Difference between revisions of "IRC Advanced Privilege Control Model"

From IRC Wiki
Jump to navigation Jump to search
Line 53: Line 53:
         general:admin;
         general:admin;
     };
     };
 
   
     needoper;
     needoper;
  };
  };

Revision as of 21:26, 18 September 2012

The IRC Advanced Privilege Control Model is the permissions control model created by members of the IRCv3 working group for IRCv3 IRC daemons. It replaces the permissions model used by traditional IRCds.

Overview

A few IRCd projects involved in the IRCv3 working group decided that a new permissions model was needed. This permissions model was implemented in Charybdis 3.0 and InspIRCd 1.2. The full permissions model is still a work in progress, but covers:

  • Privilege set declaration
  • Privilege set transition (such as from 'user' role to 'ircop' role or 'admin' role) via:
    • /OPER command
    • /CHALLENGE command (charybdis extension)
    • Connection class
  • Naming suggestions for common permissions and namespaces

Additional privilege set transition methods are planned, such as:

  • Targeted SASL authentication result (IRCv3.2 proposal)
  • CERTFP (planned inspircd extension)

Other eventual goals include describing RFC1459 user permissions and state/role transitions as a function of IAPCM configuration.

Additionally both Atheme 6 and Anope 1.9 implement the basis of the IAPCM standard with the following role transitions (but with different permissions schemes):

  • NickServ IDENTIFY command
  • IRC role transitions with fallback to usermode +o/+a detection
  • OperServ IDENTIFY command
  • X.509 fingerprint verification (CERTFP) result
  • SASL authentication result (Atheme only)

Example (Charybdis)

This example assumes Charybdis-style config syntax, InspIRCd config syntax will be different, but similar (mainly XML-like). 

privset "ircop" {
    flags = oper:kill, oper:local_kill, oper:rehash, oper:override;
};
   
privset "admin" {
    inherits = "ircop";
    flags = oper:die, oper:restart;
};

If a user transitions into the admin role, she will also receive the permissions of the ircop role because of `privset::inherits`.

Example (Atheme 6/Atheme 7)

This example assumes Atheme-style config syntax. Anope config syntax may differ. 

operclass "admin" {
    extends ircop;
    
    privs {
        user:regnolimit;
        general:admin;
    };
    
    needoper;
};

The needoper keyword disallows a role transition into this role without having IRC operator status.

See Also

  • IRCd Comparison (including a list of IRCds implementing the IRC Advanced Privilege Control Model).
Retrieved from "https://www.irc.wiki/index.php?title=IRC_Advanced_Privilege_Control_Model&oldid=6190"