diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.xml b/en_US.ISO8859-1/books/handbook/security/chapter.xml
index 809dbcd3c5..6628f38130 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -3517,46 +3517,11 @@ UWWemqWuz3lAZuORQ9KX
       <primary>Resource limits</primary>
     </indexterm>
 
-    <para>Traditionally, &os; used a resource limits database
-      controlled through a flat file,
-      <filename>/etc/login.conf</filename>.  While this method
-      is still supported, any changes require a multi-step process of
-      editing this file in order to divide users into various group
-      labels known as classes, rebuilding the resource database using
-      <command>cap_mkdb</command>, making necessary changes to
-      <filename>/etc/master.passwd</filename>, and rebuilding the
-      password database using <command>pwd_mkdb</command>.  This
-      could be time consuming, depending upon the number of users to
-      configure.</para>
-
-    <para>Beginning with &os;&nbsp;9.0-RELEASE,
-      <command>rctl</command> can be used to provide a more
-      fine-grained method of controlling resources limits for users.
-      This command supports much more than users as it can be used to
-      set resource constraints on processes, jails, and the original
-      login class.  These advanced features provide administrators and
-      users with methods to control resources through the command line
-      and to set rules on system initialization using a configuration
-      file.</para>
-
-    <para>This section demonstrates both methods for controlling
-      resources.</para>
-
-    <sect2 xml:id="users-limiting">
-      <title>Login Classes</title>
-
-      <indexterm>
-	<primary>limiting users</primary>
-      </indexterm>
-      <indexterm>
-	<primary>accounts</primary>
-	<secondary>limiting</secondary>
-      </indexterm>
-
       <para>&os; provides several methods for an administrator to
 	limit the amount of system resources an individual may use.
-	These limits are discussed in two sections: disk quotas and
-	other resource limits.</para>
+	Disk quotas limit the amount of disk space available to
+	users.  Quotas are discussed in
+	<xref linkend="quotas"/>.</para>
 
       <indexterm>
 	<primary>quotas</primary>
@@ -3569,38 +3534,55 @@ UWWemqWuz3lAZuORQ9KX
 	<primary>disk quotas</primary>
       </indexterm>
 
-      <para>Disk quotas limit the amount of disk space available to
-	users and provide a way to quickly check that usage without
-	calculating it every time.  Quotas are discussed in
-	<xref linkend="quotas"/>.</para>
+    <para>Limits to other resources, such as <acronym>CPU</acronym>
+      and memory, can be set using either a flat
+      file or a command to configure a resource limits database.  The
+      traditional method defines login classes by editing
+      <filename>/etc/login.conf</filename>.  While this method
+      is still supported, any changes require a multi-step process of
+      editing this file, rebuilding the resource database, making necessary changes to
+      <filename>/etc/master.passwd</filename>, and rebuilding the
+      password database.  This
+      can become time consuming, depending upon the number of users to
+      configure.</para>
 
-      <para>The other resource limits include ways to limit the amount
-	of CPU, memory, and other resources a user may consume.  These
-	are defined using login classes and are discussed here.</para>
+    <para>Beginning with &os;&nbsp;9.0-RELEASE,
+      <command>rctl</command> can be used to provide a more
+      fine-grained method for controlling resource limits.
+      This command supports more than user limits as it can also be used to
+      set resource constraints on processes and jails.</para>
 
+    <para>This section demonstrates both methods for controlling
+      resources, beginning with the traditional method.</para>
+
+    <sect2 xml:id="users-limiting">
+      <title>Configuring Login Classes</title>
+
+      <indexterm>
+	<primary>limiting users</primary>
+      </indexterm>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary>limiting</secondary>
+      </indexterm>
       <indexterm>
 	<primary><filename>/etc/login.conf</filename></primary>
       </indexterm>
 
-      <para>Login classes are defined in
-	<filename>/etc/login.conf</filename> and are described in
-	detail in &man.login.conf.5;.  Each user account is assigned
-	to a login class, <literal>default</literal> by default, and
-	each login class has a set of login capabilities associated
+      <para>In the traditional method, login classes and the resource
+	limits to apply to a login class are defined in
+	<filename>/etc/login.conf</filename>.   Each user account can be assigned
+	to a login class, where <literal>default</literal> is the default
+	login class.  Each login class has a set of login capabilities associated
 	with it.  A login capability is a
 	<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
 	pair, where <replaceable>name</replaceable> is a well-known
 	identifier and <replaceable>value</replaceable> is an
 	arbitrary string which is processed accordingly depending on
-	the <replaceable>name</replaceable>.  Setting up login classes
-	and capabilities is rather straightforward and is also
-	described in &man.login.conf.5;.</para>
+	the <replaceable>name</replaceable>.</para>
 
       <note>
-	<para>&os; does not normally read the configuration in
-	  <filename>/etc/login.conf</filename> directly, but instead
-	  reads the <filename>/etc/login.conf.db</filename> database
-	  which provides faster lookups.  Whenever
+	<para>Whenever
 	  <filename>/etc/login.conf</filename> is edited, the
 	  <filename>/etc/login.conf.db</filename> must be updated by
 	  executing the following command:</para>
@@ -3609,207 +3591,159 @@ UWWemqWuz3lAZuORQ9KX
       </note>
 
       <para>Resource limits differ from the default login capabilities
-	in two ways.  First, for every limit, there is a soft
-	(current) and hard limit.  A soft limit may be adjusted by the
+	in two ways.  First, for every limit, there is a <firstterm>soft</firstterm>
+	and <firstterm>hard</firstterm> limit.  A soft limit may be adjusted by the
 	user or application, but may not be set higher than the hard
 	limit.  The hard limit may be lowered by the user, but can
 	only be raised by the superuser.  Second, most resource limits
-	apply per process to a specific user, not to the user as a
-	whole.  These differences are mandated by the specific
-	handling of the limits, not by the implementation of the login
-	capability framework.</para>
+	apply per process to a specific user.</para>
 
-      <para>Below are the most commonly used resource limits.  The
-	rest of the limits, along with all the other login
-	capabilities, can be found in &man.login.conf.5;.</para>
+      <para><xref linkend="resource-limits"/> lists the most commonly
+	used resource limits.  All of the available
+	resource limits and capabilities are described in
+	detail in &man.login.conf.5;.</para>
 
-      <variablelist>
-	<varlistentry>
-	  <term><literal>coredumpsize</literal></term>
-
-	  <listitem>
-	    <para>The limit on the size of a core file
-	      <indexterm>
-		<primary>coredumpsize</primary>
-	      </indexterm>
-	      generated by a program is subordinate to other limits
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>coredumpsize</secondary>
 	      </indexterm>
-	      on disk usage, such as <literal>filesize</literal>, or
-	      disk quotas.  This limit is often used as a less-severe
-	      method of controlling disk space consumption.  Since
-	      users do not generate core files themselves, and often
-	      do not delete them, setting this may save them from
-	      running out of disk space should a large program
-	      crash.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>cputime</literal></term>
-
-	  <listitem>
-	    <para>The maximum amount of CPU
-	      <indexterm>
-		<primary>cputime</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>cputime</secondary>
 	      </indexterm>
-	      time a user's process may consume.  Offending processes
-	      will be killed by the kernel.</para>
-
-	    <note>
-	      <para>This is a limit on CPU <emphasis>time</emphasis>
-		consumed, not percentage of the CPU as displayed in
-		some fields by &man.top.1; and &man.ps.1;.</para>
-	    </note>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>filesize</literal></term>
-
-	  <listitem>
-	    <para>The maximum size of a file
-	      <indexterm>
-		<primary>filesize</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>filesize</secondary>
 	      </indexterm>
-	      the user may own.  Unlike
-	      <link linkend="quotas">disk quotas</link>, this limit is
-	      enforced on individual files, not the set of all files a
-	      user owns.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>maxproc</literal></term>
-
-	  <listitem>
-	    <para>The maximum number of processes
-	      <indexterm>
-		<primary>maxproc</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>maxproc</secondary>
 	      </indexterm>
-	      a user can run.  This includes foreground and background
-	      processes.  This limit may not be larger than the system
-	      limit specified by the <varname>kern.maxproc</varname>
-	      &man.sysctl.8;.  Setting this limit too small may hinder
-	      a user's productivity as it is often useful to be logged
-	      in multiple times or to execute pipelines.  Some tasks,
-	      such as compiling a large program, start lots of
-	      processes.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>memorylocked</literal></term>
-
-	  <listitem>
-	    <para>The maximum amount of memory
-	      <indexterm>
-		<primary>memorylocked</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>memorylocked</secondary>
 	      </indexterm>
-	      a process may request to be locked into main memory
-	      using &man.mlock.2;.  Some system-critical programs,
-	      such as &man.amd.8;, lock into main memory so that if
-	      the system begins to swap, they do not contribute to
-	      disk thrashing.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>memoryuse</literal></term>
-
-	  <listitem>
-	    <para>The maximum amount of memory
-	      <indexterm>
-		<primary>memoryuse</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>memoryuse</secondary>
 	      </indexterm>
-	      a process may consume at any given time.  It includes
-	      both core memory and swap usage.  This is not a
-	      catch-all limit for restricting memory consumption, but
-	      is a good start.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>openfiles</literal></term>
-
-	  <listitem>
-	    <para>The maximum number of files a process may have open
-	      <indexterm>
-		<primary>openfiles</primary>
-	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>openfiles</secondary>
-	      </indexterm>.
-	      In &os;, files are used to represent sockets and IPC
-	      channels, so be careful not to set this too low.  The
-	      system-wide limit for this is defined by the
-	      <varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>sbsize</literal></term>
-
-	  <listitem>
-	    <para>The limit on the amount of network memory, and
-	      thus mbufs
-	      <indexterm>
-		<primary>sbsize</primary>
 	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>sbsize</secondary>
-	      </indexterm>,
-	      a user may consume.  This can be generally used to limit
-	      network communications.</para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><literal>stacksize</literal></term>
-
-	  <listitem>
-	    <para>The maximum size of a process stack
-	      <indexterm>
-		<primary>stacksize</primary>
 	      </indexterm>
 	      <indexterm>
 		<primary>limiting users</primary>
 		<secondary>stacksize</secondary>
-	      </indexterm>.
+	      </indexterm>
+
+      <table xml:id="resource-limits" frame="none" pgwide="1">
+	<title>Login Class Resource Limits</title>
+
+	<tgroup cols="2">
+	  <thead>
+	    <row>
+	      <entry>Resource Limit</entry>
+	      <entry>Description</entry>
+	    </row>
+	  </thead>
+
+	  <tbody>
+	    <row>
+	    <entry>coredumpsize</entry>
+	    <entry>The limit on the size of a core file
+	      generated by a program is subordinate to other limits
+	      on disk usage, such as <literal>filesize</literal> or
+	      disk quotas.  This limit is often used as a less severe
+	      method of controlling disk space consumption.  Since
+	      users do not generate core files and often
+	      do not delete them, this setting may save them from
+	      running out of disk space should a large program
+	      crash.</entry>
+	  </row>
+
+	<row>
+	  <entry>cputime</entry>
+	  <entry>The maximum amount of <acronym>CPU</acronym>
+	      time a user's process may consume.  Offending processes
+	      will be killed by the kernel.  This is a limit on
+	      <acronym>CPU</acronym> <emphasis>time</emphasis>
+		consumed, not the percentage of the <acronym>CPU</acronym> as displayed in
+		some of the fields generated by <command>top</command>
+		and <command>ps</command>.</entry>
+	    </row>
+
+	<row>
+	  <entry>filesize</entry>
+	  <entry>The maximum size of a file
+	      the user may own.  Unlike disk quotas
+	      (<xref linkend="quotas"/>), this limit is
+	      enforced on individual files, not the set of all files a
+	      user owns.</entry>
+	  </row>
+
+	<row>
+	  <entry>maxproc</entry>
+	  <entry>The maximum number of foreground and background processes
+	      a user can run.  This limit may not be larger than the system
+	      limit specified by <varname>kern.maxproc</varname>.
+	      Setting this limit too small may hinder
+	      a user's productivity as some tasks,
+	      such as compiling a large program, start lots of
+	      processes.</entry>
+	  </row>
+
+	<row>
+	  <entry>memorylocked</entry>
+	  <entry>The maximum amount of memory
+	      a process may request to be locked into main memory
+	      using &man.mlock.2;.  Some system-critical programs,
+	      such as &man.amd.8;, lock into main memory so that if
+	      the system begins to swap, they do not contribute to
+	      disk thrashing.</entry>
+	  </row>
+
+	<row>
+	  <entry>memoryuse</entry>
+	  <entry>The maximum amount of memory
+	      a process may consume at any given time.  It includes
+	      both core memory and swap usage.  This is not a
+	      catch-all limit for restricting memory consumption, but
+	      is a good start.</entry>
+	  </row>
+
+	<row>
+	  <entry>openfiles</entry>
+	  <entry>The maximum number of files a process may have open.
+	      In &os;, files are used to represent sockets and <acronym>IPC</acronym>
+	      channels, so be careful not to set this too low.  The
+	      system-wide limit for this is defined by
+	      <varname>kern.maxfiles</varname>.</entry>
+	  </row>
+
+	<row>
+	  <entry>sbsize</entry>
+	  <entry>The limit on the amount of network memory
+	      a user may consume.  This can be generally used to limit
+	      network communications.</entry>
+	  </row>
+
+	<row>
+	  <entry>stacksize</entry>
+	  <entry>The maximum size of a process stack.
 	      This alone is not sufficient to limit the amount of
-	      memory a program may use so it should be used in
-	      conjunction with other limits.</para>
-	  </listitem>
-	</varlistentry>
-      </variablelist>
+	      memory a program may use, so it should be used in
+	      conjunction with other limits.</entry>
+	  </row>
+	</tbody>
+      </tgroup>
+      </table>
 
       <para>There are a few other things to remember when setting
-	resource limits.  Following are some general tips,
-	suggestions, and miscellaneous comments.</para>
+	resource limits:</para>
 
       <itemizedlist>
 	<listitem>
@@ -3819,8 +3753,8 @@ UWWemqWuz3lAZuORQ9KX
 	</listitem>
 
 	<listitem>
-	  <para>Although the <filename>/etc/login.conf</filename> that
-	    comes with the system is a good source of reasonable
+	  <para>Although the default <filename>/etc/login.conf</filename>
+	    is a good source of reasonable
 	    values for most limits, they may not be appropriate for
 	    every system.  Setting a limit too high may open the
 	    system up to abuse, while setting it too low may put a
@@ -3828,18 +3762,16 @@ UWWemqWuz3lAZuORQ9KX
 	</listitem>
 
 	<listitem>
-	  <para>Users of <application>&xorg;</application> should
-	    probably be granted more resources than other users.
-	    <application>&xorg;</application> by itself takes a lot of
-	    resources, but it also encourages users to run more
+	  <para><application>&xorg;</application> takes a lot of
+	    resources and encourages users to run more
 	    programs simultaneously.</para>
 	</listitem>
 
 	<listitem>
 	  <para>Many limits apply to individual processes, not the
 	    user as a whole.  For example, setting
-	    <varname>openfiles</varname> to 50 means that each process
-	    the user runs may open up to 50 files.  The total amount
+	    <varname>openfiles</varname> to <literal>50</literal> means that each process
+	    the user runs may open up to <literal>50</literal> files.  The total amount
 	    of files a user may open is the value of
 	    <literal>openfiles</literal> multiplied by the value of
 	    <literal>maxproc</literal>.  This also applies to memory