1 |
Fine grained operator privileges |
2 |
-------------------------------- |
3 |
|
4 |
Terminology: |
5 |
|
6 |
IRCop |
7 |
user with user mode +o, usually obtained with /oper |
8 |
users whose operator status is indicated by a different user mode |
9 |
than +o, or whose user mode +o is not propagated to other servers, |
10 |
are not IRCops from atheme's point of view |
11 |
operclass |
12 |
group of privileges defined in an operclass{} block in atheme.conf |
13 |
config services operator |
14 |
user logged into an account named in an operator{} block in |
15 |
atheme.conf |
16 |
services operator |
17 |
user logged into an account named in an operator{} block in |
18 |
atheme.conf or an account granted privileges with /os soper |
19 |
|
20 |
Note that an account cannot have both an operator{} block and privileges |
21 |
granted with /os soper. If this happens, the privileges from /os soper |
22 |
will be discarded. |
23 |
|
24 |
A few privileges are granted independently of operclasses: |
25 |
|
26 |
To all IRCops and services operators (has_any_priv()): |
27 |
more detailed "not authorized" messages telling which priv they are |
28 |
missing, ability to use /os help |
29 |
|
30 |
To all config services operators: |
31 |
account does not expire (unlike HOLD, registered channels do); |
32 |
this is to avoid someone else registering the account and taking |
33 |
the privs |
34 |
|
35 |
To all services operators: |
36 |
operations like drop, sendpass and return are restricted |
37 |
|
38 |
All IRCops get the privileges in the "ircop" operclass. Services operators |
39 |
get the privileges in the operclass in their operator{} block or the |
40 |
operclass set with /os soper. However, if the operclass has the needoper |
41 |
flag set, privileges are only granted to IRC users if they are IRCops. If |
42 |
both conditions apply, the union of the privileges is granted. |
43 |
|
44 |
The OperServ SPECS command shows the privileges granted to an online user |
45 |
or operclass, in a somewhat wordy format. /stats o and SOPER LIST show all |
46 |
services operators. SOPER LISTCLASS shows all operclasses. |
47 |
|
48 |
Description of the privileges in operclasses: |
49 |
|
50 |
special:ircop |
51 |
bound to AC_IRCOP, if you still have modules using that |
52 |
|
53 |
user:auspex |
54 |
see the invisible about user registrations, |
55 |
ns/us info/list mainly |
56 |
also allows searching information about online users, |
57 |
os rnc/rmatch/rwatch |
58 |
user:admin |
59 |
administer users |
60 |
user:sendpass |
61 |
send user passwords to their email addresses |
62 |
user:vhost |
63 |
set vhosts |
64 |
user:fregister |
65 |
use /ns fregister (contrib module) to register accounts on behalf of |
66 |
someone else |
67 |
|
68 |
chan:auspex |
69 |
see the invisible about channels and channel registrations, |
70 |
cs info/list/flags, ns/us listchans, os compare mainly |
71 |
chan:admin |
72 |
administer channels |
73 |
chan:cmodes |
74 |
change oper-only cmodes in mode locks (but only on own channels) |
75 |
chan:joinstaffonly |
76 |
join channels set staffonly |
77 |
|
78 |
user:mark |
79 |
use ns/us/cs mark and override marks |
80 |
user:hold |
81 |
use ns/us/cs hold to prevent things from expiring |
82 |
user:regnolimit |
83 |
exempt from limits on numbers of registrations (does not work |
84 |
fully if set on the ircop operclass) |
85 |
|
86 |
general:auspex |
87 |
see general information about services: most privileged /stats, |
88 |
/trace, /os modinspect, /os modlist, /os uptime |
89 |
the idea is that this does not violate user privacy |
90 |
general:viewprivs |
91 |
see all operator{} blocks, see the privs users and operclasses have: |
92 |
/stats o, /os specs |
93 |
general:flood |
94 |
exempt from services flood control (general::flood* in atheme.conf) |
95 |
general:metadata |
96 |
mess with private metadata (but only on own accounts and channels) |
97 |
general:admin |
98 |
restart/shutdown/rehash services, load modules, use raw/inject (if |
99 |
globally allowed in atheme.conf), resetpass/sendpass on accounts |
100 |
with operator{} blocks |
101 |
|
102 |
operserv:omode |
103 |
use /os mode |
104 |
operserv:akill |
105 |
use /os akill and /stats k |
106 |
operserv:massakill |
107 |
do mass kills and akills on channels and regular expressions |
108 |
os clearchan/rakill/rwatch |
109 |
this also needs chan:admin or user:auspex depending on the command |
110 |
operserv:jupe |
111 |
use /os jupe |
112 |
operserv:noop |
113 |
use /os noop |
114 |
operserv:global |
115 |
send global notices |
116 |
operserv:grant |
117 |
use /os soper add/del |