os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Do what I swore would be done:

Browse source 
o Remove 4.X information, this includes notes and sections.

o Update documentation to reflect 5.X and 6.X.

o In some areas, try to make the new content version agnostic.

o Skip areas stating "5.[0-5] and later" as it's relevant - we
need a better way to handle these.

For several items, I checked the NOTES files, manual pages,
CVS history, etc.

Discussed on:		-doc
A few ideas from:	remko
This commit is contained in:
Tom Rhodes 2006-05-30 23:08:25 +00:00
parent dc6dd90454
commit 3f0d1b56f0
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=27981
20 changed files with 263 additions and 1816 deletions
en_US.ISO8859-1/books/handbook
advanced-networking
chapter.sgml
basics
chapter.sgml
boot
chapter.sgml
config
chapter.sgml
cutting-edge
chapter.sgml
disks
chapter.sgml
firewalls
chapter.sgml
install
chapter.sgml
kernelconfig
chapter.sgml
l10n
chapter.sgml
linuxemu
chapter.sgml
multimedia
chapter.sgml
network-servers
chapter.sgml
ppp-and-slip
chapter.sgml
printing
chapter.sgml
security
chapter.sgml
serialcomms
chapter.sgml
users
chapter.sgml
vinum
chapter.sgml
x11
chapter.sgml

178
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
View file

@ -1242,8 +1242,7 @@ ndis0: 11g rates: 6Mbps 9Mbps 12Mbps 18Mbps 36Mbps 48Mbps 54Mbps</screen>
supported by the &man.ng.bt3c.4; driver. Serial and UART based
Bluetooth devices are supported via &man.sio.4;, &man.ng.h4.4;
and &man.hcseriald.8;. This section describes the use of the USB
Bluetooth dongle. Bluetooth support is available in &os; 5.0 and newer
systems.</para>
Bluetooth dongle.</para>
</sect2>
<sect2>
@ -1882,7 +1881,7 @@ rfcomm_sppd[94692]: Starting on /dev/ttyp6...</screen>
<title>Network Interface Card Selection</title>
<para>A bridge requires at least two network cards to function.
Unfortunately, not all network interface cards as of FreeBSD&nbsp;4.0
Unfortunately, not all network interface cards
support bridging. Read &man.bridge.4; for details on the cards that
are supported.</para>
@ -2067,7 +2066,7 @@ net.link.ether.bridge_ipfw=1</programlisting>
configuration files overridden by ones specific to diskless
operation or, possibly, to the workstation they belong to.</para>
<para>The parts of the root which have to be
writable are overlaid with &man.mfs.8; (&os;&nbsp;4.X) or &man.md.4; (&os;&nbsp;5.X) file systems. Any changes
writable are overlaid with &man.md.4; file systems. Any changes
will be lost when the system reboots.</para>
</listitem>
<listitem>
@ -2083,9 +2082,7 @@ net.link.ether.bridge_ipfw=1</programlisting>
</caution>
<para>All the information in this section has been tested
using &os; releases 4.9-RELEASE and 5.2.1-RELEASE. The text is
primarily structured for 4.X usage. Notes have been inserted where
appropriate to indicate 5.X changes.</para>
using &os; 5.2.1-RELEASE.</para>
<sect2>
<title>Background Information</title>
@ -2169,14 +2166,12 @@ net.link.ether.bridge_ipfw=1</programlisting>
</itemizedlist>
<para><acronym>PXE</acronym> and <application>Etherboot</application>
work equally well with 4.X systems. Because 5.X kernels
work equally well; however, because kernels
normally let the &man.loader.8; do more work for them,
<acronym>PXE</acronym> is preferred for 5.X systems.</para>
<acronym>PXE</acronym> is the preferred method.</para>
<para>If your <acronym>BIOS</acronym> and network cards support
<acronym>PXE</acronym>, you should probably use it. However,
it is still possible to start a 5.X system with
<application>Etherboot</application>.</para>
<acronym>PXE</acronym>, you should probably use it.</para>
</listitem>
<listitem>
@ -2201,7 +2196,7 @@ net.link.ether.bridge_ipfw=1</programlisting>
<para>The <application>ISC DHCP</application> server can answer
both BOOTP and <acronym>DHCP</acronym> requests.</para>
<para>As of release 4.9, <application>ISC DHCP
<para><application>ISC DHCP
3.0</application> is not part of the base
system. You will first need to install the
<filename role="package">net/isc-dhcp3-server</filename> port or the
@ -2382,15 +2377,13 @@ margaux:ha=0123456789ab:tc=.def100
<acronym>TFTP</acronym> instead by specifying the
<literal>LOADER_TFTP_SUPPORT</literal> option in
<filename>/etc/make.conf</filename>. See the comments in
<filename>/etc/defaults/make.conf</filename> (or
<filename>/usr/share/examples/etc/make.conf</filename> for 5.X
systems) for instructions.</para>
<filename>/usr/share/examples/etc/make.conf</filename>
for instructions.</para>
<para>There are two other undocumented <filename>make.conf</filename>
options which may be useful for setting up a serial console diskless
machine: <literal>BOOT_PXELDR_PROBE_KEYBOARD</literal>, and
<literal>BOOT_PXELDR_ALWAYS_SERIAL</literal> (the latter only exists
on &os;&nbsp;5.X).</para>
<literal>BOOT_PXELDR_ALWAYS_SERIAL</literal>.</para>
<para>To use <acronym>PXE</acronym> when the machine starts, you will
usually need to select the <literal>Boot from network</literal>
@ -2434,8 +2427,10 @@ margaux:ha=0123456789ab:tc=.def100
</step>
<step>
<para>Tell <application>inetd</application> to reread its configuration
file:</para>
<screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
file. The <option>inetd_enable="YES"</option> must be in
the <filename>/etc/rc.conf</filename> file for this
command to execute correctly:</para>
<screen>&prompt.root; <userinput>/etc/rc.d/inetd restart</userinput></screen>
</step>
</procedure>
@ -2467,7 +2462,7 @@ margaux:ha=0123456789ab:tc=.def100
file. If you actually needed to enable <acronym>NFS</acronym> in
<filename>/etc/rc.conf</filename>
at the first step, you probably want to reboot instead.</para>
<screen>&prompt.root; <userinput>kill -HUP `cat /var/run/mountd.pid`</userinput></screen>
<screen>&prompt.root; <userinput>/etc/rc.d/mountd restart</userinput></screen>
</step>
</procedure>
@ -2492,8 +2487,7 @@ options BOOTP_NFSROOT # NFS mount root file system using BOOTP info
<para>You may also want to use <literal>BOOTP_NFSV3</literal>,
<literal>BOOT_COMPAT</literal> and <literal>BOOTP_WIRED_TO</literal>
(refer to <filename>LINT</filename> in 4.X or
<filename>NOTES</filename> on 5.X).</para>
(refer to <filename>NOTES</filename>).</para>
<para>These option names are historical and slightly misleading as
they actually enable indifferent use of <acronym>DHCP</acronym> and
@ -2518,7 +2512,7 @@ options BOOTP_NFSROOT # NFS mount root file system using BOOTP info
<note>
<para>In order to be loadable with
<application>Etherboot</application>, a 5.X kernel needs to have
<application>Etherboot</application>, a kernel needs to have
the device hints compiled in. You would typically set the
following option in the configuration file (see the
<filename>NOTES</filename> configuration comments file):</para>
@ -2539,46 +2533,12 @@ options BOOTP_NFSROOT # NFS mount root file system using BOOTP info
<para>You need to create a root file system for the diskless
workstations, in the location listed as
<literal>root-path</literal> in
<filename>dhcpd.conf</filename>. The following sections describe
two ways to do it.</para>
<filename>dhcpd.conf</filename>.</para>
<sect4>
<title>Using the <filename>clone_root</filename> Script</title>
<title>Using <command>make world</command> to populate root</title>
<para>This is the quickest way to create a root file system, but
currently it is only supported on &os;&nbsp;4.X. This shell script
is located at
<filename>/usr/share/examples/diskless/clone_root</filename>
and needs customization, at least to adjust
the place where the file system will be created (the
<literal>DEST</literal> variable).</para>
<para>Refer to the comments at the top of the script for
instructions. They explain how the base file system is built,
and how files may be selectively overridden by versions specific
to diskless operation, to a subnetwork, or to an individual
workstation. They also give examples for the diskless
<filename>/etc/fstab</filename> and <filename>
/etc/rc.conf</filename> files.</para>
<para>The <filename>README</filename> files in
<filename>/usr/share/examples/diskless</filename> contain a lot
of interesting background information, but, together with the
other examples in the <filename>diskless</filename> directory,
they actually document a configuration method which is distinct
from the one used by <filename>clone_root</filename> and
the system startup scripts in
<filename role="directory">/etc</filename>, which is a little
confusing. Use them for reference only, except if you prefer
the method that they describe, in which case you will need
customized <filename>rc</filename> scripts.</para>
</sect4>
<sect4>
<title>Using the Standard <command>make world</command>
Procedure</title>
<para>This method can be applied to either &os;&nbsp;4.X or 5.X and
<para>This method is quick and
will install a complete virgin system (not only the root file system)
into <envar>DESTDIR</envar>.
All you have to do is simply execute the following script:</para>
@ -2586,7 +2546,7 @@ options BOOTP_NFSROOT # NFS mount root file system using BOOTP info
<programlisting>#!/bin/sh
export DESTDIR=/data/misc/diskless
mkdir -p ${DESTDIR}
cd /usr/src; make world &amp;&amp; make kernel
cd /usr/src; make buildworld &amp;&amp; make buildkernel
cd /usr/src/etc; make distribution</programlisting>
<para>Once done, you may need to customize your
@ -2600,76 +2560,10 @@ cd /usr/src/etc; make distribution</programlisting>
<title>Configuring Swap</title>
<para>If needed, a swap file located on the server can be
accessed via <acronym>NFS</acronym>. One of the methods commonly
used to do this has been discontinued in release 5.X.</para>
accessed via <acronym>NFS</acronym>.</para>
<sect4>
<title><acronym>NFS</acronym> Swap with &os;&nbsp;4.X</title>
<para>The swap file location and size can be specified with
BOOTP/<acronym>DHCP</acronym> &os;-specific options 128 and 129.
Examples of configuration files for
<application>ISC DHCP 3.0</application> or
<application>bootpd</application> follow:</para>
<procedure>
<step><para>Add the following lines to
<filename>dhcpd.conf</filename>:</para>
<programlisting>
# Global section
option swap-path code 128 = string;
option swap-size code 129 = integer 32;
host margaux {
... # Standard lines, see above
option swap-path <replaceable>"192.168.4.4:/netswapvolume/netswap"</replaceable>;
option swap-size <replaceable>64000</replaceable>;
}
</programlisting>
<para><literal>swap-path</literal> is the path to a directory
where swap files will be located. Each file will be named
<filename>swap.<replaceable>client-ip</replaceable></filename>.</para>
<para>Older versions of <application>dhcpd</application> used a syntax of
<literal>option option-128 "...</literal>, which is no
longer supported.</para>
<para><filename>/etc/bootptab</filename> would use the
following syntax instead:</para>
<programlisting>T128="192.168.4.4:/netswapvolume/netswap":T129=0000fa00</programlisting>
<note><para>In <filename>/etc/bootptab</filename>, the swap
size must be expressed in hexadecimal format.</para></note>
</step>
<step>
<para>On the <acronym>NFS</acronym> swap file server, create the swap
file(s):</para>
<screen>
&prompt.root; <userinput>mkdir <replaceable>/netswapvolume/netswap</replaceable></userinput>
&prompt.root; <userinput>cd <replaceable>/netswapvolume/netswap</replaceable></userinput>
&prompt.root; <userinput>dd if=/dev/zero bs=1024 count=<replaceable>64000</replaceable> of=swap.<replaceable>192.168.4.6</replaceable></userinput>
&prompt.root; <userinput>chmod 0600 swap.<replaceable>192.168.4.6</replaceable></userinput>
</screen>
<para><replaceable>192.168.4.6</replaceable> is the IP address
for the diskless client.</para>
</step>
<step>
<para>On the <acronym>NFS</acronym> swap file server, add the following line to
<filename>/etc/exports</filename>:</para>
<programlisting>
<replaceable>/netswapvolume</replaceable> -maproot=0:10 -alldirs <replaceable>margaux corbieres</replaceable>
</programlisting>
<para>Then tell <application>mountd</application> to reread the
<filename>exports</filename> file, as above.</para>
</step>
</procedure>
</sect4>
<sect4>
<title><acronym>NFS</acronym> Swap with &os&nbsp;5.X</title>
<title><acronym>NFS</acronym> Swap</title>
<para>The kernel does not support enabling <acronym>NFS</acronym>
swap at boot time. Swap must be enabled by the startup scripts,
@ -2713,12 +2607,9 @@ host margaux {
problems with the special files in <filename>/dev</filename>,
due to differing major/minor integer sizes. A solution to this
problem is to export a directory from the non-FreeBSD server,
mount this directory onto a FreeBSD machine, and run
<command>MAKEDEV</command> on the FreeBSD machine
to create the correct device entries (FreeBSD 5.0 and later
mount this directory onto a FreeBSD machine, and
use &man.devfs.5; to allocate device nodes transparently for
the user, running <command>MAKEDEV</command> on these
versions is pointless).</para>
the user.</para>
</sect4>
@ -2783,8 +2674,8 @@ host margaux {
</indexterm>
<para>FreeBSD's ISDN implementation supports only the DSS1/Q.931
(or Euro-ISDN) standard using passive cards. Starting with
FreeBSD&nbsp;4.4, some active cards are supported where the firmware
(or Euro-ISDN) standard using passive cards. Some active cards
are supported where the firmware
also supports other signaling protocols; this also includes the
first supported Primary Rate (PRI) ISDN card.</para>
@ -3483,15 +3374,10 @@ BUSY</literallayout></entry>
lpt0: &lt;Printer&gt; on ppbus0
lpt0: Interrupt-driven port</screen>
<para>The parallel port must be an interrupt driven port, under
&os;&nbsp;4.X, you should have a line similar to the
following in your kernel configuration file:</para>
<programlisting>device ppc0 at isa? irq 7</programlisting>
<para>Under &os;&nbsp;5.X, the
<filename>/boot/device.hints</filename> file should contain the
following lines:</para>
<para>The parallel port must be an interrupt driven port,
you should have a line similar to the
following in your in the
<filename>/boot/device.hints</filename> file:</para>
<programlisting>hint.ppc.0.at="isa"
hint.ppc.0.irq="7"</programlisting>

27
en_US.ISO8859-1/books/handbook/basics/chapter.sgml
View file

@ -772,8 +772,7 @@ total 530
<filename class="directory">/tmp</filename>.
This can be automated using the tmpmfs-related variables of
&man.rc.conf.5; (or with an entry in
<filename>/etc/fstab</filename>; see &man.mdmfs.8;,
or for FreeBSD&nbsp;4.X, &man.mfs.8;).</entry>
<filename>/etc/fstab</filename>; see &man.mdmfs.8;).</entry>
</row>
@ -866,8 +865,7 @@ total 530
<filename class="directory">/var</filename>.
This can be automated using the varmfs-related variables of
&man.rc.conf.5 (or with an entry in
<filename>/etc/fstab</filename>; see &man.mdmfs.8;,
or for FreeBSD&nbsp;4.X, &man.mfs.8;).</entry>
<filename>/etc/fstab</filename>; see &man.mdmfs.8;).</entry>
</row>
@ -1144,7 +1142,7 @@ total 530
with the new size, and then restoring the backed up data.</para>
<important>
<para>FreeBSD&nbsp;4.4 and later versions feature the &man.growfs.8;
<para>FreeBSD features the &man.growfs.8;
command, which makes it possible to increase the size of
file system on the fly, removing this limitation.</para>
</important>
@ -2268,21 +2266,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<sect2>
<title>Creating Device Nodes</title>
<para>When adding a new device to your system, or compiling
in support for additional devices, you may need to create one or
more device nodes for the new devices.</para>
<sect3>
<title>MAKEDEV Script</title>
<para>On systems without <literal>DEVFS</literal> (this concerns all FreeBSD versions before 5.0), device nodes are created
using the &man.MAKEDEV.8; script as shown below:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV ad1</userinput>
</screen>
<para>This example would make the proper device nodes
for the second IDE drive when installed.</para>
</sect3>
in support for additional devices, new device nodes must
be created.</para>
<sect3>
<title><literal>DEVFS</literal> (DEVice File System)</title>
@ -2294,8 +2279,6 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<para>See the &man.devfs.5; manual page for more
information.</para>
<para><literal>DEVFS</literal> is used by default in FreeBSD&nbsp;5.0 and above.</para>
</sect3>
</sect2>
</sect1>

15
en_US.ISO8859-1/books/handbook/boot/chapter.sgml
View file

@ -218,7 +218,7 @@ label=FreeBSD</programlisting>
they have been split into two, but you would always install them
together. They are copied from the combined file
<filename>/boot/boot</filename> by the installer or
<application>disklabel</application> (see below).</para>
<application>bsdlabel</application> (see below).</para>
<para>They are located outside file systems, in the first track of
the boot slice, starting with the first sector. This is where <link
@ -230,7 +230,7 @@ label=FreeBSD</programlisting>
<para><filename>boot1</filename> is very simple, since it
can only be 512 bytes
in size, and knows just enough about the FreeBSD
<firstterm>disklabel</firstterm>, which stores information
<firstterm>bsdlabel</firstterm>, which stores information
about the slice, to find and execute <filename>boot2</filename>.</para>
<para><filename>boot2</filename> is slightly more sophisticated, and understands
@ -254,9 +254,9 @@ boot:</screen>
<para>If you ever need to replace the installed
<filename>boot1</filename> and <filename>boot2</filename> use
&man.disklabel.8;:</para>
&man.bsdlabel.8;:</para>
<screen>&prompt.root; <userinput>disklabel -B <replaceable>diskslice</replaceable></userinput></screen>
<screen>&prompt.root; <userinput>bsdlabel -B <replaceable>diskslice</replaceable></userinput></screen>
<para>where <replaceable>diskslice</replaceable> is the disk and slice
you boot from, such as <devicename>ad0s1</devicename> for the first
@ -266,10 +266,10 @@ boot:</screen>
<title>Dangerously Dedicated Mode</title>
<para>If you use just the disk name, such as
<devicename>ad0</devicename>, in the &man.disklabel.8; command you
<devicename>ad0</devicename>, in the &man.bsdlabel.8; command you
will create a dangerously dedicated disk, without slices. This is
almost certainly not what you want to do, so make sure you double
check the &man.disklabel.8; command before you press
check the &man.bsdlabel.8; command before you press
<keycap>Return</keycap>.</para>
</warning>
</sect2>
@ -801,8 +801,7 @@ console none unknown off insecure</programlisting>
<note>
<para>Power management requires &man.acpi.4; support in the kernel
or loaded as module for FreeBSD&nbsp;5.X and &man.apm.4;
support for FreeBSD&nbsp;4.X.</para>
or loaded as module for.</para>
</note>
</sect1>

101
en_US.ISO8859-1/books/handbook/config/chapter.sgml
View file

@ -109,7 +109,7 @@
<sect3>
<title>Base Partitions</title>
<para>When laying out file systems with &man.disklabel.8;
<para>When laying out file systems with &man.bsdlabel.8;
or &man.sysinstall.8;, remember that hard
drives transfer data faster from the outer
tracks to the inner.
@ -865,15 +865,6 @@ sshd is running as pid 433.</screen>
the supported hardware and even the possible problems that
could occur.</para>
<note>
<para><filename>NOTES</filename> does not exist on
&os;&nbsp;4.X. Instead, check the <filename>LINT</filename>
file for information about various network interfaces. See
<xref linkend="kernelconfig-config"> for a more detailed
summary of <filename>NOTES</filename> versus
<filename>LINT</filename>.</para>
</note>
<para>If you own a common card, most of the time you will not
have to look very hard for a driver. Drivers for common
network cards are present in the <filename>GENERIC</filename>
@ -1733,8 +1724,8 @@ device_probe_and_attach: cbb0 attach returned 12</screen>
</para>
<para>There are various other buffer-cache and VM page cache
related sysctls. We do not recommend modifying these values. As
of &os;&nbsp;4.3, the VM system does an extremely good job of
related sysctls. We do not recommend modifying these values,
the VM system does an extremely good job of
automatically tuning itself.</para>
</sect3>
@ -1836,10 +1827,6 @@ device_probe_and_attach: cbb0 attach returned 12</screen>
it is mounted. A good time to enable Soft Updates is before any
partitions have been mounted, in single-user mode.</para>
<note><para>As of &os;&nbsp;4.5, it is possible to enable Soft Updates
at filesystem creation time, through use of the <literal>-U</literal>
option to &man.newfs.8;.</para></note>
<para>Soft Updates drastically improves meta-data performance, mainly
file creation and deletion, through the use of a memory cache. We
recommend to use Soft Updates on all of your file systems. There
@ -2046,16 +2033,13 @@ device_probe_and_attach: cbb0 attach returned 12</screen>
connected at once, the resources needed may be similar to a
high-scale web server.</para>
<para>Starting with &os;&nbsp;4.5, the system will auto-tune
<para>The system will auto-tune
<literal>maxusers</literal> for you if you explicitly set it to
<literal>0</literal><footnote>
<para>The auto-tuning algorithm sets
<literal>maxusers</literal> equal to the amount of memory in the
system, with a minimum of 32, and a maximum of 384.</para>
</footnote>. In &os;&nbsp;5.X and above, <literal>maxusers</literal>
will default to <literal>0</literal> if not specified. If you
are using an version of &os; earlier than 4.5, or you want to
manage it yourself you will want to set
</footnote>. When setting this option, you will want to set
<literal>maxusers</literal> to at least 4, especially if you are
using the X Window System or compiling software. The reason is that
the most important table set by <literal>maxusers</literal> is the
@ -2241,18 +2225,6 @@ device_probe_and_attach: cbb0 attach returned 12</screen>
<varname>net.inet.tcp.inflight.min</varname> (for example, to
3500) to get the desired effect. Reducing these parameters
should be done as a last resort only.</para>
<note>
<para>In 4.X and earlier releases of &os; the
<literal>inflight</literal> sysctl variables are directly under
<varname>net.inet.tcp</varname>. Their names were
(in alphabetic order):
<varname>net.inet.tcp.inflight_debug</varname>,
<varname>net.inet.tcp.inflight_enable</varname>,
<varname>net.inet.tcp.inflight_max</varname>,
<varname>net.inet.tcp.inflight_min</varname>,
<varname>net.inet.tcp.inflight_stab</varname>.</para>
</note>
</sect3>
</sect2>
@ -2322,10 +2294,7 @@ kern.maxvnodes: 100000</programlisting>
<title>Swapping over NFS</title>
<para>Swapping over NFS is only recommended if you do not have a
local hard disk to swap to. Swapping over NFS is slow and
inefficient in versions of &os; prior to 4.X. It is
reasonably fast and efficient in 4.0-RELEASE and newer. Even
with newer versions of &os;, NFS swapping will be limited
local hard disk to swap to; NFS swapping will be limited
by the available network bandwidth and puts an additional
burden on the NFS server.</para>
</sect2>
@ -2339,53 +2308,7 @@ kern.maxvnodes: 100000</programlisting>
want, of course.</para>
<example>
<title>Creating a Swapfile on &os; 4.X</title>
<orderedlist>
<listitem>
<para>Be certain that your kernel configuration includes
the vnode driver. It is <emphasis>not</emphasis> in recent versions of
<filename>GENERIC</filename>.</para>
<programlisting>pseudo-device vn 1 #Vnode driver (turns a file into a device)</programlisting>
</listitem>
<listitem>
<para>Create a vn-device:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV vn0</userinput></screen>
</listitem>
<listitem>
<para>Create a swapfile (<filename>/usr/swap0</filename>):</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/usr/swap0 bs=1024k count=64</userinput></screen>
</listitem>
<listitem>
<para>Set proper permissions on (<filename>/usr/swap0</filename>):</para>
<screen>&prompt.root; <userinput>chmod 0600 /usr/swap0</userinput></screen>
</listitem>
<listitem>
<para>Enable the swap file in <filename>/etc/rc.conf</filename>:</para>
<programlisting>swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.</programlisting>
</listitem>
<listitem>
<para>Reboot the machine or to enable the swap file immediately,
type:</para>
<screen>&prompt.root; <userinput>vnconfig -e /dev/vn0b /usr/swap0 swap</userinput></screen>
</listitem>
</orderedlist>
</example>
<example>
<title>Creating a Swapfile on &os; 5.X</title>
<title>Creating a Swapfile on &os;</title>
<orderedlist>
<listitem>
@ -2458,12 +2381,7 @@ kern.maxvnodes: 100000</programlisting>
<para>In this section of the &os; Handbook, we will provide
comprehensive information about <acronym>ACPI</acronym>. References
will be provided for further reading at the end. Please be aware
that <acronym>ACPI</acronym> is available on &os;&nbsp;5.X and
above systems as a default kernel module. For &os;&nbsp;4.9,
<acronym>ACPI</acronym> can be enabled by adding the line
<literal>device acpica</literal> to a kernel configuration and
rebuilding.</para>
will be provided for further reading at the end.</para>
<sect2 id="acpi-intro">
<title>What Is ACPI?</title>
@ -2485,8 +2403,7 @@ kern.maxvnodes: 100000</programlisting>
more control and flexibility to the operating system
(<acronym>OS</acronym>).
Modern systems <quote>stretched</quote> the limits of the
current Plug and Play interfaces (such as APM, which is used in
&os;&nbsp;4.X), prior to the introduction of
current Plug and Play interfaces prior to the introduction of
<acronym>ACPI</acronym>. <acronym>ACPI</acronym> is the direct
successor to <acronym>APM</acronym>
(Advanced Power Management).</para>

12
en_US.ISO8859-1/books/handbook/cutting-edge/chapter.sgml
View file

@ -672,7 +672,7 @@
<para>Examine the files
<filename>/usr/share/examples/etc/make.conf</filename>
(called <filename>/etc/defaults/make.conf</filename> in &os;&nbsp;4.X) and
and
<filename>/etc/make.conf</filename>. The first contains some
default defines &ndash; most of which are commented out. To
make use of them when you rebuild your system from source, add
@ -683,10 +683,9 @@
<para>A typical user will probably want to copy the
<makevar>CFLAGS</makevar> and
<makevar>NO_PROFILE</makevar> (or <makevar>NOPROFILE</makevar> on
&os;&nbsp;5.X and older) lines found in
<makevar>NO_PROFILE</makevar> lines found in
<filename>/usr/share/examples/etc/make.conf</filename>
(or in <filename>/etc/defaults/make.conf</filename> on &os;&nbsp;4.X) to
to
<filename>/etc/make.conf</filename> and uncomment them.</para>
<para>Examine the other definitions (<makevar>COPTFLAGS</makevar>,
@ -926,10 +925,7 @@ Script done, &hellip;</screen>
&os.stable; midway between 2.2.2 and 2.2.5) the
<maketarget>world</maketarget> target has been split in
two: <maketarget>buildworld</maketarget> and
<maketarget>installworld</maketarget>. Beginning with version
5.3 of &os; the <maketarget>world</maketarget> target will be changed
so it will not work at all by default because it is actually
dangerous for most users.</para>
<maketarget>installworld</maketarget>.</para>
<para>As the names imply, <maketarget>buildworld</maketarget>
builds a complete new tree under <filename>/usr/obj</filename>,

331
en_US.ISO8859-1/books/handbook/disks/chapter.sgml
View file

@ -98,15 +98,8 @@
</row>
<row>
<entry>Assorted non-standard CDROM drives</entry>
<entry><literal>mcd</literal> for Mitsumi CD-ROM,
<literal>scd</literal> for Sony CD-ROM,
<literal>matcd</literal> for Matsushita/Panasonic CD-ROM
<footnote>
<para>The &man.matcd.4; driver has been removed
in FreeBSD&nbsp;4.X branch since October 5th,
2002 and does not exist in FreeBSD&nbsp;5.0 and
later releases.</para>
</footnote>
<entry><literal>mcd</literal> for Mitsumi CD-ROM and
<literal>scd</literal> for Sony CD-ROM devices
</entry>
</row>
<row>
@ -170,8 +163,7 @@
disk was found. Continuing with our example, the newly added drive will
be <devicename>da1</devicename> and we want to mount it on
<filename>/1</filename> (if you are adding an IDE drive, the device name
will be <devicename>wd1</devicename> in pre-4.0 systems, or
<devicename>ad1</devicename> in 4.X and 5.X systems).</para>
will be <devicename>ad1</devicename>).</para>
<indexterm><primary>partitions</primary></indexterm>
<indexterm><primary>slices</primary></indexterm>
@ -201,7 +193,7 @@
<filename>/dev/da1e</filename>.</para>
<para>Due to the use of 32-bit integers to store the number of sectors,
&man.bsdlabel.8; (called &man.disklabel.8; in &os;&nbsp;4.X) is
&man.bsdlabel.8; is
limited to 2^32-1 sectors per disk or 2TB in most cases. The
&man.fdisk.8; format allows a starting sector of no more than
2^32-1 and a length of no more than 2^32-1, limiting partitions to
@ -223,9 +215,7 @@
<step>
<title>Navigating <application>Sysinstall</application></title>
<para>You may use <command>sysinstall</command>
(<command>/stand/sysinstall</command> in &os; versions older
than 5.2) to
<para>You may use <command>sysinstall</command> to
partition and label a new disk using its easy to use menus.
Either login as user <username>root</username> or use the
<command>su</command> command. Run
@ -314,16 +304,15 @@
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
&prompt.root; <userinput>fdisk -BI da1</userinput> #Initialize your new disk
&prompt.root; <userinput>disklabel -B -w -r da1s1 auto</userinput> #Label it.
&prompt.root; <userinput>disklabel -e da1s1</userinput> # Edit the disklabel just created and add any partitions.
&prompt.root; <userinput>bsdlabel -B -w -r da1s1 auto</userinput> #Label it.
&prompt.root; <userinput>bsdlabel -e da1s1</userinput> # Edit the bsdlabel just created and add any partitions.
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>newfs /dev/da1s1e</userinput> # Repeat this for every partition you created.
&prompt.root; <userinput>mount /dev/da1s1e /1</userinput> # Mount the partition(s)
&prompt.root; <userinput>vi /etc/fstab</userinput> # Add the appropriate entry/entries to your <filename>/etc/fstab</filename>.</screen>
<para>If you have an IDE disk, substitute <filename>ad</filename>
for <filename>da</filename>. On pre-4.X systems use
<filename>wd</filename>.</para>
for <filename>da</filename>.</para>
</sect3>
<sect3>
@ -338,8 +327,8 @@
understand.</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
&prompt.root; <userinput>disklabel -Brw da1 auto</userinput>
&prompt.root; <userinput>disklabel -e da1</userinput> # create the `e' partition
&prompt.root; <userinput>bsdlabel -Brw da1 auto</userinput>
&prompt.root; <userinput>bsdlabel -e da1</userinput> # create the `e' partition
&prompt.root; <userinput>newfs -d0 /dev/da1e</userinput>
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
@ -348,19 +337,12 @@
<para>An alternate method is:</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 count=2</userinput>
&prompt.root; <userinput>disklabel /dev/da1 | disklabel -BrR da1 /dev/stdin</userinput>
&prompt.root; <userinput>bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin</userinput>
&prompt.root; <userinput>newfs /dev/da1e</userinput>
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
&prompt.root; <userinput>mount /1</userinput></screen>
<note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
utility replaces the old &man.disklabel.8; program. With
&man.bsdlabel.8; a number of obsolete options and parameters
have been retired; in the examples above the option
<option>-r</option> should be removed with &man.bsdlabel.8;.
For more information, please refer to the &man.bsdlabel.8;
manual page.</para></note>
</sect3>
</sect2>
</sect1>
@ -460,47 +442,28 @@ ad3: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-slave UDMA33</programlist
Add this line to your kernel configuration file, rebuild, and
reinstall the kernel:</para>
<programlisting>pseudo-device ccd 4</programlisting>
<para>On 5.X systems, you have to use instead the following
line:</para>
<programlisting>device ccd</programlisting>
<note><para>In FreeBSD&nbsp;5.X, it is not necessary to specify
a number of &man.ccd.4; devices, as the &man.ccd.4; device driver is now
self-cloning &mdash; new device instances will automatically be
created on demand.</para></note>
<para>The &man.ccd.4; support can also be
loaded as a kernel loadable module in FreeBSD 3.0 or
later.</para>
loaded as a kernel loadable module.</para>
<para>To set up &man.ccd.4;, you must first use
&man.disklabel.8; to label the disks:</para>
&man.bsdlabel.8; to label the disks:</para>
<programlisting>disklabel -r -w ad1 auto
disklabel -r -w ad2 auto
disklabel -r -w ad3 auto</programlisting>
<programlisting>bsdlabel -r -w ad1 auto
bsdlabel -r -w ad2 auto
bsdlabel -r -w ad3 auto</programlisting>
<para>This creates a disklabel for <devicename>ad1c</devicename>, <devicename>ad2c</devicename> and <devicename>ad3c</devicename> that
<para>This creates a bsdlabel for <devicename>ad1c</devicename>, <devicename>ad2c</devicename> and <devicename>ad3c</devicename> that
spans the entire disk.</para>
<note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
utility replaces the old &man.disklabel.8; program. With
&man.bsdlabel.8; a number of obsolete options and parameters
have been retired; in the examples above the option
<option>-r</option> should be removed. For more
information, please refer to the &man.bsdlabel.8;
manual page.</para></note>
<para>The next step is to change the disk label type. You
can use &man.disklabel.8; to edit the
can use &man.bsdlabel.8; to edit the
disks:</para>
<programlisting>disklabel -e ad1
disklabel -e ad2
disklabel -e ad3</programlisting>
<programlisting>bsdlabel -e ad1
bsdlabel -e ad2
bsdlabel -e ad3</programlisting>
<para>This opens up the current disk label on each disk with
the editor specified by the <envar>EDITOR</envar>
@ -529,17 +492,6 @@ disklabel -e ad3</programlisting>
<sect4 id="ccd-buildingfs">
<title>Building the File System</title>
<para>The device node for
<devicename>ccd0c</devicename> may not exist yet, so to
create it, perform the following commands:</para>
<programlisting>cd /dev
sh MAKEDEV ccd0</programlisting>
<note><para>In FreeBSD 5.0, &man.devfs.5; will automatically
manage device nodes in <filename>/dev</filename>, so use of
<command>MAKEDEV</command> is not necessary.</para></note>
<para>Now that you have all the disks labeled, you must
build the &man.ccd.4;. To do that,
use &man.ccdconfig.8;, with options similar to the following:</para>
@ -818,22 +770,13 @@ device umass</programlisting>
</note>
<para>Support for USB 2.0 controllers is provided on
&os;&nbsp;5.X, and on the 4.X branch since &os;&nbsp;4.10-RELEASE.
You have to add:</para>
&os;; however, you must add:</para>
<programlisting>device ehci</programlisting>
<para>to your configuration file for USB 2.0 support. Note
&man.uhci.4; and &man.ohci.4; drivers are still needed if you
want USB 1.X support.</para>
<note>
<para>On &os;&nbsp;4.X, the USB daemon (&man.usbd.8;) must be
running to be able to see some USB devices. To enable it,
add <literal>usbd_enable="YES"</literal> to your
<filename>/etc/rc.conf</filename> file and reboot the
machine.</para>
</note>
</sect2>
<sect2>
@ -1037,16 +980,9 @@ umass0: detached</screen>
<screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
<para>Having done that, if you have <devicename>vn</devicename>
(FreeBSD&nbsp;4.X), or <devicename>md</devicename>
(FreeBSD&nbsp;5.X)
<para>Having done that, if you have <devicename>md</devicename>
configured in your kernel, you can mount the file system with:</para>
<screen>&prompt.root; <userinput>vnconfig -e vn0c /tmp/bootable.iso</userinput>
&prompt.root; <userinput>mount -t cd9660 /dev/vn0c /mnt</userinput></screen>
<para>for FreeBSD&nbsp;4.X, and for FreeBSD&nbsp;5.X:</para>
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
@ -1075,7 +1011,7 @@ umass0: detached</screen>
<para>Will burn a copy of <replaceable>imagefile.iso</replaceable> on
<replaceable>cddevice</replaceable>. The default device is
<filename>/dev/acd0</filename> (or <filename>/dev/acd0c</filename> under &os;&nbsp;4.X). See &man.burncd.8; for options to
<filename>/dev/acd0</filename>. See &man.burncd.8; for options to
set the write speed, eject the CD after burning, and write audio
data.</para>
</sect2>
@ -1110,7 +1046,7 @@ umass0: detached</screen>
<secondary>burning</secondary>
</indexterm>
<screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
Cdrecord 1.9 (i386-unknown-freebsd4.2) Copyright (C) 1995-2000 J&ouml;rg Schilling
Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 J&ouml;rg Schilling
Using libscg version 'schily-0.1'
scsibus0:
0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
@ -1189,16 +1125,6 @@ scsibus1:
force the system to retaste the media:</para>
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=/dev/null count=1</userinput></screen>
<note><para>In &os; 4.X, the entries are not prefixed with
zero. If the necessary entries in <filename>/dev</filename>
are missing, use <command>MAKEDEV</command> to create
them:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV acd0t99</userinput></screen>
</note>
</step>
<step>
@ -1230,9 +1156,7 @@ scsibus1:
&man.mkisofs.8;, and you can use it to duplicate
any data CD. The example given here assumes that your CDROM
device is <devicename>acd0</devicename>. Substitute your
correct CDROM device. Under &os;&nbsp;4.X, a <literal>c</literal> must be appended
to the end of the device name to indicate the entire partition
or, in the case of CDROMs, the entire disc.</para>
correct CDROM device.</para>
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
@ -1277,7 +1201,7 @@ scsibus1:
oddly, however. For example, Joliet disks store all filenames
in two-byte Unicode characters. The FreeBSD kernel does not
speak Unicode (yet!), so non-English characters show up as
question marks. (If you are running FreeBSD 4.3 or later, the
question marks. (The FreeBSD
CD9660 driver includes hooks to load an appropriate Unicode
conversion table on the fly. Modules for some of the common
encodings are available via the
@ -1803,7 +1727,7 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
disk space will be used with a standard UFS2 file system:</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>/dev/acd0</replaceable> count=2</userinput>
&prompt.root; <userinput>disklabel -Bw <replaceable>acd0</replaceable></userinput>
&prompt.root; <userinput>bsdlabel -Bw <replaceable>acd0</replaceable></userinput>
&prompt.root; <userinput>newfs <replaceable>/dev/acd0</replaceable></userinput></screen>
<para>The DVD device, <devicename>acd0</devicename>, must be
@ -1863,44 +1787,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
<para>Floppy disks are accessed through entries in
<filename>/dev</filename>, just like other devices. To
access the raw floppy disk in 4.X and earlier releases, one
uses
<filename>/dev/fd<replaceable>N</replaceable></filename>,
where <replaceable>N</replaceable> stands for the drive
number, usually 0, or
<filename>/dev/fd<replaceable>NX</replaceable></filename>,
where <replaceable>X</replaceable> stands for a
letter.</para>
<para>In 5.0 or newer releases, simply use
access the raw floppy disk, simply use
<filename>/dev/fd<replaceable>N</replaceable></filename>.</para>
<sect4>
<title>The Disk Size in 4.X and Earlier Releases</title>
<para>There are also <filename>/dev/fd<replaceable>N</replaceable>.<replaceable>size</replaceable></filename>
devices, where <replaceable>size</replaceable> is a floppy disk
size in kilobytes. These entries are used at low-level format
time to determine the disk size. 1440kB is the size that will be
used in the following examples.</para>
<para>Sometimes the entries under <filename>/dev</filename> will
have to be (re)created. To do that, issue:</para>
<screen>&prompt.root; <userinput>cd /dev &amp;&amp; ./MAKEDEV "fd*"</userinput></screen>
</sect4>
<sect4>
<title>The Disk Size in 5.0 and Newer Releases</title>
<para>In 5.0, &man.devfs.5; will automatically
manage device nodes in <filename>/dev</filename>, so use of
<command>MAKEDEV</command> is not necessary.</para>
<para>The desired disk size is passed to &man.fdformat.1; through
the <option>-f</option> flag. Supported sizes are listed in
&man.fdcontrol.8;, but be advised that 1440kB is what works best.</para>
</sect4>
</sect3>
<sect3>
@ -1920,19 +1808,7 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
determine if the disk is good or bad.</para>
<sect4>
<title>Formatting in 4.X and Earlier Releases</title>
<para>Use the
<filename>/dev/fd<replaceable>N</replaceable>.<replaceable>size</replaceable></filename>
devices to format the floppy. Insert a new 3.5inch floppy
disk in your drive and issue:</para>
<screen>&prompt.root; <userinput>/usr/sbin/fdformat /dev/fd0.1440</userinput></screen>
</sect4>
<sect4>
<title>Formatting in 5.0 and Newer Releases</title>
<title>Formatting Floppy Disks</title>
<para>Use the
<filename>/dev/fd<replaceable>N</replaceable></filename>
@ -1945,8 +1821,6 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
</sect3>
</sect2>
<sect2>
<title>The Disk Label</title>
@ -1960,17 +1834,9 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
floppy. The geometry values for the disk label are listed in
<filename>/etc/disktab</filename>.</para>
<para>You can run now &man.disklabel.8; like so:</para>
<para>You can run now &man.bsdlabel.8; like so:</para>
<screen>&prompt.root; <userinput>/sbin/disklabel -B -r -w /dev/fd0 fd1440</userinput></screen>
<note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
utility replaces the old &man.disklabel.8; program. With
&man.bsdlabel.8; a number of obsolete options and parameters
have been retired; in the example above the option
<option>-r</option> should be removed. For more
information, please refer to the &man.bsdlabel.8;
manual page.</para></note>
<screen>&prompt.root; <userinput>/sbin/bsdlabel -B -r -w /dev/fd0 fd1440</userinput></screen>
</sect2>
@ -1997,9 +1863,7 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c
<sect2>
<title>Using the Floppy</title>
<para>To use the floppy, mount it with &man.mount.msdos.8; (in
4.X and earlier releases) or &man.mount.msdosfs.8; (in 5.0 or
newer releases). One can also use
<para>To use the floppy, mount it with &man.mount.msdosfs.8;. One can also use
<filename role="package">emulators/mtools</filename> from the ports
collection.</para>
</sect2>
@ -2673,11 +2537,11 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
<para>There are only four steps that you need to perform in
preparation for any disaster that may occur.</para>
<indexterm>
<primary><command>disklabel</command></primary>
<primary><command>bsdlabel</command></primary>
</indexterm>
<para>First, print the disklabel from each of your disks
(e.g. <command>disklabel da0 | lpr</command>), your file system table
<para>First, print the bsdlabel from each of your disks
(e.g. <command>bsdlabel da0 | lpr</command>), your file system table
(<filename>/etc/fstab</filename>) and all boot messages,
two copies of
each.</para>
@ -2693,7 +2557,7 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
<para>Otherwise, you have to create two custom bootable
floppies which have a kernel that can mount all of your disks
and access your tape drive. These floppies must contain:
<command>fdisk</command>, <command>disklabel</command>,
<command>fdisk</command>, <command>bsdlabel</command>,
<command>newfs</command>, <command>mount</command>, and
whichever backup program you use. These programs must be
statically linked. If you use <command>dump</command>, the
@ -2740,7 +2604,7 @@ fi
# place boot blocks on the floppy
#
disklabel -w -B /dev/fd0c fd1440
bsdlabel -w -B /dev/fd0c fd1440
#
# newfs the one and only partition
@ -2914,14 +2778,14 @@ echo "The floppy has been unmounted and is now ready."]]></programlisting>
</indexterm>
<indexterm><primary>root partition</primary></indexterm>
<indexterm>
<primary><command>disklabel</command></primary>
<primary><command>bsdlabel</command></primary>
</indexterm>
<indexterm>
<primary><command>newfs</command></primary>
</indexterm>
<para>Try to <command>mount</command> (e.g. <command>mount /dev/da0a
/mnt</command>) the root partition of your first disk. If the
disklabel was damaged, use <command>disklabel</command> to re-partition and
bsdlabel was damaged, use <command>bsdlabel</command> to re-partition and
label the disk to match the label that you printed and saved. Use
<command>newfs</command> to re-create the file systems. Re-mount the root
partition of the floppy read-write (<command>mount -u -o rw
@ -2986,64 +2850,10 @@ echo "The floppy has been unmounted and is now ready."]]></programlisting>
memory-based file systems.</para>
<note>
<para>The FreeBSD&nbsp;4.X users will have to use &man.MAKEDEV.8;
to create the required devices. FreeBSD&nbsp;5.0 and later use
&man.devfs.5; to allocate device nodes transparently for the
<para>Use &man.devfs.5; to allocate device nodes transparently for the
user.</para>
</note>
<sect2 id="disks-vnconfig">
<title>File-Backed File System under FreeBSD&nbsp;4.X</title>
<indexterm>
<primary>disks</primary>
<secondary>file-backed (4.X)</secondary>
</indexterm>
<para>The utility &man.vnconfig.8; configures and enables vnode pseudo-disk
devices. A <firstterm>vnode</firstterm> is a representation
of a file, and is the focus of file activity. This means that
&man.vnconfig.8; uses files to create and operate a
file system. One possible use is the mounting of floppy or CD
images kept in files.</para>
<para>To use &man.vnconfig.8;, you need &man.vn.4; support in your
kernel configuration file:</para>
<programlisting>pseudo-device vn</programlisting>
<para>To mount an existing file system image:</para>
<example>
<title>Using vnconfig to Mount an Existing File System
Image under FreeBSD&nbsp;4.X</title>
<screen>&prompt.root; <userinput>vnconfig vn<replaceable>0</replaceable> <replaceable>diskimage</replaceable></userinput>
&prompt.root; <userinput>mount /dev/vn<replaceable>0</replaceable>c <replaceable>/mnt</replaceable></userinput></screen>
</example>
<para>To create a new file system image with &man.vnconfig.8;:</para>
<example>
<title>Creating a New File-Backed Disk with <command>vnconfig</command></title>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
5120+0 records in
5120+0 records out
&prompt.root; <userinput>vnconfig -s labels -c vn<replaceable>0</replaceable> <replaceable>newimage</replaceable></userinput>
&prompt.root; <userinput>disklabel -r -w vn<replaceable>0</replaceable> auto</userinput>
&prompt.root; <userinput>newfs vn<replaceable>0</replaceable>c</userinput>
Warning: 2048 sector(s) in last cylinder unallocated
/dev/vn0c: 10240 sectors in 3 cylinders of 1 tracks, 4096 sectors
5.0MB in 1 cyl groups (16 c/g, 32.00MB/g, 1280 i/g)
super-block backups (for fsck -b #) at:
32
&prompt.root; <userinput>mount /dev/vn<replaceable>0</replaceable>c <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/vn0c 4927 1 4532 0% /mnt</screen>
</example>
</sect2>
<sect2 id="disks-mdconfig">
<title>File-Backed File System</title>
<indexterm>
@ -3052,7 +2862,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
</indexterm>
<para>The utility &man.mdconfig.8; is used to configure and enable
memory disks, &man.md.4;, under FreeBSD&nbsp;5.X and later. To use
memory disks, &man.md.4;, under FreeBSD. To use
&man.mdconfig.8;, you have to load &man.md.4; module or to add
the support in your kernel configuration file:</para>
@ -3104,7 +2914,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
<para>The utility &man.mdconfig.8; is very useful, however it
asks many command lines to create a file-backed file system.
FreeBSD&nbsp;5.0 also comes with a tool called &man.mdmfs.8;,
FreeBSD also comes with a tool called &man.mdmfs.8;,
this program configures a &man.md.4; disk using
&man.mdconfig.8;, puts a UFS file system on it using
&man.newfs.8;, and mounts it using &man.mount.8;. For example,
@ -3129,36 +2939,6 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
</sect2>
<sect2 id="disks-md-freebsd4">
<title>Memory-Based File System under FreeBSD&nbsp;4.X</title>
<indexterm>
<primary>disks</primary>
<secondary>memory file system (4.X)</secondary>
</indexterm>
<para>The &man.md.4; driver is a simple, efficient means to create memory
file systems under FreeBSD&nbsp;4.X. &man.malloc.9; is used
to allocate the memory.</para>
<para>Simply take a file system you have prepared with, for
example, &man.vnconfig.8;, and:</para>
<example>
<title>md Memory Disk under FreeBSD&nbsp;4.X</title>
<screen>&prompt.root; <userinput>dd if=<replaceable>newimage</replaceable> of=/dev/md<replaceable>0</replaceable></userinput>
5120+0 records in
5120+0 records out
&prompt.root; <userinput>mount /dev/md<replaceable>0c</replaceable> <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md0c 4927 1 4532 0% /mnt</screen>
</example>
<para>For more details, please refer to &man.md.4; manual
page.</para>
</sect2>
<sect2 id="disks-md-freebsd5">
<title>Memory-Based File System</title>
<indexterm>
@ -3166,8 +2946,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
<secondary>memory file system</secondary>
</indexterm>
<para>The same tools are used for memory-based and file-backed
file systems: &man.mdconfig.8; or &man.mdmfs.8;. For a
<para>For a
memory-based file system the <quote>swap backing</quote>
should normally be used. Using swap backing does not mean
that the memory disk will be swapped out to disk by default,
@ -3226,14 +3005,6 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
<para>It is possible to list information about configured
&man.md.4; devices in using the command <command>mdconfig
-l</command>.</para>
<para>For FreeBSD&nbsp;4.X, &man.vnconfig.8; is used to detach
the device. For example to detach and free all resources
used by <filename>/dev/vn4</filename>:</para>
<screen>&prompt.root; <userinput>vnconfig -u vn<replaceable>4</replaceable></userinput></screen>
</sect2>
</sect1>
@ -3256,7 +3027,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
<secondary>snapshots</secondary>
</indexterm>
<para>FreeBSD&nbsp;5.0 offers a new feature in conjunction with
<para>FreeBSD offers a feature in conjunction with
<link linkend="soft-updates">Soft Updates</link>: File system snapshots.</para>
<para>Snapshots allow a user to create images of specified file
@ -3650,15 +3421,6 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
Password:</screen>
</step>
<step>
<title>Verify the Operating System Version</title>
<para>&man.gbde.4; requires FreeBSD 5.0 or higher.</para>
<screen>&prompt.root; <userinput>uname -r</userinput>
5.0-RELEASE</screen>
</step>
<step>
<title>Add &man.gbde.4; Support to the Kernel Configuration File</title>
@ -3799,9 +3561,6 @@ sector_size = 2048
initialize the old UFS1 file system, using &man.newfs.8; with
the <option>-O2</option> option is recommended.</para>
<note><para>The <option>-O2</option> option is the default
with &os;&nbsp;5.1-RELEASE and later.</para></note>
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
<note>

66
en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
View file

@ -202,57 +202,6 @@
this handbook firewall section as that would just be duplicated
effort.</para>
<para>The availability of PF for the various &os; releases and
versions is summarized below:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
<thead>
<row>
<entry>&os; Version</entry>
<entry>PF Availability</entry>
</row>
</thead>
<tbody>
<row>
<entry>Pre-4.X versions</entry>
<entry>PF is not available for any release of &os; older
than the 4.X branch.</entry>
</row>
<row>
<entry>All versions of the 4.X branch</entry>
<entry>PF is available as part of KAME.</entry>
</row>
<row>
<entry>5.X releases before 5.3-RELEASE</entry>
<entry>The <filename role="package">security/pf</filename>
port can be used to install PF on these versions of &os;.
These releases were targeted to developers and people who
wanted a preview of early 5.X versions. Upgrading to
5.3-RELEASE or newer versions of &os; is strongly
recommended.</entry>
</row>
<row>
<entry>5.3-RELEASE and later versions</entry>
<entry>PF is part of the base system. Do
<emphasis>not</emphasis> use the <filename
role="package">security/pf</filename> port on these
versions of &os;. It will not work. Use the &man.pf.4;
support of the base system instead.</entry>
</row>
</tbody>
</tgroup>
</informaltable>
<para>More info can be found at the PF for &os; web site: <ulink
url="http://pf4freebsd.love2party.net/"></ulink>.</para>
@ -580,8 +529,7 @@ options ALTQ_NOPCC # Required for SMP build</programlisting>
<para>Sample kernel config IPF option statements are in the
<filename>/usr/src/sys/conf/NOTES</filename> kernel source
(<filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/LINT</filename>
for &os;&nbsp;4.X) and are reproduced here:</para>
and are reproduced here:</para>
<programlisting>options IPFILTER
options IPFILTER_LOG
@ -838,12 +786,10 @@ LOG_ERR - packets which have been logged and which can be considered short</scre
<programlisting>security.* /var/log/ipfilter.log</programlisting>
<para>Or add the following statement to
<filename>/etc/syslog.conf</filename> for &os;&nbsp;4.X:</para>
<filename>/etc/syslog.conf</filename>.</para>
<programlisting>local0.* /var/log/ipfilter.log</programlisting>
<para>The <literal>security.*</literal> (<literal>local0</literal>
for 4.X) means to write all the logged messages to the coded
<para>The <literal>security.*</literal>
means to write all the logged messages to the coded
file location.</para>
<para>To activate the changes to <filename>/etc/syslog.conf
@ -2088,7 +2034,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
<sect3>
<title>FTP <acronym>NAT</acronym> Proxy Bug</title>
<para>As of &os; 4.9 which includes IPFILTER version 3.4.31
<para>As of IPFILTER version 3.4.31
the FTP proxy works as documented during the FTP session
until the session is told to close. When the close happens
packets returning from the remote FTP server are blocked and
@ -2657,7 +2603,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
<para>The dynamic rules facility is vulnerable to resource
depletion from a SYN-flood attack which would open a huge
number of dynamic rules. To counter this attack, &os;
version 4.5 added another new option named limit. This
added another new option named limit. This
option is used to limit the number of simultaneous session
conversations by interrogating the rules source or
destinations fields as directed by the limit option and

325
en_US.ISO8859-1/books/handbook/install/chapter.sgml
View file

@ -572,11 +572,8 @@ pqb0.0.1.4.0 PQB0 PCI EIDE</screen>
The <filename>floppies/</filename> directory contains a number of
different images, and the ones you will need to use depends on the
version of FreeBSD you are installing, and in some cases, the
hardware you are installing to. If you are installing
FreeBSD&nbsp;4.X in most cases you will just need
two files, <filename>kern.flp</filename> and
<filename>mfsroot.flp</filename>. If you are
installing FreeBSD&nbsp;5.X in most cases you will need three
hardware you are installing to.
In most cases you will need three
floppies, <filename>boot.flp</filename>,
<filename>kern1.flp</filename>, and
<filename>kern2.flp</filename>. Check
@ -826,9 +823,7 @@ Please insert MFS root floppy and press enter:</screen>
<screen>Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [kernel] in 9 seconds... _</screen>
<para>Either wait ten seconds, or press <keycap>Enter</keycap>
(for &os;&nbsp;4.X this
will then launch the kernel configuration menu).</para>
<para>Either wait ten seconds, or press <keycap>Enter</keycap></para>
</step>
</procedure>
@ -895,287 +890,6 @@ Booting [kernel] in 9 seconds... _</screen>
</sect2>
<sect2 id="start-userconfig">
<title>Kernel Configuration</title>
<note><para>From FreeBSD versions 5.0 and later, userconfig has been deprecated
in favor of the new &man.device.hints.5; method. For more information
on &man.device.hints.5; please visit <xref linkend="device-hints"></para></note>
<para>The <firstterm>kernel</firstterm> is the core of the operating
system. It is responsible for many things, including access to all
the devices you may have on your system, such as hard disks, network
cards, sound cards, and so on. Each piece of hardware supported by
the FreeBSD kernel has a driver associated with it. Each driver has a
two or three letter name, such as <devicename>sa</devicename> for the
SCSI sequential access driver, or <devicename>sio</devicename> for the
Serial I/O driver (which manages COM ports).</para>
<para>When the kernel starts, each driver checks the system to see
whether or not the hardware it supports exists on your system. If it
does, then the driver configures the hardware and makes it available
to the rest of the kernel.</para>
<para>This checking is commonly referred to as <firstterm>device
probing</firstterm>. Unfortunately, it is not always possible to do
this in a safe way. Some hardware drivers do not co-exist well,
and probing for one piece of hardware can sometimes leave
another in an inconsistent state. This is a basic
limitation of the <acronym>PC</acronym> design.</para>
<para>Many older devices are called ISA devices&mdash;as opposed
to PCI devices. The ISA specification requires each device to have
some information hard coded into it, typically the Interrupt Request
Line number (IRQ) and IO port address that the driver uses. This
information is commonly set by using physical
<firstterm>jumpers</firstterm> on the card, or by using a DOS based
utility.</para>
<para>This was often a source of problems, because it was not possible
to have two devices that shared the same IRQ or port address.</para>
<para>Newer devices follow the PCI specification, which does not require
this, as the devices are supposed to cooperate with the BIOS, and are
told which IRQ and IO port addresses to use.</para>
<para>If you have any ISA devices in your computer then FreeBSD's
driver for that device will need to be configured with the IRQ and
port address that you have set the card to. This is why carrying out
an inventory of your hardware (see <xref
linkend="install-inventory">) can be useful.</para>
<para>Unfortunately, the default IRQs and memory ports used by some
drivers clash. This is because some ISA devices are shipped with IRQs
or memory ports that clash. The defaults in FreeBSD's drivers are
deliberately set to mirror the manufacturer's defaults, so that, out
of the box, as many devices as possible will work.</para>
<para>This is almost never an issue when running FreeBSD day-to-day.
Your computer will not normally contain two pieces of hardware that
clash, because one of them would not work (irrespective of the
operating system you are using).</para>
<para>It becomes an issue when you are installing FreeBSD for the first
time because the kernel used to carry out the install has to contain
as many drivers as possible, so that many different hardware
configurations can be supported. This means that some of
those drivers will have conflicting configurations. The devices are
probed in a strict order, and if you own a device that is probed late
in the process, but conflicted with an earlier probe, then your
hardware might not function or be probed correctly when you install
FreeBSD.</para>
<para>Because of this, the first thing you have the opportunity to do
when installing FreeBSD is look at the list of drivers that are
configured into the kernel, and either disable some of them, if you
do not own that device, or confirm (and alter) the driver's
configuration if you do own the device but the defaults are
wrong.</para>
<para>This probably sounds much more complicated than it actually
is.</para>
<para><xref linkend="kernel-config"> shows the first kernel
configuration menu. We recommend that you choose the
<guimenuitem>Start kernel configuration in full-screen visual
mode</guimenuitem> option, as it presents the easiest interface for
the new user.</para>
<figure id="kernel-config">
<title>Kernel Configuration Menu</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/userconfig" format="PNG">
</imageobject>
<textobject>
<screen>&txt.install.userconfig;</screen>
</textobject>
</mediaobject>
</figure>
<para>The kernel configuration screen (<xref linkend="fig-userconfig">)
is then divided into four sections:</para>
<orderedlist>
<listitem>
<para>A collapsible list of all the drivers that are currently
marked as <quote>active</quote>, subdivided into groups such as
<literal>Storage</literal>, and <literal>Network</literal>. Each
driver is shown as a description, its two or three letter driver
name, and the IRQ and memory port used by that driver. In
addition, if an active driver conflicts with another active driver
then <literal>CONF</literal> is shown next to the driver name.
This section also shows the total number of conflicting drivers
that are currently active.</para>
</listitem>
<listitem>
<para>Drivers that have been marked inactive. They remain in the
kernel, but they will not probe for their device when the kernel
starts. These are subdivided into groups in the same way as the
active driver list.</para>
</listitem>
<listitem>
<para>More detail about the currently selected driver, including its
IRQ and memory port address.</para>
</listitem>
<listitem>
<para>Information about the keystrokes that are valid at this point
in time.</para>
</listitem>
</orderedlist>
<figure id="fig-userconfig">
<title>The Kernel Device Configuration Visual Interface</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/userconfig2" format="PNG">
</imageobject>
<textobject>
<screen>&txt.install.userconfig2;</screen>
</textobject>
</mediaobject>
</figure>
<para>Do not worry if any conflicts are listed,
it is to be expected; all the drivers are enabled, and
as has already been explained, some of them will conflict with one
another.</para>
<para>You now have to work through the list of drivers, resolving the
conflicts.</para>
<procedure>
<title>Resolving Driver Conflicts</title>
<step>
<para>Press <keycap>X</keycap>. This will completely expand the
list of drivers, so you can see all of them. You will need to use
the arrow keys to scroll back and forth through the active driver
list.</para>
<para><xref linkend="hardware-conflicts"> shows the result of
pressing <keycap>X</keycap>.</para>
<figure id="hardware-conflicts">
<title>Expanded Driver List</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/hdwrconf" format="PNG">
</imageobject>
</mediaobject>
</figure>
</step>
<step>
<para>Disable all the drivers for devices that you do not have. To
disable a driver, highlight it with the arrow keys and press
<keycap>Del</keycap>. The driver will be moved to the
<literal>Inactive Drivers</literal> list.</para>
<para>If you inadvertently disable a device that you need then press
<keycap>Tab</keycap> to switch to the <literal>Inactive
Drivers</literal> list, select the driver that you disabled, and
press <keycap>Enter</keycap> to move it back to the active
list.</para>
<warning>
<para>Do not disable <devicename>sc0</devicename>. This controls
the screen, and you will need this unless you are installing
over a serial cable.</para>
</warning>
<warning>
<para>Only disable <devicename>atkbd0</devicename> if you are
using a USB keyboard. If you have a normal keyboard then you
must keep <devicename>atkbd0</devicename>.</para>
</warning>
</step>
<step>
<para>If there are no conflicts listed then you can skip this step.
Otherwise, the remaining conflicts need to be examined. If they
do not have the indication of an <quote>allowed conflict</quote>
in the message area, then either the IRQ/address for device probe
will need to be changed, <emphasis>or</emphasis> the IRQ/address
on the hardware will need to be changed.</para>
<para>To change the driver's configuration for IRQ and IO port
address, select the device and press <keycap>Enter</keycap>. The
cursor will move to the third section of the screen, and you can
change the values. You should enter the values for IRQ and port
address that you discovered when you made your hardware inventory.
Press <keycap>Q</keycap> to finish editing the device's
configuration and return to the active driver list.</para>
<para>If you are not sure what these figures should be then you can
try using <literal>-1</literal>. Some FreeBSD drivers can safely
probe the hardware to discover what the correct value should be,
and a value of <literal>-1</literal> configures them to do
this.</para>
<para>The procedure for changing the address on the hardware varies
from device to device. For some devices you may need to
physically remove the card from your computer and adjust jumper
settings or DIP switches. Other cards may have come with a DOS
floppy that contains the programs used to reconfigure the card.
In any case, you should refer to the documentation that came with
the device. This will obviously entail restarting your computer,
so you will need to boot back into the FreeBSD installation
routine when you have reconfigured the card.</para>
</step>
<step>
<para>When all the conflicts have been resolved the screen will look
similar to <xref linkend="userconfig-done">.</para>
<figure id="userconfig-done">
<title>Driver Configuration With No Conflicts</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/probstart" format="PNG">
</imageobject>
</mediaobject>
</figure>
<para>As you can see, the active driver list is now much smaller,
with only drivers for the hardware that actually exists being
listed.</para>
<para>You can now save these changes, and move on to the next step
of the install. Press <keycap>Q</keycap> to quit the device
configuration interface. This message will appear:</para>
<screen>Save these parameters before exiting? ([Y]es/[N]o/[C]ancel)</screen>
<para>Answer <keycap>Y</keycap> to save the parameters to memory
(it will be saved to disk if you finish the install) and the
probing will start. After displaying the probe results in white
on black text <application>sysinstall</application> will start
and display its main menu
(<xref linkend="sysinstall-main">).</para>
<figure id="sysinstall-main">
<title>Sysinstall Main Menu</title>
<mediaobject>
<imageobject>
<imagedata fileref="install/main1" format="PNG">
</imageobject>
</mediaobject>
</figure>
</step>
</procedure>
</sect2>
<sect2 id="view-probe">
<title>Reviewing the Device Probe Results</title>
@ -1828,7 +1542,7 @@ Mounting root from ufs:/dev/md0c
to continue with the installation.</para>
</sect2>
<sect2 id="disklabeleditor">
<sect2 id="bsdlabeleditor">
<title>Creating Partitions Using
<application>Disklabel</application></title>
@ -2054,7 +1768,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-ed1" format="PNG">
<imagedata fileref="install/bsdlabel-ed1" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2068,7 +1782,7 @@ Mounting root from ufs:/dev/md0c
defaults.</para>
<note>
<para>Beginning with FreeBSD&nbsp;4.5, the default partitioning assigns
<para>The default partitioning assigns
the <filename>/tmp</filename> directory its own partition instead
of being part of the <filename>/</filename> partition. This
helps avoid filling the <filename>/</filename> partition with
@ -2080,7 +1794,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-auto" format="PNG">
<imagedata fileref="install/bsdlabel-auto" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2115,7 +1829,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-root1" format="PNG">
<imagedata fileref="install/bsdlabel-root1" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2133,7 +1847,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-root2" format="PNG">
<imagedata fileref="install/bsdlabel-root2" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2150,7 +1864,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-fs" format="PNG">
<imagedata fileref="install/bsdlabel-fs" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2167,7 +1881,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-root3" format="PNG">
<imagedata fileref="install/bsdlabel-root3" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -2189,7 +1903,7 @@ Mounting root from ufs:/dev/md0c
<mediaobject>
<imageobject>
<imagedata fileref="install/disklabel-ed2" format="PNG">
<imagedata fileref="install/bsdlabel-ed2" format="PNG">
</imageobject>
</mediaobject>
</figure>
@ -5315,8 +5029,8 @@ Please press any key to reboot.</screen>
<xref linkend="ports">) as
necessary.</para>
<para>Use the image of disc one if you want to install a
&os;&nbsp;4.<replaceable>X</replaceable> release and want
<para>Use the image of disc one if you want to install a &os;
release and want
a reasonable selection of third party packages on the disc
as well.</para>
@ -5441,13 +5155,13 @@ Please press any key to reboot.</screen>
<para>If you are creating the floppies on another FreeBSD machine,
a format is still not a bad idea, though you do not need to put
a DOS filesystem on each floppy. You can use the
<command>disklabel</command> and <command>newfs</command>
<command>bsdlabel</command> and <command>newfs</command>
commands to put a UFS filesystem on them instead, as the
following sequence of commands (for a 3.5" 1.44&nbsp;MB floppy)
illustrates:</para>
<screen>&prompt.root; <userinput>fdformat -f 1440 fd0.1440</userinput>
&prompt.root; <userinput>disklabel -w -r fd0.1440 floppy3</userinput>
&prompt.root; <userinput>bsdlabel -w -r fd0.1440 floppy3</userinput>
&prompt.root; <userinput>newfs -t 2 -u 18 -l 1 -i 65536 /dev/fd0</userinput></screen>
<note>
@ -5506,13 +5220,6 @@ Please press any key to reboot.</screen>
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/&rel.current;-RELEASE/base/">&rel.current;/base/</ulink>
directory.</para>
<note>
<para>In the 4.X and older releases of &os; the <quote>base</quote>
distribution is called <quote>bin</quote>. Adjust the sample
commands and URLs above accordingly, if you are using one of these
versions.</para>
</note>
<para>For as many distributions you wish to install from an &ms-dos;
partition (and you have the free space for), install each one
under <filename>c:\freebsd</filename> &mdash; the

247
en_US.ISO8859-1/books/handbook/kernelconfig/chapter.sgml
View file

@ -272,13 +272,6 @@
source code, use procedure 1.</para>
</listitem>
<listitem>
<para>If you are running a &os; version prior to 4.0, and you are
<emphasis>not</emphasis> upgrading to &os;&nbsp;4.0 or higher using
the <command>make buildworld</command> procedure, use procedure 1.
</para>
</listitem>
<listitem>
<para>If you are building a new kernel without updating the source
code (perhaps just to add a new option, such as
@ -404,29 +397,15 @@
linkend="kernelconfig-noboot">does not boot</link>.</para>
<note>
<para>In &os; 4.X and earlier, kernels are installed
in <filename>/kernel</filename>, modules in <filename
class="directory">/modules</filename>, and old kernels
are backed up in <filename>/kernel.old</filename>.
Other files relating to the boot process, such as the boot
<para>Other files relating to the boot process, such as the boot
&man.loader.8; and configuration are stored in
<filename>/boot</filename>. Third party or custom modules
can be placed in <filename class="directory">/modules</filename>, although
can be placed in <filename class="directory">/boot/kernel</filename>, although
users should be aware that keeping modules in sync with the
compiled kernel is very important. Modules not intended
to run with the compiled kernel may result in instability
or incorrectness.</para>
</note>
<note>
<para>If you have added any new devices (such as sound cards)
and you are running &os;&nbsp;4.X or previous versions, you
may have to add some device nodes to your
<filename class="directory">/dev</filename> directory before
you can use them. For more information, take a look at <link
linkend="kernelconfig-nodes">Making Device Nodes</link>
section later on in this chapter.</para>
</note>
</sect1>
<sect1 id="kernelconfig-config">
@ -446,12 +425,7 @@
<primary>kernel</primary>
<secondary>NOTES</secondary>
</indexterm>
<indexterm>
<primary>kernel</primary>
<secondary>LINT</secondary>
</indexterm>
<indexterm><primary>NOTES</primary></indexterm>
<indexterm><primary>LINT</primary></indexterm>
<indexterm>
<primary>kernel</primary>
<secondary>configuration file</secondary>
@ -471,28 +445,9 @@
<filename>/usr/src/sys/conf/NOTES</filename>.</para>
<note>
<para><filename>NOTES</filename> does not exist in &os;&nbsp;4.X.
Instead, see the <filename>LINT</filename> file for detailed
explanations of options and devices in <filename>GENERIC</filename>.
<filename>LINT</filename> served two purposes in 4.X: to provide a
reference for choosing kernel options when building a custom
kernel, and to provide a kernel configuration with as many
tweakable options tweaked to non-default values as possible. The
reason behind this was that such a configuration helped (and still
does) a lot when testing new code and changes to existing code that
may cause conflicts with other parts of the kernel. However,
the kernel configuration framework went through some heavy changes
in 5.X; one example of this is that the driver configuration options were moved
to a <literal>hints</literal> file so that they could be changed
and loaded dynamically at boot time, and <filename>LINT</filename>
could not contain those hints anymore. For this and other
reasons, the <filename>LINT</filename> file was renamed to
<filename>NOTES</filename> and retained mostly the first reason for
its existence: documenting the available options for user
convenience.</para>
<para>In &os; 5.X and later versions you can still generate a buildable
<filename>LINT</filename> file by typing:</para>
<para>To build a file which contains all available options,
as normally done for testing purposes, run the following
command as <username>root</username>:</para>
<screen>&prompt.root; <userinput>cd /usr/src/sys/<replaceable>i386</replaceable>/conf &amp;&amp; make LINT</userinput></screen>
</note>
@ -589,7 +544,7 @@ cpu I686_CPU</programlisting>
<programlisting>#To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.</programlisting>
<para>In &os; 5.X and newer versions the &man.device.hints.5; is
<para>The &man.device.hints.5; is
used to configure options of the device drivers. The default
location that &man.loader.8; will check at boot time is
<filename>/boot/device.hints</filename>. Using the
@ -720,19 +675,17 @@ options NFS_ROOT # NFS usable as /, requires NFSCLIENT</progra
<para>The process file system. This is a <quote>pretend</quote>
file system mounted on <filename>/proc</filename> which allows
programs like &man.ps.1; to give you more information on what
processes are running. In &os; 5.X and above, use of <literal>PROCFS</literal>
processes are running. Use of <literal>PROCFS</literal>
is not required under most circumstances, as most
debugging and monitoring tools have been adapted to run without
<literal>PROCFS</literal>: unlike in &os; 4.X, new installations of
&os; 5.X will not mount the process file system by default.
<literal>PROCFS</literal>: installs will not mount this file
system by default.
In addition, 6.X-CURRENT kernels
making use of <literal>PROCFS</literal> must now also include
support for <literal>PSEUDOFS</literal>:</para>
<programlisting>options PSEUDOFS # Pseudo-filesystem framework</programlisting>
<para><literal>PSEUDOFS</literal> is not available in &os; 4.X.</para>
<programlisting>options GEOM_GPT # GUID Partition Tables.</programlisting>
<para>This option brings the ability to have a large number of
@ -993,8 +946,7 @@ device atkbdc # AT keyboard controller</programlisting>
device splash # Splash screen and screen saver support</programlisting>
<para>Splash screen at start up! Screen savers require this
too. Use the line <literal>pseudo-device splash</literal> with
&os;&nbsp;4.X.</para>
too.</para>
<programlisting># syscons is the default console driver, resembling an SCO console
device sc</programlisting>
@ -1212,9 +1164,7 @@ device loop # Network loopback</programlisting>
<para>This is the generic loopback device for TCP/IP. If you telnet
or FTP to <hostid>localhost</hostid> (a.k.a. <hostid
role="ipaddr">127.0.0.1</hostid>) it will come back at you through
this device. This is <emphasis>mandatory</emphasis>. Under
&os;&nbsp;4.X you have to use the line <literal>pseudo-device
loop</literal>.</para>
this device. This is <emphasis>mandatory</emphasis>.</para>
<programlisting>device mem # Memory and kernel memory devices</programlisting>
@ -1233,34 +1183,27 @@ device loop # Network loopback</programlisting>
<programlisting>device ether # Ethernet support</programlisting>
<para><literal>ether</literal> is only needed if you have an Ethernet
card. It includes generic Ethernet protocol code. Under
&os;&nbsp;4.X use the line <literal>pseudo-device
ether</literal>.</para>
card. It includes generic Ethernet protocol code.</para>
<programlisting>device sl # Kernel SLIP</programlisting>
<para><literal>sl</literal> is for SLIP support. This has been almost
entirely supplanted by PPP, which is easier to set up, better suited
for modem-to-modem connection, and more powerful.
With &os;&nbsp;4.X use the line <literal>pseudo-device
sl</literal>.</para>
for modem-to-modem connection, and more powerful.</para>
<programlisting>device ppp # Kernel PPP</programlisting>
<para>This is for kernel PPP support for dial-up connections. There
is also a version of PPP implemented as a userland application that
uses <literal>tun</literal> and offers more flexibility and features
such as demand dialing.
With &os;&nbsp;4.X use the line
<literal>pseudo-device ppp</literal>.</para>
such as demand dialing.</para>
<programlisting>device tun # Packet tunnel.</programlisting>
<para>This is used by the userland PPP software.
See
the <link linkend="userppp">PPP</link> section of this book for more
information. With &os;&nbsp;4.X use the line <literal>pseudo-device
tun</literal>.</para>
information.</para>
<programlisting><anchor id="kernelconfig-ptys">
device pty # Pseudo-ttys (telnet etc)</programlisting>
@ -1271,37 +1214,22 @@ device pty # Pseudo-ttys (telnet etc)</programlisting>
<application>xterm</application>, and some other applications such
as <application>Emacs</application>.</para>
<note><para>Under &os;&nbsp;4.X, you
have to use the line <literal>pseudo-device pty
<replaceable>number</replaceable></literal>. The
<replaceable>number</replaceable> after <literal>pty</literal>
indicates the number of
<literal>pty</literal>s to create. If you need more than the
default of 16 simultaneous <application>xterm</application> windows
and/or remote logins, be sure to increase this number accordingly,
up to a maximum of 256.</para></note>
<programlisting>device md # Memory <quote>disks</quote></programlisting>
<para>Memory disk pseudo-devices. With &os;&nbsp;4.X use the
line <literal>pseudo-device md</literal>.</para>
<para>Memory disk pseudo-devices.</para>
<programlisting>device gif # IPv6 and IPv4 tunneling</programlisting>
<para>This implements IPv6 over IPv4 tunneling, IPv4 over IPv6 tunneling,
IPv4 over IPv4 tunneling, and IPv6 over IPv6 tunneling. Beginning with
&os;&nbsp;4.4 the <literal>gif</literal> device is
<quote>auto-cloning</quote>, and you should use the line
<literal>pseudo-device gif</literal>.
Earlier versions of &os;&nbsp;4.X require a number, for example
<literal>pseudo-device gif 4</literal>.</para>
IPv4 over IPv4 tunneling, and IPv6 over IPv6 tunneling. The
<literal>gif</literal> device is
<quote>auto-cloning</quote>, and will create device nodes as
needed.</para>
<programlisting>device faith # IPv6-to-IPv4 relaying (translation)</programlisting>
<para>This pseudo-device captures packets that are sent to it and
diverts them to the IPv4/IPv6 translation daemon. With
&os;&nbsp;4.X use the line
<literal>pseudo-device faith 1</literal>.</para>
diverts them to the IPv4/IPv6 translation daemon.</para>
<programlisting># The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
@ -1312,8 +1240,7 @@ device bpf # Berkeley packet filter</programlisting>
network interfaces to be placed in promiscuous mode, capturing every
packet on a broadcast network (e.g., an Ethernet). These packets
can be captured to disk and or examined with the &man.tcpdump.1;
program. With &os;&nbsp;4.X use the line
<literal>pseudo-device bpf</literal>.</para>
program.</para>
<note>
<para>The &man.bpf.4; device is also used by
@ -1376,8 +1303,7 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
allows memory configurations of up to 64 gigabytes.
&os; provides support for this capability via the
<option>PAE</option> kernel configuration option, available
in the 4.X series of &os; beginning with 4.9-RELEASE and
in the 5.X series of &os; beginning with 5.1-RELEASE. Due to
in all current release versions of &os;. Due to
the limitations of the Intel memory architecture, no distinction
is made for memory above or below 4 gigabytes. Memory allocated
above 4 gigabytes is simply added to the pool of available
@ -1416,9 +1342,9 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
<para>Device drivers that do not use the &man.bus.dma.9;
interface will cause data corruption in a
<acronym>PAE</acronym> enabled kernel and are not
recommended for use. For this reason, the
recommended for use. For this reason, a
<filename>PAE</filename> kernel
configuration file is provided in &os; 5.X, which
configuration file is provided in &os; which
excludes all drivers not known to work in a <acronym>PAE</acronym> enabled
kernel.</para>
</listitem>
@ -1452,79 +1378,6 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
</sect2>
</sect1>
<sect1 id="kernelconfig-nodes">
<title>Making Device Nodes</title>
<indexterm><primary>device nodes</primary></indexterm>
<indexterm>
<primary><command>MAKEDEV</command></primary>
</indexterm>
<para><emphasis>If you are running &os;&nbsp;5.0 or later
you can safely skip this section. These versions use
&man.devfs.5; to allocate device nodes transparently for
the user.</emphasis></para>
<para>Almost every device in the kernel has a corresponding
<quote>node</quote> entry in the <filename>/dev</filename> directory.
These nodes look like regular files, but are actually special
entries into the kernel which programs use to access the device.
The shell script <filename>/dev/MAKEDEV</filename>, which is
executed when you first install the operating system, creates
nearly all of the device nodes supported. However, it does not
create <emphasis>all</emphasis> of them, so when you add support for
a new device, it pays to make sure that the appropriate entries are
in this directory, and if not, add them. Here is a simple
example:</para>
<para>Suppose you add the IDE CD-ROM support to the kernel. The line
to add is:</para>
<programlisting>device acd0</programlisting>
<para>This means that you should look for some entries that start with
<filename>acd0</filename> in the <filename>/dev</filename>
directory, possibly followed by a letter, such as
<literal>c</literal>, or preceded by the letter
<literal>r</literal>, which means a <quote>raw</quote> device. It
turns out that those files are not there, so you must change to the
<filename>/dev</filename> directory and type:</para>
<indexterm>
<primary><command>MAKEDEV</command></primary></indexterm>
<screen>&prompt.root; <userinput>sh MAKEDEV acd0</userinput></screen>
<para>When this script finishes, you will find that there are now
<filename>acd0c</filename> and <filename>racd0c</filename> entries
in <filename>/dev</filename> so you know that it executed
correctly.</para>
<para>For sound cards, the following command creates the appropriate
entries:</para>
<screen>&prompt.root; <userinput>sh MAKEDEV snd0</userinput></screen>
<note>
<para>When creating device nodes for devices such as sound cards, if
other people have access to your machine, it may be desirable to
protect the devices from outside access by adding them to the
<filename>/etc/fbtab</filename> file. See &man.fbtab.5; for more
information.</para>
</note>
<para>Follow this simple procedure for any other
non-<filename>GENERIC</filename> devices which do not have
entries.</para>
<note>
<para>All SCSI controllers use the same set of
<filename>/dev</filename> entries, so you do not need to create
these. Also, network cards and SLIP/PPP pseudo-devices do not
have entries in <filename>/dev</filename> at all, so you do not
have to worry about these either.</para>
</note>
</sect1>
<sect1 id="kernelconfig-trouble">
<title>If Something Goes Wrong</title>
@ -1565,28 +1418,6 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
</listitem>
</varlistentry>
<varlistentry>
<term>Installing the new kernel fails:</term>
<listitem>
<para>If the kernel compiled fine, but failed to install
(the <command>make install</command> or
<command>make installkernel</command> command failed),
the first thing to check is if your system is running at
securelevel 1 or higher (see &man.init.8;). The kernel
installation tries to remove the immutable flag from
your kernel and set the immutable flag on the new one.
Since securelevel 1 or higher prevents unsetting the immutable
flag for any files on the system, the kernel installation needs
to be performed at securelevel 0 or lower.</para>
<para>The above only applies to &os; 4.X and earlier versions.
&os; 5.X, along with later versions, does not set the
immutable flag on the kernel and a failure to install a
kernel probably indicates a more fundamental problem.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>The kernel does not boot:<anchor
id="kernelconfig-noboot"></term>
@ -1597,8 +1428,9 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
an excellent mechanism for recovering from incompatible
kernels. Simply choose the kernel you want to boot from at
the &os; boot loader. You can access this when the system
counts down from 10 at the boot menu. Hit any key except for the
<keycap>Enter</keycap> key, type <command>unload</command>
boot menu appears. Select the <quote>Escape to a loader
prompt</quote> option, number six. At the prompt, type
<command>unload kernel</command>
and then type
<command>boot /boot/<replaceable>kernel.old</replaceable>/kernel</command>,
or the filename of any other kernel that will boot properly.
@ -1629,26 +1461,6 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
<screen>&prompt.root; <userinput>mv /boot/kernel /boot/kernel.bad</userinput>
&prompt.root; <userinput>mv /boot/<replaceable>kernel.good</replaceable> /boot/kernel</userinput></screen>
<para>For versions of &os; prior to 5.X, the proper command to
<quote>unlock</quote> the kernel file that
<command>make</command> installs (in order to move another
kernel back permanently) is:</para>
<screen>&prompt.root; <userinput>chflags noschg /kernel</userinput></screen>
<para>If you find you cannot do this, you are probably running
at a &man.securelevel.8; greater than zero. Edit
<literal>kern_securelevel</literal> in
<filename>/etc/rc.conf</filename> and set it to
<literal>-1</literal>, then reboot. You can change it back
to its previous setting when you are happy with your new
kernel.</para>
<para>And, if you want to <quote>lock</quote> your new kernel
into place, or any file for that matter, so that it cannot
be moved or tampered with:</para>
<screen>&prompt.root; <userinput>chflags schg /kernel</userinput></screen>
</note>
</listitem>
</varlistentry>
@ -1660,7 +1472,7 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
<listitem>
<para>If you have installed a different version of the kernel
from the one that the system utilities have been built with,
for example, a 5.X kernel on a 4.X system, many system-status
for example, a -CURRENT kernel on a -RELEASE, many system-status
commands like &man.ps.1; and &man.vmstat.8; will not work any
more. You should <link linkend="makeworld">recompile and install
a world</link> built with the same version of the source tree as
@ -1683,4 +1495,3 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
sgml-parent-document: ("../book.sgml" "part" "chapter")
End:
-->

20
en_US.ISO8859-1/books/handbook/l10n/chapter.sgml
View file

@ -493,13 +493,8 @@ keychange="<replaceable>fkey_number sequence</replaceable>"</programlisting>
<para>By default the mouse cursor of the &man.syscons.4; driver occupies the
0xd0-0xd3 range in the character set. If your language uses this
range, you need to move the cursor's range outside of it. To enable
the workaround for FreeBSD versions before 5.0, insert the following
line into your kernel configuration:</para>
<programlisting>options SC_MOUSE_CHAR=0x03</programlisting>
<para>For FreeBSD versions 4.4 and up insert the following line
into <filename>/etc/rc.conf</filename>:</para>
the workaround for &os;, add the following line to
<filename>/etc/rc.conf</filename>:</para>
<programlisting>mousechar_start=3</programlisting>
@ -734,19 +729,14 @@ keychange="<replaceable>fkey_number sequence</replaceable>"</programlisting>
<itemizedlist>
<listitem>
<para>For the FreeBSD versions before 5.0 add the following line
to your kernel configuration file:</para>
<programlisting>options SC_MOUSE_CHAR=0x03</programlisting>
<para>For FreeBSD versions 4.4 and up insert the following
line into <filename>/etc/rc.conf</filename>:</para>
<para>Add the following line
to your <filename>/etc/rc.conf</filename> file:</para>
<programlisting>mousechar_start=3</programlisting>
</listitem>
<listitem>
<para>Use following settings in
<para>Also, use following settings in
<filename>/etc/rc.conf</filename>:</para>
<programlisting>keymap="ru.koi8-r"

7
en_US.ISO8859-1/books/handbook/linuxemu/chapter.sgml
View file

@ -1562,8 +1562,7 @@ export PATH</programlisting>
<title>Installation of FreeBSD</title>
<para>First you have to install FreeBSD. There are several ways to do
this (FreeBSD&nbsp;4.3 was installed via FTP, FreeBSD&nbsp;4.5 directly from
the RELEASE CD) for more information read the <xref
this, for more information read the <xref
linkend="install-diff-media">.</para>
<sect3 id="disk-layout">
@ -2065,7 +2064,7 @@ options SEMUME=100 #number of UNDO keys</programlisting>
and <application>&oracle;</application>, therefore choose a larger
number of shared memory pages.</para>
<note><para>With the default installation of FreeBSD&nbsp;4.5 on &i386;,
<note><para>With the default installation of FreeBSD on &i386;,
leave <literal>MAXDSIZ</literal> and <literal>DFLDSIZ</literal> at 1&nbsp;GB maximum. Otherwise, strange
errors like <errorname>ORA-27102: out of memory</errorname> and
<errorname>Linux Error: 12: Cannot allocate memory</errorname>
@ -3036,7 +3035,7 @@ rscp/TCP0B = TCP0B</programlisting>
<sect3 id="ora-00001">
<title><errorcode>ORA-00001</errorcode></title>
<para>This error only happened with
<application>&oracle; 8.1.7</application> on FreeBSD&nbsp;4.5.
<application>&oracle; 8.1.7</application> on FreeBSD.
The reason was that the <application>&oracle;</application> database could not initialize itself
properly and crashed, leaving semaphores and shared memory on the
system. The next try to start the database then returned

79
en_US.ISO8859-1/books/handbook/multimedia/chapter.sgml
View file

@ -180,12 +180,6 @@
file with the <command>cat /dev/sndstat</command>
command.</para>
<note>
<para>Under &os;&nbsp;4.X, to load all sound drivers, you have
to load the <filename>snd</filename> module instead of
<filename>snd_driver</filename>.</para>
</note>
<para>A second method is to statically
compile in support for your sound card in your kernel. The
section below provides the information you need to add support
@ -202,11 +196,6 @@
<programlisting>device sound</programlisting>
<para>Under &os;&nbsp;4.X, you would use the following
line:</para>
<programlisting>device pcm</programlisting>
<para>Then we have to add the support for our sound card.
Therefore, we need to know which driver supports the card.
Check the supported audio devices list of the <ulink
@ -221,9 +210,7 @@
<para>Be sure to read the manual page of the driver for the
syntax to use. Information regarding the syntax of sound
drivers in the kernel configuration can also be found in the
<filename>/usr/src/sys/conf/NOTES</filename> file
(<filename>/usr/src/sys/i386/conf/LINT</filename> for
&os;&nbsp;4.X).</para>
<filename>/usr/src/sys/conf/NOTES</filename> file.</para>
<para>Non-PnP ISA cards may require you to provide the kernel
with information on the sound card settings (IRQ, I/O port,
@ -253,23 +240,12 @@ hint.sbc.0.flags="0x15"</programlisting>
<para>The syntax used in the
<filename>/boot/device.hints</filename> file is covered in the
sound driver manual page. On &os;&nbsp;4.X, these settings
are directly written in the kernel configuration file. In the
case of our ISA card, we would only use this line:</para>
<programlisting>device sbc0 at isa? port 0x220 irq 5 drq 1 flags 0x15</programlisting>
are directly written in the kernel configuration file.</para>
<para>The settings shown above are the defaults. In some
cases, you may need to change the IRQ or the other settings to
match your card. See the &man.snd.sbc.4; manual page for more
information.</para>
<note>
<para>Under &os;&nbsp;4.X, some systems with built-in
motherboard sound devices may require the following option in
the kernel configuration:</para>
<programlisting>options PNPBIOS</programlisting>
</note>
</sect3>
</sect2>
@ -320,25 +296,6 @@ kld snd_ich (1p/2r/0v channels duplex default)</screen>
This command line should produce some noise, confirming the
sound card is actually working.</para>
<note>
<para>&os;&nbsp;4.X users need to create the sound card device
nodes before being able to use it. If the card showed up in
message buffer as <devicename>pcm0</devicename>, you will have
to run the following as <username>root</username>:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV snd0</userinput></screen>
<para>If the card detection returned <devicename>pcm1</devicename>,
follow the same steps as shown above, replacing
<devicename>snd0</devicename> with
<devicename>snd1</devicename>.</para>
<para><command>MAKEDEV</command> will create a group of device
nodes that will be used by the different sound related
applications.</para>
</note>
<para>Sound card mixer levels can be changed via the &man.mixer.8;
command. More details can be found in the &man.mixer.8; manual
page.</para>
@ -775,10 +732,6 @@ link acd0 rdvd</programlisting>
<primary>kernel options</primary>
<secondary>CPU_ENABLE_SSE</secondary>
</indexterm>
<indexterm>
<primary>kernel options</primary>
<secondary>USER_LDT</secondary>
</indexterm>
<para>Some of the ports discussed rely on the following kernel
options to build correctly. Before attempting to build, add
@ -786,12 +739,6 @@ link acd0 rdvd</programlisting>
<programlisting>options CPU_ENABLE_SSE</programlisting>
<note>
<para>On &os;&nbsp;4.X <literal>options USER_LDT</literal> should
be added to the kernel configuration file. This option is not
available on &os;&nbsp;5.X and later version.</para>
</note>
<para>To enhance the shared memory X11 interface, it is
recommended that the values of some &man.sysctl.8; variables
should be increased:</para>
@ -1475,10 +1422,7 @@ bktr0: Pinnacle/Miro TV, Philips SECAM tuner.</programlisting>
<para>See the &man.bktr.4; manual page and the
<filename>/usr/src/sys/conf/NOTES</filename> file for more
details on the available options. (If you are under
&os;&nbsp;4.X, <filename>/usr/src/sys/conf/NOTES</filename> is
replaced with
<filename>/usr/src/sys/i386/conf/LINT</filename>.)</para>
details on the available options.</para>
</sect2>
<sect2>
@ -1617,14 +1561,6 @@ device uscanner</programlisting>
<para>This shows that our scanner is using the
<filename>/dev/uscanner0</filename> device node.</para>
<note>
<para>On &os;&nbsp;4.X, the USB daemon (&man.usbd.8;) must
be running to be able to see some USB devices. To enable
this, add <literal>usbd_enable="YES"</literal> to your
<filename>/etc/rc.conf</filename> file and reboot the
machine.</para>
</note>
</sect3>
<sect3>
@ -1636,8 +1572,8 @@ device uscanner</programlisting>
your kernel configuration file. The
<filename>GENERIC</filename> kernel supports the most common
SCSI controllers. Be sure to read the
<filename>NOTES</filename> file (<filename>LINT</filename>
under &os;&nbsp;4.X) and add the correct line to your kernel
<filename>NOTES</filename> file
and add the correct line to your kernel
configuration file. In addition to the SCSI adapter driver,
you need to have the following lines in your kernel
configuration file:</para>
@ -1839,10 +1775,7 @@ add path uscanner0 mode 660</programlisting>
<programlisting>devfs_system_ruleset="system"</programlisting>
<para>More information regarding these lines can be found in the
&man.devfs.8; manual page. Under &os;&nbsp;4.X, the
<groupname>operator</groupname> group has, by default, read
and write permissions to
<filename>/dev/uscanner0</filename>.</para>
&man.devfs.8; manual page.</para>
<note>
<para>Of course, for security reasons, you should think twice

26
en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
View file

@ -573,14 +573,6 @@ server-program-arguments</programlisting>
order for this to function properly a few processes have to be
configured and running.</para>
<note><para>Under &os;&nbsp;4.X, the <application>portmap</application>
utility is used in place of the
<application>rpcbind</application> utility. Thus, in &os;&nbsp;4.X
the user is required to replace every instance of
<application>rpcbind</application> with
<application>portmap</application> in the forthcoming
examples.</para></note>
<para>The server has to be running the following daemons:</para>
<indexterm>
<primary>NFS</primary>
@ -594,9 +586,6 @@ server-program-arguments</programlisting>
<indexterm>
<primary><application>rpcbind</application></primary>
</indexterm>
<indexterm>
<primary><application>portmap</application></primary>
</indexterm>
<indexterm>
<primary><application>mountd</application></primary>
</indexterm>
@ -1189,9 +1178,7 @@ Exports list on foobar:
network protocol used by NIS). If
<application>rpcbind</application> is not running, it
will be impossible to run an NIS server, or to act as
an NIS client (Under &os;&nbsp;4.X
<application>portmap</application> is used in place of
<application>rpcbind</application>).</entry>
an NIS client.</entry>
</row>
<row>
<entry><application>ypbind</application></entry>
@ -2592,8 +2579,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<listitem>
<para>Make sure that the <devicename>bpf</devicename>
device is compiled into your kernel. To do this, add
<literal>device bpf</literal> (<literal>pseudo-device
bpf</literal> under &os;&nbsp;4.X) to your kernel
<literal>device bpf</literal> to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see <xref
linkend="kernelconfig">.</para> <para>The
@ -2722,8 +2708,7 @@ dhcp_flags=""</programlisting>
<para>In order to configure your FreeBSD system as a DHCP
server, you will need to ensure that the &man.bpf.4;
device is compiled into your kernel. To do this, add
<literal>device bpf</literal> (<literal>pseudo-device
bpf</literal> under &os;&nbsp;4.X) to your kernel
<literal>device bpf</literal> to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see <xref
linkend="kernelconfig">.</para>
@ -4713,11 +4698,6 @@ driftfile /var/db/ntp.drift</programlisting>
<filename>/etc/rc.conf</filename>. For example:</para>
<screen>&prompt.root; <userinput>ntpd -p /var/run/ntpd.pid</userinput></screen>
<note>
<para>Under &os;&nbsp;4.X,
you have to replace every instance of <literal>ntpd</literal>
with <literal>xntpd</literal> in the options above.</para></note>
</sect2>
<sect2>

65
en_US.ISO8859-1/books/handbook/ppp-and-slip/chapter.sgml
View file

@ -246,40 +246,6 @@
</sect3>
<sect3>
<title>Creating PPP Device Nodes</title>
<indexterm><primary>PPP</primary><secondary>creating device nodes</secondary></indexterm>
<para>Under normal circumstances, most users will only need
one <devicename>tun</devicename> device
(<filename>/dev/tun0</filename>). References to
<devicename>tun0</devicename> below may be changed to
<devicename>tun<replaceable>N</replaceable></devicename>
where <replaceable>N</replaceable> is any unit number
corresponding to your system.</para>
<para>For FreeBSD installations that do not have &man.devfs.5; enabled
(FreeBSD&nbsp;4.X and earlier), the existence of the
<devicename>tun0</devicename> device should be verified (this is not
necessary if &man.devfs.5; is enabled as device nodes will be created
on demand).</para>
<para>The easiest way to make sure that the
<devicename>tun0</devicename> device is configured correctly
is to remake the device. To remake the device, do the
following:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV tun0</userinput></screen>
<para>If you need 16 tunnel devices in your kernel, you will need
to create them. This can be done by executing the following
commands:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV tun15</userinput></screen>
</sect3>
<sect3>
<title>Automatic <application>PPP</application> Configuration</title>
@ -1789,15 +1755,7 @@ exit 1
ports we need. If your modem acts like a standard serial
port then you should see it listed on
<devicename>sio1</devicename>, or <devicename>COM2</devicename>. If so, you are not
required to rebuild the kernel, you just need to make the
serial device. You can do this by changing your directory
to <filename>/dev</filename> and running the
<filename>MAKEDEV</filename> script like above. Now make
the serial devices with:</para>
<screen>&prompt.root; <userinput>sh MAKEDEV cuaa0 cuaa1 cuaa2 cuaa3</userinput></screen>
<para>which will create the serial devices for your system.
required to rebuild the kernel.
When matching up sio modem is on <devicename>sio1</devicename> or
<devicename>COM2</devicename> if you are in DOS, then your
modem device would be <filename>/dev/cuaa1</filename>.</para>
@ -2474,11 +2432,6 @@ tun0: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500
<programlisting>device sl</programlisting>
<para>Under &os;&nbsp;4.X, use instead the following
line:</para>
<programlisting>pseudo-device sl 1</programlisting>
<para>It is included in the <filename>GENERIC</filename> kernel, so
this should not be a problem unless you have deleted it.</para>
@ -2825,18 +2778,6 @@ water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
<programlisting>device sl</programlisting>
<para>Under &os;&nbsp;4.X, use instead the following
line:</para>
<programlisting>pseudo-device sl 2</programlisting>
<note>
<para>The number at the end of the line is the maximum
number of SLIP connections that may be operating
simultaneously. Since &os;&nbsp;5.0, the &man.sl.4;
driver is <quote>auto-cloning</quote>.</para>
</note>
<para>By default, your &os; machine will not forward packets.
If you want your FreeBSD SLIP Server to act as a router, you
will have to edit the <filename>/etc/rc.conf</filename> file and
@ -2896,9 +2837,7 @@ water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
(resolved to IP addresses by
<filename>/etc/hosts</filename> or by the domain name
service, depending on your specifications in the file
<filename>/etc/nsswitch.conf</filename>,
or in <filename>/etc/host.conf</filename>
if you use FreeBSD&nbsp;4.X), and the network mask may be
<filename>/etc/nsswitch.conf</filename>), and the network mask may be
a name that can be resolved by a lookup into
<filename>/etc/networks</filename>. On a sample system,
<filename>/etc/sliphome/slip.hosts</filename> looks like

100
en_US.ISO8859-1/books/handbook/printing/chapter.sgml
View file

@ -531,69 +531,14 @@ ppc0: FIFO with 16/16/8 bytes threshold</screen>
follows.</para>
</sect4>
</sect3>
<sect3 id="printing-dev-ports">
<title>Adding <filename>/dev</filename> Entries for the
Ports</title>
<note><para>FreeBSD&nbsp;5.0 includes the <literal>devfs</literal>
filesystem which automatically creates device nodes as
needed. If you are running a version of FreeBSD with
<literal>devfs</literal> enabled then you can safely skip
this section.</para></note>
<para>Even though the kernel may support communication along a
serial or parallel port, you will still need a software
interface through which programs running on the system can
send and receive data. That is what entries in the
<filename>/dev</filename> directory are for.</para>
<para><emphasis>To add a <filename>/dev</filename> entry for a
port:</emphasis></para>
<procedure>
<step>
<para>Become <username>root</username> with the &man.su.1; command.
Enter the <username>root</username> password when prompted.</para>
</step>
<step>
<para>Change to the <filename>/dev</filename>
directory:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput></screen>
</step>
<step>
<para>Type:</para>
<screen>&prompt.root; <userinput>./MAKEDEV <replaceable>port</replaceable></userinput></screen>
<para>Where <replaceable>port</replaceable> is the device
entry for the port you want to make. Use
<literal>lpt0</literal> for the printer on the first parallel port,
<literal>lpt1</literal> for the printer on the second port, and so on; use
<literal>ttyd0</literal> for the first serial port,
<literal>ttyd1</literal> for the second, and so on.</para>
</step>
<step>
<para>Type:</para>
<screen>&prompt.root; <userinput>ls -l <replaceable>port</replaceable></userinput></screen>
<para>to make sure the device entry got created.</para>
</step>
</procedure>
<sect4 id="printing-parallel-port-mode">
<sect3 id="printing-parallel-port-mode">
<title>Setting the Communication Mode for the Parallel
Port</title>
<para>When you are using the parallel interface, you can choose
whether FreeBSD should use interrupt-driven or polled
communication with the printer. The generic printer
device driver (&man.lpt.4;) on FreeBSD&nbsp;4.X and 5.X
device driver (&man.lpt.4;) on FreeBSD
uses the &man.ppbus.4; system, which controls the port
chipset with the &man.ppc.4; driver.</para>
@ -638,15 +583,7 @@ ppc0: FIFO with 16/16/8 bytes threshold</screen>
<itemizedlist>
<listitem>
<para>If you want interrupt-driven mode, for FreeBSD&nbsp;4.X add the
<literal>irq</literal> specifier:</para>
<programlisting>device ppc0 at isa? irq <replaceable>N</replaceable></programlisting>
<para>Where <replaceable>N</replaceable> is the IRQ
number for your computer's parallel port.</para>
<para>For FreeBSD&nbsp;5.X, edit the following line:</para>
<para>If you want interrupt-driven mode, edit the following line:</para>
<programlisting>hint.ppc.0.irq="<replaceable>N</replaceable>"</programlisting>
@ -660,22 +597,14 @@ ppc0: FIFO with 16/16/8 bytes threshold</screen>
</listitem>
<listitem>
<para>If you want polled mode, do not add the
<literal>irq</literal> specifier:</para>
<para>For FreeBSD&nbsp;4.X, use the following line in
your kernel configuration file:</para>
<programlisting>device ppc0 at isa?</programlisting>
<para>For FreeBSD&nbsp;5.X, simply remove in your
<para>If you want polled mode, remove in your
<filename>/boot/device.hints</filename> file, the
following line:</para>
<programlisting>hint.ppc.0.irq="<replaceable>N</replaceable>"</programlisting>
<para>In some cases, this is not enough to put the
port in polled mode under FreeBSD&nbsp;5.X. Most of
port in polled mode under FreeBSD. Most of
time it comes from &man.acpi.4; driver, this latter
is able to probe and attach devices, and therefore,
control the access mode to the printer port. You
@ -720,9 +649,9 @@ ppc0: FIFO with 16/16/8 bytes threshold</screen>
<filename>/etc/rc.local</filename> file to set the mode each
time your system boots. See &man.lptcontrol.8; for more
information.</para>
</sect4>
</sect3>
<sect4 id="printing-testing">
<sect3 id="printing-testing">
<title>Checking Printer Communications</title>
<para>Before proceeding to configure the spooling system, you
@ -761,7 +690,7 @@ showpage</programlisting>
accommodations.</para>
</note>
<sect5 id="printing-checking-parallel">
<sect4 id="printing-checking-parallel">
<title>Checking a Parallel Printer</title>
<indexterm>
@ -825,9 +754,9 @@ showpage</programlisting>
<para>You should see something print. Do not worry if the
text does not look right; we will fix such things
later.</para>
</sect5>
</sect4>
<sect5 id="printing-checking-serial">
<sect4 id="printing-checking-serial">
<title>Checking a Serial Printer</title>
<indexterm>
@ -922,9 +851,8 @@ showpage</programlisting>
<para>You should see something print. Do not worry if the
text does not look right; we will fix that later.</para>
</sect5>
</sect4>
</sect3>
</sect4>
</sect3>
<sect3 id="printing-printcap">
<title>Enabling the Spooler: the <filename>/etc/printcap</filename>
@ -1195,8 +1123,8 @@ bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
<sect4 id="printing-device">
<title>Identifying the Printer Device</title>
<para>In the <link linkend="printing-dev-ports">Adding
<filename>/dev</filename> Entries for the Ports</link>
<para>In the
Entries for the Ports
section, we identified which entry in the
<filename>/dev</filename> directory FreeBSD will use to
communicate with the printer. Now, we tell

272
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -62,7 +62,7 @@
<listitem>
<para>How to set up <application>Kerberos5</application> on
post &os; 5.0 releases.</para>
&os;.</para>
</listitem>
<listitem>
@ -883,12 +883,9 @@
server to saturate its outgoing network with ICMP responses. This
type of attack can also crash the server by running it out of
mbuf's, especially if the server cannot drain the ICMP responses
it generates fast enough. &os; 4.X kernels have a kernel
compile option called <option>ICMP_BANDLIM</option>
which limits the effectiveness
of these sorts of attacks.
Later kernels use the <application>sysctl</application>
variable <literal>net.inet.icmp.icmplim</literal>.
it generates fast enough.
Use the <application>sysctl</application>
variable <literal>net.inet.icmp.icmplim</literal> to limit these attacks.
The last major class of springboard
attacks is related to certain internal
<application>inetd</application> services such as the
@ -1036,11 +1033,7 @@
<sect2>
<title>Recognizing Your Crypt Mechanism</title>
<para>Before &os;&nbsp;4.4 <filename>libcrypt.a</filename> was a
symbolic link pointing to the library which was used for
encryption. &os;&nbsp;4.4 changed <filename>libcrypt.a</filename> to
provide a configurable password authentication hash library.
Currently the library supports DES, MD5 and Blowfish hash
<para>Currently the library supports DES, MD5 and Blowfish hash
functions. By default &os; uses MD5 to encrypt
passwords.</para>
@ -1076,51 +1069,42 @@
<secondary>one-time passwords</secondary>
</indexterm>
<para>S/Key is a one-time password scheme based on a one-way hash
function. &os; uses the MD4 hash for compatibility but other
systems have used MD5 and DES-MAC. S/Key has been part of the
&os; base system since version 1.1.5 and is also used on a
growing number of other operating systems. S/Key is a registered
trademark of Bell Communications Research, Inc.</para>
<para>From version 5.0 of &os;, S/Key has been replaced with
the functionally equivalent OPIE (One-time Passwords In
Everything). OPIE uses the MD5 hash by default.</para>
<para>By default, &os; includes suppor for OPIE (One-time Passwords
In Everything), which uses the MD5 hash by default.</para>
<para>There are three different sorts of passwords which we will discuss
below. The first is your usual &unix; style or
Kerberos password; we will call this a <quote>&unix; password</quote>.
The second sort is the one-time password which is generated by the
S/Key <command>key</command> program or the OPIE
The second sort is the one-time password which is generated by the OPIE
&man.opiekey.1; program and accepted by the
<command>keyinit</command> or &man.opiepasswd.1; programs
&man.opiepasswd.1; program
and the login prompt; we will
call this a <quote>one-time password</quote>. The final sort of
password is the secret password which you give to the
<command>key</command>/<command>opiekey</command> programs (and
<command>opiekey</command> program (and
sometimes the
<command>keyinit</command>/<command>opiepasswd</command> programs)
<command>opiepasswd</command> programs)
which it uses to generate
one-time passwords; we will call it a <quote>secret password</quote>
or just unqualified <quote>password</quote>.</para>
<para>The secret password does not have anything to do with your &unix;
password; they can be the same but this is not recommended. S/Key
and OPIE secret passwords are not limited to 8 characters like old
password; they can be the same but this is not recommended.
OPIE secret passwords are not limited to 8 characters like old
&unix; passwords<footnote><para>Under &os; the standard login
password may be up to 128 characters in length.</para></footnote>,
they can be as long as you like. Passwords of six or
seven word long phrases are fairly common. For the most part, the
S/Key or OPIE system operates completely independently of the &unix;
OPIE system operates completely independently of the &unix;
password system.</para>
<para>Besides the password, there are two other pieces of data that
are important to S/Key and OPIE. One is what is known as the
are important to OPIE. One is what is known as the
<quote>seed</quote> or <quote>key</quote>, consisting of two letters
and five digits. The other is what is called the <quote>iteration
count</quote>, a number between 1 and 100. S/Key creates the
count</quote>, a number between 1 and 100. OPIE creates the
one-time password by concatenating the seed and the secret password,
then applying the MD4/MD5 hash as many times as specified by the
then applying the MD5 hash as many times as specified by the
iteration count and turning the result into six short English words.
These six English words are your one-time password. The
authentication system (primarily PAM) keeps
@ -1130,58 +1114,42 @@
impossible to generate future one-time passwords if a successfully
used password is captured; the iteration count is decremented after
each successful login to keep the user and the login program in
sync. When the iteration count gets down to 1, S/Key and OPIE must be
sync. When the iteration count gets down to 1, OPIE must be
reinitialized.</para>
<para>There are three programs involved in each system
which we will discuss below. The <command>key</command> and
<para>There are a few programs involved in each system
which we will discuss below. The
<command>opiekey</command> programs accept an iteration
count, a seed, and a secret password, and generate a one-time
password or a consecutive list of one-time passwords. The
<command>keyinit</command> and <command>opiepasswd</command>
programs are used to initialize S/Key and OPIE respectively,
and to change passwords, iteration counts, or seeds; they
take either a secret passphrase, or an iteration count,
seed, and one-time password. The <command>keyinfo</command>
and <command>opieinfo</command> programs examine the
relevant credentials files (<filename>/etc/skeykeys</filename> or
<filename>/etc/opiekeys</filename>) and print out the invoking user's
<command>opiepasswd</command>
programs are used to initialize OPIE respectively,
and to change passwords, iteration counts, or seeds; it
takes either a secret passphrase, or an iteration count,
seed, and a one-time password. The
<command>opieinfo</command> program will examine the
relevant credentials files
(<filename>/etc/opiekeys</filename>) and print out the invoking user's
current iteration count and seed.</para>
<para>There are four different sorts of operations we will cover. The
first is using <command>keyinit</command> or
first is using
<command>opiepasswd</command> over a secure connection to set up
one-time-passwords for the first time, or to change your password
or seed. The second operation is using <command>keyinit</command>
or <command>opiepasswd</command> over an insecure connection, in
conjunction with <command>key</command> or <command>opiekey</command>
or seed. The second operation is using
<command>opiepasswd</command> over an insecure connection, in
conjunction with <command>opiekey</command>
over a secure connection, to do the same. The third is using
<command>key</command>/<command>opiekey</command> to log in over
an insecure connection. The fourth is using <command>key</command>
or <command>opiekey</command> to generate a number of keys which
<command>opiekey</command> to log in over
an insecure connection. The fourth is using
<command>opiekey</command> to generate a number of keys which
can be written down or printed out to carry with you when going to
some location without secure connections to anywhere.</para>
<sect2>
<title>Secure Connection Initialization</title>
<para>To initialize S/Key for the first time, change your password,
or change your seed while logged in over a secure connection
(e.g. on the console of a machine or via <application>ssh</application>), use the
<command>keyinit</command> command without any parameters while
logged in as yourself:</para>
<screen>&prompt.user; <userinput>keyinit</userinput>
Adding unfurl:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password:
Again secret password:
ID unfurl s/key is 99 to17757
DEFY CLUB PRO NASH LACE SOFT</screen>
<para>For OPIE, <command>opiepasswd</command> is used instead:</para>
<para>To initialize OPIE for the first time, execute the
<command>opiepasswd</command> command:</para>
<screen>&prompt.user; <userinput>opiepasswd -c</userinput>
[grimreaper] ~ $ opiepasswd -f -c
@ -1215,27 +1183,13 @@ MOS MALL GOAT ARM AVID COED
<para>To initialize or change your secret password over an
insecure connection, you will need to already have a secure
connection to some place where you can run <command>key</command>
or <command>opiekey</command>; this might be in the form of a
desk accessory on a &macintosh;, or a shell prompt on a machine you
connection to some place where you can run
<command>opiekey</command>; this might be in the form of a shell
prompt on a machine you
trust. You will also need to make up an iteration count (100 is
probably a good value), and you may make up your own seed or use a
randomly-generated one. Over on the insecure connection (to the
machine you are initializing), use the <command>keyinit
-s</command> command:</para>
<screen>&prompt.user; <userinput>keyinit -s</userinput>
Updating unfurl:
Old key: to17758
Reminder you need the 6 English words from the key command.
Enter sequence count from 1 to 9999: <userinput>100</userinput>
Enter new key [default to17759]:
s/key 100 to 17759
s/key access password:
s/key access password:<userinput>CURE MIKE BANE HIM RACY GORE</userinput>
</screen>
<para>For OPIE, you need to use <command>opiepasswd</command>:</para>
machine you are initializing), use <command>opiepasswd</command>:</para>
<screen>&prompt.user; <userinput>opiepasswd</userinput>
@ -1252,19 +1206,10 @@ ID mark OTP key is 499 gr4269
LINE PAP MILK NELL BUOY TROY
</screen>
<para>To accept the default seed (which the
<command>keyinit</command> program confusingly calls a
<literal>key</literal>), press <keycap>Return</keycap>.
<para>To accept the default seed press <keycap>Return</keycap>.
Then before entering an
access password, move over to your secure connection or S/Key desk
accessory, and give it the same parameters:</para>
<screen>&prompt.user; <userinput>key 100 to17759</userinput>
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <userinput>&lt;secret password&gt;</userinput>
CURE MIKE BANE HIM RACY GORE</screen>
<para>Or for OPIE:</para>
access password, move over to your secure connection and give it
the same parameters:</para>
<screen>&prompt.user; <userinput>opiekey 498 to4268</userinput>
Using the MD5 algorithm to compute response.
@ -1280,7 +1225,7 @@ GAME GAG WELT OUT DOWN CHAT
<sect2>
<title>Generating a Single One-time Password</title>
<para>Once you have initialized S/Key or OPIE, when you login you will be
<para>Once you have initialized OPIE and login, you will be
presented with a prompt like this:</para>
<screen>&prompt.user; <userinput>telnet example.com</userinput>
@ -1290,24 +1235,11 @@ Escape character is '^]'.
FreeBSD/i386 (example.com) (ttypa)
login: <userinput>&lt;username&gt;</userinput>
s/key 97 fw13894
Password: </screen>
<para>Or for OPIE:</para>
<screen>&prompt.user; <userinput>telnet example.com</userinput>
Trying 10.0.0.1...
Connected to example.com
Escape character is '^]'.
FreeBSD/i386 (example.com) (ttypa)
login: <userinput>&lt;username&gt;</userinput>
otp-md5 498 gr4269 ext
Password: </screen>
<para>As a side note, the S/Key and OPIE prompts have a useful feature
<para>As a side note, the OPIE prompts have a useful feature
(not shown here): if you press <keycap>Return</keycap>
at the password prompt, the
prompter will turn echo on, so you can see what you are
@ -1320,22 +1252,15 @@ Password: </screen>
<para>At this point you need to generate your one-time password to
answer this login prompt. This must be done on a trusted system
that you can run <command>key</command> or
that you can run
<command>opiekey</command> on. (There are versions of these for DOS,
&windows; and &macos; as well.) They need both the iteration count and
&windows; and &macos; as well.) They need the iteration count and
the seed as command line options. You can cut-and-paste these
right from the login prompt on the machine that you are logging
in to.</para>
<para>On the trusted system:</para>
<screen>&prompt.user; <userinput>key 97 fw13894</userinput>
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password:
WELD LIP ACTS ENDS ME HAAG</screen>
<para>For OPIE:</para>
<screen>&prompt.user; <userinput>opiekey 498 to4268</userinput>
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
@ -1343,15 +1268,7 @@ Enter secret pass phrase:
GAME GAG WELT OUT DOWN CHAT</screen>
<para>Now that you have your one-time password you can continue
logging in:</para>
<screen>login: <userinput>&lt;username&gt;</userinput>
s/key 97 fw13894
Password: <userinput>&lt;return to enable echo&gt;</userinput>
s/key 97 fw13894
Password [echo on]: WELD LIP ACTS ENDS ME HAAG
Last login: Tue Mar 21 11:56:41 from 10.0.0.2 ... </screen>
logging in.</para>
</sect2>
<sect2>
@ -1359,22 +1276,11 @@ Last login: Tue Mar 21 11:56:41 from 10.0.0.2 ... </screen>
<para>Sometimes you have to go places where you do not have
access to a trusted machine or secure connection. In this case,
it is possible to use the <command>key</command> and
<command>opiekey</command> commands to
it is possible to use the
<command>opiekey</command> command to
generate a number of one-time passwords beforehand to be printed
out and taken with you. For example:</para>
<screen>&prompt.user; <userinput>key -n 5 30 zz99999</userinput>
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: <userinput>&lt;secret password&gt;</userinput>
26: SODA RUDE LEA LIND BUDD SILT
27: JILT SPY DUTY GLOW COWL ROT
28: THEM OW COLA RUNT BONG SCOT
29: COT MASH BARR BRIM NAN FLAG
30: CAN KNEE CAST NAME FOLK BILK</screen>
<para>Or for OPIE:</para>
<screen>&prompt.user; <userinput>opiekey -n 5 30 zz99999</userinput>
Using the MD5 algorithm to compute response.
Reminder: Don't use opiekey from telnet or dial-in sessions.
@ -1399,52 +1305,10 @@ Enter secret pass phrase: <userinput>&lt;secret password&gt;</userinput>
<sect2>
<title>Restricting Use of &unix; Passwords</title>
<para>S/Key can place restrictions on the use of &unix; passwords based
on the host name, user name, terminal port, or IP address of a
login session. These restrictions can be found in the
configuration file <filename>/etc/skey.access</filename>. The
&man.skey.access.5; manual page has more information on the complete
format of the file and also details some security cautions to be
aware of before depending on this file for security.</para>
<para>If there is no <filename>/etc/skey.access</filename> file
(this is the default on &os;&nbsp;4.X systems), then all users will
be allowed to use &unix; passwords. If the file exists, however,
then all users will be required to use S/Key unless explicitly
permitted to do otherwise by configuration statements in the
<filename>skey.access</filename> file. In all cases, &unix;
passwords are permitted on the console.</para>
<para>Here is a sample <filename>skey.access</filename> configuration
file which illustrates the three most common sorts of configuration
statements:</para>
<programlisting>permit internet 192.168.0.0 255.255.0.0
permit user fnord
permit port ttyd0</programlisting>
<para>The first line (<literal>permit internet</literal>) allows
users whose IP source address (which is vulnerable to spoofing)
matches the specified value and mask, to use &unix; passwords. This
should not be considered a security mechanism, but rather, a means
to remind authorized users that they are using an insecure network
and need to use S/Key for authentication.</para>
<para>The second line (<literal>permit user</literal>) allows the
specified username, in this case <username>fnord</username>, to use
&unix; passwords at any time. Generally speaking, this should only
be used for people who are either unable to use the
<command>key</command> program, like those with dumb terminals, or
those who are ineducable.</para>
<para>The third line (<literal>permit port</literal>) allows all
users logging in on the specified terminal line to use &unix;
passwords; this would be used for dial-ups.</para>
<para>OPIE can restrict the use of &unix; passwords based on the IP
address of a login session just like S/Key does. The relevant file
is <filename>/etc/opieaccess</filename>, which is present by default
on &os;&nbsp;5.0 and newer systems. Please check &man.opieaccess.5;
address of a login session. The relevant file
is <filename>/etc/opieaccess</filename>, which is present by default.
Please check &man.opieaccess.5;
for more information on this file and which security considerations
you should be aware of when using it.</para>
@ -2341,11 +2205,6 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
kadmind5_server_enable="YES"
kerberos_stash="YES"</programlisting>
<note>
<para>The <option>kerberos_stash</option> is only available in
&os;&nbsp;4.X.</para>
</note>
<para>Next we will set up your <application>Kerberos</application>
config file, <filename>/etc/krb5.conf</filename>:</para>
@ -3234,7 +3093,7 @@ Connection closed by foreign host.</screen>
IPv6.</para>
<note>
<para>FreeBSD 5.X contains a <quote>hardware
<para>FreeBSD contains a <quote>hardware
accelerated</quote> IPsec stack, known as <quote>Fast
IPsec</quote>, that was obtained from OpenBSD. It employs
cryptographic hardware (whenever possible) via the
@ -3552,36 +3411,31 @@ Network #2 [ Internal Hosts ]
<para>Configuring the tunnel is a two step process. First the
tunnel must be told what the outside (or public) IP addresses
are, using &man.gifconfig.8;. Then the private IP addresses must be
are, using &man.ifconfig.8;. Then the private IP addresses must be
configured using &man.ifconfig.8;.</para>
<note>
<para>In &os;&nbsp;5.X, the functionality provided by the
&man.gifconfig.8; utility has been merged into
&man.ifconfig.8;.</para></note>
<para>On the gateway machine on network #1 you would run the
following two commands to configure the tunnel.</para>
<programlisting>gifconfig gif0 A.B.C.D W.X.Y.Z
<programlisting>ifconfig gif0 A.B.C.D W.X.Y.Z
ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff
</programlisting>
<para>On the other gateway machine you run the same commands,
but with the order of the IP addresses reversed.</para>
<programlisting>gifconfig gif0 W.X.Y.Z A.B.C.D
<programlisting>ifconfig gif0 W.X.Y.Z A.B.C.D
ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
</programlisting>
<para>You can then run:</para>
<programlisting>gifconfig gif0</programlisting>
<programlisting>ifconfig gif0</programlisting>
<para>to see the configuration. For example, on the network #1
gateway, you would see this:</para>
<screen>&prompt.root; <userinput>gifconfig gif0</userinput>
<screen>&prompt.root; <userinput>ifconfig gif0</userinput>
gif0: flags=8011&lt;UP,POINTTOPOINT,MULTICAST&gt; mtu 1280
inet 192.168.1.1 --&gt; 192.168.2.1 netmask 0xffffffff
physical address inet A.B.C.D --&gt; W.X.Y.Z
@ -4215,8 +4069,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<para><application>OpenSSH</application> is maintained by the OpenBSD project, and is based
upon SSH v1.2.12 with all the recent bug fixes and updates. It
is compatible with both SSH protocols 1 and 2. <application>OpenSSH</application> has been
in the base system since FreeBSD&nbsp;4.0.</para>
is compatible with both SSH protocols 1 and 2.</para>
<sect2>
<title>Advantages of Using OpenSSH</title>
@ -4236,8 +4089,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<secondary>enabling</secondary>
</indexterm>
<para>The <application>sshd</application> daemon is enabled by
default on &os;&nbsp;4.X. In &os; 5.X and later enabling
<para>The
<application>sshd</application> is an option presented during
a <literal>Standard</literal> install of &os;. To see if
<application>sshd</application> is enabled, check the

77
en_US.ISO8859-1/books/handbook/serialcomms/chapter.sgml
View file

@ -541,16 +541,6 @@ sio3: type 16550A</screen>
also comment-out or completely remove lines for devices you do not
have.</para>
<para>On &os;&nbsp;4.X you have to edit your kernel configuration file.
For detailed information on configuring your kernel, please see <xref
linkend="kernelconfig">. The relevant device lines would look like
this:</para>
<programlisting>device sio0 at isa? port IO_COM1 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? port IO_COM3 irq 5
device sio3 at isa? port IO_COM4 irq 9</programlisting>
<para>Please refer to the &man.sio.4; manual page for
more information on serial ports and multiport boards configuration.
Be careful if you are using a configuration
@ -589,14 +579,14 @@ device sio3 at isa? port IO_COM4 irq 9</programlisting>
&os;&nbsp;6.X,
<filename>/dev/ttyid<replaceable>N</replaceable></filename> and
<filename>/dev/cuaia<replaceable>N</replaceable></filename> on
&os;&nbsp;5.X and older) and
&os;&nbsp;5.X) and
locking devices
(<filename>/dev/ttyd<replaceable>N</replaceable>.lock</filename> and
<filename>/dev/cuad<replaceable>N</replaceable>.lock</filename> on
&os;&nbsp;6.X,
<filename>/dev/ttyld<replaceable>N</replaceable></filename> and
<filename>/dev/cuala<replaceable>N</replaceable></filename> on
&os;&nbsp;5.X and older). The
&os;&nbsp;5.X). The
initialization devices are used to initialize communications port
parameters each time a port is opened, such as
<literal>crtscts</literal> for modems which use
@ -606,52 +596,6 @@ device sio3 at isa? port IO_COM4 irq 9</programlisting>
&man.sio.4;, and &man.stty.1; for
information on the terminal settings, locking and initializing
devices, and setting terminal options, respectively.</para>
<sect3>
<title>Making Device Special Files</title>
<note><para>FreeBSD&nbsp;5.0 includes the &man.devfs.5;
filesystem which automatically creates device nodes as
needed. If you are running a version of FreeBSD with
<literal>devfs</literal> enabled then you can safely skip
this section.</para></note>
<para>A shell script called <command>MAKEDEV</command> in the
<filename>/dev</filename> directory manages the device special
files. To use <command>MAKEDEV</command> to make dial-up device
special files for <devicename>COM1</devicename> (port 0),
<command>cd</command> to <filename>/dev</filename> and issue the
command <command>MAKEDEV ttyd0</command>. Likewise, to make dial-up
device special files for <devicename>COM2</devicename> (port 1),
use <command>MAKEDEV ttyd1</command>.</para>
<para><command>MAKEDEV</command> not only creates the
<filename>/dev/ttyd<replaceable>N</replaceable></filename> device
special files, but also the
<filename>/dev/cuaa<replaceable>N</replaceable></filename>,
<filename>/dev/cuaia<replaceable>N</replaceable></filename>,
<filename>/dev/cuala<replaceable>N</replaceable></filename>,
<filename>/dev/ttyld<replaceable>N</replaceable></filename>,
and
<filename>/dev/ttyid<replaceable>N</replaceable></filename>
nodes.</para>
<para>After making new device special files, be sure to check the
permissions on the files (especially the
<filename>/dev/cua*</filename> files) to make sure that only users
who should have access to those device special files can read and
write on them &mdash; you probably do not want to allow your average
user to use your modems to dial-out. The default permissions on the
<filename>/dev/cua*</filename> files should be sufficient:</para>
<screen>crw-rw---- 1 uucp dialer 28, 129 Feb 15 14:38 /dev/cuaa1
crw-rw---- 1 uucp dialer 28, 161 Feb 15 14:38 /dev/cuaia1
crw-rw---- 1 uucp dialer 28, 193 Feb 15 14:38 /dev/cuala1</screen>
<para>These permissions allow the user <username>uucp</username> and
users in the group <username>dialer</username> to use the call-out
devices.</para>
</sect3>
</sect2>
@ -688,11 +632,6 @@ crw-rw---- 1 uucp dialer 28, 193 Feb 15 14:38 /dev/cuala1</screen>
controlled in <filename>/etc/rc.d/serial</filename>. This file
affects the default settings of serial devices.</para>
<note>
<para>On &os;&nbsp;4.X, system-wide initialization of the serial devices
is controlled in <filename>/etc/rc.serial</filename>.</para>
</note>
<para>To prevent certain settings from being changed by an
application, make adjustments to the <quote>lock state</quote>
device. For example, to lock the speed of
@ -704,9 +643,6 @@ crw-rw---- 1 uucp dialer 28, 193 Feb 15 14:38 /dev/cuala1</screen>
<devicename>ttyd5</devicename> and tries to change the speed of
the port will be stuck with 57600&nbsp;bps.</para>
<indexterm>
<primary><command>MAKEDEV</command></primary>
</indexterm>
<para>Naturally, you should make the initial state and lock state devices
writable only by the <username>root</username> account.</para>
</sect2>
@ -2319,13 +2255,6 @@ raisechar=^^</programlisting>
url="&url.books.developers-handbook;/index.html">The
Developer's Handbook</ulink> for more information on
remote debugging.</para>
<note>
<para>In FreeBSD&nbsp;4.0 or later the semantics of the
flag <literal>0x40</literal> are slightly different and
there is another flag to specify a serial port for remote
debugging.</para>
</note>
</listitem>
</varlistentry>
</variablelist>
@ -2735,7 +2664,7 @@ boot:</screen>
<step>
<para>Write the boot blocks to the boot disk with
&man.disklabel.8; and boot from the new kernel.</para>
&man.bsdlabel.8; and boot from the new kernel.</para>
</step>
</procedure>
</sect3>

83
en_US.ISO8859-1/books/handbook/users/chapter.sgml
View file

@ -391,85 +391,6 @@
<filename>/usr/share/skel</filename>, and can optionally mail
the new user a welcome message.</para>
<para>In &os;&nbsp;5.0, &man.adduser.8; was rewritten from a
Perl script to a shell script that acts as wrapper around
&man.pw.8;, so its usage is slightly different on &os;&nbsp;4.X
and &os;&nbsp;5.X.</para>
<para>To create the initial configuration file, use
<command>adduser -s -config_create</command>.
<footnote>
<para>The <option>-s</option> makes &man.adduser.8;
default to
quiet. We use <option>-v</option> later when we want to
change defaults.</para>
</footnote>
Next, we configure &man.adduser.8;
defaults, and create our first user account, since using
<username>root</username> for normal usage is evil and
nasty.</para>
<example>
<title>Configuring <command>adduser</command> and adding a
user on &os;&nbsp;4.X</title>
<screen>&prompt.root; <userinput>adduser -v</userinput>
Use option ``-silent'' if you don't want to see all warnings and questions.
Check /etc/shells
Check /etc/master.passwd
Check /etc/group
Enter your default shell: csh date no sh tcsh zsh [sh]: <userinput>zsh</userinput>
Your default shell is: zsh -&gt; /usr/local/bin/zsh
Enter your default HOME partition: [/home]:
Copy dotfiles from: /usr/share/skel no [/usr/share/skel]:
Send message from file: /etc/adduser.message no
[/etc/adduser.message]: <userinput>no</userinput>
Do not send message
Use passwords (y/n) [y]: <userinput>y</userinput>
Write your changes to /etc/adduser.conf? (y/n) [n]: <userinput>y</userinput>
Ok, let's go.
Don't worry about mistakes. I will give you the chance later to correct any input.
Enter username [a-z0-9_-]: <userinput>jru</userinput>
Enter full name []: <userinput>J. Random User</userinput>
Enter shell csh date no sh tcsh zsh [zsh]:
Enter home directory (full path) [/home/jru]:
Uid [1001]:
Enter login class: default []:
Login group jru [jru]:
Login group is ``jru''. Invite jru into other groups: guest no
[no]: <userinput>wheel</userinput>
Enter password []:
Enter password again []:
Name: jru
Password: ****
Fullname: J. Random User
Uid: 1001
Gid: 1001 (jru)
Class:
Groups: jru wheel
HOME: /home/jru
Shell: /usr/local/bin/zsh
OK? (y/n) [y]: <userinput>y</userinput>
Added user ``jru''
Copy files from /usr/share/skel to /home/jru
Add another user? (y/n) [y]: <userinput>n</userinput>
Goodbye!
&prompt.root;</screen>
</example>
<para>In summary, we changed the default shell to
<application>zsh</application> (an additional shell found in
the Ports Collection), and turned off the sending of a welcome mail to
added users. We then saved the configuration,
created an account for <username>jru</username>, and made
sure <username>jru</username> is in <username>wheel</username>
group (so that she may assume the role of
<username>root</username> with the &man.su.1;
command.)</para>
<note>
<para>The password you type in is not echoed, nor are asterisks
displayed. Make sure that you do not mistype the password.
@ -485,7 +406,7 @@ Goodbye!
</note>
<example>
<title>Adding a user on &os;&nbsp;5.X</title>
<title>Adding a user on &os;</title>
<screen>&prompt.root; <userinput>adduser</userinput>
Username: <userinput>jru</userinput>
@ -619,7 +540,7 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
information.</para>
<note>
<para>In &os;&nbsp;5.X, you will be asked for your password
<para>You will be asked for your password
after exiting the editor if you are not the superuser.</para>
</note>

14
en_US.ISO8859-1/books/handbook/vinum/chapter.sgml
View file

@ -1134,13 +1134,13 @@ sd name bigraid.p0.s4 drive e plex bigraid.p0 state initializing len 4194304b dr
<para>Note that Vinum offsets and sizes are measured in
bytes. They must be divided by 512 in order to obtain the
block numbers that are to be used in the
<command>disklabel</command> command.</para>
<command>bsdlabel</command> command.</para>
</step>
<step>
<para>Run the command:</para>
<screen>&prompt.root; <userinput>disklabel -e <replaceable>devname</replaceable></userinput></screen>
<screen>&prompt.root; <userinput>bsdlabel -e <replaceable>devname</replaceable></userinput></screen>
<para>for each device that participates in the root volume.
<replaceable>devname</replaceable> must be either the name
@ -1177,7 +1177,7 @@ sd name bigraid.p0.s4 drive e plex bigraid.p0 state initializing len 4194304b dr
<para>That way, a new <literal>"a"</literal> partition will
be established that overlaps the Vinum partition on this
device. Note that the <command>disklabel</command> will
device. Note that the <command>bsdlabel</command> will
only allow for this overlap if the Vinum partition has
properly been marked using the <literal>"vinum"</literal>
fstype.</para>
@ -1235,13 +1235,13 @@ Subdisk root.p1.s0:
<para>The values to note are <literal>135680</literal> for the
offset (relative to partition
<filename>/dev/da0h</filename>). This translates to 265
512-byte disk blocks in <command>disklabel</command>'s terms.
512-byte disk blocks in <command>bsdlabel</command>'s terms.
Likewise, the size of this root volume is 245760 512-byte
blocks. <filename>/dev/da1h</filename>, containing the
second replica of this root volume, has a symmetric
setup.</para>
<para>The disklabel for these devices might look like:</para>
<para>The bsdlabel for these devices might look like:</para>
<screen>
...
@ -1345,7 +1345,7 @@ Subdisk root.p1.s0:
accidentally currently leaves only 4 KB at the beginning of
its partition free before starting to write its Vinum header
information. However, the stage one and two bootstraps plus
the disklabel embedded between them currently require 8 KB.
the bsdlabel embedded between them currently require 8 KB.
So if a Vinum partition was started at offset 0 within a
slice or disk that was meant to be bootable, the Vinum setup
will trash the bootstrap.</para>
@ -1353,7 +1353,7 @@ Subdisk root.p1.s0:
<para>Similarly, if the above situation has been recovered,
for example by booting from a <quote>Fixit</quote> medium,
and the bootstrap has been re-installed using
<command>disklabel -B</command> as described in <xref
<command>bsdlabel -B</command> as described in <xref
linkend="boot-boot1">, the bootstrap will trash the Vinum
header, and Vinum will no longer find its disk(s). Though
no actual Vinum configuration data or data in Vinum volumes

34
en_US.ISO8859-1/books/handbook/x11/chapter.sgml
View file

@ -29,7 +29,7 @@
is an open-source implementation of the X Window System that
includes both <application>&xorg;</application> and
<application>&xfree86;</application>. &os; versions up to and
including &os;&nbsp;4.11-RELEASE and &os;&nbsp;5.2.1-RELEASE
including &os;&nbsp;5.2.1-RELEASE
will find the default installation to be
<application>&xfree86;</application>, the X11 server released by
The &xfree86; Project, Inc. As of &os;&nbsp;5.3-RELEASE, the
@ -662,36 +662,8 @@ EndSection</programlisting>
<para>Configuration with &intel; i810 integrated chipsets
requires the <devicename>agpgart</devicename>
AGP programming interface for X11
to drive the card. The &man.agp.4; driver is in the
<filename>GENERIC</filename> kernel since releases
4.8-RELEASE and 5.0-RELEASE. On prior releases, you will
have to add the following line:</para>
<programlisting>device agp</programlisting>
<para>in your kernel configuration file and rebuild a new
kernel. Instead, you may want to load
the <filename>agp.ko</filename> kernel module
automatically with the &man.loader.8; at boot time.
For that, simply add this line to
<filename>/boot/loader.conf</filename>:</para>
<programlisting>agp_load="YES"</programlisting>
<para>Next, if you are running FreeBSD&nbsp;4.X or earlier, a
device node needs to be created for the
programming interface. To create the AGP device node, run
&man.MAKEDEV.8; in the <filename>/dev</filename>
directory:</para>
<screen>&prompt.root; <userinput>cd /dev</userinput>
&prompt.root; <userinput>sh MAKEDEV agpgart</userinput></screen>
<note>
<para>FreeBSD&nbsp;5.X or later will use &man.devfs.5; to allocate
device nodes transparently, therefore the
&man.MAKEDEV.8; step is not required.</para>
</note>
to drive the card. See the &man.agp.4; driver manual page
for more information.</para>
<para>This will allow configuration of the hardware as any other
graphics board. Note on systems without the &man.agp.4;