Document privsets in the example confs.

This commit is contained in:
Jilles Tjoelker 2008-09-13 00:32:22 +02:00
parent d7703c583e
commit da77b103ef
2 changed files with 68 additions and 17 deletions

View file

@ -186,7 +186,9 @@ auth {
class = "users";
};
/* privsets... XXX document me later */
/* privset {} blocks MUST be specified before anything that uses them. That
* means they must be defined before operator {}.
*/
privset "local_op" {
privs = oper:local_kill, oper:operwall;
};
@ -239,9 +241,8 @@ operator "god" {
*/
snomask = "+Zbfkrsuy";
/* privileges: controls the activities and commands an oper is
* allowed to do on the server. You may prefix an option with ~ to
* disable it, ie ~encrypted.
/* flags: misc options for the operator. You may prefix an option
* with ~ to disable it, e.g. ~encrypted.
*
* Default flags are encrypted.
*
@ -250,10 +251,9 @@ operator "god" {
* encrypted: the password above is encrypted [DEFAULT]
* need_ssl: must be using SSL/TLS to oper up
*/
flags = global_kill, remote, kline, unkline,
die, rehash, admin, xline, operwall;
flags = encrypted;
/* privset: replaces flags */
/* privset: privileges set to grant */
privset = "admin";
};

View file

@ -18,6 +18,9 @@
* that matches a user will be used. So place spoofs first, then specials,
* then general access, then restricted.
*
* privset {} blocks MUST be specified before anything that uses them. That
* means they must be defined before operator {}.
*
* Both shell style (#) and C style comments are supported.
*
* Files may be included by either:
@ -362,10 +365,57 @@ auth {
flags = need_ident;
};
/* operator {}: defines ircd operators. (OLD O:)
* charybdis no longer supports local operators, privileges are
* controlled via flags.
*/
/* privset{}: defines operator privilege sets. */
privset "local_op" {
/* privs: controls the activities and commands an oper is
* allowed to do on the server
*
* Available options:
*
* oper:local_kill: allows local users to be /KILL'd
* oper:global_kill: allows local and remote users to be /KILL'd
* oper:remote: allows remote SQUIT and CONNECT
* oper:kline: allows KLINE and DLINE
* oper:unkline: allows UNKLINE and UNDLINE
* snomask:nick_changes: allows oper to see nickchanges via snomask +n
* oper:rehash: allows oper to REHASH config
* oper:die: allows DIE and RESTART
* oper:admin: gives admin privileges. admins
* may (un)load modules and see various
* additional information.
* oper:hidden_admin: gives admin privileges except
* will not have the admin lines in
* whois.
* oper:xline: allows use of /quote xline/unxline
* oper:resv: allows /quote resv/unresv and cmode +LP
* oper:operwall: allows the oper to send/receive operwalls
* oper:spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* oper:hidden: hides the oper from /stats p
* oper:remoteban: allows remote kline etc
* oper:mass_notice: allows sending wallops and mass notices
*/
privs = oper:local_kill, oper:operwall;
};
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
extends = "local_op";
privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:mass_notice, oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy;
};
/* operator {}: defines ircd operators. (OLD O:) */
operator "god" {
/* name: the name of the oper must go above */
@ -399,19 +449,20 @@ operator "god" {
*/
snomask = "+Zbfkrsuy";
/* privileges: controls the activities and commands an oper is
* allowed to do on the server. You may prefix an option with ~ to
* disable it, ie ~operwall
/* flags: misc options for the operator. You may prefix an option
* with ~ to disable it, e.g. ~encrypted.
*
* Default flags are operwall, remoteban and encrypted.
* Default flags are encrypted.
*
* Available options:
*
* encrypted: the password above is encrypted [DEFAULT]
* need_ssl: must be using SSL/TLS to oper up
*/
flags = global_kill, remote, kline, unkline,
die, rehash, admin, xline, operwall;
flags = encrypted;
/* privset: privileges set to grant */
privset = "admin";
};
/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */