Config file abuse...

[syserror]

I'm not sure where to look for an answer to this, ive searched around but found nothing.

I'm wondering what stops a leaf owner, that is someone who can access the leaf's config file, from adding the netadmin; flag [for lack of a better example] to (all) their oper(s). I use netadmin as an example, but anything that propogates throughout the network.

As far as I understand if I have any oper with >local; rights, it allows me to run alot of remote commands, from squits to banning globally.

I do trust my oper's and server owners, but I feel if we get much bigger, as the network is, it will be harder to control/monitor what goes on. I'm basically worried that some idiot will somehow be allowed to leaf, give himself netadmin; on his server and cause chaos on the network.


This is probably documented somewhere really obvious but I just cant see it...

Thanks in advance

-Anthony

[Stealth]

There is nothing in Unreal that stops server admins from doing this. Every server admin has the freedom to give whatever oper flags they want to however many opers they want.

The ways you can regulate such a thing on your own network:

• Put a global opers conf as a remote include, and host it on your main server. Require everyone loads that remote include, and does not have any other opers in their conf.
• Make a set of rules admins must follow to remain linked to the network, and enforce them.

Both of these can be enforced by using "/stats o server" regularly, which will give you a list of opers for that server, and their flags. If someone refuses to follow your rules, they can be delinked very simply.

[Moogey]

But also you shouldn't delegate such permissions to those you don't trust

[w00t]

Using something like ircdefender to enforce who can oper up, and from what hosts is also a handy thing if someone's oline DOES get hacked, but you shouldn't rely on technology to do it all

[syserror]

Thanks you've all been very helpful

[w00t]

No worries