doc/zh_TW.Big5/books/handbook/disks/chapter.xml
Gabor Kovesdan b4346b9b2d - Rename .sgml files to .xml
- Reflect the rename in referencing files

Approved by:	doceng (implicit)
2012-10-01 09:53:01 +00:00

3949 lines
149 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="big5" standalone="no"?>
<!--
The FreeBSD Documentation Project
$FreeBSD$
Original revision: 1.246
-->
<chapter id="disks">
<title>儲存設備篇</title>
<sect1 id="disks-synopsis">
<title>概述</title>
<para>本章涵蓋如何在 FreeBSD 下使用碟片裝置
<footnote>
<para>譯註:雖然有些設備沒有『碟片』,例如 USB 隨身碟,
不過在此仍把 Disk 譯為『碟片裝置』。此外,為方便起見,
後文所有的 Disk 都譯為『磁碟』。</para></footnote>
包含 memory-backed disk (用記憶體作為磁碟使用)、跨網路使用的磁碟、
標準 SCSI/IDE 磁碟、USB 介面的設備等。</para>
<para>閱讀本章後,您裝學會:</para>
<itemizedlist>
<listitem><para>FreeBSD 如何描述資料在磁碟上的劃分情形
(partition 和 slices)。</para>
</listitem>
<listitem><para>如何在系統上加入磁碟</para>
</listitem>
<listitem>
<para>如何設定 &os; 來使用 USB 裝置。</para>
</listitem>
<listitem><para>如何設定虛擬檔案系統 (virtual file systems),
例如 memory disks (用記憶體作為磁碟使用)。</para></listitem>
<listitem>
<para>如何用 quota 來限制磁碟空間的使用。</para>
</listitem>
<listitem>
<para>如何對磁碟加密以應付攻擊。</para>
</listitem>
<listitem>
<para>如何在 FreeBSD 下建立、燒錄 CD 和 DVD。</para>
</listitem>
<listitem>
<para>各種不同的備份設備。</para>
</listitem>
<listitem>
<para>如何使用 FreeBSD 提供的備份工具。</para>
</listitem>
<listitem>
<para>如何備份到軟碟。</para>
</listitem>
<listitem>
<para>什麼是 snapshots ,且如何有效率地使用之。</para>
</listitem>
</itemizedlist>
<para>在閱讀之前,您應該:</para>
<itemizedlist>
<listitem>
<para>知道如何設定、安裝新的 FreeBSD kernel。
(<xref linkend="kernelconfig"/>).</para>
</listitem>
</itemizedlist>
</sect1>
<sect1 id="disks-naming">
<title>裝置名稱</title>
<para>下面是 FreeBSD 支援的儲存媒體列表,及它們對應的裝置名稱。</para>
<table id="disk-naming-physical-table" frame="none">
<title>命名規則</title>
<tgroup cols="2">
<thead>
<row>
<entry>裝置類型</entry>
<entry>裝置名稱</entry>
</row>
</thead>
<tbody>
<row>
<entry>IDE 磁碟機</entry>
<entry><literal>ad</literal></entry>
</row>
<row>
<entry>IDE 光碟機</entry>
<entry><literal>acd</literal></entry>
</row>
<row>
<entry>SCSI 磁碟機和 USB 碟</entry>
<entry><literal>da</literal></entry>
</row>
<row>
<entry>SCSI 光碟機</entry>
<entry><literal>cd</literal></entry>
</row>
<row>
<entry>非標準規格光碟機</entry>
<entry>Mitsumi 光碟機用 <literal>mcd</literal>
Sony 光碟機用 <literal>scd</literal>
</entry>
</row>
<row>
<entry>軟碟機</entry>
<entry><literal>fd</literal></entry>
</row>
<row>
<entry>SCSI 碟帶機</entry>
<entry><literal>sa</literal></entry>
</row>
<row>
<entry>IDE 碟帶機</entry>
<entry><literal>ast</literal></entry>
</row>
<row>
<entry>Flash 磁碟機</entry>
<entry>&diskonchip; Flash 磁碟機用 <literal>fla</literal></entry>
</row>
<row>
<entry>RAID 磁碟機</entry>
<entry>&adaptec; AdvancedRAID 用<literal>aacd</literal>
&mylex;<literal>mlxd</literal><literal>mlyd</literal>
AMI &megaraid;<literal>amrd</literal>
Compaq Smart RAID 用 <literal>idad</literal>
&tm.3ware; RAID 用 <literal>twed</literal></entry>
</row>
</tbody>
</tgroup>
</table>
</sect1>
<sect1 id="disks-adding">
<sect1info>
<authorgroup>
<author>
<firstname>David</firstname>
<surname>O'Brien</surname>
<contrib>Originally contributed by </contrib>
</author>
</authorgroup>
<!-- 26 Apr 1998 -->
</sect1info>
<title>新增磁碟</title>
<indexterm>
<primary>disk</primary>
<secondary>adding</secondary>
</indexterm>
<para>假設我們想新增 SCSI 磁碟到一臺原先只有一顆磁碟的機器上,
首先將電腦關機,依製造商的指示將磁碟裝上去,
詳細的操作方式請參考製造商的說明文件。</para>
<para>安裝好磁碟後,用 <username>root</username> 登入系統,
看一下 <filename>/var/run/dmesg.boot</filename> 以確認系統是否抓到新磁碟。
繼續剛才的範例,新增的磁碟會是 <devicename>da1</devicename>
假設我們想將它掛載到 <filename>/1</filename> 這個位置
(如果您新增的是 IDE 磁碟的話,請用 <devicename>ad1</devicename>)。</para>
<indexterm><primary>partitions</primary></indexterm>
<indexterm><primary>slices</primary></indexterm>
<indexterm>
<primary><command>fdisk</command></primary>
</indexterm>
<para>FreeBSD 為了在 IBM-PC 相容電腦上執行,
必須配合 PC BIOS partition因此和傳統的 BSD partition 有很大的不同。
在 PC 裡磁碟最多可以有四筆 BIOS partition 資訊(亦即最多可分割成四個
partition)。如果這個磁碟打算全部讓 FreeBSD 使用,可選擇
<emphasis>dedicated</emphasis> 模式,
不然的話 FreeBSD 必須置身於其中一個 PC BIOS partition 中。
在 FreeBSD 裡PC BIOS partition 稱為 <emphasis>slice</emphasis>
這是為了不要和傳統的 BSD partition 搞混了。
<footnote><para>譯註:基於相同的理由,
現在 BSD partition 常稱為 BSD label或簡稱 label。</para></footnote>
不論是完全由 FreeBSD 使用的磁碟,還是安裝了其它作業系統的磁碟,
您都可以使用 slice。這樣的好處是其它非 FreeBSD 作業系統的
<command>fdisk</command> 工具可以順利操作。</para>
<para>如果使用 slice這個新增的磁碟會是
<filename>/dev/da1s1e</filename>。可以這樣來解讀它SCSI 磁碟、
unit number 1(第二個 SCSI 磁碟)、slice 1(第一個 PC BIOS partition)、
<filename>e</filename> BSD partition。在 dedicated 模式的話,
新磁碟則是 <filename>/dev/da1e</filename></para>
<para>因為 &man.bsdlabel.8; 是用 32-bit 整數來儲存 sector(磁區) 數,
因此限制一個磁碟最大只能有 2^32-1 個 sector亦即 2TB 的空間。
&man.fdisk.8; 的格式容許起始 sector 編號不超過 2^32-1
長度也不超過 2^32-1因此 partition 最大空間是 2TB而磁碟最大是 4TB。
&man.sunlabel.8; 則限制 partition 最大是 2TB磁碟最多可有 8 個
partition因此最大是 16TB。 如果要使用更大的磁碟,請使用
&man.gpt.8;</para>
<sect2>
<title>使用 &man.sysinstall.8;</title>
<indexterm>
<primary><application>sysinstall</application></primary>
<secondary>新增磁碟</secondary>
</indexterm>
<indexterm>
<primary>su</primary>
</indexterm>
<procedure>
<step>
<title>操作 <application>Sysinstall</application></title>
<para>透過 <command>sysinstall</command> 的選單介面,
可以輕易為磁碟分割 BIOS partition(slice) 和 BSD patition。
必須以 root 身份使用 <command>sysinstall</command>
要嘛用 root 登入,要嘛用 <command>su</command> 切換到 root。
執行 <command>sysinstall</command> 後,選
<literal>Configure</literal>,在
<literal>FreeBSD Configuration Menu</literal> 裡移到
<literal>Fdisk</literal> 選項。</para>
</step>
<step>
<title><application>fdisk</application> Partition 編輯器</title>
<para><application>fdisk</application> 裡,按下
<userinput>A</userinput> 表示整個磁碟都給 FreeBSD 使用。
接著會提示您『是否要相容其它的作業系統』,回答
<literal>YES</literal>。 按 <userinput>W</userinput>
會將這些改變立即寫入磁碟,再按 <userinput>q</userinput> 可以離開
FDISK 編輯器。 接下來會問您要將 <quote>Master Boot Record</quote>
安裝於何處,由於現在是新增磁碟,表示作業系統已經裝在別的磁碟上了,
所以可以選 <literal>None</literal> 就行了。</para>
</step>
<step>
<title>Disk Label Editor(磁碟 Label 編輯器)</title>
<indexterm><primary>BSD partitions</primary></indexterm>
<para>接著請關閉 <application>sysinstall</application>,再重開一次。
照著上一節的指示,不過這次改選 <literal>Label</literal>
進入 <literal>Disk Label Editor</literal>,在此您可以編輯傳統的
BSD partition。 一個磁碟(或著一個 slice) 最多可切分成 8 個
BSD partition依序用 <literal>a-h</literal> 來表示。
有些字母有特別的意義,<literal>a</literal> partition 表示這是
root partition(根分割區,<filename>/</filename>)
因此只有安裝系統的磁碟(例如用來開機的磁碟) 有
<literal>a</literal> partition。 <literal>b</literal> partition
表示這是 swap partitions(交換分割區),每個磁碟上都可以有 swap。
<literal>c</literal> partition 用來表示整個磁碟(如果使用 dedicated
mode 的話)或整個 slice。 其它的字母則用來表示普通的 BSD partition
</para>
<para><application>sysinstall</application>
Label editor(磁碟 Label 編輯器) 偏好用 <literal>e</literal>
來表示非 root、也非 swap 的分割區
<footnote>
<para>譯註:老實說我看不懂這句指的是什麼?原文是
<application>sysinstall</application> Label editor
favors the <literal>e</literal> partition for non-root,
non-swap partitions. </para>
</footnote> 在 Label editor 裡,按 <userinput>C</userinput>
可以新增一個檔案系統(BSD label),它會問您這是一個 FS(file system
,檔案系統) 或是 swap(交換分割區),選擇 <literal>FS</literal>
接著輸入要掛載的位置(例如 <filename>/mnt</filename>)。
如果系統安裝完後才新增磁碟,<application>sysinstall</application>
不會幫您把這筆掛載資料加入 <filename>/etc/fstab</filename>
所以掛載的位置不太重要。</para>
<para>當您準備好將新的 label 寫入磁碟、建立檔案系統,按
<userinput>W</userinput> 即可。如果出現在什麼錯誤,
<application>sysinstall</application> 可能無法幫您掛載這個新分割區。
結束 Label Editor、結束 <application>sysinstall</application>
就行了。</para>
</step>
<step>
<title>完成</title>
<para>最後要做的是編輯 <filename>/etc/fstab</filename>
加入您新增的分割區資訊。</para>
</step>
</procedure>
</sect2>
<sect2>
<title>使用命令列工具</title>
<sect3>
<title>使用 Slices(BIOS partitions)</title>
<para>這種模式能讓您的磁碟分割區與其它作業系統的
<command>fdisk</command> 工具和平共處,因此我們建議您使用 slice 模式。
如果您一定要使用 <literal>dedicated</literal> 模式,
您得有個好理由!
<footnote>
<para>譯註:如果您自始至終都不打算將這個磁碟用於 FreeBSD
之外的作業系統,那可以算是個好理由。不過就算如此,
用 slice 模式也沒什麼壞處就是了:-)。</para></footnote></para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
&prompt.root; <userinput>fdisk -BI da1</userinput> # 初始您的磁碟。
&prompt.root; <userinput>bsdlabel -B -w -r da1s1 auto</userinput> # 建立 bsdlabel。
&prompt.root; <userinput>bsdlabel -e da1s1</userinput> # 編輯 bsdlabel 以新增 label。
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>newfs /dev/da1s1e</userinput> # 如果您新增了多個 label對每個 label 重覆這個步驟。
&prompt.root; <userinput>mount /dev/da1s1e /1</userinput> # 掛載這些新 label。
&prompt.root; <userinput>vi /etc/fstab</userinput> # 在 <filename>/etc/fstab</filename> 加入適當的資訊。</screen>
<para>如果您新增的是 IDE 磁碟,將 <filename>da</filename>
改成 <filename>ad</filename> 即可
<footnote>
<para>譯註da 是 direct access (disk) 的縮寫;
ad 是 ata disk 的縮寫。</para></footnote></para>
</sect3>
<sect3>
<title>Dedicated</title>
<indexterm><primary>OS/2</primary></indexterm>
<para>如果您不打算將新磁碟用於其它的作業系統,
您可以使用 <literal>dedicated</literal> 模式。注意:
Microsoft 的作業系統認不得這個模式,不過也不會去破壞它;
然而 IBM 的 &os2; 就沒那麼好心了,它會去調整所有它不認得的分割區
<footnote>
<para>譯註:我對這句的意思沒什麼信心,原文是 IBM's &os2; however,
will <quote>appropriate</quote> any partition it finds which it
does not understand.</para></footnote></para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
&prompt.root; <userinput>bsdlabel -Brw da1 auto</userinput>
&prompt.root; <userinput>bsdlabel -e da1</userinput> # 建立 `e' partition。
&prompt.root; <userinput>newfs -d0 /dev/da1e</userinput>
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>vi /etc/fstab</userinput> # 新增一筆 /dev/da1e 的資訊。
&prompt.root; <userinput>mount /1</userinput></screen>
<para>另一種方法:</para>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 count=2</userinput>
&prompt.root; <userinput>bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin</userinput>
&prompt.root; <userinput>newfs /dev/da1e</userinput>
&prompt.root; <userinput>mkdir -p /1</userinput>
&prompt.root; <userinput>vi /etc/fstab</userinput> # 新增一筆 /dev/da1e 的資訊。
&prompt.root; <userinput>mount /1</userinput></screen>
</sect3>
</sect2>
</sect1>
<sect1 id="raid">
<title>RAID</title>
<sect2 id="raid-soft">
<title>軟體 RAID</title>
<sect3 id="ccd">
<sect3info>
<authorgroup>
<author>
<firstname>Christopher</firstname>
<surname>Shumway</surname>
<contrib>Original work by </contrib>
</author>
</authorgroup>
<authorgroup>
<author>
<firstname>Jim</firstname>
<surname>Brown</surname>
<contrib>Revised by </contrib>
</author>
</authorgroup>
</sect3info>
<title>連接式磁碟裝置驅動程式(CCD, Concatenated Disk Driver) 設定</title>
<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
<indexterm>
<primary>RAID</primary><secondary>CCD</secondary>
</indexterm>
<para>對大容量儲存設備而言,最關鍵的要素乃是速度、可靠性及價格。
然而這三者往往難以兼顧:快速可靠的設備通常很貴;
而降低成本通常也犧牲了速度或可靠性。</para>
<para>接下來要介紹的系統,價格是最重要的考量,接下來是速度,
最後才是可靠性。 順序如此是因為資料傳輸的速度最終取決於網路,
而儘管可靠性十分重要,卻有簡單的取代方案:
將資料完整備份於 CD-R 中。</para>
<para>選擇大容量儲存設備方案時,首先要定義您的需求。
如果您重視速度或可靠性甚於價格,接下來的介紹恐非您所需。</para>
<sect4 id="ccd-installhw">
<title>安裝硬體</title>
<para>除了系統磁碟外,下面介紹的 CCD 磁碟陣列將使用到三顆 30GB、
5400 RPM 的 Western Digital IDE 磁碟,以提供約 90GB 的儲存空間。
最理想的情況是每個磁碟由獨立使用的排線連接獨立使用的 IDE 控制器,
不過為了降低成本,利用 jumper 設定磁碟,使每個 IDE 控制器可連接
一個主磁碟加一個副磁碟,如此可不必加裝額外的 IDE 控制器。</para>
<para>開機後BIOS 應該設定成自重偵測磁碟。更重要的是 FreeBSD 應該
要偵測到它們:</para>
<programlisting>ad0: 19574MB &lt;WDC WD205BA&gt; [39770/16/63] at ata0-master UDMA33
ad1: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata0-slave UDMA33
ad2: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-master UDMA33
ad3: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-slave UDMA33</programlisting>
<note>
<para>如果 FreeBSD 沒有偵測到所有磁碟,請確認 jumper 都設定正確。
許多 IDE 磁碟可以設定成 <quote>Cable Select</quote>
(根據排線位置決定),這<emphasis>並非</emphasis> master(主磁碟)
或 slave(副磁碟)。 請參閱磁碟的說明文件以正確設定 jumper
</para></note>
<para>接下來,考慮如何將它們變成檔案系統的一部份。您可以參考
&man.vinum.8;(<xref linkend="vinum-vinum"/>) 及 &man.ccd.4。
在此我們選擇 &man.ccd.4;</para>
</sect4>
<sect4 id="ccd-setup">
<title>設定 CCD</title>
<para>&man.ccd.4; 可以將多個磁碟接起來成為一個大磁碟。要使用
&man.ccd.4;,您的 kernel 需要支援 &man.ccd.4;。將這行加入到
kernel 設定檔,並重編、重安裝 kernel</para>
<programlisting>device ccd</programlisting>
<para>也可以載入 kernel 動態模組來支援 &man.ccd.4;</para>
<para>使用 &man.ccd.4; 請先用 &man.bsdlabel.8; 來初始磁碟:</para>
<programlisting>bsdlabel -r -w ad1 auto
bsdlabel -r -w ad2 auto
bsdlabel -r -w ad3 auto</programlisting>
<para>上述指令會建立 <devicename>ad1c</devicename>
<devicename>ad2c</devicename><devicename>ad3c</devicename>
這些 bsdlabel 都使用了整個磁碟。</para>
<para>下一步是修改 label type同樣用 &man.bsdlabel.8; 來處理:</para>
<programlisting>bsdlabel -e ad1
bsdlabel -e ad2
bsdlabel -e ad3</programlisting>
<para>這個指令會打開一個編輯器(預設是 &man.vi.1;,可以用
<envar>EDITOR</envar> 環境變數來指定其它編輯器),並將目前磁碟的 label
資訊顯示在該編輯器裡。</para>
<para>一個還未變動過的磁碟 label 資訊看起來會像這樣:</para>
<programlisting>8 partitions:
# size offset fstype [fsize bsize bps/cpg]
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)</programlisting>
<para>在此我們要新增一個 <literal>e</literal> partition 給
&man.ccd.4; 使用。 通常複製 <literal>c</literal> partition 那一行,
再把 <option>fstype</option> 那一行改成
<userinput>4.2BSD</userinput> 就可以了。
改完之後看起來應該會像這樣:</para>
<programlisting>8 partitions:
# size offset fstype [fsize bsize bps/cpg]
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)
e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597)</programlisting>
</sect4>
<sect4 id="ccd-buildingfs">
<title>建立檔案系統</title>
<para>現在所有的磁碟都已經建好 bsdlabel 了,可以開始建立 &man.ccd.4;
&man.ccdconfig.8; 來建立 &man.ccd.4;,參考下面的指令:</para>
<programlisting>ccdconfig ccd0<co id="co-ccd-dev"/> 32<co id="co-ccd-interleave"/> 0<co id="co-ccd-flags"/> /dev/ad1e<co id="co-ccd-devs"/> /dev/ad2e /dev/ad3e</programlisting>
<para>每個參數的作用如下:</para>
<calloutlist>
<callout arearefs="co-ccd-dev">
<para>第一個參數是要設定的裝置名稱,在這個例子裡是
<filename>/dev/ccd0c</filename>。其中 <filename>/dev/</filename>
可有可無。</para>
</callout>
<callout arearefs="co-ccd-interleave">
<para>「interleave」的大小。所謂 interleave 是指一排磁碟區塊
(disk block)的大小,通常以 512 bytes 為單位,所以 interleave
設為 32 即為 16,384 bytes。</para>
</callout>
<callout arearefs="co-ccd-flags">
<para>&man.ccdconfig.8; 設定模式的參數。如果您打算啟用磁碟鏡設
(drive mirroring),您可以在此指定參數。這個例子沒有使用鏡設,
所以設成 0。</para>
</callout>
<callout arearefs="co-ccd-devs">
<para>&man.ccdconfig.8; 最後的參數是要加入到陣列的所有磁碟。
請使用完整的路徑。</para>
</callout>
</calloutlist>
<para>執行 &man.ccdconfig.8; 之後,&man.ccd.4;
已設定完成可供建立檔案系統。 請參考 &man.newfs.8; 或輸入:</para>
<programlisting>newfs /dev/ccd0c</programlisting>
</sect4>
<sect4 id="ccd-auto">
<title>讓一切自動完成</title>
<para>通常您會希望每次開機時都能自動掛上(mount) &man.ccd.4;
用下面的指令將您目前的設定寫入 <filename>/etc/ccd.conf</filename>
</para>
<programlisting>ccdconfig -g &gt; /etc/ccd.conf</programlisting>
<para>如果 <filename>/etc/ccd.conf</filename> 存在,每次開機時
<command>/etc/rc</command> 都會執行 <command>ccdconfig -C</command>
。 如此便可自動設定 &man.ccd.4; 以便之後掛上(mount)檔案系統。
</para>
<note><para>如果您開機時選擇進入單人模式(single mode),在掛上
(&man.mount.8;) &man.ccd.4; 的檔案系統之前您得先執行設定的指令:
</para>
<programlisting>ccdconfig -C</programlisting>
</note>
<para>要在每次開機時自動掛上(mount) &man.ccd.4;,請在
<filename>/etc/fstab</filename> 加入 &man.ccd.4;
</para>
<programlisting>/dev/ccd0c /media ufs rw 2 2</programlisting>
</sect4>
</sect3>
<sect3 id="vinum">
<title>Vinum 容量管理系統</title>
<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
<indexterm>
<primary>RAID</primary>
<secondary>Vinum</secondary>
</indexterm>
<para>Vinum 容量管理系統(以下簡稱 Vinum) 可視為一種虛擬磁碟。
它將區塊裝置(block device) 的介面與對應資料的方式切割開來,比起原本
slice 劃分的磁碟Vinum 可增加了彈性、效能和穩定度
<footnote><para>譯註:原文這裡是用「和」,但要視實際使用方式而定。
例如用 RAID-0 就不會增加穩定度 :)。</para></footnote>
&man.vinum.8; 實作了 RAID-0、RAID-1 和 RAID-5 等模組,
它們都可以單獨使用,也可以互相搭配使用。</para>
<para>請見 <xref linkend="vinum-vinum"/> 以參考更多關於
&man.vinum.8; 的資訊。</para>
</sect3>
</sect2>
<sect2 id="raid-hard">
<title>硬體 RAID</title>
<indexterm>
<primary>RAID</primary>
<secondary>hardware</secondary>
</indexterm>
<para>FreeBSD 也支援許多硬體 <acronym>RAID</acronym> 控制器。
這些控制器自行掌控一個小型的 <acronym>RAID</acronym> 系統,
因此不需要特定軟體來管理。</para>
<para>透過控制器上的 <acronym>BIOS</acronym> 幾乎能控制所有的操作。
接下來將簡單介紹如何設定 Promise <acronym>IDE</acronym>
<acronym>RAID</acronym> 控制卡。首先確認控制卡已安裝,接著開機。
它應該會提示一些資訊<footnote><para>譯註:例如按 F1 可以進入控制卡
BIOS 之類的資訊。</para></footnote>。依指示進入控制卡的設定畫面,
從這裡您可以將全部的硬體結合成一個大磁碟。完成之後FreeBSD
將只會看到這個大磁碟。當然您也可以使用其它的
<acronym>RAID</acronym> 模式。</para>
</sect2>
<sect2>
<title>重建(rebuild) ATA RAID1 陣列</title>
<para>FreeBSD 允許您熱插拔磁碟陣列裡壞掉的磁碟,
當然在重開機前就得先發現。</para>
<para>也許您會在 <filename>/var/log/messages</filename>(或 &man.dmesg.8;
的輸出) 看到類似下面的訊息:</para>
<programlisting>ad6 on monster1 suffered a hard error.
ad6: READ command timeout tag=0 serv=0 - resetting
ad6: trying fallback to PIO mode
ata3: resetting devices .. done
ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\
status=59 error=40
ar0: WARNING - mirror lost</programlisting>
<para>請用 &man.atacontrol.8; 來得到更多資訊:</para>
<screen>&prompt.root; <userinput>atacontrol list</userinput>
ATA channel 0:
Master: no device present
Slave: acd0 &lt;HL-DT-ST CD-ROM GCR-8520B/1.00&gt; ATA/ATAPI rev 0
ATA channel 1:
Master: no device present
Slave: no device present
ATA channel 2:
Master: ad4 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
Slave: no device present
ATA channel 3:
Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
Slave: no device present
&prompt.root; <userinput>atacontrol status ar0</userinput>
ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED</screen>
<procedure>
<step>
<para>首先您得將損壞磁碟所在的 ata channel 卸載(detach)
如此才能安全地移除:</para>
<screen>&prompt.root; <userinput>atacontrol detach ata3</userinput></screen>
</step>
<step>
<para>用好的磁碟換下損壞的。</para>
</step>
<step>
<para>重新載入(re-attach) ata channel</para>
<screen>&prompt.root; <userinput>atacontrol attach ata3</userinput>
Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
Slave: no device present</screen>
</step>
<step>
<para>將新的磁碟加入原本的磁碟陣列成為備援(spare) 磁碟:</para>
<screen>&prompt.root; <userinput>atacontrol addspare ar0 ad6</userinput></screen>
</step>
<step>
<para>重建磁碟陣列:</para>
<screen>&prompt.root; <userinput>atacontrol rebuild ar0</userinput></screen>
</step>
<step>
<para>可以用下面指定來確認重建的進度:</para>
<screen>&prompt.root; <userinput>dmesg | tail -10</userinput>
[output removed]
ad6: removed from configuration
ad6: deleted from ar0 disk1
ad6: inserted into ar0 disk1 as spare
&prompt.root; <userinput>atacontrol status ar0</userinput>
ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed</screen>
</step>
<step>
<para>等重建完就完成了。</para>
</step>
</procedure>
</sect2>
</sect1>
<sect1 id="usb-disks">
<sect1info>
<authorgroup>
<author>
<firstname>Marc</firstname>
<surname>Fonvieille</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
<!-- Jul 2004 -->
</sect1info>
<title>USB 儲存裝置</title>
<indexterm>
<primary>USB</primary>
<secondary>disks</secondary>
</indexterm>
<para>在現在,有許多外部儲存裝置採用 USB(Universal Serial Bus) 介面,
例如硬碟、USB 拇指碟、CD-R 燒錄機等。 &os; 提供對這些裝置的支援。</para>
<sect2>
<title>設定</title>
<para>USB mass 儲存裝置驅動程式(&man.umass.4;)提供 USB 儲存裝置的支援。
但如果是用 <filename>GENERIC</filename> kernel就不需要做任何設定變動
。 若是自訂 kernel請確認 kernel 設定檔含有下面這幾行:</para>
<programlisting>device scbus
device da
device pass
device uhci
device ohci
device usb
device umass</programlisting>
<para>&man.umass.4; 驅動程式透過 SCSI 子系統存取 USB 儲存裝置,
您的 USB 裝置會被系統辨識成 SCSI 裝置。 依照您主機板上 USB 晶片型號,
您只需要 <literal>device uhci</literal>
<literal>device ohci</literal> 其中一個。
然而,將兩者都編進 kernel 也無妨。 只要別忘了在修改 kernel
設定後重新編譯及安裝新的 kernel 就行了。</para>
<note>
<para>如果您的 USB 裝置是 CD-R 或 DVD 燒錄機,則 SCSI 光碟機驅動程式
&man.cd.4; 必須寫入 kernel 設定檔,像這樣:</para>
<programlisting>device cd</programlisting>
<para>因為燒錄機會被當成 SCSI 裝置,所以 &man.atapicam.4;
驅動程式不需要編入 kernel。</para>
</note>
<para>USB 2.0 控制器的支援由 &os;; 提供,然而必須在 kernel
設定檔增加下面這行以提供 USB 2.0 支援:</para>
<programlisting>device ehci</programlisting>
<para>注意,如果您需要 USB 1.x 支援,您仍然需要將 &man.uhci.4;
&man.ohci.4; 驅動程式編入 kernel。</para>
</sect2>
<sect2>
<title>測試設定</title>
<para>The configuration is ready to be tested: plug in your USB
device, and in the system message buffer (&man.dmesg.8;), the
drive should appear as something like:</para>
<screen>umass0: USB Solid state disk, rev 1.10/1.00, addr 2
GEOM: create disk da0 dp=0xc2d74850
da0 at umass-sim0 bus 0 target 0 lun 0
da0: &lt;Generic Traveling Disk 1.11&gt; Removable Direct Access SCSI-2 device
da0: 1.000MB/s transfers
da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)</screen>
<para>Of course, the brand, the device node
(<devicename>da0</devicename>) and other details can differ
according to your configuration.</para>
<para>Since the USB device is seen as a SCSI one, the
<command>camcontrol</command> command can be used to list the
USB storage devices attached to the system:</para>
<screen>&prompt.root; <userinput>camcontrol devlist</userinput>
&lt;Generic Traveling Disk 1.11&gt; at scbus0 target 0 lun 0 (da0,pass0)</screen>
<para>If the drive comes with a file system, you should be able
to mount it. The <xref linkend="disks-adding"/> will help you
to format and create partitions on the USB drive if
needed.</para>
<para>If you unplug the device (the disk must be unmounted
before), you should see, in the system message buffer,
something like the following:</para>
<screen>umass0: at uhub0 port 1 (addr 2) disconnected
(da0:umass-sim0:0:0:0): lost device
(da0:umass-sim0:0:0:0): removing device entry
GEOM: destroy disk da0 dp=0xc2d74850
umass0: detached</screen>
</sect2>
<sect2>
<title>Further Reading</title>
<para>Beside the <link linkend="disks-adding">Adding
Disks</link> and <link linkend="mount-unmount">Mounting and
Unmounting File Systems</link> sections, reading various
manual pages may be also useful: &man.umass.4;,
&man.camcontrol.8;, and &man.usbdevs.8;.</para>
</sect2>
</sect1>
<sect1 id="creating-cds">
<sect1info>
<authorgroup>
<author>
<firstname>Mike</firstname>
<surname>Meyer</surname>
<contrib>Contributed by </contrib>
<!-- mwm@mired.org -->
</author>
</authorgroup>
<!-- Apr 2001 -->
</sect1info>
<title>Creating and Using Optical Media (CDs)</title>
<indexterm>
<primary>CDROMs</primary>
<secondary>creating</secondary>
</indexterm>
<sect2>
<title>Introduction</title>
<para>CDs have a number of features that differentiate them from
conventional disks. Initially, they were not writable by the
user. They are designed so that they can be read continuously without
delays to move the head between tracks. They are also much easier
to transport between systems than similarly sized media were at the
time.</para>
<para>CDs do have tracks, but this refers to a section of data to
be read continuously and not a physical property of the disk. To
produce a CD on FreeBSD, you prepare the data files that are going
to make up the tracks on the CD, then write the tracks to the
CD.</para>
<indexterm><primary>ISO 9660</primary></indexterm>
<indexterm>
<primary>file systems</primary>
<secondary>ISO 9660</secondary>
</indexterm>
<para>The ISO 9660 file system was designed to deal with these
differences. It unfortunately codifies file system limits that were
common then. Fortunately, it provides an extension mechanism that
allows properly written CDs to exceed those limits while still
working with systems that do not support those extensions.</para>
<indexterm>
<primary><filename role="package">sysutils/cdrtools</filename></primary>
</indexterm>
<para>The <filename role="package">sysutils/cdrtools</filename>
port includes &man.mkisofs.8;, a program that you can use to
produce a data file containing an ISO 9660 file
system. It has options that support various extensions, and is
described below.</para>
<indexterm>
<primary>CD burner</primary>
<secondary>ATAPI</secondary>
</indexterm>
<para>Which tool to use to burn the CD depends on whether your CD burner
is ATAPI or something else. ATAPI CD burners use the <command><link
linkend="burncd">burncd</link></command> program that is part of
the base system. SCSI and USB CD burners should use
<command><link linkend="cdrecord">cdrecord</link></command> from
the <filename role="package">sysutils/cdrtools</filename> port.</para>
<para><command>burncd</command> has a limited number of
supported drives. To find out if a drive is supported, see the
<ulink url="http://www.freebsd.dk/ata/">CD-R/RW supported
drives</ulink> list.</para>
<note>
<indexterm>
<primary>CD burner</primary>
<secondary>ATAPI/CAM driver</secondary>
</indexterm>
<para>If you run &os;&nbsp;5.X, &os;&nbsp;4.8-RELEASE version or
higher, it will be possible to use <command><link
linkend="cdrecord">cdrecord</link></command> and other tools
for SCSI drives on an ATAPI hardware with the <link
linkend="atapicam">ATAPI/CAM module</link>.</para>
</note>
<para>If you want a CD burning software with a graphical user
interface, you should have a look to
<application>X-CD-Roast</application> or
<application>K3b</application>. These tools are available as
packages or from the <filename
role="package">sysutils/xcdroast</filename> and <filename
role="package">sysutils/k3b</filename> ports.
<application>X-CD-Roast</application> and
<application>K3b</application> require the <link
linkend="atapicam">ATAPI/CAM module</link> with ATAPI
hardware.</para>
</sect2>
<sect2 id="mkisofs">
<title>mkisofs</title>
<para>The &man.mkisofs.8; program, which is part of the
<filename role="package">sysutils/cdrtools</filename> port,
produces an ISO 9660 file system
that is an image of a directory tree in the &unix; file system name
space. The simplest usage is:</para>
<screen>&prompt.root; <userinput>mkisofs -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/tree</replaceable></userinput></screen>
<indexterm>
<primary>file systems</primary>
<secondary>ISO 9660</secondary>
</indexterm>
<para>This command will create an <replaceable>imagefile.iso</replaceable>
containing an ISO 9660 file system that is a copy of the tree at
<replaceable>/path/to/tree</replaceable>. In the process, it will
map the file names to names that fit the limitations of the
standard ISO 9660 file system, and will exclude files that have
names uncharacteristic of ISO file systems.</para>
<indexterm>
<primary>file systems</primary>
<secondary>HFS</secondary>
</indexterm>
<indexterm>
<primary>file systems</primary>
<secondary>Joliet</secondary>
</indexterm>
<para>A number of options are available to overcome those
restrictions. In particular, <option>-R</option> enables the
Rock Ridge extensions common to &unix; systems, <option>-J</option>
enables Joliet extensions used by Microsoft systems, and
<option>-hfs</option> can be used to create HFS file systems used
by &macos;.</para>
<para>For CDs that are going to be used only on FreeBSD systems,
<option>-U</option> can be used to disable all filename
restrictions. When used with <option>-R</option>, it produces a
file system image that is identical to the FreeBSD tree you started
from, though it may violate the ISO 9660 standard in a number of
ways.</para>
<indexterm>
<primary>CDROMs</primary>
<secondary>creating bootable</secondary>
</indexterm>
<para>The last option of general use is <option>-b</option>. This is
used to specify the location of the boot image for use in producing an
<quote>El Torito</quote> bootable CD. This option takes an
argument which is the path to a boot image from the top of the
tree being written to the CD. By default, &man.mkisofs.8; creates an
ISO image in the so-called <quote>floppy disk emulation</quote> mode,
and thus expects the boot image to be exactly 1200, 1440 or
2880&nbsp;KB in size. Some boot loaders, like the one used by the
FreeBSD distribution disks, do not use emulation mode; in this case,
the <option>-no-emul-boot</option> option should be used. So, if
<filename>/tmp/myboot</filename> holds a bootable FreeBSD system
with the boot image in
<filename>/tmp/myboot/boot/cdboot</filename>, you could produce the
image of an ISO 9660 file system in
<filename>/tmp/bootable.iso</filename> like so:</para>
<screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
<para>Having done that, if you have <devicename>md</devicename>
configured in your kernel, you can mount the file system with:</para>
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
<para>At which point you can verify that <filename>/mnt</filename>
and <filename>/tmp/myboot</filename> are identical.</para>
<para>There are many other options you can use with
&man.mkisofs.8; to fine-tune its behavior. In particular:
modifications to an ISO 9660 layout and the creation of Joliet
and HFS discs. See the &man.mkisofs.8; manual page for details.</para>
</sect2>
<sect2 id="burncd">
<title>burncd</title>
<indexterm>
<primary>CDROMs</primary>
<secondary>burning</secondary>
</indexterm>
<para>If you have an ATAPI CD burner, you can use the
<command>burncd</command> command to burn an ISO image onto a
CD. <command>burncd</command> is part of the base system, installed
as <filename>/usr/sbin/burncd</filename>. Usage is very simple, as
it has few options:</para>
<screen>&prompt.root; <userinput>burncd -f <replaceable>cddevice</replaceable> data <replaceable>imagefile.iso</replaceable> fixate</userinput></screen>
<para>Will burn a copy of <replaceable>imagefile.iso</replaceable> on
<replaceable>cddevice</replaceable>. The default device is
<filename>/dev/acd0</filename>. See &man.burncd.8; for options to
set the write speed, eject the CD after burning, and write audio
data.</para>
</sect2>
<sect2 id="cdrecord">
<title>cdrecord</title>
<para>If you do not have an ATAPI CD burner, you will have to use
<command>cdrecord</command> to burn your
CDs. <command>cdrecord</command> is not part of the base system;
you must install it from either the port at <filename role="package">sysutils/cdrtools</filename>
or the appropriate
package. Changes to the base system can cause binary versions of
this program to fail, possibly resulting in a
<quote>coaster</quote>. You should therefore either upgrade the
port when you upgrade your system, or if you are <link
linkend="stable">tracking -STABLE</link>, upgrade the port when a
new version becomes available.</para>
<para>While <command>cdrecord</command> has many options, basic usage
is even simpler than <command>burncd</command>. Burning an ISO 9660
image is done with:</para>
<screen>&prompt.root; <userinput>cdrecord dev=<replaceable>device</replaceable> <replaceable>imagefile.iso</replaceable></userinput></screen>
<para>The tricky part of using <command>cdrecord</command> is finding
the <option>dev</option> to use. To find the proper setting, use
the <option>-scanbus</option> flag of <command>cdrecord</command>,
which might produce results like this:</para>
<indexterm>
<primary>CDROMs</primary>
<secondary>burning</secondary>
</indexterm>
<screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 J&ouml;rg Schilling
Using libscg version 'schily-0.1'
scsibus0:
0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
0,2,0 2) *
0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
scsibus1:
1,0,0 100) *
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
1,7,0 107) *</screen>
<para>This lists the appropriate <option>dev</option> value for the
devices on the list. Locate your CD burner, and use the three
numbers separated by commas as the value for
<option>dev</option>. In this case, the CRW device is 1,5,0, so the
appropriate input would be
<option>dev=1,5,0</option>. There are easier
ways to specify this value; see &man.cdrecord.1; for
details. That is also the place to look for information on writing
audio tracks, controlling the speed, and other things.</para>
</sect2>
<sect2 id="duplicating-audiocds">
<title>Duplicating Audio CDs</title>
<para>You can duplicate an audio CD by extracting the audio data from
the CD to a series of files, and then writing these files to a blank
CD. The process is slightly different for ATAPI and SCSI
drives.</para>
<procedure>
<title>SCSI Drives</title>
<step>
<para>Use <command>cdda2wav</command> to extract the audio.</para>
<screen>&prompt.user; <userinput>cdda2wav -v255 -D2,0 -B -Owav</userinput></screen>
</step>
<step>
<para>Use <command>cdrecord</command> to write the
<filename>.wav</filename> files.</para>
<screen>&prompt.user; <userinput>cdrecord -v dev=<replaceable>2,0</replaceable> -dao -useinfo *.wav</userinput></screen>
<para>Make sure that <replaceable>2,0</replaceable> is set
appropriately, as described in <xref linkend="cdrecord"/>.</para>
</step>
</procedure>
<procedure>
<title>ATAPI Drives</title>
<step>
<para>The ATAPI CD driver makes each track available as
<filename>/dev/acd<replaceable>d</replaceable>t<replaceable>nn</replaceable></filename>,
where <replaceable>d</replaceable> is the drive number, and
<replaceable>nn</replaceable> is the track number written with two
decimal digits, prefixed with zero as needed.
So the first track on the first disk is
<filename>/dev/acd0t01</filename>, the second is
<filename>/dev/acd0t02</filename>, the third is
<filename>/dev/acd0t03</filename>, and so on.</para>
<para>Make sure the appropriate files exist in
<filename>/dev</filename>. If the entries are missing,
force the system to retaste the media:</para>
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=/dev/null count=1</userinput></screen>
</step>
<step>
<para>Extract each track using &man.dd.1;. You must also use a
specific block size when extracting the files.</para>
<screen>&prompt.root; <userinput>dd if=/dev/acd0t01 of=track1.cdr bs=2352</userinput>
&prompt.root; <userinput>dd if=/dev/acd0t02 of=track2.cdr bs=2352</userinput>
...
</screen>
</step>
<step>
<para>Burn the extracted files to disk using
<command>burncd</command>. You must specify that these are audio
files, and that <command>burncd</command> should fixate the disk
when finished.</para>
<screen>&prompt.root; <userinput>burncd -f <replaceable>/dev/acd0</replaceable> audio track1.cdr track2.cdr <replaceable>...</replaceable> fixate</userinput></screen>
</step>
</procedure>
</sect2>
<sect2 id="imaging-cd">
<title>Duplicating Data CDs</title>
<para>You can copy a data CD to a image file that is
functionally equivalent to the image file created with
&man.mkisofs.8;, and you can use it to duplicate
any data CD. The example given here assumes that your CDROM
device is <devicename>acd0</devicename>. Substitute your
correct CDROM device.</para>
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
<para>Now that you have an image, you can burn it to CD as
described above.</para>
</sect2>
<sect2 id="mounting-cd">
<title>Using Data CDs</title>
<para>Now that you have created a standard data CDROM, you
probably want to mount it and read the data on it. By
default, &man.mount.8; assumes that a file system is of type
<literal>ufs</literal>. If you try something like:</para>
<screen>&prompt.root; <userinput>mount /dev/cd0 /mnt</userinput></screen>
<para>you will get a complaint about <errorname>Incorrect super
block</errorname>, and no mount. The CDROM is not a
<literal>UFS</literal> file system, so attempts to mount it
as such will fail. You just need to tell &man.mount.8; that
the file system is of type <literal>ISO9660</literal>, and
everything will work. You do this by specifying the
<option>-t cd9660</option> option &man.mount.8;. For
example, if you want to mount the CDROM device,
<filename>/dev/cd0</filename>, under
<filename>/mnt</filename>, you would execute:</para>
<screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
<para>Note that your device name
(<filename>/dev/cd0</filename> in this example) could be
different, depending on the interface your CDROM uses. Also,
the <option>-t cd9660</option> option just executes
&man.mount.cd9660.8;. The above example could be shortened
to:</para>
<screen>&prompt.root; <userinput>mount_cd9660 /dev/cd0 /mnt</userinput></screen>
<para>You can generally use data CDROMs from any vendor in this
way. Disks with certain ISO 9660 extensions might behave
oddly, however. For example, Joliet disks store all filenames
in two-byte Unicode characters. The FreeBSD kernel does not
speak Unicode (yet!), so non-English characters show up as
question marks. (The FreeBSD
CD9660 driver includes hooks to load an appropriate Unicode
conversion table on the fly. Modules for some of the common
encodings are available via the
<filename role="package">sysutils/cd9660_unicode</filename> port.)</para>
<para>Occasionally, you might get <errorname>Device not
configured</errorname> when trying to mount a CDROM. This
usually means that the CDROM drive thinks that there is no
disk in the tray, or that the drive is not visible on the bus.
It can take a couple of seconds for a CDROM drive to realize
that it has been fed, so be patient.</para>
<para>Sometimes, a SCSI CDROM may be missed because it did not
have enough time to answer the bus reset. If you have a SCSI
CDROM please add the following option to your kernel
configuration and <link linkend="kernelconfig-building">rebuild your kernel</link>.</para>
<programlisting>options SCSI_DELAY=15000</programlisting>
<para>This tells your SCSI bus to pause 15 seconds during boot,
to give your CDROM drive every possible chance to answer the
bus reset.</para>
</sect2>
<sect2 id="rawdata-cd">
<title>Burning Raw Data CDs</title>
<para>You can choose to burn a file directly to CD, without
creating an ISO 9660 file system. Some people do this for
backup purposes. This runs more quickly than burning a
standard CD:</para>
<screen>&prompt.root; <userinput>burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate</userinput></screen>
<para>In order to retrieve the data burned to such a CD, you
must read data from the raw device node:</para>
<screen>&prompt.root; <userinput>tar xzvf /dev/acd1</userinput></screen>
<para>You cannot mount this disk as you would a normal CDROM.
Such a CDROM cannot be read under any operating system
except FreeBSD. If you want to be able to mount the CD, or
share data with another operating system, you must use
&man.mkisofs.8; as described above.</para>
</sect2>
<sect2 id="atapicam">
<sect2info>
<authorgroup>
<author>
<firstname>Marc</firstname>
<surname>Fonvieille</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
</sect2info>
<title>Using the ATAPI/CAM Driver</title>
<indexterm>
<primary>CD burner</primary>
<secondary>ATAPI/CAM driver</secondary>
</indexterm>
<para>This driver allows ATAPI devices (CD-ROM, CD-RW, DVD
drives etc...) to be accessed through the SCSI subsystem, and
so allows the use of applications like <filename
role="package">sysutils/cdrdao</filename> or
&man.cdrecord.1;.</para>
<para>To use this driver, you will need to add the following
line to your kernel configuration file:</para>
<programlisting>device atapicam</programlisting>
<para>You also need the following lines in your kernel
configuration file:</para>
<programlisting>device ata
device scbus
device cd
device pass</programlisting>
<para>which should already be present.</para>
<para>Then rebuild, install your new kernel, and reboot your
machine. During the boot process, your burner should show up,
like so:</para>
<screen>acd0: CD-RW &lt;MATSHITA CD-RW/DVD-ROM UJDA740&gt; at ata1-master PIO4
cd0 at ata1 bus 0 target 0 lun 0
cd0: &lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; Removable CD-ROM SCSI-0 device
cd0: 16.000MB/s transfers
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
<para>The drive could now be accessed via the
<filename>/dev/cd0</filename> device name, for example to
mount a CD-ROM on <filename>/mnt</filename>, just type the
following:</para>
<screen>&prompt.root; <userinput>mount -t cd9660 <replaceable>/dev/cd0</replaceable> /mnt</userinput></screen>
<para>As <username>root</username>, you can run the following
command to get the SCSI address of the burner:</para>
<screen>&prompt.root; <userinput>camcontrol devlist</userinput>
&lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; at scbus1 target 0 lun 0 (pass0,cd0)</screen>
<para>So <literal>1,0,0</literal> will be the SCSI address to
use with &man.cdrecord.1; and other SCSI application.</para>
<para>For more information about ATAPI/CAM and SCSI system,
refer to the &man.atapicam.4; and &man.cam.4; manual
pages.</para>
</sect2>
</sect1>
<sect1 id="creating-dvds">
<sect1info>
<authorgroup>
<author>
<firstname>Marc</firstname>
<surname>Fonvieille</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
<authorgroup>
<author>
<firstname>Andy</firstname>
<surname>Polyakov</surname>
<contrib>With inputs from </contrib>
</author>
</authorgroup>
<!-- Feb 2004 -->
</sect1info>
<title>Creating and Using Optical Media (DVDs)</title>
<indexterm>
<primary>DVD</primary>
<secondary>burning</secondary>
</indexterm>
<sect2>
<title>Introduction</title>
<para>Compared to the CD, the DVD is the next generation of
optical media storage technology. The DVD can hold more data
than any CD and is nowadays the standard for video
publishing.</para>
<para>Five physical recordable formats can be defined for what
we will call a recordable DVD:</para>
<itemizedlist>
<listitem>
<para>DVD-R: This was the first DVD recordable format
available. The DVD-R standard is defined by the <ulink
url="http://www.dvdforum.com/forum.shtml">DVD Forum</ulink>.
This format is write once.</para>
</listitem>
<listitem>
<para>DVD-RW: This is the rewriteable version of
the DVD-R standard. A DVD-RW can be rewritten about 1000
times.</para>
</listitem>
<listitem>
<para>DVD-RAM: This is also a rewriteable format
supported by the DVD Forum. A DVD-RAM can be seen as a
removable hard drive. However, this media is not
compatible with most DVD-ROM drives and DVD-Video players;
only a few DVD writers support the DVD-RAM format.</para>
</listitem>
<listitem>
<para>DVD+RW: This is a rewriteable format defined by
the <ulink url="http://www.dvdrw.com/">DVD+RW
Alliance</ulink>. A DVD+RW can be rewritten about 1000
times.</para>
</listitem>
<listitem>
<para>DVD+R: This format is the write once variation
of the DVD+RW format.</para>
</listitem>
</itemizedlist>
<para>A single layer recordable DVD can hold up to
4,700,000,000&nbsp;bytes which is actually 4.38&nbsp;GB or
4485&nbsp;MB (1 kilobyte is 1024 bytes).</para>
<note>
<para>A distinction must be made between the physical media and
the application. For example, a DVD-Video is a specific
file layout that can be written on any recordable DVD
physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing
the type of media, you must be sure that both the burner and the
DVD-Video player (a standalone player or a DVD-ROM drive on
a computer) are compatible with the media under consideration.</para></note>
</sect2>
<sect2>
<title>Configuration</title>
<para>The program &man.growisofs.1; will be used to perform DVD
recording. This command is part of the
<application>dvd+rw-tools</application> utilities (<filename
role="package">sysutils/dvd+rw-tools</filename>). The
<application>dvd+rw-tools</application> support all DVD media
types.</para>
<para>These tools use the SCSI subsystem to access to the
devices, therefore the <link linkend="atapicam">ATAPI/CAM
support</link> must be added to your kernel. If your burner
uses the USB interface this addition is useless, and you should
read the <xref linkend="usb-disks"/> for more details on USB
devices configuration.</para>
<para>You also have to enable DMA access for ATAPI devices, this
can be done in adding the following line to the
<filename>/boot/loader.conf</filename> file:</para>
<programlisting>hw.ata.atapi_dma="1"</programlisting>
<para>Before attempting to use the
<application>dvd+rw-tools</application> you should consult the
<ulink
url="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">dvd+rw-tools'
hardware compatibility notes</ulink> for any information
related to your DVD burner.</para>
<note>
<para>If you want a graphical user interface, you should have
a look to <application>K3b</application> (<filename
role="package">sysutils/k3b</filename>) which provides a
user friendly interface to &man.growisofs.1; and many others
burning tools.</para>
</note>
</sect2>
<sect2>
<title>Burning Data DVDs</title>
<para>The &man.growisofs.1; command is a frontend to <link
linkend="mkisofs">mkisofs</link>, it will invoke
&man.mkisofs.8; to create the file system layout and will
perform the write on the DVD. This means you do not need to
create an image of the data before the burning process.</para>
<para>To burn onto a DVD+R or a DVD-R the data from the <filename
class="directory">/path/to/data</filename> directory, use the
following command:</para>
<screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
<para>The options <option>-J -R</option> are passed to
&man.mkisofs.8; for the file system creation (in this case: an
ISO 9660 file system with Joliet and Rock Ridge extensions),
consult the &man.mkisofs.8; manual page for more
details.</para>
<para>The option <option>-Z</option> is used for the initial
session recording in any case: multiple sessions or not. The
DVD device, <replaceable>/dev/cd0</replaceable>, must be
changed according to your configuration. The
<option>-dvd-compat</option> parameter will close the disk,
the recording will be unappendable. In return this should provide better
media compatibility with DVD-ROM drives.</para>
<para>It is also possible to burn a pre-mastered image, for
example to burn the image
<replaceable>imagefile.iso</replaceable>, we will run:</para>
<screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
<para>The write speed should be detected and automatically set
according to the media and the drive being used. If you want
to force the write speed, use the <option>-speed=</option>
parameter. For more information, read the &man.growisofs.1;
manual page.</para>
</sect2>
<sect2>
<title>Burning a DVD-Video</title>
<indexterm>
<primary>DVD</primary>
<secondary>DVD-Video</secondary>
</indexterm>
<para>A DVD-Video is a specific file layout based on ISO 9660
and the micro-UDF (M-UDF) specifications. The DVD-Video also
presents a specific data structure hierarchy, it is the reason
why you need a particular program such as <filename
role="package">multimedia/dvdauthor</filename> to author the
DVD.</para>
<para>If you already have an image of the DVD-Video file system,
just burn it in the same way as for any image, see the
previous section for an example. If you have made the DVD
authoring and the result is in, for example, the directory
<filename class="directory">/path/to/video</filename>, the
following command should be used to burn the DVD-Video:</para>
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -dvd-video <replaceable>/path/to/video</replaceable></userinput></screen>
<para>The <option>-dvd-video</option> option will be passed down to
&man.mkisofs.8; and will instruct it to create a DVD-Video file system
layout. Beside this, the <option>-dvd-video</option> option
implies <option>-dvd-compat</option> &man.growisofs.1;
option.</para>
</sect2>
<sect2>
<title>Using a DVD+RW</title>
<indexterm>
<primary>DVD</primary>
<secondary>DVD+RW</secondary>
</indexterm>
<para>Unlike CD-RW, a virgin DVD+RW needs to be formatted before
first use. The &man.growisofs.1; program will take care of it
automatically whenever appropriate, which is the
<emphasis>recommended</emphasis> way. However you can use the
<command>dvd+rw-format</command> command to format the
DVD+RW:</para>
<screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
<para>You need to perform this operation just once, keep in mind
that only virgin DVD+RW medias need to be formatted. Then you
can burn the DVD+RW in the way seen in previous
sections.</para>
<para>If you want to burn new data (burn a totally new file
system not append some data) onto a DVD+RW, you do not need to
blank it, you just have to write over the previous recording
(in performing a new initial session), like this:</para>
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/newdata</replaceable></userinput></screen>
<para>DVD+RW format offers the possibility to easily append data
to a previous recording. The operation consists in merging a
new session to the existing one, it is not multisession
writing, &man.growisofs.1; will <emphasis>grow</emphasis> the
ISO 9660 file system present on the media.</para>
<para>For example, if we want to append data to our previous
DVD+RW, we have to use the following:</para>
<screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
<para>The same &man.mkisofs.8; options we used to burn the
initial session should be used during next writes.</para>
<note>
<para>You may want to use the <option>-dvd-compat</option>
option if you want better media compatibility with DVD-ROM
drives. In the DVD+RW case, this will not prevent you from
adding data.</para>
</note>
<para>If for any reason you really want to blank the media, do
the following:</para>
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable>=<replaceable>/dev/zero</replaceable></userinput></screen>
</sect2>
<sect2>
<title>Using a DVD-RW</title>
<indexterm>
<primary>DVD</primary>
<secondary>DVD-RW</secondary>
</indexterm>
<para>A DVD-RW accepts two disc formats: the incremental
sequential one and the restricted overwrite. By default
DVD-RW discs are in sequential format.</para>
<para>A virgin DVD-RW can be directly written without the need
of a formatting operation, however a non-virgin DVD-RW in
sequential format needs to be blanked before to be able to
write a new initial session.</para>
<para>To blank a DVD-RW in sequential mode, run:</para>
<screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
<note>
<para>A full blanking (<option>-blank=full</option>) will take
about one hour on a 1x media. A fast blanking can be
performed using the <option>-blank</option> option if the
DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn
the DVD-RW in DAO mode, use the command:</para>
<screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
<para>The <option>-use-the-force-luke=dao</option> option
should not be required since &man.growisofs.1; attempts to
detect minimally (fast blanked) media and engage DAO
write.</para>
<para>In fact one should use restricted overwrite mode with
any DVD-RW, this format is more flexible than the default
incremental sequential one.</para>
</note>
<para>To write data on a sequential DVD-RW, use the same
instructions as for the other DVD formats:</para>
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
<para>If you want to append some data to your previous
recording, you will have to use the &man.growisofs.1;
<option>-M</option> option. However, if you perform data
addition on a DVD-RW in incremental sequential mode, a new
session will be created on the disc and the result will be a
multi-session disc.</para>
<para>A DVD-RW in restricted overwrite format does not need to
be blanked before a new initial session, you just have to
overwrite the disc with the <option>-Z</option> option, this
is similar to the DVD+RW case. It is also possible to grow an
existing ISO 9660 file system written on the disc in a same
way as for a DVD+RW with the <option>-M</option> option. The
result will be a one-session DVD.</para>
<para>To put a DVD-RW in the restricted overwrite format, the
following command must be used:</para>
<screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
<para>To change back to the sequential format use:</para>
<screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
</sect2>
<sect2>
<title>Multisession</title>
<para>Very few DVD-ROM drives support
multisession DVDs, they will most of time, hopefully, only read
the first session. DVD+R, DVD-R and DVD-RW in sequential
format can accept multiple sessions, the notion of multiple
sessions does not exist for the DVD+RW and the DVD-RW
restricted overwrite formats.</para>
<para>Using the following command after an initial (non-closed)
session on a DVD+R, DVD-R, or DVD-RW in sequential format,
will add a new session to the disc:</para>
<screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
<para>Using this command line with a DVD+RW or a DVD-RW in restricted
overwrite mode, will append data in merging the new session to
the existing one. The result will be a single-session disc.
This is the way used to add data after an initial write on these
medias.</para>
<note>
<para>Some space on the media is used between each session for
end and start of sessions. Therefore, one should add
sessions with large amount of data to optimize media space.
The number of sessions is limited to 154 for a DVD+R,
about 2000 for a DVD-R, and 127 for a DVD+R Double
Layer.</para>
</note>
</sect2>
<sect2>
<title>For More Information</title>
<para>To obtain more information about a DVD, the
<command>dvd+rw-mediainfo
<replaceable>/dev/cd0</replaceable></command> command can be
ran with the disc in the drive.</para>
<para>More information about the
<application>dvd+rw-tools</application> can be found in
the &man.growisofs.1; manual page, on the <ulink
url="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
web site</ulink> and in the <ulink
url="http://lists.debian.org/cdwrite/">cdwrite mailing
list</ulink> archives.</para>
<note>
<para>The <command>dvd+rw-mediainfo</command> output of the
resulting recording or the media with issues is mandatory
for any problem report. Without this output, it will be
quite impossible to help you.</para>
</note>
</sect2>
</sect1>
<sect1 id="floppies">
<sect1info>
<authorgroup>
<author>
<firstname>Julio</firstname>
<surname>Merino</surname>
<contrib>Original work by </contrib>
</author>
</authorgroup>
<!-- 24 Dec 2001 -->
<authorgroup>
<author>
<firstname>Martin</firstname>
<surname>Karlsson</surname>
<contrib>Rewritten by </contrib>
</author>
</authorgroup>
<!-- 27 Apr 2003 -->
</sect1info>
<title>Creating and Using Floppy Disks</title>
<para>Storing data on floppy disks is sometimes useful, for
example when one does not have any other removable storage media
or when one needs to transfer small amounts of data to another
computer.</para>
<para>This section will explain how to use floppy disks in
FreeBSD. It will primarily cover formatting and usage of
3.5inch DOS floppies, but the concepts are similar for other
floppy disk formats.</para>
<sect2>
<title>Formatting Floppies</title>
<sect3>
<title>The Device</title>
<para>Floppy disks are accessed through entries in
<filename>/dev</filename>, just like other devices. To
access the raw floppy disk, simply use
<filename>/dev/fd<replaceable>N</replaceable></filename>.</para>
</sect3>
<sect3>
<title>Formatting</title>
<para>A floppy disk needs to be low-level formated before it
can be used. This is usually done by the vendor, but
formatting is a good way to check media integrity. Although
it is possible to force larger (or smaller) disk sizes,
1440kB is what most floppy disks are designed for.</para>
<para>To low-level format the floppy disk you need to use
&man.fdformat.1;. This utility expects the device name as an
argument.</para>
<para>Make note of any error messages, as these can help
determine if the disk is good or bad.</para>
<sect4>
<title>Formatting Floppy Disks</title>
<para>Use the
<filename>/dev/fd<replaceable>N</replaceable></filename>
devices to format the floppy. Insert a new 3.5inch floppy
disk in your drive and issue:</para>
<screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
</sect4>
</sect3>
</sect2>
<sect2>
<title>The Disk Label</title>
<para>After low-level formatting the disk, you will need to
place a disk label on it. This disk label will be destroyed
later, but it is needed by the system to determine the size of
the disk and its geometry later.</para>
<para>The new disk label will take over the whole disk, and will
contain all the proper information about the geometry of the
floppy. The geometry values for the disk label are listed in
<filename>/etc/disktab</filename>.</para>
<para>You can run now &man.bsdlabel.8; like so:</para>
<screen>&prompt.root; <userinput>/sbin/bsdlabel -B -r -w /dev/fd0 fd1440</userinput></screen>
<note><para>Since &os;&nbsp;5.1-RELEASE, the &man.bsdlabel.8;
utility replaces the old &man.bsdlabel.8; program. With
&man.bsdlabel.8; a number of obsolete options and parameters
have been retired; in the example above the option
<option>-r</option> should be removed. For more
information, please refer to the &man.bsdlabel.8;
manual page.</para></note>
</sect2>
<sect2>
<title>The File System</title>
<para>Now the floppy is ready to be high-level formated. This
will place a new file system on it, which will let FreeBSD read
and write to the disk. After creating the new file system, the
disk label is destroyed, so if you want to reformat the disk, you
will have to recreate the disk label.</para>
<para>The floppy's file system can be either UFS or FAT.
FAT is generally a better choice for floppies.</para>
<para>To put a new file system on the floppy, issue:</para>
<screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
<para>The disk is now ready for use.</para>
</sect2>
<sect2>
<title>Using the Floppy</title>
<para>To use the floppy, mount it with &man.mount.msdos.8;. One can also use
<filename role="package">emulators/mtools</filename> from the ports
collection.</para>
</sect2>
</sect1>
<sect1 id="backups-tapebackups">
<title>Creating and Using Data Tapes</title>
<indexterm><primary>tape media</primary></indexterm>
<para>The major tape media are the 4mm, 8mm, QIC, mini-cartridge and
DLT.</para>
<sect2 id="backups-tapebackups-4mm">
<title>4mm (DDS: Digital Data Storage)</title>
<indexterm>
<primary>tape media</primary>
<secondary>DDS (4mm) tapes</secondary>
</indexterm>
<indexterm>
<primary>tape media</primary>
<secondary>QIC tapes</secondary>
</indexterm>
<para>4mm tapes are replacing QIC as the workstation backup media of
choice. This trend accelerated greatly when Conner purchased Archive,
a leading manufacturer of QIC drives, and then stopped production of
QIC drives. 4mm drives are small and quiet but do not have the
reputation for reliability that is enjoyed by 8mm drives. The
cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51
x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short
head life for the same reason, both use helical scan.</para>
<para>Data throughput on these drives starts ~150&nbsp;kB/s, peaking at ~500&nbsp;kB/s.
Data capacity starts at 1.3&nbsp;GB and ends at 2.0&nbsp;GB. Hardware
compression, available with most of these drives, approximately
doubles the capacity. Multi-drive tape library units can have 6
drives in a single cabinet with automatic tape changing. Library
capacities reach 240&nbsp;GB.</para>
<para>The DDS-3 standard now supports tape capacities up to 12&nbsp;GB (or
24&nbsp;GB compressed).</para>
<para>4mm drives, like 8mm drives, use helical-scan. All the benefits
and drawbacks of helical-scan apply to both 4mm and 8mm drives.</para>
<para>Tapes should be retired from use after 2,000 passes or 100 full
backups.</para>
</sect2>
<sect2 id="backups-tapebackups-8mm">
<title>8mm (Exabyte)</title>
<indexterm>
<primary>tape media</primary>
<secondary>Exabyte (8mm) tapes</secondary>
</indexterm>
<para>8mm tapes are the most common SCSI tape drives; they are the best
choice of exchanging tapes. Nearly every site has an Exabyte 2&nbsp;GB 8mm
tape drive. 8mm drives are reliable, convenient and quiet. Cartridges
are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm).
One downside of 8mm tape is relatively short head and tape life due to
the high rate of relative motion of the tape across the heads.</para>
<para>Data throughput ranges from ~250&nbsp;kB/s to ~500&nbsp;kB/s. Data sizes start
at 300&nbsp;MB and go up to 7&nbsp;GB. Hardware compression, available with
most of these drives, approximately doubles the capacity. These
drives are available as single units or multi-drive tape libraries
with 6 drives and 120 tapes in a single cabinet. Tapes are changed
automatically by the unit. Library capacities reach 840+&nbsp;GB.</para>
<para>The Exabyte <quote>Mammoth</quote> model supports 12&nbsp;GB on one tape
(24&nbsp;GB with compression) and costs approximately twice as much as
conventional tape drives.</para>
<para>Data is recorded onto the tape using helical-scan, the heads are
positioned at an angle to the media (approximately 6 degrees). The
tape wraps around 270 degrees of the spool that holds the heads. The
spool spins while the tape slides over the spool. The result is a
high density of data and closely packed tracks that angle across the
tape from one edge to the other.</para>
</sect2>
<sect2 id="backups-tapebackups-qic">
<title>QIC</title>
<indexterm>
<primary>tape media</primary>
<secondary>QIC-150</secondary>
</indexterm>
<para>QIC-150 tapes and drives are, perhaps, the most common tape drive
and media around. QIC tape drives are the least expensive <quote>serious</quote>
backup drives. The downside is the cost of media. QIC tapes are
expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB
data storage. But, if your needs can be satisfied with a half-dozen
tapes, QIC may be the correct choice. QIC is the
<emphasis>most</emphasis> common tape drive. Every site has a QIC
drive of some density or another. Therein lies the rub, QIC has a
large number of densities on physically similar (sometimes identical)
tapes. QIC drives are not quiet. These drives audibly seek before
they begin to record data and are clearly audible whenever reading,
writing or seeking. QIC tapes measure (6 x 4 x 0.7 inches; 152 x
102 x 17 mm).</para>
<para>Data throughput ranges from ~150&nbsp;kB/s to ~500&nbsp;kB/s. Data capacity
ranges from 40&nbsp;MB to 15&nbsp;GB. Hardware compression is available on many
of the newer QIC drives. QIC drives are less frequently installed;
they are being supplanted by DAT drives.</para>
<para>Data is recorded onto the tape in tracks. The tracks run along
the long axis of the tape media from one end to the other. The number
of tracks, and therefore the width of a track, varies with the tape's
capacity. Most if not all newer drives provide backward-compatibility
at least for reading (but often also for writing). QIC has a good
reputation regarding the safety of the data (the mechanics are simpler
and more robust than for helical scan drives).</para>
<para>Tapes should be retired from use after 5,000 backups.</para>
</sect2>
<sect2 id="backups-tapebackups-dlt">
<title>DLT</title>
<indexterm>
<primary>tape media</primary>
<secondary>DLT</secondary>
</indexterm>
<para>DLT has the fastest data transfer rate of all the drive types
listed here. The 1/2" (12.5mm) tape is contained in a single spool
cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a
swinging gate along one entire side of the cartridge. The drive
mechanism opens this gate to extract the tape leader. The tape leader
has an oval hole in it which the drive uses to <quote>hook</quote> the tape. The
take-up spool is located inside the tape drive. All the other tape
cartridges listed here (9 track tapes are the only exception) have
both the supply and take-up spools located inside the tape cartridge
itself.</para>
<para>Data throughput is approximately 1.5&nbsp;MB/s, three times the throughput of
4mm, 8mm, or QIC tape drives. Data capacities range from 10&nbsp;GB to 20&nbsp;GB
for a single drive. Drives are available in both multi-tape changers
and multi-tape, multi-drive tape libraries containing from 5 to 900
tapes over 1 to 20 drives, providing from 50&nbsp;GB to 9&nbsp;TB of
storage.</para>
<para>With compression, DLT Type IV format supports up to 70&nbsp;GB
capacity.</para>
<para>Data is recorded onto the tape in tracks parallel to the direction
of travel (just like QIC tapes). Two tracks are written at once.
Read/write head lifetimes are relatively long; once the tape stops
moving, there is no relative motion between the heads and the
tape.</para>
</sect2>
<sect2>
<title id="backups-tapebackups-ait">AIT</title>
<indexterm>
<primary>tape media</primary>
<secondary>AIT</secondary>
</indexterm>
<para>AIT is a new format from Sony, and can hold up to 50&nbsp;GB (with
compression) per tape. The tapes contain memory chips which retain an
index of the tape's contents. This index can be rapidly read by the
tape drive to determine the position of files on the tape, instead of
the several minutes that would be required for other tapes. Software
such as <application>SAMS:Alexandria</application> can operate forty or more AIT tape libraries,
communicating directly with the tape's memory chip to display the
contents on screen, determine what files were backed up to which
tape, locate the correct tape, load it, and restore the data from the
tape.</para>
<para>Libraries like this cost in the region of $20,000, pricing them a
little out of the hobbyist market.</para>
</sect2>
<sect2>
<title>Using a New Tape for the First Time</title>
<para>The first time that you try to read or write a new, completely
blank tape, the operation will fail. The console messages should be
similar to:</para>
<screen>sa0(ncr1:4:0): NOT READY asc:4,1
sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
<para>The tape does not contain an Identifier Block (block number 0).
All QIC tape drives since the adoption of QIC-525 standard write an
Identifier Block to the tape. There are two solutions:</para>
<itemizedlist>
<listitem>
<para><command>mt fsf 1</command> causes the tape drive to write an
Identifier Block to the tape.</para>
</listitem>
<listitem>
<para>Use the front panel button to eject the tape.</para>
<para>Re-insert the tape and <command>dump</command> data to
the tape.</para>
<para><command>dump</command> will report <errorname>DUMP: End of tape
detected</errorname> and the console will show: <errorname>HARDWARE
FAILURE info:280 asc:80,96</errorname>.</para>
<para>rewind the tape using: <command>mt rewind</command>.</para>
<para>Subsequent tape operations are successful.</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="backups-floppybackups">
<title>Backups to Floppies</title>
<sect2 id="floppies-using">
<title>Can I Use Floppies for Backing Up My Data?</title>
<indexterm><primary>backup floppies</primary></indexterm>
<indexterm><primary>floppy disks</primary></indexterm>
<para>Floppy disks are not really a suitable media for
making backups as:</para>
<itemizedlist>
<listitem>
<para>The media is unreliable, especially over long periods of
time.</para>
</listitem>
<listitem>
<para>Backing up and restoring is very slow.</para>
</listitem>
<listitem>
<para>They have a very limited capacity (the days of backing up
an entire hard disk onto a dozen or so floppies has long since
passed).</para>
</listitem>
</itemizedlist>
<para>However, if you have no other method of backing up your data then
floppy disks are better than no backup at all.</para>
<para>If you do have to use floppy disks then ensure that you use good
quality ones. Floppies that have been lying around the office for a
couple of years are a bad choice. Ideally use new ones from a
reputable manufacturer.</para>
</sect2>
<sect2 id="floppies-creating">
<title>So How Do I Backup My Data to Floppies?</title>
<para>The best way to backup to floppy disk is to use
&man.tar.1; with the <option>-M</option> (multi
volume) option, which allows backups to span multiple
floppies.</para>
<para>To backup all the files in the current directory and sub-directory
use this (as <username>root</username>):</para>
<screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>
<para>When the first floppy is full &man.tar.1; will prompt you to
insert the next volume (because &man.tar.1; is media independent it
refers to volumes; in this context it means floppy disk).</para>
<screen>Prepare volume #2 for /dev/fd0 and hit return:</screen>
<para>This is repeated (with the volume number incrementing) until all
the specified files have been archived.</para>
</sect2>
<sect2 id="floppies-compress">
<title>Can I Compress My Backups?</title>
<indexterm>
<primary><command>tar</command></primary>
</indexterm>
<indexterm>
<primary><command>gzip</command></primary>
</indexterm>
<indexterm><primary>compression</primary></indexterm>
<para>Unfortunately, &man.tar.1; will not allow the
<option>-z</option> option to be used for multi-volume archives.
You could, of course, &man.gzip.1; all the files,
&man.tar.1; them to the floppies, then
&man.gunzip.1; the files again!</para>
</sect2>
<sect2 id="floppies-restoring">
<title>How Do I Restore My Backups?</title>
<para>To restore the entire archive use:</para>
<screen>&prompt.root; <userinput>tar Mxvf /dev/fd0</userinput></screen>
<para>There are two ways that you can use to restore only
specific files. First, you can start with the first floppy
and use:</para>
<screen>&prompt.root; <userinput>tar Mxvf /dev/fd0 <replaceable>filename</replaceable></userinput></screen>
<para>The utility &man.tar.1; will prompt you to insert subsequent floppies until it
finds the required file.</para>
<para>Alternatively, if you know which floppy the file is on then you
can simply insert that floppy and use the same command as above. Note
that if the first file on the floppy is a continuation from the
previous one then &man.tar.1; will warn you that it cannot
restore it, even if you have not asked it to!</para>
</sect2>
</sect1>
<sect1 id="backup-strategies">
<sect1info>
<authorgroup>
<author>
<firstname>Lowell</firstname>
<surname>Gilbert</surname>
<contrib>Original work by </contrib>
</author>
</authorgroup>
<!-- 3 Dec 2005 -->
</sect1info>
<title>Backup Strategies</title>
<para>The first requirement in devising a backup plan is to make sure that
all of the following problems are covered:</para>
<itemizedlist>
<listitem>
<para>Disk failure</para>
</listitem>
<listitem>
<para>Accidental file deletion</para>
</listitem>
<listitem>
<para>Random file corruption</para>
</listitem>
<listitem>
<para>Complete machine destruction (e.g. fire), including destruction
of any on-site backups.</para>
</listitem>
</itemizedlist>
<para>It is perfectly possible that some systems will be best served by
having each of these problems covered by a completely different
technique. Except for strictly personal systems with very low-value
data, it is unlikely that one technique would cover all of them.</para>
<para>Some of the techniques in the toolbox are:</para>
<itemizedlist>
<listitem>
<para>Archives of the whole system, backed up onto permanent media
offsite. This actually provides protection against all of the
possible problems listed above, but is slow and inconvenient to
restore from. You can keep copies of the backups onsite and/or
online, but there will still be inconveniences in restoring files,
especially for non-privileged users.</para>
</listitem>
<listitem>
<para>Filesystem snapshots. This is really only helpful in the
accidental file deletion scenario, but it can be
<emphasis>very</emphasis> helpful in that case, and is quick and
easy to deal with.</para>
</listitem>
<listitem>
<para>Copies of whole filesystems and/or disks (e.g. periodic rsync of
the whole machine). This is generally most useful in networks with
unique requirements. For general protection against disk failure,
it is usually inferior to <acronym>RAID</acronym>. For restoring
accidentally deleted files, it can be comparable to
<acronym>UFS</acronym> snapshots, but that depends on your
preferences.</para>
</listitem>
<listitem>
<para><acronym>RAID</acronym>. Minimizes or avoids downtime when a
disk fails. At the expense of having to deal with disk failures
more often (because you have more disks), albeit at a much lower
urgency.</para>
</listitem>
<listitem>
<para>Checking fingerprints of files. The &man.mtree.8; utility is
very useful for this. Although it is not a backup technique, it
helps guarantee that you will notice when you need to resort to your
backups. This is particularly important for offline backups, and
should be checked periodically.</para>
</listitem>
</itemizedlist>
<para>It is quite easy to come up with even more techniques, many of them
variations on the ones listed above. Specialized requirements will
usually lead to specialized techniques (for example, backing up a live
database usually requires a method particular to the database software
as an intermediate step). The important thing is to know what dangers
you want to protect against, and how you will handle each.</para>
</sect1>
<sect1 id="backup-basics">
<title>Backup Basics</title>
<para>The three major backup programs are
&man.dump.8;,
&man.tar.1;,
and
&man.cpio.1;.</para>
<sect2>
<title>Dump and Restore</title>
<indexterm>
<primary>backup software</primary>
<secondary>dump / restore</secondary>
</indexterm>
<indexterm><primary><command>dump</command></primary></indexterm>
<indexterm><primary><command>restore</command></primary></indexterm>
<para>The traditional &unix; backup programs are
<command>dump</command> and <command>restore</command>. They
operate on the drive as a collection of disk blocks, below the
abstractions of files, links and directories that are created by
the file systems. <command>dump</command> backs up an entire
file system on a device. It is unable to backup only part of a
file system or a directory tree that spans more than one
file system. <command>dump</command> does not write files and
directories to tape, but rather writes the raw data blocks that
comprise files and directories.</para>
<note><para>If you use <command>dump</command> on your root directory, you
would not back up <filename>/home</filename>,
<filename>/usr</filename> or many other directories since
these are typically mount points for other file systems or
symbolic links into those file systems.</para></note>
<para><command>dump</command> has quirks that remain from its early days in
Version 6 of AT&amp;T UNIX (circa 1975). The default
parameters are suitable for 9-track tapes (6250 bpi), not the
high-density media available today (up to 62,182 ftpi). These
defaults must be overridden on the command line to utilize the
capacity of current tape drives.</para>
<indexterm><primary><filename>.rhosts</filename></primary></indexterm>
<para>It is also possible to backup data across the network to a
tape drive attached to another computer with <command>rdump</command> and
<command>rrestore</command>. Both programs rely upon &man.rcmd.3; and
&man.ruserok.3; to access the remote tape drive. Therefore,
the user performing the backup must be listed in the
<filename>.rhosts</filename> file on the remote computer. The
arguments to <command>rdump</command> and <command>rrestore</command> must be suitable
to use on the remote computer. When
<command>rdump</command>ing from a FreeBSD computer to an
Exabyte tape drive connected to a Sun called
<hostid>komodo</hostid>, use:</para>
<screen>&prompt.root; <userinput>/sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&amp;1</userinput></screen>
<para>Beware: there are security implications to
allowing <filename>.rhosts</filename> authentication. Evaluate your
situation carefully.</para>
<para>It is also possible to use <command>dump</command> and
<command>restore</command> in a more secure fashion over
<command>ssh</command>.</para>
<example>
<title>Using <command>dump</command> over <application>ssh</application></title>
<screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
</example>
<para>Or using <command>dump</command>'s built-in method,
setting the environment variable <envar>RSH</envar>:</para>
<example>
<title>Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set</title>
<screen>&prompt.root; <userinput>RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
</example>
</sect2>
<sect2>
<title><command>tar</command></title>
<indexterm>
<primary>backup software</primary>
<secondary><command>tar</command></secondary>
</indexterm>
<para>&man.tar.1; also dates back to Version 6 of AT&amp;T UNIX
(circa 1975). <command>tar</command> operates in cooperation
with the file system; it writes files and
directories to tape. <command>tar</command> does not support the
full range of options that are available from &man.cpio.1;, but
it does not require the unusual command
pipeline that <command>cpio</command> uses.</para>
<indexterm><primary><command>tar</command></primary></indexterm>
<para>On FreeBSD 5.3 and later, both GNU <command>tar</command>
and the default <command>bsdtar</command> are available. The
GNU version can be invoked with <command>gtar</command>. It
supports remote devices using the same syntax as
<command>rdump</command>. To <command>tar</command> to an
Exabyte tape drive connected to a Sun called
<hostid>komodo</hostid>, use:</para>
<screen>&prompt.root; <userinput>/usr/bin/gtar cf komodo:/dev/nsa8 . 2>&amp;1</userinput></screen>
<para>The same could be accomplished with
<command>bsdtar</command> by using a pipeline and
<command>rsh</command> to send the data to a remote tape
drive.</para>
<screen>&prompt.root; <userinput>tar cf - . | rsh <replaceable>hostname</replaceable> dd of=<replaceable>tape-device</replaceable> obs=20b</userinput></screen>
<para>If you are worried about the security of backing up over a
network you should use the <command>ssh</command> command
instead of <command>rsh</command>.</para>
</sect2>
<sect2>
<title><command>cpio</command></title>
<indexterm>
<primary>backup software</primary>
<secondary><command>cpio</command></secondary>
</indexterm>
<para>&man.cpio.1; is the original &unix; file interchange tape
program for magnetic media. <command>cpio</command> has options
(among many others) to perform byte-swapping, write a number of
different archive formats, and pipe the data to other programs.
This last feature makes <command>cpio</command> an excellent
choice for installation media. <command>cpio</command> does not
know how to walk the directory tree and a list of files must be
provided through <filename>stdin</filename>.</para>
<indexterm><primary><command>cpio</command></primary></indexterm>
<para><command>cpio</command> does not support backups across
the network. You can use a pipeline and <command>rsh</command>
to send the data to a remote tape drive.</para>
<screen>&prompt.root; <userinput>for f in <replaceable>directory_list; do</replaceable></userinput>
<userinput>find $f &gt;&gt; backup.list</userinput>
<userinput>done</userinput>
&prompt.root; <userinput>cpio -v -o --format=newc &lt; backup.list | ssh <replaceable>user</replaceable>@<replaceable>host</replaceable> "cat &gt; <replaceable>backup_device</replaceable>"</userinput></screen>
<para>Where <replaceable>directory_list</replaceable> is the list of
directories you want to back up,
<replaceable>user</replaceable>@<replaceable>host</replaceable> is the
user/hostname combination that will be performing the backups, and
<replaceable>backup_device</replaceable> is where the backups should
be written to (e.g., <filename>/dev/nsa0</filename>).</para>
</sect2>
<sect2>
<title><command>pax</command></title>
<indexterm>
<primary>backup software</primary>
<secondary><command>pax</command></secondary>
</indexterm>
<indexterm><primary><command>pax</command></primary></indexterm>
<indexterm><primary>POSIX</primary></indexterm>
<indexterm><primary>IEEE</primary></indexterm>
<para>&man.pax.1; is IEEE/&posix;'s answer to
<command>tar</command> and <command>cpio</command>. Over the
years the various versions of <command>tar</command> and
<command>cpio</command> have gotten slightly incompatible. So
rather than fight it out to fully standardize them, &posix;
created a new archive utility. <command>pax</command> attempts
to read and write many of the various <command>cpio</command>
and <command>tar</command> formats, plus new formats of its own.
Its command set more resembles <command>cpio</command> than
<command>tar</command>.</para>
</sect2>
<sect2 id="backups-programs-amanda">
<title><application>Amanda</application></title>
<indexterm>
<primary>backup software</primary>
<secondary><application>Amanda</application></secondary>
</indexterm>
<indexterm><primary><application>Amanda</application></primary></indexterm>
<!-- Remove link until <port> tag is available -->
<para><application>Amanda</application> (Advanced Maryland
Network Disk Archiver) is a client/server backup system,
rather than a single program. An <application>Amanda</application> server will backup to
a single tape drive any number of computers that have <application>Amanda</application>
clients and a network connection to the <application>Amanda</application> server. A
common problem at sites with a number of large disks is
that the length of time required to backup to data directly to tape
exceeds the amount of time available for the task. <application>Amanda</application>
solves this problem. <application>Amanda</application> can use a <quote>holding disk</quote> to
backup several file systems at the same time. <application>Amanda</application> creates
<quote>archive sets</quote>: a group of tapes used over a period of time to
create full backups of all the file systems listed in <application>Amanda</application>'s
configuration file. The <quote>archive set</quote> also contains nightly
incremental (or differential) backups of all the file systems.
Restoring a damaged file system requires the most recent full
backup and the incremental backups.</para>
<para>The configuration file provides fine control of backups and the
network traffic that <application>Amanda</application> generates. <application>Amanda</application> will use any of the
above backup programs to write the data to tape. <application>Amanda</application> is available
as either a port or a package, it is not installed by default.</para>
</sect2>
<sect2>
<title>Do Nothing</title>
<para><quote>Do nothing</quote> is not a computer program, but it is the
most widely used backup strategy. There are no initial costs. There
is no backup schedule to follow. Just say no. If something happens
to your data, grin and bear it!</para>
<para>If your time and your data is worth little to nothing, then
<quote>Do nothing</quote> is the most suitable backup program for your
computer. But beware, &unix; is a useful tool, you may find that within
six months you have a collection of files that are valuable to
you.</para>
<para><quote>Do nothing</quote> is the correct backup method for
<filename>/usr/obj</filename> and other directory trees that can be
exactly recreated by your computer. An example is the files that
comprise the HTML or &postscript; version of this Handbook.
These document formats have been created from SGML input
files. Creating backups of the HTML or &postscript; files is
not necessary. The SGML files are backed up regularly.</para>
</sect2>
<sect2>
<title>Which Backup Program Is Best?</title>
<indexterm>
<primary>LISA</primary>
</indexterm>
<para>&man.dump.8; <emphasis>Period.</emphasis> Elizabeth D. Zwicky
torture tested all the backup programs discussed here. The clear
choice for preserving all your data and all the peculiarities of &unix;
file systems is <command>dump</command>. Elizabeth created file systems containing
a large variety of unusual conditions (and some not so unusual ones)
and tested each program by doing a backup and restore of those
file systems. The peculiarities included: files with holes, files with
holes and a block of nulls, files with funny characters in their
names, unreadable and unwritable files, devices, files that change
size during the backup, files that are created/deleted during the
backup and more. She presented the results at LISA V in Oct. 1991.
See <ulink
url="http://berdmann.dyndns.org/zwicky/testdump.doc.html">torture-testing
Backup and Archive Programs</ulink>.</para>
</sect2>
<sect2>
<title>Emergency Restore Procedure</title>
<sect3>
<title>Before the Disaster</title>
<para>There are only four steps that you need to perform in
preparation for any disaster that may occur.</para>
<indexterm>
<primary><command>bsdlabel</command></primary>
</indexterm>
<para>First, print the bsdlabel from each of your disks
(e.g. <command>bsdlabel da0 | lpr</command>), your file system table
(<filename>/etc/fstab</filename>) and all boot messages,
two copies of
each.</para>
<indexterm><primary>fix-it floppies</primary></indexterm>
<para>Second, determine that the boot and fix-it floppies
(<filename>boot.flp</filename> and <filename>fixit.flp</filename>)
have all your devices. The easiest way to check is to reboot your
machine with the boot floppy in the floppy drive and check the boot
messages. If all your devices are listed and functional, skip on to
step three.</para>
<para>Otherwise, you have to create two custom bootable
floppies which have a kernel that can mount all of your disks
and access your tape drive. These floppies must contain:
<command>fdisk</command>, <command>bsdlabel</command>,
<command>newfs</command>, <command>mount</command>, and
whichever backup program you use. These programs must be
statically linked. If you use <command>dump</command>, the
floppy must contain <command>restore</command>.</para>
<para>Third, create backup tapes regularly. Any changes that you make
after your last backup may be irretrievably lost. Write-protect the
backup tapes.</para>
<para>Fourth, test the floppies (either <filename>boot.flp</filename>
and <filename>fixit.flp</filename> or the two custom bootable
floppies you made in step two.) and backup tapes. Make notes of the
procedure. Store these notes with the bootable floppy, the
printouts and the backup tapes. You will be so distraught when
restoring that the notes may prevent you from destroying your backup
tapes (How? In place of <command>tar xvf /dev/sa0</command>, you
might accidentally type <command>tar cvf /dev/sa0</command> and
over-write your backup tape).</para>
<para>For an added measure of security, make bootable floppies and two
backup tapes each time. Store one of each at a remote location. A
remote location is NOT the basement of the same office building. A
number of firms in the World Trade Center learned this lesson the
hard way. A remote location should be physically separated from
your computers and disk drives by a significant distance.</para>
<example>
<title>A Script for Creating a Bootable Floppy</title>
<programlisting><![ CDATA [#!/bin/sh
#
# create a restore floppy
#
# format the floppy
#
PATH=/bin:/sbin:/usr/sbin:/usr/bin
fdformat -q fd0
if [ $? -ne 0 ]
then
echo "Bad floppy, please use a new one"
exit 1
fi
# place boot blocks on the floppy
#
bsdlabel -w -B /dev/fd0c fd1440
#
# newfs the one and only partition
#
newfs -t 2 -u 18 -l 1 -c 40 -i 5120 -m 5 -o space /dev/fd0a
#
# mount the new floppy
#
mount /dev/fd0a /mnt
#
# create required directories
#
mkdir /mnt/dev
mkdir /mnt/bin
mkdir /mnt/sbin
mkdir /mnt/etc
mkdir /mnt/root
mkdir /mnt/mnt # for the root partition
mkdir /mnt/tmp
mkdir /mnt/var
#
# populate the directories
#
if [ ! -x /sys/compile/MINI/kernel ]
then
cat &lt;&lt; EOM
The MINI kernel does not exist, please create one.
Here is an example config file:
#
# MINI -- A kernel to get FreeBSD onto a disk.
#
machine "i386"
cpu "I486_CPU"
ident MINI
maxusers 5
options INET # needed for _tcp _icmpstat _ipstat
# _udpstat _tcpstat _udb
options FFS #Berkeley Fast File System
options FAT_CURSOR #block cursor in syscons or pccons
options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device
options NCONS=2 #1 virtual consoles
options USERCONFIG #Allow user configuration with -c XXX
config kernel root on da0 swap on da0 and da1 dumps on da0
device isa0
device pci0
device fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
device fd0 at fdc0 drive 0
device ncr0
device scbus0
device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
device da0
device da1
device da2
device sa0
pseudo-device loop # required by INET
pseudo-device gzip # Exec gzipped a.out's
EOM
exit 1
fi
cp -f /sys/compile/MINI/kernel /mnt
gzip -c -best /sbin/init &gt; /mnt/sbin/init
gzip -c -best /sbin/fsck &gt; /mnt/sbin/fsck
gzip -c -best /sbin/mount &gt; /mnt/sbin/mount
gzip -c -best /sbin/halt &gt; /mnt/sbin/halt
gzip -c -best /sbin/restore &gt; /mnt/sbin/restore
gzip -c -best /bin/sh &gt; /mnt/bin/sh
gzip -c -best /bin/sync &gt; /mnt/bin/sync
cp /root/.profile /mnt/root
cp -f /dev/MAKEDEV /mnt/dev
chmod 755 /mnt/dev/MAKEDEV
chmod 500 /mnt/sbin/init
chmod 555 /mnt/sbin/fsck /mnt/sbin/mount /mnt/sbin/halt
chmod 555 /mnt/bin/sh /mnt/bin/sync
chmod 6555 /mnt/sbin/restore
#
# create the devices nodes
#
cd /mnt/dev
./MAKEDEV std
./MAKEDEV da0
./MAKEDEV da1
./MAKEDEV da2
./MAKEDEV sa0
./MAKEDEV pty0
cd /
#
# create minimum file system table
#
cat &gt; /mnt/etc/fstab &lt;&lt;EOM
/dev/fd0a / ufs rw 1 1
EOM
#
# create minimum passwd file
#
cat &gt; /mnt/etc/passwd &lt;&lt;EOM
root:*:0:0:Charlie &:/root:/bin/sh
EOM
cat &gt; /mnt/etc/master.passwd &lt;&lt;EOM
root::0:0::0:0:Charlie &:/root:/bin/sh
EOM
chmod 600 /mnt/etc/master.passwd
chmod 644 /mnt/etc/passwd
/usr/sbin/pwd_mkdb -d/mnt/etc /mnt/etc/master.passwd
#
# umount the floppy and inform the user
#
/sbin/umount /mnt
echo "The floppy has been unmounted and is now ready."]]></programlisting>
</example>
</sect3>
<sect3>
<title>After the Disaster</title>
<para>The key question is: did your hardware survive? You have been
doing regular backups so there is no need to worry about the
software.</para>
<para>If the hardware has been damaged, the parts should be replaced
before attempting to use the computer.</para>
<para>If your hardware is okay, check your floppies. If you are using
a custom boot floppy, boot single-user (type <literal>-s</literal>
at the <prompt>boot:</prompt> prompt). Skip the following
paragraph.</para>
<para>If you are using the <filename>boot.flp</filename> and
<filename>fixit.flp</filename> floppies, keep reading. Insert the
<filename>boot.flp</filename> floppy in the first floppy drive and
boot the computer. The original install menu will be displayed on
the screen. Select the <literal>Fixit--Repair mode with CDROM or
floppy.</literal> option. Insert the
<filename>fixit.flp</filename> when prompted.
<command>restore</command> and the other programs that you need are
located in <filename class="directory">/mnt2/rescue</filename>
(<filename class="directory">/mnt2/stand</filename> for
&os; versions older than 5.2).</para>
<para>Recover each file system separately.</para>
<indexterm>
<primary><command>mount</command></primary>
</indexterm>
<indexterm><primary>root partition</primary></indexterm>
<indexterm>
<primary><command>bsdlabel</command></primary>
</indexterm>
<indexterm>
<primary><command>newfs</command></primary>
</indexterm>
<para>Try to <command>mount</command> (e.g. <command>mount /dev/da0a
/mnt</command>) the root partition of your first disk. If the
bsdlabel was damaged, use <command>bsdlabel</command> to re-partition and
label the disk to match the label that you printed and saved. Use
<command>newfs</command> to re-create the file systems. Re-mount the root
partition of the floppy read-write (<command>mount -u -o rw
/mnt</command>). Use your backup program and backup tapes to
recover the data for this file system (e.g. <command>restore vrf
/dev/sa0</command>). Unmount the file system (e.g. <command>umount
/mnt</command>). Repeat for each file system that was
damaged.</para>
<para>Once your system is running, backup your data onto new tapes.
Whatever caused the crash or data loss may strike again. Another
hour spent now may save you from further distress later.</para>
</sect3>
<![ %not.published; [
<sect3>
<title>* I Did Not Prepare for the Disaster, What Now?</title>
<para></para>
</sect3>
]]>
</sect2>
</sect1>
<sect1 id="disks-virtual">
<sect1info>
<authorgroup>
<author>
<firstname>Marc</firstname>
<surname>Fonvieille</surname>
<contrib>Reorganized and enhanced by </contrib>
</author>
</authorgroup>
</sect1info>
<title>Network, Memory, and File-Backed File Systems</title>
<indexterm><primary>virtual disks</primary></indexterm>
<indexterm>
<primary>disks</primary>
<secondary>virtual</secondary>
</indexterm>
<para>Aside from the disks you physically insert into your computer:
floppies, CDs, hard drives, and so forth; other forms of disks
are understood by FreeBSD - the <firstterm>virtual
disks</firstterm>.</para>
<indexterm><primary>NFS</primary></indexterm>
<indexterm><primary>Coda</primary></indexterm>
<indexterm>
<primary>disks</primary>
<secondary>memory</secondary>
</indexterm>
<para>These include network file systems such as the <link
linkend="network-nfs">Network File System</link> and Coda, memory-based
file systems and
file-backed file systems.</para>
<para>According to the FreeBSD version you run, you will have to use
different tools for creation and use of file-backed and
memory-based file systems.</para>
<note>
<para>Use &man.devfs.5; to allocate device nodes transparently for the
user.</para>
</note>
<sect2 id="disks-mdconfig">
<title>File-Backed File System</title>
<indexterm>
<primary>disks</primary>
<secondary>file-backed</secondary>
</indexterm>
<para>The utility &man.mdconfig.8; is used to configure and enable
memory disks, &man.md.4;, under FreeBSD. To use
&man.mdconfig.8;, you have to load &man.md.4; module or to add
the support in your kernel configuration file:</para>
<programlisting>device md</programlisting>
<para>The &man.mdconfig.8; command supports three kinds of
memory backed virtual disks: memory disks allocated with
&man.malloc.9;, memory disks using a file or swap space as
backing. One possible use is the mounting of floppy
or CD images kept in files.</para>
<para>To mount an existing file system image:</para>
<example>
<title>Using <command>mdconfig</command> to Mount an Existing File System
Image</title>
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>diskimage</replaceable> -u <replaceable>0</replaceable></userinput>
&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>
</example>
<para>To create a new file system image with &man.mdconfig.8;:</para>
<example>
<title>Creating a New File-Backed Disk with <command>mdconfig</command></title>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
5120+0 records in
5120+0 records out
&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>newimage</replaceable> -u <replaceable>0</replaceable></userinput>
&prompt.root; <userinput>bsdlabel -w md<replaceable>0</replaceable> auto</userinput>
&prompt.root; <userinput>newfs md<replaceable>0</replaceable>a</userinput>
/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
super-block backups (for fsck -b #) at:
160, 2720, 5280, 7840
&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable>a <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md0a 4710 4 4330 0% /mnt</screen>
</example>
<para>If you do not specify the unit number with the
<option>-u</option> option, &man.mdconfig.8; will use the
&man.md.4; automatic allocation to select an unused device.
The name of the allocated unit will be output on stdout like
<devicename>md4</devicename>. For more details about
&man.mdconfig.8;, please refer to the manual page.</para>
<para>The utility &man.mdconfig.8; is very useful, however it
asks many command lines to create a file-backed file system.
FreeBSD also comes with a tool called &man.mdmfs.8;,
this program configures a &man.md.4; disk using
&man.mdconfig.8;, puts a UFS file system on it using
&man.newfs.8;, and mounts it using &man.mount.8;. For example,
if you want to create and mount the same file system image as
above, simply type the following:</para>
<example>
<title>Configure and Mount a File-Backed Disk with <command>mdmfs</command></title>
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
5120+0 records in
5120+0 records out
&prompt.root; <userinput>mdmfs -F <replaceable>newimage</replaceable> -s <replaceable>5</replaceable>m md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md0 4718 4 4338 0% /mnt</screen>
</example>
<para>If you use the option <option>md</option> without unit
number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to
automatically select an unused device. For more details
about &man.mdmfs.8;, please refer to the manual page.</para>
</sect2>
<sect2 id="disks-md-freebsd5">
<title>Memory-Based File System</title>
<indexterm>
<primary>disks</primary>
<secondary>memory file system</secondary>
</indexterm>
<para>For a
memory-based file system the <quote>swap backing</quote>
should normally be used. Using swap backing does not mean
that the memory disk will be swapped out to disk by default,
but merely that the memory disk will be allocated from a
memory pool which can be swapped out to disk if needed. It is
also possible to create memory-based disk which are
&man.malloc.9; backed, but using malloc backed memory disks,
especially large ones, can result in a system panic if the
kernel runs out of memory.</para>
<example>
<title>Creating a New Memory-Based Disk with
<command>mdconfig</command></title>
<screen>&prompt.root; <userinput>mdconfig -a -t malloc -s <replaceable>5</replaceable>m -u <replaceable>1</replaceable></userinput>
&prompt.root; <userinput>newfs -U md<replaceable>1</replaceable></userinput>
/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
with soft updates
super-block backups (for fsck -b #) at:
32, 2624, 5216, 7808
&prompt.root; <userinput>mount /dev/md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md1 4846 2 4458 0% /mnt</screen>
</example>
<example>
<title>Creating a New Memory-Based Disk with
<command>mdmfs</command></title>
<screen>&prompt.root; <userinput>mdmfs -M -s <replaceable>5</replaceable>m md<replaceable>2</replaceable> <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md2 4846 2 4458 0% /mnt</screen>
</example>
<para>Instead of using a &man.malloc.9; backed file system, it is
possible to use swap, for that just replace
<option>malloc</option> with <option>swap</option> in the
command line of &man.mdconfig.8;. The &man.mdmfs.8; utility
by default (without <option>-M</option>) creates a swap-based
disk. For more details, please refer to &man.mdconfig.8;
and &man.mdmfs.8; manual pages.</para>
</sect2>
<sect2>
<title>Detaching a Memory Disk from the System</title>
<indexterm>
<primary>disks</primary>
<secondary>detaching a memory disk</secondary>
</indexterm>
<para>When a memory-based or file-based file system
is not used, you should release all resources to the system.
The first thing to do is to unmount the file system, then use
&man.mdconfig.8; to detach the disk from the system and release
the resources.</para>
<para>For example to detach and free all resources used by
<filename>/dev/md4</filename>:</para>
<screen>&prompt.root; <userinput>mdconfig -d -u <replaceable>4</replaceable></userinput></screen>
<para>It is possible to list information about configured
&man.md.4; devices in using the command <command>mdconfig
-l</command>.</para>
</sect2>
</sect1>
<sect1 id="snapshots">
<sect1info>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Rhodes</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
<!-- 15 JUL 2002 -->
</sect1info>
<title>File System Snapshots</title>
<indexterm>
<primary>file systems</primary>
<secondary>snapshots</secondary>
</indexterm>
<para>FreeBSD offers a feature in conjunction with
<link linkend="soft-updates">Soft Updates</link>: File system snapshots.</para>
<para>Snapshots allow a user to create images of specified file
systems, and treat them as a file.
Snapshot files must be created in the file system that the
action is performed on, and a user may create no more than 20
snapshots per file system. Active snapshots are recorded
in the superblock so they are persistent across unmount and
remount operations along with system reboots. When a snapshot
is no longer required, it can be removed with the standard &man.rm.1;
command. Snapshots may be removed in any order,
however all the used space may not be acquired because another snapshot will
possibly claim some of the released blocks.</para>
<para>The un-alterable <option>snapshot</option> file flag is set
by &man.mksnap.ffs.8; after initial creation of a snapshot file.
The &man.unlink.1; command makes an exception for snapshot files
since it allows them to be removed.</para>
<para>Snapshots are created with the &man.mount.8; command. To place
a snapshot of <filename>/var</filename> in the file
<filename>/var/snapshot/snap</filename> use the following
command:</para>
<screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>
<para>Alternatively, you can use &man.mksnap.ffs.8; to create
a snapshot:</para>
<screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>
<para>One can find snapshot files on a file system (e.g. <filename>/var</filename>)
by using the &man.find.1; command:</para>
<screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>
<para>Once a snapshot has been created, it has several
uses:</para>
<itemizedlist>
<listitem>
<para>Some administrators will use a snapshot file for backup purposes,
because the snapshot can be transfered to CDs or tape.</para>
</listitem>
<listitem>
<para>File integrity, &man.fsck.8; may be ran on the snapshot.
Assuming that the file system was clean when it was mounted, you
should always get a clean (and unchanging) result.
This is essentially what the
background &man.fsck.8; process does.</para>
</listitem>
<listitem>
<para>Run the &man.dump.8; utility on the snapshot.
A dump will be returned that is consistent with the
file system and the timestamp of the snapshot. &man.dump.8;
can also take a snapshot, create a dump image and then
remove the snapshot in one command using the
<option>-L</option> flag.</para>
</listitem>
<listitem>
<para>&man.mount.8; the snapshot as a frozen image of the file system.
To &man.mount.8; the snapshot
<filename>/var/snapshot/snap</filename> run:</para>
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /var/snapshot/snap -u 4</userinput>
&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
</listitem>
</itemizedlist>
<para>You can now walk the hierarchy of your frozen <filename>/var</filename>
file system mounted at <filename>/mnt</filename>. Everything will
initially be in the same state it was during the snapshot creation time.
The only exception is that any earlier snapshots will appear
as zero length files. When the use of a snapshot has delimited,
it can be unmounted with:</para>
<screen>&prompt.root; <userinput>umount /mnt</userinput>
&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
<para>For more information about <option>softupdates</option> and
file system snapshots, including technical papers, you can visit
Marshall Kirk McKusick's website at
<ulink url="http://www.mckusick.com/"></ulink>.</para>
</sect1>
<sect1 id="quotas">
<title>磁碟空間配額(Quota)</title>
<indexterm>
<primary>accounting</primary>
<secondary>disk space</secondary>
</indexterm>
<indexterm><primary>disk quotas</primary></indexterm>
<para>磁碟配額(Quota)屬於作業系統上的選用功能,
可以用來限制使用者或群組的可用空間大小,或者檔案的總數多寡。
這功能通常用在多人共用的系統環境上,
因為要限制各使用者或各群組所能運用的系統資源。
如此一來,就可避免磁碟空間被某使用者或某群組全部耗盡。</para>
<sect2>
<title>啟用磁碟配額</title>
<para>在用磁碟配額之前,請先確認 kernel 已經有作相關設定,也就是
kernel 設定檔要有下面這行:</para>
<programlisting>options QUOTA</programlisting>
<para>預設的 <filename>GENERIC</filename> kernel 並不會加上這項,
所以若要啟用就必需加上,並重新編譯、安裝 kernel。 kernel
設定部分可參閱 <xref linkend="kernelconfig"/> 的說明。</para>
<para>接著就是在 <filename>/etc/rc.conf</filename> 設定啟動磁碟配額。
請加上下列這行:</para>
<programlisting>enable_quotas="YES"</programlisting>
<indexterm>
<primary>disk quotas</primary>
<secondary>checking</secondary>
</indexterm>
<para>為了能更完善的控管磁碟配額的啟動,還有一個設定可以用。 通常開機時,
&man.quotacheck.8; 程式會檢查各檔案系統上的配額。
&man.quotacheck.8; 可以確保配額資料庫的資料與實際檔案系統的資料有符合。
但這功能也會在開機時,會對啟動時間造成相當明顯的影響。
若想跳過這步驟,則可以在 <filename>/etc/rc.conf</filename> 加上:</para>
<programlisting>check_quotas="NO"</programlisting>
<para>最後,要記得改 <filename>/etc/fstab</filename>
來啟用以檔案系統為對象的磁碟配額功能。 也可以啟用針對使用者或群組,
或者兩者皆有之的磁碟配額。</para>
<para>若要啟用針對使用者的配額,可以在 <filename>/etc/fstab</filename>
內要設定的檔案系統加上 <option>userquota</option> 選項。 比如:</para>
<programlisting>/dev/da1s2g /home ufs rw,userquota 1 2</programlisting>
<para>同理若要啟用針對群組的配額,則把剛剛的 <option>userquota</option>
換成 <option>groupquota</option> 即可。 而若要兩者同時啟用,
那麼則是:</para>
<programlisting>/dev/da1s2g /home ufs rw,userquota,groupquota 1 2</programlisting>
<para>針對使用者以及群組的磁碟配額設定檔,預設分別會放在該檔案系統根目錄的
<filename>quota.user</filename> 以及 <filename>quota.group</filename>
。 細節部分請參閱 &man.fstab.5;
雖然 &man.fstab.5; 提到可以為配額設定檔指定其他地方,但並不建議如此作,
因為各種磁碟配額管理工具並不見得對這些預設值能隨之彈性變化。</para>
<para>接下來就可以用新 kernel 來重開機。 <filename>/etc/rc</filename>
會自動執行相關指令以對 <filename>/etc/fstab</filename>
有設定配額管理的部分,作初始設定。
所以並不需要逐一手動產生相關空的配額設定檔。</para>
<para>正常操作過程中,並不需要手動執行 &man.quotacheck.8;&man.quotaon.8;
&man.quotaoff.8; 這些指令。 不過,若要更熟悉相關操作方式的話,
或許可以閱讀相關的 manual 線上說明。</para>
</sect2>
<sect2>
<title>設定配額限制</title>
<indexterm>
<primary>disk quotas</primary>
<secondary>limits</secondary>
</indexterm>
<para>一旦開始啟用配額管理之後,請記得確認是否有真的啟用。
可以打下列指令來作簡單檢查:</para>
<screen>&prompt.root; <userinput>quota -v</userinput></screen>
<para>應該可以看到有關各檔案系統的配額限量,
以及現在使用量的摘要訊息。</para>
<para>現在可以開始用 &man.edquota.8; 來設定各磁碟配額的限制。</para>
<para>有幾種選項可以用來限制使用者或群組所能運用的磁碟空間,
以及所能建立的檔案數量多寡。 可以依磁碟空間(block 配額)或檔案數量
(inode 配額),或者搭配兩者一起設定。 而每種限制還可以細分為兩類:
hard(硬性)上限、soft(彈性)上限。</para>
<indexterm><primary>hard limit</primary></indexterm>
<para>硬性上限是不能超過的。 一旦使用者達到硬性上限時,
就無法在該檔案系統上繼續使用更多的使用空間了。
舉例來說,若有位使用者的硬性上限為 500 KB而目前用了 490 KB
那麼他就只能再多用 10 KB 而已,若要新增的檔案有 11 KB 就會失敗。</para>
<indexterm><primary>soft limit</primary></indexterm>
<para>然而,彈性上限則可允許一定時間內的超額使用,這段期間稱為
grace period(寬限期),預設值是一週。 若使用者持續超額使用並超出
grace period 而逾期,則彈性上限就會轉為硬性上限,
而不允許該使用者繼續新增空間。
直到該使用者的空間已經清到低於彈性上限之後,才會重設
grace period。</para>
<para>下面則是使用 &man.edquota.8; 的例子。 在執行 &man.edquota.8;
時,會進入設定磁碟配額上限的編輯器內,至於是哪一種編輯器則視您的
<envar>EDITOR</envar> 環境變數而定,若沒設定 <envar>EDITOR</envar>
的話,則會用 <application>vi</application> 編輯器。</para>
<screen>&prompt.root; <userinput>edquota -u test</userinput></screen>
<programlisting>Quotas for user test:
/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
inodes in use: 7, limits (soft = 50, hard = 60)
/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
inodes in use: 0, limits (soft = 50, hard = 60)</programlisting>
<para>一般來說,每個啟動了磁碟配額的檔案系統都會有兩行設定。
第一行是 block 上限,而另一行則是 inode 上限。
若要更改磁碟配額上限,只需要修改後面的數值即可。 舉例來說,
要增加這位使用者的 block 上限部分:把彈性上限 50 調為 500
硬性上限則由 75 調為 600 ,只需修改下面這行:</para>
<programlisting>/usr: kbytes in use: 65, limits (soft = 50, hard = 75)</programlisting>
<para>改為下列:</para>
<programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>
<para>然後存檔離開後,新的配額設定就會立即生效。</para>
<para>有時候會想一次改大範圍 UID 的帳號設定,這時可以用 &man.edquota.8;
<option>-p</option> 參數功能來完成。 首先,
把某個帳號調為想要的相關配額,然後可以用
<command>edquota -p protouser startuid-enduid</command> 之類的方式來改。
舉例來說,假設 <username>test</username> 這帳號已經設定好相關配額,
然後要改的對象為 UID 從 10,000 到 19,999 的帳號,
那麼就可以下列指令來設定同樣的配額:</para>
<screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>
<para>細節說明請參閱 &man.edquota.8;</para>
</sect2>
<sect2>
<title>檢查磁碟配額設定、磁碟使用量</title>
<indexterm>
<primary>disk quotas</primary>
<secondary>checking</secondary>
</indexterm>
<para>可以用 &man.quota.1;&man.repquota.8; 來檢查磁碟配額設定,
以及磁碟使用量。 &man.quota.1; 可用來檢查單一使用者或群組的磁碟配額、
磁碟使用量。 不過一般帳號只能查自己的以及自己群組的磁碟配額、
磁碟使用量,只有系統管理者帳號才能察看所有使用者、
群組的配額設定與使用量。 而 &man.repquota.8;
則可以看到所有已啟動磁碟配額的檔案系統設定、磁碟使用量摘要。</para>
<para>下面例子則是在兩個有配額設定的檔案系統上,打
<command>quota -v</command> 的顯示結果:</para>
<programlisting>Disk quotas for user test (uid 1002):
Filesystem usage quota limit grace files quota limit grace
/usr 65* 50 75 5days 7 50 60
/usr/var 0 50 75 0 50 60</programlisting>
<indexterm><primary>grace period</primary></indexterm>
<para>在上面這例中,該使用者在 <filename>/usr</filename> 的彈性配額是
50 KB實際上已經超額多用 15 KB而 grace period 還有 5 天就逾期。
請注意這個星號 <literal>*</literal>
是表示目前該使用者已經超越其配額的彈性上限了。</para>
<para>一般來說,若使用者並沒有用到某個檔案系統,
那麼就算該檔案有啟用磁碟配額,在 &man.quota.1; 也不會顯示出來。
<option>-v</option> 參數則可以把這些檔案系統都全部列出來,
比如上例中的 <filename>/usr/var</filename></para>
</sect2>
<sect2>
<title>透過 NFS 使用磁碟配額</title>
<indexterm><primary>NFS</primary></indexterm>
<para>NFS server 端可以強制以 quota subsystem(配額子系統)來用磁碟配額。
而 NFS client 端則可以透過 &man.rpc.rquotad.8; daemon 來讓 &man.quota.1;
指令抓到相關配額資料,也就可以讓 client
端的使用者察看其配額的統計資料。</para>
<para>若要啟用 <command>rpc.rquotad</command>,可以在
<filename>/etc/inetd.conf</filename> 加上下列類似設定:</para>
<programlisting>rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>
<para>然後重啟 <command>inetd</command> 即可:</para>
<screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
</sect2>
</sect1>
<sect1 id="disks-encrypting">
<sect1info>
<authorgroup>
<author>
<firstname>Lucky</firstname>
<surname>Green</surname>
<contrib>Contributed by </contrib>
<affiliation>
<address><email>shamrock@cypherpunks.to</email></address>
</affiliation>
</author>
</authorgroup>
<!-- 11 MARCH 2003 -->
</sect1info>
<title>Encrypting Disk Partitions</title>
<indexterm>
<primary>disks</primary>
<secondary>encrypting</secondary></indexterm>
<para>FreeBSD offers excellent online protections against
unauthorized data access. File permissions and Mandatory
Access Control (MAC) (see <xref linkend="mac"/>) help prevent
unauthorized third-parties from accessing data while the operating
system is active and the computer is powered up. However,
the permissions enforced by the operating system are irrelevant if an
attacker has physical access to a computer and can simply move
the computer's hard drive to another system to copy and analyze
the sensitive data.</para>
<para>Regardless of how an attacker may have come into possession of
a hard drive or powered-down computer, both <application>GEOM
Based Disk Encryption (gbde)</application> and
<command>geli</command> cryptographic subsystems in &os; are able
to protect the data on the computer's file systems against even
highly-motivated attackers with significant resources. Unlike
cumbersome encryption methods that encrypt only individual files,
<command>gbde</command> and <command>geli</command> transparently
encrypt entire file systems. No cleartext ever touches the hard
drive's platter.</para>
<sect2>
<title>Disk Encryption with <application>gbde</application></title>
<procedure>
<step>
<title>Become <username>root</username></title>
<para>Configuring <application>gbde</application> requires
super-user privileges.</para>
<screen>&prompt.user; <userinput>su -</userinput>
Password:</screen>
</step>
<step>
<title>Add &man.gbde.4; Support to the Kernel Configuration File</title>
<para>Add the following line to the kernel configuration
file:</para>
<para><literal>options GEOM_BDE</literal></para>
<para>Rebuild the kernel as described in <xref
linkend="kernelconfig"/>.</para>
<para>Reboot into the new kernel.</para>
</step>
</procedure>
<sect3>
<title>Preparing the Encrypted Hard Drive</title>
<para>The following example assumes that you are adding a new hard
drive to your system that will hold a single encrypted partition.
This partition will be mounted as <filename>/private</filename>.
<application>gbde</application> can also be used to encrypt
<filename>/home</filename> and <filename>/var/mail</filename>, but
this requires more complex instructions which exceed the scope of
this introduction.</para>
<procedure>
<step>
<title>Add the New Hard Drive</title>
<para>Install the new drive to the system as explained in <xref
linkend="disks-adding"/>. For the purposes of this example,
a new hard drive partition has been added as
<filename>/dev/ad4s1c</filename>. The
<filename>/dev/ad0s1<replaceable>*</replaceable></filename>
devices represent existing standard FreeBSD partitions on
the example system.</para>
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
/dev/ad0s1a /dev/ad0s1d /dev/ad4</screen>
</step>
<step>
<title>Create a Directory to Hold gbde Lock Files</title>
<screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>
<para>The <application>gbde</application> lock file contains
information that <application>gbde</application> requires to
access encrypted partitions. Without access to the lock file,
<application>gbde</application> will not be able to decrypt
the data contained in the encrypted partition without
significant manual intervention which is not supported by the
software. Each encrypted partition uses a separate lock
file.</para>
</step>
<step>
<title>Initialize the gbde Partition</title>
<para>A <application>gbde</application> partition must be
initialized before it can be used. This initialization needs to
be performed only once:</para>
<screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c</userinput></screen>
<para>&man.gbde.8; will open your editor, permitting you to set
various configuration options in a template. For use with UFS1
or UFS2, set the sector_size to 2048:</para>
<programlisting>$<!-- This is not the space you are looking
for-->FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $
#
# Sector size is the smallest unit of data which can be read or written.
# Making it too small decreases performance and decreases available space.
# Making it too large may prevent filesystems from working. 512 is the
# minimum and always safe. For UFS, use the fragment size
#
sector_size = 2048
[...]
</programlisting>
<para>&man.gbde.8; will ask you twice to type the passphrase that
should be used to secure the data. The passphrase must be the
same both times. <application>gbde</application>'s ability to
protect your data depends entirely on the quality of the
passphrase that you choose.
<footnote>
<para>For tips on how to select a secure passphrase that is easy
to remember, see the <ulink
url="http://world.std.com/~reinhold/diceware.html">Diceware
Passphrase</ulink> website.</para></footnote></para>
<para>The <command>gbde init</command> command creates a lock
file for your <application>gbde</application> partition that in
this example is stored as
<filename>/etc/gbde/ad4s1c</filename>.</para>
<caution>
<para><application>gbde</application> lock files
<emphasis>must</emphasis> be backed up together with the
contents of any encrypted partitions. While deleting a lock
file alone cannot prevent a determined attacker from
decrypting a <application>gbde</application> partition,
without the lock file, the legitimate owner will be unable
to access the data on the encrypted partition without a
significant amount of work that is totally unsupported by
&man.gbde.8; and its designer.</para>
</caution>
</step>
<step>
<title>Attach the Encrypted Partition to the Kernel</title>
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
<para> You will be asked to provide the passphrase that you
selected during the initialization of the encrypted partition.
The new encrypted device will show up in
<filename>/dev</filename> as
<filename>/dev/device_name.bde</filename>:</para>
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde</screen>
</step>
<step>
<title>Create a File System on the Encrypted Device</title>
<para>Once the encrypted device has been attached to the kernel,
you can create a file system on the device. To create a file
system on the encrypted device, use &man.newfs.8;. Since it is
much faster to initialize a new UFS2 file system than it is to
initialize the old UFS1 file system, using &man.newfs.8; with
the <option>-O2</option> option is recommended.</para>
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
<note>
<para>The &man.newfs.8; command must be performed on an
attached <application>gbde</application> partition which
is identified by a
<filename><replaceable>*</replaceable>.bde</filename>
extension to the device name.</para>
</note>
</step>
<step>
<title>Mount the Encrypted Partition</title>
<para>Create a mount point for the encrypted file system.</para>
<screen>&prompt.root; <userinput>mkdir /private</userinput></screen>
<para>Mount the encrypted file system.</para>
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
</step>
<step>
<title>Verify That the Encrypted File System is Available</title>
<para>The encrypted file system should now be visible to
&man.df.1; and be available for use.</para>
<screen>&prompt.user; <userinput>df -H</userinput>
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 1037M 72M 883M 8% /
/devfs 1.0K 1.0K 0B 100% /dev
/dev/ad0s1f 8.1G 55K 7.5G 0% /home
/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
/dev/ad4s1c.bde 150G 4.1K 138G 0% /private</screen>
</step>
</procedure>
</sect3>
<sect3>
<title>Mounting Existing Encrypted File Systems</title>
<para>After each boot, any encrypted file systems must be
re-attached to the kernel, checked for errors, and mounted, before
the file systems can be used. The required commands must be
executed as user <username>root</username>.</para>
<procedure>
<step>
<title>Attach the gbde Partition to the Kernel</title>
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
<para>You will be asked to provide the passphrase that you
selected during initialization of the encrypted
<application>gbde</application> partition.</para>
</step>
<step>
<title>Check the File System for Errors</title>
<para>Since encrypted file systems cannot yet be listed in
<filename>/etc/fstab</filename> for automatic mounting, the
file systems must be checked for errors by running &man.fsck.8;
manually before mounting.</para>
<screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
</step>
<step>
<title>Mount the Encrypted File System</title>
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
<para>The encrypted file system is now available for use.</para>
</step>
</procedure>
<sect4>
<title>Automatically Mounting Encrypted Partitions</title>
<para>It is possible to create a script to automatically attach,
check, and mount an encrypted partition, but for security reasons
the script should not contain the &man.gbde.8; password. Instead,
it is recommended that such scripts be run manually while
providing the password via the console or &man.ssh.1;.</para>
<para>As of &os; 5.2-RELEASE, there is a new <filename>rc.d</filename> script
provided. Arguments for this script can be passed via
&man.rc.conf.5;, for example:</para>
<screen>gbde_autoattach_all="YES"
gbde_devices="ad4s1c"</screen>
<para>This will require that the <application>gbde</application>
passphrase be entered at boot time. After typing the correct
passphrase, the <application>gbde</application> encrypted
partition will be mounted automatically. This can be very
useful when using <application>gbde</application> on
notebooks.</para>
</sect4>
</sect3>
<sect3>
<title>Cryptographic Protections Employed by gbde</title>
<para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
CBC mode. Each sector on the disk is encrypted with a different
AES key. For more information on <application>gbde</application>'s
cryptographic design, including how the sector keys are derived
from the user-supplied passphrase, see &man.gbde.4;.</para>
</sect3>
<sect3>
<title>Compatibility Issues</title>
<para>&man.sysinstall.8; is incompatible with
<application>gbde</application>-encrypted devices. All
<devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
kernel before starting &man.sysinstall.8; or it will crash during
its initial probing for devices. To detach the encrypted device
used in our example, use the following command:</para>
<screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
<para>Also note that, as &man.vinum.4; does not use the
&man.geom.4; subsystem, you cannot use
<application>gbde</application> with
<application>vinum</application> volumes.</para>
</sect3>
</sect2>
<sect2>
<sect2info>
<authorgroup>
<author>
<firstname>Daniel</firstname>
<surname>Gerzo</surname>
<contrib>Contributed by </contrib>
</author>
</authorgroup>
<!-- Date of writing: 28 November 2005 -->
</sect2info>
<title>Disk Encryption with <command>geli</command></title>
<para>A new cryptographic GEOM class is available as of &os; 6.0 -
<command>geli</command>. It is currently being developed by
&a.pjd;. <command>Geli</command> is different to
<command>gbde</command>; it offers different features and uses
a different scheme for doing cryptographic work.</para>
<para>The most important features of &man.geli.8; are:</para>
<itemizedlist>
<listitem>
<para>Utilizes the &man.crypto.9; framework &mdash; when
cryptographic hardware is available, <command>geli</command>
will use it automatically.</para>
</listitem>
<listitem>
<para>Supports multiple cryptographic algorithms (currently
AES, Blowfish, and 3DES).</para>
</listitem>
<listitem>
<para>Allows the root partition to be encrypted. The
passphrase used to access the encrypted root partition will
be requested during the system boot.</para>
</listitem>
<listitem>
<para>Allows the use of two independent keys (e.g. a
<quote>key</quote> and a <quote>company key</quote>).</para>
</listitem>
<listitem>
<para><command>geli</command> is fast - performs simple
sector-to-sector encryption.</para>
</listitem>
<listitem>
<para>Allows backup and restore of Master Keys. When a user
has to destroy his keys, it will be possible to get access
to the data again by restoring keys from the backup.</para>
</listitem>
<listitem>
<para>Allows to attach a disk with a random, one-time key
&mdash; useful for swap partitions and temporary file
systems.</para>
</listitem>
</itemizedlist>
<para>More <command>geli</command> features can be found in the
&man.geli.8; manual page.</para>
<para>The next steps will describe how to enable support for
<command>geli</command> in the &os; kernel and will explain how
to create a new <command>geli</command> encryption provider. At
the end it will be demonstrated how to create an encrypted swap
partition using features provided by <command>geli</command>.</para>
<para>In order to use <command>geli</command>, you must be running
&os; 6.0-RELEASE or later. Super-user privileges will be
required since modifications to the kernel are necessary.</para>
<procedure>
<step>
<title>Adding <command>geli</command> Support to the Kernel
Configuration File</title>
<para>Add the following lines to the kernel configuration
file:</para>
<screen>options GEOM_ELI
device crypto</screen>
<para>Rebuild the kernel as described in <xref
linkend="kernelconfig"/>.</para>
<para>Alternatively, the <command>geli</command> module can
be loaded at boot time. Add the following line to the
<filename>/boot/loader.conf</filename>:</para>
<para><literal>geom_eli_load="YES"</literal></para>
<para>&man.geli.8; should now be supported by the kernel.</para>
</step>
<step>
<title>Generating the Master Key</title>
<para>The following example will describe how to generate a
key file, which will be used as part of the Master Key for
the encrypted provider mounted under
<filename role="directory">/private</filename>. The key
file will provide some random data used to encrypt the
Master Key. The Master Key will be protected by a
passphrase as well. Provider's sector size will be 4kB big.
Furthermore, the discussion will describe how to attach the
<command>geli</command> provider, create a file system on
it, how to mount it, how to work with it, and finally how to
detach it.</para>
<para>It is recommended to use a bigger sector size (like 4kB) for
better performance.</para>
<para>The Master Key will be protected with a passphrase and
the data source for key file will be
<filename>/dev/random</filename>. The sector size of
<filename>/dev/da2.eli</filename>, which we call provider,
will be 4kB.</para>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput>
&prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput>
Enter new passphrase:
Reenter new passphrase:</screen>
<para>It is not mandatory that both a passphrase and a key
file are used; either method of securing the Master Key can
be used in isolation.</para>
<para>If key file is given as <quote>-</quote>, standard
input will be used. This example shows how more than one
key file can be used.</para>
<screen>&prompt.root; <userinput>cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2</userinput></screen>
</step>
<step>
<title>Attaching the Provider with the generated Key</title>
<screen>&prompt.root; <userinput>geli attach -k /root/da2.key /dev/da2</userinput>
Enter passphrase:</screen>
<para>The new plaintext device will be named
<filename>/dev/<replaceable>da2</replaceable>.eli</filename>.</para>
<screen>&prompt.root; <userinput>ls /dev/da2*</userinput>
/dev/da2 /dev/da2.eli</screen>
</step>
<step>
<title>Creating the new File System</title>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/da2.eli bs=1m</userinput>
&prompt.root; <userinput>newfs /dev/da2.eli</userinput>
&prompt.root; <userinput>mount /dev/da2.eli /private</userinput></screen>
<para>The encrypted file system should be visible to &man.df.1;
and be available for use now.</para>
<screen>&prompt.root; <userinput>df -H</userinput>
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 248M 89M 139M 38% /
/devfs 1.0K 1.0K 0B 100% /dev
/dev/ad0s1f 7.7G 2.3G 4.9G 32% /usr
/dev/ad0s1d 989M 1.5M 909M 0% /tmp
/dev/ad0s1e 3.9G 1.3G 2.3G 35% /var
/dev/da2.eli 150G 4.1K 138G 0% /private</screen>
</step>
<step>
<title>Unmounting and Detaching the Provider</title>
<para>Once the work on the encrypted partition is done, and
the <filename role="directory">/private</filename> partition
is no longer needed, it is prudent to consider unmounting
and detaching the <command>geli</command> encrypted
partition from the kernel.</para>
<screen>&prompt.root; <userinput>umount /private</userinput>
&prompt.root; <userinput>geli detach da2.eli</userinput></screen>
</step>
</procedure>
<para>More information about the use of &man.geli.8; can be
found in the manual page.</para>
<sect3>
<title>Encrypting a Swap Partition</title>
<para>The following example demonstrates how to create a
<command>geli</command> encrypted swap partition.</para>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput>
&prompt.root; <userinput>geli onetime -d -a 3des ad0s1b</userinput>
&prompt.root; <userinput>swapon /dev/ad0s1b.eli</userinput></screen>
</sect3>
<sect3>
<title>Using the <filename>geli</filename> <filename>rc.d</filename> Script</title>
<para><command>geli</command> comes with a <filename>rc.d</filename> script which
can be used to simplify the usage of <command>geli</command>.
An example of configuring <command>geli</command> through
&man.rc.conf.5; follows:</para>
<screen>geli_devices="da2"
geli_da2_flags="-p -k /root/da2.key"</screen>
<para>This will configure <filename>/dev/da2</filename> as a
<command>geli</command> provider of which the Master Key file
is located in <filename>/root/da2.key</filename>, and
<command>geli</command> will not use a passphrase when
attaching the provider (note that this can only be used if -P
was given during the <command>geli</command> init phase). The
system will detach the <command>geli</command> provider from
the kernel before the system shuts down.</para>
<para>More information about configuring <filename>rc.d</filename> is provided in the
<link linkend="configtuning-rcd">rc.d</link> section of the
Handbook.</para>
</sect3>
</sect2>
</sect1>
<sect1 id="swap-encrypting">
<sect1info>
<authorgroup>
<author>
<firstname>Christian</firstname>
<surname>Br&uuml;ffer</surname>
<contrib>Written by </contrib>
</author>
</authorgroup>
</sect1info>
<title>Encrypting Swap Space</title>
<indexterm>
<primary>swap</primary>
<secondary>encrypting</secondary>
</indexterm>
<para>Swap encryption in &os; is easy to configure and has been
available since &os; 5.3-RELEASE. Depending on which version
of &os; is being used, different options are available
and configuration can vary slightly. From &os; 6.0-RELEASE onwards,
the &man.gbde.8; or &man.geli.8; encryption systems can be used
for swap encryption. With earlier versions, only &man.gbde.8; is
available. Both systems use the <filename>encswap</filename>
<link linkend="configtuning-rcd">rc.d</link> script.</para>
<para>The previous section, <link linkend="disks-encrypting">Encrypting
Disk Partitions</link>, includes a short discussion on the different
encryption systems.</para>
<sect2>
<title>Why should Swap be Encrypted?</title>
<para>Like the encryption of disk partitions, encryption of swap space
is done to protect sensitive information. Imagine an application
that e.g. deals with passwords. As long as these passwords stay in
physical memory, all is well. However, if the operating system starts
swapping out memory pages to free space for other applications, the
passwords may be written to the disk platters unencrypted and easy to
retrieve for an adversary. Encrypting swap space can be a solution for
this scenario.</para>
</sect2>
<sect2>
<title>Preparation</title>
<note>
<para>For the remainder of this section, <devicename>ad0s1b</devicename>
will be the swap partition.</para>
</note>
<para>Up to this point the swap has been unencrypted. It is possible that
there are already passwords or other sensitive data on the disk platters
in cleartext. To rectify this, the data on the swap partition should be
overwritten with random garbage:</para>
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
</sect2>
<sect2>
<title>Swap Encryption with &man.gbde.8;</title>
<para>If &os; 6.0-RELEASE or newer is being used, the
<literal>.bde</literal> suffix should be added to the device in the
respective <filename>/etc/fstab</filename> swap line:</para>
<screen>
# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1b.bde none swap sw 0 0
</screen>
<para>For systems prior to &os; 6.0-RELEASE, the following line
in <filename>/etc/rc.conf</filename> is also needed:</para>
<programlisting>gbde_swap_enable="YES"</programlisting>
</sect2>
<sect2>
<title>Swap Encryption with &man.geli.8;</title>
<para>Alternatively, the procedure for using &man.geli.8; for swap
encryption is similar to that of using &man.gbde.8;. The
<literal>.eli</literal> suffix should be added to the device in the
respective <filename>/etc/fstab</filename> swap line:</para>
<screen>
# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1b.eli none swap sw 0 0
</screen>
<para>&man.geli.8; uses the <acronym>AES</acronym> algorithm with
a key length of 256 bit by default.</para>
<para>Optionally, these defaults can be altered using the
<literal>geli_swap_flags</literal> option in
<filename>/etc/rc.conf</filename>. The following line tells the
<filename>encswap</filename> rc.d script to create &man.geli.8; swap
partitions using the Blowfish algorithm with a key length of 128 bit,
a sectorsize of 4 kilobytes and the <quote>detach on last close</quote>
option set:</para>
<programlisting>geli_swap_flags="-a blowfish -l 128 -s 4096 -d"</programlisting>
<para>Please refer to the description of the <command>onetime</command> command
in the &man.geli.8; manual page for a list of possible options.</para>
</sect2>
<sect2>
<title>Verifying that it Works</title>
<para>Once the system has been rebooted, proper operation of the
encrypted swap can be verified using the
<command>swapinfo</command> command.</para>
<para>If &man.gbde.8; is being used:</para>
<screen>&prompt.user; <userinput>swapinfo</userinput>
Device 1K-blocks Used Avail Capacity
/dev/ad0s1b.bde 542720 0 542720 0%
</screen>
<para>If &man.geli.8; is being used:</para>
<screen>&prompt.user; <userinput>swapinfo</userinput>
Device 1K-blocks Used Avail Capacity
/dev/ad0s1b.eli 542720 0 542720 0%
</screen>
</sect2>
</sect1>
</chapter>