-#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+#-#-#-#-#-#-#-#-#-#-#-#-# CLASS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# Classes are a group of commands which are grouped together and #
# given a unique name. They're used to define which commands #
# privs: Special privileges that users with this class may utilise.
# VIEWING:
- # - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
+ # - channels/auspex: allows opers with this priv to see more details about channels than normal users.
# - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
- # - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
- # ACTIONS:
- # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
- # - users/samode-usermodes: allows opers with this priv to change the user modes of any other user using /SAMODE
- # PERMISSIONS:
- # - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
- # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
- # - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
+ # - users/channel-spy: allows opers with this priv to view the private/secret channels that a user is on.
+ # - servers/auspex: allows opers with this priv to see more details about server information than normal users.
+ # ACTIONS:
+ # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*).
+ # - users/samode-usermodes: allows opers with this priv to change the user modes of any other user using /SAMODE.
+ # PERMISSIONS:
+ # - channels/ignore-noctcp: allows opers with this priv to send a CTCP to a +C channel.
+ # - channels/ignore-nonicks: allows opers with this priv to change their nick when on a +N channel.
+ # - channels/restricted-create: allows opers with this priv to create channels if the restrictchans module is loaded.
+ # - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE).
+ # - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE).
+ # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE).
+ # - users/ignore-callerid: allows opers with this priv to message people using callerid without being on their callerid list.
+ # - users/ignore-commonchans: allows opers with this priv to send a message to a +c user without sharing common channels.
+ # - users/ignore-noctcp: allows opers with this priv to send a CTCP to a +T user.
+ # - users/ignore-privdeaf: allows opers with this priv to message users with +D set.
+ # - users/sajoin-others: allows opers with this priv to /SAJOIN users other than themselves.
+ # - servers/ignore-shun: allows opers with this priv to ignore shuns.
+ # - servers/use-disabled-commands: allows opers with this priv to use disabled commands.
+ # - servers/use-disabled-modes: allows opers with this priv to use disabled modes.
#
# *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
privs="users/auspex channels/auspex servers/auspex users/mass-message users/flood/no-throttle users/flood/increased-buffers"
- # usermodes: Oper-only usermodes that opers with this class can use.
+ # usermodes: Oper-only user modes that opers with this class can use.
usermodes="*"
# chanmodes: Oper-only channel modes that opers with this class can use.
- chanmodes="*">
+ chanmodes="*"
+
+ # snomasks: The snomasks that opers with this class can use.
+ snomasks="*">
<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
-<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
-<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex" snomasks="Cc">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*" snomasks="Xx">
+<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message" snomasks="Gg">
<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
# #
<type
- # name: Name of type. Used in actual server operator accounts below.
+ # name: Name of the type. Used in actual server operator accounts below.
name="NetAdmin"
# classes: Classes (blocks above) that this type belongs to.
classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
- # vhost: Host opers of this type get when they log in (oper up). This is optional.
+ # vhost: Host that opers of this type get when they log in (oper up). This is optional.
vhost="netadmin.omega.example.org"
# maxchans: Maximum number of channels opers of this type can be in at once.
# modes: User modes besides +o that are set on an oper of this type
# when they oper up. Used for snomasks and other things.
- # Requires the opermodes module be loaded.
+ # Requires the opermodes module to be loaded.
modes="+s +cCqQ">
-<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.example.org">
+<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="serverop.omega.example.org">
<type name="Helper" classes="HostCloak" vhost="helper.omega.example.org">
# Remember to only make operators out of trustworthy people. #
# #
-# Operator account with a plain-text password.
+# Operator account with a plaintext password.
<oper
- # name: Oper login that is used to oper up (/oper name password).
+ # name: Oper login that is used to oper up (/OPER <username> <password>).
# Remember: This is case sensitive.
name="Attila"
host="attila@inspircd.org *@2001:db8::/32"
# ** ADVANCED ** This option is disabled by default.
- # fingerprint: When using the sslinfo module, you may specify
- # a key fingerprint here. This can be obtained by using the /sslinfo
- # command while the module is loaded, and is also noticed on connect.
+ # fingerprint: When using the sslinfo module, you may specify a space separated
+ # list of TLS (SSL) client certificate fingerprints here. These can be obtained by using
+ # the /SSLINFO command while the module is loaded, and is also noticed on connect.
# This enhances security by verifying that the person opering up has
- # a matching SSL client certificate, which is very difficult to
+ # a matching TLS (SSL) client certificate, which is very difficult to
# forge (impossible unless preimage attacks on the hash exist).
# If the sslinfo module isn't loaded, this option will be ignored.
#fingerprint="67cb9dc013248a829bb2171ed11becd4"
- # autologin: If an SSL certificate fingerprint for this oper is specified,
+ # autologin: If a TLS (SSL) client certificate fingerprint for this oper is specified,
# you can have the oper block automatically log in. This moves all security
- # of the oper block to the protection of the client certificate, so be sure
+ # of the oper block to the protection of the TLS (SSL) client certificate, so be sure
# that the private key is well-protected! Requires the sslinfo module.
- #autologin="on"
+ #autologin="yes"
- # sslonly: If on, this oper can only oper up if they're using a SSL connection.
+ # sslonly: If enabled, this oper can only oper up if they're using a TLS (SSL) connection.
# Setting this option adds a decent bit of security. Highly recommended
# if the oper is on wifi, or specifically, unsecured wifi. Note that it
# is redundant to specify this option if you specify a fingerprint.
# Operator with a hashed password. It is highly recommended to use hashed passwords.
<oper
- # name: Oper login that is used to oper up (/oper name password).
+ # name: Oper login that is used to oper up (/OPER <username> <password>).
# Remember: This is case sensitive.
name="Adam"
- # hash: What hash this password is hashed with.
- # Requires the module for selected hash (md5, sha256 or ripemd160)
- # be loaded and the password hashing module (password_hash) loaded.
- # Options here are: "md5", "sha256" and "ripemd160", or one of
- # these prefixed with "hmac-", e.g.: "hmac-sha256".
- # Create hashed passwords with: /mkpasswd <hash> <password>
- hash="hmac-sha256"
+ # hash: The hash function this password is hashed with. Requires the
+ # module for the selected function (bcrypt, md5, sha1, or sha256) and
+ # the password hashing module (password_hash) to be loaded.
+ #
+ # You may also use any of the above other than bcrypt prefixed with
+ # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
+ # Create hashed passwords with: /MKPASSWD <hashtype> <plaintext>.
+ hash="bcrypt"
# password: A hash of the password (see above option) hashed
- # with /mkpasswd <hash> <password>. See the password_hash module
+ # with /MKPASSWD <hashtype> <plaintext>. See the password_hash module
# in modules.conf for more information about password hashing.
password="qQmv3LcF$Qh63wzmtUqWp9OXnLwe7yv1GcBwHpq59k2a0UrY8xe0"
# type: Which type of operator this person is; see the block
# above for the list of types. NOTE: This is case-sensitive as well.
type="Helper">
+
+# Once you have edited this file you can remove this line. This is just to
+# ensure that you don't hastily include the file without reading it.
+<die reason="Using opers.conf.example without editing it is a security risk">
projects / user / henk / code / inspircd.git / blobdiff