*/
class "users" {
ping_time = 2 minutes;
- number_per_ident = 10;
- number_per_ip = 10;
- number_per_ip_global = 50;
- cidr_bitlen = 64;
- number_per_cidr = 8;
+ number_per_ident = 2;
+ number_per_ip = 3;
+ number_per_ip_global = 5;
+ cidr_ipv4_bitlen = 24;
+ cidr_ipv6_bitlen = 64;
+ number_per_cidr = 4;
max_number = 3000;
sendq = 400 kbytes;
};
* USE WITH CAUTION.
* no_tilde (old - flag) | don't prefix ~ to username if no ident
* need_ident (old + flag) | require ident for user in this class
+ * need_ssl | require SSL/TLS for user in this class
* need_sasl | require SASL id for user in this class
*/
flags = kline_exempt, exceed_limit;
class = "users";
};
-/* privsets... XXX document me later */
+/* privset {} blocks MUST be specified before anything that uses them. That
+ * means they must be defined before operator {}.
+ */
privset "local_op" {
privs = oper:local_kill, oper:operwall;
};
+privset "server_bot" {
+ extends = "local_op";
+ privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+};
+
privset "global_op" {
extends = "local_op";
privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
- oper:resv, oper:mass_notice, oper:remote_ban;
+ oper:resv, oper:mass_notice, oper:remoteban;
};
privset "admin" {
extends = "global_op";
- privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy;
+ privs = oper:admin, oper:die, oper:rehash, oper:spy;
};
operator "god" {
*/
snomask = "+Zbfkrsuy";
- /* privileges: controls the activities and commands an oper is
- * allowed to do on the server. You may prefix an option with ~ to
- * disable it, ie ~operwall
+ /* flags: misc options for the operator. You may prefix an option
+ * with ~ to disable it, e.g. ~encrypted.
*
- * Default flags are operwall, remoteban and encrypted.
+ * Default flags are encrypted.
*
* Available options:
*
* encrypted: the password above is encrypted [DEFAULT]
- * local_kill: allows local users to be /KILL'd
- * global_kill: allows local and remote users to be
- * /KILL'd (OLD 'O' flag)
- * remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
- * kline: allows KLINE and DLINE (OLD 'K' flag)
- * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
- * nick_changes: allows oper to see nickchanges (OLD 'N' flag)
- * via snomask +n
- * rehash: allows oper to REHASH config (OLD 'H' flag)
- * die: allows DIE and RESTART (OLD 'D' flag)
- * admin: gives admin privileges. admins
- * may (un)load modules and see the
- * real IPs of servers.
- * hidden_admin: gives admin privileges except
- * will not have the admin lines in
- * stats p and whois.
- * xline: allows use of /quote xline/unxline
- * resv: allows /quote resv/unresv and cmode +LP [DEFAULT]
- * operwall: allows the oper to send/receive operwalls [DEFAULT]
- * oper_spy: allows 'operspy' features to see through +s
- * channels etc. see /quote help operspy
- * hidden_oper: hides the oper from /stats p (OLD UMODE +p)
- * remoteban: allows remote kline etc [DEFAULT]
- * mass_notice: allows sending wallops and mass notices [DEFAULT]
+ * need_ssl: must be using SSL/TLS to oper up
*/
- flags = global_kill, remote, kline, unkline,
- die, rehash, admin, xline, operwall;
+ flags = encrypted;
- /* privset: replaces flags */
+ /* privset: privileges set to grant */
privset = "admin";
};
projects / irc / rqf / shadowircd.git / blobdiff