Admins have full control over what commands can by run using config.yaml. OliveTin does NOT write to the config.yaml in any way.

OliveTin listens on just 1 open public port by default (1337). The rest of the ports only listen on localhost so you don’t have to worry about them in your firewall.

Standard Linux controls can be used to run OliveTin as non-root, with sudo permissions if needed. See the action customization section of these docs for more details.