Drone registration is open by default. This means any user can create a Drone account and use the system. If your Drone instance is public you should limit registration by user or organization.
You can limit registration by passing the
DRONE_USER_FILTER environment variable to your Drone server. This variable provides a comma-separated lists of user and organizations accounts that are permitted to register.
Example configuration limits registration by user whitelist:
docker run \ -e DRONE_USER_FILTER=octocat,spaceghost
Example configuration limits registration by user and organization:
docker run \ -e DRONE_USER_FILTER=octocat,spaceghost,github
Please note this only limits who can registrer for a Drone account. It does not place any limits on accounts once they are created.