Update SGML docs for need_ssl and new oper priv system.

This commit is contained in:
Jilles Tjoelker 2008-09-09 23:32:19 +02:00
parent 850b23f3a9
commit 1a745bf1a5
2 changed files with 77 additions and 33 deletions

View File

@ -410,6 +410,12 @@ auth {
<para>Users in this auth{} block must have identd, otherwise they will be rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>need_ssl</term>
<listitem>
<para>Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>need_sasl</term>
<listitem>
@ -442,6 +448,33 @@ exempt {
</varlistentry>
</variablelist>
</sect2>
<sect2>
<title>privset {} block</title>
<synopsis>
privset {
extends = "<replaceable>name</replaceable>";
privs = <replaceable>list</replaceable>;
};</synopsis>
<para>
A privset (privilege set) block specifies a set of
operator privileges.
</para>
<variablelist>
<title>privset {} variables</title>
<varlistentry>
<term>extends</term>
<listitem>
<para>An optional privset to inherit. The new privset will have all privileges that the given privset has.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>privs</term>
<listitem>
<para>Privileges to grant to this privset. These are described in the operator privileges section.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2>
<title>operator {} block</title>
<synopsis>
@ -510,19 +543,35 @@ operator "<replaceable>name</replaceable>" {
</listitem>
</varlistentry>
<varlistentry>
<term>flags</term>
<term>privset</term>
<listitem>
<para>
A listing of privileges granted to operators using this block.
By default, the mass_notice, operwall, remoteban and resv privileges are granted;
use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
</para>
<para>
In addition, a flag designating if the password is encrypted is here.
Privileges are documented elsewhere in this guide.
The privilege set granted to successfully opered clients.
This must be defined before this operator{} block.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>flags</term>
<listitem>
<para>A list of flags to apply to this operator{} block. They are listed below.</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist>
<title>operator {} flags</title>
<varlistentry>
<term>encrypted</term>
<listitem>
<para>The password used has been encrypted. This is enabled by default, use ~encrypted to disable it.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>need_ssl</term>
<listitem>
<para>Restricts use of this operator{} block to SSL/TLS connections only.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2>

View File

@ -3,12 +3,10 @@
<sect1 id="oprivlist">
<title>Meanings of oper privileges</title>
<para>
These are flags in operator{}.
The letter appears after opering up and in /stats o; an uppercase
letter means the privilege is possessed, lowercase means it is not.
These are specified in privset{}.
</para>
<sect2>
<title>admin (A), server administrator</title>
<title>oper:admin, server administrator</title>
<para>
Various privileges intended for server administrators.
Among other things, this automatically sets umode +a and allows
@ -16,7 +14,7 @@
</para>
</sect2>
<sect2>
<title>remoteban (B), set remote bans</title>
<title>oper:remoteban, set remote bans</title>
<para>
This grants the ability to use the ON argument on
DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
@ -26,46 +24,46 @@
</para>
<note><para>
If a cluster{} block is present, bans are sent remotely even
if the oper does not have remoteban privilege.
if the oper does not have oper:remoteban privilege.
</para></note>
</sect2>
<sect2>
<title>local_kill (C), kill local users</title>
<title>oper:local_kill, kill local users</title>
<para>
This grants permission to use KILL on users on the same server,
disconnecting them from the network.
</para>
</sect2>
<sect2>
<title>die (D), die and restart</title>
<title>oper:die, die and restart</title>
<para>
This grants permission to use DIE and RESTART, shutting down
or restarting the server.
</para>
</sect2>
<sect2>
<title>rehash (H), rehash</title>
<title>oper:rehash, rehash</title>
<para>
Allows using the REHASH command, to rehash various configuration
files or clear certain lists.
</para>
</sect2>
<sect2>
<title>kline (K), kline and dline</title>
<title>oper:kline, kline and dline</title>
<para>
Allows using KLINE and DLINE, to ban users by user@host mask
or IP address.
</para>
</sect2>
<sect2>
<title>operwall (L), send/receive operwall</title>
<title>oper:operwall, send/receive operwall</title>
<para>
Allows using the OPERWALL command and umode +z to send and
receive operwalls.
</para>
</sect2>
<sect2>
<title>mass_notice (M), global notices and wallops</title>
<title>oper:mass_notice, global notices and wallops</title>
<para>
Allows using server name ($$mask) and hostname ($#mask) masks in
NOTICE and PRIVMSG to send a message to all matching users, and
@ -74,20 +72,20 @@
</para>
</sect2>
<sect2>
<title>nick_changes (N), see nick changes</title>
<title>snomask:nick_changes, see nick changes</title>
<para>
Allows using snomask +n to see local client nick changes.
This is designed for monitor bots.
</para>
</sect2>
<sect2>
<title>global_kill (O), global kill</title>
<title>oper:global_kill, global kill</title>
<para>
Allows using KILL on users on any server.
</para>
</sect2>
<sect2>
<title>hidden_oper (P), hide from /stats p</title>
<title>oper:hidden, hide from /stats p</title>
<para>
This privilege currently does nothing, but was designed
to hide bots from /stats p so users will not message them
@ -95,14 +93,14 @@
</para>
</sect2>
<sect2>
<title>resv (Q), channel control</title>
<title>oper:resv, channel control</title>
<para>
This allows using /resv, /unresv and changing the channel
modes +L and +P.
</para>
</sect2>
<sect2>
<title>remote (R), remote routing</title>
<title>oper:remote, remote routing</title>
<para>
This allows using the third argument of the CONNECT command, to
instruct another server to connect somewhere, and using SQUIT
@ -111,7 +109,7 @@
</para>
</sect2>
<sect2>
<title>oper_spy (S), use operspy</title>
<title>oper:spy, use operspy</title>
<para>
This allows using /mode !#channel, /whois !nick, /who !#channel,
/chantrace !#channel, /who !mask, /masktrace !user@host :gecos
@ -133,27 +131,24 @@
</para>
</sect2>
<sect2>
<title>unkline (U), unkline and undline</title>
<title>oper:unkline, unkline and undline</title>
<para>
Allows using UNKLINE and UNDLINE.
</para>
</sect2>
<sect2>
<title>xline (X), xline and unxline</title>
<title>oper:xline, xline and unxline</title>
<para>
Allows using XLINE and UNXLINE, to ban/unban users by realname.
</para>
</sect2>
<sect2>
<title>hidden_admin, hidden administrator</title>
<title>oper:hidden_admin, hidden administrator</title>
<para>
This grants everything granted to the admin privilege,
except the ability to set umode +a. If both admin and hidden_admin
except the ability to set umode +a. If both oper:admin and oper:hidden_admin
are possessed, umode +a can still not be used.
</para>
<note><para>
This privilege does not appear in /stats o or oper up notices.
</para></note>
</sect2>
</sect1>
</chapter>