diff --git a/en_US.ISO8859-1/books/handbook/Makefile b/en_US.ISO8859-1/books/handbook/Makefile
index 5f176c6f62..f2e41fc06f 100644
--- a/en_US.ISO8859-1/books/handbook/Makefile
+++ b/en_US.ISO8859-1/books/handbook/Makefile
@@ -1,348 +1,347 @@
#
# $FreeBSD$
#
# Build the FreeBSD Handbook.
#
# ------------------------------------------------------------------------
#
# Handbook-specific variables
#
# WITH_PGPKEYS The print version of the handbook only prints PGP
# fingerprints by default. If you would like for the
# entire key to be displayed, then set this variable.
# This option has no affect on the HTML formats.
#
# Handbook-specific targets
#
# pgpkeyring This target will read the contents of
# pgpkeys/chapter.xml and will extract all of
# the pgpkeys to standard out. This output can then
# be redirected into a file and distributed as a
# public keyring of FreeBSD developers that can
# easily be imported into PGP/GPG.
#
# ------------------------------------------------------------------------
#
# To add a new chapter to the Handbook:
#
# - Update this Makefile, chapters.ent and book.xml
# - Add a descriptive entry for the new chapter in preface/preface.xml
#
# ------------------------------------------------------------------------
.PATH: ${.CURDIR}/../../share/xml/glossary
MAINTAINER= doc@FreeBSD.org
DOC?= book
FORMATS?= html-split
HAS_INDEX= true
INSTALL_COMPRESSED?= gz
INSTALL_ONLY_COMPRESSED?=
IMAGES_EN = advanced-networking/isdn-bus.eps
IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps
IMAGES_EN+= advanced-networking/natd.eps
IMAGES_EN+= advanced-networking/net-routing.pic
IMAGES_EN+= advanced-networking/pxe-nfs.png
IMAGES_EN+= advanced-networking/static-routes.pic
IMAGES_EN+= bsdinstall/bsdinstall-adduser1.png
IMAGES_EN+= bsdinstall/bsdinstall-adduser2.png
IMAGES_EN+= bsdinstall/bsdinstall-adduser3.png
IMAGES_EN+= bsdinstall/bsdinstall-boot-loader-menu.png
IMAGES_EN+= bsdinstall/bsdinstall-choose-mode.png
IMAGES_EN+= bsdinstall/bsdinstall-config-components.png
IMAGES_EN+= bsdinstall/bsdinstall-config-hostname.png
IMAGES_EN+= bsdinstall/bsdinstall-config-keymap.png
IMAGES_EN+= bsdinstall/bsdinstall-config-services.png
IMAGES_EN+= bsdinstall/bsdinstall-config-crashdump.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-dhcp.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-static.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6-static.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-slaac.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-network-ipv4-dns.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-accesspoints.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-scan.png
IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-wpa2setup.png
IMAGES_EN+= bsdinstall/bsdinstall-distfile-extracting.png
IMAGES_EN+= bsdinstall/bsdinstall-distfile-fetching.png
IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.png
IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png
IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png
IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png
IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png
IMAGES_EN+= bsdinstall/bsdinstall-mainexit.png
IMAGES_EN+= bsdinstall/bsdinstall-netinstall-files.png
IMAGES_EN+= bsdinstall/bsdinstall-netinstall-mirrorselect.png
IMAGES_EN+= bsdinstall/bsdinstall-part-entire-part.png
IMAGES_EN+= bsdinstall/bsdinstall-part-guided-disk.png
IMAGES_EN+= bsdinstall/bsdinstall-part-guided-manual.png
IMAGES_EN+= bsdinstall/bsdinstall-part-manual-addpart.png
IMAGES_EN+= bsdinstall/bsdinstall-part-manual-create.png
IMAGES_EN+= bsdinstall/bsdinstall-part-manual-partscheme.png
IMAGES_EN+= bsdinstall/bsdinstall-part-review.png
IMAGES_EN+= bsdinstall/bsdinstall-post-root-passwd.png
IMAGES_EN+= bsdinstall/bsdinstall-set-clock-local-utc.png
IMAGES_EN+= bsdinstall/bsdinstall-timezone-confirm.png
IMAGES_EN+= bsdinstall/bsdinstall-timezone-country.png
IMAGES_EN+= bsdinstall/bsdinstall-timezone-region.png
IMAGES_EN+= bsdinstall/bsdinstall-timezone-zone.png
IMAGES_EN+= geom/striping.pic
IMAGES_EN+= install/adduser1.scr
IMAGES_EN+= install/adduser2.scr
IMAGES_EN+= install/adduser3.scr
IMAGES_EN+= install/boot-loader-menu.scr
IMAGES_EN+= install/boot-mgr.scr
IMAGES_EN+= install/config-country.scr
IMAGES_EN+= install/config-keymap.scr
IMAGES_EN+= install/console-saver1.scr
IMAGES_EN+= install/console-saver2.scr
IMAGES_EN+= install/console-saver3.scr
IMAGES_EN+= install/console-saver4.scr
IMAGES_EN+= install/disklabel-auto.scr
IMAGES_EN+= install/disklabel-ed1.scr
IMAGES_EN+= install/disklabel-ed2.scr
IMAGES_EN+= install/disklabel-fs.scr
IMAGES_EN+= install/disklabel-root1.scr
IMAGES_EN+= install/disklabel-root2.scr
IMAGES_EN+= install/disklabel-root3.scr
IMAGES_EN+= install/disk-layout.eps
IMAGES_EN+= install/dist-set.scr
IMAGES_EN+= install/dist-set2.scr
IMAGES_EN+= install/docmenu1.scr
IMAGES_EN+= install/ed0-conf.scr
IMAGES_EN+= install/ed0-conf2.scr
IMAGES_EN+= install/edit-inetd-conf.scr
IMAGES_EN+= install/fdisk-drive1.scr
IMAGES_EN+= install/fdisk-drive2.scr
IMAGES_EN+= install/fdisk-edit1.scr
IMAGES_EN+= install/fdisk-edit2.scr
IMAGES_EN+= install/ftp-anon1.scr
IMAGES_EN+= install/ftp-anon2.scr
IMAGES_EN+= install/hdwrconf.scr
IMAGES_EN+= install/keymap.scr
IMAGES_EN+= install/main1.scr
IMAGES_EN+= install/mainexit.scr
IMAGES_EN+= install/main-std.scr
IMAGES_EN+= install/main-options.scr
IMAGES_EN+= install/main-doc.scr
IMAGES_EN+= install/main-keymap.scr
IMAGES_EN+= install/media.scr
IMAGES_EN+= install/mouse1.scr
IMAGES_EN+= install/mouse2.scr
IMAGES_EN+= install/mouse3.scr
IMAGES_EN+= install/mouse4.scr
IMAGES_EN+= install/mouse5.scr
IMAGES_EN+= install/mouse6.scr
IMAGES_EN+= install/mta-main.scr
IMAGES_EN+= install/net-config-menu1.scr
IMAGES_EN+= install/net-config-menu2.scr
IMAGES_EN+= install/nfs-server-edit.scr
IMAGES_EN+= install/ntp-config.scr
IMAGES_EN+= install/options.scr
IMAGES_EN+= install/pkg-cat.scr
IMAGES_EN+= install/pkg-confirm.scr
IMAGES_EN+= install/pkg-install.scr
IMAGES_EN+= install/pkg-sel.scr
IMAGES_EN+= install/probstart.scr
IMAGES_EN+= install/routed.scr
IMAGES_EN+= install/security.scr
IMAGES_EN+= install/sysinstall-exit.scr
IMAGES_EN+= install/timezone1.scr
IMAGES_EN+= install/timezone2.scr
IMAGES_EN+= install/timezone3.scr
IMAGES_EN+= install/userconfig.scr
IMAGES_EN+= install/userconfig2.scr
IMAGES_EN+= mail/mutt1.scr
IMAGES_EN+= mail/mutt2.scr
IMAGES_EN+= mail/mutt3.scr
IMAGES_EN+= mail/pine1.scr
IMAGES_EN+= mail/pine2.scr
IMAGES_EN+= mail/pine3.scr
IMAGES_EN+= mail/pine4.scr
IMAGES_EN+= mail/pine5.scr
IMAGES_EN+= install/example-dir1.eps
IMAGES_EN+= install/example-dir2.eps
IMAGES_EN+= install/example-dir3.eps
IMAGES_EN+= install/example-dir4.eps
IMAGES_EN+= install/example-dir5.eps
IMAGES_EN+= security/ipsec-network.pic
IMAGES_EN+= security/ipsec-crypt-pkt.pic
IMAGES_EN+= security/ipsec-encap-pkt.pic
IMAGES_EN+= security/ipsec-out-pkt.pic
IMAGES_EN+= virtualization/parallels-freebsd1.png
IMAGES_EN+= virtualization/parallels-freebsd2.png
IMAGES_EN+= virtualization/parallels-freebsd3.png
IMAGES_EN+= virtualization/parallels-freebsd4.png
IMAGES_EN+= virtualization/parallels-freebsd5.png
IMAGES_EN+= virtualization/parallels-freebsd6.png
IMAGES_EN+= virtualization/parallels-freebsd7.png
IMAGES_EN+= virtualization/parallels-freebsd8.png
IMAGES_EN+= virtualization/parallels-freebsd9.png
IMAGES_EN+= virtualization/parallels-freebsd10.png
IMAGES_EN+= virtualization/parallels-freebsd11.png
IMAGES_EN+= virtualization/parallels-freebsd12.png
IMAGES_EN+= virtualization/parallels-freebsd13.png
IMAGES_EN+= virtualization/virtualpc-freebsd1.png
IMAGES_EN+= virtualization/virtualpc-freebsd2.png
IMAGES_EN+= virtualization/virtualpc-freebsd3.png
IMAGES_EN+= virtualization/virtualpc-freebsd4.png
IMAGES_EN+= virtualization/virtualpc-freebsd5.png
IMAGES_EN+= virtualization/virtualpc-freebsd6.png
IMAGES_EN+= virtualization/virtualpc-freebsd7.png
IMAGES_EN+= virtualization/virtualpc-freebsd8.png
IMAGES_EN+= virtualization/virtualpc-freebsd9.png
IMAGES_EN+= virtualization/virtualpc-freebsd10.png
IMAGES_EN+= virtualization/virtualpc-freebsd11.png
IMAGES_EN+= virtualization/virtualpc-freebsd12.png
IMAGES_EN+= virtualization/virtualpc-freebsd13.png
IMAGES_EN+= virtualization/vmware-freebsd01.png
IMAGES_EN+= virtualization/vmware-freebsd02.png
IMAGES_EN+= virtualization/vmware-freebsd03.png
IMAGES_EN+= virtualization/vmware-freebsd04.png
IMAGES_EN+= virtualization/vmware-freebsd05.png
IMAGES_EN+= virtualization/vmware-freebsd06.png
IMAGES_EN+= virtualization/vmware-freebsd07.png
IMAGES_EN+= virtualization/vmware-freebsd08.png
IMAGES_EN+= virtualization/vmware-freebsd09.png
IMAGES_EN+= virtualization/vmware-freebsd10.png
IMAGES_EN+= virtualization/vmware-freebsd11.png
IMAGES_EN+= virtualization/vmware-freebsd12.png
# Images from the cross-document image library
IMAGES_LIB= callouts/1.png
IMAGES_LIB+= callouts/2.png
IMAGES_LIB+= callouts/3.png
IMAGES_LIB+= callouts/4.png
IMAGES_LIB+= callouts/5.png
IMAGES_LIB+= callouts/6.png
IMAGES_LIB+= callouts/7.png
IMAGES_LIB+= callouts/8.png
IMAGES_LIB+= callouts/9.png
IMAGES_LIB+= callouts/10.png
IMAGES_LIB+= callouts/11.png
IMAGES_LIB+= callouts/12.png
IMAGES_LIB+= callouts/13.png
IMAGES_LIB+= callouts/14.png
IMAGES_LIB+= callouts/15.png
#
# SRCS lists the individual XML files that make up the document. Changes
# to any of these files will force a rebuild
#
# XML content
SRCS+= audit/chapter.xml
SRCS+= book.xml
SRCS+= bsdinstall/chapter.xml
SRCS+= colophon.xml
SRCS+= dtrace/chapter.xml
SRCS+= advanced-networking/chapter.xml
SRCS+= basics/chapter.xml
SRCS+= bibliography/chapter.xml
SRCS+= boot/chapter.xml
SRCS+= config/chapter.xml
SRCS+= cutting-edge/chapter.xml
SRCS+= desktop/chapter.xml
SRCS+= disks/chapter.xml
SRCS+= eresources/chapter.xml
SRCS+= firewalls/chapter.xml
SRCS+= filesystems/chapter.xml
SRCS+= geom/chapter.xml
SRCS+= install/chapter.xml
SRCS+= introduction/chapter.xml
SRCS+= jails/chapter.xml
SRCS+= kernelconfig/chapter.xml
SRCS+= l10n/chapter.xml
SRCS+= linuxemu/chapter.xml
SRCS+= mac/chapter.xml
SRCS+= mail/chapter.xml
SRCS+= mirrors/chapter.xml
SRCS+= multimedia/chapter.xml
SRCS+= network-servers/chapter.xml
SRCS+= pgpkeys/chapter.xml
SRCS+= ports/chapter.xml
SRCS+= ppp-and-slip/chapter.xml
SRCS+= preface/preface.xml
SRCS+= printing/chapter.xml
SRCS+= security/chapter.xml
SRCS+= serialcomms/chapter.xml
-SRCS+= users/chapter.xml
SRCS+= virtualization/chapter.xml
SRCS+= x11/chapter.xml
# Entities
SRCS+= chapters.ent
SYMLINKS= ${DESTDIR} index.html handbook.html
# Turn on all the chapters.
CHAPTERS?= ${SRCS:M*chapter.xml}
XMLFLAGS+= ${CHAPTERS:S/\/chapter.xml//:S/^/-i chap./}
XMLFLAGS+= -i chap.freebsd-glossary
pgpkeyring: pgpkeys/chapter.xml ${DOC}.parsed.xml
@${XSLTPROC} ${XSLPGP} ${DOC}.parsed.xml
#
# Handbook-specific variables
#
.if defined(WITH_PGPKEYS)
JADEFLAGS+= -V withpgpkeys
.endif
URL_RELPREFIX?= ../../../..
DOC_PREFIX?= ${.CURDIR}/../../..
#
# rules generating lists of mirror site from XML database.
#
XMLDOCS= lastmod:::mirrors.lastmod.inc \
mirrors-ftp-index:::mirrors.xml.ftp.index.inc \
mirrors-ftp:::mirrors.xml.ftp.inc \
mirrors-cvsup-index:::mirrors.xml.cvsup.index.inc \
mirrors-cvsup:::mirrors.xml.cvsup.inc \
eresources-index:::eresources.xml.www.index.inc \
eresources:::eresources.xml.www.inc
DEPENDSET.DEFAULT= transtable mirror
XSLT.DEFAULT= ${XSL_MIRRORS}
XML.DEFAULT= ${XML_MIRRORS}
PARAMS.lastmod+= --param 'target' "'lastmod'"
PARAMS.mirrors-ftp-index+= --param 'type' "'ftp'" \
--param 'proto' "'ftp'" \
--param 'target' "'index'"
PARAMS.mirrors-ftp+= --param 'type' "'ftp'" \
--param 'proto' "'ftp'" \
--param 'target' "'handbook/mirrors/chapter.xml'"
PARAMS.mirrors-cvsup-index+= --param 'type' "'cvsup'" \
--param 'proto' "'cvsup'" \
--param 'target' "'index'"
PARAMS.mirrors-cvsup+= --param 'type' "'cvsup'" \
--param 'proto' "'cvsup'" \
--param 'target' "'handbook/mirrors/chapter.xml'"
PARAMS.eresources-index+= --param 'type' "'www'" \
--param 'proto' "'http'" \
--param 'target' "'index'"
PARAMS.eresources+= --param 'type' "'www'" \
--param 'proto' "'http'" \
--param 'target' "'handbook/eresources/chapter.xml'"
SRCS+= mirrors.lastmod.inc \
mirrors.xml.ftp.inc \
mirrors.xml.ftp.index.inc \
mirrors.xml.cvsup.inc \
mirrors.xml.cvsup.index.inc \
eresources.xml.www.inc \
eresources.xml.www.index.inc
.include "${DOC_PREFIX}/share/mk/doc.project.mk"
diff --git a/en_US.ISO8859-1/books/handbook/basics/chapter.xml b/en_US.ISO8859-1/books/handbook/basics/chapter.xml
index 2d6e0c3171..58d0ebfa43 100644
--- a/en_US.ISO8859-1/books/handbook/basics/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/basics/chapter.xml
@@ -1,2517 +1,3512 @@
UNIX BasicsSynopsisThis chapter covers the basic commands and functionality of
the &os; operating system. Much of this material is relevant
for any &unix;-like operating system. New &os; users are
encouraged to read through this chapter carefully.After reading this chapter, you will know:How to use and configure virtual consoles.
+
+ How to create and manage users and groups on
+ &os;.
+
+
How &unix; file permissions and &os; file flags
work.The default &os; file system layout.The &os; disk organization.How to mount and unmount file systems.What processes, daemons, and signals are.What a shell is, and how to change the default login
environment.How to use basic text editors.What devices and device nodes are.How to read manual pages for more information.Virtual Consoles and Terminalsvirtual consolesterminalsconsoleUnless &os; has been configured to automatically start a
graphical environment during startup, the system will boot
into a command line login prompt, as seen in this
example:FreeBSD/amd64 (pc3.example.org) (ttyv0)
login:The first line contains some information about the system.
The amd64 indicates that the system in this
example is running a 64-bit version of &os;. The hostname is
pc3.example.org, and
ttyv0 indicates that this is the
system console. The second line is the login prompt.Since &os; is a multiuser system, it needs some way to distinguish
between different users. This is accomplished by
requiring every user to log into the
system before gaining access to the programs on the system. Every user has a
unique name username and a personal
password.To log into the system console, type the username that was configured during system
installation, as described in
, and press
Enter. Then enter the password associated
with the username and press Enter. The
password is not echoed for security
reasons.Once the correct password is input, the message of the
day (MOTD) will be displayed followed
by a command prompt. Depending upon the shell that was selected
when the user was created, this prompt will be a #,
$, or % character. The
prompt indicates that the user is now logged into the &os; system console and ready to try the
available commands.Virtual ConsolesWhile the system console can be used to interact with
the system, a user working from the command line at the
keyboard of a &os; system will typically instead log into a
virtual console. This is because system messages are
configured by default to display on the system console.
These messages will appear over the command or file that the
user is working on, making it difficult to concentrate on
the work at hand.By default, &os; is configured to provide several virtual consoles
for inputting commands. Each virtual console has its own
login prompt and shell and it is easy to switch between
virtual consoles. This essentially provides the command line
equivalent of having several windows open at the same time
in a graphical environment.The key combinations AltF1
through
AltF8 have been reserved by &os; for
switching between virtual consoles. Use
AltF1
to switch to the system console (ttyv0),
AltF2
to access the first virtual console
(ttyv1),
AltF3
to access the second virtual console
(ttyv2), and so on.When switching from one console to the next, &os; takes
manages the screen output. The result is
an illusion of having multiple
virtual screens and keyboards that can be used
to type commands for &os; to run. The programs that are
launched in one virtual console do not stop running when
the user switches to a
different virtual console.Refer to &man.syscons.4;, &man.atkbd.4;,
&man.vidcontrol.1; and &man.kbdcontrol.1; for a more
technical description of the &os; console and its keyboard
drivers.In &os;, the number of available virtual
consoles is configured in this
section of
/etc/ttys:# name getty type status comments
#
ttyv0 "/usr/libexec/getty Pc" cons25 on secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" cons25 on secure
ttyv2 "/usr/libexec/getty Pc" cons25 on secure
ttyv3 "/usr/libexec/getty Pc" cons25 on secure
ttyv4 "/usr/libexec/getty Pc" cons25 on secure
ttyv5 "/usr/libexec/getty Pc" cons25 on secure
ttyv6 "/usr/libexec/getty Pc" cons25 on secure
ttyv7 "/usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secureTo disable a virtual console, put a comment symbol (#)
at the beginning of the line representing that virtual console.
For example, to reduce the number of available virtual consoles
from eight to four, put a # in front of
the last four lines representing virtual consoles
ttyv5 through
ttyv8. Do not
comment out the line for the system console
ttyv0. Note that the last virtual
console (ttyv8) is used to access
the graphical environment if &xorg;
has been installed and configured as described in .For a detailed description of every column in this file
and the available options for the virtual consoles, refer to
&man.ttys.5;.Single User ModeThe &os; boot menu provides an option labelled as
Boot Single User. If this option is selected,
the system will boot into a special mode known as
single user mode. This mode is typically used to
repair a system that will not boot or to reset the
root password when it is not known.
While in single user mode, networking and other
virtual consoles are not available. However, full
root access to the system is available,
and by default, the root password is not
needed. For these reasons, physical access to the keyboard
is needed to boot into this mode and determining who has physical
access to the keyboard is something to consider when securing
a &os; system.The settings which control
single user mode are found in this section of
/etc/ttys:# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secureBy default, the status is set to secure.
This assumes that who has physical access to the keyboard
is either not important or it is controlled by a physical
security policy. If this setting is changed to
insecure, the assumption is that the
environment itself is insecure because anyone can access
the keyboard. When this line is changed to
insecure, &os; will prompt for the
root password when a user selects to boot into single
user mode.
Be careful when changing this setting to
insecure! If the
root password is forgotten, booting
into single user mode is still possible, but may be
difficult for someone who is not familiar with the &os;
booting process.Changing Console Video ModesThe &os; console default video mode may be adjusted to
1024x768, 1280x1024, or any other size supported by the
graphics chip and monitor. To use a different video mode
load the VESA module:&prompt.root; kldload vesaTo determine which video modes are supported by the
hardware, use &man.vidcontrol.1;. To get a list of supported
video modes issue the following:&prompt.root; vidcontrol -i modeThe output of this command lists the video modes that are
supported by the hardware. To select a new video mode,
specify the mode using &man.vidcontrol.1; as the
root user:&prompt.root; vidcontrol MODE_279If the new video mode is acceptable, it can be permanently
set on boot by adding it to
/etc/rc.conf:allscreens_flags="MODE_279"
+
+
+
+ Users and Basic Account Management
+
+ &os; allows multiple users to use the computer at the same
+ time. While only one user can sit in front of the screen and
+ use the keyboard at any one time, any number of users can log
+ in to the system through the network. To use the system, each
+ user should have their own user account.
+
+ This chapter describes:
+
+
+
+ The different types of user accounts on a
+ &os; system.
+
+
+
+ How to add, remove, and modify user accounts.
+
+
+
+ How to set limits to control the
+ resources that users and
+ groups are allowed to access.
+
+
+
+ How to create groups and add users as members of a group.
+
+
+
+
+ Account Types
+
+ Since all access to the &os; system is achieved using accounts
+ and all processes are run by users, user and account management
+ is important.
+
+ There are three main types of accounts:
+ system accounts,
+ user accounts, and the
+ superuser account.
+
+
+ System Accounts
+
+
+ accounts
+ system
+
+
+ System accounts are used to run services such as DNS,
+ mail, and web servers. The reason for this is security; if
+ all services ran as the superuser, they could act without
+ restriction.
+
+
+ accounts
+ daemon
+
+
+ accounts
+ operator
+
+
+ Examples of system accounts are
+ daemon, operator,
+ bind, news, and
+ www.
+
+
+ accounts
+ nobody
+
+
+ nobody is the generic unprivileged
+ system account. However, the more services that use
+ nobody, the more files and processes that
+ user will become associated with, and hence the more
+ privileged that user becomes.
+
+
+
+ User Accounts
+
+
+ accounts
+ user
+
+
+ User accounts are
+ assigned to real people and are used to log in and use the
+ system. Every person accessing the system should have a unique
+ user account. This allows the administrator to find out who
+ is doing what and prevents users from clobbering the
+ settings of other users.
+
+ Each user can set up their own environment to accommodate
+ their use of the system, by configuring their default shell, editor,
+ key bindings, and language settings.
+ Every user account on a &os; system has certain information
+ associated with it:
+
+
+
+ User name
+
+
+ The user name is typed at the login:
+ prompt. User names must be unique on the system as no two
+ users can have the same user name. There are a number of
+ rules for creating valid user names which are documented in
+ &man.passwd.5;. It is recommended to use user names that consist of eight or
+ fewer, all lower case characters in order to maintain
+ backwards compatibility with applications.
+
+
+
+
+ Password
+
+
+ Each user account should have an associated password. While the
+ password can be blank, this is highly discouraged.
+
+
+
+
+ User ID (UID)
+
+
+ The User ID (UID) is a number
+ used to uniquely identify the user to the
+ &os; system. Commands that
+ allow a user name to be specified will first convert it to
+ the UID. It is recommended to use a UID of
+ 65535 or lower as higher UIDs may cause compatibility
+ issues with software that does not support integers larger
+ than 32-bits.
+
+
+
+
+ Group ID (GID)
+
+
+ The Group ID (GID) is a number used to uniquely identify
+ the primary group that the user belongs to. Groups are a
+ mechanism for controlling access to resources based on a
+ user's GID rather than their
+ UID. This can significantly reduce the
+ size of some configuration files and allows users to be
+ members of more than one group. It is recommended to use a GID of
+ 65535 or lower as higher GIDs may break some
+ software.
+
+
+
+
+ Login class
+
+
+ Login classes are an extension to the group mechanism
+ that provide additional flexibility when tailoring the
+ system to different users. Login classes are discussed
+ further in
+
+
+
+
+ Password change time
+
+
+ By default, &os; does not force users to change their
+ passwords periodically. Password expiration can be
+ enforced on a per-user basis using &man.pw.8;, forcing some or all users to
+ change their passwords after a certain amount of time has
+ elapsed.
+
+
+
+
+ Account expiry time
+
+
+ By default, &os; does not expire accounts. When
+ creating accounts that need a limited lifespan, such as
+ student accounts in a school, specify the account expiry
+ date using &man.pw.8;. After the expiry time has elapsed, the account
+ cannot be used to log in to the system, although the
+ account's directories and files will remain.
+
+
+
+
+ User's full name
+
+
+ The user name uniquely identifies the account to &os;,
+ but does not necessarily reflect the user's real name.
+ Similar to a comment, this information
+ can contain a space, uppercase characters, and be more
+ than 8 characters long.
+
+
+
+
+ Home directory
+
+
+ The home directory is the full path to a directory on
+ the system. This is the user's starting directory when
+ the user logs in. A common convention is to put all user
+ home directories under /home/username
+ or /usr/home/username.
+ Each user stores their personal files and subdirectories
+ in their own home directory.
+
+
+
+
+ User shell
+
+
+ The shell provides the user's default environment for
+ interacting with the system. There are many different
+ kinds of shells and experienced users will have their own
+ preferences, which can be reflected in their account
+ settings.
+
+
+
+
+
+
+ The Superuser Account
+
+
+ accounts
+ superuser (root)
+
+
+ The superuser account, usually called
+ root, is used to
+ manage the system with no limitations on privileges. For this
+ reason, it should not be used for day-to-day
+ tasks like sending and receiving mail, general exploration of
+ the system, or programming.
+
+ The superuser, unlike other user
+ accounts, can operate without limits, and misuse of the
+ superuser account may result in spectacular disasters. User
+ accounts are unable to destroy the operating system by mistake, so it is
+ recommended to login as a user account and to only become the superuser
+ when a command requires extra privilege.
+
+ Always double and triple-check any commands issued as the
+ superuser, since an extra space or missing character can mean
+ irreparable data loss.
+
+ There are several ways to become gain superuser privilege. While one
+ can log in as root, this is highly discouraged.
+
+ Instead, use &man.su.1; to become the superuser. If
+ - is specified when running this command, the user will also inherit the root user's environment.
+ The user running this command must
+ be in the wheel group or else the command
+ will fail. The user must also know the password for the
+ root user account.
+
+ In this example, the user only becomes superuser in order to run
+ make install as this step requires superuser privilege.
+ Once the command completes, the user types exit
+ to leave the superuser account and return to the privilege of
+ their user account.
+
+
+ Install a Program As The Superuser
+
+ &prompt.user; configure
+&prompt.user; make
+&prompt.user; su -
+Password:
+&prompt.root; make install
+&prompt.root; exit
+&prompt.user;
+
+
+ The built-in &man.su.1; framework works well for single systems or small
+ networks with just one system administrator. An alternative
+ is to install the
+ security/sudo package or port. This software
+ provides activity logging and allows the administrator to configure which users
+ can run which commands
+ as the superuser.
+
+
+
+
+ Managing Accounts
+
+
+ accounts
+ modifying
+
+
+ &os; provides a variety of different commands to manage
+ user accounts. The most common commands are summarized below,
+ followed by more detailed examples of their usage.
+
+
+
+
+
+
+
+
+ Command
+ Summary
+
+
+
+
+ &man.adduser.8;
+ The recommended command-line application for adding
+ new users.
+
+
+
+ &man.rmuser.8;
+ The recommended command-line application for
+ removing users.
+
+
+
+ &man.chpass.1;
+ A flexible tool for changing user database
+ information.
+
+
+
+ &man.passwd.1;
+ The simple command-line tool to change user
+ passwords.
+
+
+
+ &man.pw.8;
+ A powerful and flexible tool for modifying all
+ aspects of user accounts.
+
+
+
+
+
+
+ adduser
+
+
+ accounts
+ adding
+
+
+ adduser
+
+
+ /usr/share/skel
+
+ skeleton directory
+ &man.adduser.8; is a simple program for adding new users
+ When a new user is added, this program automatically updates
+ /etc/passwd and
+ /etc/group. It also creates a home
+ directory for the new user, copies in the default
+ configuration files from /usr/share/skel, and can
+ optionally mail the new user a welcome message.
+
+
+ Adding a User on &os;
+
+ &prompt.root; adduser
+Username: jru
+Full name: J. Random User
+Uid (Leave empty for default):
+Login group [jru]:
+Login group is jru. Invite jru into other groups? []: wheel
+Login class [default]:
+Shell (sh csh tcsh zsh nologin) [sh]: zsh
+Home directory [/home/jru]:
+Home directory permissions (Leave empty for default):
+Use password-based authentication? [yes]:
+Use an empty password? (yes/no) [no]:
+Use a random password? (yes/no) [no]:
+Enter password:
+Enter password again:
+Lock out the account after creation? [no]:
+Username : jru
+Password : ****
+Full Name : J. Random User
+Uid : 1001
+Class :
+Groups : jru wheel
+Home : /home/jru
+Shell : /usr/local/bin/zsh
+Locked : no
+OK? (yes/no): yes
+adduser: INFO: Successfully added (jru) to the user database.
+Add another user? (yes/no): no
+Goodbye!
+&prompt.root;
+
+
+
+ Since the password is not echoed when typed, be careful
+ to not mistype the password when creating the user
+ account.
+
+
+
+
+ rmuser
+
+ rmuser
+
+ accounts
+ removing
+
+
+ To completely remove a user from the system use
+ &man.rmuser.8;. This command performs the following
+ steps:
+
+
+
+ Removes the user's &man.crontab.1; entry if one
+ exists.
+
+
+
+ Removes any &man.at.1; jobs belonging to the
+ user.
+
+
+
+ Kills all processes owned by the user.
+
+
+
+ Removes the user from the system's local password
+ file.
+
+
+
+ Removes the user's home directory, if it is owned by
+ the user.
+
+
+
+ Removes the incoming mail files belonging to the user
+ from /var/mail.
+
+
+
+ Removes all files owned by the user from temporary
+ file storage areas such as /tmp.
+
+
+
+ Finally, removes the username from all groups to which
+ it belongs in /etc/group.
+
+
+ If a group becomes empty and the group name is the
+ same as the username, the group is removed. This
+ complements the per-user unique groups created by
+ &man.adduser.8;.
+
+
+
+
+ &man.rmuser.8; cannot be used to remove superuser
+ accounts since that is almost always an indication of massive
+ destruction.
+
+ By default, an interactive mode is used, as shown
+ in the following example.
+
+
+ rmuser Interactive Account
+ Removal
+
+ &prompt.root; rmuser jru
+Matching password entry:
+jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh
+Is this the entry you wish to remove? y
+Remove user's home directory (/home/jru)? y
+Updating password file, updating databases, done.
+Updating group file: trusted (removing group jru -- personal group is empty) done.
+Removing user's incoming mail file /var/mail/jru: done.
+Removing files belonging to jru from /tmp: done.
+Removing files belonging to jru from /var/tmp: done.
+Removing files belonging to jru from /var/tmp/vi.recover: done.
+&prompt.root;
+
+
+
+
+ chpass
+
+ chpass
+ &man.chpass.1; can be used to change user database
+ information such as passwords, shells, and personal
+ information.
+
+ Only the superuser can change other users' information and
+ passwords with &man.chpass.1;.
+
+ When passed no options, aside from an optional username,
+ &man.chpass.1; displays an editor containing user information.
+ When the user exists from the editor, the user database is
+ updated with the new information.
+
+
+ You will be asked for your password after exiting the
+ editor if you are not the superuser.
+
+
+
+ Interactive chpass by
+ Superuser
+
+ #Changing user database information for jru.
+Login: jru
+Password: *
+Uid [#]: 1001
+Gid [# or name]: 1001
+Change [month day year]:
+Expire [month day year]:
+Class:
+Home directory: /home/jru
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:
+
+
+ A user can change only a small subset of this
+ information, and only for their own user account.
+
+
+ Interactive chpass by Normal
+ User
+
+ #Changing user database information for jru.
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:
+
+
+
+ &man.chfn.1; and &man.chsh.1; are links to
+ &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and
+ &man.ypchsh.1;. NIS support is
+ automatic, so specifying the yp before
+ the command is not necessary. How to configure NIS is
+ covered in .
+
+
+
+ passwd
+
+ passwd
+
+ accounts
+ changing password
+
+ &man.passwd.1; is the usual way to change your own
+ password as a user, or another user's password as the
+ superuser.
+
+
+ To prevent accidental or unauthorized changes, the user
+ must enter their original password before a new password can
+ be set. This is not the case when the superuser changes a
+ user's password.
+
+
+
+ Changing Your Password
+
+ &prompt.user; passwd
+Changing local password for jru.
+Old password:
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done
+
+
+
+ Changing Another User's Password as the
+ Superuser
+
+ &prompt.root; passwd jru
+Changing local password for jru.
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done
+
+
+
+ As with &man.chpass.1;, &man.yppasswd.1; is a link to
+ &man.passwd.1;, so NIS works with either command.
+
+
+
+
+
+ pw
+
+ pw
+
+ &man.pw.8; is a command line utility to create, remove,
+ modify, and display users and groups. It functions as a front
+ end to the system user and group files. &man.pw.8; has a very
+ powerful set of command line options that make it suitable for
+ use in shell scripts, but new users may find it more
+ complicated than the other commands presented in this
+ section.
+
+
+
+
+ Limiting Users
+
+ limiting users
+
+ accounts
+ limiting
+
+ &os; provides several methods for an administrator to limit
+ the amount of system resources an individual may use. These
+ limits are discussed in two sections: disk quotas and other
+ resource limits.
+
+ quotas
+
+ limiting users
+ quotas
+
+ disk quotas
+ Disk quotas limit the amount of disk space available to
+ users and provide a way to quickly check that usage without
+ calculating it every time. Quotas are discussed in .
+
+ The other resource limits include ways to limit the amount
+ of CPU, memory, and other resources a user may consume. These
+ are defined using login classes and are discussed here.
+
+
+ /etc/login.conf
+
+ Login classes are defined in
+ /etc/login.conf and are described in detail
+ in &man.login.conf.5;. Each user account is assigned to a login
+ class, default by default, and each login
+ class has a set of login capabilities associated with it. A
+ login capability is a
+ name=value
+ pair, where name is a well-known
+ identifier and value is an arbitrary
+ string which is processed accordingly depending on the
+ name. Setting up login classes and
+ capabilities is rather straightforward and is also described in
+ &man.login.conf.5;.
+
+
+ &os; does not normally read the configuration in
+ /etc/login.conf directly, but instead
+ reads the /etc/login.conf.db database
+ which provides faster lookups. Whenever
+ /etc/login.conf is edited, the
+ /etc/login.conf.db must be updated by
+ executing the following command:
+
+ &prompt.root; cap_mkdb /etc/login.conf
+
+
+ Resource limits differ from the default login capabilities
+ in two ways. First, for every limit, there is a soft (current)
+ and hard limit. A soft limit may be adjusted by the user or
+ application, but may not be set higher than the hard limit. The
+ hard limit may be lowered by the user, but can only be raised
+ by the superuser. Second, most resource limits apply per
+ process to a specific user, not to the user as a whole. These
+ differences are mandated by the specific handling of the limits,
+ not by the implementation of the login capability
+ framework.
+
+ Below are the most commonly used resource limits. The rest
+ of the limits, along with all the other login capabilities, can
+ be found in &man.login.conf.5;.
+
+
+
+ coredumpsize
+
+
+ The limit on the size of a core filecoredumpsize generated by a
+ program is subordinate to other limitslimiting userscoredumpsize on disk usage, such
+ as filesize, or disk quotas.
+ This limit is often used as a less-severe method of
+ controlling disk space consumption. Since users do not
+ generate core files themselves, and often do not delete
+ them, setting this may save them from running out of disk
+ space should a large program crash.
+
+
+
+
+ cputime
+
+
+ The maximum amount of CPUcputimelimiting userscputime time a user's process may
+ consume. Offending processes will be killed by the
+ kernel.
+
+
+ This is a limit on CPU time
+ consumed, not percentage of the CPU as displayed in
+ some fields by &man.top.1; and &man.ps.1;.
+
+
+
+
+
+ filesize
+
+
+ The maximum size of a filefilesizelimiting usersfilesize the user may own. Unlike
+ disk quotas, this limit is
+ enforced on individual files, not the set of all files a
+ user owns.
+
+
+
+
+ maxproc
+
+
+ The maximum number of processesmaxproclimiting usersmaxproc a user can run. This
+ includes foreground and background processes. This limit
+ may not be larger than the system limit specified by the
+ kern.maxproc &man.sysctl.8;. Setting
+ this limit too small may hinder a user's productivity as
+ it is often useful to be logged in multiple times or to
+ execute pipelines. Some tasks, such as compiling a large
+ program, spawn multiple processes and other intermediate
+ preprocessors.
+
+
+
+
+ memorylocked
+
+
+ The maximum amount of memorymemorylockedlimiting usersmemorylocked a process may request
+ to be locked into main memory using &man.mlock.2;. Some
+ system-critical programs, such as &man.amd.8;, lock into
+ main memory so that if the system begins to swap, they do
+ not contribute to disk thrashing.
+
+
+
+
+ memoryuse
+
+
+ The maximum amount of memorymemoryuselimiting usersmemoryuse a process may consume at
+ any given time. It includes both core memory and swap
+ usage. This is not a catch-all limit for restricting
+ memory consumption, but is a good start.
+
+
+
+
+ openfiles
+
+
+ The maximum number of files a process may have openopenfileslimiting usersopenfiles.
+ In &os;, files are used to represent sockets and IPC
+ channels, so be careful not to set this too low. The
+ system-wide limit for this is defined by the
+ kern.maxfiles &man.sysctl.8;.
+
+
+
+
+ sbsize
+
+
+ The limit on the amount of network memory, and
+ thus mbufssbsizelimiting userssbsize, a user may consume in order to limit network
+ communications.
+
+
+
+
+ stacksize
+
+
+ The maximum size of a process stackstacksizelimiting usersstacksize. This alone is
+ not sufficient to limit the amount of memory a program
+ may use so it should be used in conjunction with other
+ limits.
+
+
+
+
+ There are a few other things to remember when setting
+ resource limits. Following are some general tips, suggestions,
+ and miscellaneous comments.
+
+
+
+ Processes started at system startup by
+ /etc/rc are assigned to the
+ daemon login class.
+
+
+
+ Although the /etc/login.conf that
+ comes with the system is a good source of reasonable values
+ for most limits, they may not be appropriate for every
+ system. Setting a limit too high may open the system up to
+ abuse, while setting it too low may put a strain on
+ productivity.
+
+
+
+ Users of &xorg; should
+ probably be granted more resources than other users.
+ &xorg; by itself takes a lot of
+ resources, but it also encourages users to run more programs
+ simultaneously.
+
+
+
+ Many limits apply to individual processes, not the user
+ as a whole. For example, setting
+ openfiles to 50 means that each process
+ the user runs may open up to 50 files. The total amount
+ of files a user may open is the value of
+ openfiles multiplied by the value of
+ maxproc. This also applies to memory
+ consumption.
+
+
+
+ For further information on resource limits and login classes
+ and capabilities in general, refer to &man.cap.mkdb.1;,
+ &man.getrlimit.2;, and &man.login.conf.5;.
+
+
+
+ Managing Groups
+
+ groups
+
+ /etc/groups
+
+
+ accounts
+ groups
+
+ A group is a list of users. A group is identified by its
+ group name and GID. In &os;, the
+ kernel uses the UID of a process, and the
+ list of groups it belongs to, to determine what the process is
+ allowed to do. Most of the time, the GID of
+ a user or process usually means the first group in the
+ list.
+
+ The group name to GID mapping is listed
+ in /etc/group. This is a plain text file
+ with four colon-delimited fields. The first field is the group
+ name, the second is the encrypted password, the third the
+ GID, and the fourth the comma-delimited list
+ of members. For a more complete description of the syntax,
+ refer to &man.group.5;.
+
+ The superuser can modify /etc/group
+ using a text editor. Alternatively, &man.pw.8; can be used to
+ add and edit groups. For example, to add a group called
+ teamtwo and then confirm that it
+ exists:
+
+
+ Adding a Group Using &man.pw.8;
+
+ &prompt.root; pw groupadd teamtwo
+&prompt.root; pw groupshow teamtwo
+teamtwo:*:1100:
+
+
+ In this example, 1100 is the
+ GID of teamtwo. Right
+ now, teamtwo has no members. This
+ command will add jru as a member of
+ teamtwo.
+
+
+ Adding User Accounts to a New Group Using
+ &man.pw.8;
+
+ &prompt.root; pw groupmod teamtwo -M jru
+&prompt.root; pw groupshow teamtwo
+teamtwo:*:1100:jru
+
+
+ The argument to is a comma-delimited
+ list of users to be added to a new (empty) group or to replace
+ the members of an existing group. To the user, this group
+ membership is different from (and in addition to) the user's
+ primary group listed in the password file. This means that
+ the user will not show up as a member when using
+ with &man.pw.8;, but will show up
+ when the information is queried via &man.id.1; or a similar
+ tool. When &man.pw.8; is used to add a user to a group, it only
+ manipulates /etc/group and does not attempt
+ to read additional data from
+ /etc/passwd.
+
+
+ Adding a New Member to a Group Using &man.pw.8;
+
+ &prompt.root; pw groupmod teamtwo -m db
+&prompt.root; pw groupshow teamtwo
+teamtwo:*:1100:jru,db
+
+
+ In this example, the argument to is a
+ comma-delimited list of users who are to be added to the group.
+ Unlike the previous example, these users are appended to the
+ group list and do not replace the list of existing users in the
+ group.
+
+
+ Using &man.id.1; to Determine Group Membership
+
+ &prompt.user; id jru
+uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
+
+
+ In this example, jru is a member of the
+ groups jru and
+ teamtwo.
+
+ For more information about this command and the format of
+ /etc/group, refer to &man.pw.8; and
+ &man.group.5;.
+
+
+
PermissionsUNIXIn &os;, every file and directory has an associated set of
permissions and several utilities are available for viewing
and modifying these permissions. Understanding how permissions
work is necessary to make sure that users are able to access
the files that they need and are unable to improperly access
the files used by the operating system or owned by other
users.This section discusses the traditional &unix;
permissions used in &os;. For finer grained file system access control,
refer to
.In &unix;, basic permissions are assigned using
three types of access: read, write, and execute. These access
types are used to determine file access to the file's owner,
group, and others (everyone else). The read, write, and execute
permissions can be represented as the letters
r, w, and
x. They can also be represented as binary
numbers as each permission is either on or off
(0). When represented as a number, the
order is always read as rwx, where
r has an on value of 4,
w has an on value of 2
and x has an on value of
1.Table 4.1 summarizes the possible numeric and alphabetic
possibilities. When reading the Directory Listing
column, a - is used to represent a permission
that is set to off.permissionsfile permissions
&unix; PermissionsValuePermissionDirectory Listing0No read, no write, no execute---1No read, no write, execute--x2No read, write, no execute-w-3No read, write, execute-wx4Read, no write, no executer--5Read, no write, executer-x6Read, write, no executerw-7Read, write, executerwx
&man.ls.1;directoriesUse the argument to &man.ls.1; to view a
long directory listing that includes a column of information
about a file's permissions for the owner, group, and everyone
else. For example, a ls -l in an arbitrary
directory may show:&prompt.user; ls -l
total 530
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile
-rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txtThe first (leftmost) character in the first column indicates
whether this file is a regular file, a directory, a special
character device, a socket, or any other special pseudo-file
device. In this example, the - indicates a
regular file. The next three characters, rw-
in this example, give the permissions for the owner of the file.
The next three characters, r--, give the
permissions for the group that the file belongs to. The final
three characters, r--, give the permissions
for the rest of the world. A dash means that the permission is
turned off. In this example, the permissions are set so the
owner can read and write to the file, the group can read the
file, and the rest of the world can only read the file.
According to the table above, the permissions for this file
would be 644, where each digit represents the
three parts of the file's permission.How does the system control permissions on devices? &os;
treats most hardware devices as a file that programs can open,
read, and write data to. These special device files are
stored in /dev/.Directories are also treated as files. They have read,
write, and execute permissions. The executable bit for a
directory has a slightly different meaning than that of files.
When a directory is marked executable, it means it is possible
to change into that directory using &man.cd.1;. This also
means that it is possible to access the files within that
directory, subject to the permissions on the files
themselves.In order to perform a directory listing, the read permission
must be set on the directory. In order to delete a file that
one knows the name of, it is necessary to have write
and execute permissions to the directory
containing the file.There are more permission bits, but they are primarily used
in special circumstances such as setuid binaries and sticky
directories. For more information on file permissions and how
to set them, refer to &man.chmod.1;.TomRhodesContributed by Symbolic PermissionspermissionssymbolicSymbolic permissions use characters instead of octal
values to assign permissions to files or directories.
Symbolic permissions use the syntax of (who) (action)
(permissions), where the following values are
available:OptionLetterRepresents(who)uUser(who)gGroup owner(who)oOther(who)aAll (world)(action)+Adding permissions(action)-Removing permissions(action)=Explicitly set permissions(permissions)rRead(permissions)wWrite(permissions)xExecute(permissions)tSticky bit(permissions)sSet UID or GIDThese values are used with &man.chmod.1;, but with
letters instead of numbers. For example, the following
command would block other users from accessing
FILE:&prompt.user; chmod go= FILEA comma separated list can be provided when more than one
set of changes to a file must be made. For example, the
following command removes the group and
world write permission on
FILE, and adds the execute
permissions for everyone:&prompt.user; chmod go-w,a+x FILETomRhodesContributed by &os; File FlagsIn addition to file permissions, &os; supports the use of
file flags. These flags add an additional
level of security and control over files, but not directories.
With file flags, even root can be
prevented from removing or altering files.File flags are modified using &man.chflags.1;. For
example, to enable the system undeletable flag on the file
file1, issue the following
command:&prompt.root; chflags sunlink file1To disable the system undeletable flag, put a
no in front of the
:&prompt.root; chflags nosunlink file1To view the flags of a file, use with
&man.ls.1;:&prompt.root; ls -lo file1-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1Several file flags may only be added or removed by the
root user. In other cases, the file
owner may set its file flags. Refer to &man.chflags.1; and
&man.chflags.2; for more information.TomRhodesContributed by The setuid, setgid,
and sticky PermissionsOther than the permissions already discussed, there are
three other specific settings that all administrators should
know about. They are the setuid,
setgid, and sticky
permissions.These settings are important for some &unix; operations
as they provide functionality not normally granted to normal
users. To understand them, the difference between the real
user ID and effective user ID must be noted.The real user ID is the UID who owns
or starts the process. The effective UID
is the user ID the process runs as. As an example,
&man.passwd.1; runs with the real user ID when a user changes
their password. However, in order to update the password
database, the command runs as the effective ID of the
root user. This allows users to change
their passwords without seeing a
Permission Denied error.The setuid permission may be set by prefixing a permission
set with the number four (4) as shown in the following
example:&prompt.root; chmod 4755 suidexample.shThe permissions on
suidexample.sh
now look like the following:-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.shNote that a s is now part of the
permission set designated for the file owner, replacing the
executable bit. This allows utilities which need elevated
permissions, such as &man.passwd.1;.The nosuid &man.mount.8; option will
cause such binaries to silently fail without alerting
the user. That option is not completely reliable as a
nosuid wrapper may be able to circumvent
it.To view this in real time, open two terminals. On
one, type passwd as a normal user.
While it waits for a new password, check the process
table and look at the user information for
&man.passwd.1;:In terminal A:Changing local password for trhodes
Old Password:In terminal B:&prompt.root; ps aux | grep passwdtrhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd
root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwdAlthough &man.passwd.1; is run as a normal user, it is
using the effective UID of
root.The setgid permission performs the
same function as the setuid permission;
except that it alters the group settings. When an application
or utility executes with this setting, it will be granted the
permissions based on the group that owns the file, not the
user who started the process.To set the setgid permission on a
file, provide &man.chmod.1; with a leading two (2):&prompt.root; chmod 2755 sgidexample.shIn the following listing, notice that the
s is now in the field designated for the
group permission settings:-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.shIn these examples, even though the shell script in
question is an executable file, it will not run with
a different EUID or effective user ID.
This is because shell scripts may not access the
&man.setuid.2; system calls.The setuid and
setgid permission bits may lower system
security, by allowing for elevated permissions. The third
special permission, the sticky bit, can
strengthen the security of a system.When the sticky bit is set on a
directory, it allows file deletion only by the file owner.
This is useful to prevent file deletion in public directories,
such as /tmp, by users
who do not own the file. To utilize this permission, prefix
the permission set with a one (1):&prompt.root; chmod 1777 /tmpThe sticky bit permission will display
as a t at the very end of the permission
set:&prompt.root; ls -al / | grep tmpdrwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmpDirectory Structuredirectory hierarchyThe &os; directory hierarchy is fundamental to obtaining
an overall understanding of the system. The most important
directory is root or, /. This directory is the
first one mounted at boot time and it contains the base system
necessary to prepare the operating system for multi-user
operation. The root directory also contains mount points for
other file systems that are mounted during the transition to
multi-user operation.A mount point is a directory where additional file systems
can be grafted onto a parent file system (usually the root file
system). This is further described in . Standard mount points
include /usr/,
/var/,
/tmp/,
/mnt/, and
/cdrom/. These
directories are usually referenced to entries in
/etc/fstab. This file is a table of
various file systems and mount points and is read by the system.
Most of the file systems in /etc/fstab are
mounted automatically at boot time from the script &man.rc.8;
unless their entry includes . Details
can be found in .A complete description of the file system hierarchy is
available in &man.hier.7;. The following table provides a brief
overview of the most common directories.DirectoryDescription/Root directory of the file system./bin/User utilities fundamental to both single-user
and multi-user environments./boot/Programs and configuration files used during
operating system bootstrap./boot/defaults/Default boot configuration files. Refer to
&man.loader.conf.5; for details./dev/Device nodes. Refer to &man.intro.4; for
details./etc/System configuration files and scripts./etc/defaults/Default system configuration files. Refer to
&man.rc.8; for details./etc/mail/Configuration files for mail transport agents
such as &man.sendmail.8;./etc/namedb/&man.named.8; configuration files./etc/periodic/Scripts that run daily, weekly, and monthly,
via &man.cron.8;. Refer to &man.periodic.8; for
details./etc/ppp/&man.ppp.8; configuration files./mnt/Empty directory commonly used by system
administrators as a temporary mount point./proc/Process file system. Refer to &man.procfs.5;,
&man.mount.procfs.8; for details./rescue/Statically linked programs for emergency
recovery as described in &man.rescue.8;./root/Home directory for the root
account./sbin/System programs and administration utilities
fundamental to both single-user and multi-user
environments./tmp/Temporary files which are usually
not preserved across a system
reboot. A memory-based file system is often mounted
at /tmp. This
can be automated using the tmpmfs-related variables of
&man.rc.conf.5; or with an entry in
/etc/fstab; refer to
&man.mdmfs.8; for details./usr/The majority of user utilities and
applications./usr/bin/Common utilities, programming tools, and
applications./usr/include/Standard C include files./usr/lib/Archive libraries./usr/libdata/Miscellaneous utility data files./usr/libexec/System daemons and system utilities executed
by other programs./usr/local/Local executables and libraries. Also used as
the default destination for the &os; ports framework.
Within /usr/local, the
general layout sketched out by &man.hier.7; for
/usr should be
used. Exceptions are the man directory, which is
directly under /usr/local
rather than under /usr/local/share,
and the ports documentation is in share/doc/port./usr/obj/Architecture-specific target tree produced by
building the /usr/src
tree./usr/ports/The &os; Ports Collection (optional)./usr/sbin/System daemons and system utilities executed
by users./usr/share/Architecture-independent files./usr/src/BSD and/or local source files./var/Multi-purpose log, temporary, transient, and
spool files. A memory-based file system is sometimes
mounted at
/var. This can
be automated using the varmfs-related variables in
&man.rc.conf.5; or with an entry in
/etc/fstab; refer to
&man.mdmfs.8; for details./var/log/Miscellaneous system log files./var/mail/User mailbox files./var/spool/Miscellaneous printer and mail system spooling
directories./var/tmp/Temporary files which are usually preserved
across a system reboot, unless
/var is a
memory-based file system./var/yp/NIS maps.Disk OrganizationThe smallest unit of organization that &os; uses to find
files is the filename. Filenames are case-sensitive, which
means that readme.txt and
README.TXT are two separate files. &os;
does not use the extension of a file to determine whether the
file is a program, document, or some other form of data.Files are stored in directories. A directory may contain no
files, or it may contain many hundreds of files. A directory
can also contain other directories, allowing a hierarchy of
directories within one another in order to organize
data.Files and directories are referenced by giving the file or
directory name, followed by a forward slash,
/, followed by any other directory names that
are necessary. For example, if the directory
foo contains a directory
bar which contains the
file readme.txt, the full name, or
path, to the file is
foo/bar/readme.txt. Note that this is
different from &windows; which uses \ to
separate file and directory names. &os; does not use drive
letters, or other drive names in the path. For example, one
would not type c:/foo/bar/readme.txt on
&os;.Directories and files are stored in a file system. Each
file system contains exactly one directory at the very top
level, called the root directory for that
file system. This root directory can contain other directories.
One file system is designated the
root file system or /.
Every other file system is mounted under
the root file system. No matter how many disks are on the &os;
system, every directory appears to be part of the same
disk.Consider three file systems, called A,
B, and C. Each file
system has one root directory, which contains two other
directories, called A1, A2
(and likewise B1, B2 and
C1, C2).Call A the root file system. If
&man.ls.1; is used to view the contents of this directory,
it will show two subdirectories, A1 and
A2. The directory tree looks like
this: /
|
+--- A1
|
`--- A2A file system must be mounted on to a directory in another
file system. When mounting file system B
on to the directory A1, the root directory
of B replaces A1, and
the directories in B appear
accordingly: /
|
+--- A1
| |
| +--- B1
| |
| `--- B2
|
`--- A2Any files that are in the B1 or
B2 directories can be reached with the path
/A1/B1 or
/A1/B2 as necessary. Any
files that were in /A1
have been temporarily hidden. They will reappear if
B is unmounted from
A.If B had been mounted on
A2 then the diagram would look like
this: /
|
+--- A1
|
`--- A2
|
+--- B1
|
`--- B2and the paths would be
/A2/B1 and
/A2/B2
respectively.File systems can be mounted on top of one another.
Continuing the last example, the C file
system could be mounted on top of the B1
directory in the B file system, leading to
this arrangement: /
|
+--- A1
|
`--- A2
|
+--- B1
| |
| +--- C1
| |
| `--- C2
|
`--- B2Or C could be mounted directly on to the
A file system, under the
A1 directory: /
|
+--- A1
| |
| +--- C1
| |
| `--- C2
|
`--- A2
|
+--- B1
|
`--- B2It is entirely possible to have one large root file system,
and not need to create any others. There are some drawbacks to
this approach, and one advantage.Benefits of Multiple File SystemsDifferent file systems can have different
mount options. For example, the root
file system can be mounted read-only, making it impossible
for users to inadvertently delete or edit a critical file.
Separating user-writable file systems, such as
/home, from other
file systems allows them to be mounted
nosuid. This option prevents the
suid/guid bits
on executables stored on the file system from taking effect,
possibly improving security.&os; automatically optimizes the layout of files on a
file system, depending on how the file system is being used.
So a file system that contains many small files that are
written frequently will have a different optimization to one
that contains fewer, larger files. By having one big file
system this optimization breaks down.&os;'s file systems are robust if power is lost.
However, a power loss at a critical point could still damage
the structure of the file system. By splitting data over
multiple file systems it is more likely that the system will
still come up, making it easier to restore from backup as
necessary.Benefit of a Single File SystemFile systems are a fixed size. If you create a file
system when you install &os; and give it a specific size,
you may later discover that you need to make the partition
bigger. This is not easily accomplished without backing up,
recreating the file system with the new size, and then
restoring the backed up data.&os; features the &man.growfs.8; command, which makes
it possible to increase the size of file system on the
fly, removing this limitation.File systems are contained in partitions. This does not
have the same meaning as the common usage of the term partition
(for example, &ms-dos; partition), because of &os;'s &unix;
heritage. Each partition is identified by a letter from
a through to h. Each
partition can contain only one file system, which means that
file systems are often described by either their typical mount
point in the file system hierarchy, or the letter of the
partition they are contained in.&os; also uses disk space for
swap space to provide
virtual memory. This allows your
computer to behave as though it has much more memory than it
actually does. When &os; runs out of memory, it moves some of
the data that is not currently being used to the swap space, and
moves it back in (moving something else out) when it needs
it.Some partitions have certain conventions associated with
them.PartitionConventionaNormally contains the root file system.bNormally contains swap space.cNormally the same size as the enclosing slice.
This allows utilities that need to work on the entire
slice, such as a bad block scanner, to work on the
c partition. A file system would not
normally be created on this partition.dPartition d used to have a
special meaning associated with it, although that is now
gone and d may work as any normal
partition.Disks in &os; are divided into slices, referred to in
&windows; as partitions, which are numbered from 1 to 4. These
are then divided into partitions, which contain file systems,
and are labeled using letters.slicespartitionsdangerously dedicatedSlice numbers follow the device name, prefixed with an
s, starting at 1. So
da0s1 is the first slice on
the first SCSI drive. There can only be four physical slices on
a disk, but there can be logical slices inside physical slices
of the appropriate type. These extended slices are numbered
starting at 5, so ad0s5 is
the first extended slice on the first IDE disk. These devices
are used by file systems that expect to occupy a slice.Slices, dangerously dedicated physical
drives, and other drives contain
partitions, which are represented as
letters from a to h. This
letter is appended to the device name, so
da0a is the
a partition on the first
da drive, which is
dangerously dedicated.
ad1s3e is the fifth
partition in the third slice of the second IDE disk
drive.Finally, each disk on the system is identified. A disk name
starts with a code that indicates the type of disk, and then a
number, indicating which disk it is. Unlike slices, disk
numbering starts at 0. Common codes are listed in
.When referring to a partition, include the disk name,
s, the slice number, and then the partition
letter. Examples are shown in
. shows a
conceptual model of a disk layout.When installing &os;, configure the disk slices, create
partitions within the slice to be used for &os;, create a file
system or swap space in each partition, and decide where each
file system will be mounted.
Disk Device CodesCodeMeaningadATAPI (IDE) diskdaSCSI direct access diskacdATAPI (IDE) CDROMcdSCSI CDROMfdFloppy disk
Sample Disk, Slice, and Partition NamesNameMeaningad0s1aThe first partition (a) on the
first slice (s1) on the first IDE
disk (ad0).da1s2eThe fifth partition (e) on the
second slice (s2) on the second
SCSI disk (da1).Conceptual Model of a DiskThis diagram shows &os;'s view of the first IDE disk
attached to the system. Assume that the disk is 4 GB in
size, and contains two 2 GB slices (&ms-dos; partitions).
The first slice contains a &ms-dos; disk,
C:, and the second slice contains a
&os; installation. This example &os; installation has three
data partitions, and a swap partition.The three partitions will each hold a file system.
Partition a will be used for the root file
system, e for the
/var/ directory
hierarchy, and f for the
/usr/ directory
hierarchy..-----------------. --.
| | |
| DOS / Windows | |
: : > First slice, ad0s1
: : |
| | |
:=================: ==: --.
| | | Partition a, mounted as / |
| | > referred to as ad0s2a |
| | | |
:-----------------: ==: |
| | | Partition b, used as swap |
| | > referred to as ad0s2b |
| | | |
:-----------------: ==: | Partition c, no
| | | Partition e, used as /var > file system, all
| | > referred to as ad0s2e | of FreeBSD slice,
| | | | ad0s2c
:-----------------: ==: |
| | | |
: : | Partition f, used as /usr |
: : > referred to as ad0s2f |
: : | |
| | | |
| | --' |
`-----------------' --'Mounting and Unmounting File SystemsThe file system is best visualized as a tree, rooted, as it
were, at /.
/dev,
/usr, and the other
directories in the root directory are branches, which may have
their own branches, such as
/usr/local, and so
on.root file systemThere are various reasons to house some of these
directories on separate file systems.
/var contains the
directories log/,
spool/, and various types
of temporary files, and as such, may get filled up. Filling up
the root file system is not a good idea, so splitting
/var from
/ is often
favorable.Another common reason to contain certain directory trees on
other file systems is if they are to be housed on separate
physical disks, or are separate virtual disks, such as Network
File System mounts, described in ,
or CDROM drives.The fstab Filefile systemsmounted with fstabDuring the boot process (), file
systems listed in /etc/fstab are
automatically mounted except for the entries containing
. This file contains entries in the
following format:device/mount-pointfstypeoptionsdumpfreqpassnodeviceAn existing device name as explained in
.mount-pointAn existing directory on which to mount the file
system.fstypeThe file system type to pass to &man.mount.8;. The
default &os; file system is
ufs.optionsEither for read-write file
systems, or for read-only file
systems, followed by any other options that may be
needed. A common option is for
file systems not normally mounted during the boot
sequence. Other options are listed in
&man.mount.8;.dumpfreqUsed by &man.dump.8; to determine which file systems
require dumping. If the field is missing, a value of
zero is assumed.passnoDetermines the order in which file systems should be
checked. File systems that should be skipped should
have their passno set to zero. The
root file system needs to be checked before everything
else and should have its passno set
to one. The other file systems should be set to
values greater than one. If more than one file system
has the same passno, &man.fsck.8;
will attempt to check file systems in parallel if
possible.Refer to &man.fstab.5; for more information on the format
of /etc/fstab and its options.Using &man.mount.8;file systemsmountingFile systems are mounted using &man.mount.8;. The most
basic syntax is as follows:&prompt.root; mount devicemountpointThis command provides many options which are described in
&man.mount.8;, The most commonly used options include:Mount OptionsMount all the file systems listed in
/etc/fstab, except those marked as
noauto, excluded by the
flag, or those that are already
mounted.Do everything except for the actual mount system
call. This option is useful in conjunction with the
flag to determine what &man.mount.8;
is actually trying to do.Force the mount of an unclean file system
(dangerous), or the revocation of write access when
downgrading a file system's mount status from read-write
to read-only.Mount the file system read-only. This is identical
to using .fstypeMount the specified file system type or mount only
file systems of the given type, if
is included. ufs is the default file
system type.Update mount options on the file system.Be verbose.Mount the file system read-write.The following options can be passed to
as a comma-separated list:nosuidDo not interpret setuid or setgid flags on the
file system. This is also a useful security
option.Using &man.umount.8;file systemsunmountingTo unmount a file system use &man.umount.8;. This command
takes one parameter which can be a mountpoint, device name,
or .All forms take to force unmounting,
and for verbosity. Be warned that
is not generally a good idea as it might
crash the computer or damage data on the file system.To unmount all mounted file systems, or just the file
system types listed after , use
or . Note that
does not attempt to unmount the root file
system.Processes&os; is a multi-tasking operating system. Each program
running at any one time is called a
process. Every running command starts
at least one new process and there are a number of system
processes that are run by &os;.Each process is uniquely identified by a number called a
process ID (PID).
Similar to files, each process has one owner and group, and
the owner and group permissions are used to determine which
files and devices the process can open. Most processes also
have a parent process that started them. For example, the
shell is a process, and any command started in the shell is a
process which has the shell as its parent process. The
exception is a special process called &man.init.8; which is
always the first process to start at boot time and which always
has a PID of 1.To see the processes on the system, use &man.ps.1; and
&man.top.1;. To display a static list of the currently running
processes, their PIDs, how much memory they
are using, and the command they were started with, use
&man.ps.1;. To display all the running processes and update
the display every few seconds in order to interactively see
what the computer is doing, use &man.top.1;.By default, &man.ps.1; only shows the commands that are
running and owned by the user. For example:&prompt.user; ps
PID TT STAT TIME COMMAND
298 p0 Ss 0:01.10 tcsh
7078 p0 S 2:40.88 xemacs mdoc.xsl (xemacs-21.1.14)
37393 p0 I 0:03.11 xemacs freebsd.dsl (xemacs-21.1.14)
72210 p0 R+ 0:00.00 ps
390 p1 Is 0:01.14 tcsh
7059 p2 Is+ 1:36.18 /usr/local/bin/mutt -y
6688 p3 IWs 0:00.00 tcsh
10735 p4 IWs 0:00.00 tcsh
20256 p5 IWs 0:00.00 tcsh
262 v0 IWs 0:00.00 -tcsh (tcsh)
270 v0 IW+ 0:00.00 /bin/sh /usr/X11R6/bin/startx -- -bpp 16
280 v0 IW+ 0:00.00 xinit /home/nik/.xinitrc -- -bpp 16
284 v0 IW 0:00.00 /bin/sh /home/nik/.xinitrc
285 v0 S 0:38.45 /usr/X11R6/bin/sawfishThe output from &man.ps.1; is organized into a number of
columns. The PID column displays the process
ID. PIDs are assigned starting at 1, go up
to 99999, then wrap around back to the beginning. However, a
PID is not reassigned if it is already in
use. The TT column shows the tty the program
is running on and STAT shows the program's
state. TIME is the amount of time the
program has been running on the CPU. This is usually not the
elapsed time since the program was started, as most programs
spend a lot of time waiting for things to happen before they
need to spend time on the CPU. Finally,
COMMAND is the command that was used to start
the program.&man.ps.1; supports a number of different options to change
the information that is displayed. One of the most useful sets
is auxww. displays
information about all the running processes of all users.
displays the username of the process' owner,
as well as memory usage. displays
information about daemon processes, and
causes &man.ps.1; to display the full command line for each
process, rather than truncating it once it gets too long to fit
on the screen.The output from &man.top.1; is similar. A sample session
looks like this:&prompt.user; top
last pid: 72257; load averages: 0.13, 0.09, 0.03 up 0+13:38:33 22:39:10
47 processes: 1 running, 46 sleeping
CPU states: 12.6% user, 0.0% nice, 7.8% system, 0.0% interrupt, 79.7% idle
Mem: 36M Active, 5256K Inact, 13M Wired, 6312K Cache, 15M Buf, 408K Free
Swap: 256M Total, 38M Used, 217M Free, 15% Inuse
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
72257 nik 28 0 1960K 1044K RUN 0:00 14.86% 1.42% top
7078 nik 2 0 15280K 10960K select 2:54 0.88% 0.88% xemacs-21.1.14
281 nik 2 0 18636K 7112K select 5:36 0.73% 0.73% XF86_SVGA
296 nik 2 0 3240K 1644K select 0:12 0.05% 0.05% xterm
175 root 2 0 924K 252K select 1:41 0.00% 0.00% syslogd
7059 nik 2 0 7260K 4644K poll 1:38 0.00% 0.00% mutt
...The output is split into two sections. The header (the
first five lines) shows the PID of the last
process to run, the system load averages (which are a measure
of how busy the system is), the system uptime (time since the
last reboot) and the current time. The other figures in the
header relate to how many processes are running (47 in this
case), how much memory and swap space has been used, and how
much time the system is spending in different CPU states.Below the header is a series of columns containing similar
information to the output from &man.ps.1;, such as the
PID, username, amount of CPU time, and the
command that started the process. By default, &man.top.1; also
displays the amount of memory space taken by the process.
This is split into two columns: one for total size and one for
resident size. Total size is how much memory the application
has needed and the resident size is how much it is actually
using at the moment. In this example,
mutt has required almost 8 MB
of RAM, but is currently only using 5 MB.&man.top.1; automatically updates the display every two
seconds. A different interval can be specified with
.Daemons, Signals, and Killing ProcessesWhen using an editor, it is easy to control the editor and
load files because the editor provides facilities to do so, and
because the editor is attached to a
terminal. Some programs are not designed
to be run with continuous user input and disconnect from the
terminal at the first opportunity. For example, a web server
responds to web requests, rather than user input. Mail servers
are another example of this type of application.These programs are known as daemons.
The term daemon comes from Greek mythology and represents an
entity that is neither good or evil, and which invisibly
performs useful tasks. This is why the BSD mascot is the
cheerful-looking daemon with sneakers and a pitchfork.There is a convention to name programs that normally run as
daemons with a trailing d.
BIND is the Berkeley Internet Name
Domain, but the actual program that executes is &man.named.8;.
The Apache web server program is
httpd and the line printer spooling daemon
is &man.lpd.8;. This is only a naming convention. For example,
the main mail daemon for the Sendmail
application is &man.sendmail.8;, and not
maild.One way to communicate with a daemon, or any running
process, is to send a signal using
&man.kill.1;. There are a number of different signals; some
have a specific meaning while others are described in the
application's documentation. A user can only send a signal to a
process they own and sending a signal to someone else's process
will result in a permission denied error. The exception is the
root user, who can send signals to anyone's
processes.&os; can also send a signal to a process. If an application
is badly written and tries to access memory that it is not
supposed to, &os; will send the process the
Segmentation Violation signal
(SIGSEGV). If an application has used the
&man.alarm.3; system call to be alerted after a period of time
has elapsed, it will be sent the Alarm signal
(SIGALRM).Two signals can be used to stop a process:
SIGTERM and SIGKILL.
SIGTERM is the polite way to kill a process
as the process can read the signal, close any log files it may
have open, and attempt to finish what it is doing before
shutting down. In some cases, a process may ignore
SIGTERM if it is in the middle of some task
that can not be interrupted.SIGKILL can not be ignored by a process.
This is the I do not care what you are doing, stop right
now signal. Sending a SIGKILL to a
process will usually stop that process there and then.There are a few tasks that can not be interrupted. For
example, if the process is trying to read from a file that
is on another computer on the network, and the other
computer is unavailable, the process is said to be
uninterruptible. Eventually the process will
time out, typically after two minutes. As soon as this time
out occurs the process will be killed..Other commonly used signals are SIGHUP,
SIGUSR1, and SIGUSR2.
These are general purpose signals and different applications
will respond differently.For example, after changing a web server's configuration
file, the web server needs to be told to re-read its
configuration. Restarting httpd would result
in a brief outage period on the web server. Instead, send the
daemon the SIGHUP signal. Be aware that
different daemons will have different behavior, so refer to the
documentation for the daemon to determine if
SIGHUP will achieve the desired
results.Sending a Signal to a ProcessThis example shows how to send a signal to &man.inetd.8;.
The &man.inetd.8; configuration file is
/etc/inetd.conf, and &man.inetd.8; will
re-read this configuration file when it is sent a
SIGHUP.Find the PID of the process to send
the signal to using &man.pgrep.1;. In this example, the
PID for &man.inetd.8; is 198:&prompt.user; pgrep -l inetd
198 inetd -wWUse &man.kill.1; to send the signal. Because
&man.inetd.8; is owned by root, use
&man.su.1; to become root first.&prompt.user; suPassword:
&prompt.root; /bin/kill -s HUP 198Like most &unix; commands, &man.kill.1; will not print
any output if it is successful. If a signal is sent to a
process not owned by that user, the message
kill: PID: Operation
not permitted will be displayed. Mistyping
the PID will either send the signal to
the wrong process, which could have negative results, or
will send the signal to a PID that is
not currently in use, resulting in the error
kill: PID: No such
process.Why Use /bin/kill?Many shells provide kill as a built
in command, meaning that the shell will send the signal
directly, rather than running
/bin/kill. Be aware that different
shells have a different syntax for specifying the name of
the signal to send. Rather than try to learn all of them,
it can be simpler to use /bin/kill
...
directly.When sending other signals, substitute
TERM or KILL in the
command line as necessary.Killing a random process on the system can be a bad idea.
In particular, &man.init.8;, PID 1, is
special. Running /bin/kill -s KILL 1 is
a quick, and unrecommended, way to shutdown the system.
Always double check the arguments to
&man.kill.1; before pressing
Return.Shellsshellscommand line&os; provides a command line interface called a shell. A
shell receives commands from the input channel and executes
them. Many shells provide built in functions to help with
everyday tasks such as file management, file globbing, command
line editing, command macros, and environment variables. &os;
comes with several shells, including the Bourne shell
(&man.sh.1;) and the extended C shell (&man.tcsh.1;). Other
shells are available from the &os; Ports Collection, such as
zsh and bash.The shell that is used is really a matter of taste. A C
programmer might feel more comfortable with a C-like shell such
as &man.tcsh.1;. A &linux; user might prefer
bash. Each shell has unique properties that
may or may not work with a user's preferred working environment,
which is why there is a choice of which shell to use.One common shell feature is filename completion. After a
user types the first few letters of a command or filename and
presses Tab, the shell will automatically
complete the rest of the command or filename. Consider two
files called foobar and
foo.bar. To delete
foo.bar, type rm
fo[Tab].[Tab].The shell should print out
rm foo[BEEP].bar.The [BEEP] is the console bell, which the shell used to
indicate it was unable to complete the filename because there
is more than one match. Both foobar and
foo.bar start with fo.
By typing ., then pressing
Tab again, the shell would be able to fill in
the rest of the filename.environment variablesAnother feature of the shell is the use of environment
variables. Environment variables are a variable/key pair stored
in the shell's environment. This environment can be read by any
program invoked by the shell, and thus contains a lot of program
configuration. Here is a list of common environment variables
and their meanings:VariableDescriptionUSERCurrent logged in user's name.PATHColon-separated list of directories to search for
binaries.DISPLAYNetwork name of the
&xorg;
display to connect to, if available.SHELLThe current shell.TERMThe name of the user's type of terminal. Used to
determine the capabilities of the terminal.TERMCAPDatabase entry of the terminal escape codes to
perform various terminal functions.OSTYPEType of operating system.MACHTYPEThe system's CPU architecture.EDITORThe user's preferred text editor.PAGERThe user's preferred text pager.MANPATHColon-separated list of directories to search for
manual pages.Bourne shellsHow to set an environment variable differs between shells.
In &man.tcsh.1; and &man.csh.1;, use
setenv to set environment variables. In
&man.sh.1; and bash, use
export to set the current environment
variables. This example sets the default EDITOR
to /usr/local/bin/emacs for the
&man.tcsh.1; shell:&prompt.user; setenv EDITOR /usr/local/bin/emacsThe equivalent command for bash
would be:&prompt.user; export EDITOR="/usr/local/bin/emacs"To expand an environment variable in order to see its
current setting, type a $ character in front
of its name on the command line. For example,
echo $TERM displays the current
$TERM setting.Shells treat special characters, known as meta-characters,
as special representations of data. The most common
meta-character is *, which represents any
number of characters in a filename. Meta-characters can be
used to perform filename globbing. For example,
echo * is equivalent to &man.ls.1; because
the shell takes all the files that match *
and &man.echo.1; lists them on the command line.To prevent the shell from interpreting a special character,
escape it from the shell by starting it with a backslash
(\). For example,
echo $TERM prints the terminal setting
whereas echo \$TERM literally prints the
string $TERM.Changing Your ShellThe easiest way to permanently change the default shell is
to use chsh. Running this command will
open the editor that is configured in the
EDITOR environment variable, which by default
is set to &man.vi.1;. Change the Shell: line
to the full path of the new shell.Alternately, use chsh -s which will set
the specified shell without opening an editor. For example,
to change the shell to bash:&prompt.user; chsh -s /usr/local/bin/bashThe new shell must be present in
/etc/shells. If the shell was
installed from the &os; Ports Collection as described in
, it should be automatically added
to this file. If it is missing, add it using this
command, replacing the path with the path of the
shell:&prompt.root; echo /usr/local/bin/bash >> /etc/shellsThen rerun &man.chsh.1;.Text Editorstext editorseditorsMost &os; configuration is done by editing text files.
Because of this, it is a good idea to become familiar with a
text editor. &os; comes with a few as part of the base system,
and many more are available in the Ports Collection.eeeditors&man.ee.1;A simple editor to learn is &man.ee.1;, which stands for
easy editor. To start this editor, type ee
filename where
filename is the name of the file to
be edited. Once inside the editor, all of the commands for
manipulating the editor's functions are listed at the top of the
display. The caret ^ represents
Ctrl, so ^e expands to
Ctrle.
To leave &man.ee.1;, press Esc, then choose the
leave editor option from the main menu. The
editor will prompt to save any changes if the file has been
modified.&man.vi.1;editors&man.vi.1;emacseditorsemacs&os; also comes with more powerful text editors, such as
&man.vi.1;, as part of the base system. Other editors, like
editors/emacs and
editors/vim, are part of the
&os; Ports Collection. These editors offer more functionality
at the expense of being a more complicated to learn. Learning a
more powerful editor such as vim or
Emacs can save more time in the long
run.Many applications which modify files or require typed input
will automatically open a text editor. To alter the default
editor used, set the EDITOR environment
variable as described in .Devices and Device NodesA device is a term used mostly for hardware-related
activities in a system, including disks, printers, graphics
cards, and keyboards. When &os; boots, the majority of the boot
messages refer to devices being detected. A copy of the boot
messages are saved to
/var/run/dmesg.boot.Each device has a device name and number. For example,
acd0 is the first IDE CD-ROM drive,
while kbd0 represents the
keyboard.Most devices in a &os; must be accessed through special
files called device nodes, which are located in
/dev.For More InformationManual Pagesmanual pagesThe most comprehensive documentation on &os; is in the
form of manual pages. Nearly every program on the system
comes with a short reference manual explaining the basic
operation and available arguments. These manuals can be
viewed using man:&prompt.user; man commandwhere command is the name of
the command to learn about. For example, to learn more about
&man.ls.1;, type:&prompt.user; man lsThe online manual is divided into numbered
sections:User commands.System calls and error numbers.Functions in the C libraries.Device drivers.File formats.Games and other diversions.Miscellaneous information.System maintenance and operation commands.Kernel developers.In some cases, the same topic may appear in more than one
section of the online manual. For example, there is a
&man.chmod.1; user command and a
chmod() system call. To tell &man.man.1;
which section to display, specify the section number:&prompt.user; man 1 chmodThis will display the manual page for the user command
&man.chmod.1;. References to a particular section of the
online manual are traditionally placed in parenthesis in
written documentation, so &man.chmod.1; refers to the user
command and &man.chmod.2; refers to the system call.If the command name is unknown, use man
-k to search for keywords in the command
descriptions:&prompt.user; man -k mailThis command displays a list of commands that have the
keyword mail in their descriptions. This is
equivalent to using &man.apropos.1;.To determine what the commands in
/usr/bin do,
type:&prompt.user; cd /usr/bin
&prompt.user; man -f *or&prompt.user; cd /usr/bin
&prompt.user; whatis *GNU Info FilesFree Software Foundation&os; includes many applications and utilities produced
by the Free Software Foundation (FSF). In addition to manual
pages, these programs may include hypertext documents called
info files. These can be viewed using
&man.info.1; or, if
editors/emacs is
installed, the info mode of
emacs.To use &man.info.1;, type:&prompt.user; infoFor a brief introduction, type h. For
a quick command reference, type ?.
diff --git a/en_US.ISO8859-1/books/handbook/book.xml b/en_US.ISO8859-1/books/handbook/book.xml
index f30705c8e4..e23d7ec009 100644
--- a/en_US.ISO8859-1/books/handbook/book.xml
+++ b/en_US.ISO8859-1/books/handbook/book.xml
@@ -1,302 +1,301 @@
%chapters;
%txtfiles;
]>
FreeBSD HandbookThe FreeBSD Documentation Project$FreeBSD$$FreeBSD$1995199619971998199920002001200220032004200520062007200820092010201120122013The FreeBSD Documentation Project
&legalnotice;
&tm-attrib.freebsd;
&tm-attrib.3com;
&tm-attrib.3ware;
&tm-attrib.arm;
&tm-attrib.adaptec;
&tm-attrib.adobe;
&tm-attrib.apple;
&tm-attrib.creative;
&tm-attrib.cvsup;
&tm-attrib.heidelberger;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.intuit;
&tm-attrib.linux;
&tm-attrib.lsilogic;
&tm-attrib.m-systems;
&tm-attrib.microsoft;
&tm-attrib.opengroup;
&tm-attrib.oracle;
&tm-attrib.realnetworks;
&tm-attrib.redhat;
&tm-attrib.sun;
&tm-attrib.themathworks;
&tm-attrib.thomson;
&tm-attrib.usrobotics;
&tm-attrib.vmware;
&tm-attrib.waterloomaple;
&tm-attrib.wolframresearch;
&tm-attrib.xfree86;
&tm-attrib.xiph;
&tm-attrib.general;
Welcome to FreeBSD! This handbook covers the installation
and day to day use of
FreeBSD &rel2.current;-RELEASE and
FreeBSD &rel.current;-RELEASE. This
manual is a work in progress and is the
work of many individuals. As such, some sections may become
dated and require updating. If you are interested in helping
out with this project, send email to the &a.doc;. The latest
version of this document is always available from the
FreeBSD web site
(previous versions of this handbook can be obtained from
). It may
also be downloaded in a variety of formats and compression
options from the
FreeBSD
FTP server or one of the numerous
mirror sites. If you would
prefer to have a hard copy of the handbook, you can purchase
one at the
FreeBSD Mall.
You may also want to
search the
handbook.
&chap.preface;
Getting StartedThis part of the FreeBSD Handbook is for users and
administrators who are new to FreeBSD. These chapters:Introduce you to FreeBSD.Guide you through the installation process.Teach you &unix; basics and fundamentals.Show you how to install the wealth of third party
applications available for FreeBSD.Introduce you to X, the &unix; windowing system, and
detail how to configure a desktop environment that makes
you more productive.We have tried to keep the number of forward references in
the text to a minimum so that you can read this section of the
Handbook from front to back with the minimum page flipping
required.
&chap.introduction;
&chap.bsdinstall;
&chap.install;
&chap.basics;
&chap.ports;
&chap.x11;
Common TasksNow that the basics have been covered, this part of the
FreeBSD Handbook will discuss some frequently used features of
FreeBSD. These chapters:Introduce you to popular and useful desktop
applications: browsers, productivity tools, document
viewers, etc.Introduce you to a number of multimedia tools
available for FreeBSD.Explain the process of building a customized FreeBSD
kernel, to enable extra functionality on your
system.Describe the print system in detail, both for desktop
and network-connected printer setups.Show you how to run Linux applications on your FreeBSD
system.Some of these chapters recommend that you do some prior
reading, and this is noted in the synopsis at the beginning of
each chapter.
&chap.desktop;
&chap.multimedia;
&chap.kernelconfig;
&chap.printing;
&chap.linuxemu;
System AdministrationThe remaining chapters of the FreeBSD Handbook cover all
aspects of FreeBSD system administration. Each chapter starts
by describing what you will learn as a result of reading the
chapter, and also details what you are expected to know before
tackling the material.These chapters are designed to be read when you need
the information. You do not have to read them in any
particular order, nor do you need to read all of them before
you can begin using FreeBSD.
&chap.config;
&chap.boot;
- &chap.users;
&chap.security;
&chap.jails;
&chap.mac;
&chap.audit;
&chap.disks;
&chap.geom;
&chap.filesystems;
&chap.virtualization;
&chap.l10n;
&chap.cutting-edge;
&chap.dtrace;
Network CommunicationFreeBSD is one of the most widely deployed operating
systems for high performance network servers. The chapters in
this part cover:Serial communicationPPP and PPP over EthernetElectronic MailRunning Network ServersFirewallsOther Advanced Networking TopicsThese chapters are designed to be read when
you need the information. You do not have to read them in any
particular order, nor do you need to read all of them before
you can begin using FreeBSD in a network environment.
&chap.serialcomms;
&chap.ppp-and-slip;
&chap.mail;
&chap.network-servers;
&chap.firewalls;
&chap.advanced-networking;
Appendices
&chap.mirrors;
&chap.bibliography;
&chap.eresources;
&chap.pgpkeys;
&freebsd-glossary;
&chap.index;
&chap.colophon;
diff --git a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml
index 620615895e..70e676e6c6 100644
--- a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml
@@ -1,2753 +1,2753 @@
JimMockRestructured, reorganized, and parts
rewritten by RandyPrattThe sysinstall walkthrough, screenshots, and general
copy by GavinAtkinsonUpdated for bsdinstall by WarrenBlockInstalling &os; 9.X and
LaterSynopsisinstallation&os; comes with a text-based, easy to use installation
program. &os; 9.0-RELEASE and later use an installation
program called bsdinstall, while
releases prior to &os; 9.0-RELEASE using
sysinstall for installation. This
chapter describes the use of
bsdinstall. The use of
sysinstall is covered in .After reading this chapter, you will know:How to create the &os; installation media.How &os; subdivides and refers to hard disks.How to start
bsdinstall.The questions bsdinstall will
ask you, what they mean, and how to answer them.Before reading this chapter, you should:Read the supported hardware list that shipped with the
version of &os; you are installing, and verify that your
hardware is supported.In general, these installation instructions are written
for &i386; (PC compatible) architecture
computers. Where applicable, instructions specific to other
platforms will be listed. There may be minor differences
between the installer and what is shown here, so use this
chapter as a general guide rather than as exact literal
instructions.Hardware RequirementsMinimal ConfigurationThe minimal configuration to install &os; varies with the
&os; version and the hardware architecture.A summary of this information is given in the following
sections. Depending on the method you choose to install &os;,
you may also need a supported CDROM drive, and in some cases a
network adapter. This will be covered by .&os;/&arch.i386;&os;/&arch.i386; requires a 486 or better processor and
at least 64 MB of RAM. At least 1.1 GB of free
hard drive space is needed for the most minimal
installation.On old computers, increasing RAM and hard drive space
is usually more effective at improving performance than
installing a faster processor.&os;/&arch.amd64;There are two classes of processors capable of running
&os;/&arch.amd64;. The first are AMD64 processors,
including the &amd.athlon;64,
&amd.athlon;64-FX, &amd.opteron; or better
processors.The second class of processors that can use
&os;/&arch.amd64; includes those using the
&intel; EM64T architecture. Examples of these
processors include the &intel; &core; 2 Duo, Quad,
Extreme processor families, the &intel; &xeon; 3000,
5000, and 7000 sequences of processors, and the
&intel; &core; i3, i5 and i7 processors.If you have a machine based on an nVidia nForce3
Pro-150, you must use the BIOS setup to
disable the IO APIC. If you do not have an option to do
this, you will likely have to disable ACPI instead. There
are bugs in the Pro-150 chipset for which we have not yet
found a workaround.&os;/&arch.powerpc; &apple; &macintosh;All New World &apple; &macintosh; systems with built-in
USB are supported. SMP is supported on machines with
multiple CPUs.A 32-bit kernel can only use the first 2 GB of RAM.
&firewire; is not supported on the Blue & White PowerMac
G3.&os;/&arch.sparc64;Systems supported by &os;/&arch.sparc64; are listed at
the
FreeBSD/sparc64 Project.A dedicated disk is required for &os;/&arch.sparc64;.
It is not possible to share a disk with another operating
system at this time.Supported HardwareHardware architectures and devices supported by a &os;
release are listed in the Hardware Notes file. Usually named
HARDWARE.TXT, the file is located in the
root directory of the release media. Copies of the supported
hardware list are also available on the Release
Information page of the &os; web site.Pre-Installation TasksBack Up Your DataBack up all important data on the target computer
where &os; will be installed. Test the backups before
continuing. The &os; installer will ask before making changes
to the disk, but once the process has started it cannot be
undone.Decide Where to Install &os;If &os; will be the only operating system installed, and
will be allowed to use the entire hard disk, the rest of
this section can be skipped. But if &os; will share the disk
with other operating systems, an understanding of disk
layout is useful during the installation.Disk Layouts for &os;/&arch.i386; and
&os;/&arch.amd64;Hard disks can be divided into multiple sections. These
sections are called
partitions.There are two ways of dividing a disk into partitions.
A traditional Master Boot Record
(MBR) holds a
partition table defining up to four primary
partitions. (For historical reasons, &os;
calls primary partitions slices.) A
limit of only four partitions is restrictive for large
disks, so one of these primary partitions can be made into
an extended partition. Multiple
logical partitions may then be
created inside the extended partition. This may sound a
little unwieldy, and it is.The GUID Partition Table
(GPT) is a
newer and simpler method of partitioning a disk. GPT is far more
versatile than the traditional MBR partition table. Common
GPT implementations allow up to 128
partitions per disk, eliminating the need for inconvenient
workarounds like logical partitions.Some older operating systems like &windows; XP
are not compatible with the GPT
partition scheme. If &os; will be sharing a disk with
such an operating system, MBR partitioning is required.&os;'s standard boot loader requires either a primary or
GPT partition. (See for more information about the &os;
booting process.) If all of the primary or
GPT partitions are already in use, one
must be freed for &os;.A minimal installation of &os; takes as little as
1 GB of disk space. However, that is a
very minimal install, leaving almost no
free space. A more realistic minimum is 3 GB without a
graphical environment, and 5 GB or more if a graphical
user interface will be used. Third-party application
software requires more space.A variety of
free and commercial partition resizing tools are
available. GParted
Live is a free Live CD which includes the GParted
partition editor. GParted is also included with many other
Linux Live CD distributions.Disk partition applications can destroy data. Make a
full backup and verify its integrity before modifying disk
partitions.Resizing µsoft; Vista partitions can be
difficult. A Vista installation CDROM can be useful when
attempting such an operation.Using an Existing PartitionA &windows; computer has a single 40 GB disk that
has been split into two 20 GB partitions. &windows;
calls them C: and
D:. The
C: partition contains 10 GB
of data, and the D: partition
contains 5 GB of data.Moving the data from D: to
C: frees up the second partition
to be used for &os;.Shrinking an Existing PartitionA &windows; computer has a single 40 GB disk and
one large partition using the whole disk. &windows; shows
this 40 GB partition as a single
C:. 15 GB of space is being
used. The goal is to end up with &windows; in a
20 GB partition, and have another 20 GB
partition for &os;.There are two ways to do this:Back up your &windows; data. Then reinstall
&windows;, creating a 20 GB partition during the
install.Use a partition resizing tool like
GParted to shrink the
&windows; partition and create a new partition in the
freed space for &os;.Disk partitions containing different operating systems
make it possible to run any one of those operating systems
at a time. An alternative method that allows running
multiple operating systems at the same time is covered in
.Collect Network InformationSome &os; installation methods need a network connection
to download files. To connect to an Ethernet network (or
cable or DSL modem with an Ethernet interface), the installer
will request some information about the network.DHCP is commonly used to
provide automatic network configuration. If
DHCP is not available, this network
information must be obtained from the local network
administrator or service provider:Network InformationIP
addressSubnet maskDefault router IP addressDomain name of the local networkDNS
server IP address(es)Check for &os; ErrataAlthough the &os; Project strives to ensure that each
release of &os; is as stable as possible, bugs occasionally
creep into the process. On very rare occasions those bugs
affect the installation process. As these problems are
discovered and fixed, they are noted in the FreeBSD
Errata on the &os; web site. Check the errata before
installing to make sure that there are no problems that might
affect the installation.Information and errata for all the releases can be found
on the release
information section of the &os; web site.Prepare the Installation MediaA &os; installation is started by booting the computer
with a &os; installation CD, DVD, or USB memory stick. The
installer is not a program that can be run from within another
operating system.In addition to the standard installation media which
contains copies of all the &os; installation files, there is a
bootonly variant. Bootonly install media
does not have copies of the installation files, but downloads
them from the network during an install. The bootonly install
CD is consequently much smaller, and reduces bandwidth usage
during the install by only downloading required files.Copies of &os; installation media are available at the
&os; web
site.If you already have a copy of &os; on CDROM, DVD, or USB
memory stick, this section can be skipped.&os; CD and DVD images are bootable ISO files. Only one
CD or DVD is needed for an install. Burn the ISO image to a
bootable CD or DVD using the CD recording applications
available with your current operating system.To create a bootable memory stick, follow these
steps:Acquire the Memory Stick ImageMemory stick images for &os; 9.0-RELEASE and
later can be downloaded from the
ISO-IMAGES/
directory at
ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/arch/arch/ISO-IMAGES/version/&os;-version-RELEASE-arch-memstick.img.
Replace arch and
version with the
architecture and the version number which you want to
install, respectively. For example, the memory stick
images for &os;/&arch.i386; 9.0-RELEASE are
available from .A different directory path is used for
&os; 8.X and earlier
versions. Details of download and installation of
&os; 8.X and earlier is
covered in .The memory stick image has a .img
extension. The ISO-IMAGES/ directory
contains a number of different images, and the one needed
depends on the version of &os; being installed, and in
some cases, the target hardware.Before proceeding, back up the
data on the USB stick, as this procedure will
erase it.Write the Image File to the Memory StickUsing &os; to Write the ImageThe example below shows /dev/da0 as the target
device where the image will be written. Be very
careful that the correct device is used as the output
target, or you may destroy existing data.Writing the Image with &man.dd.1;The .img file is
not a regular file. It is an
image of the complete contents of
the memory stick. It cannot
simply be copied like a regular file, but must be
written directly to the target device with
&man.dd.1;:&prompt.root; dd if=&os;-9.0-RELEASE-&arch.i386;-memstick.img of=/dev/da0 bs=64kUsing &windows; to Write the ImageBe sure to give the correct drive letter as the
output target, or you may overwrite and destroy
existing data.Obtaining Image Writer for
&windows;Image Writer for
&windows; is a free application that
can correctly write an image file to a memory stick.
Download it from
and extract it into a folder.Writing the Image with Image WriterDouble-click the
Win32DiskImager icon to
start the program. Verify that the drive letter shown
under Device is the
drive with the memory stick. Click the folder icon
and select the image to be written to the memory
stick. Click
[ Save ] to accept
the image file name. Verify that everything is
correct, and that no folders on the memory stick are
open in other windows. When everything is ready,
click [ Write ] to
write the image file to the memory stick.Installation from floppy disks is no longer
supported.You are now ready to start installing &os;.Starting the InstallationBy default, the installation will not make any changes to
your disk(s) until you see the following message:Your changes will now be written to disk. If you
have chosen to overwrite existing data, it will
be PERMANENTLY ERASED. Are you sure you want to
commit your changes?The install can be exited at any time prior to this
warning without changing the contents of the hard drive. If
you are concerned that you have configured something
incorrectly you can just turn the computer off before this
point, and no damage will be done.BootingBooting on &i386; and &arch.amd64;If you prepared a bootable USB stick,
as described in
, then
plug in your USB stick before turning on the
computer.If you are booting from CDROM, then you will need to
turn on the computer, and insert the CDROM at the first
opportunity.Configure your machine to boot from either the CDROM
or from USB, depending on the media being used for the
installation. BIOS configurations allow the
selection of a specific boot device. Most systems also
provide for selecting a boot device during startup,
typically by pressing F10,
F11, F12, or
Escape.If your computer starts up as normal and loads your
existing operating system, then either:The disks were not inserted early enough in the
boot process. Leave them in, and try restarting
your computer.The BIOS changes earlier did
not work correctly. You should redo that step until
you get the right option.Your particular BIOS does not
support booting from the desired media. The Plop
Boot Manager can be used to boot older
computers from CD or USB media.&os; will start to boot. If you are booting from
CDROM you will see a display similar to this (version
information omitted):Booting from CD-ROM...
645MB medium detected
CD Loader 1.2
Building the boot loader arguments
Looking up /BOOT/LOADER... Found
Relocating the loader and the BTX
Starting the BTX loader
BTX loader 1.00 BTX version is 1.02
Consoles: internal video/keyboard
BIOS CD is cd0
BIOS drive C: is disk0
BIOS drive D: is disk1
BIOS 636kB/261056kB available memory
FreeBSD/i386 bootstrap loader, Revision 1.1
Loading /boot/defaults/loader.conf
/boot/kernel/kernel text=0x64daa0 data=0xa4e80+0xa9e40 syms=[0x4+0x6cac0+0x4+0x88e9d]
\The &os; boot loader is displayed:&os; Boot Loader MenuEither wait ten seconds, or press
Enter.Booting for &macintosh; &powerpc;On most machines, holding C on the
keyboard during boot will boot from the CD. Otherwise, hold
CommandOptionOF,
or
WindowsAltOF
on non-&apple; keyboards. At the 0 >
prompt, enterboot cd:,\ppc\loader cd:0For Xserves without keyboards, see
&apple;'s
support web site about booting into Open
Firmware.Booting for &sparc64;Most &sparc64; systems are set up to boot automatically
from disk. To install &os;, you need to boot over the
network or from a CDROM, which requires you to break into
the PROM (OpenFirmware).To do this, reboot the system, and wait until the boot
message appears. It depends on the model, but should look
about like:Sun Blade 100 (UltraSPARC-IIe), Keyboard Present
Copyright 1998-2001 Sun Microsystems, Inc. All rights reserved.
OpenBoot 4.2, 128 MB memory installed, Serial #51090132.
Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.If your system proceeds to boot from disk at this point,
you need to press
L1A
or
StopA
on the keyboard, or send a BREAK over the
serial console (using for example ~# in
&man.tip.1; or &man.cu.1;) to get to the PROM
prompt. It looks like this:ok ok {0} This is the prompt used on systems with just one
CPU.This is the prompt used on SMP systems, the digit
indicates the number of the active CPU.At this point, place the CDROM into your drive, and from
the PROM prompt, type
boot cdrom.Reviewing the Device Probe ResultsThe last few hundred lines that have been displayed on
screen are stored and can be reviewed.To review the buffer, press Scroll Lock.
This turns on scrolling in the display. You can then use the
arrow keys, or PageUp and
PageDown to view the results. Press
Scroll Lock again to stop scrolling.Do this now, to review the text that scrolled off the
screen when the kernel was carrying out the device probes.
You will see text similar to , although the precise text
will differ depending on the devices that you have in your
computer.Typical Device Probe ResultsCopyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 9.0-RELEASE #0 r225473M: Sun Sep 11 16:07:30 BST 2011
root@psi:/usr/obj/usr/src/sys/GENERIC amd64
CPU: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (2527.05-MHz K8-class CPU)
Origin = "GenuineIntel" Id = 0x10676 Family = 6 Model = 17 Stepping = 6
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x8e3fd<SSE3,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1>
AMD Features=0x20100800<SYSCALL,NX,LM>
AMD Features2=0x1<LAHF>
TSC: P-state invariant, performance statistics
real memory = 3221225472 (3072 MB)
avail memory = 2926649344 (2791 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <TOSHIB A0064 >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
ioapic0: Changing APIC ID to 1
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <TOSHIB A0064> on motherboard
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, b6690000 (3) failed
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xd808-0xd80b on acpi0
cpu0: <ACPI CPU> on acpi0
ACPI Warning: Incorrect checksum in table [ASF!] - 0xFE, should be 0x9A (20110527/tbutils-282)
cpu1: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xcff8-0xcfff mem 0xff400000-0xff7fffff,0xe0000000-0xefffffff irq 16 at device 2.0 on pci0
agp0: <Intel GM45 SVGA controller> on vgapci0
agp0: aperture size is 256M, detected 131068k stolen memory
vgapci1: <VGA-compatible display> mem 0xffc00000-0xffcfffff at device 2.1 on pci0
pci0: <simple comms> at device 3.0 (no driver attached)
em0: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0xcf80-0xcf9f mem 0xff9c0000-0xff9dffff,0xff9fe000-0xff9fefff irq 20 at device 25.0 on pci0
em0: Using an MSI interrupt
em0: Ethernet address: 00:1c:7e:6a:ca:b0
uhci0: <Intel 82801I (ICH9) USB controller> port 0xcf60-0xcf7f irq 16 at device 26.0 on pci0
usbus0: <Intel 82801I (ICH9) USB controller> on uhci0
uhci1: <Intel 82801I (ICH9) USB controller> port 0xcf40-0xcf5f irq 21 at device 26.1 on pci0
usbus1: <Intel 82801I (ICH9) USB controller> on uhci1
uhci2: <Intel 82801I (ICH9) USB controller> port 0xcf20-0xcf3f irq 19 at device 26.2 on pci0
usbus2: <Intel 82801I (ICH9) USB controller> on uhci2
ehci0: <Intel 82801I (ICH9) USB 2.0 controller> mem 0xff9ff800-0xff9ffbff irq 19 at device 26.7 on pci0
usbus3: EHCI version 1.0
usbus3: <Intel 82801I (ICH9) USB 2.0 controller> on ehci0
hdac0: <Intel 82801I High Definition Audio Controller> mem 0xff9f8000-0xff9fbfff irq 22 at device 27.0 on pci0
pcib1: <ACPI PCI-PCI bridge> irq 17 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
iwn0: <Intel(R) WiFi Link 5100> mem 0xff8fe000-0xff8fffff irq 16 at device 0.0 on pci1
pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.1 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0
pci4: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci5: <ACPI PCI bus> on pcib4
cbb0: <RF5C476 PCI-CardBus Bridge> at device 11.0 on pci5
cardbus0: <CardBus bus> on cbb0
pccard0: <16-bit PCCard bus> on cbb0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
ahci0: <Intel ICH9M AHCI SATA controller> port 0x8f58-0x8f5f,0x8f54-0x8f57,0x8f48-0x8f4f,0x8f44-0x8f47,0x8f20-0x8f3f mem 0xff9fd800-0xff9fdfff irq 19 at device 31.2 on pci0
ahci0: AHCI v1.20 with 4 3Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 4 on ahci0
acpi_lid0: <Control Method Lid Switch> on acpi0
battery0: <ACPI Control Method Battery> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_acad0: <AC Adapter> on acpi0
acpi_toshiba0: <Toshiba HCI Extras> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model GlidePoint, device ID 0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
est1: <Enhanced SpeedStep Frequency Control> on cpu1
p4tcc1: <CPU Frequency Thermal Control> on cpu1
Timecounters tick every 1.000 msec
hdac0: HDA Codec #0: Realtek ALC268
hdac0: HDA Codec #1: Lucent/Agere Systems (Unknown)
pcm0: <HDA Realtek ALC268 PCM #0 Analog> at cad 0 nid 1 on hdac0
pcm1: <HDA Realtek ALC268 PCM #1 Analog> at cad 0 nid 1 on hdac0
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 12Mbps Full Speed USB v1.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 480Mbps High Speed USB v2.0
ugen0.1: <Intel> at usbus0
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen2.1: <Intel> at usbus2
uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <Intel> at usbus3
uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
uhub3: 6 ports with 6 removable, self powered
ugen2.2: <vendor 0x0b97> at usbus2
uhub8: <vendor 0x0b97 product 0x7761, class 9/0, rev 1.10/1.10, addr 2> on usbus2
ugen1.2: <Microsoft> at usbus1
ada0 at ahcich0 bus 0 scbus1 target 0 lun 0
ada0: <Hitachi HTS543225L9SA00 FBEOC43C> ATA-8 SATA 1.x device
ada0: 150.000MB/s transfers (SATA 1.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 238475MB (488397168 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad4
ums0: <Microsoft Microsoft 3-Button Mouse with IntelliEyeTM, class 0/0, rev 1.10/3.00, addr 2> on usbus1
SMP: AP CPU #1 Launched!
cd0 at ahcich1 bus 0 scbus2 target 0 lun 0
cd0: <TEAC DV-W28S-RT 7.0C> Removable CD-ROM SCSI-0 device
cd0: 150.000MB/s transfers (SATA 1.x, ums0: 3 buttons and [XYZ] coordinates ID=0
UDMA2, ATAPI 12bytes, PIO 8192bytes)
cd0: cd present [1 x 2048 byte records]
ugen0.2: <Microsoft> at usbus0
ukbd0: <Microsoft Natural Ergonomic Keyboard 4000, class 0/0, rev 2.00/1.73, addr 2> on usbus0
kbd2 at ukbd0
uhid0: <Microsoft Natural Ergonomic Keyboard 4000, class 0/0, rev 2.00/1.73, addr 2> on usbus0
Trying to mount root from cd9660:/dev/iso9660/FREEBSD_INSTALL [ro]...Check the probe results carefully to make sure that &os;
found all the devices you expected. If a device was not
found, then it will not be listed. Kernel modules allows
you to add in support for devices which are not in the
GENERIC kernel.After the procedure of device probing, you will see
. The install media
can be used in three ways: to install &os;, as a
live CD, or
to simply access a &os; shell. Use the arrow keys to choose
an option, and Enter to select.Selecting Installation Media ModeSelecting [ Install ]
here will enter the installer.Introducing bsdinstallbsdinstall is a text-based &os;
installer program written by &a.nwhitehorn.email; and introduced in
2011 for &os; 9.0.&a.kmoore.email;'s pc-sysinstall is
included with PC-BSD,
and can also be used to
install &os;. Although sometimes confused with
bsdinstall, the two are not
related.The bsdinstall menu system is
controlled by the arrow keys, Enter,
Tab, Space, and other
keys.Selecting the Keymap MenuDepending on the system console being used,
bsdinstall may initially prompt to
select a non-default keyboard layout.Keymap SelectionIf [ YES ] is selected,
the following keyboard selection screen will be displayed.
Otherwise, this selection menu will not be displayed, and a
default keyboard mapping will be used.Selecting Keyboard MenuSelect the keymap that most closely represents the mapping
of the keyboard attached to the system, using the up/down
arrow keys and pressing Enter.Pressing Esc will use the default
keymap. United States of America
ISO-8859-1 is also a safe option if the
choice of keymap is not clear.Setting the HostnameNext, bsdinstall will prompt
for the hostname to be given to the newly installed
system.Setting the HostnameThe entered hostname should be a fully-qualified hostname,
such as
machine3.example.comSelecting Components to InstallNext, bsdinstall will prompt to
select optional components to install.Selecting Components to InstallDeciding which components to install will depend largely
on the intended use of the system and the amount of disk space
available. The &os; Kernel and userland (collectively the
base system) are always installed.Depending on the type of installation, some of these
components may not appear.Optional Componentsdoc - Additional documentation,
mostly of historical interest. Documentation provided by
the &os; Documentation Project may be installed
later.games - Several traditional BSD
games, including fortune,
rot13, and others.lib32 - Compatibility libraries for
running 32-bit applications on a 64-bit version of
&os;.ports - The &os; Ports
Collection.The ports collection is an easy and convenient way to
install software. The Ports Collection does not contain
the source code necessary to compile the software.
Instead, it is a collection of files which automates the
downloading, compiling and installation of third-party
software packages. discusses how
to use the ports collection.The installation program does not check to see if
you have adequate space. Select this option only if you
have adequate hard disk space. As of &os; 9.0, the
&os; Ports Collection takes up about &ports.size; of
disk space. You can safely assume a larger value for
more recent versions of &os;.src - System source code.&os; comes with full source code for both the kernel
and the userland. Although not required for the majority
of applications, it may be required to build certain
software supplied as source (for example, device drivers
or kernel modules), or for developing &os; itself.The full source tree requires 1 GB of disk space,
and recompiling the entire &os; system requires an
additional 5 GB of space.Installing from the NetworkThe bootonly installation media does
not hold copies of the installation files. When a
bootonly installation method is used, the
files must be retrieved over a network connection as they are
needed.Installing from the NetworkAfter the network connection has been configured as shown in
, a mirror site
is selected. Mirror sites cache copies of the &os; files.
Choose a mirror site located in the same region of the world as
the computer on which &os; is being installed. Files can be
retrieved more quickly when the mirror is close to the target
computer, and installation time will be reduced.Choosing a MirrorInstallation will continue as if the installation files
were located on local media.Allocating Disk SpaceThere are three ways to allocate disk space for &os;.
Guided partitioning automatically sets up
disk partitions, while Manual partitioning
allows advanced users to create customized partitions. Finally,
there's the option of starting a shell where command-line
programs like &man.gpart.8;, &man.fdisk.8;, and &man.bsdlabel.8;
can be used directly.Selecting Guided or Manual PartitioningGuided PartitioningIf multiple disks are connected, choose the one where &os;
is to be installed.Selecting from Multiple DisksThe entire disk can be allocated to &os;, or just a
portion of it. If
[ Entire Disk ] is
chosen, a general partition layout filling the whole disk is
created. Selecting
[ Partition ] creates a
partition layout in unused space on the disk.Selecting Entire Disk or PartitionAfter the partition layout has been created, review it
carefully for accuracy. If a mistake has been made, selecting
[ Revert ] will reset the
partitions as they were previously, or
[ Auto ] will recreate the
automatic &os; partitions. Partitions can be manually
created, modified, or deleted. When the partitioning is
correct, select [ Finish ] to
continue with the installation.Review Created PartitionsManual PartitioningManual partitioning goes straight to the partition
editor.Manually Create PartitionsHighlighting a drive (ada0 in
this example) and selecting
[ Create ] displays a menu
for choosing the type of partitioning
scheme.Manually Create PartitionsGPT partitioning is usually the most
appropriate choice for PC-compatible computers. Older PC
operating systems that are not compatible with
GPT may require MBR
partitioning instead. The other partitioning schemes are
generally used for uncommon or older computer systems.
Partitioning SchemesAbbreviationDescriptionAPMApple
Partition Map, used by &powerpc;
&macintosh;.BSDBSD Labels without an MBR, sometimes called
"dangerously dedicated mode". See
&man.bsdlabel.8;.GPTGUID
Partition Table.MBRMaster
Boot Record.PC98MBR
variant, used by NEC PC-98
computers.VTOC8Volume Table Of Contents, used by Sun SPARC64 and
UltraSPARC computers.
After the partitioning scheme has been selected and
created, selecting [ Create ]
again will create new partitions.Manually Create PartitionsA standard &os; GPT installation uses
at least three partitions:Standard &os; GPT Partitionsfreebsd-boot - &os; boot
code.freebsd-ufs - A &os; UFS
filesystem.freebsd-swap - &os; swap
space.Another partition type worth noting is
freebsd-zfs, used for partitions that will
contain a &os; ZFS filesystem. See
. &man.gpart.8; shows more
of the available GPT partition
types.Multiple filesystem partitions can be used, and some
people may prefer a traditional layout with separate
partitions for the /,
/var, /tmp, and
/usr filesystems. See
for an
example.Size may be entered with common abbreviations:
K for kilobytes, M
for megabytes, or G for gigabytes.Proper sector alignment provides the best performance,
and making partition sizes even multiples of 4K bytes helps
to ensure alignment on drives with either 512-byte or
4K-byte sectors. Generally, using partition sizes that are
even multiples of 1M or 1G is the easiest way to make sure
every partition starts at an even multiple of 4K. One
exception: at present, the freebsd-boot
partition should be no larger than 512K due to boot code
limitations.A mountpoint is needed if this partition will contain a
filesystem. If only a single UFS partition will be created,
the mountpoint should be /.A label is also requested. A label
is a name by which this partition will be known. Drive
names or numbers can change if the drive is connected to
a different controller or port, but the partition label does
not change. Referring to labels instead of drive names
and partition numbers in files like
/etc/fstab makes the system more tolerant
of changing hardware. GPT labels appear in
/dev/gpt/ when a disk is attached.
Other partitioning schemes have different label
capabilities, and their labels appear in different directories
in /dev/.Use a unique label on every filesystem to avoid
conflicts from identical labels. A few letters from the
computer's name, use, or location can be added to the label.
"labroot" or "rootfs-lab" for the UFS root partition on the
lab's computer, for example.Creating Traditional Split Filesystem
PartitionsFor a traditional partition layout where the
/, /var,
/tmp, and /usr
directories are separate filesystems on their own
partitions, create a GPT partitioning scheme, then create
the partitions as shown. Partition sizes shown are typical
for a 20G target disk. If more space is available on the
target disk, larger swap or /var
partitions may be useful. Labels shown here are prefixed
with ex for "example", but readers
should use other unique label values as described
above.By default, &os;'s gptboot expects
the first UFS partition found to be the
/ partition.Partition TypeSizeMountpointLabelfreebsd-boot512Kfreebsd-ufs2G/exrootfsfreebsd-swap4Gexswapfreebsd-ufs2G/varexvarfsfreebsd-ufs1G/tmpextmpfsfreebsd-ufsaccept the default (remainder of the
disk)/usrexusrfsAfter the custom partitions have been created, select
[ Finish ] to continue with
the installation.Committing to the InstallationThis is the last chance for aborting the installation to
prevent changes to the hard drive.Final ConfirmationSelect [ Commit ] and press
Enter to proceed. If changes need to be made,
select [ Back ] to return to
the partition editor.
[ Revert & Exit ]
will exit the installer without making any changes
to the hard drive.Installation time will vary depending on the distributions
chosen, installation media, and speed of the computer.
There will be a series of
messages displayed indicating progress.Firstly, the installer will write the partitions to the
disk, and perform a newfs to initialise the
partitions.If doing a network install,
bsdinstall will then proceed to
download the required distribution files.Fetching Distribution FilesNext, the integrity of the distribution files is verified,
to ensure they have not been corrupted during download or
misread from the installation media.Verifying Distribution FilesFinally, the verified distribution files are extracted to
the disk.Extracting Distribution FilesOnce all requested distribution files have been extracted,
bsdinstall will then drop straight
into the post-installation configuration tasks (see
).Post-InstallationConfiguration of various options follows a successful
installation of &os;. An option can be configured by
re-entering the configuration options from the final menu before
booting into the newly installed &os; system.Setting the root PasswordThe root password must be set. Note
that while entering the password, the characters being typed
are not displayed on the screen. After the password has been
entered, it must be entered again. This helps prevent typing
errors.Setting the root PasswordAfter the password has been successfully entered, the
installation will continue.Configuring Network InterfacesNetwork configuration will be skipped if it has already
been done as part of a bootonly
installation.A list of all the network interfaces found on the computer
is shown next. Select one to be configured.Choose a Network InterfaceConfiguring a Wireless Network InterfaceIf a wireless network interface is chosen, wireless
identification and security parameters must be entered to
allow it to connect to the network.Wireless networks are identified by a Service Set
Identifier, or
SSID. The SSID is a short, unique name given to
each network.Most wireless networks encrypt transmitted data to
protect information from unauthorized viewing. WPA2 encryption
is strongly recommended. Older encryption types, like
WEP,
offer very little security.The first step in connecting to a wireless network is to
scan for wireless access points.Scanning for Wireless Access PointsSSIDs
found during the scan are listed, followed by a description
of the encryption types available for that network. If the
desired SSID does not appear in the list,
select [ Rescan ] to scan
again. If the desired network still does not appear, check
for problems with antenna connections or try moving the
computer closer to the access point. Rescan after each
change is made.Choosing a Wireless NetworkThe encryption information for connecting to the
selected wireless network is entered after selecting the
network. With WPA2, only a password (also known as the
Pre-Shared Key, or PSK) is needed. Characters typed into the
input box are shown as asterisks for security.WPA2 SetupNetwork configuration continues after selection of the
wireless network and entry of the connection
information.Configuring IPv4 NetworkingChoose whether IPv4 networking is to be used. This is
the most common type of network connection.Choose IPv4 NetworkingThere are two methods of IPv4 configuration.
DHCP will automatically
configure the network interface correctly, and is the
preferred method. Static
configuration requires manual entry of network
information.Do not enter random network information, as it will
not work. Obtain the information shown in
from the network administrator or service provider.IPv4 DHCP Network ConfigurationIf a DHCP server is available, select
[ Yes ] to automatically
configure the network interface.Choose IPv4 DHCP ConfigurationIPv4 Static Network ConfigurationStatic configuration of the network interface requires
entry of some IPv4 information.IPv4 Static ConfigurationIP Address - The
manually-assigned IPv4 address to be assigned to this
computer. This address must be unique and not already
in use by another piece of equipment on the local
network.Subnet Mask - The subnet mask
used for the local network. Typically, this is
255.255.255.0.Default Router - The IP address
of the default router on this network. Usually this
is the address of the router or other network
equipment that connects the local network to the
Internet. Also known as the default
gateway.Configuring IPv6 NetworkingIPv6 is a newer method of network configuration. If
IPv6 is available and desired, choose
[ Yes ] to select
it.Choose IPv6 NetworkingIPv6 also has two methods of configuration.
SLAAC , or
StateLess Address AutoConfiguration,
will automatically configure the network interface
correctly. Static configuration
requires manual entry of network information.IPv6 Stateless Address AutoconfigurationSLAAC allows an IPv6 network
component to request autoconfiguration information from a
local router. See RFC4862
for more information.Choose IPv6 SLAAC ConfigurationIPv6 Static Network ConfigurationStatic configuration of the network interface requires
entry of the IPv6 configuration information.IPv6 Static ConfigurationIPv6 Address - The
manually-assigned IP address to be
assigned to this computer. This address must be
unique and not already in use by another piece of
equipment on the local network.Default Router - The IPv6
address of the default router on this network.
Usually this is the address of the router or other
network equipment that connects the local network to
the Internet. Also known as the default
gateway.Configuring DNSThe Domain Name System (or
DNS) Resolver converts
hostnames to and from network addresses. If
DHCP or SLAAC was used
to autoconfigure the network interface, the Resolver
Configuration values may already be present. Otherwise,
enter the local network's domain name in the Search field.
DNS #1 and DNS #2 are
the IP addresses for the local
DNS servers. At least one
DNS server is required.DNS ConfigurationSetting the Time ZoneSetting the time zone for your machine will allow it to
automatically correct for any regional time changes and
perform other time zone related functions properly.The example shown is for a machine located in the Eastern
time zone of the United States. Your selections will vary
according to your geographical location.Select Local or UTC ClockSelect [ Yes ]
or [ No ] according to how
the machine's clock is configured and press
Enter. If you do not know whether the system
uses UTC or local time, select
[ No ] to choose the more
commonly-used local time.Select a RegionThe appropriate region is selected using the arrow keys
and then pressing Enter.Select a CountrySelect the appropriate country using the arrow keys
and press Enter.Select a Time ZoneThe appropriate time zone is selected using the arrow
keys and pressing Enter.Confirm Time ZoneConfirm the abbreviation for the time zone is correct.
If it looks okay, press Enter to continue
with the post-installation configuration.Selecting Services to EnableAdditional system services which will be started at boot
can be enabled. All of these services are optional.Selecting Additional Services to EnableAdditional Servicessshd - Secure Shell
(SSH) daemon for
secure remote access.moused - Provides mouse usage
within the system console.ntpd - Network Time Protocol
(NTP)
daemon for automatic clock synchronization.powerd - System power control
utility for power control and energy saving.Enabling Crash Dumpsbsdinstall will prompt if crash
dumps should be enabled on the target system. Enabling crash
dumps can be very useful in debugging issues with the system,
so users are encouraged to enable crash dumps whenever
possible. Select [ Yes ] to
enable crash dumps, or [ No ]
to proceed without crash dumps enabled.Enabling Crash DumpsAdd UsersAdding at least one user during the installation allows
the system to be used without being logged in as
root. When logged in as
root, there are essentially no limits or
protection on what can be done. Logging in as a normal user
is safer and more secure.Select [ Yes ] to add new
users.Add User AccountsEnter the information for the user to be added.Enter User InformationUser InformationUsername - The name the user will
enter to log in. Typically the first letter of their
first name combined with their last name.Full name - The user's full
name.Uid - User ID. Typically, this
is left blank so the system will assign a value.Login group - The user's group.
Typically left blank to accept the default.Invite user into
other groups? - Additional groups to which the
user will be added as a member.Login class - Typically left blank
for the default.Shell - The interactive shell for
this user. In the example, &man.csh.1; has been
chosen.Home directory - The user's home
directory. The default is usually correct.Home directory permissions -
Permissions on the user's home directory. The default is
usually correct.Use password-based authentication?
- Typically "yes".Use an empty password? -
Typically "no".Use a random password? - Typically
"no".Enter password - The actual
password for this user. Characters typed will not show on
the screen.Enter password again - The password
must be typed again for verification.Lock out the account after
creation? - Typically "no".After entering everything, a summary is shown, and the
system asks if it is correct. If a mistake was made during
entry, enter no and try again. If
everything is correct, enter yes to create
the new user.Exit User and Group ManagementIf there are more users to add, answer the "Add another
user?" question with yes. Enter
no to finish adding users and continue the
installation.For more information on adding users and user management,
- see .
+ see .
Final ConfigurationAfter everything has been installed and configured, a
final chance is provided to modify settings.Final ConfigurationUse this menu to make any changes or do any additional
configuration before completing the installation.Final Configuration OptionsAdd User - Described in
.Root Password - Described in
.Hostname - Described in
.Network - Described in
.Services - Described in
.Time Zone - Described in
.Handbook - Download and install the
&os; Handbook (which is what you are reading now).After any final configuration is complete, select
Exit to leave the installation.Manual Configurationbsdinstall will prompt if there
are any additional configuration that needs to be done before
rebooting into the new system. Select
[ Yes ] to exit to a shell
within the new system, or
[ No ] to proceed to the last
step of the installation.Complete the InstallationIf further configuration or special setup is needed,
selecting [ Live CD ]
will boot the install media into Live CD mode.When the installation is complete, select
[ Reboot ] to reboot the
computer and start the new &os; system. Do not forget to
remove the &os; install CD, DVD, or USB memory stick, or the
computer may boot from it again.&os; Booting and Shutdown&os;/&arch.i386; BootingAs &os; boots, many informational messages are
displayed. Most will scroll off the screen; this is normal.
After the system finishes booting, a login prompt is
displayed. Messages that scrolled off the screen can be
reviewed by pressing Scroll-Lock to turn on
the scroll-back buffer. The
PgUp, PgDn, and arrow keys
can be used to scroll back through the messages. Pressing
Scroll-Lock again unlocks the display and
returns to the normal screen.At the login: prompt, enter the
username added during the installation,
asample in the example. Avoid logging
in as root except when
necessary.The scroll-back buffer examined above is limited in
size, so not all of the messages may have been visible.
After logging in, most of them can be seen from the command
line by typing dmesg | less at the
prompt. Press q to return to the command
line after viewing.Typical boot messages (version information
omitted):Copyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz (3007.77-MHz K8-class CPU)
Origin = "GenuineIntel" Id = 0x10676 Family = 6 Model = 17 Stepping = 6
Features=0x783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2>
Features2=0x209<SSE3,MON,SSSE3>
AMD Features=0x20100800<SYSCALL,NX,LM>
AMD Features2=0x1<LAHF>
real memory = 536805376 (511 MB)
avail memory = 491819008 (469 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <VBOX VBOXAPIC>
ioapic0: Changing APIC ID to 1
ioapic0 <Version 1.1> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <VBOX VBOXXSDT> on motherboard
acpi0: Power Button (fixed)
acpi0: Sleep Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
vgapci0: <VGA-compatible display> mem 0xe0000000-0xe0ffffff irq 18 at device 2.0 on pci0
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.3> port 0xd010-0xd017 mem 0xf0000000-0xf001ffff irq 19 at device 3.0 on pci0
em0: Ethernet address: 08:00:27:9f:e0:92
pci0: <base peripheral> at device 4.0 (no driver attached)
pcm0: <Intel ICH (82801AA)> port 0xd100-0xd1ff,0xd200-0xd23f irq 21 at device 5.0 on pci0
pcm0: <SigmaTel STAC9700/83/84 AC97 Codec>
ohci0: <OHCI (generic) USB controller> mem 0xf0804000-0xf0804fff irq 22 at device 6.0 on pci0
usbus0: <OHCI (generic) USB controller> on ohci0
pci0: <bridge> at device 7.0 (no driver attached)
acpi_acad0: <AC Adapter> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
Event timer "RTC" frequency 32768 Hz quality 0
ppc0: cannot reserve I/O port range
Timecounters tick every 10.000 msec
pcm0: measured ac97 link rate at 485193 Hz
em0: link state changed to UP
usbus0: 12Mbps Full Speed USB v1.0
ugen0.1: <Apple> at usbus0
uhub0: <Apple OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
cd0 at ata1 bus 0 scbus1 target 0 lun 0
cd0: <VBOX CD-ROM 1.0> Removable CD-ROM SCSI-0 device
cd0: 33.300MB/s transfers (UDMA2, ATAPI 12bytes, PIO 65534bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present
ada0 at ata0 bus 0 scbus0 target 0 lun 0
ada0: <VBOX HARDDISK 1.0> ATA-6 device
ada0: 33.300MB/s transfers (UDMA2, PIO 65536bytes)
ada0: 12546MB (25694208 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad0
Timecounter "TSC" frequency 3007772192 Hz quality 800
Root mount waiting for: usbus0
uhub0: 8 ports with 8 removable, self powered
Trying to mount root from ufs:/dev/ada0p2 [rw]...
Setting hostuuid: 1848d7bf-e6a4-4ed4-b782-bd3f1685d551.
Setting hostid: 0xa03479b2.
Entropy harvesting: interrupts ethernet point_to_point kickstart.
Starting file system checks:
/dev/ada0p2: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ada0p2: clean, 2620402 free (714 frags, 327461 blocks, 0.0% fragmentation)
Mounting local file systems:.
vboxguest0 port 0xd020-0xd03f mem 0xf0400000-0xf07fffff,0xf0800000-0xf0803fff irq 20 at device 4.0 on pci0
vboxguest: loaded successfully
Setting hostname: machine3.example.com.
Starting Network: lo0 em0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 08:00:27:9f:e0:92
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Starting devd.
Starting Network: usbus0.
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPACK from 10.0.2.2
bound to 192.168.1.142 -- renewal in 43200 seconds.
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
add net fe80::: gateway ::1
add net ff02::: gateway ::1
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Creating and/or trimming log files.
Starting syslogd.
No core dumps found.
Clearing /tmp (X related).
Updating motd:.
Configuring syscons: blanktime.
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
10:a0:f5:af:93:ae:a3:1a:b2:bb:3c:35:d9:5a:b3:f3 root@machine3.example.com
The key's randomart image is:
+--[RSA1 1024]----+
| o.. |
| o . . |
| . o |
| o |
| o S |
| + + o |
|o . + * |
|o+ ..+ . |
|==o..o+E |
+-----------------+
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
7e:1c:ce:dc:8a:3a:18:13:5b:34:b5:cf:d9:d1:47:b2 root@machine3.example.com
The key's randomart image is:
+--[ DSA 1024]----+
| .. . .|
| o . . + |
| . .. . E .|
| . . o o . . |
| + S = . |
| + . = o |
| + . * . |
| . . o . |
| .o. . |
+-----------------+
Starting sshd.
Starting cron.
Starting background file system checks in 60 seconds.
Thu Oct 6 19:15:31 MDT 2011
FreeBSD/amd64 (machine3.example.com) (ttyv0)
login:Generating the RSA and DSA keys may take some time on
slower machines. This happens only on the initial boot-up
of a new installation, and only if
sshd is set to start
automatically. Subsequent boots will be faster.&os; does not install graphical environments by default,
but many are available. See for more
information.&os; ShutdownProper shutdown of a &os; computer helps protect data and
even hardware from damage. Do not just turn off the power.
If the user is a member of the wheel
group, become the superuser by typing su at
the command line and entering the root
password. Otherwise, log in as root and
use shutdown -p now. The system will close
down cleanly and turn itself off.The
CtrlAltDel
key combination can be used to reboot the system, but is not
recommended during normal operation.TroubleshootinginstallationtroubleshootingThe following section covers basic installation
troubleshooting, such as common problems people have
reported.What to Do If Something Goes WrongDue to various limitations of the PC architecture, it is
impossible for probing to be 100% reliable, however, there are
a few things you can do if it fails.Check the Hardware
Notes document for your version of &os; to make sure
your hardware is supported.If your hardware is supported and you still experience
lock-ups or other problems, you will need to build a
custom kernel. This will
allow you to add in support for devices which are not present
in the GENERIC kernel. The kernel on the
boot disks is configured assuming that most hardware devices
are in their factory default configuration in terms of IRQs,
IO addresses, and DMA channels. If your hardware has been
reconfigured, you will most likely need to edit the kernel
configuration and recompile to tell &os; where to find
things.It is also possible that a probe for a device not present
will cause a later probe for another device that is present to
fail. In that case, the probes for the conflicting driver(s)
should be disabled.Some installation problems can be avoided or alleviated
by updating the firmware on various hardware components,
most notably the motherboard. Motherboard firmware is
usually referred to as the BIOS. Most
motherboard and computer manufacturers have a website for
upgrades and upgrade information.Manufacturers generally advise against upgrading the
motherboard BIOS unless there is a good
reason for doing so, like a critical update. The upgrade
process can go wrong, leaving the
BIOS incomplete and the computer
inoperative.Troubleshooting Questions and AnswersMy system hangs while probing hardware during boot,
or it behaves strangely during install.&os; makes extensive use of the system
ACPI service on the i386, amd64, and ia64 platforms to
aid in system configuration if it is detected during
boot. Unfortunately, some bugs still exist in both the
ACPI driver and within system motherboards and
BIOS
firmware. ACPI can be disabled by setting
the hint.acpi.0.disabled hint in the
third stage boot loader:set hint.acpi.0.disabled="1"This is reset each time the system is booted, so it
is necessary to
add hint.acpi.0.disabled="1" to the
file
/boot/loader.conf. More
information about the boot loader can be found
in .Using the Live CDA live CD of &os; is available on the same CD as the main
installation program. This is useful for those who are still
wondering whether &os; is the right operating system for them
and want to test some of the features before installing.The following points should be noted while using the live
CD:To gain access to the system, authentication is
required. The username is root, and
the password is blank.As the system runs directly from the CD, performance
will be significantly slower than that of a system
installed on a hard disk.The live CD provides a command prompt and not a
graphical interface.
diff --git a/en_US.ISO8859-1/books/handbook/chapters.ent b/en_US.ISO8859-1/books/handbook/chapters.ent
index 8bcfe3497c..d5cd395e7f 100644
--- a/en_US.ISO8859-1/books/handbook/chapters.ent
+++ b/en_US.ISO8859-1/books/handbook/chapters.ent
@@ -1,70 +1,69 @@
%pgpkeys;
-
diff --git a/en_US.ISO8859-1/books/handbook/preface/preface.xml b/en_US.ISO8859-1/books/handbook/preface/preface.xml
index 1c62859409..4fcdec1d0a 100644
--- a/en_US.ISO8859-1/books/handbook/preface/preface.xml
+++ b/en_US.ISO8859-1/books/handbook/preface/preface.xml
@@ -1,751 +1,742 @@
PrefaceIntended
AudienceThe &os; newcomer will find that the first section of this
book guides the user through the &os; installation process and
gently introduces the concepts and conventions that underpin
&unix;. Working through this section requires little more than
the desire to explore, and the ability to take on board new
concepts as they are introduced.Once you have traveled this far, the second, far larger,
section of the Handbook is a comprehensive reference to all manner
of topics of interest to &os; system administrators. Some of
these chapters may recommend that you do some prior reading, and
this is noted in the synopsis at the beginning of each
chapter.For a list of additional sources of information, please see
.Changes
from the Third EditionThe current online version of the Handbook represents the
cumulative effort of many hundreds of contributors over the past
10 years. The following are some of the significant changes since
the two volume third edition was published in 2004:, &dtrace;, has been added with
information about the powerful &dtrace; performance analysis
tool., File Systems Support, has
been added with information about non-native file systems in
&os;, such as ZFS from &sun;., Security Event Auditing, has
been added to cover the new auditing capabilities in &os;
and explain its use., Virtualization, has
been added with information about installing &os; on
virtualization software., Installing
&os; 9.x and Later, has been
added to cover installation of &os; using the new
installation utility,
bsdinstall.Changes
from the Second Edition (2004)The third edition was the culmination of over two years of
work by the dedicated members of the &os; Documentation
Project. The printed edition grew to such a size that it was
necessary to publish as two separate volumes. The following are
the major changes in this new edition:, Configuration and
Tuning, has been expanded with new information about the
ACPI power and resource management, the
cron system utility, and more kernel
tuning options., Security, has been expanded
with new information about virtual private networks (VPNs),
file system access control lists (ACLs), and security
advisories., Mandatory Access Control (MAC),
is a new chapter with this edition. It explains what MAC is
and how this mechanism can be used to secure a &os;
system., Storage, has been expanded with
new information about USB storage devices, file system
snapshots, file system quotas, file and network backed
filesystems, and encrypted disk partitions.A troubleshooting section has been added to , PPP and SLIP., Electronic Mail, has been
expanded with new information about using alternative
transport agents, SMTP authentication, UUCP,
fetchmail,
procmail, and other advanced
topics., Network Servers, is
all new with this edition. This chapter includes
information about setting up the Apache HTTP
Server, ftpd,
and setting up a server for µsoft; &windows; clients
with Samba. Some sections from
, Advanced Networking,
were moved here to improve the presentation., Advanced
Networking, has been expanded with new information about
using &bluetooth; devices with &os;, setting up wireless
networks, and Asynchronous Transfer Mode (ATM)
networking.A glossary has been added to provide a central location
for the definitions of technical terms used throughout the
book.A number of aesthetic improvements have been made to the
tables and figures throughout the book.Changes from the
First Edition (2001)The second edition was the culmination of over two years of
work by the dedicated members of the &os; Documentation
Project. The following were the major changes in this
edition:A complete Index has been added.All ASCII figures have been replaced by graphical
diagrams.A standard synopsis has been added to each chapter to
give a quick summary of what information the chapter
contains, and what the reader is expected to know.The content has been logically reorganized into three
parts: Getting Started, System
Administration, and
Appendices. (Installing
&os;) was completely rewritten with many
screenshots to make it much easier for new users to grasp
the text. (&unix; Basics)
has been expanded to contain additional information about
processes, daemons, and signals. (Installing
Applications) has been expanded to contain
additional information about binary package
management. (The X Window
System) has been completely rewritten with an
emphasis on using modern desktop technologies such as
KDE and
GNOME on &xfree86; 4.X. (The &os; Booting
Process) has been expanded. (Storage) has
been written from what used to be two separate chapters on
Disks and Backups. We feel
that the topics are easier to comprehend when presented as
a single chapter. A section on RAID (both hardware and
software) has also been added. (Serial
Communications) has been completely
reorganized and updated for &os; 4.X/5.X. (PPP and
SLIP) has been substantially updated.Many new sections have been added to
(Advanced Networking). (Electronic Mail)
has been expanded to include more information about
configuring sendmail. (&linux;
Compatibility) has been expanded to include
information about installing
&oracle; and
&sap.r3;.The following new topics are covered in this second
edition:Configuration and Tuning ().Multimedia ()Organization of
This BookThis book is split into five logically distinct sections.
The first section, Getting Started, covers
the installation and basic usage of &os;. It is expected that
the reader will follow these chapters in sequence, possibly
skipping chapters covering familiar topics. The second section,
Common Tasks, covers some frequently used
features of &os;. This section, and all subsequent sections,
can be read out of order. Each chapter begins with a succinct
synopsis that
describes what the chapter covers and what the reader is expected
to already know. This is meant to allow the casual reader to skip
around to find chapters of interest. The third section,
System Administration, covers administration
topics. The fourth section, Network
Communication, covers networking and server topics.
The fifth section contains
appendices of reference information.,
IntroductionIntroduces &os; to a new user. It describes the
history of the &os; Project, its goals and development
model., Installation of
&os; 9.x and
LaterWalks a user through the entire installation process of
&os; 9.x and later using
bsdinstall., Installation of
&os; 8.x and
EarlierWalks a user through the entire installation process of
&os; 8.x and earlier using
sysinstall. Some advanced
installation topics, such as installing through a serial
console, are also covered., &unix;
BasicsCovers the basic commands and functionality of the
&os; operating system. If you are familiar with &linux;
or another flavor of &unix; then you can probably skip this
chapter., Installing
ApplicationsCovers the installation of third-party software with
both &os;'s innovative Ports Collection and
standard binary packages., The X Window
SystemDescribes the X Window System in general and using
X11 on &os; in particular. Also describes common
desktop environments such as KDE
and GNOME., Desktop
ApplicationsLists some common desktop applications, such as web
browsers and productivity suites, and describes how to
install them on &os;.,
MultimediaShows how to set up sound and video playback support
for your system. Also describes some sample audio and video
applications., Configuring
the &os; KernelExplains why you might need to configure a new kernel
and provides detailed instructions for configuring,
building, and installing a custom kernel.,
PrintingDescribes managing printers on &os;, including
information about banner pages, printer accounting, and
initial setup., &linux; Binary
CompatibilityDescribes the &linux; compatibility features of &os;.
Also provides detailed installation instructions for many
popular &linux; applications such as
&oracle; and
&mathematica;., Configuration
and TuningDescribes the parameters available for system
administrators to tune a &os; system for optimum
performance. Also describes the various configuration files
used in &os; and where to find them., Booting
ProcessDescribes the &os; boot process and explains
how to control this process with configuration
options.
-
- , Users and Basic Account
- Management
-
- Describes the creation and manipulation of user
- accounts. Also discusses resource limitations that can be
- set on users and other account management tasks.
-
- ,
SecurityDescribes many different tools available to help keep
your &os; system secure, including Kerberos, IPsec and
OpenSSH., JailsDescribes the jails framework, and the improvements of
jails over the traditional chroot support of &os;., Mandatory Access
ControlExplains what Mandatory Access Control (MAC) is and
how this mechanism can be used to secure a &os;
system., Security Event
AuditingDescribes what &os; Event Auditing is, how it can be
installed, configured, and how audit trails can be inspected
or monitored.,
StorageDescribes how to manage storage media and filesystems
with &os;. This includes physical disks, RAID arrays,
optical and tape media, memory-backed disks, and network
filesystems.,
GEOMDescribes what the GEOM framework in &os; is and how
to configure various supported RAID levels., File Systems
SupportExamines support of non-native file systems in &os;,
like the Z File System from &sun;.,
VirtualizationDescribes what virtualization systems offer, and how
they can be used with &os;.,
LocalizationDescribes how to use &os; in languages other than
English. Covers both system and application level
localization., Updating
and Upgrading &os;Explains the differences between &os;-STABLE,
&os;-CURRENT, and &os; releases. Describes which users
would benefit from tracking a development system and
outlines that process. Covers the methods users may take
to update their system to the latest security
release.,
&dtrace;Describes how to configure and use the &dtrace; tool
from &sun; in &os;. Dynamic tracing can help locate
performance issues, by performing real time system
analysis., Serial
CommunicationsExplains how to connect terminals and modems to your
&os; system for both dial in and dial out
connections., PPP and
SLIPDescribes how to use PPP, SLIP, or PPP over Ethernet to
connect to remote systems with &os;., Electronic
MailExplains the different components of an email server
and dives into simple configuration topics for the most
popular mail server software:
sendmail., Network
ServersProvides detailed instructions and example configuration
files to set up your &os; machine as a network filesystem
server, domain name server, network information system
server, or time synchronization server.,
FirewallsExplains the philosophy behind software-based firewalls
and provides detailed information about the configuration
of the different firewalls available for &os;., Advanced
NetworkingDescribes many networking topics, including sharing an
Internet connection with other computers on your LAN,
advanced routing topics, wireless networking, &bluetooth;,
ATM, IPv6, and much more., Obtaining &os;
Lists different sources for obtaining &os; media on
CDROM or DVD as well as different sites on the Internet
that allow you to download and install &os;.,
BibliographyThis book touches on many different subjects that may
leave you hungry for a more detailed explanation. The
bibliography lists many excellent books that are referenced
in the text., Resources on the
InternetDescribes the many forums available for &os; users to
post questions and engage in technical conversations about
&os;., PGP
KeysLists the PGP fingerprints of several &os;
Developers.Conventions used
in this bookTo provide a consistent and easy to read text, several
conventions are followed throughout the book.Typographic
ConventionsItalicAn italic font is used for
filenames, URLs, emphasized text, and the first usage of
technical terms.MonospaceA monospaced font is
used for error messages, commands, environment variables,
names of ports, hostnames, user names, group names, device
names, variables, and code fragments.BoldA bold font is used for
applications, commands, and keys.User InputKeys are shown in bold to stand out from
other text. Key combinations that are meant to be typed
simultaneously are shown with `+' between
the keys, such as:CtrlAltDelMeaning the user should type the Ctrl,
Alt, and Del keys at the same
time.Keys that are meant to be typed in sequence will be separated
with commas, for example:CtrlX,
CtrlSWould mean that the user is expected to type the
Ctrl and X keys simultaneously
and then to type the Ctrl and S
keys simultaneously.ExamplesExamples starting with C:\>
indicate a &ms-dos; command. Unless otherwise noted, these
commands may be executed from a Command Prompt
window in a modern µsoft.windows;
environment.E:\>tools\fdimage floppies\kern.flp A:Examples starting with &prompt.root; indicate a command that
must be invoked as the superuser in &os;. You can login as
root to type the command, or login as your
normal account and use &man.su.1; to gain
superuser privileges.&prompt.root; dd if=kern.flp of=/dev/fd0Examples starting with &prompt.user; indicate a command that
should be invoked from a normal user account. Unless otherwise
noted, C-shell syntax is used for setting environment variables
and other shell commands.&prompt.user; topAcknowledgmentsThe book you are holding represents the efforts of many
hundreds of people around the world. Whether they sent in fixes
for typos, or submitted complete chapters, all the contributions
have been useful.Several companies have supported the development of this
document by paying authors to work on it full-time, paying for
publication, etc. In particular, BSDi (subsequently acquired by
Wind River Systems)
paid members of the &os; Documentation Project to work on
improving this book full time leading up to the publication of the
first printed edition in March 2000 (ISBN 1-57176-241-8). Wind
River Systems then paid several additional authors to make a
number of improvements to the print-output infrastructure and
to add additional chapters to the text. This work culminated in
the publication of the second printed edition in November 2001
(ISBN 1-57176-303-1). In 2003-2004, &os; Mall, Inc, paid
several contributors to improve the Handbook in preparation for
the third printed edition.
diff --git a/en_US.ISO8859-1/books/handbook/users/Makefile b/en_US.ISO8859-1/books/handbook/users/Makefile
deleted file mode 100644
index b44bd80628..0000000000
--- a/en_US.ISO8859-1/books/handbook/users/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Build the Handbook with just the content from this chapter.
-#
-# $FreeBSD$
-#
-
-CHAPTERS= users/chapter.xml
-
-VPATH= ..
-
-MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
-
-DOC_PREFIX?= ${.CURDIR}/../../../..
-
-.include "../Makefile"
diff --git a/en_US.ISO8859-1/books/handbook/users/chapter.xml b/en_US.ISO8859-1/books/handbook/users/chapter.xml
deleted file mode 100644
index 9a9b1b27b4..0000000000
--- a/en_US.ISO8859-1/books/handbook/users/chapter.xml
+++ /dev/null
@@ -1,1001 +0,0 @@
-
-
-
-
-
-
-
- Neil
- Blakey-Milner
- Contributed by
-
-
-
-
-
- Users and Basic Account Management
-
-
- Synopsis
-
- &os; allows multiple users to use the computer at the same
- time. While only one user can sit in front of the screen and
- use the keyboard at any one time, any number of users can log
- in to the system through the network. To use the system, each
- user should have their own user account.
-
- This chapter describes:
-
-
-
- The different types of user accounts on a
- &os; system.
-
-
-
- How to add, remove, and modify user accounts.
-
-
-
- How to set limits to control the
- resources that users and
- groups are allowed to access.
-
-
-
- How to create groups and add users as members of a group.
-
-
-
-
-
- Account Types
-
- Since all access to the &os; system is achieved using accounts
- and all processes are run by users, user and account management
- is important.
-
- There are three main types of accounts:
- system accounts,
- user accounts, and the
- superuser account.
-
-
- System Accounts
-
-
- accounts
- system
-
-
- System accounts are used to run services such as DNS,
- mail, and web servers. The reason for this is security; if
- all services ran as the superuser, they could act without
- restriction.
-
-
- accounts
- daemon
-
-
- accounts
- operator
-
-
- Examples of system accounts are
- daemon, operator,
- bind, news, and
- www.
-
-
- accounts
- nobody
-
-
- nobody is the generic unprivileged
- system account. However, the more services that use
- nobody, the more files and processes that
- user will become associated with, and hence the more
- privileged that user becomes.
-
-
-
- User Accounts
-
-
- accounts
- user
-
-
- User accounts are
- assigned to real people and are used to log in and use the
- system. Every person accessing the system should have a unique
- user account. This allows the administrator to find out who
- is doing what and prevents users from clobbering the
- settings of other users.
-
- Each user can set up their own environment to accommodate
- their use of the system, by configuring their default shell, editor,
- key bindings, and language settings.
- Every user account on a &os; system has certain information
- associated with it:
-
-
-
- User name
-
-
- The user name is typed at the login:
- prompt. User names must be unique on the system as no two
- users can have the same user name. There are a number of
- rules for creating valid user names which are documented in
- &man.passwd.5;. It is recommended to use user names that consist of eight or
- fewer, all lower case characters in order to maintain
- backwards compatibility with applications.
-
-
-
-
- Password
-
-
- Each user account should have an associated password. While the
- password can be blank, this is highly discouraged.
-
-
-
-
- User ID (UID)
-
-
- The User ID (UID) is a number
- used to uniquely identify the user to the
- &os; system. Commands that
- allow a user name to be specified will first convert it to
- the UID. It is recommended to use a UID of
- 65535 or lower as higher UIDs may cause compatibility
- issues with software that does not support integers larger
- than 32-bits.
-
-
-
-
- Group ID (GID)
-
-
- The Group ID (GID) is a number used to uniquely identify
- the primary group that the user belongs to. Groups are a
- mechanism for controlling access to resources based on a
- user's GID rather than their
- UID. This can significantly reduce the
- size of some configuration files and allows users to be
- members of more than one group. It is recommended to use a GID of
- 65535 or lower as higher GIDs may break some
- software.
-
-
-
-
- Login class
-
-
- Login classes are an extension to the group mechanism
- that provide additional flexibility when tailoring the
- system to different users. Login classes are discussed
- further in
-
-
-
-
- Password change time
-
-
- By default, &os; does not force users to change their
- passwords periodically. Password expiration can be
- enforced on a per-user basis using &man.pw.8;, forcing some or all users to
- change their passwords after a certain amount of time has
- elapsed.
-
-
-
-
- Account expiry time
-
-
- By default, &os; does not expire accounts. When
- creating accounts that need a limited lifespan, such as
- student accounts in a school, specify the account expiry
- date using &man.pw.8;. After the expiry time has elapsed, the account
- cannot be used to log in to the system, although the
- account's directories and files will remain.
-
-
-
-
- User's full name
-
-
- The user name uniquely identifies the account to &os;,
- but does not necessarily reflect the user's real name.
- Similar to a comment, this information
- can contain a space, uppercase characters, and be more
- than 8 characters long.
-
-
-
-
- Home directory
-
-
- The home directory is the full path to a directory on
- the system. This is the user's starting directory when
- the user logs in. A common convention is to put all user
- home directories under /home/username
- or /usr/home/username.
- Each user stores their personal files and subdirectories
- in their own home directory.
-
-
-
-
- User shell
-
-
- The shell provides the user's default environment for
- interacting with the system. There are many different
- kinds of shells and experienced users will have their own
- preferences, which can be reflected in their account
- settings.
-
-
-
-
-
-
- The Superuser Account
-
-
- accounts
- superuser (root)
-
-
- The superuser account, usually called
- root, is used to
- manage the system with no limitations on privileges. For this
- reason, it should not be used for day-to-day
- tasks like sending and receiving mail, general exploration of
- the system, or programming.
-
- The superuser, unlike other user
- accounts, can operate without limits, and misuse of the
- superuser account may result in spectacular disasters. User
- accounts are unable to destroy the operating system by mistake, so it is
- recommended to login as a user account and to only become the superuser
- when a command requires extra privilege.
-
- Always double and triple-check any commands issued as the
- superuser, since an extra space or missing character can mean
- irreparable data loss.
-
- There are several ways to become gain superuser privilege. While one
- can log in as root, this is highly discouraged.
-
- Instead, use &man.su.1; to become the superuser. If
- - is specified when running this command, the user will also inherit the root user's environment.
- The user running this command must
- be in the wheel group or else the command
- will fail. The user must also know the password for the
- root user account.
-
- In this example, the user only becomes superuser in order to run
- make install as this step requires superuser privilege.
- Once the command completes, the user types exit
- to leave the superuser account and return to the privilege of
- their user account.
-
-
- Install a Program As The Superuser
-
- &prompt.user; configure
-&prompt.user; make
-&prompt.user; su -
-Password:
-&prompt.root; make install
-&prompt.root; exit
-&prompt.user;
-
-
- The built-in &man.su.1; framework works well for single systems or small
- networks with just one system administrator. An alternative
- is to install the
- security/sudo package or port. This software
- provides activity logging and allows the administrator to configure which users
- can run which commands
- as the superuser.
-
-
-
-
- Managing Accounts
-
-
- accounts
- modifying
-
-
- &os; provides a variety of different commands to manage
- user accounts. The most common commands are summarized below,
- followed by more detailed examples of their usage.
-
-
-
-
-
-
-
-
- Command
- Summary
-
-
-
-
- &man.adduser.8;
- The recommended command-line application for adding
- new users.
-
-
-
- &man.rmuser.8;
- The recommended command-line application for
- removing users.
-
-
-
- &man.chpass.1;
- A flexible tool for changing user database
- information.
-
-
-
- &man.passwd.1;
- The simple command-line tool to change user
- passwords.
-
-
-
- &man.pw.8;
- A powerful and flexible tool for modifying all
- aspects of user accounts.
-
-
-
-
-
-
- adduser
-
-
- accounts
- adding
-
-
- adduser
-
-
- /usr/share/skel
-
- skeleton directory
- &man.adduser.8; is a simple program for adding new users
- When a new user is added, this program automatically updates
- /etc/passwd and
- /etc/group. It also creates a home
- directory for the new user, copies in the default
- configuration files from /usr/share/skel, and can
- optionally mail the new user a welcome message.
-
-
- Adding a User on &os;
-
- &prompt.root; adduser
-Username: jru
-Full name: J. Random User
-Uid (Leave empty for default):
-Login group [jru]:
-Login group is jru. Invite jru into other groups? []: wheel
-Login class [default]:
-Shell (sh csh tcsh zsh nologin) [sh]: zsh
-Home directory [/home/jru]:
-Home directory permissions (Leave empty for default):
-Use password-based authentication? [yes]:
-Use an empty password? (yes/no) [no]:
-Use a random password? (yes/no) [no]:
-Enter password:
-Enter password again:
-Lock out the account after creation? [no]:
-Username : jru
-Password : ****
-Full Name : J. Random User
-Uid : 1001
-Class :
-Groups : jru wheel
-Home : /home/jru
-Shell : /usr/local/bin/zsh
-Locked : no
-OK? (yes/no): yes
-adduser: INFO: Successfully added (jru) to the user database.
-Add another user? (yes/no): no
-Goodbye!
-&prompt.root;
-
-
-
- Since the password is not echoed when typed, be careful
- to not mistype the password when creating the user
- account.
-
-
-
-
- rmuser
-
- rmuser
-
- accounts
- removing
-
-
- To completely remove a user from the system use
- &man.rmuser.8;. This command performs the following
- steps:
-
-
-
- Removes the user's &man.crontab.1; entry if one
- exists.
-
-
-
- Removes any &man.at.1; jobs belonging to the
- user.
-
-
-
- Kills all processes owned by the user.
-
-
-
- Removes the user from the system's local password
- file.
-
-
-
- Removes the user's home directory, if it is owned by
- the user.
-
-
-
- Removes the incoming mail files belonging to the user
- from /var/mail.
-
-
-
- Removes all files owned by the user from temporary
- file storage areas such as /tmp.
-
-
-
- Finally, removes the username from all groups to which
- it belongs in /etc/group.
-
-
- If a group becomes empty and the group name is the
- same as the username, the group is removed. This
- complements the per-user unique groups created by
- &man.adduser.8;.
-
-
-
-
- &man.rmuser.8; cannot be used to remove superuser
- accounts since that is almost always an indication of massive
- destruction.
-
- By default, an interactive mode is used, as shown
- in the following example.
-
-
- rmuser Interactive Account
- Removal
-
- &prompt.root; rmuser jru
-Matching password entry:
-jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh
-Is this the entry you wish to remove? y
-Remove user's home directory (/home/jru)? y
-Updating password file, updating databases, done.
-Updating group file: trusted (removing group jru -- personal group is empty) done.
-Removing user's incoming mail file /var/mail/jru: done.
-Removing files belonging to jru from /tmp: done.
-Removing files belonging to jru from /var/tmp: done.
-Removing files belonging to jru from /var/tmp/vi.recover: done.
-&prompt.root;
-
-
-
-
- chpass
-
- chpass
- &man.chpass.1; can be used to change user database
- information such as passwords, shells, and personal
- information.
-
- Only the superuser can change other users' information and
- passwords with &man.chpass.1;.
-
- When passed no options, aside from an optional username,
- &man.chpass.1; displays an editor containing user information.
- When the user exists from the editor, the user database is
- updated with the new information.
-
-
- You will be asked for your password after exiting the
- editor if you are not the superuser.
-
-
-
- Interactive chpass by
- Superuser
-
- #Changing user database information for jru.
-Login: jru
-Password: *
-Uid [#]: 1001
-Gid [# or name]: 1001
-Change [month day year]:
-Expire [month day year]:
-Class:
-Home directory: /home/jru
-Shell: /usr/local/bin/zsh
-Full Name: J. Random User
-Office Location:
-Office Phone:
-Home Phone:
-Other information:
-
-
- A user can change only a small subset of this
- information, and only for their own user account.
-
-
- Interactive chpass by Normal
- User
-
- #Changing user database information for jru.
-Shell: /usr/local/bin/zsh
-Full Name: J. Random User
-Office Location:
-Office Phone:
-Home Phone:
-Other information:
-
-
-
- &man.chfn.1; and &man.chsh.1; are links to
- &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and
- &man.ypchsh.1;. NIS support is
- automatic, so specifying the yp before
- the command is not necessary. How to configure NIS is
- covered in .
-
-
-
- passwd
-
- passwd
-
- accounts
- changing password
-
- &man.passwd.1; is the usual way to change your own
- password as a user, or another user's password as the
- superuser.
-
-
- To prevent accidental or unauthorized changes, the user
- must enter their original password before a new password can
- be set. This is not the case when the superuser changes a
- user's password.
-
-
-
- Changing Your Password
-
- &prompt.user; passwd
-Changing local password for jru.
-Old password:
-New password:
-Retype new password:
-passwd: updating the database...
-passwd: done
-
-
-
- Changing Another User's Password as the
- Superuser
-
- &prompt.root; passwd jru
-Changing local password for jru.
-New password:
-Retype new password:
-passwd: updating the database...
-passwd: done
-
-
-
- As with &man.chpass.1;, &man.yppasswd.1; is a link to
- &man.passwd.1;, so NIS works with either command.
-
-
-
-
-
- pw
-
- pw
-
- &man.pw.8; is a command line utility to create, remove,
- modify, and display users and groups. It functions as a front
- end to the system user and group files. &man.pw.8; has a very
- powerful set of command line options that make it suitable for
- use in shell scripts, but new users may find it more
- complicated than the other commands presented in this
- section.
-
-
-
-
-
-
- Limiting Users
-
- limiting users
-
- accounts
- limiting
-
- &os; provides several methods for an administrator to limit
- the amount of system resources an individual may use. These
- limits are discussed in two sections: disk quotas and other
- resource limits.
-
- quotas
-
- limiting users
- quotas
-
- disk quotas
- Disk quotas limit the amount of disk space available to
- users and provide a way to quickly check that usage without
- calculating it every time. Quotas are discussed in .
-
- The other resource limits include ways to limit the amount
- of CPU, memory, and other resources a user may consume. These
- are defined using login classes and are discussed here.
-
-
- /etc/login.conf
-
- Login classes are defined in
- /etc/login.conf and are described in detail
- in &man.login.conf.5;. Each user account is assigned to a login
- class, default by default, and each login
- class has a set of login capabilities associated with it. A
- login capability is a
- name=value
- pair, where name is a well-known
- identifier and value is an arbitrary
- string which is processed accordingly depending on the
- name. Setting up login classes and
- capabilities is rather straightforward and is also described in
- &man.login.conf.5;.
-
-
- &os; does not normally read the configuration in
- /etc/login.conf directly, but instead
- reads the /etc/login.conf.db database
- which provides faster lookups. Whenever
- /etc/login.conf is edited, the
- /etc/login.conf.db must be updated by
- executing the following command:
-
- &prompt.root; cap_mkdb /etc/login.conf
-
-
- Resource limits differ from the default login capabilities
- in two ways. First, for every limit, there is a soft (current)
- and hard limit. A soft limit may be adjusted by the user or
- application, but may not be set higher than the hard limit. The
- hard limit may be lowered by the user, but can only be raised
- by the superuser. Second, most resource limits apply per
- process to a specific user, not to the user as a whole. These
- differences are mandated by the specific handling of the limits,
- not by the implementation of the login capability
- framework.
-
- Below are the most commonly used resource limits. The rest
- of the limits, along with all the other login capabilities, can
- be found in &man.login.conf.5;.
-
-
-
- coredumpsize
-
-
- The limit on the size of a core filecoredumpsize generated by a
- program is subordinate to other limitslimiting userscoredumpsize on disk usage, such
- as filesize, or disk quotas.
- This limit is often used as a less-severe method of
- controlling disk space consumption. Since users do not
- generate core files themselves, and often do not delete
- them, setting this may save them from running out of disk
- space should a large program crash.
-
-
-
-
- cputime
-
-
- The maximum amount of CPUcputimelimiting userscputime time a user's process may
- consume. Offending processes will be killed by the
- kernel.
-
-
- This is a limit on CPU time
- consumed, not percentage of the CPU as displayed in
- some fields by &man.top.1; and &man.ps.1;.
-
-
-
-
-
- filesize
-
-
- The maximum size of a filefilesizelimiting usersfilesize the user may own. Unlike
- disk quotas, this limit is
- enforced on individual files, not the set of all files a
- user owns.
-
-
-
-
- maxproc
-
-
- The maximum number of processesmaxproclimiting usersmaxproc a user can run. This
- includes foreground and background processes. This limit
- may not be larger than the system limit specified by the
- kern.maxproc &man.sysctl.8;. Setting
- this limit too small may hinder a user's productivity as
- it is often useful to be logged in multiple times or to
- execute pipelines. Some tasks, such as compiling a large
- program, spawn multiple processes and other intermediate
- preprocessors.
-
-
-
-
- memorylocked
-
-
- The maximum amount of memorymemorylockedlimiting usersmemorylocked a process may request
- to be locked into main memory using &man.mlock.2;. Some
- system-critical programs, such as &man.amd.8;, lock into
- main memory so that if the system begins to swap, they do
- not contribute to disk thrashing.
-
-
-
-
- memoryuse
-
-
- The maximum amount of memorymemoryuselimiting usersmemoryuse a process may consume at
- any given time. It includes both core memory and swap
- usage. This is not a catch-all limit for restricting
- memory consumption, but is a good start.
-
-
-
-
- openfiles
-
-
- The maximum number of files a process may have openopenfileslimiting usersopenfiles.
- In &os;, files are used to represent sockets and IPC
- channels, so be careful not to set this too low. The
- system-wide limit for this is defined by the
- kern.maxfiles &man.sysctl.8;.
-
-
-
-
- sbsize
-
-
- The limit on the amount of network memory, and
- thus mbufssbsizelimiting userssbsize, a user may consume in order to limit network
- communications.
-
-
-
-
- stacksize
-
-
- The maximum size of a process stackstacksizelimiting usersstacksize. This alone is
- not sufficient to limit the amount of memory a program
- may use so it should be used in conjunction with other
- limits.
-
-
-
-
- There are a few other things to remember when setting
- resource limits. Following are some general tips, suggestions,
- and miscellaneous comments.
-
-
-
- Processes started at system startup by
- /etc/rc are assigned to the
- daemon login class.
-
-
-
- Although the /etc/login.conf that
- comes with the system is a good source of reasonable values
- for most limits, they may not be appropriate for every
- system. Setting a limit too high may open the system up to
- abuse, while setting it too low may put a strain on
- productivity.
-
-
-
- Users of &xorg; should
- probably be granted more resources than other users.
- &xorg; by itself takes a lot of
- resources, but it also encourages users to run more programs
- simultaneously.
-
-
-
- Many limits apply to individual processes, not the user
- as a whole. For example, setting
- openfiles to 50 means that each process
- the user runs may open up to 50 files. The total amount
- of files a user may open is the value of
- openfiles multiplied by the value of
- maxproc. This also applies to memory
- consumption.
-
-
-
- For further information on resource limits and login classes
- and capabilities in general, refer to &man.cap.mkdb.1;,
- &man.getrlimit.2;, and &man.login.conf.5;.
-
-
-
- Managing Groups
-
- groups
-
- /etc/groups
-
-
- accounts
- groups
-
- A group is a list of users. A group is identified by its
- group name and GID. In &os;, the
- kernel uses the UID of a process, and the
- list of groups it belongs to, to determine what the process is
- allowed to do. Most of the time, the GID of
- a user or process usually means the first group in the
- list.
-
- The group name to GID mapping is listed
- in /etc/group. This is a plain text file
- with four colon-delimited fields. The first field is the group
- name, the second is the encrypted password, the third the
- GID, and the fourth the comma-delimited list
- of members. For a more complete description of the syntax,
- refer to &man.group.5;.
-
- The superuser can modify /etc/group
- using a text editor. Alternatively, &man.pw.8; can be used to
- add and edit groups. For example, to add a group called
- teamtwo and then confirm that it
- exists:
-
-
- Adding a Group Using &man.pw.8;
-
- &prompt.root; pw groupadd teamtwo
-&prompt.root; pw groupshow teamtwo
-teamtwo:*:1100:
-
-
- In this example, 1100 is the
- GID of teamtwo. Right
- now, teamtwo has no members. This
- command will add jru as a member of
- teamtwo.
-
-
- Adding User Accounts to a New Group Using
- &man.pw.8;
-
- &prompt.root; pw groupmod teamtwo -M jru
-&prompt.root; pw groupshow teamtwo
-teamtwo:*:1100:jru
-
-
- The argument to is a comma-delimited
- list of users to be added to a new (empty) group or to replace
- the members of an existing group. To the user, this group
- membership is different from (and in addition to) the user's
- primary group listed in the password file. This means that
- the user will not show up as a member when using
- with &man.pw.8;, but will show up
- when the information is queried via &man.id.1; or a similar
- tool. When &man.pw.8; is used to add a user to a group, it only
- manipulates /etc/group and does not attempt
- to read additional data from
- /etc/passwd.
-
-
- Adding a New Member to a Group Using &man.pw.8;
-
- &prompt.root; pw groupmod teamtwo -m db
-&prompt.root; pw groupshow teamtwo
-teamtwo:*:1100:jru,db
-
-
- In this example, the argument to is a
- comma-delimited list of users who are to be added to the group.
- Unlike the previous example, these users are appended to the
- group list and do not replace the list of existing users in the
- group.
-
-
- Using &man.id.1; to Determine Group Membership
-
- &prompt.user; id jru
-uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
-
-
- In this example, jru is a member of the
- groups jru and
- teamtwo.
-
- For more information about this command and the format of
- /etc/group, refer to &man.pw.8; and
- &man.group.5;.
-
-