Tip of the day: If you don't want to receive private messages, set user mode +D. You can also force it on all users.Or, if you only want to allow private messages from people who are identified to Services then set |
Operclass permissions
Jump to navigation
Jump to search
This page shows the permissions that can be used in the Operclass block (in operclass::permissions, the new name since UnrealIRCd 4.2.1). Refer to that article for more information.
Catagories
Since UnrealIRCd 4.2.1 permissions are carefully grouped in the following catagories:
| Permission category | Description | Example commands and actions that are affected |
|---|---|---|
| chat | IRCOp chatting functions (communication) | GLOBOPS, LOCOPS, WALLOPS, local and global notices
|
| client | Commands that affect other clients | client:see: USERIP, TRACEclient:set: |
| immune | Server settings that the IRCOp is immune to | Jointhrottle, flooding, banned nicks, spamfilter, .. |
| kill | The ability to kill users | KILL
|
| channel | Channel information and settings that the IRCOp can view or override/bypass, including OperOverride. | channel:see: Seeing secret channels in /LIST and /WHOIS, allowing /WHO while not in channel, ..channel:override: Kicking, mode changing etc. when not having chanops (+o) |
| route | Managing routing | SQUIT, CONNECT
|
| sacmd | The SAxxxx commands. | SAJOIN, SAPART, SAMODE
|
| self | Options that an IRCOp can set on itself | SETHOST, SETIDENT, receive bad dcc's, set special IRCOp user modes
|
| server | Managing or viewing server settings | Rehash, restart, tsctl, .. |
| server-ban | Managing server bans (tkl) | KLINE, GLINE, ZLINE, SPAMFILTER
|
| services | Services-specific restrictions to bypass | Currently only servicebots killing or deoping (eg: -o ChanServ) |
Detailed permissions
Below is the explanation of all the permissions that are available in UnrealIRCd.
In the table, to the left of each item, there are the letters L G A S N which show you whether the privilege is included in the operclass.default.conf operclasses: Locop, Globop, Admin, Services-admin and Netadmin.
chat
IRCOp chatting functions (communication)
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | chat:globops | Can use /GLOBOPS to chat with other IRCOps.
|
| L | G | A | S | N | chat:locops | Can use /LOCOPS to chat with other IRCOps.
|
| L | G | A | S | N | chat:notice:global | Can send notices to all global users, with /NOTICE $* Message
|
| L | G | A | S | N | chat:notice:local | Can send notices to all local users, with /NOTICE $servername Message
|
| L | G | A | S | N | chat:wallops | Can send notices to wallops, via /WALLOPS
|
client
Commands that affect other clients (see also banning and killing, which are separate catagories).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | client:see:ip | Can use the /USERIP command.
|
| L | G | A | S | N | client:see:trace | Can use /TRACE.
|
| L | G | A | S | N | client:see:trace:global | Can use /TRACE globally.
|
| L | G | A | S | N | client:see:trace:invisible-users | Show invisible users in /TRACE.
|
| L | G | A | S | N | client:see:trace:local | Can use /TRACE locally.
|
| G | A | S | N | client:set:host | Can use /CHGHOST to change the host of a user.
| |
| G | A | S | N | client:set:ident | Can use /CHGIDENT to change the ident of a user.
| |
| G | A | S | N | client:set:reputation | Can use /REPUTATION nick|ip value to change the reputation of a user / users IP.
| |
| G | A | S | N | client:set:name | Can use /CHGNAME to change the realname (gecos) of a user.
| |
| G | A | S | N | client:override:message:regonlymsg | Can bypass user mode +R (only receive messages from registered users) | |
| G | A | S | N | client:override:message:secureonlymsg | Can bypass user mode +Z (only receive messages from SSL/TLS users) |
immune
Server settings and restrictions that the IRCOp is immune to (can bypass). Note that all channel policy settings are under channel instead.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | immune:anti-spam-quit-message-time | Bypass set::anti-spam-quit-message-time. |
| L | G | A | S | N | immune:away-flood | Bypass set::anti-flood::away-flood. |
| L | G | A | S | N | immune:join-flood | Bypass set::anti-flood::join-flood. |
| L | G | A | S | N | immune:lag | Disable fake lag so the user can send commands (flood) at full speed. |
| L | G | A | S | N | immune:max-concurrent-conversations | Bypass set::anti-flood::max-concurrent-conversations. |
| L | G | A | S | N | immune:maxchannelsperuser | Bypass set::maxchannelsperuser. |
| L | G | A | S | N | immune:nick-flood | Bypass set::anti-flood::nick-flood. |
| L | G | A | S | N | immune:restrict-extendedbans | Bypass set::restrict-extendedbans. |
| L | G | A | S | N | immune:restrict-usermodes | Bypass set::restrict-usermodes |
| L | G | A | S | N | immune:server-ban:ban-nick | Bypass banned nicks (qlines). |
| L | G | A | S | N | immune:server-ban:ban-realname | Bypass realname bans |
| L | G | A | S | N | immune:server-ban:deny-channel | Bypass deny channel restrictions. |
| L | G | A | S | N | immune:server-ban:shun | /SHUN is not effective on this user. |
| L | G | A | S | N | immune:server-ban:spamfilter | Spamfilter will not affect this user. |
| L | G | A | S | N | immune:server-ban:viruschan | The 'viruschan' action restrictions are not imposed on this user. |
| L | G | A | S | N | immune:target-flood | set::anti-flood::everyone::target-flood limits do not apply to this user. |
kill
This group grants the ability to kill users.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G | A | S | N | kill:global | Permit to /KILL global users.
| |
| L | G | A | S | N | kill:local | Permit to /KILL local users.
|
channel
Information and settings regarding channels that the IRCOp can bypass/override. There's also a specific sub-section channel:see that only affects bypassing "viewing restrictions" (such as seeing secret channels).
IMPORTANT: The channel:override privileges are about OperOverride. Some of these require an IRCOp to INVITE themselves and then they can JOIN to bypass. The items in the LGASN rows marked with an asterisk (*) because these are granted only to globop-with-override, netadmin-with-override, etc. and not to the oper classes without the -with-override suffix, such as globops, netadmin.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | channel:operonly:ban | For +O (oper only) channels, if you are also banned (+b) then you need this privilege to bypass the ban. |
| L | G | A | S | N | channel:operonly:join | Allows you to join channels that are +O (Oper only) |
| L | G | A | S | N | channel:operonly:set | Allows you to set channel mode +O (Oper only) |
| L | G | A | S | N | channel:operonly:topic | Allows you to modify the topic on a +O (Oper only) channel |
| G* | A* | S* | N* | channel:override:banpartmsg | Show /PART message, even when banned in the channel. | |
| L | G | A | S | N | channel:override:flood | Bypass channel mode +f flood protection. |
| G* | A* | S* | N* | channel:override:invite:self | Allow the user to /INVITE him/herself to the channel. This is called OperOverride and will make it so the IRCOp can bypass any channel restrictions (eg: +k and +i). | |
| G* | A* | S* | N* | channel:override:invite:invite-only | Allow /INVITE if the channel is +i (invite only) and you are not a channel operator.
| |
| G* | A* | S* | N* | channel:override:invite:noinvite | Allow /INVITE even if channel mode +V (no invite) is set.
| |
| G* | A* | S* | N* | channel:override:invite:notinchannel | Allow /INVITE even if you're not in the channel.
| |
| G* | A* | S* | N* | channel:override:kick:nokick | Allow /KICK to kick users, even if channel mode +Q (no kick allowed) is set.
| |
| G* | A* | S* | N* | channel:override:kick:no-ops | Allow /KICK to kick users, even if not having channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:kick:owner | Allow to /KICK users which have channel mode +q (channel owner) set.
| |
| G* | A* | S* | N* | channel:override:message:ban | Allows talking in the channel, even if banned. | |
| G* | A* | S* | N* | channel:override:message:moderated | Allows talking in the channel, even if the channel is +m and you have no +vhoaq. | |
| G* | A* | S* | N* | channel:override:message:prefix | Allows sending messages to prefixes (eg: /NOTICE @#chan Hey ops!) even if you don't have channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:message:regonlyspeak | Allows talking in the channel, even if the channel is set to +M and you are not registered. | |
| G* | A* | S* | N* | channel:override:mlock | Allows you to bypass MLOCK mode restrictions when Services are down. | |
| G* | A* | S* | N* | channel:override:mode | Allows you to set channel modes using /MODE, even if you don't have channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:mode:del | Same, but you can only delete modes. | |
| G* | A* | S* | N* | channel:override:mode:extban | Allows you to bypass extended ban restrictions. | |
| G* | A* | S* | N* | channel:override:privsecret | A very odd feature. Don't ask. | |
| G* | A* | S* | N* | channel:override:secureonly | Allows you to join a +z channel (secure only), even if you are not connected through SSL/TLS. | |
| G* | A* | S* | N* | channel:override:topic | Allows you to set the topic using /TOPIC, even if you normally would have no permission to.
| |
| G | A | S | N | channel:see:list:secret | Allows you to see secret channels in /LIST.
| |
| G | A | S | N | channel:see:names:invisible | Allows you to see all users in /NAMES.
| |
| G | A | S | N | channel:see:names:secret | Allows you to use /NAMES on secret channels (+s).
| |
| G | A | S | N | channel:see:mode:remote | Allows you to view the full mode (with parameters) without being in the channel (/MODE #channel).
| |
| G | A | S | N | channel:see:mode:remotebanlist | Allows you to view the banlist without being in the channel (/MODE #channel b).
| |
| G | A | S | N | channel:see:mode:remoteinvexlist | Allows you to view the ban exception and the invite exception list without being in the channel (eg: /MODE #channel I).
| |
| G | A | S | N | channel:see:mode:remoteownerlist | Allows you to view the list of channel owners/admins without being in the channel (eg: /MODE #channel q).
| |
| G | A | S | N | channel:see:topic | Allows you to see the topic (via /TOPIC #chan) of a channel without being in the channel.
| |
| G | A | S | N | channel:see:whois | Show information in /WHOIS that is normally hidden. Eg: secret channels.
| |
| G | A | S | N | channel:see:who:onchannel | Show information in /WHO that is otherwise not shown (user in channel you are not a member of).
| |
| G | A | S | N | channel:see:who:secret | Show information in /WHO that is otherwise not shown (user in +s channel).
|
route
Routing commands, to disconnect and connect servers (server linking).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G | A | S | N | route:global | Can use /CONNECT and /SQUIT to route server links.
| |
| L | G | A | S | N | route:local | Can use /CONNECT and /SQUIT to route server links. Only on the locally connected server.
|
sacmd
These commands bypass channel restrictions. Also, 2 out of 3 force an action on a user.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| S | N | sacmd:sajoin | Permits the use of the /SAJOIN command. This forces a user to join a channel, bypassing any channel restrictions.
| |||
| S | N | sacmd:samode | Permits the use of the /SAMODE command to set any channel modes you desire. The MODE is shown as if it came from the server, instead of you.
| |||
| S | N | sacmd:sapart | Permits the use of the /SAPART command. This forces a user to part from a channel, bypassing any channel restrictions.
|
self
Options that an IRCOp can set on itself.
NOTE: Items in the LGASN rows marked with an asterisk (*) are granted only to globop-with-override, admin-with-override, etc. and not to the oper classes without the -with-override suffix. See OperOverride for more information.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | self:getbaddcc | Can receive(!) DCC's that are on the blacklist. |
| L | G | A | S | N | self:opermodes | May set "oper only" IRC modes |
| G* | A* | S* | N* | self:unkickablemode | Can set the +q user mode (you cannot be kicked by others from channels) | |
| L | G | A | S | N | self:set:host | May use /SETHOST to change own visible hostname.
|
| L | G | A | S | N | self:set:ident | May use /SETIDENT to change own ident.
|
server
This catagory is for viewing and managing server settings.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| A | S | N | server:addmotd | Allow /ADDMOTD to add a line to the Message of the Day file.
| ||
| A | S | N | server:addomotd | Allow /ADDOMOTD to add a line to the IRCOP version of the Message of the Day file.
| ||
| L | G | A | S | N | server:close | Allow the /CLOSE command, to close pending server connections.
|
| A | S | N | server:description | Allow the /SDESC command, to set the server description.
| ||
| server:die | Allow the use of the /DIE command. This will terminate the IRC server.
Granting this privilege is not recommended. | |||||
| L | G | A | S | N | server:dns | Allow the /DNS command to view status and reinitialize the DNS Resolver.
|
| L | G | A | S | N | server:info:lag | Permit the /LAG command, to see server to server link lag.
|
| L | G | A | S | N | server:info:lusers | See some additional oper-only information in /LUSERS. Only relevant if set::options::flat-map is enabled.
|
| L | G | A | S | N | server:info:stats | See oper only server statistics with /STATS
|
| L | G | A | S | N | server:info:map:real-map | See the "real" server map. Only relevant if set::options::flat-map is enabled. |
| L | G | A | S | N | server:info:map:ulines | See u-lined servers. Only relevant if set::options::hide-ulines is enabled (this is usually the case). |
| L | G | A | S | N | server:module | Allows to see additional oper-only module information in /MODULE.
|
| L | G | A | S | N | server:opermotd | Can execute the /OPERMOTD command to see the IRCOp Message of the Day.
|
| L | G | A | S | N | server:rehash:local | Can use /REHASH to rehash the local IRCd.
|
| G | A | S | N | server:rehash:remote | Can use /REHASH to rehash remote IRC servers.
| |
| G | A | S | N | server:remote | Allows sending some commands to remote servers (not very useful): /INFO, /DALINFO, /LICENSE and /CREDITS.
| |
| server:restart | Allow the use of the /RESTART command. This will restart the IRC server. Granting this privilege is not recommended. A restart may not succeed if there are problems with the configuration file or for other reasons. Such a failure will leave the server terminated.
| |||||
| G | A | S | N | server:tsctl:view | Allows viewing server clocks. | |
| N | server:tsctl:set | Allows changing the server clock offset. This command is VERY dangerous. If misused, it may freeze the server or cause major issues. |
server-ban
Managing server bans (previously called: tkl).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G | A | S | N | server-ban:dccdeny | Can use /DCCDENY to manage the list of denied DCC files.
| |
| G | A | S | N | server-ban:gline | Can use /GLINE to manage the network-wide user bans (G-line).
| |
| L | G | A | S | N | server-ban:kline:local:add | Can use /KLINE to add a new local user ban (K-line).
|
| L | G | A | S | N | server-ban:kline:remove | Can use /KLINE to remove a local user ban (unkline).
|
| G | A | S | N | server-ban:shun | Can use /SHUN to "shun" (shut up) a user.
| |
| G | A | S | N | server-ban:shun:temporary | Can use /TEMPSHUN to temporarily "shun" (shut up) a user, for the session only.
| |
| A | S | N | server-ban:spamfilter | Can use /SPAMFILTER command to add spam filters.
| ||
| A | S | N | server-ban:spamreport | Can use /SPAMREPORT to report spam to a blacklist.
| ||
| G | A | S | N | server-ban:zline:global | Can use /GZLINE to add a new global z-line.
| |
| L | G | A | S | N | server-ban:zline:local:add | Can use /ZLINE to add a new local z-line.
|
services
Services-specific restrictions to bypass
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| S | N | services:servicebot:deop | Can deop a (services) user that user mode +S. Eg: /MODE #chan -o ChanServ.
| |||
| S | N | services:servicebot:kill | Can kill a (services) user that has user mode +S. Eg: /KILL ChanServ.
|