]> jfr.im git - irc/rqf/shadowircd.git/blob - doc/sgml/oper-guide/oprivs.sgml
projects / irc / rqf / shadowircd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove comment referencing LazyLeaf.
[irc/rqf/shadowircd.git] / doc / sgml / oper-guide / oprivs.sgml
1 <chapter id="oprivs">
2 <title>Oper privileges</title>
3 <sect1 id="oprivlist">
4 <title>Meanings of oper privileges</title>
5 <para>
6 These are flags in operator{}.
7 The letter appears after opering up and in /stats o; an uppercase
8 letter means the privilege is possessed, lowercase means it is not.
9 </para>
10 <sect2>
11 <title>admin (A), server administrator</title>
12 <para>
13 Various privileges intended for server administrators.
14 Among other things, this automatically sets umode +a and allows
15 loading modules.
16 </para>
17 </sect2>
18 <sect2>
19 <title>remoteban (B), set remote bans</title>
20 <para>
21 This grants the ability to use the ON argument on
22 DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
23 and unset bans on other servers, and the server argument on REHASH.
24 This is only allowed if the oper may perform the action locally,
25 and if the remote server has a shared{} block.
26 </para>
27 <note><para>
28 If a cluster{} block is present, bans are sent remotely even
29 if the oper does not have remoteban privilege.
30 </para></note>
31 </sect2>
32 <sect2>
33 <title>local_kill (C), kill local users</title>
34 <para>
35 This grants permission to use KILL on users on the same server,
36 disconnecting them from the network.
37 </para>
38 </sect2>
39 <sect2>
40 <title>die (D), die and restart</title>
41 <para>
42 This grants permission to use DIE and RESTART, shutting down
43 or restarting the server.
44 </para>
45 </sect2>
46 <sect2>
47 <title>rehash (H), rehash</title>
48 <para>
49 Allows using the REHASH command, to rehash various configuration
50 files or clear certain lists.
51 </para>
52 </sect2>
53 <sect2>
54 <title>kline (K), kline and dline</title>
55 <para>
56 Allows using KLINE and DLINE, to ban users by user@host mask
57 or IP address.
58 </para>
59 </sect2>
60 <sect2>
61 <title>operwall (L), send/receive operwall</title>
62 <para>
63 Allows using the OPERWALL command and umode +z to send and
64 receive operwalls.
65 </para>
66 </sect2>
67 <sect2>
68 <title>mass_notice (M), global notices and wallops</title>
69 <para>
70 Allows using server name ($$mask) and hostname ($#mask) masks in
71 NOTICE and PRIVMSG to send a message to all matching users, and
72 allows using the WALLOPS command to send a message to all users
73 with umode +w set.
74 </para>
75 </sect2>
76 <sect2>
77 <title>nick_changes (N), see nick changes</title>
78 <para>
79 Allows using snomask +n to see local client nick changes.
80 This is designed for monitor bots.
81 </para>
82 </sect2>
83 <sect2>
84 <title>global_kill (O), global kill</title>
85 <para>
86 Allows using KILL on users on any server.
87 </para>
88 </sect2>
89 <sect2>
90 <title>hidden_oper (P), hide from /stats p</title>
91 <para>
92 This privilege currently does nothing, but was designed
93 to hide bots from /stats p so users will not message them
94 for help.
95 </para>
96 </sect2>
97 <sect2>
98 <title>resv (Q), channel control</title>
99 <para>
100 This allows using /resv, /unresv and changing the channel
101 modes +L and +P.
102 </para>
103 </sect2>
104 <sect2>
105 <title>remote (R), remote routing</title>
106 <para>
107 This allows using the third argument of the CONNECT command, to
108 instruct another server to connect somewhere, and using SQUIT
109 with an argument that is not locally connected.
110 (In both cases all opers with +w set will be notified.)
111 </para>
112 </sect2>
113 <sect2>
114 <title>oper_spy (S), use operspy</title>
115 <para>
116 This allows using /mode !#channel, /whois !nick, /who !#channel,
117 /chantrace !#channel, /who !mask, /masktrace !user@host :gecos
118 and /scan umodes +modes-modes global list to see through secret
119 channels, invisible users, etc.
120 </para>
121 <para>
122 All operspy usage is broadcasted to opers with snomask +Z set
123 (on the entire network) and optionally logged.
124 If you grant this to anyone, it is a good idea to establish
125 concrete policies describing what it is to be used for, and
126 what not.
127 </para>
128 <para>
129 If operspy_dont_care_user_info is enabled, /who mask is operspy
130 also, and /who !mask, /who mask, /masktrace !user@host :gecos
131 and /scan umodes +modes-modes global list do not generate +Z notices
132 or logs.
133 </para>
134 </sect2>
135 <sect2>
136 <title>unkline (U), unkline and undline</title>
137 <para>
138 Allows using UNKLINE and UNDLINE.
139 </para>
140 </sect2>
141 <sect2>
142 <title>xline (X), xline and unxline</title>
143 <para>
144 Allows using XLINE and UNXLINE, to ban/unban users by realname.
145 </para>
146 </sect2>
147 <sect2>
148 <title>hidden_admin, hidden administrator</title>
149 <para>
150 This grants everything granted to the admin privilege,
151 except the ability to set umode +a. If both admin and hidden_admin
152 are possessed, umode +a can still not be used.
153 </para>
154 <note><para>
155 This privilege does not appear in /stats o or oper up notices.
156 </para></note>
157 </sect2>
158 </sect1>
159 </chapter>
160 <!-- Keep this comment at the end of the file
161 Local variables:
162 mode: sgml
163 sgml-omittag:t
164 sgml-shorttag:t
165 sgml-namecase-general:t
166 sgml-general-insert-case:lower
167 sgml-minimize-attributes:nil
168 sgml-always-quote-attributes:t
169 sgml-indent-step:2
170 sgml-indent-data:t
171 sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
172 sgml-exposed-tags:nil
173 fill-column: 105
174 sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
175 End:
176 -->
Unnamed repository; edit this file 'description' to name the repository.