Operator privileges
Operator privileges grant exta abilities to operators, such as being able to use certain commands, view additional information, and set restricted server notice masks. These privileges are specified in class and/or operator blocks.
| Privilege | Description |
|---|---|
| admin | Server administrator (can set user mode +a, load/unload modules and see additional information). |
| apass_opmode | Can OPMODE and CLEARMODE commands on +A (admin) and +U (user) keys. |
| badchan | Can set remote badchans (e.g. Gchans). |
| channel_privacy | Can bypass channel privacy (i.e. see modes, keys, and lists). |
| chan_limit | Can bypass max channel limits to join local channels. |
| chanserv | Can set user mode +k (cannot be deoped, kicked or killed) [cannot be set via configuration file]. |
| check | Can use CHECK command. |
| close | Can use CLOSE command. |
| deop_lchan | Cannot be deoped or kicked on local channels. |
| die | Can use DIE command. |
| display | Operator status will be visible to others. |
| force_local_opmode | Can use OPMODE and CLEARMODE commands on quarantined local channels. |
| force_opmode | Can use OPMODE and CLEARMODE commands on quarantined global channels. |
| gline | Can set remote G-lines. |
| hide_oper | Can set user mode +H (hidden oper). |
| jupe | Can set remote Jupes. |
| kill | Can KILL (i.e. disconnect) remote clients. |
| list_chan | Can see +s channels and modes with LIST command. |
| local | OR propagate (with opposite sense), i.e. no == global operator. |
| local_badchan | Can set local badchans. |
| local_gline | Can set local G-lines. |
| local_jupe | Can set local Jupes. |
| local_kill | Can KILL (i.e. disconnect) local clients. |
| local_opmode | Can use OPMODE and CLEARMODE commands on local channels. |
| local_shun | Can set local Shuns. |
| mass_notice | Can send mass/masked messages/notices. |
| message | Can send through user mode +g (CallerID). |
| mode_lchan | Can use MODE command on local channels without being a channel operator. |
| noidle | Can set user mode +I (hide idle time). |
| opmode | Can use OPMODE and CLEARMODE commands. |
| paranoid | Can set user mode +P (show WHOIS requests on them). |
| propagate | Global operator (implied if local == no). |
| rehash | Can use REHASH command. |
| remote | Can use remote-form of commands. |
| remoterehash | Can use REHASH command remotely. |
| restart | Can use RESTART command. |
| route | Can use CONNECT, SETTIME, SHEDDING and SQUIT commands. |
| routeinfo | Can use ASLL, MAP, LINKS, RPING, TRACE and UPING commands, and set server notice mask +R. |
| routeuworld | Can use SQUIT command on UWorld servers (also requires the route privilege). |
| see_chan | Can see users in secret (+s) channels with WHO command. |
| see_opers | Can see operator status for operators without the display privilege. |
| serverinfo | Can use GET, HASH and STATS commands. |
| set | Can use SET command to change feature settings. |
| show_all_invis | Can see invisible users with WHO command. |
| show_invis | Can see local invisible users with WHO command. |
| shun | Can set remote Shuns. |
| unlimit_query | Can see additional results from WHO queries. |
| user_privacy | Can bypass user privacy (e.g. see IP addresses, and channels they don't share in common). |
| walk_lchan | Can use OVERRIDE flag to forcibly join local channels. |
| wall | Can use WALLOPS and WALLUSERS commands. |
| whox | Log operator's use of WHOX. |
| wide_gline | Can force setting of a wide G-line. |
| wide_shun | Can force setting of a wide Shun. |
| xtraop | Can set user mode +X (XtraOp) [cannot be set via configuration file]. |
Precedence#
Operator privileges are checked in the following order:
- The operator's operator block
- The operator's connection class
- The default value for a privilege
That is, the value of a privilege specified in an operator block will override those specified in a class block, while those specified in either operator or class blocks will override the default value for a privilege.
For example, consider the following configuration:
class { name "Global"; /* ...other configuration... */ local = no; user_privacy = no;}
operator { name "Jane"; class "Global"; /* ...other configuration... */ user_privacy = yes;}In the above example, connection class Global is for global operators (note the local privlege set to no), and disables the user_privacy privilege. Operator Jane has been assigned connection class Global making her a global operator; however, Jane will also be given the user_privacy privilege as it has been enabled within her operator block, even though it's disabled for her connection class. This is because the value of any privileges listed in her operator block will override those for the connection class.
Defaults#
Global operators#
Global operators (i.e. those with local = no or propagate = yes) receive
all privileges by default except:
- admin
- apass_opmode
- badchan
- channel_privacy
- chanserv
- deop_lchan
- die
- force_local_opmode
- gline
- hide_oper
- jupe
- local_badchan
- local_opmode
- mass_notice
- message
- mode_lchan
- rehash
- remote
- remoterehash
- restart
- routeuworld
- set
- shun
- unlimit_query
- user_privacy
- walk_lchan
- wide_gline
- wide_shun
- xtraop
Local operators#
Local operators (i.e. those with local = yes or propagate = no) get only
these privileges by default:
- chan_limit
- display
- local_gline
- local_jupe
- local_kill
- rehash
- show_all_invis
- show_invis
- whox
note
As mentioned above, these defaults can be overridden by class and operator blocks.