os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

MF ISBN:

Browse source 
Merged /projects/print2013/en_US.ISO8859-1:r40693-40726
   Merged /projects/ISBN_1-57176-407-0/en_US.ISO8859-1:r40727-41455,
	41457-41469,41472-41477,41479-41513,41515-41521,41523-41577,
	41579-41581,41583-42013

Notes:  This merge entirely excludes the en_US/books/handbook/ppp-and-slip/
changes.  They will need to be looked at a bit more closely.

Note to translators:  I am very, very sorry.  There was no *clean* way
to merge this as separate commits.  Trust me, I tried.
The revision logs for the ISBN branch should provide some insight to what
content has changed.  I am more than happy to help out here.  Sorry :(

Approved by:	doceng (implicit)
This commit is contained in:
Glen Barber 2013-06-23 22:37:08 +00:00
parent e7c0b1569a
commit e05926f374
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=42014
16 changed files with 9363 additions and 9961 deletions
en_US.ISO8859-1/books/handbook
advanced-networking
chapter.xml
audit
chapter.xml
basics
chapter.xml
boot
chapter.xml
config
chapter.xml
disks
chapter.xml
eresources
chapter.xml
install
chapter.xml
kernelconfig
chapter.xml
mac
chapter.xml
mail
chapter.xml
multimedia
chapter.xml
network-servers
chapter.xml
ports
chapter.xml
security
chapter.xml
users
chapter.xml

4726
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
View file

File diff suppressed because it is too large Load diff

172
en_US.ISO8859-1/books/handbook/audit/chapter.xml
View file

@ -60,8 +60,8 @@ requirements. -->
</listitem>
<listitem>
<para>How to configure Event Auditing on &os; for users
and processes.</para>
<para>How to configure Event Auditing on &os; for users and
processes.</para>
</listitem>
<listitem>
@ -85,8 +85,8 @@ requirements. -->
</listitem>
<listitem>
<para>Have some familiarity with security and how it
pertains to &os; (<xref linkend="security"/>).</para>
<para>Have some familiarity with security and how it pertains
to &os; (<xref linkend="security"/>).</para>
</listitem>
</itemizedlist>
@ -104,9 +104,9 @@ requirements. -->
Administrators should take into account disk space
requirements associated with high volume audit configurations.
For example, it may be desirable to dedicate a file system to
the <filename class="directory">/var/audit</filename> tree so that other file
systems are not affected if the audit file system becomes
full.</para>
the <filename class="directory">/var/audit</filename> tree
so that other file systems are not affected if the audit file
system becomes full.</para>
</warning>
</sect1>
@ -133,9 +133,9 @@ requirements. -->
<listitem>
<para><emphasis>class</emphasis>: Event classes are named sets
of related events, and are used in selection expressions.
Commonly used classes of events include
<quote>file creation</quote> (fc), <quote>exec</quote> (ex)
and <quote>login_logout</quote> (lo).</para>
Commonly used classes of events include <quote>file
creation</quote> (fc), <quote>exec</quote> (ex) and
<quote>login_logout</quote> (lo).</para>
</listitem>
<listitem>
@ -199,8 +199,8 @@ requirements. -->
<programlisting>options AUDIT</programlisting>
<para>Rebuild and reinstall
the kernel via the normal process explained in
<xref linkend="kernelconfig"/>.</para>
the kernel via the normal process explained in <xref
linkend="kernelconfig"/>.</para>
<para>Once an audit-enabled kernel is built, installed, and the
system has been rebooted, enable the audit daemon by adding the
@ -249,10 +249,10 @@ requirements. -->
<listitem>
<para><filename>audit_warn</filename> - A customizable shell
script used by <application>auditd</application> to generate
warning messages in exceptional situations, such as when
space for audit records is running low or when the audit
trail file has been rotated.</para>
script used by &man.auditd.8; to generate warning messages
in exceptional situations, such as when space for audit
records is running low or when the audit trail file has
been rotated.</para>
</listitem>
</itemizedlist>
@ -400,8 +400,8 @@ requirements. -->
</itemizedlist>
<para>These audit event classes may be customized by modifying
the <filename>audit_class</filename> and
<filename>audit_event</filename> configuration files.</para>
the <filename>audit_class</filename> and <filename>audit_
event</filename> configuration files.</para>
<para>Each audit class in the list is combined with a prefix
indicating whether successful/failed operations are matched,
@ -451,18 +451,16 @@ requirements. -->
<title>Configuration Files</title>
<para>In most cases, administrators will need to modify only two
files when configuring the audit system:
<filename>audit_control</filename> and
<filename>audit_user</filename>. The first controls
system-wide audit properties and policies; the second may be
used to fine-tune auditing by user.</para>
files when configuring the audit system: <filename>audit_
control</filename> and <filename>audit_user</filename>.
The first controls system-wide audit properties and policies;
the second may be used to fine-tune auditing by user.</para>
<sect3 id="audit-auditcontrol">
<title>The <filename>audit_control</filename> File</title>
<para>The <filename>audit_control</filename> file specifies a
number of defaults for the audit subsystem. Viewing the
contents of this file, we see the following:</para>
<para>A number of defaults for the audit subsystem are
specified in <filename>audit_control</filename>:</para>
<programlisting>dir:/var/audit
flags:lo
@ -471,7 +469,7 @@ naflags:lo
policy:cnt
filesz:0</programlisting>
<para>The <option>dir</option> option is used to set one or
<para>The <option>dir</option> entry is used to set one or
more directories where audit logs will be stored. If more
than one directory entry appears, they will be used in order
as they fill. It is common to configure audit so that audit
@ -484,17 +482,17 @@ filesz:0</programlisting>
example above, successful and failed login and logout events
are audited for all users.</para>
<para>The <option>minfree</option> option defines the minimum
<para>The <option>minfree</option> entry defines the minimum
percentage of free space for the file system where the audit
trail is stored. When this threshold is exceeded, a warning
will be generated. The above example sets the minimum free
space to twenty percent.</para>
<para>The <option>naflags</option> option specifies audit
classes to be audited for non-attributed events, such as the
login process and system daemons.</para>
<para>The <option>naflags</option> entry specifies audit classes
to be audited for non-attributed events, such as the login
process and system daemons.</para>
<para>The <option>policy</option> option specifies a
<para>The <option>policy</option> entry specifies a
comma-separated list of policy flags controlling various
aspects of audit behavior. The default
<literal>cnt</literal> flag indicates that the system should
@ -504,7 +502,7 @@ filesz:0</programlisting>
to the &man.execve.2; system call to be audited as part of
command execution.</para>
<para>The <option>filesz</option> option specifies the maximum
<para>The <option>filesz</option> entry specifies the maximum
size in bytes to allow an audit trail file to grow to before
automatically terminating and rotating the trail file. The
default, 0, disables automatic log rotation. If the
@ -516,25 +514,24 @@ filesz:0</programlisting>
<sect3 id="audit-audituser">
<title>The <filename>audit_user</filename> File</title>
<para>The <filename>audit_user</filename> file permits the
administrator to specify further audit requirements for
specific users. Each line configures auditing for a user
via two fields: the first is the
<literal>alwaysaudit</literal> field, which specifies a set
of events that should always be audited for the user, and
the second is the <literal>neveraudit</literal> field, which
specifies a set of events that should never be audited for
the user.</para>
<para>The administrator can specify further audit requirements
for specific users in <filename>audit_user</filename>.
Each line configures auditing for a user via two fields:
the first is the <literal>alwaysaudit</literal> field,
which specifies a set of events that should always be
audited for the user, and the second is the
<literal>neveraudit</literal> field, which specifies a set
of events that should never be audited for the user.</para>
<para>The following example <filename>audit_user</filename>
file audits login/logout events and successful command
execution for the <username>root</username> user, and audits
file creation and successful command execution for the
<username>www</username> user. If used with the example
<filename>audit_control</filename> file above, the
audits login/logout events and successful command
execution for <username>root</username>, and audits
file creation and successful command execution for
<username>www</username>. If used with the above example
<filename>audit_control</filename>, the
<literal>lo</literal> entry for <username>root</username> is
redundant, and login/logout events will also be audited for
the <username>www</username> user.</para>
<username>www</username>.</para>
<programlisting>root:lo,+ex:no
www:fc,+ex:no</programlisting>
@ -553,14 +550,13 @@ www:fc,+ex:no</programlisting>
&man.praudit.1; command converts trail files to a simple text
format; the &man.auditreduce.1; command may be used to reduce
the audit trail file for analysis, archiving, or printing
purposes. <command>auditreduce</command> supports a variety
of selection parameters, including event type, event class,
purposes. A variety of selection parameters are supported by
&man.auditreduce.1;, including event type, event class,
user, date or time of the event, and the file path or object
acted on.</para>
<para>For example, the <command>praudit</command> utility will
dump the entire contents of a specified audit log in plain
text:</para>
<para>For example, &man.praudit.1; will dump the entire
contents of a specified audit log in plain text:</para>
<screen>&prompt.root; <userinput>praudit /var/audit/AUDITFILE</userinput></screen>
@ -569,11 +565,11 @@ www:fc,+ex:no</programlisting>
the audit log to dump.</para>
<para>Audit trails consist of a series of audit records made up
of tokens, which <command>praudit</command> prints
sequentially one per line. Each token is of a specific type,
such as <literal>header</literal> holding an audit record
header, or <literal>path</literal> holding a file path from a
name lookup. The following is an example of an
of tokens, which &man.praudit.1; prints sequentially one per
line. Each token is of a specific type, such as
<literal>header</literal> holding an audit record header, or
<literal>path</literal> holding a file path from a name
lookup. The following is an example of an
<literal>execve</literal> event:</para>
<programlisting>header,133,10,execve(2),0,Mon Sep 25 15:58:03 2006, + 384 msec
@ -605,9 +601,9 @@ trailer,133</programlisting>
successful execution, and the <literal>trailer</literal>
concludes the record.</para>
<para><command>praudit</command> also supports
an XML output format, which can be selected using the
<option>-x</option> argument.</para>
<para><acronym>XML</acronym> output format is also supported by
&man.praudit.1;, and can be selected using
<option>-x</option>.</para>
</sect2>
<sect2>
@ -619,20 +615,19 @@ trailer,133</programlisting>
<screen>&prompt.root; <userinput>auditreduce -u trhodes /var/audit/AUDITFILE | praudit</userinput></screen>
<para>This will select all audit records produced for the user
<username>trhodes</username> stored in the
<filename><replaceable>AUDITFILE</replaceable></filename>
file.</para>
<para>This will select all audit records produced for
<username>trhodes</username> stored in
<filename><replaceable>AUDITFILE</replaceable></filename>.</para>
</sect2>
<sect2>
<title>Delegating Audit Review Rights</title>
<para>Members of the <groupname>audit</groupname> group are
given permission to read audit trails in
<filename class="directory">/var/audit</filename>; by default, this group is
empty, so only the <username>root</username> user may read
audit trails. Users may be added to the
given permission to read audit trails in <filename
class="directory">/var/audit</filename>; by default, this
group is empty, so only the <username>root</username> user
may read audit trails. Users may be added to the
<groupname>audit</groupname> group in order to delegate audit
review rights to the user. As the ability to track audit log
contents provides significant insight into the behavior of
@ -674,9 +669,9 @@ trailer,133</programlisting>
SSH session, then a continuous stream of audit events will
be generated at a high rate, as each event being printed
will generate another event. It is advisable to run
<command>praudit</command> on an audit pipe device from
sessions without fine-grained I/O auditing in order to avoid
this happening.</para>
&man.praudit.1; on an audit pipe device from sessions
without fine-grained I/O auditing in order to avoid this
happening.</para>
</warning>
</sect2>
@ -684,24 +679,23 @@ trailer,133</programlisting>
<title>Rotating Audit Trail Files</title>
<para>Audit trails are written to only by the kernel, and
managed only by the audit daemon,
<application>auditd</application>. Administrators should not
attempt to use &man.newsyslog.conf.5; or other tools to
directly rotate audit logs. Instead, the
<command>audit</command> management tool may be used to shut
down auditing, reconfigure the audit system, and perform log
rotation. The following command causes the audit daemon to
create a new audit log and signal the kernel to switch to
using the new log. The old log will be terminated and
renamed, at which point it may then be manipulated by the
administrator.</para>
managed only by the audit daemon, &man.auditd.8;.
Administrators should not attempt to use
&man.newsyslog.conf.5; or other tools to directly rotate
audit logs. Instead, the &man.audit.8; management tool may
be used to shut down auditing, reconfigure the audit system,
and perform log rotation. The following command causes the
audit daemon to create a new audit log and signal the kernel
to switch to using the new log. The old log will be
terminated and renamed, at which point it may then be
manipulated by the administrator.</para>
<screen>&prompt.root; <userinput>audit -n</userinput></screen>
<warning>
<para>If the <application>auditd</application> daemon is not
currently running, this command will fail and an error
message will be produced.</para>
<para>If &man.auditd.8; is not currently running, this
command will fail and an error message will be
produced.</para>
</warning>
<para>Adding the following line to
@ -710,11 +704,11 @@ trailer,133</programlisting>
<programlisting>0 */12 * * * root /usr/sbin/audit -n</programlisting>
<para>The change will take effect once you have saved the
new <filename>/etc/crontab</filename>.</para>
<para>The change will take effect once you have saved the new
<filename>/etc/crontab</filename>.</para>
<para>Automatic rotation of the audit trail file based on file
size is possible via the <option>filesz</option> option in
size is possible using <option>filesz</option> in
&man.audit.control.5;, and is described in the configuration
files section of this chapter.</para>
</sect2>

523
en_US.ISO8859-1/books/handbook/basics/chapter.xml
View file

@ -57,7 +57,7 @@
</listitem>
<listitem>
<para>What a shell is, and how to change your default login
<para>What a shell is, and how to change the default login
environment.</para>
</listitem>
@ -87,10 +87,10 @@
<para>&os; can be used in various ways. One of them is typing
commands to a text terminal. A lot of the flexibility and power
of a &unix; operating system is readily available at your hands
when using &os; this way. This section describes what
of a &unix; operating system is readily available when using
&os; this way. This section describes what
<quote>terminals</quote> and <quote>consoles</quote> are, and
how you can use them in &os;.</para>
how to use them in &os;.</para>
<sect2 id="consoles-intro">
<title>The Console</title>
@ -144,15 +144,16 @@ login:</screen>
<screen>login:</screen>
<para>Type the username that was configured during <link
linkend="bsdinstall-addusers">system installation</link> and
press <keycap>Enter</keycap>. Then enter the password
associated with the username and press <keycap>Enter</keycap>.
The password is <emphasis>not echoed</emphasis> for security
<para>Type the username that was configured during system
installation, as described in <xref
linkend="bsdinstall-addusers"/>, and press
<keycap>Enter</keycap>. Then enter the password associated
with the username and press <keycap>Enter</keycap>. The
password is <emphasis>not echoed</emphasis> for security
reasons.</para>
<para>Once the correct password is input, the message of
the day (<acronym>MOTD</acronym>) will be displayed followed
<para>Once the correct password is input, the message of the
day (<acronym>MOTD</acronym>) will be displayed followed
by a command prompt (a <literal>#</literal>,
<literal>$</literal>, or <literal>%</literal> character). You
are now logged into the &os; console and ready to try the
@ -165,8 +166,8 @@ login:</screen>
<para>&os; can be configured to provide many virtual consoles
for inputting commands. Each virtual console has its own
login prompt and output channel, and &os; takes care of
properly redirecting keyboard input and monitor output as you
switch between virtual consoles.</para>
properly redirecting keyboard input and monitor output as
switching occurs between virtual consoles.</para>
<para>Special key combinations have been reserved by &os; for
switching consoles.<footnote>
@ -228,10 +229,10 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
<title>Single User Mode Console</title>
<para>A detailed description of <quote>single user mode</quote>
can be found <link linkend="boot-singleuser">here</link>.
There is only one console when &os; is in single user mode as
no other virtual consoles are available in this mode. The
settings for single user mode are found in this section of
can be found in <xref linkend="boot-singleuser"/>. There is
only one console when &os; is in single user mode as no other
virtual consoles are available in this mode. The settings
for single user mode are found in this section of
<filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
@ -249,11 +250,11 @@ console none unknown off secure</programlisting>
without prompting for a password.</para>
<para><emphasis>Be careful when changing this setting to
<literal>insecure</literal></emphasis>. If you ever
forget the <username>root</username> password, booting into
single user mode is still possible, but may be difficult for
someone who is not comfortable with the &os; booting
process.</para>
<literal>insecure</literal></emphasis>. If the
<username>root</username> password is forgotten, booting
into single user mode is still possible, but may be
difficult for someone who is not comfortable with the &os;
booting process.</para>
</note>
</sect2>
@ -301,6 +302,15 @@ console none unknown off secure</programlisting>
managing requests for hardware devices, peripherals, memory, and
CPU time fairly to each user.</para>
<para>Much more information about user accounts is in the chapter
about <link linkend="users">accounts</link>. It is important to
understand that each person (user) who uses the computer should be
given their own username and password. The system keeps track
of the people using the computer based on this username. Since
it is often the case that several people are working on the same
project &unix; also provides groups. Several users can be placed
in the same group.</para>
<para>Because the system is capable of supporting multiple users,
everything the system manages has a set of permissions governing
who can read, write, and execute the resource. These
@ -382,7 +392,7 @@ console none unknown off secure</programlisting>
</tgroup>
</informaltable>
<indexterm>
<primary><command>ls</command></primary>
<primary>&man.ls.1;</primary>
</indexterm>
<indexterm><primary>directories</primary></indexterm>
@ -424,10 +434,10 @@ total 530
write, and execute permissions. The executable bit for a
directory has a slightly different meaning than that of files.
When a directory is marked executable, it means it is possible
to change into that directory using
<application>cd</application>. This also means that it is
possible to access the files within that directory, subject to
the permissions on the files themselves.</para>
to change into that directory using &man.cd.1;. This also
means that it is possible to access the files within that
directory, subject to the permissions on the files
themselves.</para>
<para>In order to perform a directory listing, the read permission
must be set on the directory. In order to delete a file that
@ -588,10 +598,9 @@ total 530
<para>In addition to file permissions, &os; supports the use of
<quote>file flags</quote>. These flags add an additional
level of security and control over files, but not
directories. With file flags, even
<username>root</username> can be prevented from removing or
altering files.</para>
level of security and control over files, but not directories.
With file flags, even <username>root</username> can be
prevented from removing or altering files.</para>
<para>File flags are modified using &man.chflags.1;. For
example, to enable the system undeletable flag on the file
@ -669,7 +678,7 @@ total 530
<para>Note that a <literal>s</literal> is now part of the
permission set designated for the file owner, replacing the
executable bit. This allows utilities which need elevated
permissions, such as <command>passwd</command>.</para>
permissions, such as &man.passwd.1;.</para>
<note>
<para>The <literal>nosuid</literal> &man.mount.8; option will
@ -680,10 +689,10 @@ total 530
</note>
<para>To view this in real time, open two terminals. On
one, start the <command>passwd</command> process as a normal
user. While it waits for a new password, check the process
one, type <command>passwd</command> as a normal user.
While it waits for a new password, check the process
table and look at the user information for
<command>passwd</command>:</para>
&man.passwd.1;:</para>
<para>In terminal A:</para>
@ -697,9 +706,9 @@ Old Password:</screen>
<screen>trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd
root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<para>As stated above, the <command>passwd</command> is run
by a normal user, but is using the effective
<acronym>UID</acronym> of <username>root</username>.</para>
<para>Although &man.passwd.1; is run as a normal user, it is
using the effective <acronym>UID</acronym> of
<username>root</username>.</para>
<para>The <literal>setgid</literal> permission performs the
same function as the <literal>setuid</literal> permission;
@ -709,8 +718,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
user who started the process.</para>
<para>To set the <literal>setgid</literal> permission on a
file, provide <command>chmod</command> with a leading two
(2):</para>
file, provide &man.chmod.1; with a leading two (2):</para>
<screen>&prompt.root; <userinput>chmod 2755 sgidexample.sh</userinput></screen>
@ -855,8 +863,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<row>
<entry><filename
class="directory">/etc/namedb/</filename></entry>
<entry><command>named</command> configuration files.
Refer to &man.named.8; for details.</entry>
<entry>&man.named.8; configuration files.</entry>
</row>
<row>
@ -870,8 +877,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<row>
<entry><filename
class="directory">/etc/ppp/</filename></entry>
<entry><command>ppp</command> configuration files as
described in &man.ppp.8;.</entry>
<entry>&man.ppp.8; configuration files.</entry>
</row>
<row>
@ -967,26 +973,26 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<entry><filename
class="directory">/usr/local/</filename></entry>
<entry>Local executables and libraries. Also used as
the default destination for the &os; ports
framework. Within
<filename class="directory">/usr/local</filename>, the
the default destination for the &os; ports framework.
Within <filename
class="directory">/usr/local</filename>, the
general layout sketched out by &man.hier.7; for
<filename class="directory">/usr</filename> should be
used. Exceptions are the man directory, which is
directly under
<filename class="directory">/usr/local</filename>
rather than under
<filename class="directory">/usr/local/share</filename>,
and the ports documentation is in
<filename class="directory">share/doc/<replaceable>port</replaceable></filename>.</entry>
directly under <filename
class="directory">/usr/local</filename>
rather than under <filename
class="directory">/usr/local/share</filename>,
and the ports documentation is in <filename
class="directory">share/doc/<replaceable>port</replaceable></filename>.</entry>
</row>
<row>
<entry><filename
class="directory">/usr/obj/</filename></entry>
<entry>Architecture-specific target tree produced by
building the
<filename class="directory">/usr/src</filename>
building the <filename
class="directory">/usr/src</filename>
tree.</entry>
</row>
@ -1051,8 +1057,8 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<entry><filename
class="directory">/var/tmp/</filename></entry>
<entry>Temporary files which are usually preserved
across a system reboot, unless
<filename class="directory">/var</filename> is a
across a system reboot, unless <filename
class="directory">/var</filename> is a
memory-based file system.</entry>
</row>
@ -1078,47 +1084,45 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<para>Files are stored in directories. A directory may contain no
files, or it may contain many hundreds of files. A directory
can also contain other directories, allowing you to build up a
hierarchy of directories within one another in order to organize
can also contain other directories, allowing a hierarchy of
directories within one another in order to organize
data.</para>
<para>Files and directories are referenced by giving the file or
directory name, followed by a forward slash,
<literal>/</literal>, followed by any other directory names that
are necessary. For example, if the directory
<filename class="directory">foo</filename> contains a directory
are necessary. For example, if the directory <filename
class="directory">foo</filename> contains a directory
<filename class="directory">bar</filename> which contains the
file <filename>readme.txt</filename>, the full name, or
<firstterm>path</firstterm>, to the file is
<filename>foo/bar/readme.txt</filename>. Note that this is
different from &windows; which uses
<literal>\</literal> to separate file and directory
names. &os; does not use drive letters, or other drive names in
the path. For example, you would not type
<filename>c:/foo/bar/readme.txt</filename> on &os;.</para>
different from &windows; which uses <literal>\</literal> to
separate file and directory names. &os; does not use drive
letters, or other drive names in the path. For example, one
would not type <filename>c:/foo/bar/readme.txt</filename> on
&os;.</para>
<para>Directories and files are stored in a file system. Each
file system contains exactly one directory at the very top
level, called the <firstterm>root directory</firstterm> for that
file system. This root directory can contain other
directories. One file system is designated the
<firstterm>root file system</firstterm> or <literal>/</literal>.
Every other file system is <firstterm>mounted</firstterm> under
the root file system. No matter how many disks you have on your
&os; system, every directory appears to be part of the same
disk.</para>
file system. This root directory can contain other directories.
One file system is designated the <firstterm>root file
system</firstterm> or <literal>/</literal>. Every other file
system is <firstterm>mounted</firstterm> under the root file
system. No matter how many disks are on the &os; system, every
directory appears to be part of the same disk.</para>
<para>Suppose you have three file systems, called
<literal>A</literal>, <literal>B</literal>, and
<literal>C</literal>. Each file system has one root directory,
which contains two other directories, called
<literal>A1</literal>, <literal>A2</literal> (and likewise
<literal>B1</literal>, <literal>B2</literal> and
<para>Consider three file systems, called <literal>A</literal>,
<literal>B</literal>, and <literal>C</literal>. Each file
system has one root directory, which contains two other
directories, called <literal>A1</literal>, <literal>A2</literal>
(and likewise <literal>B1</literal>, <literal>B2</literal> and
<literal>C1</literal>, <literal>C2</literal>).</para>
<para>Call <literal>A</literal> the root file system. If you used
<command>ls</command> to view the contents of this directory you
would see two subdirectories, <literal>A1</literal> and
<para>Call <literal>A</literal> the root file system. If
&man.ls.1; is used to view the contents of this directory,
it will show two subdirectories, <literal>A1</literal> and
<literal>A2</literal>. The directory tree looks like
this:</para>
@ -1137,11 +1141,11 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</mediaobject>
<para>A file system must be mounted on to a directory in another
file system. When mounting file system
<literal>B</literal> on to the directory <literal>A1</literal>,
the root directory of <literal>B</literal> replaces
<literal>A1</literal>, and the directories in
<literal>B</literal> appear accordingly:</para>
file system. When mounting file system <literal>B</literal>
on to the directory <literal>A1</literal>, the root directory
of <literal>B</literal> replaces <literal>A1</literal>, and
the directories in <literal>B</literal> appear
accordingly:</para>
<mediaobject>
<imageobject>
@ -1163,10 +1167,9 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<para>Any files that are in the <literal>B1</literal> or
<literal>B2</literal> directories can be reached with the path
<filename class="directory">/A1/B1</filename> or
<filename class="directory">/A1/B2</filename> as
necessary. Any files that were in
<filename class="directory">/A1</filename> have
<filename class="directory">/A1/B1</filename> or <filename
class="directory">/A1/B2</filename> as necessary. Any files
that were in <filename class="directory">/A1</filename> have
been temporarily hidden. They will reappear if
<literal>B</literal> is <firstterm>unmounted</firstterm> from
<literal>A</literal>.</para>
@ -1194,9 +1197,8 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</mediaobject>
<para>and the paths would be
<filename class="directory">/A2/B1</filename> and
<filename class="directory">/A2/B2</filename>
respectively.</para>
<filename class="directory">/A2/B1</filename> and <filename
class="directory">/A2/B2</filename> respectively.</para>
<para>File systems can be mounted on top of one another.
Continuing the last example, the <literal>C</literal> file
@ -1252,10 +1254,6 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</textobject>
</mediaobject>
<para>Typically you create file systems when installing &os;
and decide where to mount them, and then never change them
unless you add a new disk.</para>
<para>It is entirely possible to have one large root file system,
and not need to create any others. There are some drawbacks to
this approach, and one advantage.</para>
@ -1268,9 +1266,9 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<firstterm>mount options</firstterm>. For example, the root
file system can be mounted read-only, making it impossible
for users to inadvertently delete or edit a critical file.
Separating user-writable file systems, such as
<filename class="directory">/home</filename>, from other
file systems allows them to be mounted
Separating user-writable file systems, such as <filename
class="directory">/home</filename>, from other file
systems allows them to be mounted
<firstterm>nosuid</firstterm>. This option prevents the
<firstterm>suid</firstterm>/<firstterm>guid</firstterm> bits
on executables stored on the file system from taking effect,
@ -1287,9 +1285,9 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</listitem>
<listitem>
<para>&os;'s file systems are very robust should you lose
power. However, a power loss at a critical point could
still damage the structure of the file system. By splitting
<para>&os;'s file systems are robust if power is lost.
However, a power loss at a critical point could still
damage the structure of the file system. By splitting
data over multiple file systems it is more likely that the
system will still come up, making it easier to restore from
backup as necessary.</para>
@ -1365,8 +1363,9 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<entry>Normally the same size as the enclosing slice.
This allows utilities that need to work on the entire
slice, such as a bad block scanner, to work on the
<literal>c</literal> partition. You would not normally
create a file system on this partition.</entry>
<literal>c</literal> partition. A file system would not
normally be
created on this partition.</entry>
</row>
<row>
@ -1393,7 +1392,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<literal>s</literal>, starting at 1. So
<quote>da0<emphasis>s1</emphasis></quote> is the first slice on
the first SCSI drive. There can only be four physical slices on
a disk, but you can have logical slices inside physical slices
a disk, but there can be logical slices inside physical slices
of the appropriate type. These extended slices are numbered
starting at 5, so <quote>ad0<emphasis>s5</emphasis></quote> is
the first extended slice on the first IDE disk. These devices
@ -1404,17 +1403,18 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<firstterm>partitions</firstterm>, which are represented as
letters from <literal>a</literal> to <literal>h</literal>. This
letter is appended to the device name, so
<quote>da0<emphasis>a</emphasis></quote> is the <literal>a</literal> partition on
the first <literal>da</literal> drive, which is <quote>dangerously
dedicated</quote>. <quote>ad1s3<emphasis>e</emphasis></quote> is
the fifth partition in the third slice of the second IDE disk
drive.</para>
<quote>da0<emphasis>a</emphasis></quote> is the
<literal>a</literal> partition on the first
<literal>da</literal> drive, which is <quote>dangerously
dedicated</quote>. <quote>ad1s3<emphasis>e</emphasis></quote>
is the fifth partition in the third slice of the second IDE
disk drive.</para>
<para>Finally, each disk on the system is identified. A disk name
starts with a code that indicates the type of disk, and then a
number, indicating which disk it is. Unlike slices, disk
numbering starts at 0. Common codes that you will see are
listed in <xref linkend="basics-dev-codes"/>.</para>
numbering starts at 0. Common codes are listed in <xref
linkend="basics-dev-codes"/>.</para>
<para>When referring to a partition, include the disk name,
<literal>s</literal>, the slice number, and then the partition
@ -1568,12 +1568,11 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<para>The file system is best visualized as a tree,
rooted, as it were, at <filename class="directory">/</filename>.
<filename class="directory">/dev</filename>,
<filename class="directory">/usr</filename>, and the
other directories in the root directory are branches, which may
have their own branches, such as
<filename class="directory">/usr/local</filename>, and so
on.</para>
<filename class="directory">/dev</filename>, <filename
class="directory">/usr</filename>, and the other directories
in the root directory are branches, which may have their own
branches, such as <filename
class="directory">/usr/local</filename>, and so on.</para>
<indexterm><primary>root file system</primary></indexterm>
<para>There are various reasons to house some of these
@ -1583,14 +1582,13 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<filename class="directory">spool/</filename>, and various types
of temporary files, and as such, may get filled up. Filling up
the root file system is not a good idea, so splitting <filename
class="directory">/var</filename> from
<filename class="directory">/</filename> is often
favorable.</para>
class="directory">/var</filename> from <filename
class="directory">/</filename> is often favorable.</para>
<para>Another common reason to contain certain directory trees on
other file systems is if they are to be housed on separate
physical disks, or are separate virtual disks, such as
<link linkend="network-nfs">Network File System</link> mounts,
physical disks, or are separate virtual disks, such as Network
File System mounts, described in <xref linkend="network-nfs"/>,
or CDROM drives.</para>
<sect2 id="disks-fstab">
@ -1601,7 +1599,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<secondary>mounted with fstab</secondary>
</indexterm>
<para>During the <link linkend="boot">boot process</link>,
<para>During the boot process (<xref linkend="boot"/>),
file systems listed in <filename>/etc/fstab</filename> are
automatically mounted except for the entries containing
<option>noauto</option>. This file contains entries in the
@ -1641,8 +1639,8 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<term><literal>options</literal></term>
<listitem>
<para>Either <option>rw</option> for read-write
file systems, or <option>ro</option> for read-only file
<para>Either <option>rw</option> for read-write file
systems, or <option>ro</option> for read-only file
systems, followed by any other options that may be
needed. A common option is <option>noauto</option> for
file systems not normally mounted during the boot
@ -1684,7 +1682,7 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</sect2>
<sect2 id="disks-mount">
<title>The <command>mount</command> Command</title>
<title>Using &man.mount.8;</title>
<indexterm>
<primary>file systems</primary>
@ -1802,14 +1800,14 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
</sect2>
<sect2 id="disks-umount">
<title>The <command>umount</command> Command</title>
<title>Using &man.umount.8;</title>
<indexterm>
<primary>file systems</primary>
<secondary>unmounting</secondary>
</indexterm>
<para>To unmount a filesystem use &man.umount.8;. This command
<para>To unmount a file system use &man.umount.8;. This command
takes one parameter which can be a mountpoint, device name,
<option>-a</option> or <option>-A</option>.</para>
@ -1836,27 +1834,27 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
processes that are run by &os;.</para>
<para>Each process is uniquely identified by a number called a
<firstterm>process ID</firstterm>
(<firstterm>PID</firstterm>). Similar to files, each process
has one owner and group, and the owner and group permissions are
used to determine which files and devices the process can open.
Most processes also have a parent process that started them.
For example, the shell is a process, and any command started in
the shell is a process which has the shell as its parent
process. The exception is a special process called
&man.init.8; which is always the first process to start at boot
time and which always has a PID of 1.</para>
<firstterm>process ID</firstterm> (<acronym>PID</acronym>).
Similar to files, each process has one owner and group, and
the owner and group permissions are used to determine which
files and devices the process can open. Most processes also
have a parent process that started them. For example, the
shell is a process, and any command started in the shell is a
process which has the shell as its parent process. The
exception is a special process called &man.init.8; which is
always the first process to start at boot time and which always
has a <acronym>PID</acronym> of 1.</para>
<para>To see the processes on the system, use &man.ps.1; and
&man.top.1;. To display a static list of the currently running
processes, their PIDs, how much memory they are using, and the
command they were started with, use <command>ps</command>. To
display all the running processes and update the display every
few seconds so that you can interactively see what the computer
is doing, use <command>top</command>.</para>
processes, their <acronym>PID</acronym>s, how much memory they
are using, and the command they were started with, use
&man.ps.1;. To display all the running processes and update
the display every few seconds in order to interactively see
what the computer is doing, use &man.top.1;.</para>
<para>By default, <command>ps</command> only shows the commands
that are running and owned by the user. For example:</para>
<para>By default, &man.ps.1; only shows the commands that are
running and owned by the user. For example:</para>
<screen>&prompt.user; <userinput>ps</userinput>
PID TT STAT TIME COMMAND
@ -1877,15 +1875,16 @@ root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
<para>The output from &man.ps.1; is organized into a number of
columns. The <literal>PID</literal> column displays the process
ID. PIDs are assigned starting at 1, go up to 99999, then wrap
around back to the beginning. However, a PID is not reassigned
if it is already in use. The <literal>TT</literal> column shows
the tty the program is running on and <literal>STAT</literal>
shows the program's state. <literal>TIME</literal> is the
amount of time the program has been running on the CPU. This is
usually not the elapsed time since the program was started, as
most programs spend a lot of time waiting for things to happen
before they need to spend time on the CPU. Finally,
ID. <acronym>PID</acronym>s are assigned starting at 1, go up
to 99999, then wrap around back to the beginning. However, a
<acronym>PID</acronym> is not reassigned if it is already in
use. The <literal>TT</literal> column shows the tty the program
is running on and <literal>STAT</literal> shows the program's
state. <literal>TIME</literal> is the amount of time the
program has been running on the CPU. This is usually not the
elapsed time since the program was started, as most programs
spend a lot of time waiting for things to happen before they
need to spend time on the CPU. Finally,
<literal>COMMAND</literal> is the command that was used to start
the program.</para>
@ -1920,25 +1919,25 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
...</screen>
<para>The output is split into two sections. The header (the
first five lines) shows the PID of the last process to run, the
system load averages (which are a measure of how busy the system
is), the system uptime (time since the last reboot) and the
current time. The other figures in the header relate to how
many processes are running (47 in this case), how much memory
and swap space has been used, and how much time the system is
spending in different CPU states.</para>
first five lines) shows the <acronym>PID</acronym> of the last
process to run, the system load averages (which are a measure
of how busy the system is), the system uptime (time since the
last reboot) and the current time. The other figures in the
header relate to how many processes are running (47 in this
case), how much memory and swap space has been used, and how
much time the system is spending in different CPU states.</para>
<para>Below the header is a series of columns containing similar
information to the output from &man.ps.1;, such as the PID,
username, amount of CPU time, and the command that started the
process. By default, &man.top.1; also displays the amount of
memory space taken by the process. This is split into two
columns: one for total size and one for resident size. Total
size is how much memory the application has needed and the
resident size is how much it is actually using at the moment.
In this example, <application>mutt</application> has
required almost 8&nbsp;MB of RAM, but is currently only using
5&nbsp;MB.</para>
information to the output from &man.ps.1;, such as the
<acronym>PID</acronym>, username, amount of CPU time, and the
command that started the process. By default, &man.top.1; also
displays the amount of memory space taken by the process.
This is split into two columns: one for total size and one for
resident size. Total size is how much memory the application
has needed and the resident size is how much it is actually
using at the moment. In this example,
<application>mutt</application> has required almost 8&nbsp;MB
of RAM, but is currently only using 5&nbsp;MB.</para>
<para>&man.top.1; automatically updates the display every two
seconds. A different interval can be specified with
@ -1966,14 +1965,13 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<para>There is a convention to name programs that normally run as
daemons with a trailing <quote>d</quote>.
<application>BIND</application> is the Berkeley Internet Name
Domain, but the actual program that executes is
<command>named</command>. The <application>Apache</application>
web server program is <command>httpd</command> and the
line printer spooling daemon is <command>lpd</command>. This is
only a naming convention. For example, the main mail daemon for
the <application>Sendmail</application> application is
<command>sendmail</command>, and not
<command>maild</command>.</para>
Domain, but the actual program that executes is &man.named.8;.
The <application>Apache</application> web server program is
<command>httpd</command> and the line printer spooling daemon
is &man.lpd.8;. This is only a naming convention. For example,
the main mail daemon for the <application>Sendmail</application>
application is &man.sendmail.8;, and not
<literal>maild</literal>.</para>
<para>One way to communicate with a daemon, or any running
process, is to send a <firstterm>signal</firstterm> using
@ -2035,15 +2033,15 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<title>Sending a Signal to a Process</title>
<para>This example shows how to send a signal to &man.inetd.8;.
The <command>inetd</command> configuration file is
<filename>/etc/inetd.conf</filename>, and
<command>inetd</command> will re-read this configuration file
when it is sent a <literal>SIGHUP</literal>.</para>
The &man.inetd.8; configuration file is
<filename>/etc/inetd.conf</filename>, and &man.inetd.8; will
re-read this configuration file when it is sent a
<literal>SIGHUP</literal>.</para>
<step>
<para>Find the PID of the process you want to send the signal
to using &man.pgrep.1;. In this example, the PID for
&man.inetd.8; is 198:</para>
<para>Find the <acronym>PID</acronym> of the process to send
the signal to using &man.pgrep.1;. In this example, the
<acronym>PID</acronym> for &man.inetd.8; is 198:</para>
<screen>&prompt.user; <userinput>pgrep -l inetd</userinput>
198 inetd -wW</screen>
@ -2060,12 +2058,13 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
&prompt.root; <userinput>/bin/kill -s HUP 198</userinput></screen>
<para>Like most &unix; commands, &man.kill.1; will not print
any output if it is successful. If you send a signal to a
process that you do not own, you will instead see
any output if it is successful. If a signal is sent to a
process not owned by that user, the message
<errorname>kill: <replaceable>PID</replaceable>: Operation
not permitted</errorname>. Mistyping the PID will either
send the signal to the wrong process, which could have
negative results, or will send the signal to a PID that is
not permitted</errorname> will be displayed. Mistyping
the <acronym>PID</acronym> will either send the signal to
the wrong process, which could have negative results, or
will send the signal to a <acronym>PID</acronym> that is
not currently in use, resulting in the error
<errorname>kill: <replaceable>PID</replaceable>: No such
process</errorname>.</para>
@ -2092,9 +2091,9 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<important>
<para>Killing a random process on the system can be a bad idea.
In particular, &man.init.8;, PID 1, is special. Running
<command>/bin/kill -s KILL 1</command> is a quick, and
unrecommended, way to shutdown the system.
In particular, &man.init.8;, <acronym>PID</acronym> 1, is
special. Running <command>/bin/kill -s KILL 1</command> is
a quick, and unrecommended, way to shutdown the system.
<emphasis>Always</emphasis> double check the arguments to
&man.kill.1; <emphasis>before</emphasis> pressing
<keycap>Return</keycap>.</para>
@ -2112,14 +2111,14 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
them. Many shells provide built in functions to help with
everyday tasks such as file management, file globbing, command
line editing, command macros, and environment variables. &os;
comes with several shells, including <command>sh</command>, the
Bourne Shell, and <command>tcsh</command>, the improved C-shell.
Other shells are available from the &os; Ports Collection, such
as <command>zsh</command> and <command>bash</command>.</para>
comes with several shells, including the Bourne shell
(&man.sh.1;) and the extended C shell (&man.tcsh.1;). Other
shells are available from the &os; Ports Collection, such as
<command>zsh</command> and <command>bash</command>.</para>
<para>The shell that is used is really a matter of taste. A C
programmer might feel more comfortable with a C-like shell such
as <command>tcsh</command>. A Linux user might prefer
as &man.tcsh.1;. A &linux; user might prefer
<command>bash</command>. Each shell has unique properties that
may or may not work with a user's preferred working environment,
which is why there is a choice of which shell to use.</para>
@ -2176,7 +2175,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<row>
<entry><envar>DISPLAY</envar></entry>
<entry>Network name of the <application>Xorg</application>
<entry>Network name of the
<application>&xorg;</application>
display to connect to, if available.</entry>
</row>
@ -2231,13 +2231,13 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<indexterm><primary>Bourne shells</primary></indexterm>
<para>How to set an environment variable differs between shells.
In <command>tcsh</command> and <command>csh</command>, use
In &man.tcsh.1; and &man.csh.1;, use
<command>setenv</command> to set environment variables. In
<command>sh</command> and <command>bash</command>, use
&man.sh.1; and <command>bash</command>, use
<command>export</command> to set the current environment
variables. This example sets the default <envar>EDITOR</envar>
to <filename>/usr/local/bin/emacs</filename> for the
<command>tcsh</command> shell:</para>
&man.tcsh.1; shell:</para>
<screen>&prompt.user; <userinput>setenv EDITOR /usr/local/bin/emacs</userinput></screen>
@ -2254,13 +2254,12 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<para>Shells treat special characters, known as meta-characters,
as special representations of data. The most common
meta-character is <literal>*</literal>, which
represents any number of characters in a filename.
Meta-characters can be used to perform filename globbing. For
example, <command>echo *</command> is equivalent to
<command>ls</command> because the shell takes all the files that
match <literal>*</literal> and <command>echo</command> lists
them on the command line.</para>
meta-character is <literal>*</literal>, which represents any
number of characters in a filename. Meta-characters can be
used to perform filename globbing. For example, <command>echo
*</command> is equivalent to &man.ls.1; because the shell
takes all the files that match <literal>*</literal> and
&man.echo.1; lists them on the command line.</para>
<para>To prevent the shell from interpreting a special character,
escape it from the shell by starting it with a backslash
@ -2276,9 +2275,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
to use <command>chsh</command>. Running this command will
open the editor that is configured in the
<envar>EDITOR</envar> environment variable, which by default
is set to <command>vi</command>. Change
the <quote>Shell:</quote> line to the full path of the
new shell.</para>
is set to &man.vi.1;. Change the <quote>Shell:</quote> line
to the full path of the new shell.</para>
<para>Alternately, use <command>chsh -s</command> which will set
the specified shell without opening an editor. For example,
@ -2289,15 +2287,15 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<note>
<para>The new shell <emphasis>must</emphasis> be present in
<filename>/etc/shells</filename>. If the shell was
installed from the &os; <link linkend="ports">Ports
Collection</link>, it should be automatically added to
this file. If it is missing, add it using this
installed from the &os; Ports Collection as described in
<xref linkend="ports"/>, it should be automatically added
to this file. If it is missing, add it using this
command, replacing the path with the path of the
shell:</para>
<screen>&prompt.root; <userinput>echo <replaceable>/usr/local/bin/bash</replaceable> &gt;&gt; /etc/shells</userinput></screen>
<para>Then rerun <command>chsh</command>.</para>
<para>Then rerun &man.chsh.1;.</para>
</note>
</sect2>
</sect1>
@ -2318,12 +2316,12 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
</indexterm>
<indexterm>
<primary>editors</primary>
<secondary><command>ee</command></secondary>
<secondary>&man.ee.1;</secondary>
</indexterm>
<para>A simple editor to learn is <application>ee</application>,
which stands for easy editor. To start this editor, type
<command>ee <replaceable>filename</replaceable></command> where
<para>A simple editor to learn is &man.ee.1;, which stands for
easy editor. To start this editor, type <command>ee
<replaceable>filename</replaceable></command> where
<replaceable>filename</replaceable> is the name of the file to
be edited. Once inside the editor, all of the commands for
manipulating the editor's functions are listed at the top of the
@ -2331,18 +2329,17 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<keycap>Ctrl</keycap>, so <literal>^e</literal> expands to
<keycombo
action="simul"><keycap>Ctrl</keycap><keycap>e</keycap></keycombo>.
To leave <application>ee</application>, press
<keycap>Esc</keycap>, then choose the <quote>leave
editor</quote> option from the main menu. The editor will
prompt you to save any changes if the file has been
To leave &man.ee.1;, press <keycap>Esc</keycap>, then choose
the <quote>leave editor</quote> option from the main menu.
The editor will prompt to save any changes if the file has been
modified.</para>
<indexterm>
<primary><command>vi</command></primary>
<primary>&man.vi.1;</primary>
</indexterm>
<indexterm>
<primary>editors</primary>
<secondary><command>vi</command></secondary>
<secondary>&man.vi.1;</secondary>
</indexterm>
<indexterm>
<primary><command>emacs</command></primary>
@ -2352,10 +2349,9 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<secondary><command>emacs</command></secondary>
</indexterm>
<para>&os; also comes with more powerful text editors such as
<application>vi</application> as part of the base system.
Other editors, like <filename
role="package">editors/emacs</filename> and
<para>&os; also comes with more powerful text editors, such as
&man.vi.1;, as part of the base system. Other editors, like
<filename role="package">editors/emacs</filename> and
<filename role="package">editors/vim</filename>, are part of the
&os; Ports Collection. These editors offer more functionality
at the expense of being a more complicated to learn. Learning a
@ -2366,8 +2362,7 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<para>Many applications which modify files or require typed input
will automatically open a text editor. To alter the default
editor used, set the <envar>EDITOR</envar> environment
variable as described in the <link
linkend="shells">shells</link> section.</para>
variable as described in <xref linkend="shells"/>.</para>
</sect1>
<sect1 id="basics-devices">
@ -2393,8 +2388,23 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<sect1 id="binary-formats">
<title>Binary Formats</title>
<para>To understand why &os; uses the &man.elf.5; format,the three
currently <quote>dominant</quote> executable formats for &unix;
<para>Typically when a command is passed to the shell, the shell
will arrange for an executable file to be loaded into memory and
a new process is created. Executable files can either be a binary
file (usually created by the linker as part of compiling a program)
or a shell script (text file to be interpreted by a binary file,
like &man.sh.1; or &man.perl.1;). The &man.file.1; command can
usually determine what is inside a file.</para>
<para>Binary files need to have a well defined format for the system
to be able to use them properly. Part of the file will be the
executable machine code (the instructions that tell the CPU what
to do), part of it will be data space with pre-defined values,
part will be data space with no pre-defined values, etc. Through
time, different binary file formats have evolved.</para>
<para>To understand why &os; uses the &man.elf.5; format, the three
currently <quote>dominant</quote>, executable formats for &unix;
must be described:</para>
<itemizedlist>
@ -2441,8 +2451,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
the &man.a.out.5; format, a technology tried and proven through
many generations of BSD releases, until the beginning of the 3.X
branch. Though it was possible to build and run native
<acronym>ELF</acronym> binaries and kernels on a &os;
system for some time before that, &os; initially resisted the
<acronym>ELF</acronym> binaries and kernels on a &os; system
for some time before that, &os; initially resisted the
<quote>push</quote> to switch to <acronym>ELF</acronym> as the
default format. Why? When Linux made its painful transition to
<acronym>ELF</acronym>, it was due to their inflexible
@ -2502,9 +2512,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
programs rewrote them and added simpler support for building
cross compilers and plugging in different formats. Those who
wanted to build cross compilers targeting &os; were out of luck
since the older sources that &os; had for
<application>as</application> and <application>ld</application>
were not up to the task. The new GNU tools chain
since the older sources that &os; had for &man.as.1; and
&man.ld.1; were not up to the task. The new GNU tools chain
(<application>binutils</application>) supports cross
compiling, <acronym>ELF</acronym>, shared libraries, and C++
extensions. In addition, many vendors release
@ -2539,8 +2548,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<screen>&prompt.user; <userinput>man <replaceable>command</replaceable></userinput></screen>
<para>where <replaceable>command</replaceable> is the name of
the command you wish to learn about. For example, to learn
more about <command>ls</command>, type:</para>
the command to learn about. For example, to learn more about
&man.ls.1;, type:</para>
<screen>&prompt.user; <userinput>man ls</userinput></screen>
@ -2587,21 +2596,19 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
<para>In some cases, the same topic may appear in more than one
section of the online manual. For example, there is a
<command>chmod</command> user command and a
<function>chmod()</function> system call. To tell
<command>man</command> which section to display, specify the
section number:</para>
&man.chmod.1; user command and a
<function>chmod()</function> system call. To tell &man.man.1;
which section to display, specify the section number:</para>
<screen>&prompt.user; <userinput>man 1 chmod</userinput></screen>
<para>This will display the manual page for the user command
<command>chmod</command>. References to a particular section
of the online manual are traditionally placed in parenthesis
in written documentation, so &man.chmod.1; refers to the
<command>chmod</command> user command and &man.chmod.2; refers
to the system call.</para>
&man.chmod.1;. References to a particular section of the
online manual are traditionally placed in parenthesis in
written documentation, so &man.chmod.1; refers to the user
command and &man.chmod.2; refers to the system call.</para>
<para>If you do not know the command name, use <command>man
<para>If the command name is unknown, use <command>man
-k</command> to search for keywords in the command
descriptions:</para>
@ -2611,8 +2618,8 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
keyword <quote>mail</quote> in their descriptions. This is
equivalent to using &man.apropos.1;.</para>
<para>To determine what the commands in
<filename class="directory">/usr/bin</filename> do,
<para>To determine what the commands in <filename
class="directory">/usr/bin</filename> do,
type:</para>
<screen>&prompt.user; <userinput>cd /usr/bin</userinput>
@ -2636,7 +2643,7 @@ Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
by the Free Software Foundation (FSF). In addition to manual
pages, these programs may include hypertext documents called
<literal>info</literal> files. These can be viewed using
<command>info</command> or, if <filename
&man.info.1; or, if <filename
role="package">editors/emacs</filename> is installed, the
info mode of <application>emacs</application>.</para>

197
en_US.ISO8859-1/books/handbook/boot/chapter.xml
View file

@ -16,9 +16,9 @@
<para>The process of starting a computer and loading the operating
system is referred to as <quote>the bootstrap process</quote>,
or simply <quote>booting</quote>. &os;'s boot process
provides a great deal of flexibility in customizing what happens
when the system starts, including the ability to select from
or simply <quote>booting</quote>. &os;'s boot process provides
a great deal of flexibility in customizing what happens when
the system starts, including the ability to select from
different operating systems installed on the same computer,
different versions of the same operating system, or a different
installed kernel.</para>
@ -73,47 +73,54 @@
to the mechanism used to load the operating system, which has
become shortened to <quote>booting</quote>.</para>
<indexterm><primary>BIOS</primary></indexterm>
<indexterm><primary><acronym>BIOS</acronym></primary></indexterm>
<indexterm>
<primary>Basic Input/Output System</primary>
<see>BIOS</see>
<see><acronym>BIOS</acronym></see>
</indexterm>
<para>On x86 hardware the Basic Input/Output System (BIOS) is
responsible for loading the operating system. To do this, the
BIOS looks on the hard disk for the Master Boot Record (MBR),
which must be located on a specific place on the disk. The BIOS
has enough knowledge to load and run the MBR, and assumes that
the MBR can then carry out the rest of the tasks involved in
loading the operating system, possibly with the help of the
BIOS.</para>
<para>On x86 hardware the Basic Input/Output System
(<acronym>BIOS</acronym>) is responsible for loading the
operating system. To do this, the <acronym>BIOS</acronym>
looks on the hard disk for the Master Boot Record
(<acronym>MBR</acronym>), which must be located in a specific
place on the disk. The <acronym>BIOS</acronym> has enough
knowledge to load and run the <acronym>MBR</acronym>, and
assumes that the <acronym>MBR</acronym> can then carry out the
rest of the tasks involved in loading the operating system,
possibly with the help of the <acronym>BIOS</acronym>.</para>
<indexterm><primary>Master Boot Record (MBR)</primary></indexterm>
<indexterm><primary>Master Boot Record
<acronym>MBR</acronym>)</primary></indexterm>
<indexterm><primary>Boot Manager</primary></indexterm>
<indexterm><primary>Boot Loader</primary></indexterm>
<para>The code within the MBR is usually referred to as a
<emphasis>boot manager</emphasis>, especially when it interacts
with the user. In this case the boot manager usually has more
code in the first <emphasis>track</emphasis> of the disk or
within some OS's file system. (A boot manager is sometimes also
called a <emphasis>boot loader</emphasis>, but &os; uses that
term for a later stage of booting.) Popular boot managers
include <application>boot0</application> (aka
<para>The code within the <acronym>MBR</acronym> is usually
referred to as a <emphasis>boot manager</emphasis>, especially
when it interacts with the user. In this case, the boot
manager usually has more code in the first
<emphasis>track</emphasis> of the disk or within the file
system of some operating systems. A boot manager is sometimes
also called a <emphasis>boot loader</emphasis>, but &os; uses
that term for a later stage of booting. Popular boot managers
include <application>boot0</application>, also called
<application>Boot Easy</application>, the standard &os; boot
manager), <application>Grub</application>,
manager, <application>Grub</application>,
<application>GAG</application>, and
<application>LILO</application>. (Only
<application>boot0</application> fits within the MBR.)</para>
<application>LILO</application>. Only
<application>boot0</application> fits within the
<acronym>MBR</acronym>.</para>
<para>If only one operating system is installed, a standard PC MBR
will suffice. This MBR searches for the first bootable (active)
<para>If only one operating system is installed, a standard PC
<acronym>MBR</acronym> will suffice. This
<acronym>MBR</acronym> searches for the first bootable (active)
slice on the disk, and then runs the code on that slice to load
the remainder of the operating system. By default, the MBR
installed by &man.fdisk.8; is such an MBR and is based on
the remainder of the operating system. By default, the
<acronym>MBR</acronym> installed by &man.fdisk.8; is such an
<acronym>MBR</acronym> and is based on
<filename>/boot/mbr</filename>.</para>
<para>If multiple operating systems are present, a different boot
@ -122,18 +129,18 @@
boot managers are discussed in the next subsection.</para>
<para>The remainder of the &os; bootstrap system is divided
into three stages. The first stage is run by the MBR, which
knows just enough to get the computer into a specific state and
run the second stage. The second stage can do a little bit
more, before running the third stage. The third stage finishes
the task of loading the operating system. The work is split
into three stages because PC standards put limits on the size of
the programs that can be run at stages one and two. Chaining
the tasks together allows &os; to provide a more flexible
loader.</para>
into three stages. The first stage is run by the
<acronym>MBR</acronym>, which knows just enough to get the
computer into a specific state and run the second stage. The
second stage can do a little bit more, before running the
third stage. The third stage finishes the task of loading the
operating system. The work is split into three stages because
PC standards put limits on the size of the programs that can
be run at stages one and two. Chaining the tasks together
allows &os; to provide a more flexible loader.</para>
<indexterm><primary>kernel</primary></indexterm>
<indexterm><primary><command>init</command></primary></indexterm>
<indexterm><primary>&man.init.8;</primary></indexterm>
<para>The kernel is then started and it begins to probe for
devices and initialize them for use. Once the kernel boot
@ -154,11 +161,11 @@
<title>The Boot Manager</title>
<indexterm><primary>Master Boot Record
(MBR)</primary></indexterm>
(<acronym>MBR</acronym>)</primary></indexterm>
<para>The code in the MBR or boot manager is sometimes referred
to as <emphasis>stage zero</emphasis> of the boot process.
This section discusses two boot managers:
<para>The code in the <acronym>MBR</acronym> or boot manager is
sometimes referred to as <emphasis>stage zero</emphasis> of
the boot process. This section discusses two boot managers:
<application>boot0</application> and
<application>LILO</application>.</para>
@ -166,12 +173,12 @@
<title>The <application>boot0</application> Boot
Manager:</title>
<para>The MBR installed by &os;'s installer or
&man.boot0cfg.8; is based on
<para>The <acronym>MBR</acronym> installed by &os;'s installer
or &man.boot0cfg.8; is based on
<filename>/boot/boot0</filename>. The size and capability
of <application>boot0</application> is restricted to 446
bytes due to the slice table and <literal>0x55AA</literal>
identifier at the end of the MBR. If
identifier at the end of the <acronym>MBR</acronym>. If
<application>boot0</application> and multiple operating
systems are installed, a message similar to this example
will be displayed at boot time:</para>
@ -187,18 +194,22 @@ Default: F2</screen>
</example>
<para>Other operating systems, in particular &windows;, will
overwrite an existing MBR if they are installed after &os;.
If this happens, or you want to replace the existing MBR
with the &os; MBR, use the following command:</para>
overwrite an existing <acronym>MBR</acronym> if they are
installed after &os;. If this happens, or to replace the
existing <acronym>MBR</acronym> with the &os;
<acronym>MBR</acronym>, use the following command:</para>
<screen>&prompt.root; <userinput>fdisk -B -b /boot/boot0 <replaceable>device</replaceable></userinput></screen>
<para>where <replaceable>device</replaceable> is the boot disk,
such as <devicename>ad0</devicename> for the first IDE disk,
<devicename>ad2</devicename> for the first IDE disk on a
second IDE controller, or <devicename>da0</devicename>
for the first SCSI disk. To create a custom configuration of
the MBR, refer to &man.boot0cfg.8;.</para>
such as <devicename>ad0</devicename> for the first
<acronym>IDE</acronym> disk, <devicename>ad2</devicename>
for the first <acronym>IDE</acronym> disk on a second
<acronym>IDE</acronym> controller, or
<devicename>da0</devicename>
for the first <acronym>SCSI</acronym> disk. To create a
custom configuration of the <acronym>MBR</acronym>, refer to
&man.boot0cfg.8;.</para>
<formalpara>
<title>The LILO Boot Manager:</title>
@ -235,11 +246,11 @@ label=FreeBSD</programlisting>
constraints, they have been split into two, but are always
installed together. They are copied from the combined
<filename>/boot/boot</filename> by the installer or
<application>bsdlabel</application>.</para>
&man.bsdlabel.8;.</para>
<para>They are located outside file systems, in the first track
of the boot slice, starting with the first sector. This is
where <link linkend="boot-boot0">boot0</link>, or any other
where boot0 (<xref linkend="boot-boot0"/>), or any other
boot manager, expects to find a program to run which will
continue the boot process. The number of sectors used is
easily determined from the size of
@ -256,9 +267,9 @@ label=FreeBSD</programlisting>
can provide a simple interface to choose the kernel or loader
to run.</para>
<para><link linkend="boot-loader">loader</link> is much more
sophisticated and provides a boot configuration which is run
by <filename>boot2</filename>.</para>
<para>However, &man.loader.8; is much more sophisticated and
provides a boot configuration which is run by
<filename>boot2</filename>.</para>
<example id="boot-boot2-example">
<title><filename>boot2</filename> Screenshot</title>
@ -276,7 +287,8 @@ boot:</screen>
<para>where <replaceable>diskslice</replaceable> is the disk and
slice to boot from, such as <devicename>ad0s1</devicename>
for the first slice on the first IDE disk.</para>
for the first slice on the first <acronym>IDE</acronym>
disk.</para>
<warning>
<title>Dangerously Dedicated Mode</title>
@ -557,10 +569,10 @@ boot:</screen>
first is the default legacy virtual console command line
environment. After the system finishes booting, a console
login prompt is presented. The second environment is the
graphical environment provided by
<link linkend="x11">Xorg</link>. Refer to that chapter for
more information on how to install and configure a graphical
display manager and a graphical login manager.</para>
graphical environment as described in <xref linkend="x11"/>.
Refer to that chapter for more information on how to install
and configure a graphical display manager and a graphical
login manager.</para>
<sect4 id="boot-splash-function">
<title>Splash Screen Function</title>
@ -574,8 +586,8 @@ boot:</screen>
<para>To use larger images, up to the maximum resolution of
1024 by 768 pixels, load the <acronym>VESA</acronym>
module during system boot. For a <ulink
url="kernelconfig">custom kernel</ulink>, include the
module during system boot. For a custom kernel, as
described in <xref linkend="kernelconfig"/>, include the
<literal>VESA</literal> kernel configuration option.
Loading <acronym>VESA</acronym> support provides the
ability to display a splash screen image that fills the
@ -666,8 +678,8 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
or
<filename><replaceable>bluewave</replaceable>.pcx</filename>.</para>
<para>Other interesting
<filename>loader.conf</filename> options include:</para>
<para>Other interesting <filename>loader.conf</filename>
options include:</para>
<variablelist>
<varlistentry>
@ -710,10 +722,10 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
<secondary>boot interaction</secondary>
</indexterm>
<para>Once the kernel is loaded by either the default <link
linkend="boot-loader">loader</link> or by <link
linkend="boot-boot1">boot2</link> which bypasses the loader,
it examines its boot flags, if any, and adjusts its behavior as
<para>Once the kernel is loaded by either the default loader
(<xref linkend="boot-loader"/>) or by boot2 (<xref
linkend="boot-boot1"/>), which bypasses the loader, it
examines any boot flags and adjusts its behavior as
necessary.</para>
<sect2 id="boot-kernel-bootflags">
@ -807,8 +819,9 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
<quote>device hints</quote>. These <quote>device hints</quote>
are used by device drivers for device configuration.</para>
<para>Device hints may also be specified at the <link
linkend="boot-loader"> Stage 3 boot loader</link> prompt.
<para>Device hints may also be specified at the Stage 3 boot
loader prompt, as demonstrated in <xref
linkend="boot-loader"/>.
Variables can be added using <command>set</command>, removed
with <command>unset</command>, and viewed
<command>show</command>. Variables set in
@ -882,7 +895,7 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
<title>Init: Process Control Initialization</title>
<indexterm>
<primary><command>init</command></primary>
<primary>&man.init.8;</primary>
</indexterm>
<para>Once the kernel has finished booting, it passes control to
@ -897,10 +910,9 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
<para>The automatic reboot sequence makes sure that the file
systems available on the system are consistent. If they are
not, and &man.fsck.8; cannot fix the inconsistencies of a UFS
file system, &man.init.8; drops the system into
<link linkend="boot-singleuser">single-user mode</link> so
that the system administrator can resolve the problem
directly.</para>
file system, &man.init.8; drops the system into single-user
mode (<xref linkend="boot-singleuser"/>) so that the system
administrator can resolve the problem directly.</para>
</sect2>
<sect2 id="boot-singleuser">
@ -909,14 +921,13 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
<indexterm><primary>single-user mode</primary></indexterm>
<indexterm><primary>console</primary></indexterm>
<para>This mode can be reached through the <link
linkend="boot-autoreboot">automatic reboot sequence</link>,
the user booting with <option>-s</option>, or by setting
the <envar>boot_single</envar> variable in
<command>loader</command>.</para>
<para>This mode can be reached through the automatic reboot
sequence (<xref linkend="boot-autoreboot"/>), the user booting
with <option>-s</option>, or by setting the <envar>boot_
single</envar> variable in &man.loader.8;.</para>
<para>It can also be reached by calling &man.shutdown.8; from
<link linkend="boot-multiuser">multi-user mode</link> without
multi-user mode (<xref linkend="boot-multiuser"/>) without
including <option>-r</option> or <option>-h</option>.</para>
<para>If the system <literal>console</literal> is set to
@ -952,13 +963,13 @@ console none unknown off insecure</programlisting>
<indexterm><primary>multi-user mode</primary></indexterm>
<para>If &man.init.8; finds the file systems to be in order, or
once the user has finished their commands in <link
linkend="boot-singleuser">single-user mode</link>, the
system enters multi-user mode, in which it starts the
resource configuration of the system.</para>
once the user has finished their commands in single-user
mode (<xref linkend="boot-singleuser"/>), the system enters
multi-user mode, in which it starts the resource configuration
of the system.</para>
<sect3 id="boot-rc">
<title>Resource Configuration (rc)</title>
<title>Resource Configuration</title>
<indexterm><primary>rc files</primary></indexterm>
@ -983,7 +994,7 @@ console none unknown off insecure</programlisting>
<title>Shutdown Sequence</title>
<indexterm>
<primary><command>shutdown</command></primary>
<primary>&man.shutdown.8;</primary>
</indexterm>
<para>Upon controlled shutdown using &man.shutdown.8;,
@ -997,8 +1008,8 @@ console none unknown off insecure</programlisting>
that support power management, use <command>shutdown -p
now</command> to turn the power off immediately. To reboot a
&os; system, use <command>shutdown -r now</command>. One must
be <username>root</username> or a member of the
<groupname>operator</groupname> group in order to run
be <username>root</username> or a member of
<groupname>operator</groupname> in order to run
&man.shutdown.8;. One can also use &man.halt.8; and
&man.reboot.8;. Refer to their manual pages and to
&man.shutdown.8; for more information.</para>

2418
en_US.ISO8859-1/books/handbook/config/chapter.xml
View file

File diff suppressed because it is too large Load diff

57
en_US.ISO8859-1/books/handbook/disks/chapter.xml
View file

@ -3690,42 +3690,33 @@ geli_da2_flags="-p -k /root/da2.key"</programlisting>
<secondary>encrypting</secondary>
</indexterm>
<para>Swap encryption in &os; is easy to configure. Depending on
which version of &os; is being used, different options are
available and configuration can vary slightly. The &man.gbde.8;
or &man.geli.8; encryption systems can be used for swap
encryption. Both systems use the <filename>encswap</filename>
<para>Like the encryption of disk partitions, encryption of swap
space is used to protect sensitive information. Consider an
application that deals with passwords. As long as these
passwords stay in physical memory, these passwords will not
be written to disk and be cleared after a reboot. If &os;
starts swapping out memory pages to free
space for other applications, the passwords may be written to
the disk platters unencrypted. Encrypting swap space can be a
solution for this scenario.</para>
<para>The &man.gbde.8; or &man.geli.8; encryption systems may be
used for swap encryption. Both systems use the
<filename>encswap</filename>
<link linkend="configtuning-rcd">rc.d</link> script.</para>
<sect2>
<title>Why Should Swap be Encrypted?</title>
<note>
<para>For the remainder of this section,
<devicename>ad0s1b</devicename> will be the swap
partition.</para>
</note>
<para>Like the encryption of disk partitions, encryption of swap
space is used to protect sensitive information. Consider an
application that deals with passwords. As long as these
passwords stay in physical memory, all is well. However, if
the operating system starts swapping out memory pages to free
space for other applications, the passwords may be written to
the disk platters unencrypted. Encrypting swap space can be a
solution for this scenario.</para>
</sect2>
<para>Swap partitions are not encrypted by default and should
be cleared of any sensitive data before continuing. To
overwrite the current swap parition with random garbage,
execute the following command:</para>
<sect2>
<title>Preparation</title>
<note>
<para>For the remainder of this section,
<devicename>ad0s1b</devicename> will be the swap
partition.</para>
</note>
<para>By default, swap is unencrypted. It is possible that it
contains passwords or other sensitive data in cleartext. To
rectify this, the data on the swap partition should be
overwritten with random garbage:</para>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
</sect2>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ad0s1b</replaceable> bs=1m</userinput></screen>
<sect2>
<title>Swap Encryption with &man.gbde.8;</title>
@ -3767,7 +3758,7 @@ geli_da2_flags="-p -k /root/da2.key"</programlisting>
</sect2>
<sect2>
<title>Verifying That it Works</title>
<title>Encrypted Swap Verification</title>
<para>Once the system has rebooted, proper operation of the
encrypted swap can be verified using

370
en_US.ISO8859-1/books/handbook/eresources/chapter.xml
View file

File diff suppressed because it is too large Load diff

2609
en_US.ISO8859-1/books/handbook/install/chapter.xml
View file

File diff suppressed because it is too large Load diff

27
en_US.ISO8859-1/books/handbook/kernelconfig/chapter.xml
View file

@ -695,7 +695,7 @@ options NFS_ROOT # NFS usable as /, requires NFSCLIENT</progra
<para>Adds support for <ulink
url="http://en.wikipedia.org/wiki/GUID_Partition_Table">GUID
Partition Tables</ulink> (<acronym>GPT</acronym>. GPT
Partition Tables</ulink> (<acronym>GPT</acronym>). GPT
provides the ability to have a large number of partitions per
disk, 128 in the standard configuration.</para>
@ -778,29 +778,6 @@ options NFS_ROOT # NFS usable as /, requires NFSCLIENT</progra
device nodes in <filename
class="directory">/dev</filename>.</para>
<programlisting>options ADAPTIVE_GIANT # Giant mutex is adaptive.</programlisting>
<para>Giant is the name of a mutual exclusion mechanism, a
sleep mutex, that protects a large set of kernel resources.
Today, this is an unacceptable performance bottleneck which
is actively being replaced with locks that protect individual
resources. The <literal>ADAPTIVE_GIANT</literal> option causes
Giant to be included in the set of mutexes adaptively spun on.
When a thread wants to lock the Giant mutex, but it is already
locked by a thread on another CPU, the first thread will keep
running and wait for the lock to be released. Normally, the
thread would instead go back to sleep and wait for its next
chance to run. If unsure, leave this in.</para>
<note>
<para>Beginning with &os;&nbsp;8.0, all mutexes are adaptive by
default, unless explicitly set to non-adaptive by compiling
with the <literal>NO_ADAPTIVE_MUTEXES</literal> option. As a
result, Giant is adaptive by default now, and the
<literal>ADAPTIVE_GIANT</literal> option has been removed
from the kernel configuration.</para>
</note>
<indexterm>
<primary>kernel options</primary>
<secondary>SMP</secondary>
@ -1441,7 +1418,7 @@ device fwe # Ethernet over FireWire (non-standard!)</programl
mechanism for recovering from incompatible kernels.
Simply choose the kernel to boot from at the &os; boot
loader. This can be accessed when the system boot menu
appears by selecting the <quote>Escape to a loader
appears by selecting the <quote>Escape to a loader
prompt</quote> option. At the prompt, type
<command>boot
<replaceable>kernel.old</replaceable></command>, or

234
en_US.ISO8859-1/books/handbook/mac/chapter.xml
View file

@ -769,7 +769,7 @@ test: biba/high</screen>
</sect1>
<sect1 id="mac-seeotheruids">
<title>The &man.mac.seeotheruids.4; Module</title>
<title>The MAC See Other UIDs Policy</title>
<indexterm>
<primary>MAC See Other UIDs Policy</primary>
@ -824,7 +824,7 @@ test: biba/high</screen>
</sect1>
<sect1 id="mac-bsdextended">
<title>The &man.mac.bsdextended.4; Module</title>
<title>The MAC BSD Extended Policy</title>
<indexterm>
<primary>MAC</primary>
@ -904,7 +904,7 @@ test: biba/high</screen>
</sect1>
<sect1 id="mac-ifoff">
<title>The &man.mac.ifoff.4; Module</title>
<title>The MAC Interface Silencing Policy</title>
<indexterm>
<primary>MAC Interface Silencing Policy</primary>
@ -955,7 +955,7 @@ test: biba/high</screen>
</sect1>
<sect1 id="mac-portacl">
<title>The &man.mac.portacl.4; Module</title>
<title>The MAC Port Access Control List Policy</title>
<indexterm>
<primary>MAC Port Access Control List Policy</primary>
@ -1069,7 +1069,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen>
</sect1>
<sect1 id="mac-partition">
<title>The &man.mac.partition.4; Module</title>
<title>The MAC Partition Policy</title>
<indexterm>
<primary>MAC Process Partition Policy</primary>
@ -1807,141 +1807,137 @@ setpmac biba/10\(10-10\) /usr/local/etc/rc.d/nagios.sh forcestart</userinput></s
<para>This section discusses common configuration issues.</para>
<sect2>
<title><option>multilabel</option> cannot be enabled on
<filename>/</filename></title>
<itemizedlist>
<listitem>
<para>The <option>multilabel</option> flag does not stay
enabled on my root (<filename>/</filename>) partition!</para>
<para>The<option>multilabel</option> flag does not stay
enabled on my root (<filename>/</filename>) partition!</para>
<para>The following steps may resolve this transient
error:</para>
<procedure>
<step>
<para>Edit <filename>/etc/fstab</filename> and set the root
partition to <option>ro</option> for read-only.</para>
</step>
<para>The following steps may resolve this transient
error:</para>
<step>
<para>Reboot into single user mode.</para>
</step>
<procedure>
<step>
<para>Edit <filename>/etc/fstab</filename> and set the root
partition to <option>ro</option> for read-only.</para>
</step>
<step>
<para>Reboot into single user mode.</para>
</step>
<step>
<para>Run <command>tunefs</command> <option>-l
<step>
<para>Run <command>tunefs</command> <option>-l
enable</option>
on <filename>/</filename>.</para>
</step>
on <filename>/</filename>.</para>
</step>
<step>
<para>Reboot the system.</para>
</step>
<step>
<para>Reboot the system.</para>
</step>
<step>
<para>Run <command>mount</command> <option>-urw</option>
<filename>/</filename> and change the <option>ro</option>
back to <option>rw</option> in
<filename>/etc/fstab</filename> and reboot the system
again.</para>
</step>
<step>
<para>Run <command>mount</command> <option>-urw</option>
<filename>/</filename> and change the <option>ro</option>
back to <option>rw</option> in
<filename>/etc/fstab</filename> and reboot the system
again.</para>
</step>
<step>
<para>Double-check the output from
<command>mount</command> to ensure that
<option>multilabel</option> has been properly set on the
root file system.</para>
</step>
</procedure>
</sect2>
<step>
<para>Double-check the output from
<command>mount</command> to ensure that
<option>multilabel</option> has been properly set on the
root file system.</para>
</step>
</procedure>
</listitem>
<sect2>
<title>Xorg Server Will Not Start After
<acronym>MAC</acronym></title>
<listitem>
<para>After establishing a secure environment with
<acronym>MAC</acronym>, I am no longer able to start
Xorg!</para>
<para>After establishing a secure environment with
<acronym>MAC</acronym>, I am no longer able to start
Xorg!</para>
<para>This could be caused by the <acronym>MAC</acronym>
<literal>partition</literal> policy or by a mislabeling in
one of the <acronym>MAC</acronym> labeling policies. To
debug, try the following:</para>
<para>This could be caused by the <acronym>MAC</acronym>
<literal>partition</literal> policy or by a mislabeling in
one of the <acronym>MAC</acronym> labeling policies. To
debug, try the following:</para>
<procedure>
<step>
<para>Check the error message; if the user is in the
<literal>insecure</literal> class, the
<literal>partition</literal> policy may be the culprit.
Try setting the user's class back to the
<literal>default</literal> class and rebuild the database
with <command>cap_mkdb</command>. If this does not
alleviate the problem, go to step two.</para>
</step>
<procedure>
<step>
<para>Check the error message; if the user is in the
<literal>insecure</literal> class, the
<literal>partition</literal> policy may be the culprit.
Try setting the user's class back to the
<literal>default</literal> class and rebuild the database
with <command>cap_mkdb</command>. If this does not
alleviate the problem, go to step two.</para>
</step>
<step>
<para>Double-check the label policies. Ensure that the
policies are set correctly for the user, the Xorg
application, and the <filename
class="directory">/dev</filename> entries.</para>
</step>
<step>
<para>Double-check the label policies. Ensure that the
policies are set correctly for the user, the Xorg
application, and the <filename
class="directory">/dev</filename> entries.</para>
</step>
<step>
<para>If neither of these resolve the problem, send the
error message and a description of the environment to
the &a.questions; mailing list.</para>
</step>
</procedure>
</listitem>
<step>
<para>If neither of these resolve the problem, send the
error message and a description of the environment to
the &a.questions; mailing list.</para>
</step>
</procedure>
</sect2>
<listitem>
<para>The error: <errorname>_secure_path: unable to stat
.login_conf</errorname> shows up.</para>
<sect2>
<title>Error: &man..secure.path.3; cannot stat
<filename>.login_conf</filename></title>
<para>When a user attempts to switch from the
<username>root</username> user to another user in the system,
the error message <errorname>_secure_path: unable to state
<para>When a user attempts to switch from the
<username>root</username> user to another user in the system,
the error message <errorname>_secure_path: unable to stat
.login_conf</errorname> appears.</para>
<para>This message is usually shown when the user has a higher
label setting than that of the user they are attempting to
become. For instance, <username>joe</username> has a default
label of <option>biba/low</option>. The
<username>root</username> user, who has a label of
<option>biba/high</option>, cannot view
<username>joe</username>'s home directory. This will happen
whether or not <username>root</username> has used
<command>su</command> to become <username>joe</username> as
the Biba integrity model will not permit
<username>root</username> to view objects set at a lower
integrity level.</para>
</sect2>
<para>This message is usually shown when the user has a higher
label setting than that of the user they are attempting to
become. For instance, <username>joe</username> has a default
label of <option>biba/low</option>. The
<username>root</username> user, who has a label of
<option>biba/high</option>, cannot view
<username>joe</username>'s home directory. This will happen
whether or not <username>root</username> has used
<command>su</command> to become <username>joe</username> as
the Biba integrity model will not permit
<username>root</username> to view objects set at a lower
integrity level.</para>
</listitem>
<sect2>
<title>The <username>root</username> username is broken!</title>
<listitem>
<para>The system no longer recognizes the
<username>root</username> user.</para>
<para>In normal or even single user mode, the
<username>root</username> is not recognized,
<command>whoami</command> returns 0 (zero), and
<command>su</command> returns <errorname>who are
<para>In normal or even single user mode, the
<username>root</username> is not recognized,
<command>whoami</command> returns 0 (zero), and
<command>su</command> returns <errorname>who are
you?</errorname>.</para>
<para>This can happen if a labeling policy has been disabled,
either by a &man.sysctl.8; or the policy module was unloaded.
If the policy is disabled, the login capabilities database
needs to be reconfigured with <option>label</option> removed.
Double check <filename>login.conf</filename> to ensure that
all <option>label</option> options have been removed and
rebuild the database with <command>cap_mkdb</command>.</para>
<para>This can happen if a labeling policy has been disabled,
either by a &man.sysctl.8; or the policy module was unloaded.
If the policy is disabled, the login capabilities database
needs to be reconfigured with <option>label</option> removed.
Double check <filename>login.conf</filename> to ensure that
all <option>label</option> options have been removed and
rebuild the database with <command>cap_mkdb</command>.</para>
<para>This may also happen if a policy restricts access to
<filename>master.passwd</filename>. This is usually caused by
an administrator altering the file under a label which
conflicts with the general policy being used by the system.
In these cases, the user information would be read by the
system and access would be blocked as the file has inherited
the new label. Disable the policy using &man.sysctl.8; and
everything should return to normal.</para>
</sect2>
<para>This may also happen if a policy restricts access to
<filename>master.passwd</filename>. This is usually caused by
an administrator altering the file under a label which
conflicts with the general policy being used by the system.
In these cases, the user information would be read by the
system and access would be blocked as the file has inherited
the new label. Disable the policy using &man.sysctl.8; and
everything should return to normal.</para>
</listitem>
</itemizedlist>
</sect1>
</chapter>

1650
en_US.ISO8859-1/books/handbook/mail/chapter.xml
View file

File diff suppressed because it is too large Load diff

1508
en_US.ISO8859-1/books/handbook/multimedia/chapter.xml
View file

File diff suppressed because it is too large Load diff

1261
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
View file

File diff suppressed because it is too large Load diff

98
en_US.ISO8859-1/books/handbook/ports/chapter.xml
View file

@ -347,22 +347,19 @@ Info: Lists information about open files (similar to fstat(1))</screen>
<title>Using Binary Packages</title>
<para>There are several different tools used to manage packages on
&os;:</para>
<para>At the present time, &os; is transitioning toward a new
method of package management. Users of the latest releases
may wish to investigate the benefits of using
<link linkend="pkgng-intro">PKGng</link> to manage third
party software on &os;. For those not yet migrated to the
<application>pkgng</application> tool, the tools discussed
here may be used for managing the package database. For
simplicity, the <command>sysinstall</command> utility is
also available post-install for package management.</para>
<itemizedlist>
<listitem>
<para>The <command>sysinstall</command> utility can be invoked
on a running system to install, delete, and list available
and installed packages. For more information, see
<xref linkend="packages"/>.</para>
</listitem>
<listitem>
<para>The package management command line tools, which are
the subject of the rest of this section.</para>
</listitem>
</itemizedlist>
<para>All package installation files are stored in the
package database directory,
<filename class="directory">/var/db/pkg</filename>.</para>
<sect2>
<title>Installing a Package</title>
@ -579,14 +576,6 @@ docbook =
<para>in this case, all packages whose names start with
<literal>xchat</literal> will be deleted.</para>
</sect2>
<sect2>
<title>Miscellaneous</title>
<para>All package information, including the file list and
descriptions of each installed package is stored within the
<filename>/var/db/pkg</filename> directory.</para>
</sect2>
</sect1>
<sect1 id="pkgng-intro">
@ -1800,32 +1789,40 @@ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ fetch</userinput></screen>
</sect1>
<sect1 id="ports-nextsteps">
<title>Post-installation Activities</title>
<title>Working With Installed Ports</title>
<para>After installing a new application you will normally want to
read any documentation it may have included, edit any
required configuration files, and ensure that the
application's service starts at boot time.</para>
<para>Most third party applications will need some level of
configuration after they were installed. This may be a simple
configuration file alteration, or perhaps the application will
just generate a configuration file. Most applications will
have documentation installed into
<filename class="directory">/usr/local/share/doc</filename> and
manual pages. This documentation should be consulted before
continuing. Some applications run services which must be added
to the <filename>/etc/rc.conf</filename> file before
starting.</para>
<para>The exact steps you need to take to configure each
application will obviously be different. However, if you have
just installed a new application and are wondering
<quote>What now?</quote> these tips might help:</para>
<para>The following list contains useful information for
post-install port management. In several cases, finding
the location of binaries if they were installed outside
of the <envar>PATH</envar>. Users of &man.csh.1; should run
<command>rehash</command> to rebuild the known binary
list in the shells <envar>PATH</envar>.</para>
<itemizedlist>
<listitem>
<para>Use &man.pkg.info.1; to find out which files were
installed, and where. For example, if you have just
installed FooPackage version 1.0.0, then this command</para>
<para>The &man.pkg.info.1; command will print all installed
files and their location. For example, if the FooPackage
version 1.0.0 was just installed, then the following
command will show all the files installed with the
package.</para>
<screen>&prompt.root; <userinput>pkg_info -L foopackage-1.0.0 | less</userinput></screen>
<screen>&prompt.root; <userinput>pkg_info -L <replaceable>foopackage-1.0.0</replaceable> | less</userinput></screen>
<para>will show all the files installed by the package. Pay
special attention to files located in
<filename>man/</filename>, which will be manual pages,
<filename>etc/</filename>, which will be configuration
files, and <filename>doc/</filename>, which will be more
comprehensive documentation.</para>
<para>Configuration files are always installed in
<filename class="directory">/usr/local/etc</filename>
and should definitely be consulted before attempting
to use the new application.</para>
<para>To determine which version of the application was
installed:</para>
@ -1839,17 +1836,18 @@ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ fetch</userinput></screen>
</listitem>
<listitem>
<para>Once you have identified where the application's manual
pages have been installed, review them using &man.man.1;.
Review the sample configuration files and any additional
documentation that may have been provided.</para>
<para>These commands will also show the names of any manual
pages installed with the application. This additional
documentation will now be available to the &man.man.1;
command.</para>
</listitem>
<listitem>
<para>If the application has a web site, check it for
additional documentation, frequently asked questions, and so
forth. If you are not sure of the web site address it may
be listed in the output from</para>
<para>If the application has a web site, consult it for
additional documentation or a frequently asked questions
page. If the website is unknown, the following command
will be useful to print out this information if it's
available.</para>
<screen>&prompt.root; <userinput>pkg_info <replaceable>foopackage-1.0.0</replaceable></userinput></screen>

3429
en_US.ISO8859-1/books/handbook/security/chapter.xml
View file

File diff suppressed because it is too large Load diff

45
en_US.ISO8859-1/books/handbook/users/chapter.xml
View file

@ -1034,4 +1034,49 @@ uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen>
<filename>/etc/group</filename>, refer to &man.pw.8; and
&man.group.5;.</para>
</sect1>
<sect1 id="users-becomesuper">
<title>Becoming Superuser</title>
<para>There are several ways to do things as the superuser. The
worst way is to log in as <username>root</username> directly.
Usually very little activity requires <username>root</username>
so logging off and logging in as <username>root</username>,
performing tasks, then logging off and on again as a normal user
is a waste of time.</para>
<para>A better way is to use &man.su.1; without providing a login
but using <literal>-</literal> to inherit the root environment.
Not providing a login will imply super user. For this to work
the login that must be in the <groupname>wheel</groupname> group.
An example of a typical software installation would involve the
administrator unpacking the software as a normal user and then
elevating their privileges for the build and installation of
the software.</para>
<example>
<title>Install a Program As The Superuser</title>
<screen>&prompt.user; <userinput>configure</userinput>
&prompt.user; <userinput>make</userinput>
&prompt.user; <userinput>su -</userinput>
Password:
&prompt.root; <userinput>make install</userinput>
&prompt.root; <userinput>exit</userinput>
&prompt.user;</screen>
</example>
<para>Note in this example the transition to
<username>root</username> is less painful than logging off
and back on twice.</para>
<para>Using &man.su.1; works well for single systems or small
networks with just one system administrator. For more complex
environments (or even for these simple environments)
<command>sudo</command> should be used. It is provided as a port,
<filename role="package">security/sudo</filename>. It allows for
things like activity logging, granting users the ability to only
run certain commands as the superuser, and several other
options.</para>
</sect1>
</chapter>