solanum/doc/oper-guide/oprivs.rst

Oper privileges
===============

These are specified in privset{}.

oper:admin, server administrator
--------------------------------

Various privileges intended for server administrators. Among other
things, this automatically sets umode +a and allows loading modules.

oper:die, die and restart
-------------------------

This grants permission to use DIE and RESTART, shutting down or
restarting the server.

oper:global\_kill, global kill
------------------------------

Allows using KILL on users on any server.

oper:hidden, hide from /stats p
-------------------------------

This privilege currently does nothing, but was designed to hide bots
from /stats p so users will not message them for help.

oper:hidden\_admin, hidden administrator
----------------------------------------

This grants everything granted to the oper:admin privilege, except the
ability to set umode +a. If both oper:admin and oper:hidden\_admin are
possessed, umode +a can still not be used.

oper:kline, kline and dline
---------------------------

Allows using KLINE and DLINE, to ban users by user@host mask or IP
address.

oper:local\_kill, kill local users
----------------------------------

This grants permission to use KILL on users on the same server,
disconnecting them from the network.

oper:mass\_notice, global notices and wallops
---------------------------------------------

Allows using server name ($$mask) and hostname ($#mask) masks in NOTICE
and PRIVMSG to send a message to all matching users, and allows using
the WALLOPS command to send a message to all users with umode +w set.

oper:operwall, send/receive operwall
------------------------------------

Allows using the OPERWALL command and umode +z to send and receive
operwalls.

oper:rehash, rehash
-------------------

Allows using the REHASH command, to rehash various configuration files
or clear certain lists.

oper:remoteban, set remote bans
-------------------------------

This grants the ability to use the ON argument on DLINE/KLINE/XLINE/RESV
and UNDLINE/UNKLINE/UNXLINE/UNRESV to set and unset bans on other
servers, and the server argument on REHASH. This is only allowed if the
oper may perform the action locally, and if the remote server has a
shared{} block.

    **Note**

    If a cluster{} block is present, bans are sent remotely even if the
    oper does not have oper:remoteban privilege.

oper:resv, channel control
--------------------------

This allows using /resv, /unresv and changing the channel modes +L and
+P.

oper:routing, remote routing
----------------------------

This allows using the third argument of the CONNECT command, to instruct
another server to connect somewhere, and using SQUIT with an argument
that is not locally connected. (In both cases all opers with +w set will
be notified.)

oper:spy, use operspy
---------------------

This allows using /mode !#channel, /whois !nick, /who !#channel,
/chantrace !#channel, /topic !#channel, /who !mask, /masktrace
!user@host :gecos and /scan umodes +modes-modes global list to see
through secret channels, invisible users, etc.

All operspy usage is broadcasted to opers with snomask +Z set (on the
entire network) and optionally logged. If you grant this to anyone, it
is a good idea to establish concrete policies describing what it is to
be used for, and what not.

If operspy\_dont\_care\_user\_info is enabled, /who mask is operspy
also, and /who !mask, /who mask, /masktrace !user@host :gecos and /scan
umodes +modes-modes global list do not generate +Z notices or logs.

oper:unkline, unkline and undline
---------------------------------

Allows using UNKLINE and UNDLINE.

oper:xline, xline and unxline
-----------------------------

Allows using XLINE and UNXLINE, to ban/unban users by realname.

snomask:nick\_changes, see nick changes
---------------------------------------

Allows using snomask +n to see local client nick changes. This is
designed for monitor bots.
convert SGML guide to RST the rationale behind switching away from SGML/Docbook is the following: * SGML is hard to edit for humans * the output is not much prettier * the toolchain is not well supported and missing from the build * the build is not hooked into anywhere, no automation the reason why RST was chosen: * it allows for a strong structure like Docbook * the theme from Read The Docs is pretty * it also supports mobile devices * sphinx can easily output to PDF and ePUB formats * RST is plaintext that can be easily edited and diff'd * RST can be automatically built by ReadTheDocs and the toolchain is readily available * the output is also parsed by Github so documentation can be read straight from GH the reason why Markdown was not chosen: * the current strong structure would be hard to replicate * markdown is not standardized and output varies according to the implementation the docs were converted with Pandoc, using the following commands: mkdir oper-guide for source in sgml/oper-guide/.sgml; do pandoc --toc -s -f docbook -t rst $source -o oper-guide/$(basename $source .sgml).rst done cd oper-guide sphinx-quickstart git add .rst make.bat conf.py git add -f Makefile git rm -r ../sgml [merged from d4214e9445d9f9d0f0ede3e09a9f81deee9: doc/sgml/oper-guide/config.sgml] 2017-03-25 14:42:32 +00:00			`Oper privileges`
			`===============`

			`These are specified in privset{}.`

			`oper:admin, server administrator`
			`--------------------------------`

			`Various privileges intended for server administrators. Among other`
			`things, this automatically sets umode +a and allows loading modules.`

			`oper:die, die and restart`
			`-------------------------`

			`This grants permission to use DIE and RESTART, shutting down or`
			`restarting the server.`

			`oper:global\_kill, global kill`
			`------------------------------`

			`Allows using KILL on users on any server.`

			`oper:hidden, hide from /stats p`
			`-------------------------------`

			`This privilege currently does nothing, but was designed to hide bots`
			`from /stats p so users will not message them for help.`

			`oper:hidden\_admin, hidden administrator`
			`----------------------------------------`

			`This grants everything granted to the oper:admin privilege, except the`
			`ability to set umode +a. If both oper:admin and oper:hidden\_admin are`
			`possessed, umode +a can still not be used.`

			`oper:kline, kline and dline`
			`---------------------------`

			`Allows using KLINE and DLINE, to ban users by user@host mask or IP`
			`address.`

			`oper:local\_kill, kill local users`
			`----------------------------------`

			`This grants permission to use KILL on users on the same server,`
			`disconnecting them from the network.`

			`oper:mass\_notice, global notices and wallops`
			`---------------------------------------------`

			`Allows using server name ($$mask) and hostname ($#mask) masks in NOTICE`
			`and PRIVMSG to send a message to all matching users, and allows using`
			`the WALLOPS command to send a message to all users with umode +w set.`

			`oper:operwall, send/receive operwall`
			`------------------------------------`

			`Allows using the OPERWALL command and umode +z to send and receive`
			`operwalls.`

			`oper:rehash, rehash`
			`-------------------`

			`Allows using the REHASH command, to rehash various configuration files`
			`or clear certain lists.`

			`oper:remoteban, set remote bans`
			`-------------------------------`

			`This grants the ability to use the ON argument on DLINE/KLINE/XLINE/RESV`
			`and UNDLINE/UNKLINE/UNXLINE/UNRESV to set and unset bans on other`
			`servers, and the server argument on REHASH. This is only allowed if the`
			`oper may perform the action locally, and if the remote server has a`
			`shared{} block.`

			`Note`

			`If a cluster{} block is present, bans are sent remotely even if the`
			`oper does not have oper:remoteban privilege.`

			`oper:resv, channel control`
			`--------------------------`

			`This allows using /resv, /unresv and changing the channel modes +L and`
			`+P.`

			`oper:routing, remote routing`
			`----------------------------`

			`This allows using the third argument of the CONNECT command, to instruct`
			`another server to connect somewhere, and using SQUIT with an argument`
			`that is not locally connected. (In both cases all opers with +w set will`
			`be notified.)`

			`oper:spy, use operspy`
			`---------------------`

			`This allows using /mode !#channel, /whois !nick, /who !#channel,`
			`/chantrace !#channel, /topic !#channel, /who !mask, /masktrace`
			`!user@host :gecos and /scan umodes +modes-modes global list to see`
			`through secret channels, invisible users, etc.`

			`All operspy usage is broadcasted to opers with snomask +Z set (on the`
			`entire network) and optionally logged. If you grant this to anyone, it`
			`is a good idea to establish concrete policies describing what it is to`
			`be used for, and what not.`

			`If operspy\_dont\_care\_user\_info is enabled, /who mask is operspy`
			`also, and /who !mask, /who mask, /masktrace !user@host :gecos and /scan`
			`umodes +modes-modes global list do not generate +Z notices or logs.`

			`oper:unkline, unkline and undline`
			`---------------------------------`

			`Allows using UNKLINE and UNDLINE.`

			`oper:xline, xline and unxline`
			`-----------------------------`

			`Allows using XLINE and UNXLINE, to ban/unban users by realname.`

			`snomask:nick\_changes, see nick changes`
			`---------------------------------------`

			`Allows using snomask +n to see local client nick changes. This is`
			`designed for monitor bots.`