Admin panel
Overview of rCTF administration, permissions, and settings management.
The rCTF admin panel handles challenge management, user administration, and platform settings from the web interface.
Permissions#
rCTF uses a bitwise permission system. Each permission is a flag, and you combine them to build different admin roles.
A full admin has all permissions combined for a total of 1 + 2 + 4 + 8 + 16 + 32 = 63.
Creating admin accounts#
After registering a normal account, grant admin permissions via the database:
-- Full admin (all permissions)UPDATE users SET perms = 63 WHERE email = 'admin@example.com';
-- Challenge editor (read + write challenges)UPDATE users SET perms = 3 WHERE email = 'author@example.com';If using Docker:
docker exec -it rctf-postgres-1 bashpsql -U rctfUPDATE users SET perms = 63 WHERE email = 'admin@example.com';Warning
Permission changes take effect once the user cache expires (30 seconds) or when the user updates their profile. You don’t need to restart the server.
Permission bypass#
Users with the right permissions can bypass competition timeline restrictions. A user with challsRead, for example, can view challenges before the CTF starts.
Runtime settings#
You can change platform settings at runtime without restarting the server. This requires the settingsWrite permission.
Editable settings:
These settings override values from the config files. Setting a value to null reverts to the config file default.
Start and end time overrides have to keep the start before the end. Runtime timing overrides are returned through the v2 client config.