Provided by: ngircd_18-2_i386 bug


       ngircd.conf - configuration file of ngIRCd




       ngircd.conf  is  the configuration file of the ngircd(8) Internet Relay
       Chat (IRC) daemon, which must be customized to  the  local  preferences
       and needs.

       Most  variables  can  be  modified  while  the ngIRCd daemon is already
       running: It will reload its configuration file when  a  HUP  signal  or
       REHASH command is received.


       The file consists of sections and parameters. A section begins with the
       name of the section in square brackets and  continues  until  the  next
       section begins.

       Sections contain parameters of the form

              name = value

       Empty  lines  and  any  line beginning with a semicolon (';') or a hash
       ('#') character are treated as a comment and will be  ignored.  Leading
       and trailing whitespaces are trimmed before any processing takes place.

       The  file  format  is  line-based - that means, each non-empty newline-
       terminated line represents either a  comment,  a  section  name,  or  a

       Section and parameter names are not case sensitive.

       There  are  three  types  of  variables:  booleans,  text  strings, and
       numbers.  Boolean values are true if they are  "yes",  "true",  or  any
       non-null  integer.  Text  strings  are  used  1:1  without  leading and
       following spaces; there is no way to quote strings. And for numbers all
       decimal integer values are valid.

       In addition, some string or numerical variables accept lists of values,
       separated by commas (",").


       The file  can  contain  blocks  of  seven  types:  [Global],  [Limits],
       [Options], [SSL], [Operator], [Server], and [Channel].

       The main configuration of the server is stored in the [Global] section,
       like the server name, administrative information and the ports on which
       the  server  should be listening. The variables in this section have to
       be adjusted to the local requirements most of the time, whereas all the
       variables  in  the  other  sections  can be left on there defaults very

       Options in the [Limits] block are used to tweak  different  limits  and
       timeouts  of  the daemon, like the maximum number of clients allowed to
       connect to this server. Variables in the [Options] section can be  used
       to  enable  or  disable  specific  features of ngIRCd, like support for
       IDENT, PAM, IPv6, and protocol and cloaking features. The  [SSL]  block
       contains  all SSL-related configuration variables. These three sections
       are all optional.

       IRC operators of this server are defined in [Operator] blocks. Links to
       remote  servers  are  configured  in  [Server]  sections. And [Channel]
       blocks are used to configure pre-defined ("persistent") IRC channels.

       There can be more than one [Operator], [Server] and  [Channel]  section
       per  configuration  file  (one for each operator, server, and channel),
       but only exactly one [Global], one [Limits],  one  [Options],  and  one
       [SSL] section.


       The  [Global]  section  of  this  file  is  used  to  define  the  main
       configuration of the server, like the server  name  and  the  ports  on
       which  the  server  should be listening.  These settings depend on your
       personal preferences, so you should make sure that they  correspond  to
       your installation and setup!

       Name (string; required)
              Server  name  in  the IRC network. This is an individual name of
              the IRC server, it is not related to the DNS host name. It  must
              be  unique  in the IRC network and must contain at least one dot
              (".") character.

       AdminInfo1, AdminInfo2, AdminEMail (string)
              Information about the server and the administrator, used by  the
              ADMIN  command.  This  information is not required by the server
              but by RFC!

       Info (string)
              Info text of the server. This will be shown by WHOIS  and  LINKS
              requests for example.

       Listen (list of strings)
              A  comma separated list of IP address on which the server should
              listen.  If unset, the defaults value is "" or, if ngIRCd
              was  compiled  with  IPv6  support,  "::,". So the server
              listens  on  all  configured  IP  addresses  and  interfaces  by

       MotdFile (string)
              Text  file  with  the  "message of the day" (MOTD). This message
              will be shown to all users  connecting  to  the  server.  Please
              note:  Changes  made to this file take effect when ngircd starts
              up or is instructed to re-read its configuration file.

       MotdPhrase (string)
              A simple Phrase (<256 chars) if you don't want  to  use  a  MOTD

       Password (string)
              Global  password  for all users needed to connect to the server.
              The default is empty, so no password is required.  Please  note:
              This feature is not available if ngIRCd is using PAM!

       PidFile (string)
              This  tells  ngIRCd  to  write its current process ID to a file.
              Note that the pidfile is written AFTER chroot and switching  the
              user  ID,  e.g.  the  directory  the  pidfile resides in must be
              writable by the ngIRCd user and exist in  the  chroot  directory
              (if configured, see above).

       Ports (list of numbers)
              Ports  on which the server should listen. There may be more than
              one port, separated with commas  (",").  Default:  6667,  unless
              SSL_Ports are also specified.

       ServerGID (string or number)
              Group ID under which the ngIRCd should run; you can use the name
              of the group or the numerical ID.

              For this to work the server must have  been  started  with  root

       ServerUID (string or number)
              User  ID under which the server should run; you can use the name
              of the user or the numerical ID.

              For this to work the server must have  been  started  with  root
              privileges!  In  addition, the configuration and MOTD files must
              be readable by this user, otherwise  RESTART  and  REHASH  won't


       Define  some  limits  and  timeouts  for  this ngIRCd instance. Default
       values should be safe, but it is wise to double-check :-)

       ConnectRetry (number)
              The server tries every <ConnectRetry>  seconds  to  establish  a
              link to not yet (or no longer) connected servers. Default: 60.

       MaxConnections (number)
              Maximum  number of simultaneous in- and outbound connections the
              server is allowed to accept (0: unlimited). Default: 0.

       MaxConnectionsIP (number)
              Maximum number of simultaneous  connections  from  a  single  IP
              address  that  the  server  will  accept  (0:  unlimited).  This
              configuration options lowers  the  risk  of  denial  of  service
              attacks (DoS). Default: 5.

       MaxJoins (number)
              Maximum  number  of  channels  a  user  can  be member of (0: no
              limit).  Default: 10.

       MaxNickLength (number)
              Maximum length of an user nick  name  (Default:  9,  as  in  RFC
              2812).  Please  note that all servers in an IRC network MUST use
              the same maximum nick name length!

       PingTimeout (number)
              After <PingTimeout> seconds of inactivity the server will send a
              PING  to  the  peer to test whether it is alive or not. Default:

       PongTimeout (number)
              If  a  client  fails  to  answer  a  PING  with  a  PONG  within
              <PongTimeout>  seconds,  it  will be disconnected by the server.
              Default: 20.


       Optional features  and  configuration  options  to  further  tweak  the
       behavior  of  ngIRCd.  If  you  want  to  get started quickly, you most
       probably don't have to make changes here -- they are all optional.

       AllowRemoteOper (boolean)
              Are IRC operators connected to remote servers allowed to control
              this  server,  e.g.  are  they  allowed  to  use  administrative
              commands like CONNECT, DIE, SQUIT, ... that affect this  server?
              Default: no.

       ChrootDir (string)
              A  directory  to  chroot  in  when everything is initialized. It
              doesn't need to be populated if ngIRCd is compiled as  a  static
              binary. By default ngIRCd won't use the chroot() feature.

              For  this  to  work  the server must have been started with root

       CloakHost (string)
              Set this hostname for every client  instead  of  the  real  one.
              Default: empty, don't change.

              Please note:
              Don't  use  the percentage sign ("%"), it is reserved for future

       CloakUserToNick (boolean)
              Set every clients' user name to their nick name and hide the one
              supplied by the IRC client. Default: no.

       ConnectIPv4 (boolean)
              Set this to no if you do not want ngIRCd to connect to other IRC
              servers using the IPv4 protocol. This allows the usage of ngIRCd
              in IPv6-only setups.  Default: yes.

       ConnectIPv6 (boolean)
              Set this to no if you do not want ngIRCd to connect to other IRC
              servers using the IPv6 protocol.  Default: yes.

       DNS (boolean)
              If set to false, ngIRCd will  not  make  any  DNS  lookups  when
              clients  connect.   If  you  configure  the daemon to connect to
              other  servers,  ngIRCd  may  still  perform  a  DNS  lookup  if
              required.  Default: yes.

       Ident (boolean)
              If  ngIRCd  is  compiled  with IDENT support this can be used to
              disable IDENT lookups at run time.  Default: yes.

       MorePrivacy (boolean)
              This will cause ngIRCd to censor user idle time, logon  time  as
              well  as  the  part/quit  messages  (that  are sometimes used to
              inform everyone about which  client  software  is  being  used).
              WHOWAS  requests are also silently ignored.  This option is most
              useful when ngIRCd  is  being  used  together  with  anonymizing
              software such as TOR or I2P and one does not wish to make it too
              easy to collect statistics on the users.  Default: no.

       NoticeAuth (boolean)
              Normally ngIRCd doesn't send any messages to a client  until  it
              is  registered.   Enable  this  option  to  let  the daemon send
              "NOTICE AUTH" messages to clients while connecting. Default: no.

       OperCanUseMode (boolean)
              Should IRC Operators be allowed to use the MODE command even  if
              they are not(!) channel-operators? Default: no.

       OperServerMode (boolean)
              If  OperCanUseMode  is  enabled, this may lead the compatibility
              problems with Servers that  run  the  ircd-irc2  Software.  This
              Option  "masks"  mode  requests  by  non-chanops as if they were
              coming from the server. Default: no; only enable it if you  have
              ircd-irc2 servers in your IRC network.

       PAM (boolean)
              If  ngIRCd  is  compiled  with  PAM  support this can be used to
              disable all calls to the  PAM  library  at  runtime;  all  users
              connecting   without   password  are  allowed  to  connect,  all
              passwords given will fail.  Default: yes.

       PredefChannelsOnly (boolean)
              If enabled, no new channels can be created. Useful if you do not
              want  to  have  other  channels  than those defined in [Channel]
              sections in the configuration file on this server.  Default: no.

       RequireAuthPing (boolean)
              Let ngIRCd send an  "authentication  PING"  when  a  new  client
              connects,  and  register  this  client  only after receiving the
              corresponding "PONG" reply.  Default: no.

       ScrubCTCP (boolean)
              If set to true, ngIRCd will silently drop all CTCP requests sent
              to  it  from  both clients and servers. It will also not forward
              CTCP requests to any other servers. CTCP requests can be used to
              query user clients about which software they are using and which
              versions said software is. CTCP  can  also  be  used  to  reveal
              clients  IP  numbers. ACTION CTCP requests are not blocked, this
              means that /me commands will not be  dropped,  but  please  note
              that  blocking  CTCP  will  disable  file sharing between users!
              Default: no.

       SyslogFacility (string)
              Syslog "facility" to which  ngIRCd  should  send  log  messages.
              Possible  values are system dependent, but most probably "auth",
              "daemon", "user" and  "local1"  through  "local7"  are  possible
              values;  see  syslog(3).   Default  is  "local5"  for historical
              reasons, you probably want  to  change  this  to  "daemon",  for

       WebircPassword (string)
              Password required for using the WEBIRC command used by some Web-
              to-IRC gateways. If not set or empty, the WEBIRC  command  can't
              be used.  Default: not set.


       All  SSL-related  configuration  variables  are  located  in  the [SSL]
       section. Please note that this whole  section  is  only  recognized  by
       ngIRCd  when  it  is  compiled  with  support  for SSL using OpenSSL or

       CertFile (string)
              SSL Certificate file of the private server key.

       DHFile (string)
              Name of the Diffie-Hellman Parameter file. Can be  created  with
              GnuTLS  "certtool --generate-dh-params" or "openssl dhparam". If
              this file is not present, it will be generated on  startup  when
              ngIRCd  was  compiled  with  GnuTLS  support (this may take some
              time).   If   ngIRCd   was   compiled   with    OpenSSL,    then
              (Ephemeral)-Diffie-Hellman  Key  Exchanges  and  several  Cipher
              Suites will not be available.

       KeyFile (string)
              Filename of SSL Server Key to be used for SSL connections.  This
              is required for SSL/TLS support.

       KeyFilePassword (string)
              OpenSSL only: Password to decrypt the private key file.

       Ports (list of numbers)
              Same  as  Ports  ,  except  that  ngIRCd  will  expect  incoming
              connections to be SSL/TLS encrypted.  Common  port  numbers  for
              SSL-encrypted IRC are 6669 and 6697. Default: none.


       [Operator] sections are used to define IRC Operators. There may be more
       than one [Operator] block, one for each local operator.

       Name (string)
              ID of the operator (may be different of the nick name).

       Password (string)
              Password of the IRC operator.

       Mask (string)
              Mask that is to be checked before an /OPER for this  account  is
              accepted.  Example: nick!ident@*


       Other  servers  are configured in [Server] sections. If you configure a
       port for the connection, then this ngIRCd tries to connect  to  to  the
       other server on the given port (active); if not, it waits for the other
       server to connect (passive).

       ngIRCd supports "server groups": You can assign an "ID" to every server
       with which you want this ngIRCd to link, and the daemon ensures that at
       any given time only one direct link exists to servers with the same ID.
       So  if a server of a group won't answer, ngIRCd tries to connect to the
       next server in the given group (="with the same ID"), but  never  tries
       to connect to more than one server of this group simultaneously.

       There may be more than one [Server] block.

       Name (string)
              IRC name of the remote server.

       Host (string)
              Internet host name (or IP address) of the peer.

       Bind (string)
              IP  address  to  use  as  source IP for the outgoing connection.
              Default is to let the operating system decide.

       Port (number)
              Port of  the  remote  server  to  which  ngIRCd  should  connect
              (active).   If  no  port is assigned to a configured server, the
              daemon only waits for incoming connections (passive, default).

       MyPassword (string)
              Own password for  this  connection.  This  password  has  to  be
              configured  as  PeerPassword  on the other server. Must not have
              ':' as first character.

       PeerPassword (string)
              Foreign password for this connection. This password  has  to  be
              configured as MyPassword on the other server.

       Group (number)
              Group of this server (optional).

       Passive (boolean)
              Disable  automatic  connection  even if port value is specified.
              Default: false.  You can use the IRC  Operator  command  CONNECT
              later on to create the link.

       SSLConnect (boolean)
              Connect to the remote server using TLS/SSL. Default: false.

       ServiceMask (string)
              Define a (case insensitive) mask matching nick names that should
              be treated as IRC  services  when  introduced  via  this  remote
              server.  REGULAR  SERVERS DON'T NEED this parameter, so leave it
              empty (which is the default).

              When you are connecting IRC services which mask as a IRC  server
              and  which  use "virtual users" to communicate with, for example
              "NickServ" and "ChanServ", you  should  set  this  parameter  to
              something like "*Serv".


       Pre-defined  channels  can  be  configured  in [Channel] sections. Such
       channels are created by the server when starting up  and  even  persist
       when there are no more members left.

       Persistent  channels are marked with the mode 'P', which can be set and
       unset by IRC operators like other modes on the fly.

       There may be more than one [Channel] block.

       Name (string)
              Name of the channel, including channel prefix ("#" or "&").

       Topic (string)
              Topic for this channel.

       Modes (string)
              Initial channel modes.

       Key (string)
              Sets initial channel key (only relevant if channel mode  "k"  is

       KeyFile (string)
              Path and file name of a "key file" containing individual channel
              keys for different users. The file consists of plain text  lines
              with the following syntax (without spaces!):

                     user : nick : key

              user and nick can contain the wildcard character "*".
              key is an arbitrary password.

              Valid examples are:


              The  key file is read on each JOIN command when this channel has
              a key (channel mode +k). Access is granted, if  a)  the  channel
              key  set using the MODE +k command or b) one of the lines in the
              key file match.

              Please note:
              The file is not reopened on each access, so you can  modify  and
              overwrite  it  without problems, but moving or deleting the file
              will  have  not   effect   until   the   daemon   re-reads   its

       MaxUsers (number)
              Set  maximum  user  limit  for  this  channel  (only relevant if
              channel mode "l" is set).


       It's wise to use "ngircd --configtest" to  validate  the  configuration
       file after changing it. See ngircd(8) for details.


       Alexander Barton, <>
       Florian Westphal, <>