ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-10 02:59:01 -04:00
Code Issues Packages Projects Releases Wiki Activity
inspircd/docs/opers.conf.example
danieldg 0c1dff8c8d Document <oper:autologin> 
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12476 e03df62e-2008-0410-955e-edbf42e46eb7
2010-02-16 16:22:53 +00:00

163 lines
8.5 KiB
Plaintext
Raw Blame History

#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Classes are a group of commands which are grouped together and #
# given a unique name. They're used to define which commands #
# are available to certain types of Operators. #
# #
# #
# Note: It is possible to make a class which covers all available #
# commands. To do this, specify commands="*". This is not really #
# recommended, as it negates the whole purpose of the class system, #
# however it is provided for fast configuration (e.g. in test nets) #
# #
<class
name="Shutdown"
# commands: oper commands that users of this class can run.
commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC"
# privs: special privileges that users with this class may utilise.
# VIEWING:
# - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
# - users/auspex: allows opers with this priv to view more details about users than normal users.
# - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
# ACTIONS:
# - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
# - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
# - channels/set-permanent: allows opers with this priv to set +P on channels with m_permchannels.
# PERMISSIONS:
# - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
# - users/flood/increased-buffers: allows opers with this priv to send and recieve data without worrying about being disconnected for exceeding limits (*NOTE)
#
# *NOTE: These privs are potantially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit channels/set-permanent users/flood/no-throttle users/flood/increased-buffers"
# usermodes: Oper-only usermodes that opers with this class can use.
usermodes="*"
# chanmodes: Oper-only channel modes that opers with this class can use.
chanmodes="*">
<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT TAXONOMY" usermodes="*" chanmodes="*" privs="users/auspex">
#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you specify which types of operators you have on #
# your server, as well as the commands they are allowed to use. #
# This works alongside with the classes specified above. #
# #
<type
# name: Name of type. Used in actual olines below.
# Cannot contain spaces. If you would like a space, use
# the _ character instead and it will translate to a space on whois.
name="NetAdmin"
# classes: classes (above blocks) that this type belongs to.
classes="OperChat BanControl HostCloak Shutdown ServerLink"
# vhost: host oper gets on oper-up. This is optional.
vhost="netadmin.omega.org.za"
# modes: usermodes besides +o that are set on a oper of this type
# when they oper up. Used for snomasks and other things.
# Requires that m_opermodes.so be loaded.
modes="+s +cCqQ">
<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za">
#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# Opers are defined here. This is a very important section. #
# Remember to only make operators out of trust worthy people. #
# #
# oline with plain-text password
<oper
# name: oper login that is used to oper up (/oper name password).
# Remember: This is case sensitive
name="Brain"
# password: case-sensitive, unhashed...yea...self-explanatory.
password="s3cret"
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
# You CAN use just * or *@* for this section, but it is not recommended
# for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# ** ADVANCED ** This option is disabled by default.
# fingerprint: When using the m_sslinfo module, you may specify
# a key fingerprint here. This can be obtained by using the /sslinfo
# command while the module is loaded, and is also noticed on connect.
# This enhances security by verifying that the person opering up has
# a matching SSL client certificate, which is very difficult to
# forge (impossible unless preimage attacks on the hash exist).
# If m_sslinfo isn't loaded, this option will be ignored.
#fingerprint="67cb9dc013248a829bb2171ed11becd4"
# autologin: if an SSL fingerprint for this oper is specified, you can
# have the oper block automatically log in. This moves all security of the
# oper block to the protection of the client certificate, so be sure that
# the private key is well-protected! Requires m_sslinfo.
#autologin="on"
# sslonly: This oper can only oper up if they're using a SSL connection.
# Setting this option adds a decent bit of security. Highly recommended
# if the oper is on wifi, or specifically, unsecured wifi. Note that it
# is redundant to specify this option if you specify a fingerprint.
# This setting only takes effect if m_sslinfo is loaded.
#sslonly="yes"
# vhost: overrides the vhost in the type block. Class and modes may also
# be overridden
vhost="brain.netadmin.omega"
# type: What oper type this oline is. See the block above for list
# of types. NOTE: This is case-sensitive as well.
type="NetAdmin">
# oline with plain-text password and no comments..for all who like copy & paste
<oper
name="Brain"
password="s3cret"
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
#fingerprint="67cb9dc013248a829bb2171ed11becd4"
type="NetAdmin">
# oline with hashed password. It is highly recommended to use hashed passwords.
<oper
# name: oper login that is used to oper up (/oper name password).
# Remember: This is case sensitive
name="Brain"
# hash: what hash this password is hashed with. requires the module
# for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
# loaded and the password hashing module (m_password_hash.so)
# loaded. Options here are: "md5", "sha256" and "ripemd160".
# Create hashed password with: /mkpasswd <hash> <password>
hash="sha256"
# password: a hash of your password (see above option) hashed
# with /mkpasswd <hash> <password> . See m_password_hash in modules.conf
# for more information about password hashing.
password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
# host: What hostnames/IP's are allowed to oper up with this oline.
# Multiple options can be separated by spaces and CIDR's are allowed.
# You CAN use just * or *@* for this section, but it is not recommended
# for security reasons.
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
# type: What oper type this oline is. See the block above for list
# of types. NOTE: This is case-sensitive as well.
type="NetAdmin">
Reference in New Issue View Git Blame Copy Permalink