Tip of the day: You can exempt users dynamically from server bans, spamfilter, maxperip and other restrictions with the ELINE command on IRC.
|
Operclass permissions
Jump to navigation
Jump to search
This page shows the permissions that can be used in the Operclass block (in operclass::permissions, the new name since UnrealIRCd 4.2.1). Refer to that article for more information.
Catagories
Since UnrealIRCd 4.2.1 permissions are carefully grouped in the following catagories:
| Permission category | Description | Example commands and actions that are affected |
|---|---|---|
| chat | IRCOp chatting functions (communication) | GLOBOPS, LOCOPS, WALLOPS, local and global notices
|
| client | Commands that affect other clients | client:see: USERIP, TRACEclient:set: |
| immune | Server settings that the IRCOp is immune to | Jointhrottle, flooding, banned nicks, spamfilter, .. |
| kill | The ability to kill users | KILL
|
| channel | Channel information and settings that the IRCOp can view or override/bypass, including OperOverride. | channel:see: Seeing secret channels in /LIST and /WHOIS, allowing /WHO while not in channel, ..channel:override: Kicking, mode changing etc. when not having chanops (+o) |
| route | Managing routing | SQUIT, CONNECT
|
| sacmd | The SAxxxx commands. | SAJOIN, SAPART, SAMODE
|
| self | Options that an IRCOp can set on itself | SETHOST, SETIDENT, receive bad dcc's, set special IRCOp user modes
|
| server | Managing or viewing server settings | Rehash, restart, tsctl, .. |
| server-ban | Managing server bans (tkl) | KLINE, GLINE, ZLINE, SPAMFILTER
|
| services | Services-specific restrictions to bypass | Currently only servicebots killing or deoping (eg: -o ChanServ) |
Detailed permissions
Below is the explanation of all the permissions that are available in UnrealIRCd.
In the table, to the left of each item, there are the letters L G A S N which show you whether the privilege is included in the operclass.default.conf operclasses: Locop, Globop, Admin, Services-admin and Netadmin.
chat
IRCOp chatting functions (communication)
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | chat:globops | Can use /GLOBOPS to chat with other IRCOps.
|
| L | G | A | S | N | chat:locops | Can use /LOCOPS to chat with other IRCOps.
|
| L | G | A | S | N | chat:notice:global | Can send notices to all global users, with /NOTICE $* Message
|
| L | G | A | S | N | chat:notice:local | Can send notices to all local users, with /NOTICE $servername Message
|
| L | G | A | S | N | chat:wallops | Can send notices to wallops, via /WALLOPS
|
client
Commands that affect other clients (see also banning and killing, which are separate catagories).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | client:see:ip | Can use the /USERIP command.
|
| L | G | A | S | N | client:see:trace | Can use /TRACE.
|
| L | G | A | S | N | client:see:trace:global | Can use /TRACE globally.
|
| L | G | A | S | N | client:see:trace:invisible-users | Show invisible users in /TRACE.
|
| L | G | A | S | N | client:see:trace:local | Can use /TRACE locally.
|
| G | A | S | N | client:set:host | Can use /CHGHOST to change the host of a user.
| |
| G | A | S | N | client:set:ident | Can use /CHGIDENT to change the ident of a user.
| |
| G | A | S | N | client:set:reputation | Can use /REPUTATION nick|ip value to change the reputation of a user / users IP.
| |
| G | A | S | N | client:set:name | Can use /CHGNAME to change the realname (gecos) of a user.
| |
| G | A | S | N | client:override:message:regonlymsg | Can bypass user mode +R (only receive messages from registered users) | |
| G | A | S | N | client:override:message:secureonlymsg | Can bypass user mode +Z (only receive messages from SSL/TLS users) |
immune
Server settings and restrictions that the IRCOp is immune to (can bypass). Note that all channel policy settings are under channel instead.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | immune:anti-spam-quit-message-time | Bypass set::anti-spam-quit-message-time. |
| L | G | A | S | N | immune:away-flood | Bypass set::anti-flood::away-flood. |
| L | G | A | S | N | immune:join-flood | Bypass set::anti-flood::join-flood. |
| L | G | A | S | N | immune:lag | Disable fake lag so the user can send commands (flood) at full speed. |
| L | G | A | S | N | immune:max-concurrent-conversations | Bypass set::anti-flood::max-concurrent-conversations. |
| L | G | A | S | N | immune:maxchannelsperuser | Bypass set::maxchannelsperuser. |
| L | G | A | S | N | immune:nick-flood | Bypass set::anti-flood::nick-flood. |
| L | G | A | S | N | immune:restrict-extendedbans | Bypass set::restrict-extendedbans. |
| L | G | A | S | N | immune:restrict-usermodes | Bypass set::restrict-usermodes |
| L | G | A | S | N | immune:server-ban:ban-nick | Bypass banned nicks (qlines). |
| L | G | A | S | N | immune:server-ban:ban-realname | Bypass realname bans |
| L | G | A | S | N | immune:server-ban:deny-channel | Bypass deny channel restrictions. |
| L | G | A | S | N | immune:server-ban:shun | /SHUN is not effective on this user. |
| L | G | A | S | N | immune:server-ban:spamfilter | Spamfilter will not affect this user. |
| L | G | A | S | N | immune:server-ban:viruschan | The 'viruschan' action restrictions are not imposed on this user. |
| L | G | A | S | N | immune:target-flood | set::anti-flood::everyone::target-flood limits do not apply to this user. |
kill
This group grants the ability to kill users.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | kill:global | Permit to /KILL global users.
|
| L | G | A | S | N | kill:local | Permit to /KILL local users.
|
channel
Information and settings regarding channels that the IRCOp can bypass/override. There's also a specific sub-section channel:see that only affects bypassing "viewing restrictions" (such as seeing secret channels).
NOTE: Items in the LGASN rows marked with an asterisk (*) are granted only to globop-with-override, admin-with-override, etc. and not to the oper classes without the -with-override suffix. See OperOverride for more information.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G* | A* | S* | N* | channel:operonly:ban | For +O (oper only) channels, if you are also banned (+b) then you need this privilege to bypass the ban. | |
| G* | A* | S* | N* | channel:operonly:join | Allows you to join channels that are +O (Oper only) | |
| G* | A* | S* | N* | channel:operonly:set | Allows you to set channel mode +O (Oper only) | |
| G* | A* | S* | N* | channel:operonly:topic | Allows you to modify the topic on a +O (Oper only) channel | |
| G* | A* | S* | N* | channel:override:banpartmsg | Show /PART message, even when banned in the channel. | |
| L | G | A | S | N | channel:override:flood | Bypass channel mode +f flood protection. |
| G* | A* | S* | N* | channel:override:invite:self | Allow the user to /INVITE him/herself to the channel. This is called OperOverride and will make it so the IRCOp can bypass any channel restrictions (eg: +k and +i). | |
| G* | A* | S* | N* | channel:override:invite:invite-only | Allow /INVITE if the channel is +i (invite only) and you are not a channel operator.
| |
| G* | A* | S* | N* | channel:override:invite:noinvite | Allow /INVITE even if channel mode +V (no invite) is set.
| |
| G* | A* | S* | N* | channel:override:invite:notinchannel | Allow /INVITE even if you're not in the channel.
| |
| G* | A* | S* | N* | channel:override:kick:nokick | Allow /KICK to kick users, even if channel mode +Q (no kick allowed) is set.
| |
| G* | A* | S* | N* | channel:override:kick:no-ops | Allow /KICK to kick users, even if not having channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:kick:owner | Allow to /KICK users which have channel mode +q (channel owner) set.
| |
| G* | A* | S* | N* | channel:override:message:ban | Allows talking in the channel, even if banned. | |
| G* | A* | S* | N* | channel:override:message:moderated | Allows talking in the channel, even if the channel is +m and you have no +vhoaq. | |
| G* | A* | S* | N* | channel:override:message:prefix | Allows sending messages to prefixes (eg: /NOTICE @#chan Hey ops!) even if you don't have channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:message:regonlyspeak | Allows talking in the channel, even if the channel is set to +M and you are not registered. | |
| G* | A* | S* | N* | channel:override:mlock | Allows you to bypass MLOCK mode restrictions when Services are down. | |
| G* | A* | S* | N* | channel:override:mode | Allows you to set channel modes using /MODE, even if you don't have channel operator privileges.
| |
| G* | A* | S* | N* | channel:override:mode:del | Same, but you can only delete modes. | |
| G* | A* | S* | N* | channel:override:mode:extban | Allows you to bypass extended ban restrictions. | |
| G* | A* | S* | N* | channel:override:privsecret | A very odd feature. Don't ask. | |
| G* | A* | S* | N* | channel:override:secureonly | Allows you to join a +z channel (secure only), even if you are not connected through SSL/TLS. | |
| G* | A* | S* | N* | channel:override:topic | Allows you to set the topic using /TOPIC, even if you normally would have no permission to.
| |
| G | A | S | N | channel:see:list:secret | Allows you to see secret channels in /LIST.
| |
| G | A | S | N | channel:see:names:invisible | Allows you to see all users in /NAMES.
| |
| G | A | S | N | channel:see:names:secret | Allows you to use /NAMES on secret channels (+s).
| |
| G | A | S | N | channel:see:mode:remote | Allows you to view the full mode (with parameters) without being in the channel (/MODE #channel).
| |
| G | A | S | N | channel:see:mode:remotebanlist | Allows you to view the banlist without being in the channel (/MODE #channel b).
| |
| G | A | S | N | channel:see:mode:remoteinvexlist | Allows you to view the ban exception and the invite exception list without being in the channel (eg: /MODE #channel I).
| |
| G | A | S | N | channel:see:mode:remoteownerlist | Allows you to view the list of channel owners/admins without being in the channel (eg: /MODE #channel q).
| |
| G | A | S | N | channel:see:topic | Allows you to see the topic (via /TOPIC #chan) of a channel without being in the channel.
| |
| G | A | S | N | channel:see:whois | Show information in /WHOIS that is normally hidden. Eg: secret channels.
| |
| G | A | S | N | channel:see:who:onchannel | Show information in /WHO that is otherwise not shown (user in channel you are not a member of).
| |
| G | A | S | N | channel:see:who:secret | Show information in /WHO that is otherwise not shown (user in +s channel).
|
route
Routing commands, to disconnect and connect servers (server linking).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G | A | S | N | route:global | Can use /CONNECT and /SQUIT to route server links.
| |
| L | G | A | S | N | route:local | Can use /CONNECT and /SQUIT to route server links. Only on the locally connected server.
|
sacmd
These commands bypass channel restrictions. Also, 2 out of 3 force an action on a user.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | sacmd:sajoin | Permits the use of the /SAJOIN command. This forces a user to join a channel, bypassing any channel restrictions.
|
| L | G | A | S | N | sacmd:samode | Permits the use of the /SAMODE command to set any channel modes you desire. The MODE is shown as if it came from the server, instead of you.
|
| L | G | A | S | N | sacmd:sapart | Permits the use of the /SAPART command. This forces a user to part from a channel, bypassing any channel restrictions.
|
self
Options that an IRCOp can set on itself.
NOTE: Items in the LGASN rows marked with an asterisk (*) are granted only to globop-with-override, admin-with-override, etc. and not to the oper classes without the -with-override suffix. See OperOverride for more information.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| L | G | A | S | N | self:getbaddcc | Can receive(!) DCC's that are on the blacklist. |
| L | G | A | S | N | self:opermodes | May set "oper only" IRC modes |
| L* | G* | A* | S* | N* | self:unkickablemode | Can set the +q user mode (you cannot be kicked by others from channels) |
| L | G | A | S | N | self:set:host | May use /SETHOST to change own visible hostname.
|
| L | G | A | S | N | self:set:ident | May use /SETIDENT to change own ident.
|
server
This catagory is for viewing and managing server settings.
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| A | S | N | server:addmotd | Allow /ADDMOTD to add a line to the Message of the Day file.
| ||
| A | S | N | server:addomotd | Allow /ADDOMOTD to add a line to the IRCOP version of the Message of the Day file.
| ||
| L | G | A | S | N | server:close | Allow the /CLOSE command, to close pending server connections.
|
| A | S | N | server:description | Allow the /SDESC command, to set the server description.
| ||
| server:die | Allow the use of the /DIE command. This will terminate the IRC server.
Granting this privilege is not recommended. | |||||
| L | G | A | S | N | server:dns | Allow the /DNS command to view status and reinitialize the DNS Resolver.
|
| L | G | A | S | N | server:info:lag | Permit the /LAG command, to see server to server link lag.
|
| L | G | A | S | N | server:info:lusers | See some additional oper-only information in /LUSERS. Only relevant if set::options::flat-map is enabled.
|
| L | G | A | S | N | server:info:stats | See oper only server statistics with /STATS
|
| L | G | A | S | N | server:info:map:real-map | See the "real" server map. Only relevant if set::options::flat-map is enabled. |
| L | G | A | S | N | server:info:map:ulines | See u-lined servers. Only relevant if set::options::hide-ulines is enabled (this is usually the case). |
| L | G | A | S | N | server:module | Allows to see additional oper-only module information in /MODULE.
|
| L | G | A | S | N | server:opermotd | Can execute the /OPERMOTD command to see the IRCOp Message of the Day.
|
| L | G | A | S | N | server:rehash:local | Can use /REHASH to rehash the local IRCd.
|
| G | A | S | N | server:rehash:remote | Can use /REHASH to rehash remote IRC servers.
| |
| G | A | S | N | server:remote | Allows sending some commands to remote servers (not very useful): /INFO, /DALINFO, /LICENSE and /CREDITS.
| |
| server:restart | Allow the use of the /RESTART command. This will restart the IRC server. Granting this privilege is not recommended. A restart may not succeed if there are problems with the configuration file or for other reasons. Such a failure will leave the server terminated.
| |||||
| G | A | S | N | server:tsctl:view | Allows viewing server clocks. | |
| N | server:tsctl:set | Allows changing the server clock offset. This command is VERY dangerous. If misused, it may freeze the server or cause major issues. |
server-ban
Managing server bans (previously called: tkl).
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| G | A | S | N | server-ban:dccdeny | Can use /DCCDENY to manage the list of denied DCC files.
| |
| G | A | S | N | server-ban:gline | Can use /GLINE to manage the network-wide user bans (G-line).
| |
| L | G | A | S | N | server-ban:kline:local:add | Can use /KLINE to add a new local user ban (K-line).
|
| L | G | A | S | N | server-ban:kline:remove | Can use /KLINE to remove a local user ban (unkline).
|
| G | A | S | N | server-ban:shun | Can use /SHUN to "shun" (shut up) a user.
| |
| G | A | S | N | server-ban:shun:temporary | Can use /TEMPSHUN to temporarily "shun" (shut up) a user, for the session only.
| |
| A | S | N | server-ban:spamfilter | Can use /SPAMFILTER command to add spam filters.
| ||
| A | S | N | server-ban:spamreport | Can use /SPAMREPORT to report spam to a blacklist.
| ||
| G | A | S | N | server-ban:zline:global | Can use /GZLINE to add a new global z-line.
| |
| L | G | A | S | N | server-ban:zline:local:add | Can use /ZLINE to add a new local z-line.
|
services
Services-specific restrictions to bypass
| L | G | A | S | N | Name | Description |
|---|---|---|---|---|---|---|
| S | N | services:servicebot:deop | Can deop a (services) user that user mode +S. Eg: /MODE #chan -o ChanServ.
| |||
| S | N | services:servicebot:kill | Can kill a (services) user that has user mode +S. Eg: /KILL ChanServ.
|