Restrict opers creation

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Locked
test77298
Posts: 7
Joined: Tue Feb 09, 2021 9:15 pm

Restrict opers creation

Post by test77298 »

How to prevent set oper to first user to enter a channel?, need use only official opers.
Lord255
Posts: 67
Joined: Sat Feb 29, 2020 12:58 am
Location: offline

Re: Restrict opers creation

Post by Lord255 »

i dont even understand the question. can you rephrase it or describe a little bit more, what exactly you want?
test77298
Posts: 7
Joined: Tue Feb 09, 2021 9:15 pm

Re: Restrict opers creation

Post by test77298 »

When a person enters a channel automatically the server assigns him as an operator if he is the only user in the channel, I want to avoid this because I have defined operators and defined rooms.
Lord255
Posts: 67
Joined: Sat Feb 29, 2020 12:58 am
Location: offline

Re: Restrict opers creation

Post by Lord255 »

see "set::level-on-join" on https://www.unrealircd.org/docs/Configuration

btw op != oper.
just saying. :)
PeGaSuS
Posts: 74
Joined: Tue Jun 27, 2017 4:42 pm

Re: Restrict opers creation

Post by PeGaSuS »

If you really want to block users from joining/creating other channels than the ones you've already created, you can use the Deny channel (https://www.unrealircd.org/docs/Deny_channel_block) and the Allow channel (https://www.unrealircd.org/docs/Allow_channel_block) blocks.

Examples:

Code: Select all

deny channel {
	channel "#*"; /* Prevents users from join any channels,except the ones on the allow blocks */
	reason "You can only join #chat #main";
}

allow channel {
	channel "#chat";
}

allow channel {
	channel "#main";
}
If you use this method, as oper you can join and create/register any channel, but you'll need to update the allow channel blocks accordingly.

Hope this helps. :D

Cheers
What goes around comes around!
test77298
Posts: 7
Joined: Tue Feb 09, 2021 9:15 pm

Re: Restrict opers creation

Post by test77298 »

Yes i need use unrealircd for my company for communications and need add access only to employeers to channels for technical channels, but need prevent the external registration and set pre registrated users and pre created channels with access only for authenticated users.

It is my first intent installing an irc server. I find if can use rsa keys for authentication but does not support :( , but need authenticate by user and simple password but only for pre registred users and disable registration.

My setting file is:

// yum -y install unrealircd;
// nano /etc/unrealircd/unrealircd.conf;
// systemctl enable unrealircd.service;
// systemctl start unrealircd.service;
// iptables -I INPUT -i eth0 -p tcp --dport 6697 -m comment --comment "# UnrealIRCd #" -j ACCEPT;

// yum -y install cyrus-sasl-plain;
// nano /etc/sysconfig/saslauthd;
// START=yes
// MECHANISMS="sasldb"
// systemctl enable saslauthd;
// systemctl start saslauthd;

// echo 'test' | saslpasswd2 -p -c admin
// testsaslauthd -u admin -p secret test


include "modules.default.conf";
include "help/help.conf";
include "badwords.conf";
// include "spamfilter.conf";
include "operclass.default.conf";

me {
name "irc.xxxx.xx";
info "XXXXX Server";
sid "001";
}

admin {
"Admin";
"admin";
"admin@xxxxxx.xx";
}

class clients
{
pingfreq 90;
maxclients 1000;
sendq 200k;
recvq 8000;
}

class opers
{
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}

class servers
{
pingfreq 60;
connfreq 15;
maxclients 10;
sendq 20M;
}

allow {
ip *@*;
class clients;
maxperip 3;
}

listen { // Only SSL connections
ip *;
port 6697;
options { ssl; }
}

log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
}
}

include "aliases/anope.conf";

except ban {
mask *@127.0.0.1;
mask *@xx.xxx.xxx.x;
}

/* Network configuration */
set {
network-name "XXXXX";
default-server "irc.xxxxxx.xx";
help-channel "#help";
// auto-join "#xxxxx";
hiddenhost-prefix "XXX";
prefix-quit "Quit";
cloak-keys {
"XXXXXX";
"XXXXXX";
"XXXXXX";
}
}

set {
/* Server specific configuration */
kline-address "support@xxxxx.xx";
modes-on-connect "+ixw";
modes-on-oper "+xws";
modes-on-join "+ntH";
oper-auto-join "#help";
options {
hide-ulines;
show-connect-info;
}
maxchannelsperuser 50;

anti-spam-quit-message-time 10s;
static-quit "Client quit";
/* static-part yes; */

/* Flood protection */
anti-flood {
nick-flood 5:60;
connect-flood 60:60;
away-flood 8:120;
}

/* Settings for spam filter */
spamfilter {
ban-time 1d;
ban-reason "Spam/Advertising";
virus-help-channel "#help";
}

restrict-commands {
private-message { exempt-identified yes; }
private-notice { exempt-identified yes; }
channel-message { exempt-identified yes; }
channel-notice { exempt-identified yes; }
list { exempt-identified yes; }
// cs
dns { exempt-identified yes; }
nick { exempt-identified yes; }
ignore { exempt-identified yes; }
invite { exempt-identified yes; }
join { exempt-identified yes; }
kick { exempt-identified yes; }
links { exempt-identified yes; }
list { exempt-identified yes; }
me { exempt-identified yes; }
mode { exempt-identified yes; }
msg { exempt-identified yes; }
names { exempt-identified yes; }
// nick
notify { exempt-identified yes; }
ping { exempt-identified yes; }
query { exempt-identified yes; }
server { exempt-identified yes; }
who { exempt-identified yes; }
whois { exempt-identified yes; }
whowas { exempt-identified yes; }
}
}

set {
connthrottle {
known-users {
minimum-reputation-score 24;
sasl-bypass yes;
}

new-users {
local-throttle 20:1;
global-throttle 30:1;
}

disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}

set {
history {
channel {
playback-on-join {
lines 50;
time 30d;
}

max-storage-per-channel {
lines 500;
time 30d;
}
}
}
}

// official-channels {
// "#admin";
// "#help";
// "#XXXXXX";
// }

deny channel {
channel "#*";
reason "Only registred users.";
}

allow channel {
channel "#admin";
channel "#help";
channel "#XXXXX";
};

require authentication {
mask *@*;
reason "This server requires authentication.";
};

loadmodule "authprompt";
set {
authentication-prompt {
enabled yes;
message "For continue ..... etc etc.";
fail-message "Fail .... etc etc. contact to support etc etc.";
};
};


// --------- USERS ---------

oper XXXXXXX {
class opers;
mask *@*;
password "XXXXXXXXXXXXXX";
swhois "Is the admin :)";
operclass netadmin;
vhost XXXXX.XXXXX;
}
Syzop
UnrealIRCd head coder
Posts: 1974
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Restrict opers creation

Post by Syzop »

Seems this discussion continues in a new thread: Authentication service?
Locked