Document privsets in the example confs.

This commit is contained in:
Jilles Tjoelker 2008-09-13 00:32:22 +02:00
parent d7703c583e
commit da77b103ef
2 changed files with 68 additions and 17 deletions

View file

@ -186,7 +186,9 @@ auth {
class = "users"; class = "users";
}; };
/* privsets... XXX document me later */ /* privset {} blocks MUST be specified before anything that uses them. That
* means they must be defined before operator {}.
*/
privset "local_op" { privset "local_op" {
privs = oper:local_kill, oper:operwall; privs = oper:local_kill, oper:operwall;
}; };
@ -239,9 +241,8 @@ operator "god" {
*/ */
snomask = "+Zbfkrsuy"; snomask = "+Zbfkrsuy";
/* privileges: controls the activities and commands an oper is /* flags: misc options for the operator. You may prefix an option
* allowed to do on the server. You may prefix an option with ~ to * with ~ to disable it, e.g. ~encrypted.
* disable it, ie ~encrypted.
* *
* Default flags are encrypted. * Default flags are encrypted.
* *
@ -250,10 +251,9 @@ operator "god" {
* encrypted: the password above is encrypted [DEFAULT] * encrypted: the password above is encrypted [DEFAULT]
* need_ssl: must be using SSL/TLS to oper up * need_ssl: must be using SSL/TLS to oper up
*/ */
flags = global_kill, remote, kline, unkline, flags = encrypted;
die, rehash, admin, xline, operwall;
/* privset: replaces flags */ /* privset: privileges set to grant */
privset = "admin"; privset = "admin";
}; };

View file

@ -18,6 +18,9 @@
* that matches a user will be used. So place spoofs first, then specials, * that matches a user will be used. So place spoofs first, then specials,
* then general access, then restricted. * then general access, then restricted.
* *
* privset {} blocks MUST be specified before anything that uses them. That
* means they must be defined before operator {}.
*
* Both shell style (#) and C style comments are supported. * Both shell style (#) and C style comments are supported.
* *
* Files may be included by either: * Files may be included by either:
@ -362,10 +365,57 @@ auth {
flags = need_ident; flags = need_ident;
}; };
/* operator {}: defines ircd operators. (OLD O:) /* privset{}: defines operator privilege sets. */
* charybdis no longer supports local operators, privileges are privset "local_op" {
* controlled via flags. /* privs: controls the activities and commands an oper is
* allowed to do on the server
*
* Available options:
*
* oper:local_kill: allows local users to be /KILL'd
* oper:global_kill: allows local and remote users to be /KILL'd
* oper:remote: allows remote SQUIT and CONNECT
* oper:kline: allows KLINE and DLINE
* oper:unkline: allows UNKLINE and UNDLINE
* snomask:nick_changes: allows oper to see nickchanges via snomask +n
* oper:rehash: allows oper to REHASH config
* oper:die: allows DIE and RESTART
* oper:admin: gives admin privileges. admins
* may (un)load modules and see various
* additional information.
* oper:hidden_admin: gives admin privileges except
* will not have the admin lines in
* whois.
* oper:xline: allows use of /quote xline/unxline
* oper:resv: allows /quote resv/unresv and cmode +LP
* oper:operwall: allows the oper to send/receive operwalls
* oper:spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* oper:hidden: hides the oper from /stats p
* oper:remoteban: allows remote kline etc
* oper:mass_notice: allows sending wallops and mass notices
*/ */
privs = oper:local_kill, oper:operwall;
};
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
extends = "local_op";
privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:mass_notice, oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy;
};
/* operator {}: defines ircd operators. (OLD O:) */
operator "god" { operator "god" {
/* name: the name of the oper must go above */ /* name: the name of the oper must go above */
@ -399,19 +449,20 @@ operator "god" {
*/ */
snomask = "+Zbfkrsuy"; snomask = "+Zbfkrsuy";
/* privileges: controls the activities and commands an oper is /* flags: misc options for the operator. You may prefix an option
* allowed to do on the server. You may prefix an option with ~ to * with ~ to disable it, e.g. ~encrypted.
* disable it, ie ~operwall
* *
* Default flags are operwall, remoteban and encrypted. * Default flags are encrypted.
* *
* Available options: * Available options:
* *
* encrypted: the password above is encrypted [DEFAULT] * encrypted: the password above is encrypted [DEFAULT]
* need_ssl: must be using SSL/TLS to oper up * need_ssl: must be using SSL/TLS to oper up
*/ */
flags = global_kill, remote, kline, unkline, flags = encrypted;
die, rehash, admin, xline, operwall;
/* privset: privileges set to grant */
privset = "admin";
}; };
/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */