172 lines
5.1 KiB
Plaintext
172 lines
5.1 KiB
Plaintext
<chapter id="oprivs">
|
|
<title>Oper privileges</title>
|
|
<sect1 id="oprivlist">
|
|
<title>Meanings of oper privileges</title>
|
|
<para>
|
|
These are specified in privset{}.
|
|
</para>
|
|
<sect2>
|
|
<title>oper:admin, server administrator</title>
|
|
<para>
|
|
Various privileges intended for server administrators.
|
|
Among other things, this automatically sets umode +a and allows
|
|
loading modules.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:remoteban, set remote bans</title>
|
|
<para>
|
|
This grants the ability to use the ON argument on
|
|
DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
|
|
and unset bans on other servers, and the server argument on REHASH.
|
|
This is only allowed if the oper may perform the action locally,
|
|
and if the remote server has a shared{} block.
|
|
</para>
|
|
<note><para>
|
|
If a cluster{} block is present, bans are sent remotely even
|
|
if the oper does not have oper:remoteban privilege.
|
|
</para></note>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:local_kill, kill local users</title>
|
|
<para>
|
|
This grants permission to use KILL on users on the same server,
|
|
disconnecting them from the network.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:die, die and restart</title>
|
|
<para>
|
|
This grants permission to use DIE and RESTART, shutting down
|
|
or restarting the server.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:rehash, rehash</title>
|
|
<para>
|
|
Allows using the REHASH command, to rehash various configuration
|
|
files or clear certain lists.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:kline, kline and dline</title>
|
|
<para>
|
|
Allows using KLINE and DLINE, to ban users by user@host mask
|
|
or IP address.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:operwall, send/receive operwall</title>
|
|
<para>
|
|
Allows using the OPERWALL command and umode +z to send and
|
|
receive operwalls.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:mass_notice, global notices and wallops</title>
|
|
<para>
|
|
Allows using server name ($$mask) and hostname ($#mask) masks in
|
|
NOTICE and PRIVMSG to send a message to all matching users, and
|
|
allows using the WALLOPS command to send a message to all users
|
|
with umode +w set.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>snomask:nick_changes, see nick changes</title>
|
|
<para>
|
|
Allows using snomask +n to see local client nick changes.
|
|
This is designed for monitor bots.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:global_kill, global kill</title>
|
|
<para>
|
|
Allows using KILL on users on any server.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:hidden, hide from /stats p</title>
|
|
<para>
|
|
This privilege currently does nothing, but was designed
|
|
to hide bots from /stats p so users will not message them
|
|
for help.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:resv, channel control</title>
|
|
<para>
|
|
This allows using /resv, /unresv and changing the channel
|
|
modes +L and +P.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:routing, remote routing</title>
|
|
<para>
|
|
This allows using the third argument of the CONNECT command, to
|
|
instruct another server to connect somewhere, and using SQUIT
|
|
with an argument that is not locally connected.
|
|
(In both cases all opers with +w set will be notified.)
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:spy, use operspy</title>
|
|
<para>
|
|
This allows using /mode !#channel, /whois !nick, /who !#channel,
|
|
/chantrace !#channel, /who !mask, /masktrace !user@host :gecos
|
|
and /scan umodes +modes-modes global list to see through secret
|
|
channels, invisible users, etc.
|
|
</para>
|
|
<para>
|
|
All operspy usage is broadcasted to opers with snomask +Z set
|
|
(on the entire network) and optionally logged.
|
|
If you grant this to anyone, it is a good idea to establish
|
|
concrete policies describing what it is to be used for, and
|
|
what not.
|
|
</para>
|
|
<para>
|
|
If operspy_dont_care_user_info is enabled, /who mask is operspy
|
|
also, and /who !mask, /who mask, /masktrace !user@host :gecos
|
|
and /scan umodes +modes-modes global list do not generate +Z notices
|
|
or logs.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:unkline, unkline and undline</title>
|
|
<para>
|
|
Allows using UNKLINE and UNDLINE.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:xline, xline and unxline</title>
|
|
<para>
|
|
Allows using XLINE and UNXLINE, to ban/unban users by realname.
|
|
</para>
|
|
</sect2>
|
|
<sect2>
|
|
<title>oper:hidden_admin, hidden administrator</title>
|
|
<para>
|
|
This grants everything granted to the admin privilege,
|
|
except the ability to set umode +a. If both oper:admin and oper:hidden_admin
|
|
are possessed, umode +a can still not be used.
|
|
</para>
|
|
</sect2>
|
|
</sect1>
|
|
</chapter>
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-namecase-general:t
|
|
sgml-general-insert-case:lower
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:2
|
|
sgml-indent-data:t
|
|
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
|
|
sgml-exposed-tags:nil
|
|
fill-column: 105
|
|
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
|
|
End:
|
|
-->
|