]> jfr.im git - solanum.git/blame - doc/sgml/oper-guide/oprivs.sgml
Pick up remote to oper:routing change.
[solanum.git] / doc / sgml / oper-guide / oprivs.sgml
CommitLineData
212380e3
AC
1 <chapter id="oprivs">
2 <title>Oper privileges</title>
3 <sect1 id="oprivlist">
4 <title>Meanings of oper privileges</title>
5 <para>
5b5e9c89 6 These are specified in privset{}.
212380e3
AC
7 </para>
8 <sect2>
5b5e9c89 9 <title>oper:admin, server administrator</title>
212380e3
AC
10 <para>
11 Various privileges intended for server administrators.
12 Among other things, this automatically sets umode +a and allows
13 loading modules.
14 </para>
15 </sect2>
16 <sect2>
5b5e9c89 17 <title>oper:remoteban, set remote bans</title>
212380e3 18 <para>
a7738ac0
JT
19 This grants the ability to use the ON argument on
20 DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
21 and unset bans on other servers, and the server argument on REHASH.
212380e3
AC
22 This is only allowed if the oper may perform the action locally,
23 and if the remote server has a shared{} block.
24 </para>
25 <note><para>
26 If a cluster{} block is present, bans are sent remotely even
5b5e9c89 27 if the oper does not have oper:remoteban privilege.
212380e3
AC
28 </para></note>
29 </sect2>
30 <sect2>
5b5e9c89 31 <title>oper:local_kill, kill local users</title>
212380e3
AC
32 <para>
33 This grants permission to use KILL on users on the same server,
34 disconnecting them from the network.
35 </para>
36 </sect2>
37 <sect2>
5b5e9c89 38 <title>oper:die, die and restart</title>
212380e3
AC
39 <para>
40 This grants permission to use DIE and RESTART, shutting down
41 or restarting the server.
42 </para>
43 </sect2>
212380e3 44 <sect2>
5b5e9c89 45 <title>oper:rehash, rehash</title>
212380e3
AC
46 <para>
47 Allows using the REHASH command, to rehash various configuration
48 files or clear certain lists.
49 </para>
50 </sect2>
51 <sect2>
5b5e9c89 52 <title>oper:kline, kline and dline</title>
212380e3
AC
53 <para>
54 Allows using KLINE and DLINE, to ban users by user@host mask
55 or IP address.
56 </para>
57 </sect2>
58 <sect2>
5b5e9c89 59 <title>oper:operwall, send/receive operwall</title>
212380e3
AC
60 <para>
61 Allows using the OPERWALL command and umode +z to send and
62 receive operwalls.
63 </para>
153fc4bb
JT
64 </sect2>
65 <sect2>
5b5e9c89 66 <title>oper:mass_notice, global notices and wallops</title>
153fc4bb
JT
67 <para>
68 Allows using server name ($$mask) and hostname ($#mask) masks in
69 NOTICE and PRIVMSG to send a message to all matching users, and
70 allows using the WALLOPS command to send a message to all users
71 with umode +w set.
72 </para>
212380e3
AC
73 </sect2>
74 <sect2>
5b5e9c89 75 <title>snomask:nick_changes, see nick changes</title>
212380e3
AC
76 <para>
77 Allows using snomask +n to see local client nick changes.
78 This is designed for monitor bots.
79 </para>
80 </sect2>
81 <sect2>
5b5e9c89 82 <title>oper:global_kill, global kill</title>
212380e3
AC
83 <para>
84 Allows using KILL on users on any server.
85 </para>
86 </sect2>
87 <sect2>
5b5e9c89 88 <title>oper:hidden, hide from /stats p</title>
212380e3
AC
89 <para>
90 This privilege currently does nothing, but was designed
91 to hide bots from /stats p so users will not message them
92 for help.
93 </para>
94 </sect2>
14f95b6e 95 <sect2>
5b5e9c89 96 <title>oper:resv, channel control</title>
14f95b6e
JT
97 <para>
98 This allows using /resv, /unresv and changing the channel
99 modes +L and +P.
100 </para>
101 </sect2>
212380e3 102 <sect2>
d7703c58 103 <title>oper:routing, remote routing</title>
212380e3
AC
104 <para>
105 This allows using the third argument of the CONNECT command, to
106 instruct another server to connect somewhere, and using SQUIT
107 with an argument that is not locally connected.
108 (In both cases all opers with +w set will be notified.)
109 </para>
110 </sect2>
111 <sect2>
5b5e9c89 112 <title>oper:spy, use operspy</title>
212380e3
AC
113 <para>
114 This allows using /mode !#channel, /whois !nick, /who !#channel,
115 /chantrace !#channel, /who !mask, /masktrace !user@host :gecos
116 and /scan umodes +modes-modes global list to see through secret
117 channels, invisible users, etc.
118 </para>
119 <para>
120 All operspy usage is broadcasted to opers with snomask +Z set
121 (on the entire network) and optionally logged.
122 If you grant this to anyone, it is a good idea to establish
123 concrete policies describing what it is to be used for, and
124 what not.
125 </para>
126 <para>
127 If operspy_dont_care_user_info is enabled, /who mask is operspy
128 also, and /who !mask, /who mask, /masktrace !user@host :gecos
129 and /scan umodes +modes-modes global list do not generate +Z notices
130 or logs.
131 </para>
132 </sect2>
133 <sect2>
5b5e9c89 134 <title>oper:unkline, unkline and undline</title>
212380e3 135 <para>
170703fe 136 Allows using UNKLINE and UNDLINE.
212380e3
AC
137 </para>
138 </sect2>
139 <sect2>
5b5e9c89 140 <title>oper:xline, xline and unxline</title>
212380e3
AC
141 <para>
142 Allows using XLINE and UNXLINE, to ban/unban users by realname.
143 </para>
144 </sect2>
145 <sect2>
5b5e9c89 146 <title>oper:hidden_admin, hidden administrator</title>
212380e3
AC
147 <para>
148 This grants everything granted to the admin privilege,
5b5e9c89 149 except the ability to set umode +a. If both oper:admin and oper:hidden_admin
212380e3
AC
150 are possessed, umode +a can still not be used.
151 </para>
212380e3
AC
152 </sect2>
153 </sect1>
154 </chapter>
155<!-- Keep this comment at the end of the file
156Local variables:
157mode: sgml
158sgml-omittag:t
159sgml-shorttag:t
160sgml-namecase-general:t
161sgml-general-insert-case:lower
162sgml-minimize-attributes:nil
163sgml-always-quote-attributes:t
164sgml-indent-step:2
165sgml-indent-data:t
166sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
167sgml-exposed-tags:nil
168fill-column: 105
169sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
170End:
171-->