| 1 |
Fine grained operator privileges |
| 2 |
-------------------------------- |
| 3 |
|
| 4 |
Terminology: |
| 5 |
|
| 6 |
IRCop |
| 7 |
user with user mode +o, usually obtained with /oper |
| 8 |
users whose operator status is indicated by a different user mode |
| 9 |
than +o, or whose user mode +o is not propagated to other servers, |
| 10 |
are not IRCops from atheme's point of view |
| 11 |
operclass |
| 12 |
group of privileges defined in an operclass{} block in atheme.conf |
| 13 |
config services operator |
| 14 |
user logged into an account named in an operator{} block in |
| 15 |
atheme.conf |
| 16 |
services operator |
| 17 |
user logged into an account named in an operator{} block in |
| 18 |
atheme.conf or an account granted privileges with /os soper |
| 19 |
|
| 20 |
Note that an account cannot have both an operator{} block and privileges |
| 21 |
granted with /os soper. If this happens, the privileges from /os soper |
| 22 |
will be discarded. |
| 23 |
|
| 24 |
A few privileges are granted independently of operclasses: |
| 25 |
|
| 26 |
To all IRCops and services operators (has_any_priv()): |
| 27 |
more detailed "not authorized" messages telling which priv they are |
| 28 |
missing, ability to use /os help |
| 29 |
|
| 30 |
To all config services operators: |
| 31 |
account does not expire (unlike HOLD, registered channels do); |
| 32 |
this is to avoid someone else registering the account and taking |
| 33 |
the privs |
| 34 |
|
| 35 |
To all services operators: |
| 36 |
operations like drop, sendpass and return are restricted |
| 37 |
|
| 38 |
All IRCops get the privileges in the "ircop" operclass. Services operators |
| 39 |
get the privileges in the operclass in their operator{} block or the |
| 40 |
operclass set with /os soper. However, if the operclass has the needoper |
| 41 |
flag set, privileges are only granted to IRC users if they are IRCops. If |
| 42 |
both conditions apply, the union of the privileges is granted. |
| 43 |
|
| 44 |
The OperServ SPECS command shows the privileges granted to an online user |
| 45 |
or operclass, in a somewhat wordy format. /stats o and SOPER LIST show all |
| 46 |
services operators. SOPER LISTCLASS shows all operclasses. |
| 47 |
|
| 48 |
Description of the privileges in operclasses: |
| 49 |
|
| 50 |
special:ircop |
| 51 |
bound to AC_IRCOP, if you still have modules using that |
| 52 |
|
| 53 |
user:auspex |
| 54 |
see the invisible about user registrations, |
| 55 |
ns/us info/list mainly |
| 56 |
also allows searching information about online users, |
| 57 |
os rnc/rmatch/rwatch |
| 58 |
user:admin |
| 59 |
administer users |
| 60 |
user:sendpass |
| 61 |
send user passwords to their email addresses |
| 62 |
user:vhost |
| 63 |
set vhosts |
| 64 |
user:fregister |
| 65 |
use /ns fregister (contrib module) to register accounts on behalf of |
| 66 |
someone else |
| 67 |
|
| 68 |
chan:auspex |
| 69 |
see the invisible about channels and channel registrations, |
| 70 |
cs info/list/flags, ns/us listchans, os compare mainly |
| 71 |
chan:admin |
| 72 |
administer channels |
| 73 |
chan:cmodes |
| 74 |
change oper-only cmodes in mode locks (but only on own channels) |
| 75 |
chan:joinstaffonly |
| 76 |
join channels set staffonly |
| 77 |
|
| 78 |
user:mark |
| 79 |
use ns/us/cs mark and override marks |
| 80 |
user:hold |
| 81 |
use ns/us/cs hold to prevent things from expiring |
| 82 |
user:regnolimit |
| 83 |
exempt from limits on numbers of registrations (does not work |
| 84 |
fully if set on the ircop operclass) |
| 85 |
|
| 86 |
general:auspex |
| 87 |
see general information about services: most privileged /stats, |
| 88 |
/trace, /os modinspect, /os modlist, /os uptime |
| 89 |
the idea is that this does not violate user privacy |
| 90 |
general:viewprivs |
| 91 |
see all operator{} blocks, see the privs users and operclasses have: |
| 92 |
/stats o, /os specs |
| 93 |
general:flood |
| 94 |
exempt from services flood control (general::flood* in atheme.conf) |
| 95 |
general:metadata |
| 96 |
mess with private metadata (but only on own accounts and channels) |
| 97 |
general:admin |
| 98 |
restart/shutdown/rehash services, load modules, use raw/inject (if |
| 99 |
globally allowed in atheme.conf), resetpass/sendpass on accounts |
| 100 |
with operator{} blocks |
| 101 |
|
| 102 |
operserv:omode |
| 103 |
use /os mode |
| 104 |
operserv:akill |
| 105 |
use /os akill and /stats k |
| 106 |
operserv:massakill |
| 107 |
do mass kills and akills on channels and regular expressions |
| 108 |
os clearchan/rakill/rwatch |
| 109 |
this also needs chan:admin or user:auspex depending on the command |
| 110 |
operserv:jupe |
| 111 |
use /os jupe |
| 112 |
operserv:noop |
| 113 |
use /os noop |
| 114 |
operserv:global |
| 115 |
send global notices |
| 116 |
operserv:grant |
| 117 |
use /os soper add/del |
