From 1a745bf1a55185ccbba09fd6e4fa0202cef9b58d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 23:32:19 +0200 Subject: [PATCH] Update SGML docs for need_ssl and new oper priv system. --- doc/sgml/oper-guide/config.sgml | 65 +++++++++++++++++++++++++++++---- doc/sgml/oper-guide/oprivs.sgml | 45 ++++++++++------------- 2 files changed, 77 insertions(+), 33 deletions(-) diff --git a/doc/sgml/oper-guide/config.sgml b/doc/sgml/oper-guide/config.sgml index fc44fb7..4c6207f 100644 --- a/doc/sgml/oper-guide/config.sgml +++ b/doc/sgml/oper-guide/config.sgml @@ -410,6 +410,12 @@ auth { Users in this auth{} block must have identd, otherwise they will be rejected. + + need_ssl + + Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected. + + need_sasl @@ -442,6 +448,33 @@ exempt { + + privset {} block + +privset { + extends = "name"; + privs = list; +}; + + A privset (privilege set) block specifies a set of + operator privileges. + + + privset {} variables + + extends + + An optional privset to inherit. The new privset will have all privileges that the given privset has. + + + + privs + + Privileges to grant to this privset. These are described in the operator privileges section. + + + + operator {} block @@ -510,19 +543,35 @@ operator "name" { - flags + privset - A listing of privileges granted to operators using this block. - By default, the mass_notice, operwall, remoteban and resv privileges are granted; - use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary. - - - In addition, a flag designating if the password is encrypted is here. - Privileges are documented elsewhere in this guide. + The privilege set granted to successfully opered clients. + This must be defined before this operator{} block. + + flags + + A list of flags to apply to this operator{} block. They are listed below. + + + + + operator {} flags + + encrypted + + The password used has been encrypted. This is enabled by default, use ~encrypted to disable it. + + + + need_ssl + + Restricts use of this operator{} block to SSL/TLS connections only. + + diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index fb5213e..1e776b1 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -3,12 +3,10 @@ Meanings of oper privileges - These are flags in operator{}. - The letter appears after opering up and in /stats o; an uppercase - letter means the privilege is possessed, lowercase means it is not. + These are specified in privset{}. - admin (A), server administrator + oper:admin, server administrator Various privileges intended for server administrators. Among other things, this automatically sets umode +a and allows @@ -16,7 +14,7 @@ - remoteban (B), set remote bans + oper:remoteban, set remote bans This grants the ability to use the ON argument on DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set @@ -26,46 +24,46 @@ If a cluster{} block is present, bans are sent remotely even - if the oper does not have remoteban privilege. + if the oper does not have oper:remoteban privilege. - local_kill (C), kill local users + oper:local_kill, kill local users This grants permission to use KILL on users on the same server, disconnecting them from the network. - die (D), die and restart + oper:die, die and restart This grants permission to use DIE and RESTART, shutting down or restarting the server. - rehash (H), rehash + oper:rehash, rehash Allows using the REHASH command, to rehash various configuration files or clear certain lists. - kline (K), kline and dline + oper:kline, kline and dline Allows using KLINE and DLINE, to ban users by user@host mask or IP address. - operwall (L), send/receive operwall + oper:operwall, send/receive operwall Allows using the OPERWALL command and umode +z to send and receive operwalls. - mass_notice (M), global notices and wallops + oper:mass_notice, global notices and wallops Allows using server name ($$mask) and hostname ($#mask) masks in NOTICE and PRIVMSG to send a message to all matching users, and @@ -74,20 +72,20 @@ - nick_changes (N), see nick changes + snomask:nick_changes, see nick changes Allows using snomask +n to see local client nick changes. This is designed for monitor bots. - global_kill (O), global kill + oper:global_kill, global kill Allows using KILL on users on any server. - hidden_oper (P), hide from /stats p + oper:hidden, hide from /stats p This privilege currently does nothing, but was designed to hide bots from /stats p so users will not message them @@ -95,14 +93,14 @@ - resv (Q), channel control + oper:resv, channel control This allows using /resv, /unresv and changing the channel modes +L and +P. - remote (R), remote routing + oper:remote, remote routing This allows using the third argument of the CONNECT command, to instruct another server to connect somewhere, and using SQUIT @@ -111,7 +109,7 @@ - oper_spy (S), use operspy + oper:spy, use operspy This allows using /mode !#channel, /whois !nick, /who !#channel, /chantrace !#channel, /who !mask, /masktrace !user@host :gecos @@ -133,27 +131,24 @@ - unkline (U), unkline and undline + oper:unkline, unkline and undline Allows using UNKLINE and UNDLINE. - xline (X), xline and unxline + oper:xline, xline and unxline Allows using XLINE and UNXLINE, to ban/unban users by realname. - hidden_admin, hidden administrator + oper:hidden_admin, hidden administrator This grants everything granted to the admin privilege, - except the ability to set umode +a. If both admin and hidden_admin + except the ability to set umode +a. If both oper:admin and oper:hidden_admin are possessed, umode +a can still not be used. - - This privilege does not appear in /stats o or oper up notices. -