################################################################################

1. ####################################################################################################
2. # +----------------------------------------------------------------------------------------------+ #
3. # | __ __ ___ __ __ | #
4. # | | | | / ` |__/ |__) |__ |__) |\/| /__` | #
5. # | |___ \__/ \__, | \ | |___ | \ | | .__/ | #
6. # | | #
7. # | https://luckperms.github.io | #
8. # | | #
9. # | SOURCE CODE: https://github.com/lucko/LuckPerms | #
10. # | WIKI: https://github.com/lucko/LuckPerms/wiki | #
11. # | BUG REPORTS: https://github.com/lucko/LuckPerms/issues | #
12. # | | #
13. # | Each option in this file is documented and explained here: | #
14. # | ==> https://github.com/lucko/LuckPerms/wiki/Configuration | #
15. # | | #
16. # | New options are not added to this file automatically. Default values are used if an | #
17. # | option cannot be found. The latest config versions can be obtained at the link above. | #
18. # +----------------------------------------------------------------------------------------------+ #
19. ####################################################################################################
20.  
21. # +----------------------------------------------------------------------------------------------+ #
22. # | | #
23. # | ESSENTIAL SETTINGS | #
24. # | | #
25. # | Important settings that control how LuckPerms functions. | #
26. # | | #
27. # +----------------------------------------------------------------------------------------------+ #
28.  
29. # The name of the server, used for server specific permissions.
30. #
31. # - When set to "global" this setting is effectively ignored.
32. # - In all other cases, the value here is added to all players in a "server" context.
33. # - See: https://github.com/lucko/LuckPerms/wiki/Context
34. server: lobby
35.  
36. # If the servers own UUID cache/lookup facility should be used when there is no record for a player
37. # already in LuckPerms.
38. #
39. # - When this is set to 'false', commands using a player's username will not work unless the player
40. # has joined since LuckPerms was first installed.
41. # - To get around this, you can use a player's uuid directly in the command, or enable this option.
42. # - When this is set to 'true', the server facility is used. This may use a number of methods,
43. # including checking the servers local cache, or making a request to the Mojang API.
44. use-server-uuid-cache: false
45.  
46.  
47.  
48.  
49. # +----------------------------------------------------------------------------------------------+ #
50. # | | #
51. # | STORAGE SETTINGS | #
52. # | | #
53. # | Controls which storage method LuckPerms will use to store data. | #
54. # | | #
55. # +----------------------------------------------------------------------------------------------+ #
56.  
57. # How the plugin should store data
58. #
59. # - The various options are explained in more detail on the wiki:
60. # https://github.com/lucko/LuckPerms/wiki/Choosing-a-Storage-type
61. #
62. # - Possible options:
63. #
64. # | Remote databases - require connection information to be configured below
65. # |=> MySQL
66. # |=> MariaDB (preferred over MySQL)
67. # |=> PostgreSQL
68. # |=> MongoDB
69. #
70. # | Flatfile/local database - don't require any extra configuration
71. # |=> H2 (preferred over SQLite)
72. # |=> SQLite
73. #
74. # | Readable & editable text files - don't require any extra configuration
75. # |=> YAML (.yml files)
76. # |=> JSON (.json files)
77. # |=> HOCON (.conf files)
78. # |=> TOML (.toml files)
79. # |
80. # | By default, user, group and track data is separated into different files. Data can be combined
81. # | and all stored in the same file by switching to a combined storage variant.
82. # | Just add '-combined' to the end of the storage-method, e.g. 'yaml-combined'
83. #
84. # - A H2 database is the default option.
85. # - If you want to edit data manually in "traditional" storage files, we suggest using YAML.
86. storage-method: MySQL
87.  
88. # The following block defines the settings for remote database storage methods.
89. #
90. # - You don't need to touch any of the settings here if you're using a local storage method!
91. # - The connection detail options are shared between all remote storage types.
92. data:
93.  
94. # Define the address and port for the database.
95. # - The standard DB engine port is used by default
96. # (MySQL: 3306, PostgreSQL: 5432, MongoDB: 27017)
97. # - Specify as "host:port" if differs
98. address: sql.pebblehost.com
99.  
100. # The name of the database to store LuckPerms data in.
101. # - This must be created already. Don't worry about this setting if you're using MongoDB.
102. database: customer_71254
103.  
104. # Credentials for the database.
105. username: customer_71254
106. password: '1912fa0563'
107.  
108. # These settings apply to the MySQL connection pool.
109. # - The default values will be suitable for the majority of users.
110. # - Do not change these settings unless you know what you're doing!
111. pool-settings:
112.  
113. # Sets the maximum size of the MySQL connection pool.
114. # - Basically this value will determine the maximum number of actual
115. # connections to the database backend.
116. # - More information about determining the size of connection pools can be found here:
117. # https://github.com/brettwooldridge/HikariCP/wiki/About-Pool-Sizing
118. maximum-pool-size: 10
119.  
120. # Sets the minimum number of idle connections that the pool will try to maintain.
121. # - For maximum performance and responsiveness to spike demands, it is recommended to not set
122. # this value and instead allow the pool to act as a fixed size connection pool.
123. # (set this value to the same as 'maximum-pool-size')
124. minimum-idle: 10
125.  
126. # This setting controls the maximum lifetime of a connection in the pool in milliseconds.
127. # - The value should be at least 30 seconds less than any database or infrastructure imposed
128. # connection time limit.
129. maximum-lifetime: 1800000 # 30 minutes
130.  
131. # This setting controls the maximum number of milliseconds that the plugin will wait for a
132. # connection from the pool, before timing out.
133. connection-timeout: 5000 # 5 seconds
134.  
135. # This setting allows you to define extra properties for connections.
136. properties:
137. useUnicode: true
138. characterEncoding: utf8
139.  
140. # The prefix for all LuckPerms SQL tables.
141. # - Change this is you want to use different tables for different servers.
142. table_prefix: 'luckperms_'
143.  
144. # The prefix to use for all LuckPerms collections. Change this if you want to use different
145. # collections for different servers. The default is no prefix.
146. mongodb_collection_prefix: ''
147.  
148. # MongoDB ClientConnectionURI for use with replica sets and custom connection options
149. # - See https://docs.mongodb.com/manual/reference/connection-string/
150. mongodb_connection_URI: ''
151.  
152. # Define settings for a "split" storage setup.
153. #
154. # - This allows you to define a storage method for each type of data.
155. # - The connection options above still have to be correct for each type here.
156. split-storage:
157. # Don't touch this if you don't want to use split storage!
158. enabled: false
159. methods:
160. # These options don't need to be modified if split storage isn't enabled.
161. user: h2
162. group: h2
163. track: h2
164. uuid: h2
165. log: h2
166.  
167.  
168.  
169.  
170. # +----------------------------------------------------------------------------------------------+ #
171. # | | #
172. # | UPDATE PROPAGATION & MESSAGING SERVICE | #
173. # | | #
174. # | Controls the ways in which LuckPerms will sync data & notify other servers of changes. | #
175. # | These options are documented on greater detail on the wiki under "Instant Updates". | #
176. # | | #
177. # +----------------------------------------------------------------------------------------------+ #
178.  
179. # This option controls how frequently LuckPerms will perform a sync task.
180. #
181. # - A sync task will refresh all data from the storage, and ensure that the most up-to-date data is
182. # being used by the plugin.
183. # - This is disabled by default, as most users will not need it. However, if you're using a remote
184. # storage type without a messaging service setup, you may wish to set this to something like 3.
185. # - Set to -1 to disable the task completely.
186. sync-minutes: -1
187.  
188. # If the file watcher should be enabled.
189. #
190. # - When using a file-based storage type, LuckPerms can monitor the data files for changes, and
191. # automatically update when changes are detected.
192. # - If you don't want this feature to be active, set this option to false.
193. watch-files: true
194.  
195. # Define which messaging service should be used by the plugin.
196. #
197. # - If enabled and configured, LuckPerms will use the messaging service to inform other connected
198. # servers of changes.
199. # - Use the command "/lp networksync" to manually push changes.
200. # - Data is NOT stored using this service. It is only used as a messaging platform.
201. #
202. # - If you decide to enable this feature, you should set "sync-minutes" to -1, as there is no need
203. # for LuckPerms to poll the database for changes.
204. #
205. # - Possible options:
206. # => sql Uses the SQL database to form a queue system for communication. Will only work when
207. # 'storage-method' is set to MySQL or MariaDB. This is chosen by default if the
208. # option is set to 'none' and SQL storage is in use. Set to 'notsql' to disable this.
209. # => pluginmsg Uses the plugin messaging channels to communicate with the proxy.
210. # LuckPerms must be installed on your proxy & all connected servers backend servers.
211. # Won't work if you have more than one proxy.
212. # => lilypad Uses LilyPad pub-sub to push changes. You need to have the LilyPad-Connect plugin
213. # installed.
214. # => redis Uses Redis pub-sub to push changes. Your server connection info must be configured
215. # below.
216. # => none Disables the service.
217. messaging-service: sql
218. # If LuckPerms should automatically push updates after a change has been made with a command.
219. auto-push-updates: true
220.  
221. # If LuckPerms should push logging entries to connected servers via the messaging service.
222. push-log-entries: true
223.  
224. # If LuckPerms should broadcast received logging entries to players on this platform.
225. #
226. # - If you have LuckPerms installed on your backend servers as well as a BungeeCord proxy, you
227. # should set this option to false on either your backends or your proxies, to avoid players being
228. # messaged twice about log entries.
229. broadcast-received-log-entries: true
230.  
231. # Settings for Redis.
232. # Port 6379 is used by default; set address to "host:port" if differs
233. redis:
234. enabled: false
235. address: localhost
236. password: ''
237.  
238.  
239.  
240.  
241. # +----------------------------------------------------------------------------------------------+ #
242. # | | #
243. # | CUSTOMIZATION SETTINGS | #
244. # | | #
245. # | Settings that allow admins to customize the way LuckPerms operates. | #
246. # | | #
247. # +----------------------------------------------------------------------------------------------+ #
248.  
249. # Controls how temporary permissions/parents/meta should be accumulated.
250. #
251. # - The default behaviour is "deny".
252. # - This behaviour can also be specified when the command is executed. See the command usage
253. # documentation for more info.
254. #
255. # - Possible options:
256. # => accumulate durations will be added to the existing expiry time
257. # => replace durations will be replaced if the new duration is later than the current
258. # expiration
259. # => deny the command will just fail if you try to add another node with the same expiry
260. temporary-add-behaviour: deny
261.  
262. # Controls how LuckPerms will determine a users "primary" group.
263. #
264. # - The meaning and influence of "primary groups" are explained in detail on the wiki.
265. # - The preferred approach is to let LuckPerms automatically determine a users primary group
266. # based on the relative weight of their parent groups.
267. #
268. # - Possible options:
269. # => stored use the value stored against the users record in the file/database
270. # => parents-by-weight just use the users most highly weighted parent
271. # => all-parents-by-weight same as above, but calculates based upon all parents inherited from
272. # both directly and indirectly
273. primary-group-calculation: parents-by-weight
274.  
275. # If the plugin should check for "extra" permissions with users run LP commands.
276. #
277. # - These extra permissions allow finer control over what users can do with each command, and who
278. # they have access to edit.
279. # - The nature of the checks are documented on the wiki under "Argument based command permissions".
280. # - Argument based permissions are *not* static, unlike the 'base' permissions, and will depend upon
281. # the arguments given within the command.
282. argument-based-command-permissions: false
283.  
284. # If the plugin should check whether senders are a member of a given group before they're able to
285. # edit the groups data or add/remove other users to/from it.
286. # Note: these limitations do not apply to the web editor!
287. require-sender-group-membership-to-modify: false
288.  
289. # If the plugin should send log notifications to users whenever permissions are modified.
290. #
291. # - Notifications are only sent to those with the appropriate permission to receive them
292. # - They can also be temporarily enabled/disabled on a per-user basis using
293. # '/lp log notify <on|off>'
294. log-notify: true
295.  
296. # Defines the options for prefix and suffix stacking.
297. #
298. # - The feature allows you to display multiple prefixes or suffixes alongside a players username in
299. # chat.
300. # - It is explained and documented in more detail on the wiki under "Prefix & Suffix Stacking".
301. #
302. # - The options are divided into separate sections for prefixes and suffixes.
303. # - The 'duplicates' setting refers to how duplicate elements are handled. Can be 'retain-all',
304. # 'first-only' or 'last-only'.
305. # - The value of 'start-spacer' is included at the start of the resultant prefix/suffix.
306. # - The value of 'end-spacer' is included at the end of the resultant prefix/suffix.
307. # - The value of 'middle-spacer' is included between each element in the resultant prefix/suffix.
308. #
309. # - Possible format options:
310. # => highest Selects the value with the highest weight, from all values
311. # held by or inherited by the player.
312. #
313. # => lowest Same as above, except takes the one with the lowest weight.
314. #
315. # => highest_own Selects the value with the highest weight, but will not
316. # accept any inherited values.
317. #
318. # => lowest_own Same as above, except takes the value with the lowest weight.
319. #
320. # => highest_inherited Selects the value with the highest weight, but will only
321. # accept inherited values.
322. #
323. # => lowest_inherited Same as above, except takes the value with the lowest weight.
324. #
325. # => highest_on_track_<track> Selects the value with the highest weight, but only if the
326. # value was inherited from a group on the given track.
327. #
328. # => lowest_on_track_<track> Same as above, except takes the value with the lowest weight.
329. #
330. # => highest_not_on_track_<track> Selects the value with the highest weight, but only if the
331. # value was inherited from a group not on the given track.
332. #
333. # => lowest_not_on_track_<track> Same as above, except takes the value with the lowest weight.
334. meta-formatting:
335. prefix:
336. format:
337. - "highest"
338. duplicates: first-only
339. start-spacer: ""
340. middle-spacer: " "
341. end-spacer: ""
342. suffix:
343. format:
344. - "highest"
345. duplicates: first-only
346. start-spacer: ""
347. middle-spacer: " "
348. end-spacer: ""
349.  
350.  
351.  
352.  
353. # +----------------------------------------------------------------------------------------------+ #
354. # | | #
355. # | PERMISSION CALCULATION AND INHERITANCE | #
356. # | | #
357. # | Modify the way permission checks, meta lookups and inheritance resolutions are handled. | #
358. # | | #
359. # +----------------------------------------------------------------------------------------------+ #
360.  
361. # The algorithm LuckPerms should use when traversing the "inheritance tree".
362. #
363. # - Possible options:
364. # => breadth-first See: https://en.wikipedia.org/wiki/Breadth-first_search
365. # => depth-first-pre-order See: https://en.wikipedia.org/wiki/Depth-first_search
366. # => depth-first-post-order See: https://en.wikipedia.org/wiki/Depth-first_search
367. inheritance-traversal-algorithm: depth-first-pre-order
368.  
369. # +----------------------------------------------------------------------------------------------+ #
370. # | Permission resolution settings | #
371. # +----------------------------------------------------------------------------------------------+ #
372.  
373. # If users on this server should have their global permissions applied.
374. # When set to false, only server specific permissions will apply for users on this server
375. include-global: true
376.  
377. # If users on this server should have their global world permissions applied.
378. # When set to false, only world specific permissions will apply for users on this server
379. include-global-world: true
380.  
381. # If users on this server should have global (non-server specific) groups applied
382. apply-global-groups: true
383.  
384. # If users on this server should have global (non-world specific) groups applied
385. apply-global-world-groups: true
386.  
387. # +----------------------------------------------------------------------------------------------+ #
388. # | Inheritance settings | #
389. # +----------------------------------------------------------------------------------------------+ #
390.  
391. # If the plugin should apply wildcard permissions.
392. #
393. # - If set to true, LuckPerms will detect wildcard permissions, and resolve & apply all registered
394. # permissions matching the wildcard.
395. apply-wildcards: true
396.  
397. # If the plugin should parse regex permissions.
398. #
399. # - If set to true, LuckPerms will detect regex permissions, marked with "r=" at the start of the
400. # node, and resolve & apply all registered permissions matching the regex.
401. apply-regex: true
402.  
403. # If the plugin should complete and apply shorthand permissions.
404. #
405. # - If set to true, LuckPerms will detect and expand shorthand node patterns.
406. apply-shorthand: true
407.  
408. # If the plugin should apply Bukkit child permissions.
409. #
410. # - Plugin authors can define custom permissions structures for their plugin, which will be resolved
411. # and used by LuckPerms if this setting is enabled.
412. apply-bukkit-child-permissions: true
413.  
414. # If the plugin should apply Bukkit default permissions.
415. #
416. # - Plugin authors can define permissions which should be given to all users by default, or setup
417. # permissions which should/shouldn't be given to opped players.
418. # - If this option is set to false, LuckPerms will ignore these defaults.
419. apply-bukkit-default-permissions: true
420.  
421. # If the plugin should apply attachment permissions.
422. #
423. # - Other plugins on the server are able to add their own "permission attachments" to players.
424. # - This allows them to grant players additional permissions which last until the end of the
425. # session, or until they're removed.
426. # - If this option is set to false, LuckPerms will not include these attachment permissions when
427. # considering if a player should have access to a certain permission.
428. apply-bukkit-attachment-permissions: true
429.  
430. # +----------------------------------------------------------------------------------------------+ #
431. # | Extra settings | #
432. # +----------------------------------------------------------------------------------------------+ #
433.  
434. # Allows you to set "aliases" for the worlds sent forward for context calculation.
435. #
436. # - These aliases are provided in addition to the real world name. Applied recursively.
437. # - Remove the comment characters for the default aliases to apply.
438. world-rewrite:
439. # world_nether: world
440. # world_the_end: world
441.  
442. # Define special group weights for this server.
443. #
444. # - Group weights can also be applied directly to group data, using the setweight command.
445. # - This section allows weights to be set on a per-server basis.
446. group-weight:
447. # admin: 10
448.  
449.  
450.  
451.  
452. # +----------------------------------------------------------------------------------------------+ #
453. # | | #
454. # | FINE TUNING OPTIONS | #
455. # | | #
456. # | A number of more niche settings for tweaking and changing behaviour. The section also | #
457. # | contains toggles for some more specialised features. It is only necessary to make changes to | #
458. # | these options if you want to fine-tune LuckPerms behaviour. | #
459. # | | #
460. # +----------------------------------------------------------------------------------------------+ #
461.  
462. # +----------------------------------------------------------------------------------------------+ #
463. # | Server Operator (OP) settings | #
464. # +----------------------------------------------------------------------------------------------+ #
465.  
466. # Controls whether server operators should exist at all.
467. #
468. # - When set to 'false', all players will be de-opped, and the /op and /deop commands will be
469. # disabled.
470. enable-ops: true
471.  
472. # Enables or disables a special permission based system in LuckPerms for controlling OP status.
473. #
474. # - If set to true, any user with the permission "luckperms.autoop" will automatically be granted
475. # server operator status. This permission can be inherited, or set on specific servers/worlds,
476. # temporarily, etc.
477. # - Additionally, setting this to true will force the "enable-ops" option above to false. All users
478. # will be de-opped unless they have the permission node, and the op/deop commands will be
479. # disabled.
480. # - It is recommended that you use this option instead of assigning a single '*' permission.
481. auto-op: false
482.  
483. # Defines if "opped" players should be able to use all LuckPerms commands by default.
484. #
485. # - Set to false to only allow users who have the permissions access to the commands
486. commands-allow-op: true
487.  
488. # +----------------------------------------------------------------------------------------------+ #
489. # | Vault integration settings | #
490. # +----------------------------------------------------------------------------------------------+ #
491.  
492. # If Vault lookups for offline players on the main server thread should be enabled.
493. #
494. # LuckPerms has a "catch" for plugins attempting to perform unsafe offline player data lookups
495. # from the main server thread. This catch raises an exception (causes an error to occur) when unsafe
496. # lookups are made, instead of allowing the lookup to happen, which would likely cause the server
497. # to lag.
498. #
499. # However, if you're willing to accept the consequences, the catch can be disabled by setting this
500. # option to 'true.
501. vault-unsafe-lookups: false
502.  
503. # If the vault-server option below should be used.
504. #
505. # - When this option is set to false, the server value defined above under "server" is used.
506. use-vault-server: false
507.  
508. # The name of the server used within Vault operations.
509. #
510. # - If you don't want Vault operations to be server specific, set this to "global".
511. # - Will only take effect if use-vault-server is set to true above.
512. vault-server: global
513.  
514. # If global permissions should be considered when retrieving meta or player groups
515. vault-include-global: true
516.  
517. # If Vault operations should ignore any world arguments if supplied.
518. vault-ignore-world: false
519.  
520. # If LuckPerms should print debugging info to console when a plugin uses a Vault function
521. vault-debug: false
522.  
523. # +----------------------------------------------------------------------------------------------+ #
524. # | Miscellaneous (and rarely used) settings | #
525. # +----------------------------------------------------------------------------------------------+ #
526.  
527. # If LuckPerms should produce extra logging output when it handles logins.
528. #
529. # - Useful if you're having issues with UUID forwarding or data not being loaded.
530. debug-logins: false
531.  
532. # If LuckPerms should use the "server-name" property from the "server.properties" file as the
533. # "server" option within LuckPerms.
534. use-server-properties-name: false
535.  
536. # If LuckPerms should allow usernames with non alphanumeric characters.
537. #
538. # - Note that due to the design of the storage implementation, usernames must still be 16 characters
539. # or less.
540. allow-invalid-usernames: false
541.  
542. # If LuckPerms should allow a users primary group to be removed with the 'parent remove' command.
543. #
544. # - When this happens, the plugin will set their primary group back to default.
545. prevent-primary-group-removal: false
546.  
547.  
548.  
549.  
550. # +----------------------------------------------------------------------------------------------+ #
551. # | | #
552. # | DEFAULT ASSIGNMENTS | #
553. # | | #
554. # +----------------------------------------------------------------------------------------------+ #
555.  
556. # This section allows you to define defaults to give users whenever they connect to the server.
557. # The default assignments are highly configurable and conditional.
558. #
559. # There is one default assignment built into LuckPerms, which will add all users to the "default"
560. # group if they are not a member of any other group. This setting cannot be disabled. However, you
561. # can use this section to add more of your own.
562. #
563. # IMPORTANT:
564. # In order to save storage space, LuckPerms does not store users who have no permissions defined,
565. # and are only a member of the default group. Adding default assignments to this section will negate
566. # this effect. It is HIGHLY RECCOMENDED that instead of assigning defaults here, you add permissions
567. # to the "default" group, or set the "default" group to inherit other groups, and then use the
568. # group-name-rewrite rule above.
569. #
570. # It is also important to note that these rules are considered every time a player logs into the
571. # server, and are applied directly to the user's data. Simply removing a rule here will not reverse
572. # the effect of that rule on any users who have already had it applied to them.
573. #
574. # The "has" and "lacks" conditions below support standard boolean logic, using the 'and' & 'or'
575. # characters used in Java.
576. # e.g. "(some.other.permission | some.permission.other) & some.thing.else" == a user has
577. # 'some.other.permission', or 'some.permission.other', and they also have 'some.thing.else'
578. #
579. # Groups are represented by the permission node: group.<group name>
580. # Per server and per world nodes are represented by "server-world/permission" or "server/permission"
581. #
582. # Within conditions, permission nodes MUST be escaped using "<" and ">". See the example below.
583. #
584. # Explanation of the examples below: (they're just to demonstrate the features & use cases)
585. #
586. # rule1:
587. # If a user is either in the vip or vip+ group, and they have the "titles.titlecollector" permission
588. # set to true, and the "some.random.permission" set to false... if they're not in the group
589. # "prison_titlepack" on the "prison" server, then give add them to the "prison_titlepack" group on
590. # the "prison" server, and remove "some.random.permission".
591. #
592. # rule2:
593. # If the user isn't in any of the following groups on the skyblock server: sb_level1, sb_level2,
594. # sb_level3, then add them to sb_level1 on the skyblock server.
595. #
596. # rule3:
597. # If the user is a member of the default group, remove them from default, add them to member, and
598. # set their primary group to member.
599. #
600. # WARNING: Unlike internal commands, this system does not ensure that a group exists before adding
601. # a user to it. It also does not unsure that a user is a member of a group before making that group
602. # their primary group.
603. #
604. # Before you use "give: group.<name>" or "set-primary-group", make sure that the group exists, and
605. # that the user is a member of the group.
606. default-assignments:
607. # rule1:
608. # if:
609. # has-true: (<group.vip> | <group.vip+>) & <titles.tilecollector>
610. # has-false: <some.random.permission>
611. # lacks: <prison/group.prison_titlepack>
612. # give:
613. # - prison/group.prison_titlepack
614. # take:
615. # - some.random.permission
616. # rule2:
617. # if:
618. # lacks: <skyblock/group.sb_level1> & <skyblock/group.sb_level2> & <skyblock/group.sb_level3>
619. # give:
620. # - skyblock/group.sb_level1
621. # rule3:
622. # if:
623. # has-true: <group.default>
624. # take:
625. # - group.default
626. # give:
627. # - group.member
628. # set-primary-group: member