X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fopers.conf.example;h=d8c266b1fbcf61c383838eddbc8bdbce5992d091;hb=HEAD;hp=915bb3431bcf47b99fac35fb66b9efb1cfa68260;hpb=b43e157a14f56b2d0d608484e4d819b03f60fd09;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example
index 915bb3431..d8c266b1f 100644
--- a/docs/conf/opers.conf.example
+++ b/docs/conf/opers.conf.example
@@ -1,4 +1,4 @@
-#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
+#-#-#-#-#-#-#-#-#-#-#-#-#  CLASS CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 #   Classes are a group of commands which are grouped together and    #
 #   given a unique name. They're used to define which commands        #
@@ -8,40 +8,57 @@
 #  Note: It is possible to make a class which covers all available    #
 #  commands. To do this, specify commands="*". This is not really     #
 #  recommended, as it negates the whole purpose of the class system,  #
-#  however it is provided for fast configuration (e.g. in test nets)  #
+#  however it is provided for fast configuration (e.g. in test nets). #
 #                                                                     #
 
 <class
      name="Shutdown"
 
-     # commands: oper commands that users of this class can run.
-     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC"
+     # commands: Oper-only commands that opers of this class can run.
+     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
 
-     # privs: special privileges that users with this class may utilise.
+     # privs: Special privileges that users with this class may utilise.
      #  VIEWING:
-     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
-     #   - users/auspex: allows opers with this priv to view more details about users than normal users.
-     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
-     # ACTIONS:
-     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
-     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
-     # PERMISSIONS:
-     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
-     #   - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
+     #   - channels/auspex: allows opers with this priv to see more details about channels than normal users.
+     #   - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
+     #   - users/channel-spy: allows opers with this priv to view the private/secret channels that a user is on.
+     #   - servers/auspex: allows opers with this priv to see more details about server information than normal users.
+     #  ACTIONS:
+     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*).
+     #   - users/samode-usermodes: allows opers with this priv to change the user modes of any other user using /SAMODE.
+     #  PERMISSIONS:
+     #   - channels/ignore-noctcp: allows opers with this priv to send a CTCP to a +C channel.
+     #   - channels/ignore-nonicks: allows opers with this priv to change their nick when on a +N channel.
+     #   - channels/restricted-create: allows opers with this priv to create channels if the restrictchans module is loaded.
+     #   - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE).
+     #   - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE).
+     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE).
+     #   - users/ignore-callerid: allows opers with this priv to message people using callerid without being on their callerid list.
+     #   - users/ignore-commonchans: allows opers with this priv to send a message to a +c user without sharing common channels.
+     #   - users/ignore-noctcp: allows opers with this priv to send a CTCP to a +T user.
+     #   - users/ignore-privdeaf: allows opers with this priv to message users with +D set.
+     #   - users/sajoin-others: allows opers with this priv to /SAJOIN users other than themselves.
+     #   - servers/ignore-shun: allows opers with this priv to ignore shuns.
+     #   - servers/use-disabled-commands: allows opers with this priv to use disabled commands.
+     #   - servers/use-disabled-modes: allows opers with this priv to use disabled modes.
      #
      # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
-     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers"
+     privs="users/auspex channels/auspex servers/auspex users/mass-message users/flood/no-throttle users/flood/increased-buffers"
 
-     # usermodes: Oper-only usermodes that opers with this class can use.
+     # usermodes: Oper-only user modes that opers with this class can use.
      usermodes="*"
 
      # chanmodes: Oper-only channel modes that opers with this class can use.
-     chanmodes="*">
+     chanmodes="*"
 
-<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
-<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message">
-<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
+     # snomasks: The snomasks that opers with this class can use.
+     snomasks="*">
+
+<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex" snomasks="Cc">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*" snomasks="Xx">
+<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message" snomasks="Gg">
+<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
 
 
 #-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
@@ -52,112 +69,117 @@
 #                                                                     #
 
 <type
-    # name: Name of type. Used in actual olines below.
-    # Cannot contain spaces. If you would like a space, use
-    # the _ character instead and it will translate to a space on whois.
+    # name: Name of the type. Used in actual server operator accounts below.
     name="NetAdmin"
 
-    # classes: classes (above blocks) that this type belongs to.
-    classes="OperChat BanControl HostCloak Shutdown ServerLink"
+    # classes: Classes (blocks above) that this type belongs to.
+    classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
+
+    # vhost: Host that opers of this type get when they log in (oper up). This is optional.
+    vhost="netadmin.omega.example.org"
 
-    # vhost: host oper gets on oper-up. This is optional.
-    vhost="netadmin.omega.org.za"
+    # maxchans: Maximum number of channels opers of this type can be in at once.
+    maxchans="60"
 
-    # modes: usermodes besides +o that are set on a oper of this type
+    # modes: User modes besides +o that are set on an oper of this type
     # when they oper up. Used for snomasks and other things.
-    # Requires that m_opermodes.so be loaded.
+    # Requires the opermodes module to be loaded.
     modes="+s +cCqQ">
 
-<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za">
-<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za">
+<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="serverop.omega.example.org">
+<type name="Helper" classes="HostCloak" vhost="helper.omega.example.org">
 
 
 #-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 #   Opers are defined here. This is a very important section.         #
-#   Remember to only make operators out of trust worthy people.       #
+#   Remember to only make operators out of trustworthy people.        #
 #                                                                     #
 
-# oline with plain-text password
+# Operator account with a plaintext password.
 <oper
-      # name: oper login that is used to oper up (/oper name password).
-      # Remember: This is case sensitive
-      name="Brain"
+      # name: Oper login that is used to oper up (/OPER <username> <password>).
+      # Remember: This is case sensitive.
+      name="Attila"
 
-      # password: case-sensitive, unhashed...yea...self-explanatory.
+      # password: Case-sensitive, unhashed (plaintext).
       password="s3cret"
 
-      # host: What hostnames/IP's are allowed to oper up with this oline.
-      # Multiple options can be separated by spaces and CIDR's are allowed.
-      # You CAN use just * or *@* for this section, but it is not recommended
+      # host: What hostnames and IPs are allowed to use this operator account.
+      # Multiple options can be separated by spaces and CIDRs are allowed.
+      # You can use just * or *@* for this section, but it is not recommended
       # for security reasons.
-      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"
+      host="attila@inspircd.org *@2001:db8::/32"
 
       # ** ADVANCED ** This option is disabled by default.
-      # fingerprint: When using the m_sslinfo module, you may specify
-      # a key fingerprint here. This can be obtained by using the /sslinfo
-      # command while the module is loaded, and is also noticed on connect.
+      # fingerprint: When using the sslinfo module, you may specify a space separated
+      # list of TLS (SSL) client certificate fingerprints here. These can be obtained by using
+      # the /SSLINFO command while the module is loaded, and is also noticed on connect.
       # This enhances security by verifying that the person opering up has
-      # a matching SSL client certificate, which is very difficult to
+      # a matching TLS (SSL) client certificate, which is very difficult to
       # forge (impossible unless preimage attacks on the hash exist).
-      # If m_sslinfo isn't loaded, this option will be ignored.
+      # If the sslinfo module isn't loaded, this option will be ignored.
       #fingerprint="67cb9dc013248a829bb2171ed11becd4"
 
-      # autologin: if an SSL fingerprint for this oper is specified, you can
-      # have the oper block automatically log in. This moves all security of the
-      # oper block to the protection of the client certificate, so be sure that
-      # the private key is well-protected! Requires m_sslinfo.
-      #autologin="on"
+      # autologin: If a TLS (SSL) client certificate fingerprint for this oper is specified,
+      # you can have the oper block automatically log in. This moves all security
+      # of the oper block to the protection of the TLS (SSL) client certificate, so be sure
+      # that the private key is well-protected! Requires the sslinfo module.
+      #autologin="yes"
 
-      # sslonly: This oper can only oper up if they're using a SSL connection.
+      # sslonly: If enabled, this oper can only oper up if they're using a TLS (SSL) connection.
       # Setting this option adds a decent bit of security. Highly recommended
       # if the oper is on wifi, or specifically, unsecured wifi. Note that it
       # is redundant to specify this option if you specify a fingerprint.
-      # This setting only takes effect if m_sslinfo is loaded.
+      # This setting only takes effect if the sslinfo module is loaded.
       #sslonly="yes"
 
-      # vhost: overrides the vhost in the type block. Class and modes may also
-      # be overridden
-      vhost="brain.netadmin.omega"
+      # vhost: Overrides the vhost in the type block. Class and modes may also
+      # be overridden.
+      vhost="attila.example.org"
 
-      # type: What oper type this oline is. See the block above for list
-      # of types. NOTE: This is case-sensitive as well.
+      # type: Which type of operator this person is; see the block
+      # above for the list of types. NOTE: This is case-sensitive as well.
       type="NetAdmin">
 
-# oline with plain-text password and no comments..for all who like copy & paste
+# Operator with a plaintext password and no comments, for easy copy & paste.
 <oper
       name="Brain"
-      password="s3cret"
-      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"
+      password="youshouldhashthis"
+      host="brain@dialup15.isp.test.com *@localhost *@example.com *@2001:db8::/32"
       #fingerprint="67cb9dc013248a829bb2171ed11becd4"
       type="NetAdmin">
 
-# oline with hashed password. It is highly recommended to use hashed passwords.
+# Operator with a hashed password. It is highly recommended to use hashed passwords.
 <oper
-      # name: oper login that is used to oper up (/oper name password).
-      # Remember: This is case sensitive
-      name="Brain"
-
-      # hash: what hash this password is hashed with.
-      # Requires the module for selected hash (m_md5.so, m_sha256.so
-      # or m_ripemd160.so) be loaded and the password hashing module
-      # (m_password_hash.so) loaded.
-      # Options here are: "md5", "sha256" and "ripemd160", or one of
-      # these prefixed with "hmac-", e.g.: "hmac-sha256".
-      # Create hashed password with: /mkpasswd <hash> <password>
-      hash="sha256"
-
-      # password: a hash of your password (see above option) hashed
-      # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf
-      # for more information about password hashing.
-      password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
-
-      # host: What hostnames/IP's are allowed to oper up with this oline.
-      # Multiple options can be separated by spaces and CIDR's are allowed.
-      # You CAN use just * or *@* for this section, but it is not recommended
+      # name: Oper login that is used to oper up (/OPER <username> <password>).
+      # Remember: This is case sensitive.
+      name="Adam"
+
+      # hash: The hash function this password is hashed with. Requires the
+      # module for the selected function (bcrypt, md5, sha1, or sha256) and
+      # the password hashing module (password_hash) to be loaded.
+      #
+      # You may also use any of the above other than bcrypt prefixed with
+      # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
+      # Create hashed passwords with: /MKPASSWD <hashtype> <plaintext>.
+      hash="bcrypt"
+
+      # password: A hash of the password (see above option) hashed
+      # with /MKPASSWD <hashtype> <plaintext>. See the password_hash module
+      # in modules.conf for more information about password hashing.
+      password="qQmv3LcF$Qh63wzmtUqWp9OXnLwe7yv1GcBwHpq59k2a0UrY8xe0"
+
+      # host: What hostnames and IPs are allowed to use this operator account.
+      # Multiple options can be separated by spaces and CIDRs are allowed.
+      # You can use just * or *@* for this section, but it is not recommended
       # for security reasons.
-      host="yourident@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"
+      host="*@127.0.0.1 *@192.0.2.40 *@198.51.100.4"
 
-      # type: What oper type this oline is. See the block above for list
-      # of types. NOTE: This is case-sensitive as well.
-      type="NetAdmin">
+      # type: Which type of operator this person is; see the block
+      # above for the list of types. NOTE: This is case-sensitive as well.
+      type="Helper">
+
+# Once you have edited this file you can remove this line. This is just to
+# ensure that you don't hastily include the file without reading it.
+<die reason="Using opers.conf.example without editing it is a security risk">