming to this v. late and alarmed to see that team-edition allows basic members to rule the roost. One understands the need for folks to make money, but echoing others here, struggling to understand the logic of Mattermost when it attempts to defend it’s behaviour in this particular area.

    I’ve written to Mattermost this week offering to pay a freemium type fee to get access to the ‘enhanced’ permission set, but no answer. I don’t need the other features in E10/20, just a way of stopping disruptors from running havoc whilst I sleep. Is that too much to ask?

    I think we all need to remember that a product is unusable in most cases, open source or otherwise, if the very basic requirements of safe Internet interactions are ignored.

    Requesting again that Mattermost reconsider.

  18. Tomislav says:

    Did anyone solve this issue on newer versions?

  19. chriskuta says:

    Sorry to wake this topic – But i’m wondering if things have changed since this was posted. I’ve noticed that Delete Channel is now Archive Channel but the open permission model still exists. Why a sensible “if owner” type of initial restriction wasn’t implemented is quite puzzling. (other than pushing you to E10 / E20 ). Does the new plugins feature make permissions possible now https://developers.mattermost.com/extend/plugins/ without having to modify the core?

  20. Alex says:

    Good day.
    The ability to use the free version in extremely rare cases.
    Let’s fix it. Moreover, the MIT license allows this.
    All manipulations were performed on Ubuntu Server 16.04. We will need GoLang, NodeJS, Docker. You can still install MySQL. It is advisable to use a newer version.
    Download MatterMost from the repository “sudo go get -v github.com/mattermost/mattermost-server/…” Go to the project folder and download the dependency “sudo go get -d ./…”
    Open the file GOPATH / src / github.com / Math / Math server / Application / License.go (GOPATH in my case, the folder goes to the home directory)
    We are looking for the function “func (a * App) LoadLicense ()”. We comment or delete everything except the first and last lines. The last line is optional. In the first line, instead of a.SetLicense (zero), write a.SetLicense (model.NewTestLicense ()) (There is a function in the code that gives a test license. Thanks to the developers). Save. We collect from the project folder the Math server “sudo make build”. Before that, you need to create an enterprise folder in the directory. In the GOPATH / bin folder will be your compiled binaries (regardless of platform). We replace them with the original ones in the / opt / Matemost / bin directory. Do not forget to re-distribute the rights as written in the instructions.
    Link to the latest build with changes: https://yadi.sk/d/8bLwkQyN0UcbSw

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s