os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

This patch does the following:

Browse source 
- makes 4.2 clearer and tightens some of the headings
- removed reference to learn more about single-user mode as it didn't say anything more; instead, summarized single-user mode here
- made intro to permissions clearer, the next patch will work on the rest of this section

Approved by:	bcr (mentor)
This commit is contained in:
Dru Lavigne 2013-10-11 12:21:57 +00:00
parent 181f2d4d16
commit f846d4ea99
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=42938
1 changed files with 137 additions and 133 deletions

270
en_US.ISO8859-1/books/handbook/basics/chapter.xml
View file

@ -6,16 +6,17 @@
-->
<chapter id="basics">
<!--
<chapterinfo>
<authorgroup>
<author>
<firstname>Chris</firstname>
<surname>Shumway</surname>
<contrib>Rewritten by </contrib>
<contrib>Rewritten by in Mar 2000</contrib>
</author>
</authorgroup>
<!-- 10 Mar 2000 -->
</chapterinfo>
-->
<title>UNIX Basics</title>
@ -31,8 +32,7 @@
<itemizedlist>
<listitem>
<para>How to use the <quote>virtual consoles</quote> of
&os;.</para>
<para>How to use and configure virtual consoles.</para>
</listitem>
<listitem>
@ -80,17 +80,6 @@
<indexterm><primary>virtual consoles</primary></indexterm>
<indexterm><primary>terminals</primary></indexterm>
<para>&os; can be used in various ways. One of them is typing
commands to a text terminal. A lot of the flexibility and power
of a &unix; operating system is readily available when using
&os; this way. This section describes what
<quote>terminals</quote> and <quote>consoles</quote> are, and
how to use them in &os;.</para>
<sect2 id="consoles-intro">
<title>The Console</title>
<indexterm><primary>console</primary></indexterm>
<para>Unless &os; has been configured to automatically start a
@ -107,39 +96,16 @@ login:</screen>
example is running a 64-bit version of &os;. The hostname is
<hostid>pc3.example.org</hostid>, and
<devicename>ttyv0</devicename> indicates that this is the
system console.</para>
<quote>system console</quote>. The second line is the login prompt.</para>
<para>The second line is the login prompt. The next section
describes how to log into &os; at this prompt.</para>
</sect2>
<para>Since &os; is a multiuser system, it needs some way to distinguish
between different users. This is accomplished by
requiring every user to log into the
system before gaining access to the programs on the system. Every user has a
unique name <quote>username</quote> and a personal
<quote>password</quote>.</para>
<sect2 id="consoles-login">
<title>Logging into &os;</title>
<para>&os; is a multiuser, multiprocessing system. This is the
formal description that is usually given to a system that can
be used by many different people, who simultaneously run a lot
of programs on a single machine.</para>
<para>Every multiuser system needs some way to distinguish one
<quote>user</quote> from the rest. In &os; (and all the
&unix;-like operating systems), this is accomplished by
requiring that every user must <quote>log into</quote> the
system before being able to run programs. Every user has a
unique name (the <quote>username</quote>) and a personal,
secret key (the <quote>password</quote>). &os; will ask for
these two before allowing a user to run any programs.</para>
<indexterm><primary>startup scripts</primary></indexterm>
<para>When a &os; system boots, startup scripts are
automatically executed in order to prepare the system and to
start any services which have been configured to start at
system boot. Once the system finishes running its startup
scripts, it will present a login prompt:</para>
<screen>login:</screen>
<para>Type the username that was configured during system
<para>To log into the system console, type the username that was configured during system
installation, as described in
<xref linkend="bsdinstall-addusers"/>, and press
<keycap>Enter</keycap>. Then enter the password associated
@ -149,58 +115,62 @@ login:</screen>
<para>Once the correct password is input, the message of the
day (<acronym>MOTD</acronym>) will be displayed followed
by a command prompt (a <literal>#</literal>,
<literal>$</literal>, or <literal>%</literal> character). You
are now logged into the &os; console and ready to try the
by a command prompt. Depending upon the shell that was selected
when the user was created, this prompt will be a <literal>#</literal>,
<literal>$</literal>, or <literal>%</literal> character. The
prompt indicates that the user is now logged into the &os; system console and ready to try the
available commands.</para>
</sect2>
<sect2 id="consoles-virtual">
<title>Virtual Consoles</title>
<para>&os; can be configured to provide many virtual consoles
for inputting commands. Each virtual console has its own
login prompt and output channel, and &os; takes care of
properly redirecting keyboard input and monitor output as
switching occurs between virtual consoles.</para>
<para>While the system console can be used to interact with
the system, a user working from the command line at the
keyboard of a &os; system will typically instead log into a
virtual console. This is because system messages are
configured by default to display on the system console.
These messages will appear over the command or file that the
user is working on, making it difficult to concentrate on
the work at hand.</para>
<para>Special key combinations have been reserved by &os; for
switching consoles.<footnote>
<para>Refer to &man.syscons.4;, &man.atkbd.4;,
&man.vidcontrol.1; and &man.kbdcontrol.1; for a more
technical description of the &os; console and its keyboard
drivers.</para></footnote>. Use
<keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>,
<keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>,
<para>By default, &os; is configured to provide several virtual consoles
for inputting commands. Each virtual console has its own
login prompt and shell and it is easy to switch between
virtual consoles. This essentially provides the command line
equivalent of having several windows open at the same time
in a graphical environment.</para>
<para>The key combinations <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
through
<keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo>
to switch to a different virtual console in &os;.</para>
<keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> have been reserved by &os; for
switching between virtual consoles. Use
<keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
to switch to the system console (<devicename>ttyv0</devicename>),
<keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>
to access the first virtual console
(<devicename>ttyv1</devicename>),
<keycombo><keycap>Alt</keycap><keycap>F3</keycap></keycombo>
to access the second virtual console
(<devicename>ttyv2</devicename>), and so on.</para>
<para>When switching from one console to the next, &os; takes
care of saving and restoring the screen output. The result is
an <quote>illusion</quote> of having multiple
<quote>virtual</quote> screens and keyboards that can be used
manages the screen output. The result is
an illusion of having multiple
virtual screens and keyboards that can be used
to type commands for &os; to run. The programs that are
launched in one virtual console do not stop running when that
console is not visible because the user has switched to a
launched in one virtual console do not stop running when
the user switches to a
different virtual console.</para>
</sect2>
<sect2 id="consoles-ttys">
<title>The <filename>/etc/ttys</filename> File</title>
<para>Refer to &man.syscons.4;, &man.atkbd.4;,
&man.vidcontrol.1; and &man.kbdcontrol.1; for a more
technical description of the &os; console and its keyboard
drivers.</para>
<para>By default, &os; is configured to start eight virtual
consoles. The configuration can be customized to start
more or fewer virtual consoles. To change the number of and
the settings of the virtual consoles, edit
<filename>/etc/ttys</filename>.</para>
<para>Each uncommented line in <filename>/etc/ttys</filename>
(lines that do not start with a <literal>#</literal>
character) contains settings for a single terminal or virtual
console. The default version configures nine virtual
consoles, and enables eight of them. They are the lines that
start with <literal>ttyv</literal>:</para>
<para>In &os;, the number of available virtual
consoles is configured in this
section of
<filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
#
@ -215,19 +185,46 @@ ttyv6 "/usr/libexec/getty Pc" cons25 on secure
ttyv7 "/usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
<para>To disable a virtual console, put a comment symbol (<literal>#</literal>)
at the beginning of the line representing that virtual console.
For example, to reduce the number of available virtual consoles
from eight to four, put a <literal>#</literal> in front of
the last four lines representing virtual consoles
<devicename>ttyv5</devicename> through
<devicename>ttyv8</devicename>. <emphasis>Do not</emphasis>
comment out the line for the system console
<devicename>ttyv0</devicename>. Note that the last virtual
console (<devicename>ttyv8</devicename>) is used to access
the graphical environment if <application>&xorg;</application>
has been installed and configured as described in <xref
linkend="x11"/>.</para>
<para>For a detailed description of every column in this file
and the available options for the virtual consoles, refer to
&man.ttys.5;.</para>
</sect2>
<sect2 id="consoles-singleuser">
<title>Single User Mode Console</title>
<title>Single User Mode</title>
<para>A detailed description of <quote>single user mode</quote>
can be found in <xref linkend="boot-singleuser"/>. There is
only one console when &os; is in single user mode as no other
virtual consoles are available in this mode. The settings
for single user mode are found in this section of
<para>The &os; boot menu provides an option labelled as
<quote>Boot Single User</quote>. If this option is selected,
the system will boot into a special mode known as
<quote>single user mode</quote>. This mode is typically used to
repair a system that will not boot or to reset the
<username>root</username> password when it is not known.
While in single user mode, networking and other
virtual consoles are not available. However, full
<username>root</username> access to the system is available,
and by default, the <username>root</username> password is not
needed. For these reasons, physical access to the keyboard
is needed to boot into this mode and determining who has physical
access to the keyboard is something to consider when securing
a &os; system.</para>
<para>The settings which control
single user mode are found in this section of
<filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
@ -235,20 +232,25 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure</programlisting>
<para>By default, the status is set to <literal>secure</literal>.
This assumes that who has physical access to the keyboard
is either not important or it is controlled by a physical
security policy. If this setting is changed to
<literal>insecure</literal>, the assumption is that the
environment itself is insecure because anyone can access
the keyboard. When this line is changed to
<literal>insecure</literal>, &os; will prompt for the
<username>root</username> password when a user selects to boot into single
user mode.
</para>
<note>
<para>As the comments above the <literal>console</literal>
line indicate, editing <literal>secure</literal> to
<literal>insecure</literal> will prompt for the
<username>root</username> password when booting into single
user mode. The default setting enters single user mode
without prompting for a password.</para>
<para><emphasis>Be careful when changing this setting to
<literal>insecure</literal></emphasis>. If the
<literal>insecure</literal></emphasis>! If the
<username>root</username> password is forgotten, booting
into single user mode is still possible, but may be
difficult for someone who is not comfortable with the &os;
difficult for someone who is not familiar with the &os;
booting process.</para>
</note>
</sect2>
@ -289,44 +291,46 @@ console none unknown off secure</programlisting>
<indexterm><primary>UNIX</primary></indexterm>
<para>&os;, being a direct descendant of BSD &unix;, is based on
several key &unix; concepts. The first and most pronounced is
that &os; is a multi-user operating system that can handle
several users working simultaneously on completely unrelated
tasks. The system is responsible for properly sharing and
managing requests for hardware devices, peripherals, memory, and
CPU time fairly to each user.</para>
<para>In &os;, every file and directory has an associated set of
permissions and several utilities are available for viewing
and modifying these permissions. Understanding how permissions
work is necessary to make sure that users are able to access
the files that they need and are unable to improperly access
the files used by the operating system or owned by other
users.</para>
<para>Much more information about user accounts is in the chapter
about <link linkend="users">accounts</link>. It is important to
understand that each person (user) who uses the computer should
be given their own username and password. The system keeps
track of the people using the computer based on this username.
Since it is often the case that several people are working on
the same project &unix; also provides groups. Several users can
be placed in the same group.</para>
<para>This section discusses the traditional &unix;
permissions used in &os;. For finer grained file system access control,
refer to
<xref linkend="fs-acl"/>.</para>
<para>Because the system is capable of supporting multiple users,
everything the system manages has a set of permissions governing
who can read, write, and execute the resource. These
permissions are stored as three octets broken into three pieces,
one for the owner of the file, one for the group that the file
belongs to, and one for everyone else. This numerical
representation works like this:</para>
<note>
<para>This section will discuss the traditional &unix;
permissions. For finer grained file system access control,
see the
<link linkend="fs-acl">File System Access Control Lists</link>
section.</para>
</note>
<para>In &unix;, basic permissions are assigned using
three types of access: read, write, and execute. These access
types are used to determine file access to the file's owner,
group, and others (everyone else). The read, write, and execute
permissions can be represented as the letters
<literal>r</literal>, <literal>w</literal>, and
<literal>x</literal>. They can also be represented as binary
numbers as each permission is either on or off
(<literal>0</literal>). When represented as a number, the
order is always read as <literal>rwx</literal>, where
<literal>r</literal> has an on value of <literal>4</literal>,
<literal>w</literal> has an on value of <literal>2</literal>
and <literal>x</literal> has an on value of
<literal>1</literal>.</para>
<para>Table 4.1 summarizes the possible numeric and alphabetic
possibilities. When reading the <quote>Directory Listing</quote>
column, a <literal>-</literal> is used to represent a permission
that is set to off.</para>
<indexterm><primary>permissions</primary></indexterm>
<indexterm>
<primary>file permissions</primary>
</indexterm>
<informaltable frame="none" pgwide="1">
<table frame="none" pgwide="1">
<title>&unix; Permissions</title>
<tgroup cols="3">
<thead>
<row>
@ -386,7 +390,7 @@ console none unknown off secure</programlisting>
</row>
</tbody>
</tgroup>
</informaltable>
</table>
<indexterm>
<primary>&man.ls.1;</primary>