Security & Permissions

Learn how to secure your FiveM server and manage permissions effectively

Why Security Matters

Securing your FiveM server is crucial to protect against hackers, cheaters, and malicious actors. Proper security measures help ensure a stable and enjoyable experience for your players.

This guide covers essential security practices and permission management for your FiveM server.

RECOMMENDED

PhoenixAC

Our #1 recommended anti-cheat solution for FiveM servers. PhoenixAC provides comprehensive protection against hackers, cheaters, and exploiters with minimal performance impact.

Advanced detection systems for common FiveM cheats and exploits

Optimized for performance with minimal impact on server resources

Regular updates to counter new cheating methods

Easy integration with existing server setups

Learn More View Partnership

Essential Security Tips

Use Strong Passwords

Use complex passwords for all accounts related to your server, including database, FTP, SSH, and admin accounts.

Keep Software Updated

Regularly update your server artifacts, resources, and operating system to patch security vulnerabilities.

Implement Proper Permissions

Use FiveM's ACE permission system to control what players and staff members can do on your server.

Secure Your Database

Limit database access, use strong passwords, and only allow connections from your server's IP address.

Permission Management

Understanding ACE Permissions

FiveM uses the ACE (Access Control Entry) permission system to manage what players and staff can do on your server. The system consists of three main components:

Principals: Entities that can have permissions (players, groups, etc.)
Objects: Things that can be allowed or denied (commands, resources, etc.)
ACEs: Rules that allow or deny a principal access to an object

Basic Permissions Example

# Admin list
add_ace group.admin command allow # Allow all commands for admins
add_ace group.admin command.quit deny # But don't allow quit
add_principal identifier.license:abcdef123456789 group.admin # Add player to admin group

# Moderator list
add_ace group.moderator command.kick allow # Allow moderators to kick
add_ace group.moderator command.ban allow # Allow moderators to ban
add_principal identifier.license:fedcba987654321 group.moderator # Add player to moderator group

Add these lines to your server.cfg file to set up basic permission groups. Replace the license identifiers with actual player identifiers.

Creating Permission Groups

It's a good practice to create different permission groups for different staff roles:

Owner/Administrator

Highest level with full access to all commands and features.

add_ace group.admin command allow # Allow all commands
add_principal identifier.license:YOUR_LICENSE group.admin # Add to admin group

Moderator

Can manage players but has limited access to server configuration.

add_ace group.moderator command.kick allow # Allow kick command
add_ace group.moderator command.ban allow # Allow ban command
add_ace group.moderator command.unban allow # Allow unban command
add_principal identifier.license:YOUR_LICENSE group.moderator # Add to moderator group

Helper

Basic staff role with limited permissions to help players.

add_ace group.helper command.tp allow # Allow teleport command
add_ace group.helper command.car allow # Allow vehicle spawn command
add_principal identifier.license:YOUR_LICENSE group.helper # Add to helper group

Server Security

Firewall Configuration

Setting up a firewall is essential to protect your server from unauthorized access:

Basic Firewall Rules (Linux)

# Allow FiveM traffic
iptables -A INPUT -p tcp --dport 30120 -j ACCEPT
iptables -A INPUT -p udp --dport 30120 -j ACCEPT

# Allow SSH (change port if needed)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Drop all other incoming traffic
iptables -A INPUT -j DROP

These rules allow traffic to your FiveM server (port 30120) and SSH (port 22) while blocking all other incoming connections. Adjust as needed for your specific setup.

Anti-Cheat Measures

Implementing anti-cheat measures helps maintain fair gameplay and protect your server:

Server-side validation: Always validate important actions on the server side, not just the client side.
Resource integrity checks: Use FiveM's built-in integrity checking to prevent resource tampering.
Anti-cheat resources: Consider using community anti-cheat resources for additional protection.
Regular monitoring: Keep an eye on server logs and player behavior for suspicious activity.
Whitelist: For smaller communities, consider implementing a whitelist to control who can join your server.

Database Security

Protecting your database is crucial to prevent data breaches and unauthorized access:

Strong passwords: Use complex passwords for database accounts.
Limited access: Only allow connections from your server's IP address.
Least privilege: Give database users only the permissions they need.
Regular backups: Back up your database regularly to prevent data loss.
Encrypted connections: Use SSL/TLS for database connections when possible.

Need Security Help?

Server security can be complex. If you're having trouble securing your server or managing permissions, join our Discord community where our experienced members can help you.

Join Discord FiveM ACE Documentation