Access from server

Hi all,

I would like to know whether a person who:

  • is an administrator of a Linux machine hosting Mattermost server and,
  • does not have an account in any of our Mattermost channels
    can access our channels or messages in any possible way (whether through OS, logs, DB, etc.)?

Hello, @piotr

I would assume that you would like to verify if a user is the admin of the Mattermost server in this case. One of the easiest way to check this is to check this via /etc/sudoers as mentioned in the List admins on Linux. By default, the root account will have the admin access unless you add more users with sudo privileges, or in a group with sudo privileges.

As for the second question, any users (generally admins) who has credentials to the backend account to the server hosting Mattermost, the database which Mattermost stores data, the directory where the logs are stored will be able to access those information. So, you do not have to necessary have a Mattermost account to be able to access the backend information.

Mattermost users, however do not have access by default (eg. using email address and password) to the backend. They should only be able to see the frontend information such as public / private channels they participate in, 1-1 messages, and their own configuration.

May I know if you have any specific concerns that you would like to share so I can understand the question better nevertheless?

Hi

As Mattermost doesn’t encrypt the messages by itself, a user with access to the mysql backend can read any messages (including Direct Messages) that are stored to the database

1 Like