docs(pterodactyl): don't make the user give the subuser permissions it doesn't need

2024-03-02 13:21:12 -05:00 · 2024-03-02 13:21:12 -05:00 · 030291113b
commit 030291113b
parent 7e4d4b348a
3 changed files with 4 additions and 10 deletions
--- a/.docs/img/pterodactyl/setup/1.png
+++ b/.docs/img/pterodactyl/setup/1.png
--- a/.docs/img/pterodactyl/setup/2.png
+++ b/.docs/img/pterodactyl/setup/2.png
--- a/.docs/pterodactyl/getting-started.md
+++ b/.docs/pterodactyl/getting-started.md
@ -43,21 +43,15 @@ Now, install the Pterodactyl cog:
 This is **optional**, but highly recommended, for security reasons.

 Navigate to your `Users` page, and click the `New User` button.  
-Type in an email address, and press `Select all permissions`.  
-*The bot doesn't need all of the permissions you just gave it to function, we'll deal with that in a moment.*
+Type in an email address, and scroll down to the `Control` header.  
+Click the checkmark on that header to select all of the permissions contained under the header.  
+Now, scroll back up to the top of the prompt and press `Invite User`.

 ![image](../img/pterodactyl/setup/1.png)
+![image](../img/pterodactyl/setup/2.png)

 Now, you'll need to check the email you just entered into the subusers page, and create an account. I won't cover this, as it'll change depending on what host you're using.

-Moving on, the bot doesn't need all of the permissions you just gave it. This poses a security risk, should the bot be compromised. We can fix this by importing only the permissions the bot requires. Import the following string into your subuser's permissions.
-
-```json
-["websocket.connect","control.read-console","control.console","control.start","control.stop","control.restart","startup.read","startup.update","settings.rename","settings.reinstall"]
-```
-
-![image](../img/pterodactyl/setup/2.png)
-
 ## Getting an API Key

 **Log out of your primary account, and switch to the sub-user you just created.**