os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

First pass through next 1/3 of this article.

Browse source 
Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne 2014-02-04 17:15:33 +00:00
parent f7aebf5b02
commit 2e7c5f8a7e
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=43765
1 changed files with 71 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
en_US.ISO8859-1/articles/linux-users/article.xml
View file

@ -48,7 +48,7 @@
</sect1> </sect1>
<sect1 xml:id="shells"> <sect1 xml:id="shells">
<title>Shells: No Bash?</title> <title>Default Shell</title>
<para>&linux; users are often surprised to find that <para>&linux; users are often surprised to find that
<application>Bash</application> is not the default shell in &os;. <application>Bash</application> is not the default shell in &os;.
@ -160,13 +160,13 @@
</sect1> </sect1>
<sect1 xml:id="startup"> <sect1 xml:id="startup">
<title>System Startup: Where are the run-levels?</title> <title>System Startup</title>
<para>&linux; uses the SysV init system, whereas &os; uses the <para>Many &linux; distributions use the SysV init system, whereas &os; uses the
traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8; traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8;,
there are no run-levels and no <filename>/etc/inittab</filename>, there are no run-levels and <filename>/etc/inittab</filename> does not exist.
instead startup is controlled by the &man.rc.8; utility. The Instead, startup is controlled by &man.rc.8; scripts. At system boot,
<filename>/etc/rc</filename> script reads <filename>/etc/rc</filename> reads
<filename>/etc/defaults/rc.conf</filename> and <filename>/etc/defaults/rc.conf</filename> and
<filename>/etc/rc.conf</filename> to determine which services are to be <filename>/etc/rc.conf</filename> to determine which services are to be
started. The specified services are then started by running the started. The specified services are then started by running the
@ -176,73 +176,63 @@
the scripts located in <filename>/etc/init.d/</filename> on &linux; the scripts located in <filename>/etc/init.d/</filename> on &linux;
systems.</para> systems.</para>
<sidebar> <para>The scripts found in
<para><emphasis>Why are there two locations for service initialization
scripts?</emphasis> The scripts found in
<filename>/etc/rc.d/</filename> are for applications that are part of <filename>/etc/rc.d/</filename> are for applications that are part of
the <quote>base</quote> system. (&man.cron.8;, &man.sshd.8;, the <quote>base</quote> system, such as &man.cron.8;, &man.sshd.8;, and
&man.syslog.3;, and others.) The scripts in &man.syslog.3;. The scripts in
<filename>/usr/local/etc/rc.d/</filename> are for user-installed <filename>/usr/local/etc/rc.d/</filename> are for user-installed
applications such as <application>Apache</application>, applications such as <application>Apache</application> and
<application>Squid</application>, etc.</para> <application>Squid</application>.</para>
<para><emphasis>What is the difference between the <quote>base</quote> <para>Since &os; is
system and user-installed applications?</emphasis> FreeBSD is developed as a complete operating system,
developed as a complete operating system. In other words, the user-installed applications are not considered to be part of
kernel, system libraries, and userland utilities (such as &man.ls.1;, the <quote>base</quote> system.
&man.cat.1;, &man.cp.1;, etc.) are developed and released together as User-installed applications are generally installed using <link
one. This is what is referred to as the <quote>base</quote> system. xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/ports-using.html">Packages or Ports</link>.
The user-installed applications are applications that are not part of
the <quote>base</quote> system, such as
<application>Apache</application>, <application>X11</application>,
<application>Mozilla&nbsp;Firefox</application>, etc. These
user-installed applications are generally installed using &os;'s <link xlink:href="article.html#SOFTWARE">Packages and Ports&nbsp;Collection</link>.
In order to keep them separate from the <quote>base</quote> system, In order to keep them separate from the <quote>base</quote> system,
user-installed applications are normally installed under user-installed applications are installed under
<filename>/usr/local/</filename>. Therefore the user-installed <filename>/usr/local/</filename>. Therefore, user-installed
binaries reside in <filename>/usr/local/bin/</filename>, binaries reside in <filename>/usr/local/bin/</filename>,
configuration files are in <filename>/usr/local/etc/</filename>, configuration files are in <filename>/usr/local/etc/</filename>,
and so on.</para> and so on.</para>
</sidebar>
<para>Services are enabled by specifying <para>Services are enabled by adding an entry for the service in
<literal>ServiceName_enable="YES"</literal> in <filename>/etc/rc.conf</filename> . The system defaults are found in
<filename>/etc/rc.conf</filename> (&man.rc.conf.5;). Take a look at <filename>/etc/defaults/rc.conf</filename> and
<filename>/etc/defaults/rc.conf</filename> for the system defaults,
these default settings are overridden by settings in these default settings are overridden by settings in
<filename>/etc/rc.conf</filename>. Also, when installing additional <filename>/etc/rc.conf</filename>. Refer to &man.rc.conf.5; for
applications be sure to review the documentation to determine how to more information about the available entries. When installing additional
applications, review the application's install message to determine how to
enable any associated services.</para> enable any associated services.</para>
<para>The following snippet from <filename>/etc/rc.conf</filename> enables <para>The following entries in <filename>/etc/rc.conf</filename> enable
&man.sshd.8; and <application>Apache 2.2</application>. It also &man.sshd.8;, enable <application>Apache 2.4</application>, and
specifies that <application>Apache</application> should be started specify that <application>Apache</application> should be started
with SSL.</para> with <acronym>SSL</acronym>.</para>
<programlisting># enable SSHD <programlisting># enable SSHD
sshd_enable="YES" sshd_enable="YES"
# enable Apache with SSL # enable Apache with SSL
apache22_enable="YES" apache24_enable="YES"
apache22_flags="-DSSL"</programlisting> apache24_flags="-DSSL"</programlisting>
<para>Once a service has been enabled in <filename>/etc/rc.conf</filename>, <para>Once a service has been enabled in <filename>/etc/rc.conf</filename>,
the service can be started from the command line (without rebooting the it can be started without rebooting the
system):</para> system:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/sshd start</userinput></screen> <screen>&prompt.root; <userinput>service sshd start</userinput>
&prompt.root; <userinput>service apache24 start</userinput></screen>
<para>If a service has not been enabled it can be started from the <para>If a service has not been enabled, it can be started from the
command line using <option>forcestart</option>:</para> command line using <option>onestart</option>:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/sshd forcestart</userinput></screen> <screen>&prompt.root; <userinput>service sshd onestart</userinput></screen>
</sect1> </sect1>
<sect1 xml:id="network"> <sect1 xml:id="network">
<title>Network configuration</title> <title>Network configuration</title>
<sect2 xml:id="interfaces">
<title>Network Interfaces</title>
<para>Instead of a generic <emphasis>ethX</emphasis> identifier that <para>Instead of a generic <emphasis>ethX</emphasis> identifier that
&linux; uses to identify a network interface, &os; uses the driver &linux; uses to identify a network interface, &os; uses the driver
name followed by a number as the identifier. The following output name followed by a number as the identifier. The following output
@ -262,75 +252,67 @@ em1: flags=8843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST&gt; mtu 1500
ether 00:50:56:a7:03:2b ether 00:50:56:a7:03:2b
media: Ethernet autoselect (1000baseTX &lt;full-duplex&gt;) media: Ethernet autoselect (1000baseTX &lt;full-duplex&gt;)
status: active</screen> status: active</screen>
</sect2>
<sect2 xml:id="ipaddress"> <para>An <acronym>IP</acronym> address can be assigned to an interface using
<title>IP Configuration</title> &man.ifconfig.8;. To remain persistent across reboots, the
<acronym>IP</acronym> configuration must be included in
<para>An IP address can be assigned to an interface using
&man.ifconfig.8;. However, to remain persistent across reboots the
IP configuration must be included in
<filename>/etc/rc.conf</filename>. The following example <filename>/etc/rc.conf</filename>. The following example
specifies the hostname, IP address, and default gateway:</para> specifies the hostname, <acronym>IP</acronym> address, and default gateway:</para>
<programlisting>hostname="server1.example.com" <programlisting>hostname="server1.example.com"
ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0" ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0"
defaultrouter="10.10.10.1"</programlisting> defaultrouter="10.10.10.1"</programlisting>
<para>Use the following to configure an interface for DHCP:</para> <para>Use the following to instead configure an interface for <acronym>DHCP</acronym>:</para>
<programlisting>hostname="server1.example.com" <programlisting>hostname="server1.example.com"
ifconfig_em0="DHCP"</programlisting> ifconfig_em0="DHCP"</programlisting>
</sect2>
</sect1> </sect1>
<sect1 xml:id="firewall"> <sect1 xml:id="firewall">
<title>Firewall</title> <title>Firewall</title>
<para>Like <application>IPTABLES</application> in &linux;, &os; also offers <para>&os; does not use &linux; <application>IPTABLES</application> for its firewall. Instead, &os; offers
a kernel level firewall; actually &os; offers three firewalls:</para> a choice of three kernel level firewalls:</para>
<itemizedlist> <itemizedlist>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html">IPFIREWALL</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html">IPFILTER</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html">PF</link></simpara></listitem> <listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html">PF</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html">IPFILTER</link></simpara></listitem>
<listitem><simpara><link xlink:href="&url.base;/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html">IPFW</link></simpara></listitem>
</itemizedlist> </itemizedlist>
<para><application>IPFIREWALL</application> or <para><application>PF</application> is
<application>IPFW</application> (the command to manage an developed by the OpenBSD project and ported to &os;. <application>PF</application> was
<application>IPFW</application> ruleset is &man.ipfw.8;) is the created as a replacement for <application>IPFILTER</application> and
firewall developed and maintained by the &os; developers. its syntax is similar to that of
<application>IPFW</application> can be paired with &man.dummynet.4; to <application>IPFILTER</application>. <application>PF</application> can
provide traffic shaping capabilities and simulate different types of be paired with &man.altq.4; to provide <acronym>QoS</acronym> features.</para>
network connections.</para>
<para>Sample <application>IPFW</application> rule to allow <para>This sample <application>PF</application> entry allows inbound
<application>SSH</application> in:</para> <application>SSH</application>:</para>
<programlisting>ipfw add allow tcp from any to me 22 in via $ext_if</programlisting> <programlisting>pass in on $ext_if inet proto tcp from any to ($ext_if) port 22</programlisting>
<para><application>IPFILTER</application> is the firewall application <para><application>IPFILTER</application> is the firewall application
developed by Darren&nbsp;Reed. It is not specific to &os;, and has been developed by Darren Reed. It is not specific to &os; and has been
ported to several operating systems including NetBSD, OpenBSD, SunOS, ported to several operating systems including NetBSD, OpenBSD, SunOS,
HP/UX, and Solaris.</para> HP/UX, and Solaris.</para>
<para>Sample <application>IPFILTER</application> command to allow <para>The <application>IPFILTER</application> syntax to allow inbound
<application>SSH</application> in:</para> <application>SSH</application> is:</para>
<programlisting>pass in on $ext_if proto tcp from any to any port = 22</programlisting> <programlisting>pass in on $ext_if proto tcp from any to any port = 22</programlisting>
<para>The last firewall application, <application>PF</application>, is <para><application>IPFW</application> is the
developed by the OpenBSD project. <application>PF</application> was firewall developed and maintained by &os;.
created as a replacement for <application>IPFILTER</application>. As It can be paired with &man.dummynet.4; to
such, the <application>PF</application> syntax is very similar to that of provide traffic shaping capabilities and simulate different types of
<application>IPFILTER</application>. <application>PF</application> can network connections.</para>
be paired with &man.altq.4; to provide QoS features.</para>
<para>Sample <application>PF</application> command to allow <para>The <application>IPFW</application> syntax to allow inbound
<application>SSH</application> in:</para> <application>SSH</application> would be:</para>
<programlisting>pass in on $ext_if inet proto tcp from any to ($ext_if) port 22</programlisting> <programlisting>ipfw add allow tcp from any to me 22 in via $ext_if</programlisting>
</sect1> </sect1>
<sect1 xml:id="updates"> <sect1 xml:id="updates">