diff --git a/en_US.ISO8859-1/books/handbook/users/chapter.xml b/en_US.ISO8859-1/books/handbook/users/chapter.xml
index 0af8e71b7e..27b0865c5b 100644
--- a/en_US.ISO8859-1/books/handbook/users/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/users/chapter.xml
@@ -22,39 +22,32 @@
Synopsis
- FreeBSD allows multiple users to use the computer at the
- same time. Obviously, only one of those users can be sitting in
- front of the screen and keyboard at any one time
- Well, unless you hook up multiple terminals, but
- we will save that for .
- , but any number of users can log in through the
- network to get their work done. To use the system every user
- must have an account.
+ &os; allows multiple users to use the computer at the same
+ time. While only one user can sit in front of the screen and
+ use the keyboard at any one time, any number of users can log
+ in to the system through the network. To use the system, every
+ user must have a user account.After reading this chapter, you will know:The differences between the various user accounts on a
- FreeBSD system.
+ &os; system.
- How to add user accounts.
-
-
-
- How to remove user accounts.
+ How to add and remove user accounts.How to change account details, such as the user's full
- name, or preferred shell.
+ name or preferred shell.
- How to set limits on a per-account basis, to control the
- resources such as memory and CPU time that accounts and
+ How to set limits on a per-account basis to control the
+ resources, such as memory and CPU time, that accounts and
groups of accounts are allowed to access.
@@ -68,8 +61,8 @@
- Understand the basics of &unix; and FreeBSD ().
+ Understand the basics of &unix;
+ and &os;.
@@ -77,11 +70,11 @@
Introduction
- All access to the system is achieved via accounts, and all
- processes are run by users, so user and account management are
- of integral importance on FreeBSD systems.
+ Since all access to the &os; system is achieved via accounts
+ and all processes are run by users, user and account management
+ is important.
- Every account on a FreeBSD system has certain information
+ Every account on a &os; system has certain information
associated with it to identify the account.
@@ -89,13 +82,13 @@
User name
- The user name as it would be typed at the
- login: prompt. User names must be unique
- across the computer; you may not have two users with the
- same user name. There are a number of rules for creating
- valid user names, documented in &man.passwd.5;; you would
- typically use user names that consist of eight or fewer
- all lower case characters.
+ The user name is typed at the login:
+ prompt. User names must be unique on the system as no two
+ users can have the same user name. There are a number of
+ rules for creating valid user names, documented in
+ &man.passwd.5;. Typically user names consist of eight or
+ fewer all lower case characters in order to maintain
+ backwards compatibility with applications.
@@ -103,47 +96,48 @@
Password
- Each account has a password associated with it. The
- password may be blank, in which case no password will be
- required to access the system. This is normally a very
- bad idea; every account should have a password.
+ Each account has an associated password. While the
+ password can be blank, this is highly discouraged and
+ every account should have a password.
- User ID (UID)
+ User ID (UID)
- The UID is a number, traditionally from 0 to
- 65535
- It is possible to use UID/GIDs as large as
- 4294967295, but such IDs can cause serious problems
- with software that makes assumptions about the values
- of IDs.
+ The User ID (UID) is a number,
+ traditionally from 0 to 65535
+ It is possible to use
+ UIDs/GIDs as
+ large as 4294967295, but such IDs can cause serious
+ problems with software that makes assumptions about
+ the values of IDs., used to uniquely identify the user to the
- system. Internally, FreeBSD uses the UID to
- identify users—any FreeBSD commands that allow
- you to specify a user name will convert it to the UID
- before working with it. This means that you can have
- several accounts with different user names but the
- same UID. As far as FreeBSD is concerned these
- accounts are one user. It is unlikely you will ever
- need to do this.
+ system. Internally, &os; uses the
+ UID to identify users. Commands that
+ allow a user name to be specified will first convert it to
+ the UID. Though unlikely, it is
+ possible for several accounts with different user names to
+ share the same UID. As far as &os; is
+ concerned, these accounts are one user.
- Group ID (GID)
+ Group ID (GID)
- The GID is a number, traditionally from 0 to
- 65535, used to
- uniquely identify the primary group that the user belongs
- to. Groups are a mechanism for controlling access to
- resources based on a user's GID rather than their UID.
- This can significantly reduce the size of some
- configuration files. A user may also be in more than one
- group.
+ The Group ID (GID) is a number,
+ traditionally from 0 to 65535, used to uniquely identify
+ the primary group that the user belongs to. Groups are a
+ mechanism for controlling access to resources based on a
+ user's GID rather than their
+ UID. This can significantly reduce the
+ size of some configuration files. A user may also be a
+ member of more than one group.
@@ -161,10 +155,10 @@
Password change time
- By default FreeBSD does not force users to change
- their passwords periodically. You can enforce this on a
- per-user basis, forcing some or all of your users to
- change their passwords after a certain amount of time has
+ By default &os; does not force users to change their
+ passwords periodically. This can be enforced on a
+ per-user basis, forcing some or all users to change their
+ passwords after a certain amount of time has
elapsed.
@@ -173,11 +167,10 @@
Account expiry time
- By default FreeBSD does not expire accounts. If you
- are creating accounts that you know have a limited
- lifespan, for example, in a school where you have accounts
- for the students, then you can specify when the account
- expires. After the expiry time has elapsed the account
+ By default &os; does not expire accounts. When
+ creating accounts that need a limited lifespan, such as
+ student accounts in a school, specify the account expiry
+ date. After the expiry time has elapsed, the account
cannot be used to log in to the system, although the
account's directories and files will remain.
@@ -187,9 +180,9 @@
User's full name
- The user name uniquely identifies the account to
- FreeBSD, but does not necessarily reflect the user's real
- name. This information can be associated with the
+ The user name uniquely identifies the account to &os;,
+ but does not necessarily reflect the user's real name.
+ This information can be associated with the
account.
@@ -199,15 +192,14 @@
The home directory is the full path to a directory on
- the system in which the user will start when logging on to
- the system. A common convention is to put all user home
- directories under
- /home/username
- or
- /usr/home/username.
- The user would store their personal files in their home
- directory, and any directories they may create in
- there.
+ the system. This is the user's starting directory when
+ the user logs in. A common convention is to put all user
+ home directories under /home/username
+ or /usr/home/username.
+ Each user stores their personal files and subdirectories
+ in their own home directory.
@@ -225,105 +217,105 @@
There are three main types of accounts: the Superuser, system users, and user accounts. The Superuser
+ linkend="users-superuser">superuser, system accounts, and user accounts. The superuser
account, usually called root, is used to
manage the system with no limitations on privileges. System
- users run services. Finally, user accounts are used by real
- people, who log on, read mail, and so forth.
-
+ accounts are used to run services. User accounts are
+ assigned to real people and are used to log in and use the
+ system.
-
- The Superuser Account
+
+ The Superuser Account
-
- accounts
- superuser (root)
-
- The superuser account, usually called
- root, comes preconfigured to facilitate
- system administration, and should not be used for day-to-day
- tasks like sending and receiving mail, general exploration of
- the system, or programming.
+
+ accounts
+ superuser (root)
+
+ The superuser account, usually called
+ root, is used to perform system
+ administration tasks and should not be used for day-to-day
+ tasks like sending and receiving mail, general exploration of
+ the system, or programming.
- This is because the superuser, unlike normal user accounts,
- can operate without limits, and misuse of the superuser account
- may result in spectacular disasters. User accounts are unable
- to destroy the system by mistake, so it is generally best to use
- normal user accounts whenever possible, unless you especially
- need the extra privilege.
+ This is because the superuser, unlike normal user
+ accounts, can operate without limits, and misuse of the
+ superuser account may result in spectacular disasters. User
+ accounts are unable to destroy the system by mistake, so it is
+ generally best to use normal user accounts whenever possible,
+ unless extra privilege is required.
- You should always double and triple-check commands you issue
- as the superuser, since an extra space or missing character can
- mean irreparable data loss.
+ Always double and triple-check any commands issued as the
+ superuser, since an extra space or missing character can mean
+ irreparable data loss.
- So, the first thing you should do after reading this
- chapter is to create an unprivileged user account for yourself
- for general usage if you have not already. This applies equally
- whether you are running a multi-user or single-user machine.
- Later in this chapter, we discuss how to create additional
- accounts, and how to change between the normal user and
- superuser.
-
+ Always create a user account for the system administrator
+ and use this account to log in to the system for general
+ usage. This applies equally to multi-user or single-user
+ systems. Later sections will discuss how to create additional
+ accounts and how to change between the normal user and
+ superuser.
+
-
- System Accounts
+
+ System Accounts
-
- accounts
- system
-
- System users are those used to run services such as DNS,
- mail, web servers, and so forth. The reason for this is
- security; if all services ran as the superuser, they could
- act without restriction.
+
+ accounts
+ system
+
+ System accounts are used to run services such as DNS,
+ mail, and web servers. The reason for this is security; if
+ all services ran as the superuser, they could act without
+ restriction.
-
- accounts
- daemon
-
-
- accounts
- operator
-
- Examples of system users are daemon,
- operator, bind (for
- the Domain Name Service), news, and
- www.
+
+ accounts
+ daemon
+
+
+ accounts
+ operator
+
+ Examples of system accounts are
+ daemon, operator,
+ bind, news, and
+ www.
-
- accounts
- nobody
-
- nobody is the generic unprivileged
- system user. However, it is important to keep in mind that the
- more services that use nobody, the more
- files and processes that user will become associated with, and
- hence the more privileged that user becomes.
-
+
+ accounts
+ nobody
+
+ nobody is the generic unprivileged
+ system account. However, the more services that use
+ nobody, the more files and processes that
+ user will become associated with, and hence the more
+ privileged that user becomes.
+
-
- User Accounts
+
+ User Accounts
-
- accounts
- user
-
- User accounts are the primary means of access for real
- people to the system, and these accounts insulate the user and
- the environment, preventing the users from damaging the system
- or other users, and allowing users to customize their
- environment without affecting others.
+
+ accounts
+ user
+
+ User accounts are the primary means of access for real
+ people to the system. User accounts insulate the user and
+ the environment, preventing users from damaging the system
+ or other users, and allowing users to customize their
+ environment without affecting others.
- Every person accessing your system should have a unique user
- account. This allows you to find out who is doing what, prevent
- people from clobbering each others' settings or reading each
- others' mail, and so forth.
+ Every person accessing the system should have a unique
+ user account. This allows the administrator to find out who
+ is doing what, prevents users from clobbering each others'
+ settings or reading each others' mail, and so forth.
- Each user can set up their own environment to accommodate
- their use of the system, by using alternate shells, editors, key
- bindings, and language.
+ Each user can set up their own environment to accommodate
+ their use of the system, by using alternate shells, editors,
+ key bindings, and language.
+
@@ -334,10 +326,9 @@
modifying
- There are a variety of different commands available in the
- &unix; environment to manipulate user accounts. The most common
- commands are summarized below, followed by more detailed
- examples of their usage.
+ &os; provides a variety of different commands to manage
+ user accounts. The most common commands are summarized below,
+ followed by more detailed examples of their usage.
@@ -365,7 +356,7 @@
&man.chpass.1;
- A flexible tool to change user database
+ A flexible tool for changing user database
information.
@@ -377,8 +368,8 @@
&man.pw.8;
- A powerful and flexible tool to modify all aspects
- of user accounts.
+ A powerful and flexible tool for modifying all
+ aspects of user accounts.
@@ -399,14 +390,14 @@
class="directory">/usr/share/skel
skeleton directory
- &man.adduser.8; is a simple program for
- adding new users. It creates entries in the system
- passwd and group
- files. It will also create a home directory for the new user,
- copy in the default configuration files
- (dotfiles) from
- /usr/share/skel, and can optionally mail
- the new user a welcome message.
+ &man.adduser.8; is a simple program for adding new users
+ When a new user is added, this program automatically updates
+ /etc/passwd and
+ /etc/group. It also creates a home
+ directory for the new user, copies in the default
+ configuration files from /usr/share/skel, and can
+ optionally mail the new user a welcome message.Adding a User on &os;
@@ -444,9 +435,9 @@ Goodbye!
- The password you type in is not echoed, nor are
- asterisks displayed. Make sure that you do not mistype the
- password.
+ Since the password is not echoed when typed, be careful
+ to not mistype the password when creating the user
+ account.
@@ -459,14 +450,14 @@ Goodbye!
removing
- You can use &man.rmuser.8; to completely remove a user
- from the system. &man.rmuser.8; performs the following
+ To completely remove a user from the system use
+ &man.rmuser.8;. This command performs the following
steps:
- Removes the user's &man.crontab.1; entry (if
- any).
+ Removes the user's &man.crontab.1; entry if one
+ exists.
@@ -484,19 +475,20 @@ Goodbye!
- Removes the user's home directory (if it is owned by
- the user).
+ Removes the user's home directory, if it is owned by
+ the user.Removes the incoming mail files belonging to the user
- from /var/mail.
+ from /var/mail.Removes all files owned by the user from temporary
- file storage areas such as
- /tmp.
+ file storage areas such as /tmp.
@@ -505,7 +497,7 @@ Goodbye!
If a group becomes empty and the group name is the
- same as the username, the group is removed; this
+ same as the username, the group is removed. This
complements the per-user unique groups created by
&man.adduser.8;.
@@ -513,11 +505,11 @@ Goodbye!
&man.rmuser.8; cannot be used to remove superuser
- accounts, since that is almost always an indication of massive
+ accounts since that is almost always an indication of massive
destruction.
- By default, an interactive mode is used, which attempts to
- make sure you know what you are doing.
+ By default, an interactive mode is used, as shown
+ in the following example.<command>rmuser</command> Interactive Account
@@ -542,24 +534,21 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
<title><command>chpass</command>chpass
- &man.chpass.1; changes user database
+ &man.chpass.1; can be used to change user database
information such as passwords, shells, and personal
information.
- Only system administrators, as the superuser, may change
- other users' information and passwords with
- &man.chpass.1;.
+ Only the superuser can change other users' information and
+ passwords with &man.chpass.1;.When passed no options, aside from an optional username,
- &man.chpass.1; displays an editor
- containing user information. When the user exists from the
- editor, the user database is updated with the new
- information.
+ &man.chpass.1; displays an editor containing user information.
+ When the user exists from the editor, the user database is
+ updated with the new information.
- You will be asked for your password
- after exiting the editor if you are not the
- superuser.
+ You will be asked for your password after exiting the
+ editor if you are not the superuser.
@@ -583,8 +572,8 @@ Home Phone:
Other information:
- The normal user can change only a small subset of this
- information, and only for themselves.
+ A user can change only a small subset of this
+ information, and only for their own user account.Interactive <command>chpass</command> by Normal
@@ -600,15 +589,12 @@ Other information:</screen>
</example>
<note>
- <para>&man.chfn.1; and &man.chsh.1; are
- just links to &man.chpass.1;, as
- are &man.ypchpass.1;,
- &man.ypchfn.1;, and
- &man.ypchsh.1;. NIS support is automatic, so
- specifying the <literal>yp</literal> before the command is
- not necessary. If this is confusing to you, do not worry,
- NIS will be covered in <xref
- linkend="network-servers"/>.</para>
+ <para>&man.chfn.1; and &man.chsh.1; are links to
+ &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and
+ &man.ypchsh.1;. <acronym>NIS</acronym> support is
+ automatic, so specifying the <literal>yp</literal> before
+ the command is not necessary. How to configure NIS is
+ covered in <link linkend="network-servers"></link>.</para>
</note>
</sect2>
<sect2 id="users-passwd">
@@ -619,14 +605,15 @@ Other information:</screen>
<primary>accounts</primary>
<secondary>changing password</secondary>
</indexterm>
- <para>&man.passwd.1; is the usual way to
- change your own password as a user, or another user's password
- as the superuser.</para>
+ <para>&man.passwd.1; is the usual way to change your own
+ password as a user, or another user's password as the
+ superuser.</para>
<note>
- <para>To prevent accidental or unauthorized changes, the
- original password must be entered before a new password can
- be set.</para>
+ <para>To prevent accidental or unauthorized changes, the user
+ must enter their original password before a new password can
+ be set. This is not the case when the superuser changes a
+ user's password.</para>
</note>
<example>
@@ -654,10 +641,8 @@ passwd: done</screen>
</example>
<note>
- <para>As with &man.chpass.1;,
- &man.yppasswd.1; is just a link to
- &man.passwd.1;, so NIS works with either
- command.</para>
+ <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to
+ &man.passwd.1;, so NIS works with either command.</para>
</note>
</sect2>
@@ -669,11 +654,11 @@ passwd: done</screen>
<para>&man.pw.8; is a command line utility to create, remove,
modify, and display users and groups. It functions as a front
- end to the system user and group files. &man.pw.8;
- has a very powerful set of command line options that make it
- suitable for use in shell scripts, but new users may find it
- more complicated than the other commands presented
- here.</para>
+ end to the system user and group files. &man.pw.8; has a very
+ powerful set of command line options that make it suitable for
+ use in shell scripts, but new users may find it more
+ complicated than the other commands presented in this
+ section.</para>
</sect2>
@@ -687,12 +672,10 @@ passwd: done</screen>
<primary>accounts</primary>
<secondary>limiting</secondary>
</indexterm>
- <para>If you have users, the ability to limit their system use may
- have come to mind. FreeBSD provides
- several ways an administrator can limit the amount of system
- resources an individual may use. These limits are
- divided into two sections: disk quotas, and other resource
- limits.</para>
+ <para>&os; provides several methods for an administrator to limit
+ the amount of system resources an individual may use. These
+ limits are discussed in two sections: disk quotas and other
+ resource limits.</para>
<indexterm><primary>quotas</primary></indexterm>
<indexterm>
@@ -700,11 +683,9 @@ passwd: done</screen>
<secondary>quotas</secondary>
</indexterm>
<indexterm><primary>disk quotas</primary></indexterm>
- <para>Disk quotas limit disk usage to users, and
- they
- provide a way to quickly check that usage without
- calculating it every time. Quotas are discussed in <xref
- linkend="quotas"/>.</para>
+ <para>Disk quotas limit disk usage to users and provide a way to
+ quickly check that usage without calculating it every time.
+ Quotas are discussed in <link linkend="quotas"></link>.</para>
<para>The other resource limits include ways to limit the amount
of CPU, memory, and other resources a user may consume. These
@@ -714,47 +695,45 @@ passwd: done</screen>
<primary><filename>/etc/login.conf</filename></primary>
</indexterm>
<para>Login classes are defined in
- <filename>/etc/login.conf</filename>. The precise semantics are
- beyond the scope of this section, but are described in detail in
- the &man.login.conf.5; manual page. It is sufficient to say
- that each user is assigned to a login class
- (<literal>default</literal> by default), and that each login
+ <filename>/etc/login.conf</filename> and are described in detail
+ in &man.login.conf.5;. Each user account is assigned to a login
+ class, <literal>default</literal> by default, and each login
class has a set of login capabilities associated with it. A
login capability is a
<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
pair, where <replaceable>name</replaceable> is a well-known
identifier and <replaceable>value</replaceable> is an arbitrary
- string processed accordingly depending on the name. Setting up
- login classes and capabilities is rather straight-forward and is
- also described in &man.login.conf.5;.</para>
+ string which is processed accordingly depending on the
+ <replaceable>name</replaceable>. Setting up login classes and
+ capabilities is rather straight-forward and is also described in
+ &man.login.conf.5;.</para>
<note>
- <para>The system does not normally read the configuration in
- <filename>/etc/login.conf</filename> directly, but reads the
- database file <filename>/etc/login.conf.db</filename> which
- provides faster lookups. To generate
- <filename>/etc/login.conf.db</filename> from
- <filename>/etc/login.conf</filename>, execute the following
- command:</para>
+ <para>&os; does not normally read the configuration in
+ <filename>/etc/login.conf</filename> directly, but instead
+ reads the <filename>/etc/login.conf.db</filename> database
+ which provides faster lookups. Whenever
+ <filename>/etc/login.conf</filename> is edited, the
+ <filename>/etc/login.conf.db</filename> must be updated by
+ executing the following command:</para>
<screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
</note>
- <para>Resource limits are different from plain vanilla login
- capabilities in two ways. First, for every limit, there is a
- soft (current) and hard limit. A soft limit may be adjusted by
- the user or application, but may be no higher than the hard
- limit. The latter may be lowered by the user, but never raised.
- Second, most resource limits apply per process to a specific
- user, not the user as a whole. Note, however, that these
+ <para>Resource limits differ from the default login capabilities
+ in two ways. First, for every limit, there is a soft (current)
+ and hard limit. A soft limit may be adjusted by the user or
+ application, but may not be set higher than the hard limit. The
+ hard limit may be lowered by the user, but can only be raised
+ by the superuser. Second, most resource limits apply per
+ process to a specific user, not to the user as a whole. These
differences are mandated by the specific handling of the limits,
- not by the implementation of the login capability framework
- (i.e., they are not <emphasis>really</emphasis> a special case
- of login capabilities).</para>
+ not by the implementation of the login capability
+ framework.</para>
- <para>And so, without further ado, below are the most commonly
- used resource limits (the rest, along with all the other login
- capabilities, may be found in &man.login.conf.5;).</para>
+ <para>Below are the most commonly used resource limits. The rest
+ of the limits, along with all the other login capabilities, can
+ be found in &man.login.conf.5;.</para>
<variablelist>
<varlistentry>
@@ -766,14 +745,13 @@ passwd: done</screen>
<secondary>coredumpsize</secondary>
</indexterm>
<para>The limit on the size of a core file generated by a
- program is, for obvious reasons, subordinate to other
- limits on disk usage (e.g., <literal>filesize</literal>,
- or disk quotas). Nevertheless, it is often used as a
- less-severe method of controlling disk space consumption:
- since users do not generate core files themselves, and
- often do not delete them, setting this may save them from
- running out of disk space should a large program (e.g.,
- <application>emacs</application>) crash.</para>
+ program is subordinate to other limits on disk usage, such
+ as <literal>filesize</literal>, or disk quotas.
+ This limit is often used as a less-severe method of
+ controlling disk space consumption. Since users do not
+ generate core files themselves, and often do not delete
+ them, setting this may save them from running out of disk
+ space should a large program crash.</para>
</listitem>
</varlistentry>
@@ -786,18 +764,14 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>cputime</secondary>
</indexterm>
- <para>This is the maximum amount of CPU time a user's
- process may consume. Offending processes will be killed
- by the kernel.</para>
+ <para>The maximum amount of CPU time a user's process may
+ consume. Offending processes will be killed by the
+ kernel.</para>
<note>
<para>This is a limit on CPU <emphasis>time</emphasis>
consumed, not percentage of the CPU as displayed in
- some fields by &man.top.1; and &man.ps.1;. A limit on
- the latter is, at the time of this writing, not
- possible, and would be rather useless: a
- compiler—probably a legitimate task—can
- easily use almost 100% of a CPU for some time.</para>
+ some fields by &man.top.1; and &man.ps.1;.</para>
</note>
</listitem>
</varlistentry>
@@ -811,10 +785,10 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>filesize</secondary>
</indexterm>
- <para>This is the maximum size of a file the user may
- possess. Unlike <link linkend="quotas">disk
- quotas</link>, this limit is enforced on individual
- files, not the set of all files a user owns.</para>
+ <para>The maximum size of a file the user may own. Unlike
+ <link linkend="quotas">disk quotas</link>, this limit is
+ enforced on individual files, not the set of all files a
+ user owns.</para>
</listitem>
</varlistentry>
@@ -827,17 +801,15 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>maxproc</secondary>
</indexterm>
- <para>This is the maximum number of processes a user may be
- running. This includes foreground and background
- processes alike. For obvious reasons, this may not be
- larger than the system limit specified by the
- <varname>kern.maxproc</varname> &man.sysctl.8;. Also note
- that setting this too small may hinder a user's
- productivity: it is often useful to be logged in multiple
- times or execute pipelines. Some tasks, such as
- compiling a large program, also spawn multiple processes
- (e.g., &man.make.1;, &man.cc.1;, and other intermediate
- preprocessors).</para>
+ <para>The maximum number of processes a user can run. This
+ includes foreground and background processes. This limit
+ may not be larger than the system limit specified by the
+ <varname>kern.maxproc</varname> &man.sysctl.8;. Setting
+ this limit too small may hinder a user's productivity as
+ it is often useful to be logged in multiple times or to
+ execute pipelines. Some tasks, such as compiling a large
+ program, spawn multiple processes and other intermediate
+ preprocessors.</para>
</listitem>
</varlistentry>
@@ -850,12 +822,11 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>memorylocked</secondary>
</indexterm>
- <para>This is the maximum amount a memory a process may have
- requested to be locked into main memory (e.g., see
- &man.mlock.2;). Some system-critical programs, such as
- &man.amd.8;, lock into main memory such that in the event
- of being swapped out, they do not contribute to
- a system's thrashing in time of trouble.</para>
+ <para>The maximum amount of memory a process may request
+ to be locked into main memory using &man.mlock.2;. Some
+ system-critical programs, such as &man.amd.8;, lock into
+ main memory so that in the event of being swapped out,
+ they do not contribute to disk thrashing.</para>
</listitem>
</varlistentry>
@@ -865,12 +836,11 @@ passwd: done</screen>
<listitem>
<indexterm><primary>memoryuse</primary></indexterm>
<indexterm><primary>limiting users</primary>
- <secondary>memoryuse</secondary>
- </indexterm>
- <para>This is the maximum amount of memory a process may
- consume at any given time. It includes both core memory and
- swap usage. This is not a catch-all limit for restricting
- memory consumption, but it is a good start.</para>
+ <secondary>memoryuse</secondary></indexterm>
+ <para>The maximum amount of memory a process may consume at
+ any given time. It includes both core memory and swap
+ usage. This is not a catch-all limit for restricting
+ memory consumption, but is a good start.</para>
</listitem>
</varlistentry>
@@ -882,10 +852,10 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>openfiles</secondary>
</indexterm>
- <para>This is the maximum amount of files a process may have
- open. In FreeBSD, files are also used to represent
- sockets and IPC channels; thus, be careful not to set this
- too low. The system-wide limit for this is defined by the
+ <para>The maximum amount of files a process may have open.
+ In &os;, files are used to represent sockets and IPC
+ channels, so be careful not to set this too low. The
+ system-wide limit for this is defined by the
<varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
</listitem>
</varlistentry>
@@ -898,10 +868,8 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>sbsize</secondary>
</indexterm>
- <para>This is the limit on the amount of network memory, and
- thus mbufs, a user may consume. This originated as a
- response to an old DoS attack by creating a lot of
- sockets, but can be generally used to limit network
+ <para>The limit on the amount of network memory, and
+ thus mbufs, a user may consume in order to limit network
communications.</para>
</listitem>
</varlistentry>
@@ -914,10 +882,10 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>stacksize</secondary>
</indexterm>
- <para>This is the maximum size a process' stack may grow to.
- This alone is not sufficient to limit the amount of memory
- a program may use; consequently, it should be used in
- conjunction with other limits.</para>
+ <para>The maximum size of a process stack. This alone is
+ not sufficient to limit the amount of memory a program
+ may use so it should be used in conjunction with other
+ limits.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -936,25 +904,26 @@ passwd: done</screen>
<listitem>
<para>Although the <filename>/etc/login.conf</filename> that
comes with the system is a good source of reasonable values
- for most limits, only you, the administrator, can know what
- is appropriate for your system. Setting a limit too high
- may open your system up to abuse, while setting it too low
- may put a strain on productivity.</para>
+ for most limits, they may not be appropriate for every
+ system. Setting a limit too high may open the system up to
+ abuse, while setting it too low may put a strain on
+ productivity.</para>
</listitem>
<listitem>
- <para>Users of the X Window System (X11) should probably be
- granted more resources than other users. X11 by itself
- takes a lot of resources, but it also encourages users to
- run more programs simultaneously.</para>
+ <para>Users of <application>&xorg;</application> should
+ probably be granted more resources than other users.
+ <application>&xorg;</application> by itself takes a lot of
+ resources, but it also encourages users to run more programs
+ simultaneously.</para>
</listitem>
<listitem>
- <para>Remember that many limits apply to individual processes,
- not the user as a whole. For example, setting
+ <para>Many limits apply to individual processes, not the user
+ as a whole. For example, setting
<varname>openfiles</varname> to 50 means that each process
- the user runs may open up to 50 files. Thus, the gross
- amount of files a user may open is the value of
+ the user runs may open up to 50 files. The total amount
+ of files a user may open is the value of
<literal>openfiles</literal> multiplied by the value of
<literal>maxproc</literal>. This also applies to memory
consumption.</para>
@@ -962,9 +931,8 @@ passwd: done</screen>
</itemizedlist>
<para>For further information on resource limits and login classes
- and capabilities in general, please consult the relevant manual
- pages: &man.cap.mkdb.1;, &man.getrlimit.2;,
- &man.login.conf.5;.</para>
+ and capabilities in general, refer to &man.cap.mkdb.1;,
+ &man.getrlimit.2;, and &man.login.conf.5;.</para>
</sect1>
<sect1 id="users-groups">
@@ -978,29 +946,27 @@ passwd: done</screen>
<primary>accounts</primary>
<secondary>groups</secondary>
</indexterm>
- <para>A group is simply a list of users. Groups are identified by
- their group name and GID (Group ID). In FreeBSD (and most other
- &unix; like systems), the two factors the kernel uses to decide
- whether a process is allowed to do something is its user ID and
- list of groups it belongs to. Unlike a user ID, a process has a
- list of groups associated with it. You may hear some things
- refer to the <quote>group ID</quote> of a user or process; most
- of the time, this just means the first group in the list.</para>
+ <para>A group is a list of users. A group is identified by its
+ group name and <acronym>GID</acronym>. In &os;, the
+ kernel uses the <acronym>UID</acronym> of a process, and the
+ list of groups it belongs to, to determine what the process is
+ allowed to do. Most of the time, the <acronym>GID</acronym> of
+ a user or process usually means the first group in the
+ list.</para>
- <para>The group name to group ID map is in
- <filename>/etc/group</filename>. This is a plain text file with
- four colon-delimited fields. The first field is the group name,
- the second is the encrypted password, the third the group ID,
- and the fourth the comma-delimited list of members. It can
- safely be edited by hand (assuming, of course, that you do not
- make any syntax errors!). For a more complete description of
- the syntax, see the &man.group.5; manual page.</para>
+ <para>The group name to <acronym>GID</acronym> mapping is listed
+ in <filename>/etc/group</filename>. This is a plain text file
+ with four colon-delimited fields. The first field is the group
+ name, the second is the encrypted password, the third the
+ <acronym>GID</acronym>, and the fourth the comma-delimited list
+ of members. For a more complete description of the syntax,
+ refer to &man.group.5;.</para>
- <para>If you do not want to edit <filename>/etc/group</filename>
- manually, you can use the &man.pw.8; command to add and edit
- groups. For example, to add a group called
- <groupname>teamtwo</groupname> and then confirm that it exists
- you can use:</para>
+ <para>The superuser can modify <filename>/etc/group</filename>
+ using a text editor. Alternatively, &man.pw.8; can be used to
+ add and edit groups. For example, to add a group called
+ <groupname>teamtwo</groupname> and then confirm that it
+ exists:</para>
<example>
<title>Adding a Group Using &man.pw.8;
@@ -1010,15 +976,14 @@ passwd: done
teamtwo:*:1100:
- The number 1100 above is the group ID of
- the group teamtwo. Right now,
- teamtwo has no members, and is thus
- rather useless. Let's change that by inviting
- jru to the teamtwo
- group.
+ In this example, 1100 is the
+ GID of teamtwo. Right
+ now, teamtwo has no members. This
+ command will add jru as a member of
+ teamtwo.
- Setting the List of Members of a Group Using
+ <title>Adding User Accounts to a New Group Using
&man.pw.8;&prompt.root; pw groupmod teamtwo -M jru
@@ -1026,17 +991,17 @@ teamtwo:*:1100:
teamtwo:*:1100:jru
- The argument to the option is a
- comma-delimited list of users who are to be in the group. From
- the preceding sections, we know that the password file also
- contains a group for each user. The latter (the user) is
- automatically added to the group list by the system; the user
- will not show up as a member when using the
- command to &man.pw.8;, but will show
- up when the information is queried via &man.id.1; or similar
- tool. In other words, &man.pw.8; only manipulates the
- /etc/group file; it will never attempt to
- read additionally data from
+ The argument to is a comma-delimited
+ list of users to be added to a new (empty) group or to replace
+ the members of an existing group. To the user, this group
+ membership is different from (and in addition to) the user's
+ primary group listed in the password file. This means that
+ the user will not show up as a member when using
+ with &man.pw.8;, but will show up
+ when the information is queried via &man.id.1; or a similar
+ tool. When &man.pw.8; is used to add a user to a group, it only
+ manipulates /etc/group and does not attempt
+ to read additional data from
/etc/passwd.
@@ -1047,10 +1012,11 @@ teamtwo:*:1100:jru
teamtwo:*:1100:jru,db
- The argument to the option is a
+ In this example, the argument to is a
comma-delimited list of users who are to be added to the group.
- Unlike the previous example, these users are added to the group
- and do not replace the list of users in the group.
+ Unlike the previous example, these users are appended to the
+ group list and do not replace the list of existing users in the
+ group.Using &man.id.1; to Determine Group Membership
@@ -1059,13 +1025,12 @@ teamtwo:*:1100:jru,db
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
- As you can see, jru is a member of the
+ In this example, jru is a member of the
groups jru and
teamtwo.
- For more information about &man.pw.8;, see its manual page,
- and for more information on the format of
- /etc/group, consult the &man.group.5;
- manual page.
+ For more information about this command and the format of
+ /etc/group, refer to &man.pw.8; and
+ &man.group.5;.