#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#

1. #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
2. # #
3. # Classes are a group of commands which are grouped together and #
4. # given a unique name. They're used to define which commands #
5. # are available to certain types of Operators. #
6. # #
7. # #
8. # Note: It is possible to make a class which covers all available #
9. # commands. To do this, specify commands="*". This is not really #
10. # recommended, as it negates the whole purpose of the class system, #
11. # however it is provided for fast configuration (e.g. in test nets). #
12. # #
13.  
14. <class
15. name="Shutdown"
16.  
17. # commands: Oper-only commands that opers of this class can run.
18. commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GUNLOADMODULE GRELOADMODULE"
19.  
20. # privs: Special privileges that users with this class may utilise.
21. # VIEWING:
22. # - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
23. # - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
24. # - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
25. # ACTIONS:
26. # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
27. # - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
28. # PERMISSIONS:
29. # - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
30. # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
31. # - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
32. #
33. # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
34. privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers"
35.  
36. # usermodes: Oper-only usermodes that opers with this class can use.
37. usermodes="*"
38.  
39. # chanmodes: Oper-only channel modes that opers with this class can use.
40. chanmodes="*">
41.  
42. <class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE">
43. <class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
44. <class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
45. <class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
46. <class name="HostCloak" commands="SETHOST SETIDENT CHGNAME CHGHOST CHGIDENT SETIDLE" usermodes="*" chanmodes="*" privs="users/auspex">
47.  
48.  
49. #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
50. # #
51. # This is where you specify which types of operators you have on #
52. # your server, as well as the commands they are allowed to use. #
53. # This works alongside with the classes specified above. #
54. # #
55.  
56. <type
57. # name: Name of type. Used in actual server operator accounts below.
58. # Cannot contain spaces. If you would like a space, use
59. # the _ character instead and it will translate to a space on whois.
60. name="NetAdmin"
61.  
62. # classes: Classes (blocks above) that this type belongs to.
63. classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
64.  
65. # vhost: Host opers of this type get when they log in (oper up). This is optional.
66. vhost="netadmin.ChatTeste.org"
67.  
68. # modes: User modes besides +o that are set on an oper of this type
69. # when they oper up. Used for snomasks and other things.
70. # Requires that m_opermodes.so be loaded.
71. modes="+s +cCqQ">
72.  
73. <type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.example.org">
74. <type name="Helper" classes="HostCloak" vhost="helper.omega.example.org">
75.  
76.  
77. #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
78. # #
79. # Opers are defined here. This is a very important section. #
80. # Remember to only make operators out of trustworthy people. #
81. # #
82.  
83. # Operator account with a plain-text password.
84. <oper
85. # name: Oper login that is used to oper up (/oper name password).
86. # Remember: This is case sensitive.
87. name="marcelo"
88.  
89. # password: Case-sensitive, unhashed (plaintext).
90. password="f41bbf4ea1e9d7e06ccd8e0e2cf005ec865fb6386f966ebb23b16efe98054243"
91.  
92. # host: What hostnames and IPs are allowed to use this operator account.
93. # Multiple options can be separated by spaces and CIDRs are allowed.
94. # You can use just * or *@* for this section, but it is not recommended
95. # for security reasons.
96. host="IrcOP@Chateste.org *@2001:db8::/32"
97.  
98. # ** ADVANCED ** This option is disabled by default.
99. # fingerprint: When using the m_sslinfo module, you may specify
100. # a key fingerprint here. This can be obtained by using the /sslinfo
101. # command while the module is loaded, and is also noticed on connect.
102. # This enhances security by verifying that the person opering up has
103. # a matching SSL client certificate, which is very difficult to
104. # forge (impossible unless preimage attacks on the hash exist).
105. # If m_sslinfo isn't loaded, this option will be ignored.
106. #fingerprint="67cb9dc013248a829bb2171ed11becd4"
107.  
108. # autologin: If an SSL fingerprint for this oper is specified, you can
109. # have the oper block automatically log in. This moves all security of the
110. # oper block to the protection of the client certificate, so be sure that
111. # the private key is well-protected! Requires m_sslinfo.
112. #autologin="on"
113.  
114. # sslonly: If on, this oper can only oper up if they're using a SSL connection.
115. # Setting this option adds a decent bit of security. Highly recommended
116. # if the oper is on wifi, or specifically, unsecured wifi. Note that it
117. # is redundant to specify this option if you specify a fingerprint.
118. # This setting only takes effect if m_sslinfo is loaded.
119. #sslonly="yes"
120.  
121. # vhost: Overrides the vhost in the type block. Class and modes may also
122. # be overridden.
123. vhost="attila.example.org"
124.  
125. # type: Which type of operator this person is; see the block
126. # above for the list of types. NOTE: This is case-sensitive as well.
127. type="NetAdmin">
128.  
129. # Operator with a plaintext password and no comments, for easy copy & paste.
130. <oper
131. name="maribraga"
132. password="sha256"
133. host="brain@dialup15.isp.com *@localhost *@example.com *@2001:db8::/32"
134. #fingerprint="67cb9dc013248a829bb2171ed11becd4"
135. type="NetAdmin">
136.  
137. # Operator with a hashed password. It is highly recommended to use hashed passwords.
138. <oper
139. # name: Oper login that is used to oper up (/oper name password).
140. # Remember: This is case sensitive.
141. name="marcelo2"
142.  
143. # hash: What hash this password is hashed with.
144. # Requires the module for selected hash (m_md5.so, m_sha256.so
145. # or m_ripemd160.so) be loaded and the password hashing module
146. # (m_password_hash.so) loaded.
147. # Options here are: "md5", "sha256" and "ripemd160", or one of
148. # these prefixed with "hmac-", e.g.: "hmac-sha256".
149. # Create hashed passwords with: /mkpasswd <hash> <password>
150. hash="hmac-sha256"
151.  
152. # password: A hash of the password (see above option) hashed
153. # with /mkpasswd <hash> <password>. See m_password_hash in modules.conf
154. # for more information about password hashing.
155. password="PkMQz5sz$NCSFIZmoVOMP/jRfrgX8+Z6ggef3iydol0LsxrYxY4o"
156.  
157. # host: What hostnames and IPs are allowed to use this operator account.
158. # Multiple options can be separated by spaces and CIDRs are allowed.
159. # You can use just * or *@* for this section, but it is not recommended
160. # for security reasons.
161. host="*@127.0.0.1 *@192.0.2.40 *@198.51.100.4"
162.  
163. # type: Which type of operator this person is; see the block
164. # above for the list of types. NOTE: This is case-sensitive as well.
165. type="Helper">