To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Identfile

From ZNC
Revision as of 17:54, 18 June 2013 by >Paccer (→‎Usage)
Jump to navigation Jump to search

The identfile module places the ident of a user to a file when they are trying to connect. When the IRC server gets the connection request, it will query your system for the ident. An ident server such as oidentd or ident2 can read the ident file and send this ident back to the IRC server. Afterwards ZNC writes back the old contents of your ident file.

Usage

Arguments

This global module takes no arguments.

Read loading modules to learn more about loading modules.

Commands

Output of /msg *identfile help:

 +-----------+-----------+----------------------+
 | Command   | Arguments | Description          |
 +-----------+-----------+----------------------+
 | GetFile   |           |                      |
 | GetFormat |           |                      |
 | Help      | search    | Generate this output |
 | SetFile   | <file>    |                      |
 | SetFormat | <format>  |                      |
 | Show      |           |                      |
 +-----------+-----------+----------------------+

The format uses ExpandString, so %ident% will be expanded to ident. Another popular value uses %username%, it's useful for BNC providers

Using identfile with oidentd

1. Your /etc/oidentd.conf must allow ident spoofing for the user ZNC runs as (the allow spoof privilege).

Example file:

user "znc" {
    default {
        allow spoof
        allow spoof_all
        allow spoof_privport
        allow random
        allow random_numeric
        allow numeric
        allow hide
    }
}

2. Create an empty .oidentd.conf in the homedir of the user you are running ZNC as (this step may be unnecessary)

touch ~/.oidentd.conf
chmod 644 ~/.oidentd.conf

3. Oidentd must be able to read your ~/.oidentd.conf. Therefore ZNC's homedir should at least have 711 (world executable, rwx--x--x) permissions.

chmod 711 ~

4. Next load and configure the identfile module. This can be done with the following commands.

/msg *status loadmod identfile
/msg *identfile setfile ~/.oidentd.conf
/msg *identfile setformat global { reply "%ident%" }

Check ExpandString for possible variables

Note: If you use ipv6 with oidentd and it is not working for an unknown reason, try running it like this: oidentd -a :: - it should force ipv6.

Using identfile with ident2

1. Install ident2. By default when you install ident2 on debian it will automatically be configured and started via xinetd. If you are starting ident2 manually you will need to start it with the "-n" argument. This allows using an ident file in a user's homedir over there username for ident, and is required for use with the identfile module.

2. Next load and configure the identfile module. This can be done with the following commands.

/msg *status loadmod identfile
/msg *identfile setfile ~/.ident
/msg *identfile setformat ident %ident%

File Permissions

ident2 must be able to read your "~/.ident file". Therefore ZNC's homedir should at least have 711 (world executable, rwx--x--x) permissions. Commonly most homedir's are created as executable by other users but if this is not the case then you can use the following commands to change the permissions.

chmod 711 ~
touch ~/.ident
chmod 644 ~/.ident

Chrooted installs with identfile

If you have chrooted your ZNC installation you can still use identfile. Simply create a symbolic link to the ident file inside the chroot:

ln -s /home/bouncer/ident /var/chroot/home/bouncer/ident

You will need to change the "ident" part of each file to the actual file that your ident system uses, for oidentd it would become the following:

ln -s /home/bouncer/.oidentd.conf /var/chroot/home/bouncer/.oidentd.conf

All changes made by ZNC to the chromed ident file will now be visible for your ident server. An other way is, to chroot the ident server too which is more secure, but isn't easy for novice users.

Alternative

Using ident spoofs with identserver and iptables