Update SGML docs for need_ssl and new oper priv system.

This commit is contained in:
Jilles Tjoelker 2008-09-09 23:32:19 +02:00
parent 10847f65d3
commit 5b5e9c89ea
2 changed files with 77 additions and 33 deletions

View file

@ -410,6 +410,12 @@ auth {
<para>Users in this auth{} block must have identd, otherwise they will be rejected.</para> <para>Users in this auth{} block must have identd, otherwise they will be rejected.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>need_ssl</term>
<listitem>
<para>Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>need_sasl</term> <term>need_sasl</term>
<listitem> <listitem>
@ -442,6 +448,33 @@ exempt {
</varlistentry> </varlistentry>
</variablelist> </variablelist>
</sect2> </sect2>
<sect2>
<title>privset {} block</title>
<synopsis>
privset {
extends = "<replaceable>name</replaceable>";
privs = <replaceable>list</replaceable>;
};</synopsis>
<para>
A privset (privilege set) block specifies a set of
operator privileges.
</para>
<variablelist>
<title>privset {} variables</title>
<varlistentry>
<term>extends</term>
<listitem>
<para>An optional privset to inherit. The new privset will have all privileges that the given privset has.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>privs</term>
<listitem>
<para>Privileges to grant to this privset. These are described in the operator privileges section.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2> <sect2>
<title>operator {} block</title> <title>operator {} block</title>
<synopsis> <synopsis>
@ -510,19 +543,35 @@ operator "<replaceable>name</replaceable>" {
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>flags</term> <term>privset</term>
<listitem> <listitem>
<para> <para>
A listing of privileges granted to operators using this block. The privilege set granted to successfully opered clients.
By default, the mass_notice, operwall, remoteban and resv privileges are granted; This must be defined before this operator{} block.
use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
</para>
<para>
In addition, a flag designating if the password is encrypted is here.
Privileges are documented elsewhere in this guide.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>flags</term>
<listitem>
<para>A list of flags to apply to this operator{} block. They are listed below.</para>
</listitem>
</varlistentry>
</variablelist>
<variablelist>
<title>operator {} flags</title>
<varlistentry>
<term>encrypted</term>
<listitem>
<para>The password used has been encrypted. This is enabled by default, use ~encrypted to disable it.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>need_ssl</term>
<listitem>
<para>Restricts use of this operator{} block to SSL/TLS connections only.</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</sect2> </sect2>
<sect2> <sect2>

View file

@ -3,12 +3,10 @@
<sect1 id="oprivlist"> <sect1 id="oprivlist">
<title>Meanings of oper privileges</title> <title>Meanings of oper privileges</title>
<para> <para>
These are flags in operator{}. These are specified in privset{}.
The letter appears after opering up and in /stats o; an uppercase
letter means the privilege is possessed, lowercase means it is not.
</para> </para>
<sect2> <sect2>
<title>admin (A), server administrator</title> <title>oper:admin, server administrator</title>
<para> <para>
Various privileges intended for server administrators. Various privileges intended for server administrators.
Among other things, this automatically sets umode +a and allows Among other things, this automatically sets umode +a and allows
@ -16,7 +14,7 @@
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>remoteban (B), set remote bans</title> <title>oper:remoteban, set remote bans</title>
<para> <para>
This grants the ability to use the ON argument on This grants the ability to use the ON argument on
DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
@ -26,46 +24,46 @@
</para> </para>
<note><para> <note><para>
If a cluster{} block is present, bans are sent remotely even If a cluster{} block is present, bans are sent remotely even
if the oper does not have remoteban privilege. if the oper does not have oper:remoteban privilege.
</para></note> </para></note>
</sect2> </sect2>
<sect2> <sect2>
<title>local_kill (C), kill local users</title> <title>oper:local_kill, kill local users</title>
<para> <para>
This grants permission to use KILL on users on the same server, This grants permission to use KILL on users on the same server,
disconnecting them from the network. disconnecting them from the network.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>die (D), die and restart</title> <title>oper:die, die and restart</title>
<para> <para>
This grants permission to use DIE and RESTART, shutting down This grants permission to use DIE and RESTART, shutting down
or restarting the server. or restarting the server.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>rehash (H), rehash</title> <title>oper:rehash, rehash</title>
<para> <para>
Allows using the REHASH command, to rehash various configuration Allows using the REHASH command, to rehash various configuration
files or clear certain lists. files or clear certain lists.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>kline (K), kline and dline</title> <title>oper:kline, kline and dline</title>
<para> <para>
Allows using KLINE and DLINE, to ban users by user@host mask Allows using KLINE and DLINE, to ban users by user@host mask
or IP address. or IP address.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>operwall (L), send/receive operwall</title> <title>oper:operwall, send/receive operwall</title>
<para> <para>
Allows using the OPERWALL command and umode +z to send and Allows using the OPERWALL command and umode +z to send and
receive operwalls. receive operwalls.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>mass_notice (M), global notices and wallops</title> <title>oper:mass_notice, global notices and wallops</title>
<para> <para>
Allows using server name ($$mask) and hostname ($#mask) masks in Allows using server name ($$mask) and hostname ($#mask) masks in
NOTICE and PRIVMSG to send a message to all matching users, and NOTICE and PRIVMSG to send a message to all matching users, and
@ -74,20 +72,20 @@
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>nick_changes (N), see nick changes</title> <title>snomask:nick_changes, see nick changes</title>
<para> <para>
Allows using snomask +n to see local client nick changes. Allows using snomask +n to see local client nick changes.
This is designed for monitor bots. This is designed for monitor bots.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>global_kill (O), global kill</title> <title>oper:global_kill, global kill</title>
<para> <para>
Allows using KILL on users on any server. Allows using KILL on users on any server.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>hidden_oper (P), hide from /stats p</title> <title>oper:hidden, hide from /stats p</title>
<para> <para>
This privilege currently does nothing, but was designed This privilege currently does nothing, but was designed
to hide bots from /stats p so users will not message them to hide bots from /stats p so users will not message them
@ -95,14 +93,14 @@
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>resv (Q), channel control</title> <title>oper:resv, channel control</title>
<para> <para>
This allows using /resv, /unresv and changing the channel This allows using /resv, /unresv and changing the channel
modes +L and +P. modes +L and +P.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>remote (R), remote routing</title> <title>oper:remote, remote routing</title>
<para> <para>
This allows using the third argument of the CONNECT command, to This allows using the third argument of the CONNECT command, to
instruct another server to connect somewhere, and using SQUIT instruct another server to connect somewhere, and using SQUIT
@ -111,7 +109,7 @@
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>oper_spy (S), use operspy</title> <title>oper:spy, use operspy</title>
<para> <para>
This allows using /mode !#channel, /whois !nick, /who !#channel, This allows using /mode !#channel, /whois !nick, /who !#channel,
/chantrace !#channel, /who !mask, /masktrace !user@host :gecos /chantrace !#channel, /who !mask, /masktrace !user@host :gecos
@ -133,27 +131,24 @@
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>unkline (U), unkline and undline</title> <title>oper:unkline, unkline and undline</title>
<para> <para>
Allows using UNKLINE and UNDLINE. Allows using UNKLINE and UNDLINE.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>xline (X), xline and unxline</title> <title>oper:xline, xline and unxline</title>
<para> <para>
Allows using XLINE and UNXLINE, to ban/unban users by realname. Allows using XLINE and UNXLINE, to ban/unban users by realname.
</para> </para>
</sect2> </sect2>
<sect2> <sect2>
<title>hidden_admin, hidden administrator</title> <title>oper:hidden_admin, hidden administrator</title>
<para> <para>
This grants everything granted to the admin privilege, This grants everything granted to the admin privilege,
except the ability to set umode +a. If both admin and hidden_admin except the ability to set umode +a. If both oper:admin and oper:hidden_admin
are possessed, umode +a can still not be used. are possessed, umode +a can still not be used.
</para> </para>
<note><para>
This privilege does not appear in /stats o or oper up notices.
</para></note>
</sect2> </sect2>
</sect1> </sect1>
</chapter> </chapter>