SuperUser & first login

Every Mumble server has a built-in SuperUser account. It is the one account that bypasses every ACL on the server, so it is what you use to bootstrap your community. Once you have set up roles and registered users, you will almost never log in as SuperUser again.

Screenshot placeholder: admin panel after first SuperUser login, with empty role and user lists.

Set the SuperUser password

If you set MUMBLE_SUPERUSER_PASSWORD in your Docker setup, you already have a password. Skip ahead.

If not, the password was randomly generated on the first boot. Find it in the logs:

docker logs mumble-server 2>&1 | grep -i superuser

Or set a new one any time:

docker exec mumble-server mumble-server \
  --ini /data/mumble_server_config.ini \
  --set-su-pw "your-strong-password"

Log in as SuperUser

Open Fancy Mumble.
Connect to your server.
When the wizard asks for a username, type SuperUser.
When the password dialog appears, paste your password.
The admin button next to the disconnect button should now be visible. Click it to open the admin panel.

The first time you do this on a fresh server, the SuperUser is the only account, and everyone else who connects is unauthenticated.

First steps on a fresh server

The big checklist:

Set up the welcome text in Admin, Server settings, so new joiners see a friendly message.
Create your top-level channels: lobby, voice, off-topic, and so on. See Channels.
Create a “Moderator” role with channel-management and mute permissions, and assign it to your most-trusted friends. See Roles & permissions.
Create a “Member” role that gives chat write access to the right channels, and decide whether you want to require registration to chat.
Set up the onboarding flow if you want new members to pick their interests on first join. See Onboarding workflow.
Upload a few custom emotes as a community starter pack. See Custom emotes.
Take a backup. See Upgrade & backup.

Disable SuperUser after setup

For ongoing administration, you should not use SuperUser. Instead:

Connect with your own user account.
As SuperUser, register your account: right-click your name, Register.
As SuperUser, give your account the Administrator role.
Disconnect.
Reconnect as your normal user. Verify you have admin access.

You can either:

Keep SuperUser as a break-glass account (recommended), or
Disable it by leaving the password unset and starting the server fresh. Hard to reverse, so be sure.

When to use SuperUser

Only in two situations:

You locked yourself out of the admin role and need to fix the ACL.
A bug or accident has corrupted permissions and only the unconditional-bypass account can fix it.

For everything else, use a regular admin account.

Recovering from “I locked myself out”

If you accidentally removed your own admin role:

Find the SuperUser password (or reset it as above).
Log in as SuperUser.
Restore your role.
Log out again.

Pitfalls

Cannot log in as SuperUser: the password is wrong. Reset it with the --set-su-pw command.
Register as SuperUser: not possible by design. SuperUser is hard-coded outside the user table.
Lost the password: same fix, --set-su-pw to set a new one.
Changed a password in the app and SuperUser login broke: the in-app password in your profile settings applies to your regular user account, not to SuperUser. SuperUser has no profile in the app - its password is set only via --set-su-pw or the MUMBLE_SUPERUSER_PASSWORD environment variable.
Can’t talk as SuperUser: you are logged in as SuperUser, but you cannot talk or see channels. This is normal. SuperUser bypasses ACLs, but it can also not talk by default.

Next step

Continue with Channels to set up your space.