[GH-ISSUE #978] Add 'everyone'-like user for all authenticated users #687

New issue

Open

opened 2026-05-07 00:26:35 +02:00 by BreizhHardware · 2 comments

BreizhHardware commented

2026-05-07 00:26:35 +02:00

Owner

Originally created by @gardient on GitHub (Dec 12, 2023).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/978

💡 Idea
Have an everyone-like special user for all authenticated users in the ACL.
something like all_authenticated/*auth

This would allow those self-host to set a basic/default set of ACLs for "registered" users

for example it would be excelent to set something like the UnifiedPush topics to be readable only by people who are authenticated

ntfy access '*auth' 'up*' ro

💻 Target components

ntfy server

Originally created by @gardient on GitHub (Dec 12, 2023). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/978  :bulb: **Idea** Have an `everyone`-like special user for all authenticated users in the ACL. something like `all_authenticated`/`*auth` This would allow those self-host to set a basic/default set of ACLs for "registered" users for example it would be excelent to set something like the UnifiedPush topics to be readable only by people who are authenticated ``` ntfy access '*auth' 'up*' ro ``` :computer: **Target components**   ntfy server

BreizhHardware added the

server

enhancement

labels

2026-05-07 00:26:35 +02:00

BreizhHardware commented

2026-05-07 00:26:36 +02:00

Author

Owner

@hansblaauw64 commented on GitHub (Jan 2, 2024):

Yeah, that would be great. Normal topics created by a validated user should be set read only for other users. Makes much more sense to me.

@hansblaauw64 commented on GitHub (Jan 2, 2024): Yeah, that would be great. Normal topics created by a validated user should be set read only for other users. Makes much more sense to me.

BreizhHardware commented

2026-05-07 00:26:36 +02:00

Author

Owner

@kjetilho commented on GitHub (May 7, 2025):

I think this makes most sense for self-hosted. And in that case, a simple switch, "require authentication" would be a lot simpler to implement than to extend the semantics of the Permission type, and still solve 99% of the use-cases.

And happily, this is available: auth-default-access deny-all will require authentication for all operations. It can also be set to write-only to allow anonymous publication (spamming 😀 )

@kjetilho commented on GitHub (May 7, 2025): I think this makes most sense for self-hosted. And in that case, a simple switch, "require authentication" would be a lot simpler to implement than to extend the semantics of the Permission type, and still solve 99% of the use-cases. And happily, this is available: `auth-default-access deny-all` will require authentication for all operations. It can also be set to `write-only` to allow anonymous publication (spamming 😀 )

BreizhHardware referenced this issue

2026-05-07 00:28:04 +02:00

[GH-ISSUE #1195] Is more than 10% battery usage normal? #842