Added 43 indexterms to users chapter.
Submitted by: Valentino Vaschetto <valentino.vaschetto@windriver.com> Approved by: murray
This commit is contained in:
Chern Lee
parent
7001f29865
commit
80fd6d362f
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=9938
1 changed files with 111 additions and 1 deletions
|
|
@ -1,7 +1,7 @@
|
|||
<!--
|
||||
The FreeBSD Documentation Project
|
||||
|
||||
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/users/chapter.sgml,v 1.11 2001/07/08 22:52:23 dd Exp $
|
||||
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/users/chapter.sgml,v 1.12 2001/07/08 22:53:33 dd Exp $
|
||||
-->
|
||||
|
||||
<chapter id="users">
|
||||
|
|
@ -29,6 +29,10 @@
|
|||
<sect1 id="users-superuser">
|
||||
<title>The Superuser Account</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>superuser (root)</secondary>
|
||||
</indexterm>
|
||||
<para>The superuser account, usually called
|
||||
<username>root</username>, comes preconfigured, and facilitates
|
||||
system administration, and should not be used for day-to-day
|
||||
|
|
@ -61,17 +65,33 @@
|
|||
<sect1 id="users-system">
|
||||
<title>System Accounts</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>system</secondary>
|
||||
</indexterm>
|
||||
<para>System users are those used to run services such as DNS,
|
||||
mail, web servers, and so forth. The reason for this is
|
||||
security; if all services ran as the superuser, they could
|
||||
act without restriction.</para>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary><username>daemon</username></secondary>
|
||||
</indexterm>
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>operator</secondary>
|
||||
</indexterm>
|
||||
<para>Examples of system users are <username>daemon</username>,
|
||||
<username>operator</username>, <username>bind</username> (for
|
||||
the Domain Name Service), and <username>news</username>. Often
|
||||
sysadmins create <username>httpd</username> to run web servers
|
||||
they install.</para>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>nobody</secondary>
|
||||
</indexterm>
|
||||
<para><username>nobody</username> is the generic unprivileged
|
||||
system user, but the more services that use
|
||||
<username>nobody</username>, the more privileged it
|
||||
|
|
@ -81,6 +101,10 @@
|
|||
<sect1 id="users-user">
|
||||
<title>User Accounts</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>user</secondary>
|
||||
</indexterm>
|
||||
<para>User accounts are the primary means of access for real
|
||||
people to the system, and these accounts insulate the user and
|
||||
the environment, preventing the users from damaging the system
|
||||
|
|
@ -100,6 +124,10 @@
|
|||
<sect1 id="users-modifying">
|
||||
<title>Modifying Accounts</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>modifying</secondary>
|
||||
</indexterm>
|
||||
<para><application>pw</application> is a powerful and flexible
|
||||
means to modify accounts, but <application>adduser</application>
|
||||
is recommended for creating new accounts, and
|
||||
|
|
@ -115,6 +143,13 @@
|
|||
<sect2 id="users-adduser">
|
||||
<title>adduser</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>adding</secondary>
|
||||
</indexterm>
|
||||
<indexterm><primary>adduser</primary></indexterm>
|
||||
<indexterm><primary>/usr/share/skel</primary></indexterm>
|
||||
<indexterm><primary>skeleton directory</primary></indexterm>
|
||||
<para><application>adduser</application> is a simple program for
|
||||
adding new users. It creates <filename>passwd</filename> and
|
||||
<filename>group</filename> entries for the user, as well as
|
||||
|
|
@ -208,6 +243,12 @@ Goodbye!
|
|||
<sect2 id="users-rmuser">
|
||||
<title>rmuser</title>
|
||||
|
||||
<indexterm><primary>rmuser</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>removing</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para><application>rmuser</application> removes users from the
|
||||
system, including any traces beyond the user database.</para>
|
||||
|
||||
|
|
@ -283,6 +324,7 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
|
|||
|
||||
<sect2 id="users-pw">
|
||||
<title>pw</title>
|
||||
<indexterm><primary>pw</primary></indexterm>
|
||||
|
||||
<para><application>pw</application> is a command line utility to
|
||||
create, remove, modify, and display users and groups, and functions
|
||||
|
|
@ -300,6 +342,7 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
|
|||
<sect2 id="users-chpass">
|
||||
<title>chpass</title>
|
||||
|
||||
<indexterm><primary>chpass</primary></indexterm>
|
||||
<para><application>chpass</application> changes user database
|
||||
information such as passwords, shells, and personal
|
||||
information.</para>
|
||||
|
|
@ -360,6 +403,11 @@ Other information:</screen>
|
|||
<sect2 id="users-passwd">
|
||||
<title>passwd</title>
|
||||
|
||||
<indexterm><primary>passwd</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>changing password</secondary>
|
||||
</indexterm>
|
||||
<para><application>passwd</application> is the usual way to
|
||||
change your own password as a user, or another user's password
|
||||
as the superuser.</para>
|
||||
|
|
@ -406,6 +454,11 @@ passwd: done</screen>
|
|||
<sect1 id="users-limiting">
|
||||
<title>Limiting Users</title>
|
||||
|
||||
<indexterm><primary>limiting users</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>users</primary>
|
||||
<secondary>limiting (see limiting users)</secondary>
|
||||
</indexterm>
|
||||
<para>If you run a multi-user system, chances are that you do not trust
|
||||
all of your users not to damage your system. FreeBSD provides a
|
||||
number of ways a system administrator can limit the amount of system
|
||||
|
|
@ -413,6 +466,12 @@ passwd: done</screen>
|
|||
divided into two sections: disk quotas, and other resources
|
||||
limits.</para>
|
||||
|
||||
<indexterm><primary>quotas</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>quotas</secondary>
|
||||
</indexterm>
|
||||
<indexterm><primary>disk quotas</primary></indexterm>
|
||||
<para>Disk quotas are a way for the system administrator to tell the
|
||||
filesystem the amount of disk space a user may use; moreover, they
|
||||
provide a way to quickly check on the disk usage of a user without
|
||||
|
|
@ -423,6 +482,7 @@ passwd: done</screen>
|
|||
CPU, memory, and other resources a user may consume. These are
|
||||
defined using login classes and are discussed here.</para>
|
||||
|
||||
<indexterm><primary>/etc/login.conf</primary></indexterm>
|
||||
<para>Login classes are defined in
|
||||
<filename>/etc/login.conf</filename>. The precise semantics are
|
||||
beyond the scope of this section, but are described in detail in the
|
||||
|
|
@ -457,6 +517,11 @@ passwd: done</screen>
|
|||
<term><literal>coredumpsize</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>coredumpsize</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>coredumpsize</secondary>
|
||||
</indexterm>
|
||||
<para>The limit on the size of a core file generated by a program
|
||||
is, for obvious reasons, subordinate to other limits on disk
|
||||
usage (e.g., <literal>filesize</literal>, or disk quotas).
|
||||
|
|
@ -472,6 +537,11 @@ passwd: done</screen>
|
|||
<term><literal>cputime</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>cputime</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>cputime</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum amount of CPU time a user's process may
|
||||
consume. Offending processes will be killed by the kernel.
|
||||
|
||||
|
|
@ -492,6 +562,11 @@ passwd: done</screen>
|
|||
<term><literal>filesize</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>filesize</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>filesize</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum size of a file the user may possess.
|
||||
Unlike <link linkend="quotas">disk quotas</link>, this limit is
|
||||
enforced on individual files, not the set of all files a user
|
||||
|
|
@ -503,6 +578,11 @@ passwd: done</screen>
|
|||
<term><literal>maxproc</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>maxproc</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>maxproc</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum number of processes a user may be
|
||||
running. This includes foreground and background processes
|
||||
alike. For obvious reasons, this may not be larger than the
|
||||
|
|
@ -520,6 +600,11 @@ passwd: done</screen>
|
|||
<term><literal>memorylocked</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>memorylocked</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>memorylocked</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum amount a memory a process may have
|
||||
requested to be locked into main memory (e.g., see
|
||||
&man.mlock.2;). Some system-critical programs, such as
|
||||
|
|
@ -532,6 +617,11 @@ passwd: done</screen>
|
|||
<term><literal>memoryuse</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>memoryuse</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>memoryuse</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum amount of memory a process may consume
|
||||
at any given time. It includes both core memory and swap
|
||||
usage. This is not a catch-all limit for restricting memory
|
||||
|
|
@ -543,6 +633,11 @@ passwd: done</screen>
|
|||
<term><literal>openfiles</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>openfiles</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>openfiles</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum amount of files a process may have
|
||||
open. In FreeBSD, files are also used to represent sockets and
|
||||
IPC channels; thus, be careful not to set this too low. The
|
||||
|
|
@ -555,6 +650,11 @@ passwd: done</screen>
|
|||
<term><literal>sbsize</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>sbsize</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>sbsize</secondary>
|
||||
</indexterm>
|
||||
<para>This is the limit on the amount of network memory, and thus
|
||||
mbufs, a user may consume. This originated as a response to an
|
||||
old DoS attack by creating a lot of sockets, but can be
|
||||
|
|
@ -566,6 +666,11 @@ passwd: done</screen>
|
|||
<term><literal>stacksize</literal></term>
|
||||
|
||||
<listitem>
|
||||
<indexterm><primary>stacksize</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>limiting users</primary>
|
||||
<secondary>stacksize</secondary>
|
||||
</indexterm>
|
||||
<para>This is the maximum size a process' stack may grow to.
|
||||
This alone is not sufficient to limit the amount of memory a
|
||||
program may use; consequently, it should be used in conjunction
|
||||
|
|
@ -630,6 +735,11 @@ passwd: done</screen>
|
|||
<sect1 id="users-groups">
|
||||
<title>Groups</title>
|
||||
|
||||
<indexterm><primary>groups</primary></indexterm>
|
||||
<indexterm>
|
||||
<primary>accounts</primary>
|
||||
<secondary>groups</secondary>
|
||||
</indexterm>
|
||||
<para>A group is simply a list of users. Groups are identified by
|
||||
their group name and gid (group ID). In FreeBSD (and most other Unix
|
||||
systems), the two factors the kernel uses to decide whether a process
|
||||
|
|
|
|||
Loading…
Reference in a new issue