Oper Flags and Commands

[w00t]

Any opinions from everyone else?

This is a forum after all.

[jewles]

yup...

Don't Do Drugs

[Dukat]

I never liked the current system, it's very irritating getting abilities you never explicitly added to the oper block. The implicit "you get that and that flag if you are such and such an Operator" isn't really userfriendly anyway, I think - of course you have to type less, but on the other hand you always have to recheck which flags are included (and which not (that's the annoying part), to add them manualy). Also, you can not deny certain rights to opers - I think a good philosophy is always to give people as much rights as needed and as little as possible... But I know... you should trust your Opers

You often see configurations of Operblocks (especially from new users) with all rights explicitly stated - even though these rights would be implicitly included in an Operlevel (e.g. Netadmin). This seems to be the intuitive way...

[codemastr]

What is the point?

<User> I need help, some guy is launching attacks against my channel!
<Oper> Sorry, I don't have the ability to kill anyone
<User> Aren't you an oper?
<Oper> Yes, but all I get is the "is an irc operator" in /whois, I can't actually do anything.

How is that useful?

[aquanight]

If your network is like EFnet, you wouldn't have opers dealing with channel issues anyway .

Being an IRC Operator isn't just about /kill-ing people. They do other things too:

1. Manage server routing via /connect and /squit.
2. Through the helpop flag, help users who desire certain information.
3. Send server-wide notices with the $<server> target, such as server events (like shutdown or planned netsplits (who actually plans netsplits? )).

[w00t]

Indeed not, we only want a class of oper ("Abuse Team") to be able to use abuse management commands. There would always be at least one abuse team member on, and they wouldnt necessarily be the most "senior" in the net either. We want to explicitly deny all others the ability to kill etc.

We trust them, we just want to make sure that they cant make the decision in any case. Remove temptation, so to speak...

Then, as aquanight said, there is routing to do (Another "team" for our net), helping users learn how to use irc (helpop) etc etc etc.

[Syzop]

Uhh @ +kill -squit.. doesn't make sense to me... So you are not allowed to kill 1 person, but you are allowed to split servers / entire nets which cuts the server off from like hundreds or thousands of clients... right :P.

Anyway, I'm pretty sure if we would add the ability to limit those basic per commands (like 'kill'), people will start asking about hiding certain info from opers too (like ips and stuff)... That's NOT something I want to do.
Also, I don't want to make everything 100% configurable, I mean there are over 230 oper checks in the code! (think.. special /who options, showing +s chans in /list, remote mode,names,topic, extra whois info, etc etc etc)

In my opinion the current system should be somewhat expanded/changed in the far future (think: 3.3*), but certainly not as much as some people want..
Like all the stuff admins and higher currently can is fine with me, it seems very stupid to limit such 'high level' people... lower levels could be improved however...
Things that come to my mind:
- no can_localroute automatically to locops
- no can_globalroute automatically to globops
- no can_kline/can_unkline automatically to locops/globops
- add some more commands with can_* flags, SET* and CHG*. give these automatically to co-admin and higher, but not to locops/global

Things like making opers unable to /kill I disagree with... if you limit people that much it's pretty useless to make them opers IMO... You let them view almost everything (lots of [sensitive] info) but don't allow them to act... IMO a locop (without routing/kline permissions) is 'low enough'.

[off-topic: addline is a special case, most likely a can_addline flag will be added soon [or it will be moved from commands.so, who knows], coz with addline you can 'upgrade' your status to whatever you want [by just adding oper blocks ;p]]

*edit* I ment 'Also, I don't want to make everything 100% configurable', hopefully nobody got confused.. */edit*

[w00t]

Wow, syzop that was quite a post!

I do kind of agree with the /kill thing, but it was more of an example. However, kill != squit. There are some who are perfectly suited for doing routing, but are too quick tempered to be able to say, kline.

My point is, that just because you have +o shouldnt mean you can gline unless you are explicitly given permissions to do so

Dont take this as a whinge, just trying to define EXACTLY what it is I think (hell, even I dont fully know)

[codemastr]

Send server-wide notices with the $<server> target, such as server events (like shutdown or planned netsplits (who actually plans netsplits? )).

Why would one need to notify users of a server shutting down if one can not shutdown the server?

Through the helpop flag, help users who desire certain information.

Ok. Why does an oper need to be the one to answer questions like "how do I op someone in my channel?" any #help channel can answer that! The questions people go to opers for are things they know only opers can do. Things like opping in channels, killing flooders, killing ghosts, etc. You're right, opers do much more than just /kill'ing. They have many things to do. So why should they have to waste their valuable time answering questions that anyone could have dealt with?

[w00t]

<sigh>

I knew that your reply would be something like that.

This is the system we are wanting to implement, its that simple. The current system doesnt allow us to do that. So far, almost everyone who has posted here has said that they would definatly welcome a more customisable system for the future.

Just to point where things are going. You may not find it useful, We certainly would, and (so it seems) would others.

[jewles]

well, you can surely see the people who were raised on window computers... the aspiring network administrators (even if they don't know it)

[aquanight]

Why would one need to notify users of a server shutting down if one can not shutdown the server?

It was an example!!! Anyway, it may be a shutdown event that, while the oper has no control over, he does know it's going to happen. (Example: planned power outage, storms, server running on a weak UPS, etc). The oper can send a server notice to something to the effect of "Due to circumstances beyond our control, the server is running on a weak UPS battery, and will go down in 30 minutes unless normal power is restored."

[off-topic: addline is a special case, most likely a can_addline flag will be added soon [or it will be moved from commands.so, who knows], coz with addline you can 'upgrade' your status to whatever you want [by just adding oper blocks ;p]]

It's my understanding that /addline was actually going to be removed .

well, you can surely see the people who were raised on window computers... the aspiring network administrators (even if they don't know it)

I blame Microsoft for that . I also blame the fact that there isn't a *nix CD in my house at all... at the moment .

My point is, that just because you have +o shouldnt mean you can gline unless you are explicitly given permissions to do so

(Psst, it would help to use a flag that already isn't required to be specified explicitly .)

[codemastr]

I'm sure people would find it useful, other's, however would find it very confusing. How come, all of a sudden, their config file doesn't work. For the last 2 years they've had simply the O flag in the oper flags, and it worked fine. Suddenly, the oper can no longer kill, /connect, or do anything else. I see it causing problems.

[jewles]

lol, yeah codemastr of course there are negitive to everything we've been brought up, as well as good things.... sure it will cause problems.... sure it's probably more of a bitch to try and code.... but the real question is, is it pointless? and of course that could be argued both ways just like anything else...

you can say yes it is pointless because if ops abuse their power remove them... but at the same token, an absuve op can cause more damage with one command (intentional or not) then if he had access to it in the first place.... and to explain any of that I juse said... example

I'm the network administrator of a network with (i don't know) 3 servers, and 100 users per server.... or so (make believe, none of these numbers are real) anywho.... I give a local operator a o:line because he's a good guy, or whatknot.... anywho this locop dedcides to try an squit command on a server, and I lose a server.... and I've lost users... GRRR!!!! and then i remove the o:line.... but I still don't have the same users....

of course being a network administrator, we should all be smart about giving out o:lines.... no matter the person, creating a standard system of testing non operators before giving them access to senstive commands... which many larger networks currently do.... so think about that you bastards! j/k

[Syzop]

well, you can surely see the people who were raised on window computers... the aspiring network administrators (even if they don't know it)

rotfl ;p.

Anyway, as codemastr says (and I did too), we are not going to change such stuff in 3.2, breaking such stuff is really annoying... we named it '3.2 stable' for a reason ;p.

no matter the person, creating a standard system of testing non operators before giving them access to senstive commands... which many larger networks currently do....

And do such nets disallow *any* /KILL's?? Coz, how are you going to test an oper if (s)he can't do anything! (sure, there's more than /kill, but it's one of the most obvious/simple privileges out there).