ngircd.conf.5.tmpl 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515
  1. .\"
  2. .\" ngircd.conf(5) manual page template
  3. .\"
  4. .TH ngircd.conf 5 "Mar 2012" ngircd "ngIRCd Manual"
  5. .SH NAME
  6. ngircd.conf \- configuration file of ngIRCd
  7. .SH SYNOPSIS
  8. .B :ETCDIR:/ngircd.conf
  9. .SH DESCRIPTION
  10. .BR ngircd.conf
  11. is the configuration file of the
  12. .BR ngircd (8)
  13. Internet Relay Chat (IRC) daemon, which must be customized to the local
  14. preferences and needs.
  15. .PP
  16. Most variables can be modified while the ngIRCd daemon is already running:
  17. It will reload its configuration file when a HUP signal or REHASH command
  18. is received.
  19. .SH "FILE FORMAT"
  20. The file consists of sections and parameters. A section begins with the name
  21. of the section in square brackets and continues until the next section
  22. begins.
  23. .PP
  24. Sections contain parameters of the form
  25. .PP
  26. .RS
  27. .I name
  28. =
  29. .I value
  30. .RE
  31. .PP
  32. Empty lines and any line beginning with a semicolon (';') or a hash ('#')
  33. character are treated as a comment and will be ignored. Leading and trailing
  34. whitespaces are trimmed before any processing takes place.
  35. .PP
  36. The file format is line-based - that means, each non-empty newline-terminated
  37. line represents either a comment, a section name, or a parameter.
  38. .PP
  39. Section and parameter names are not case sensitive.
  40. .PP
  41. There are three types of variables:
  42. .I booleans,
  43. .I text strings,
  44. and
  45. .I numbers.
  46. Boolean values are
  47. .I true
  48. if they are "yes", "true", or any non-null integer. Text strings are used 1:1
  49. without leading and following spaces; there is no way to quote strings. And
  50. for numbers all decimal integer values are valid.
  51. .PP
  52. In addition, some string or numerical variables accept lists of values,
  53. separated by commas (",").
  54. .SH "SECTION OVERVIEW"
  55. The file can contain blocks of seven types: [Global], [Limits], [Options],
  56. [SSL], [Operator], [Server], and [Channel].
  57. .PP
  58. The main configuration of the server is stored in the
  59. .I [Global]
  60. section, like the server name, administrative information and the ports on
  61. which the server should be listening. The variables in this section have to be
  62. adjusted to the local requirements most of the time, whereas all the variables
  63. in the other sections can be left on there defaults very often.
  64. .PP
  65. Options in the
  66. .I [Limits]
  67. block are used to tweak different limits and timeouts of the daemon, like the
  68. maximum number of clients allowed to connect to this server. Variables in the
  69. .I [Options]
  70. section can be used to enable or disable specific features of ngIRCd, like
  71. support for IDENT, PAM, IPv6, and protocol and cloaking features. The
  72. .I [SSL]
  73. block contains all SSL-related configuration variables. These three sections
  74. are all optional.
  75. .PP
  76. IRC operators of this server are defined in
  77. .I [Operator]
  78. blocks. Links to remote servers are configured in
  79. .I [Server]
  80. sections. And
  81. .I [Channel]
  82. blocks are used to configure pre-defined ("persistent") IRC channels.
  83. .PP
  84. There can be more than one [Operator], [Server] and [Channel] section per
  85. configuration file (one for each operator, server, and channel), but only
  86. exactly one [Global], one [Limits], one [Options], and one [SSL] section.
  87. .SH [GLOBAL]
  88. The
  89. .I [Global]
  90. section of this file is used to define the main configuration of the server,
  91. like the server name and the ports on which the server should be listening.
  92. These settings depend on your personal preferences, so you should make sure
  93. that they correspond to your installation and setup!
  94. .TP
  95. \fBName\fR (string; required)
  96. Server name in the IRC network. This is an individual name of the IRC
  97. server, it is not related to the DNS host name. It must be unique in the
  98. IRC network and must contain at least one dot (".") character.
  99. .TP
  100. \fBAdminInfo1\fR, \fBAdminInfo2\fR, \fBAdminEMail\fR (string)
  101. Information about the server and the administrator, used by the ADMIN
  102. command. This information is not required by the server but by RFC!
  103. .TP
  104. \fBInfo\fR (string)
  105. Info text of the server. This will be shown by WHOIS and LINKS requests for
  106. example.
  107. .TP
  108. \fBListen\fR (list of strings)
  109. A comma separated list of IP address on which the server should listen.
  110. If unset, the defaults value is "0.0.0.0" or, if ngIRCd was compiled
  111. with IPv6 support, "::,0.0.0.0". So the server listens on all configured
  112. IP addresses and interfaces by default.
  113. .TP
  114. \fBMotdFile\fR (string)
  115. Text file with the "message of the day" (MOTD). This message will be shown to
  116. all users connecting to the server. Please note: Changes made to this file
  117. take effect when ngircd starts up or is instructed to re-read its
  118. configuration file.
  119. .TP
  120. \fBMotdPhrase\fR (string)
  121. A simple Phrase (<256 chars) if you don't want to use a MOTD file.
  122. .TP
  123. \fBPassword\fR (string)
  124. Global password for all users needed to connect to the server. The default is
  125. empty, so no password is required. Please note: This feature is not available
  126. if ngIRCd is using PAM!
  127. .TP
  128. \fBPidFile\fR (string)
  129. This tells ngIRCd to write its current process ID to a file. Note that the
  130. pidfile is written AFTER chroot and switching the user ID, e.g. the directory
  131. the pidfile resides in must be writable by the ngIRCd user and exist in the
  132. chroot directory (if configured, see above).
  133. .TP
  134. \fBPorts\fR (list of numbers)
  135. Ports on which the server should listen for unencrypted connections. There
  136. may be more than one port, separated with commas (","). Default: 6667.
  137. .TP
  138. \fBServerGID\fR (string or number)
  139. Group ID under which the ngIRCd should run; you can use the name of the
  140. group or the numerical ID.
  141. .PP
  142. .RS
  143. .B Attention:
  144. .br
  145. For this to work the server must have been started with root privileges!
  146. .RE
  147. .TP
  148. \fBServerUID\fR (string or number)
  149. User ID under which the server should run; you can use the name of the user
  150. or the numerical ID.
  151. .PP
  152. .RS
  153. .B Attention:
  154. .br
  155. For this to work the server must have been started with root privileges! In
  156. addition, the configuration and MOTD files must be readable by this user,
  157. otherwise RESTART and REHASH won't work!
  158. .RE
  159. .SH [LIMITS]
  160. Define some limits and timeouts for this ngIRCd instance. Default values
  161. should be safe, but it is wise to double-check :-)
  162. .TP
  163. \fBConnectRetry\fR (number)
  164. The server tries every <ConnectRetry> seconds to establish a link to not yet
  165. (or no longer) connected servers. Default: 60.
  166. .TP
  167. \fBMaxConnections\fR (number)
  168. Maximum number of simultaneous in- and outbound connections the server is
  169. allowed to accept (0: unlimited). Default: 0.
  170. .TP
  171. \fBMaxConnectionsIP\fR (number)
  172. Maximum number of simultaneous connections from a single IP address that
  173. the server will accept (0: unlimited). This configuration options lowers
  174. the risk of denial of service attacks (DoS). Default: 5.
  175. .TP
  176. \fBMaxJoins\fR (number)
  177. Maximum number of channels a user can be member of (0: no limit).
  178. Default: 10.
  179. .TP
  180. \fBMaxNickLength\fR (number)
  181. Maximum length of an user nick name (Default: 9, as in RFC 2812). Please
  182. note that all servers in an IRC network MUST use the same maximum nick name
  183. length!
  184. .TP
  185. \fBPingTimeout\fR (number)
  186. After <PingTimeout> seconds of inactivity the server will send a PING to
  187. the peer to test whether it is alive or not. Default: 120.
  188. .TP
  189. \fBPongTimeout\fR (number)
  190. If a client fails to answer a PING with a PONG within <PongTimeout>
  191. seconds, it will be disconnected by the server. Default: 20.
  192. .SH [OPTIONS]
  193. Optional features and configuration options to further tweak the behavior of
  194. ngIRCd. If you want to get started quickly, you most probably don't have to
  195. make changes here -- they are all optional.
  196. .TP
  197. \fBAllowRemoteOper\fR (boolean)
  198. Are IRC operators connected to remote servers allowed to control this server,
  199. e.g. are they allowed to use administrative commands like CONNECT, DIE,
  200. SQUIT, ... that affect this server? Default: no.
  201. .TP
  202. \fBChrootDir\fR (string)
  203. A directory to chroot in when everything is initialized. It doesn't need
  204. to be populated if ngIRCd is compiled as a static binary. By default ngIRCd
  205. won't use the chroot() feature.
  206. .PP
  207. .RS
  208. .B Attention:
  209. .br
  210. For this to work the server must have been started with root privileges!
  211. .RE
  212. .TP
  213. \fBCloakHost\fR (string)
  214. Set this hostname for every client instead of the real one. Default: empty,
  215. don't change.
  216. .PP
  217. .RS
  218. .B Please note:
  219. .br
  220. Don't use the percentage sign ("%"), it is reserved for future extensions!
  221. .RE
  222. .TP
  223. \fBCloakUserToNick\fR (boolean)
  224. Set every clients' user name to their nick name and hide the one supplied
  225. by the IRC client. Default: no.
  226. .TP
  227. \fBConnectIPv4\fR (boolean)
  228. Set this to no if you do not want ngIRCd to connect to other IRC servers using
  229. the IPv4 protocol. This allows the usage of ngIRCd in IPv6-only setups.
  230. Default: yes.
  231. .TP
  232. \fBConnectIPv6\fR (boolean)
  233. Set this to no if you do not want ngIRCd to connect to other IRC servers using
  234. the IPv6 protocol.
  235. Default: yes.
  236. .TP
  237. \fBDNS\fR (boolean)
  238. If set to false, ngIRCd will not make any DNS lookups when clients connect.
  239. If you configure the daemon to connect to other servers, ngIRCd may still
  240. perform a DNS lookup if required.
  241. Default: yes.
  242. .TP
  243. \fBIdent\fR (boolean)
  244. If ngIRCd is compiled with IDENT support this can be used to disable IDENT
  245. lookups at run time.
  246. Users identified using IDENT are registered without the "~" character
  247. prepended to their user name.
  248. Default: yes.
  249. .TP
  250. \fBMorePrivacy\fR (boolean)
  251. This will cause ngIRCd to censor user idle time, logon time as well as the
  252. part/quit messages (that are sometimes used to inform everyone about which
  253. client software is being used). WHOWAS requests are also silently ignored.
  254. This option is most useful when ngIRCd is being used together with
  255. anonymizing software such as TOR or I2P and one does not wish to make it
  256. too easy to collect statistics on the users.
  257. Default: no.
  258. .TP
  259. \fBNoticeAuth\fR (boolean)
  260. Normally ngIRCd doesn't send any messages to a client until it is registered.
  261. Enable this option to let the daemon send "NOTICE AUTH" messages to clients
  262. while connecting. Default: no.
  263. .TP
  264. \fBOperCanUseMode\fR (boolean)
  265. Should IRC Operators be allowed to use the MODE command even if they are
  266. not(!) channel-operators? Default: no.
  267. .TP
  268. \fBOperServerMode\fR (boolean)
  269. If \fBOperCanUseMode\fR is enabled, this may lead the compatibility problems
  270. with Servers that run the ircd-irc2 Software. This Option "masks" mode
  271. requests by non-chanops as if they were coming from the server. Default: no;
  272. only enable it if you have ircd-irc2 servers in your IRC network.
  273. .TP
  274. \fBPAM\fR (boolean)
  275. If ngIRCd is compiled with PAM support this can be used to disable all calls
  276. to the PAM library at runtime; all users connecting without password are
  277. allowed to connect, all passwords given will fail.
  278. Users identified using PAM are registered without the "~" character
  279. prepended to their user name.
  280. Default: yes.
  281. .TP
  282. \fBPAMIsOptional\fR (boolean)
  283. When PAM is enabled, all clients are required to be authenticated using PAM;
  284. connecting to the server without successful PAM authentication isn't possible.
  285. If this option is set, clients not sending a password are still allowed to
  286. connect: they won't become "identified" and keep the "~" character prepended
  287. to their supplied user name.
  288. Please note:
  289. To make some use of this behavior, it most probably isn't useful to enable
  290. "Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be
  291. able to distinguish between Ident'ified and PAM-authenticated users: both
  292. don't have a "~" character prepended to their respective user names!
  293. Default: no.
  294. .TP
  295. \fBPredefChannelsOnly\fR (boolean)
  296. If enabled, no new channels can be created. Useful if you do not want to have
  297. other channels than those defined in [Channel] sections in the configuration
  298. file on this server.
  299. Default: no.
  300. .TP
  301. \fBRequireAuthPing\fR (boolean)
  302. Let ngIRCd send an "authentication PING" when a new client connects, and
  303. register this client only after receiving the corresponding "PONG" reply.
  304. Default: no.
  305. .TP
  306. \fBScrubCTCP\fR (boolean)
  307. If set to true, ngIRCd will silently drop all CTCP requests sent to it from
  308. both clients and servers. It will also not forward CTCP requests to any
  309. other servers. CTCP requests can be used to query user clients about which
  310. software they are using and which versions said software is. CTCP can also be
  311. used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
  312. this means that /me commands will not be dropped, but please note that
  313. blocking CTCP will disable file sharing between users!
  314. Default: no.
  315. .TP
  316. \fBSyslogFacility\fR (string)
  317. Syslog "facility" to which ngIRCd should send log messages. Possible
  318. values are system dependent, but most probably "auth", "daemon", "user"
  319. and "local1" through "local7" are possible values; see syslog(3).
  320. Default is "local5" for historical reasons, you probably want to
  321. change this to "daemon", for example.
  322. .TP
  323. \fBWebircPassword\fR (string)
  324. Password required for using the WEBIRC command used by some Web-to-IRC
  325. gateways. If not set or empty, the WEBIRC command can't be used.
  326. Default: not set.
  327. .SH [SSL]
  328. All SSL-related configuration variables are located in the
  329. .I [SSL]
  330. section. Please note that this whole section is only recognized by ngIRCd
  331. when it is compiled with support for SSL using OpenSSL or GnuTLS!
  332. .TP
  333. \fBCertFile\fR (string)
  334. SSL Certificate file of the private server key.
  335. .TP
  336. \fBDHFile\fR (string)
  337. Name of the Diffie-Hellman Parameter file. Can be created with GnuTLS
  338. "certtool \-\-generate-dh-params" or "openssl dhparam". If this file is not
  339. present, it will be generated on startup when ngIRCd was compiled with GnuTLS
  340. support (this may take some time). If ngIRCd was compiled with OpenSSL, then
  341. (Ephemeral)-Diffie-Hellman Key Exchanges and several Cipher Suites will not be
  342. available.
  343. .TP
  344. \fBKeyFile\fR (string)
  345. Filename of SSL Server Key to be used for SSL connections. This is required
  346. for SSL/TLS support.
  347. .TP
  348. \fBKeyFilePassword\fR (string)
  349. OpenSSL only: Password to decrypt the private key file.
  350. .TP
  351. \fBPorts\fR (list of numbers)
  352. Same as \fBPorts\fR , except that ngIRCd will expect incoming connections
  353. to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669
  354. and 6697. Default: none.
  355. .SH [OPERATOR]
  356. .I [Operator]
  357. sections are used to define IRC Operators. There may be more than one
  358. .I [Operator]
  359. block, one for each local operator.
  360. .TP
  361. \fBName\fR (string)
  362. ID of the operator (may be different of the nick name).
  363. .TP
  364. \fBPassword\fR (string)
  365. Password of the IRC operator.
  366. .TP
  367. \fBMask\fR (string)
  368. Mask that is to be checked before an /OPER for this account is accepted.
  369. Example: nick!ident@*.example.com
  370. .SH [SERVER]
  371. Other servers are configured in
  372. .I [Server]
  373. sections. If you configure a port for the connection, then this ngIRCd
  374. tries to connect to to the other server on the given port (active);
  375. if not, it waits for the other server to connect (passive).
  376. .PP
  377. ngIRCd supports "server groups": You can assign an "ID" to every server
  378. with which you want this ngIRCd to link, and the daemon ensures that at
  379. any given time only one direct link exists to servers with the same ID.
  380. So if a server of a group won't answer, ngIRCd tries to connect to the next
  381. server in the given group (="with the same ID"), but never tries to connect
  382. to more than one server of this group simultaneously.
  383. .PP
  384. There may be more than one
  385. .I [Server]
  386. block.
  387. .TP
  388. \fBName\fR (string)
  389. IRC name of the remote server.
  390. .TP
  391. \fBHost\fR (string)
  392. Internet host name (or IP address) of the peer.
  393. .TP
  394. \fBBind\fR (string)
  395. IP address to use as source IP for the outgoing connection. Default is
  396. to let the operating system decide.
  397. .TP
  398. \fBPort\fR (number)
  399. Port of the remote server to which ngIRCd should connect (active).
  400. If no port is assigned to a configured server, the daemon only waits for
  401. incoming connections (passive, default).
  402. .TP
  403. \fBMyPassword\fR (string)
  404. Own password for this connection. This password has to be configured as
  405. \fBPeerPassword\fR on the other server. Must not have ':' as first character.
  406. .TP
  407. \fBPeerPassword\fR (string)
  408. Foreign password for this connection. This password has to be configured as
  409. \fBMyPassword\fR on the other server.
  410. .TP
  411. \fBGroup\fR (number)
  412. Group of this server (optional).
  413. .TP
  414. \fBPassive\fR (boolean)
  415. Disable automatic connection even if port value is specified. Default: false.
  416. You can use the IRC Operator command CONNECT later on to create the link.
  417. .TP
  418. \fBSSLConnect\fR (boolean)
  419. Connect to the remote server using TLS/SSL. Default: false.
  420. .TP
  421. \fBServiceMask\fR (string)
  422. Define a (case insensitive) mask matching nick names that should be treated as
  423. IRC services when introduced via this remote server. REGULAR SERVERS DON'T NEED
  424. this parameter, so leave it empty (which is the default).
  425. .PP
  426. .RS
  427. When you are connecting IRC services which mask as a IRC server and which use
  428. "virtual users" to communicate with, for example "NickServ" and "ChanServ",
  429. you should set this parameter to something like "*Serv".
  430. .SH [CHANNEL]
  431. Pre-defined channels can be configured in
  432. .I [Channel]
  433. sections. Such channels are created by the server when starting up and even
  434. persist when there are no more members left.
  435. .PP
  436. Persistent channels are marked with the mode 'P', which can be set and unset
  437. by IRC operators like other modes on the fly.
  438. .PP
  439. There may be more than one
  440. .I [Channel]
  441. block.
  442. .TP
  443. \fBName\fR (string)
  444. Name of the channel, including channel prefix ("#" or "&").
  445. .TP
  446. \fBTopic\fR (string)
  447. Topic for this channel.
  448. .TP
  449. \fBModes\fR (string)
  450. Initial channel modes.
  451. .TP
  452. \fBKey\fR (string)
  453. Sets initial channel key (only relevant if channel mode "k" is set).
  454. .TP
  455. \fBKeyFile\fR (string)
  456. Path and file name of a "key file" containing individual channel keys for
  457. different users. The file consists of plain text lines with the following
  458. syntax (without spaces!):
  459. .PP
  460. .RS
  461. .RS
  462. .I user
  463. :
  464. .I nick
  465. :
  466. .I key
  467. .RE
  468. .PP
  469. .I user
  470. and
  471. .I nick
  472. can contain the wildcard character "*".
  473. .br
  474. .I key
  475. is an arbitrary password.
  476. .PP
  477. Valid examples are:
  478. .PP
  479. .RS
  480. *:*:KeY
  481. .br
  482. *:nick:123
  483. .br
  484. ~user:*:xyz
  485. .RE
  486. .PP
  487. The key file is read on each JOIN command when this channel has a key
  488. (channel mode +k). Access is granted, if a) the channel key set using the
  489. MODE +k command or b) one of the lines in the key file match.
  490. .PP
  491. .B Please note:
  492. .br
  493. The file is not reopened on each access, so you can modify and overwrite it
  494. without problems, but moving or deleting the file will have not effect until
  495. the daemon re-reads its configuration!
  496. .RE
  497. .TP
  498. \fBMaxUsers\fR (number)
  499. Set maximum user limit for this channel (only relevant if channel mode "l"
  500. is set).
  501. .SH HINTS
  502. It's wise to use "ngircd \-\-configtest" to validate the configuration file
  503. after changing it. See
  504. .BR ngircd (8)
  505. for details.
  506. .SH AUTHOR
  507. Alexander Barton, <alex@barton.de>
  508. .br
  509. Florian Westphal, <fw@strlen.de>
  510. .PP
  511. Homepage: http://ngircd.barton.de/
  512. .SH "SEE ALSO"
  513. .BR ngircd (8)
  514. .\"
  515. .\" -eof-