diff --git a/en_US.ISO8859-1/books/handbook/Makefile b/en_US.ISO8859-1/books/handbook/Makefile index 5f176c6f62..f2e41fc06f 100644 --- a/en_US.ISO8859-1/books/handbook/Makefile +++ b/en_US.ISO8859-1/books/handbook/Makefile @@ -1,348 +1,347 @@ # # $FreeBSD$ # # Build the FreeBSD Handbook. # # ------------------------------------------------------------------------ # # Handbook-specific variables # # WITH_PGPKEYS The print version of the handbook only prints PGP # fingerprints by default. If you would like for the # entire key to be displayed, then set this variable. # This option has no affect on the HTML formats. # # Handbook-specific targets # # pgpkeyring This target will read the contents of # pgpkeys/chapter.xml and will extract all of # the pgpkeys to standard out. This output can then # be redirected into a file and distributed as a # public keyring of FreeBSD developers that can # easily be imported into PGP/GPG. # # ------------------------------------------------------------------------ # # To add a new chapter to the Handbook: # # - Update this Makefile, chapters.ent and book.xml # - Add a descriptive entry for the new chapter in preface/preface.xml # # ------------------------------------------------------------------------ .PATH: ${.CURDIR}/../../share/xml/glossary MAINTAINER= doc@FreeBSD.org DOC?= book FORMATS?= html-split HAS_INDEX= true INSTALL_COMPRESSED?= gz INSTALL_ONLY_COMPRESSED?= IMAGES_EN = advanced-networking/isdn-bus.eps IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps IMAGES_EN+= advanced-networking/natd.eps IMAGES_EN+= advanced-networking/net-routing.pic IMAGES_EN+= advanced-networking/pxe-nfs.png IMAGES_EN+= advanced-networking/static-routes.pic IMAGES_EN+= bsdinstall/bsdinstall-adduser1.png IMAGES_EN+= bsdinstall/bsdinstall-adduser2.png IMAGES_EN+= bsdinstall/bsdinstall-adduser3.png IMAGES_EN+= bsdinstall/bsdinstall-boot-loader-menu.png IMAGES_EN+= bsdinstall/bsdinstall-choose-mode.png IMAGES_EN+= bsdinstall/bsdinstall-config-components.png IMAGES_EN+= bsdinstall/bsdinstall-config-hostname.png IMAGES_EN+= bsdinstall/bsdinstall-config-keymap.png IMAGES_EN+= bsdinstall/bsdinstall-config-services.png IMAGES_EN+= bsdinstall/bsdinstall-config-crashdump.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-dhcp.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-static.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6-static.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-slaac.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface.png IMAGES_EN+= bsdinstall/bsdinstall-configure-network-ipv4-dns.png IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-accesspoints.png IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-scan.png IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-wpa2setup.png IMAGES_EN+= bsdinstall/bsdinstall-distfile-extracting.png IMAGES_EN+= bsdinstall/bsdinstall-distfile-fetching.png IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.png IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png IMAGES_EN+= bsdinstall/bsdinstall-mainexit.png IMAGES_EN+= bsdinstall/bsdinstall-netinstall-files.png IMAGES_EN+= bsdinstall/bsdinstall-netinstall-mirrorselect.png IMAGES_EN+= bsdinstall/bsdinstall-part-entire-part.png IMAGES_EN+= bsdinstall/bsdinstall-part-guided-disk.png IMAGES_EN+= bsdinstall/bsdinstall-part-guided-manual.png IMAGES_EN+= bsdinstall/bsdinstall-part-manual-addpart.png IMAGES_EN+= bsdinstall/bsdinstall-part-manual-create.png IMAGES_EN+= bsdinstall/bsdinstall-part-manual-partscheme.png IMAGES_EN+= bsdinstall/bsdinstall-part-review.png IMAGES_EN+= bsdinstall/bsdinstall-post-root-passwd.png IMAGES_EN+= bsdinstall/bsdinstall-set-clock-local-utc.png IMAGES_EN+= bsdinstall/bsdinstall-timezone-confirm.png IMAGES_EN+= bsdinstall/bsdinstall-timezone-country.png IMAGES_EN+= bsdinstall/bsdinstall-timezone-region.png IMAGES_EN+= bsdinstall/bsdinstall-timezone-zone.png IMAGES_EN+= geom/striping.pic IMAGES_EN+= install/adduser1.scr IMAGES_EN+= install/adduser2.scr IMAGES_EN+= install/adduser3.scr IMAGES_EN+= install/boot-loader-menu.scr IMAGES_EN+= install/boot-mgr.scr IMAGES_EN+= install/config-country.scr IMAGES_EN+= install/config-keymap.scr IMAGES_EN+= install/console-saver1.scr IMAGES_EN+= install/console-saver2.scr IMAGES_EN+= install/console-saver3.scr IMAGES_EN+= install/console-saver4.scr IMAGES_EN+= install/disklabel-auto.scr IMAGES_EN+= install/disklabel-ed1.scr IMAGES_EN+= install/disklabel-ed2.scr IMAGES_EN+= install/disklabel-fs.scr IMAGES_EN+= install/disklabel-root1.scr IMAGES_EN+= install/disklabel-root2.scr IMAGES_EN+= install/disklabel-root3.scr IMAGES_EN+= install/disk-layout.eps IMAGES_EN+= install/dist-set.scr IMAGES_EN+= install/dist-set2.scr IMAGES_EN+= install/docmenu1.scr IMAGES_EN+= install/ed0-conf.scr IMAGES_EN+= install/ed0-conf2.scr IMAGES_EN+= install/edit-inetd-conf.scr IMAGES_EN+= install/fdisk-drive1.scr IMAGES_EN+= install/fdisk-drive2.scr IMAGES_EN+= install/fdisk-edit1.scr IMAGES_EN+= install/fdisk-edit2.scr IMAGES_EN+= install/ftp-anon1.scr IMAGES_EN+= install/ftp-anon2.scr IMAGES_EN+= install/hdwrconf.scr IMAGES_EN+= install/keymap.scr IMAGES_EN+= install/main1.scr IMAGES_EN+= install/mainexit.scr IMAGES_EN+= install/main-std.scr IMAGES_EN+= install/main-options.scr IMAGES_EN+= install/main-doc.scr IMAGES_EN+= install/main-keymap.scr IMAGES_EN+= install/media.scr IMAGES_EN+= install/mouse1.scr IMAGES_EN+= install/mouse2.scr IMAGES_EN+= install/mouse3.scr IMAGES_EN+= install/mouse4.scr IMAGES_EN+= install/mouse5.scr IMAGES_EN+= install/mouse6.scr IMAGES_EN+= install/mta-main.scr IMAGES_EN+= install/net-config-menu1.scr IMAGES_EN+= install/net-config-menu2.scr IMAGES_EN+= install/nfs-server-edit.scr IMAGES_EN+= install/ntp-config.scr IMAGES_EN+= install/options.scr IMAGES_EN+= install/pkg-cat.scr IMAGES_EN+= install/pkg-confirm.scr IMAGES_EN+= install/pkg-install.scr IMAGES_EN+= install/pkg-sel.scr IMAGES_EN+= install/probstart.scr IMAGES_EN+= install/routed.scr IMAGES_EN+= install/security.scr IMAGES_EN+= install/sysinstall-exit.scr IMAGES_EN+= install/timezone1.scr IMAGES_EN+= install/timezone2.scr IMAGES_EN+= install/timezone3.scr IMAGES_EN+= install/userconfig.scr IMAGES_EN+= install/userconfig2.scr IMAGES_EN+= mail/mutt1.scr IMAGES_EN+= mail/mutt2.scr IMAGES_EN+= mail/mutt3.scr IMAGES_EN+= mail/pine1.scr IMAGES_EN+= mail/pine2.scr IMAGES_EN+= mail/pine3.scr IMAGES_EN+= mail/pine4.scr IMAGES_EN+= mail/pine5.scr IMAGES_EN+= install/example-dir1.eps IMAGES_EN+= install/example-dir2.eps IMAGES_EN+= install/example-dir3.eps IMAGES_EN+= install/example-dir4.eps IMAGES_EN+= install/example-dir5.eps IMAGES_EN+= security/ipsec-network.pic IMAGES_EN+= security/ipsec-crypt-pkt.pic IMAGES_EN+= security/ipsec-encap-pkt.pic IMAGES_EN+= security/ipsec-out-pkt.pic IMAGES_EN+= virtualization/parallels-freebsd1.png IMAGES_EN+= virtualization/parallels-freebsd2.png IMAGES_EN+= virtualization/parallels-freebsd3.png IMAGES_EN+= virtualization/parallels-freebsd4.png IMAGES_EN+= virtualization/parallels-freebsd5.png IMAGES_EN+= virtualization/parallels-freebsd6.png IMAGES_EN+= virtualization/parallels-freebsd7.png IMAGES_EN+= virtualization/parallels-freebsd8.png IMAGES_EN+= virtualization/parallels-freebsd9.png IMAGES_EN+= virtualization/parallels-freebsd10.png IMAGES_EN+= virtualization/parallels-freebsd11.png IMAGES_EN+= virtualization/parallels-freebsd12.png IMAGES_EN+= virtualization/parallels-freebsd13.png IMAGES_EN+= virtualization/virtualpc-freebsd1.png IMAGES_EN+= virtualization/virtualpc-freebsd2.png IMAGES_EN+= virtualization/virtualpc-freebsd3.png IMAGES_EN+= virtualization/virtualpc-freebsd4.png IMAGES_EN+= virtualization/virtualpc-freebsd5.png IMAGES_EN+= virtualization/virtualpc-freebsd6.png IMAGES_EN+= virtualization/virtualpc-freebsd7.png IMAGES_EN+= virtualization/virtualpc-freebsd8.png IMAGES_EN+= virtualization/virtualpc-freebsd9.png IMAGES_EN+= virtualization/virtualpc-freebsd10.png IMAGES_EN+= virtualization/virtualpc-freebsd11.png IMAGES_EN+= virtualization/virtualpc-freebsd12.png IMAGES_EN+= virtualization/virtualpc-freebsd13.png IMAGES_EN+= virtualization/vmware-freebsd01.png IMAGES_EN+= virtualization/vmware-freebsd02.png IMAGES_EN+= virtualization/vmware-freebsd03.png IMAGES_EN+= virtualization/vmware-freebsd04.png IMAGES_EN+= virtualization/vmware-freebsd05.png IMAGES_EN+= virtualization/vmware-freebsd06.png IMAGES_EN+= virtualization/vmware-freebsd07.png IMAGES_EN+= virtualization/vmware-freebsd08.png IMAGES_EN+= virtualization/vmware-freebsd09.png IMAGES_EN+= virtualization/vmware-freebsd10.png IMAGES_EN+= virtualization/vmware-freebsd11.png IMAGES_EN+= virtualization/vmware-freebsd12.png # Images from the cross-document image library IMAGES_LIB= callouts/1.png IMAGES_LIB+= callouts/2.png IMAGES_LIB+= callouts/3.png IMAGES_LIB+= callouts/4.png IMAGES_LIB+= callouts/5.png IMAGES_LIB+= callouts/6.png IMAGES_LIB+= callouts/7.png IMAGES_LIB+= callouts/8.png IMAGES_LIB+= callouts/9.png IMAGES_LIB+= callouts/10.png IMAGES_LIB+= callouts/11.png IMAGES_LIB+= callouts/12.png IMAGES_LIB+= callouts/13.png IMAGES_LIB+= callouts/14.png IMAGES_LIB+= callouts/15.png # # SRCS lists the individual XML files that make up the document. Changes # to any of these files will force a rebuild # # XML content SRCS+= audit/chapter.xml SRCS+= book.xml SRCS+= bsdinstall/chapter.xml SRCS+= colophon.xml SRCS+= dtrace/chapter.xml SRCS+= advanced-networking/chapter.xml SRCS+= basics/chapter.xml SRCS+= bibliography/chapter.xml SRCS+= boot/chapter.xml SRCS+= config/chapter.xml SRCS+= cutting-edge/chapter.xml SRCS+= desktop/chapter.xml SRCS+= disks/chapter.xml SRCS+= eresources/chapter.xml SRCS+= firewalls/chapter.xml SRCS+= filesystems/chapter.xml SRCS+= geom/chapter.xml SRCS+= install/chapter.xml SRCS+= introduction/chapter.xml SRCS+= jails/chapter.xml SRCS+= kernelconfig/chapter.xml SRCS+= l10n/chapter.xml SRCS+= linuxemu/chapter.xml SRCS+= mac/chapter.xml SRCS+= mail/chapter.xml SRCS+= mirrors/chapter.xml SRCS+= multimedia/chapter.xml SRCS+= network-servers/chapter.xml SRCS+= pgpkeys/chapter.xml SRCS+= ports/chapter.xml SRCS+= ppp-and-slip/chapter.xml SRCS+= preface/preface.xml SRCS+= printing/chapter.xml SRCS+= security/chapter.xml SRCS+= serialcomms/chapter.xml -SRCS+= users/chapter.xml SRCS+= virtualization/chapter.xml SRCS+= x11/chapter.xml # Entities SRCS+= chapters.ent SYMLINKS= ${DESTDIR} index.html handbook.html # Turn on all the chapters. CHAPTERS?= ${SRCS:M*chapter.xml} XMLFLAGS+= ${CHAPTERS:S/\/chapter.xml//:S/^/-i chap./} XMLFLAGS+= -i chap.freebsd-glossary pgpkeyring: pgpkeys/chapter.xml ${DOC}.parsed.xml @${XSLTPROC} ${XSLPGP} ${DOC}.parsed.xml # # Handbook-specific variables # .if defined(WITH_PGPKEYS) JADEFLAGS+= -V withpgpkeys .endif URL_RELPREFIX?= ../../../.. DOC_PREFIX?= ${.CURDIR}/../../.. # # rules generating lists of mirror site from XML database. # XMLDOCS= lastmod:::mirrors.lastmod.inc \ mirrors-ftp-index:::mirrors.xml.ftp.index.inc \ mirrors-ftp:::mirrors.xml.ftp.inc \ mirrors-cvsup-index:::mirrors.xml.cvsup.index.inc \ mirrors-cvsup:::mirrors.xml.cvsup.inc \ eresources-index:::eresources.xml.www.index.inc \ eresources:::eresources.xml.www.inc DEPENDSET.DEFAULT= transtable mirror XSLT.DEFAULT= ${XSL_MIRRORS} XML.DEFAULT= ${XML_MIRRORS} PARAMS.lastmod+= --param 'target' "'lastmod'" PARAMS.mirrors-ftp-index+= --param 'type' "'ftp'" \ --param 'proto' "'ftp'" \ --param 'target' "'index'" PARAMS.mirrors-ftp+= --param 'type' "'ftp'" \ --param 'proto' "'ftp'" \ --param 'target' "'handbook/mirrors/chapter.xml'" PARAMS.mirrors-cvsup-index+= --param 'type' "'cvsup'" \ --param 'proto' "'cvsup'" \ --param 'target' "'index'" PARAMS.mirrors-cvsup+= --param 'type' "'cvsup'" \ --param 'proto' "'cvsup'" \ --param 'target' "'handbook/mirrors/chapter.xml'" PARAMS.eresources-index+= --param 'type' "'www'" \ --param 'proto' "'http'" \ --param 'target' "'index'" PARAMS.eresources+= --param 'type' "'www'" \ --param 'proto' "'http'" \ --param 'target' "'handbook/eresources/chapter.xml'" SRCS+= mirrors.lastmod.inc \ mirrors.xml.ftp.inc \ mirrors.xml.ftp.index.inc \ mirrors.xml.cvsup.inc \ mirrors.xml.cvsup.index.inc \ eresources.xml.www.inc \ eresources.xml.www.index.inc .include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/en_US.ISO8859-1/books/handbook/basics/chapter.xml b/en_US.ISO8859-1/books/handbook/basics/chapter.xml index 2d6e0c3171..58d0ebfa43 100644 --- a/en_US.ISO8859-1/books/handbook/basics/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/basics/chapter.xml @@ -1,2517 +1,3512 @@ UNIX Basics Synopsis This chapter covers the basic commands and functionality of the &os; operating system. Much of this material is relevant for any &unix;-like operating system. New &os; users are encouraged to read through this chapter carefully. After reading this chapter, you will know: How to use and configure virtual consoles. + + How to create and manage users and groups on + &os;. + + How &unix; file permissions and &os; file flags work. The default &os; file system layout. The &os; disk organization. How to mount and unmount file systems. What processes, daemons, and signals are. What a shell is, and how to change the default login environment. How to use basic text editors. What devices and device nodes are. How to read manual pages for more information. Virtual Consoles and Terminals virtual consoles terminals console Unless &os; has been configured to automatically start a graphical environment during startup, the system will boot into a command line login prompt, as seen in this example: FreeBSD/amd64 (pc3.example.org) (ttyv0) login: The first line contains some information about the system. The amd64 indicates that the system in this example is running a 64-bit version of &os;. The hostname is pc3.example.org, and ttyv0 indicates that this is the system console. The second line is the login prompt. Since &os; is a multiuser system, it needs some way to distinguish between different users. This is accomplished by requiring every user to log into the system before gaining access to the programs on the system. Every user has a unique name username and a personal password. To log into the system console, type the username that was configured during system installation, as described in , and press Enter. Then enter the password associated with the username and press Enter. The password is not echoed for security reasons. Once the correct password is input, the message of the day (MOTD) will be displayed followed by a command prompt. Depending upon the shell that was selected when the user was created, this prompt will be a #, $, or % character. The prompt indicates that the user is now logged into the &os; system console and ready to try the available commands. Virtual Consoles While the system console can be used to interact with the system, a user working from the command line at the keyboard of a &os; system will typically instead log into a virtual console. This is because system messages are configured by default to display on the system console. These messages will appear over the command or file that the user is working on, making it difficult to concentrate on the work at hand. By default, &os; is configured to provide several virtual consoles for inputting commands. Each virtual console has its own login prompt and shell and it is easy to switch between virtual consoles. This essentially provides the command line equivalent of having several windows open at the same time in a graphical environment. The key combinations AltF1 through AltF8 have been reserved by &os; for switching between virtual consoles. Use AltF1 to switch to the system console (ttyv0), AltF2 to access the first virtual console (ttyv1), AltF3 to access the second virtual console (ttyv2), and so on. When switching from one console to the next, &os; takes manages the screen output. The result is an illusion of having multiple virtual screens and keyboards that can be used to type commands for &os; to run. The programs that are launched in one virtual console do not stop running when the user switches to a different virtual console. Refer to &man.syscons.4;, &man.atkbd.4;, &man.vidcontrol.1; and &man.kbdcontrol.1; for a more technical description of the &os; console and its keyboard drivers. In &os;, the number of available virtual consoles is configured in this section of /etc/ttys: # name getty type status comments # ttyv0 "/usr/libexec/getty Pc" cons25 on secure # Virtual terminals ttyv1 "/usr/libexec/getty Pc" cons25 on secure ttyv2 "/usr/libexec/getty Pc" cons25 on secure ttyv3 "/usr/libexec/getty Pc" cons25 on secure ttyv4 "/usr/libexec/getty Pc" cons25 on secure ttyv5 "/usr/libexec/getty Pc" cons25 on secure ttyv6 "/usr/libexec/getty Pc" cons25 on secure ttyv7 "/usr/libexec/getty Pc" cons25 on secure ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure To disable a virtual console, put a comment symbol (#) at the beginning of the line representing that virtual console. For example, to reduce the number of available virtual consoles from eight to four, put a # in front of the last four lines representing virtual consoles ttyv5 through ttyv8. Do not comment out the line for the system console ttyv0. Note that the last virtual console (ttyv8) is used to access the graphical environment if &xorg; has been installed and configured as described in . For a detailed description of every column in this file and the available options for the virtual consoles, refer to &man.ttys.5;. Single User Mode The &os; boot menu provides an option labelled as Boot Single User. If this option is selected, the system will boot into a special mode known as single user mode. This mode is typically used to repair a system that will not boot or to reset the root password when it is not known. While in single user mode, networking and other virtual consoles are not available. However, full root access to the system is available, and by default, the root password is not needed. For these reasons, physical access to the keyboard is needed to boot into this mode and determining who has physical access to the keyboard is something to consider when securing a &os; system. The settings which control single user mode are found in this section of /etc/ttys: # name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off secure By default, the status is set to secure. This assumes that who has physical access to the keyboard is either not important or it is controlled by a physical security policy. If this setting is changed to insecure, the assumption is that the environment itself is insecure because anyone can access the keyboard. When this line is changed to insecure, &os; will prompt for the root password when a user selects to boot into single user mode. Be careful when changing this setting to insecure! If the root password is forgotten, booting into single user mode is still possible, but may be difficult for someone who is not familiar with the &os; booting process. Changing Console Video Modes The &os; console default video mode may be adjusted to 1024x768, 1280x1024, or any other size supported by the graphics chip and monitor. To use a different video mode load the VESA module: &prompt.root; kldload vesa To determine which video modes are supported by the hardware, use &man.vidcontrol.1;. To get a list of supported video modes issue the following: &prompt.root; vidcontrol -i mode The output of this command lists the video modes that are supported by the hardware. To select a new video mode, specify the mode using &man.vidcontrol.1; as the root user: &prompt.root; vidcontrol MODE_279 If the new video mode is acceptable, it can be permanently set on boot by adding it to /etc/rc.conf: allscreens_flags="MODE_279" + + + + Users and Basic Account Management + + &os; allows multiple users to use the computer at the same + time. While only one user can sit in front of the screen and + use the keyboard at any one time, any number of users can log + in to the system through the network. To use the system, each + user should have their own user account. + + This chapter describes: + + + + The different types of user accounts on a + &os; system. + + + + How to add, remove, and modify user accounts. + + + + How to set limits to control the + resources that users and + groups are allowed to access. + + + + How to create groups and add users as members of a group. + + + + + Account Types + + Since all access to the &os; system is achieved using accounts + and all processes are run by users, user and account management + is important. + + There are three main types of accounts: + system accounts, + user accounts, and the + superuser account. + + + System Accounts + + + accounts + system + + + System accounts are used to run services such as DNS, + mail, and web servers. The reason for this is security; if + all services ran as the superuser, they could act without + restriction. + + + accounts + daemon + + + accounts + operator + + + Examples of system accounts are + daemon, operator, + bind, news, and + www. + + + accounts + nobody + + + nobody is the generic unprivileged + system account. However, the more services that use + nobody, the more files and processes that + user will become associated with, and hence the more + privileged that user becomes. + + + + User Accounts + + + accounts + user + + + User accounts are + assigned to real people and are used to log in and use the + system. Every person accessing the system should have a unique + user account. This allows the administrator to find out who + is doing what and prevents users from clobbering the + settings of other users. + + Each user can set up their own environment to accommodate + their use of the system, by configuring their default shell, editor, + key bindings, and language settings. + Every user account on a &os; system has certain information + associated with it: + + + + User name + + + The user name is typed at the login: + prompt. User names must be unique on the system as no two + users can have the same user name. There are a number of + rules for creating valid user names which are documented in + &man.passwd.5;. It is recommended to use user names that consist of eight or + fewer, all lower case characters in order to maintain + backwards compatibility with applications. + + + + + Password + + + Each user account should have an associated password. While the + password can be blank, this is highly discouraged. + + + + + User ID (UID) + + + The User ID (UID) is a number + used to uniquely identify the user to the + &os; system. Commands that + allow a user name to be specified will first convert it to + the UID. It is recommended to use a UID of + 65535 or lower as higher UIDs may cause compatibility + issues with software that does not support integers larger + than 32-bits. + + + + + Group ID (GID) + + + The Group ID (GID) is a number used to uniquely identify + the primary group that the user belongs to. Groups are a + mechanism for controlling access to resources based on a + user's GID rather than their + UID. This can significantly reduce the + size of some configuration files and allows users to be + members of more than one group. It is recommended to use a GID of + 65535 or lower as higher GIDs may break some + software. + + + + + Login class + + + Login classes are an extension to the group mechanism + that provide additional flexibility when tailoring the + system to different users. Login classes are discussed + further in + + + + + Password change time + + + By default, &os; does not force users to change their + passwords periodically. Password expiration can be + enforced on a per-user basis using &man.pw.8;, forcing some or all users to + change their passwords after a certain amount of time has + elapsed. + + + + + Account expiry time + + + By default, &os; does not expire accounts. When + creating accounts that need a limited lifespan, such as + student accounts in a school, specify the account expiry + date using &man.pw.8;. After the expiry time has elapsed, the account + cannot be used to log in to the system, although the + account's directories and files will remain. + + + + + User's full name + + + The user name uniquely identifies the account to &os;, + but does not necessarily reflect the user's real name. + Similar to a comment, this information + can contain a space, uppercase characters, and be more + than 8 characters long. + + + + + Home directory + + + The home directory is the full path to a directory on + the system. This is the user's starting directory when + the user logs in. A common convention is to put all user + home directories under /home/username + or /usr/home/username. + Each user stores their personal files and subdirectories + in their own home directory. + + + + + User shell + + + The shell provides the user's default environment for + interacting with the system. There are many different + kinds of shells and experienced users will have their own + preferences, which can be reflected in their account + settings. + + + + + + + The Superuser Account + + + accounts + superuser (root) + + + The superuser account, usually called + root, is used to + manage the system with no limitations on privileges. For this + reason, it should not be used for day-to-day + tasks like sending and receiving mail, general exploration of + the system, or programming. + + The superuser, unlike other user + accounts, can operate without limits, and misuse of the + superuser account may result in spectacular disasters. User + accounts are unable to destroy the operating system by mistake, so it is + recommended to login as a user account and to only become the superuser + when a command requires extra privilege. + + Always double and triple-check any commands issued as the + superuser, since an extra space or missing character can mean + irreparable data loss. + + There are several ways to become gain superuser privilege. While one + can log in as root, this is highly discouraged. + + Instead, use &man.su.1; to become the superuser. If + - is specified when running this command, the user will also inherit the root user's environment. + The user running this command must + be in the wheel group or else the command + will fail. The user must also know the password for the + root user account. + + In this example, the user only becomes superuser in order to run + make install as this step requires superuser privilege. + Once the command completes, the user types exit + to leave the superuser account and return to the privilege of + their user account. + + + Install a Program As The Superuser + + &prompt.user; configure +&prompt.user; make +&prompt.user; su - +Password: +&prompt.root; make install +&prompt.root; exit +&prompt.user; + + + The built-in &man.su.1; framework works well for single systems or small + networks with just one system administrator. An alternative + is to install the + security/sudo package or port. This software + provides activity logging and allows the administrator to configure which users + can run which commands + as the superuser. + + + + + Managing Accounts + + + accounts + modifying + + + &os; provides a variety of different commands to manage + user accounts. The most common commands are summarized below, + followed by more detailed examples of their usage. + + + + + + + + + Command + Summary + + + + + &man.adduser.8; + The recommended command-line application for adding + new users. + + + + &man.rmuser.8; + The recommended command-line application for + removing users. + + + + &man.chpass.1; + A flexible tool for changing user database + information. + + + + &man.passwd.1; + The simple command-line tool to change user + passwords. + + + + &man.pw.8; + A powerful and flexible tool for modifying all + aspects of user accounts. + + + + + + + <command>adduser</command> + + + accounts + adding + + + adduser + + + /usr/share/skel + + skeleton directory + &man.adduser.8; is a simple program for adding new users + When a new user is added, this program automatically updates + /etc/passwd and + /etc/group. It also creates a home + directory for the new user, copies in the default + configuration files from /usr/share/skel, and can + optionally mail the new user a welcome message. + + + Adding a User on &os; + + &prompt.root; adduser +Username: jru +Full name: J. Random User +Uid (Leave empty for default): +Login group [jru]: +Login group is jru. Invite jru into other groups? []: wheel +Login class [default]: +Shell (sh csh tcsh zsh nologin) [sh]: zsh +Home directory [/home/jru]: +Home directory permissions (Leave empty for default): +Use password-based authentication? [yes]: +Use an empty password? (yes/no) [no]: +Use a random password? (yes/no) [no]: +Enter password: +Enter password again: +Lock out the account after creation? [no]: +Username : jru +Password : **** +Full Name : J. Random User +Uid : 1001 +Class : +Groups : jru wheel +Home : /home/jru +Shell : /usr/local/bin/zsh +Locked : no +OK? (yes/no): yes +adduser: INFO: Successfully added (jru) to the user database. +Add another user? (yes/no): no +Goodbye! +&prompt.root; + + + + Since the password is not echoed when typed, be careful + to not mistype the password when creating the user + account. + + + + + <command>rmuser</command> + + rmuser + + accounts + removing + + + To completely remove a user from the system use + &man.rmuser.8;. This command performs the following + steps: + + + + Removes the user's &man.crontab.1; entry if one + exists. + + + + Removes any &man.at.1; jobs belonging to the + user. + + + + Kills all processes owned by the user. + + + + Removes the user from the system's local password + file. + + + + Removes the user's home directory, if it is owned by + the user. + + + + Removes the incoming mail files belonging to the user + from /var/mail. + + + + Removes all files owned by the user from temporary + file storage areas such as /tmp. + + + + Finally, removes the username from all groups to which + it belongs in /etc/group. + + + If a group becomes empty and the group name is the + same as the username, the group is removed. This + complements the per-user unique groups created by + &man.adduser.8;. + + + + + &man.rmuser.8; cannot be used to remove superuser + accounts since that is almost always an indication of massive + destruction. + + By default, an interactive mode is used, as shown + in the following example. + + + <command>rmuser</command> Interactive Account + Removal + + &prompt.root; rmuser jru +Matching password entry: +jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh +Is this the entry you wish to remove? y +Remove user's home directory (/home/jru)? y +Updating password file, updating databases, done. +Updating group file: trusted (removing group jru -- personal group is empty) done. +Removing user's incoming mail file /var/mail/jru: done. +Removing files belonging to jru from /tmp: done. +Removing files belonging to jru from /var/tmp: done. +Removing files belonging to jru from /var/tmp/vi.recover: done. +&prompt.root; + + + + + <command>chpass</command> + + chpass + &man.chpass.1; can be used to change user database + information such as passwords, shells, and personal + information. + + Only the superuser can change other users' information and + passwords with &man.chpass.1;. + + When passed no options, aside from an optional username, + &man.chpass.1; displays an editor containing user information. + When the user exists from the editor, the user database is + updated with the new information. + + + You will be asked for your password after exiting the + editor if you are not the superuser. + + + + Interactive <command>chpass</command> by + Superuser + + #Changing user database information for jru. +Login: jru +Password: * +Uid [#]: 1001 +Gid [# or name]: 1001 +Change [month day year]: +Expire [month day year]: +Class: +Home directory: /home/jru +Shell: /usr/local/bin/zsh +Full Name: J. Random User +Office Location: +Office Phone: +Home Phone: +Other information: + + + A user can change only a small subset of this + information, and only for their own user account. + + + Interactive <command>chpass</command> by Normal + User + + #Changing user database information for jru. +Shell: /usr/local/bin/zsh +Full Name: J. Random User +Office Location: +Office Phone: +Home Phone: +Other information: + + + + &man.chfn.1; and &man.chsh.1; are links to + &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and + &man.ypchsh.1;. NIS support is + automatic, so specifying the yp before + the command is not necessary. How to configure NIS is + covered in . + + + + <command>passwd</command> + + passwd + + accounts + changing password + + &man.passwd.1; is the usual way to change your own + password as a user, or another user's password as the + superuser. + + + To prevent accidental or unauthorized changes, the user + must enter their original password before a new password can + be set. This is not the case when the superuser changes a + user's password. + + + + Changing Your Password + + &prompt.user; passwd +Changing local password for jru. +Old password: +New password: +Retype new password: +passwd: updating the database... +passwd: done + + + + Changing Another User's Password as the + Superuser + + &prompt.root; passwd jru +Changing local password for jru. +New password: +Retype new password: +passwd: updating the database... +passwd: done + + + + As with &man.chpass.1;, &man.yppasswd.1; is a link to + &man.passwd.1;, so NIS works with either command. + + + + + + <command>pw</command> + + pw + + &man.pw.8; is a command line utility to create, remove, + modify, and display users and groups. It functions as a front + end to the system user and group files. &man.pw.8; has a very + powerful set of command line options that make it suitable for + use in shell scripts, but new users may find it more + complicated than the other commands presented in this + section. + + + + + Limiting Users + + limiting users + + accounts + limiting + + &os; provides several methods for an administrator to limit + the amount of system resources an individual may use. These + limits are discussed in two sections: disk quotas and other + resource limits. + + quotas + + limiting users + quotas + + disk quotas + Disk quotas limit the amount of disk space available to + users and provide a way to quickly check that usage without + calculating it every time. Quotas are discussed in . + + The other resource limits include ways to limit the amount + of CPU, memory, and other resources a user may consume. These + are defined using login classes and are discussed here. + + + /etc/login.conf + + Login classes are defined in + /etc/login.conf and are described in detail + in &man.login.conf.5;. Each user account is assigned to a login + class, default by default, and each login + class has a set of login capabilities associated with it. A + login capability is a + name=value + pair, where name is a well-known + identifier and value is an arbitrary + string which is processed accordingly depending on the + name. Setting up login classes and + capabilities is rather straightforward and is also described in + &man.login.conf.5;. + + + &os; does not normally read the configuration in + /etc/login.conf directly, but instead + reads the /etc/login.conf.db database + which provides faster lookups. Whenever + /etc/login.conf is edited, the + /etc/login.conf.db must be updated by + executing the following command: + + &prompt.root; cap_mkdb /etc/login.conf + + + Resource limits differ from the default login capabilities + in two ways. First, for every limit, there is a soft (current) + and hard limit. A soft limit may be adjusted by the user or + application, but may not be set higher than the hard limit. The + hard limit may be lowered by the user, but can only be raised + by the superuser. Second, most resource limits apply per + process to a specific user, not to the user as a whole. These + differences are mandated by the specific handling of the limits, + not by the implementation of the login capability + framework. + + Below are the most commonly used resource limits. The rest + of the limits, along with all the other login capabilities, can + be found in &man.login.conf.5;. + + + + coredumpsize + + + The limit on the size of a core filecoredumpsize generated by a + program is subordinate to other limitslimiting userscoredumpsize on disk usage, such + as filesize, or disk quotas. + This limit is often used as a less-severe method of + controlling disk space consumption. Since users do not + generate core files themselves, and often do not delete + them, setting this may save them from running out of disk + space should a large program crash. + + + + + cputime + + + The maximum amount of CPUcputimelimiting userscputime time a user's process may + consume. Offending processes will be killed by the + kernel. + + + This is a limit on CPU time + consumed, not percentage of the CPU as displayed in + some fields by &man.top.1; and &man.ps.1;. + + + + + + filesize + + + The maximum size of a filefilesizelimiting usersfilesize the user may own. Unlike + disk quotas, this limit is + enforced on individual files, not the set of all files a + user owns. + + + + + maxproc + + + The maximum number of processesmaxproclimiting usersmaxproc a user can run. This + includes foreground and background processes. This limit + may not be larger than the system limit specified by the + kern.maxproc &man.sysctl.8;. Setting + this limit too small may hinder a user's productivity as + it is often useful to be logged in multiple times or to + execute pipelines. Some tasks, such as compiling a large + program, spawn multiple processes and other intermediate + preprocessors. + + + + + memorylocked + + + The maximum amount of memorymemorylockedlimiting usersmemorylocked a process may request + to be locked into main memory using &man.mlock.2;. Some + system-critical programs, such as &man.amd.8;, lock into + main memory so that if the system begins to swap, they do + not contribute to disk thrashing. + + + + + memoryuse + + + The maximum amount of memorymemoryuselimiting usersmemoryuse a process may consume at + any given time. It includes both core memory and swap + usage. This is not a catch-all limit for restricting + memory consumption, but is a good start. + + + + + openfiles + + + The maximum number of files a process may have openopenfileslimiting usersopenfiles. + In &os;, files are used to represent sockets and IPC + channels, so be careful not to set this too low. The + system-wide limit for this is defined by the + kern.maxfiles &man.sysctl.8;. + + + + + sbsize + + + The limit on the amount of network memory, and + thus mbufssbsizelimiting userssbsize, a user may consume in order to limit network + communications. + + + + + stacksize + + + The maximum size of a process stackstacksizelimiting usersstacksize. This alone is + not sufficient to limit the amount of memory a program + may use so it should be used in conjunction with other + limits. + + + + + There are a few other things to remember when setting + resource limits. Following are some general tips, suggestions, + and miscellaneous comments. + + + + Processes started at system startup by + /etc/rc are assigned to the + daemon login class. + + + + Although the /etc/login.conf that + comes with the system is a good source of reasonable values + for most limits, they may not be appropriate for every + system. Setting a limit too high may open the system up to + abuse, while setting it too low may put a strain on + productivity. + + + + Users of &xorg; should + probably be granted more resources than other users. + &xorg; by itself takes a lot of + resources, but it also encourages users to run more programs + simultaneously. + + + + Many limits apply to individual processes, not the user + as a whole. For example, setting + openfiles to 50 means that each process + the user runs may open up to 50 files. The total amount + of files a user may open is the value of + openfiles multiplied by the value of + maxproc. This also applies to memory + consumption. + + + + For further information on resource limits and login classes + and capabilities in general, refer to &man.cap.mkdb.1;, + &man.getrlimit.2;, and &man.login.conf.5;. + + + + Managing Groups + + groups + + /etc/groups + + + accounts + groups + + A group is a list of users. A group is identified by its + group name and GID. In &os;, the + kernel uses the UID of a process, and the + list of groups it belongs to, to determine what the process is + allowed to do. Most of the time, the GID of + a user or process usually means the first group in the + list. + + The group name to GID mapping is listed + in /etc/group. This is a plain text file + with four colon-delimited fields. The first field is the group + name, the second is the encrypted password, the third the + GID, and the fourth the comma-delimited list + of members. For a more complete description of the syntax, + refer to &man.group.5;. + + The superuser can modify /etc/group + using a text editor. Alternatively, &man.pw.8; can be used to + add and edit groups. For example, to add a group called + teamtwo and then confirm that it + exists: + + + Adding a Group Using &man.pw.8; + + &prompt.root; pw groupadd teamtwo +&prompt.root; pw groupshow teamtwo +teamtwo:*:1100: + + + In this example, 1100 is the + GID of teamtwo. Right + now, teamtwo has no members. This + command will add jru as a member of + teamtwo. + + + Adding User Accounts to a New Group Using + &man.pw.8; + + &prompt.root; pw groupmod teamtwo -M jru +&prompt.root; pw groupshow teamtwo +teamtwo:*:1100:jru + + + The argument to is a comma-delimited + list of users to be added to a new (empty) group or to replace + the members of an existing group. To the user, this group + membership is different from (and in addition to) the user's + primary group listed in the password file. This means that + the user will not show up as a member when using + with &man.pw.8;, but will show up + when the information is queried via &man.id.1; or a similar + tool. When &man.pw.8; is used to add a user to a group, it only + manipulates /etc/group and does not attempt + to read additional data from + /etc/passwd. + + + Adding a New Member to a Group Using &man.pw.8; + + &prompt.root; pw groupmod teamtwo -m db +&prompt.root; pw groupshow teamtwo +teamtwo:*:1100:jru,db + + + In this example, the argument to is a + comma-delimited list of users who are to be added to the group. + Unlike the previous example, these users are appended to the + group list and do not replace the list of existing users in the + group. + + + Using &man.id.1; to Determine Group Membership + + &prompt.user; id jru +uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo) + + + In this example, jru is a member of the + groups jru and + teamtwo. + + For more information about this command and the format of + /etc/group, refer to &man.pw.8; and + &man.group.5;. + + + Permissions UNIX In &os;, every file and directory has an associated set of permissions and several utilities are available for viewing and modifying these permissions. Understanding how permissions work is necessary to make sure that users are able to access the files that they need and are unable to improperly access the files used by the operating system or owned by other users. This section discusses the traditional &unix; permissions used in &os;. For finer grained file system access control, refer to . In &unix;, basic permissions are assigned using three types of access: read, write, and execute. These access types are used to determine file access to the file's owner, group, and others (everyone else). The read, write, and execute permissions can be represented as the letters r, w, and x. They can also be represented as binary numbers as each permission is either on or off (0). When represented as a number, the order is always read as rwx, where r has an on value of 4, w has an on value of 2 and x has an on value of 1. Table 4.1 summarizes the possible numeric and alphabetic possibilities. When reading the Directory Listing column, a - is used to represent a permission that is set to off. permissions file permissions &unix; Permissions Value Permission Directory Listing 0 No read, no write, no execute --- 1 No read, no write, execute --x 2 No read, write, no execute -w- 3 No read, write, execute -wx 4 Read, no write, no execute r-- 5 Read, no write, execute r-x 6 Read, write, no execute rw- 7 Read, write, execute rwx
&man.ls.1; directories Use the argument to &man.ls.1; to view a long directory listing that includes a column of information about a file's permissions for the owner, group, and everyone else. For example, a ls -l in an arbitrary directory may show: &prompt.user; ls -l total 530 -rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile -rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile -rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt The first (leftmost) character in the first column indicates whether this file is a regular file, a directory, a special character device, a socket, or any other special pseudo-file device. In this example, the - indicates a regular file. The next three characters, rw- in this example, give the permissions for the owner of the file. The next three characters, r--, give the permissions for the group that the file belongs to. The final three characters, r--, give the permissions for the rest of the world. A dash means that the permission is turned off. In this example, the permissions are set so the owner can read and write to the file, the group can read the file, and the rest of the world can only read the file. According to the table above, the permissions for this file would be 644, where each digit represents the three parts of the file's permission. How does the system control permissions on devices? &os; treats most hardware devices as a file that programs can open, read, and write data to. These special device files are stored in /dev/. Directories are also treated as files. They have read, write, and execute permissions. The executable bit for a directory has a slightly different meaning than that of files. When a directory is marked executable, it means it is possible to change into that directory using &man.cd.1;. This also means that it is possible to access the files within that directory, subject to the permissions on the files themselves. In order to perform a directory listing, the read permission must be set on the directory. In order to delete a file that one knows the name of, it is necessary to have write and execute permissions to the directory containing the file. There are more permission bits, but they are primarily used in special circumstances such as setuid binaries and sticky directories. For more information on file permissions and how to set them, refer to &man.chmod.1;. Tom Rhodes Contributed by Symbolic Permissions permissions symbolic Symbolic permissions use characters instead of octal values to assign permissions to files or directories. Symbolic permissions use the syntax of (who) (action) (permissions), where the following values are available: Option Letter Represents (who) u User (who) g Group owner (who) o Other (who) a All (world) (action) + Adding permissions (action) - Removing permissions (action) = Explicitly set permissions (permissions) r Read (permissions) w Write (permissions) x Execute (permissions) t Sticky bit (permissions) s Set UID or GID These values are used with &man.chmod.1;, but with letters instead of numbers. For example, the following command would block other users from accessing FILE: &prompt.user; chmod go= FILE A comma separated list can be provided when more than one set of changes to a file must be made. For example, the following command removes the group and world write permission on FILE, and adds the execute permissions for everyone: &prompt.user; chmod go-w,a+x FILE Tom Rhodes Contributed by &os; File Flags In addition to file permissions, &os; supports the use of file flags. These flags add an additional level of security and control over files, but not directories. With file flags, even root can be prevented from removing or altering files. File flags are modified using &man.chflags.1;. For example, to enable the system undeletable flag on the file file1, issue the following command: &prompt.root; chflags sunlink file1 To disable the system undeletable flag, put a no in front of the : &prompt.root; chflags nosunlink file1 To view the flags of a file, use with &man.ls.1;: &prompt.root; ls -lo file1 -rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1 Several file flags may only be added or removed by the root user. In other cases, the file owner may set its file flags. Refer to &man.chflags.1; and &man.chflags.2; for more information. Tom Rhodes Contributed by The <literal>setuid</literal>, <literal>setgid</literal>, and <literal>sticky</literal> Permissions Other than the permissions already discussed, there are three other specific settings that all administrators should know about. They are the setuid, setgid, and sticky permissions. These settings are important for some &unix; operations as they provide functionality not normally granted to normal users. To understand them, the difference between the real user ID and effective user ID must be noted. The real user ID is the UID who owns or starts the process. The effective UID is the user ID the process runs as. As an example, &man.passwd.1; runs with the real user ID when a user changes their password. However, in order to update the password database, the command runs as the effective ID of the root user. This allows users to change their passwords without seeing a Permission Denied error. The setuid permission may be set by prefixing a permission set with the number four (4) as shown in the following example: &prompt.root; chmod 4755 suidexample.sh The permissions on suidexample.sh now look like the following: -rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh Note that a s is now part of the permission set designated for the file owner, replacing the executable bit. This allows utilities which need elevated permissions, such as &man.passwd.1;. The nosuid &man.mount.8; option will cause such binaries to silently fail without alerting the user. That option is not completely reliable as a nosuid wrapper may be able to circumvent it. To view this in real time, open two terminals. On one, type passwd as a normal user. While it waits for a new password, check the process table and look at the user information for &man.passwd.1;: In terminal A: Changing local password for trhodes Old Password: In terminal B: &prompt.root; ps aux | grep passwd trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd Although &man.passwd.1; is run as a normal user, it is using the effective UID of root. The setgid permission performs the same function as the setuid permission; except that it alters the group settings. When an application or utility executes with this setting, it will be granted the permissions based on the group that owns the file, not the user who started the process. To set the setgid permission on a file, provide &man.chmod.1; with a leading two (2): &prompt.root; chmod 2755 sgidexample.sh In the following listing, notice that the s is now in the field designated for the group permission settings: -rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.sh In these examples, even though the shell script in question is an executable file, it will not run with a different EUID or effective user ID. This is because shell scripts may not access the &man.setuid.2; system calls. The setuid and setgid permission bits may lower system security, by allowing for elevated permissions. The third special permission, the sticky bit, can strengthen the security of a system. When the sticky bit is set on a directory, it allows file deletion only by the file owner. This is useful to prevent file deletion in public directories, such as /tmp, by users who do not own the file. To utilize this permission, prefix the permission set with a one (1): &prompt.root; chmod 1777 /tmp The sticky bit permission will display as a t at the very end of the permission set: &prompt.root; ls -al / | grep tmp drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp
Directory Structure directory hierarchy The &os; directory hierarchy is fundamental to obtaining an overall understanding of the system. The most important directory is root or, /. This directory is the first one mounted at boot time and it contains the base system necessary to prepare the operating system for multi-user operation. The root directory also contains mount points for other file systems that are mounted during the transition to multi-user operation. A mount point is a directory where additional file systems can be grafted onto a parent file system (usually the root file system). This is further described in . Standard mount points include /usr/, /var/, /tmp/, /mnt/, and /cdrom/. These directories are usually referenced to entries in /etc/fstab. This file is a table of various file systems and mount points and is read by the system. Most of the file systems in /etc/fstab are mounted automatically at boot time from the script &man.rc.8; unless their entry includes . Details can be found in . A complete description of the file system hierarchy is available in &man.hier.7;. The following table provides a brief overview of the most common directories. Directory Description / Root directory of the file system. /bin/ User utilities fundamental to both single-user and multi-user environments. /boot/ Programs and configuration files used during operating system bootstrap. /boot/defaults/ Default boot configuration files. Refer to &man.loader.conf.5; for details. /dev/ Device nodes. Refer to &man.intro.4; for details. /etc/ System configuration files and scripts. /etc/defaults/ Default system configuration files. Refer to &man.rc.8; for details. /etc/mail/ Configuration files for mail transport agents such as &man.sendmail.8;. /etc/namedb/ &man.named.8; configuration files. /etc/periodic/ Scripts that run daily, weekly, and monthly, via &man.cron.8;. Refer to &man.periodic.8; for details. /etc/ppp/ &man.ppp.8; configuration files. /mnt/ Empty directory commonly used by system administrators as a temporary mount point. /proc/ Process file system. Refer to &man.procfs.5;, &man.mount.procfs.8; for details. /rescue/ Statically linked programs for emergency recovery as described in &man.rescue.8;. /root/ Home directory for the root account. /sbin/ System programs and administration utilities fundamental to both single-user and multi-user environments. /tmp/ Temporary files which are usually not preserved across a system reboot. A memory-based file system is often mounted at /tmp. This can be automated using the tmpmfs-related variables of &man.rc.conf.5; or with an entry in /etc/fstab; refer to &man.mdmfs.8; for details. /usr/ The majority of user utilities and applications. /usr/bin/ Common utilities, programming tools, and applications. /usr/include/ Standard C include files. /usr/lib/ Archive libraries. /usr/libdata/ Miscellaneous utility data files. /usr/libexec/ System daemons and system utilities executed by other programs. /usr/local/ Local executables and libraries. Also used as the default destination for the &os; ports framework. Within /usr/local, the general layout sketched out by &man.hier.7; for /usr should be used. Exceptions are the man directory, which is directly under /usr/local rather than under /usr/local/share, and the ports documentation is in share/doc/port. /usr/obj/ Architecture-specific target tree produced by building the /usr/src tree. /usr/ports/ The &os; Ports Collection (optional). /usr/sbin/ System daemons and system utilities executed by users. /usr/share/ Architecture-independent files. /usr/src/ BSD and/or local source files. /var/ Multi-purpose log, temporary, transient, and spool files. A memory-based file system is sometimes mounted at /var. This can be automated using the varmfs-related variables in &man.rc.conf.5; or with an entry in /etc/fstab; refer to &man.mdmfs.8; for details. /var/log/ Miscellaneous system log files. /var/mail/ User mailbox files. /var/spool/ Miscellaneous printer and mail system spooling directories. /var/tmp/ Temporary files which are usually preserved across a system reboot, unless /var is a memory-based file system. /var/yp/ NIS maps. Disk Organization The smallest unit of organization that &os; uses to find files is the filename. Filenames are case-sensitive, which means that readme.txt and README.TXT are two separate files. &os; does not use the extension of a file to determine whether the file is a program, document, or some other form of data. Files are stored in directories. A directory may contain no files, or it may contain many hundreds of files. A directory can also contain other directories, allowing a hierarchy of directories within one another in order to organize data. Files and directories are referenced by giving the file or directory name, followed by a forward slash, /, followed by any other directory names that are necessary. For example, if the directory foo contains a directory bar which contains the file readme.txt, the full name, or path, to the file is foo/bar/readme.txt. Note that this is different from &windows; which uses \ to separate file and directory names. &os; does not use drive letters, or other drive names in the path. For example, one would not type c:/foo/bar/readme.txt on &os;. Directories and files are stored in a file system. Each file system contains exactly one directory at the very top level, called the root directory for that file system. This root directory can contain other directories. One file system is designated the root file system or /. Every other file system is mounted under the root file system. No matter how many disks are on the &os; system, every directory appears to be part of the same disk. Consider three file systems, called A, B, and C. Each file system has one root directory, which contains two other directories, called A1, A2 (and likewise B1, B2 and C1, C2). Call A the root file system. If &man.ls.1; is used to view the contents of this directory, it will show two subdirectories, A1 and A2. The directory tree looks like this: / | +--- A1 | `--- A2 A file system must be mounted on to a directory in another file system. When mounting file system B on to the directory A1, the root directory of B replaces A1, and the directories in B appear accordingly: / | +--- A1 | | | +--- B1 | | | `--- B2 | `--- A2 Any files that are in the B1 or B2 directories can be reached with the path /A1/B1 or /A1/B2 as necessary. Any files that were in /A1 have been temporarily hidden. They will reappear if B is unmounted from A. If B had been mounted on A2 then the diagram would look like this: / | +--- A1 | `--- A2 | +--- B1 | `--- B2 and the paths would be /A2/B1 and /A2/B2 respectively. File systems can be mounted on top of one another. Continuing the last example, the C file system could be mounted on top of the B1 directory in the B file system, leading to this arrangement: / | +--- A1 | `--- A2 | +--- B1 | | | +--- C1 | | | `--- C2 | `--- B2 Or C could be mounted directly on to the A file system, under the A1 directory: / | +--- A1 | | | +--- C1 | | | `--- C2 | `--- A2 | +--- B1 | `--- B2 It is entirely possible to have one large root file system, and not need to create any others. There are some drawbacks to this approach, and one advantage. Benefits of Multiple File Systems Different file systems can have different mount options. For example, the root file system can be mounted read-only, making it impossible for users to inadvertently delete or edit a critical file. Separating user-writable file systems, such as /home, from other file systems allows them to be mounted nosuid. This option prevents the suid/guid bits on executables stored on the file system from taking effect, possibly improving security. &os; automatically optimizes the layout of files on a file system, depending on how the file system is being used. So a file system that contains many small files that are written frequently will have a different optimization to one that contains fewer, larger files. By having one big file system this optimization breaks down. &os;'s file systems are robust if power is lost. However, a power loss at a critical point could still damage the structure of the file system. By splitting data over multiple file systems it is more likely that the system will still come up, making it easier to restore from backup as necessary. Benefit of a Single File System File systems are a fixed size. If you create a file system when you install &os; and give it a specific size, you may later discover that you need to make the partition bigger. This is not easily accomplished without backing up, recreating the file system with the new size, and then restoring the backed up data. &os; features the &man.growfs.8; command, which makes it possible to increase the size of file system on the fly, removing this limitation. File systems are contained in partitions. This does not have the same meaning as the common usage of the term partition (for example, &ms-dos; partition), because of &os;'s &unix; heritage. Each partition is identified by a letter from a through to h. Each partition can contain only one file system, which means that file systems are often described by either their typical mount point in the file system hierarchy, or the letter of the partition they are contained in. &os; also uses disk space for swap space to provide virtual memory. This allows your computer to behave as though it has much more memory than it actually does. When &os; runs out of memory, it moves some of the data that is not currently being used to the swap space, and moves it back in (moving something else out) when it needs it. Some partitions have certain conventions associated with them. Partition Convention a Normally contains the root file system. b Normally contains swap space. c Normally the same size as the enclosing slice. This allows utilities that need to work on the entire slice, such as a bad block scanner, to work on the c partition. A file system would not normally be created on this partition. d Partition d used to have a special meaning associated with it, although that is now gone and d may work as any normal partition. Disks in &os; are divided into slices, referred to in &windows; as partitions, which are numbered from 1 to 4. These are then divided into partitions, which contain file systems, and are labeled using letters. slices partitions dangerously dedicated Slice numbers follow the device name, prefixed with an s, starting at 1. So da0s1 is the first slice on the first SCSI drive. There can only be four physical slices on a disk, but there can be logical slices inside physical slices of the appropriate type. These extended slices are numbered starting at 5, so ad0s5 is the first extended slice on the first IDE disk. These devices are used by file systems that expect to occupy a slice. Slices, dangerously dedicated physical drives, and other drives contain partitions, which are represented as letters from a to h. This letter is appended to the device name, so da0a is the a partition on the first da drive, which is dangerously dedicated. ad1s3e is the fifth partition in the third slice of the second IDE disk drive. Finally, each disk on the system is identified. A disk name starts with a code that indicates the type of disk, and then a number, indicating which disk it is. Unlike slices, disk numbering starts at 0. Common codes are listed in . When referring to a partition, include the disk name, s, the slice number, and then the partition letter. Examples are shown in . shows a conceptual model of a disk layout. When installing &os;, configure the disk slices, create partitions within the slice to be used for &os;, create a file system or swap space in each partition, and decide where each file system will be mounted. Disk Device Codes Code Meaning ad ATAPI (IDE) disk da SCSI direct access disk acd ATAPI (IDE) CDROM cd SCSI CDROM fd Floppy disk
Sample Disk, Slice, and Partition Names Name Meaning ad0s1a The first partition (a) on the first slice (s1) on the first IDE disk (ad0). da1s2e The fifth partition (e) on the second slice (s2) on the second SCSI disk (da1). Conceptual Model of a Disk This diagram shows &os;'s view of the first IDE disk attached to the system. Assume that the disk is 4 GB in size, and contains two 2 GB slices (&ms-dos; partitions). The first slice contains a &ms-dos; disk, C:, and the second slice contains a &os; installation. This example &os; installation has three data partitions, and a swap partition. The three partitions will each hold a file system. Partition a will be used for the root file system, e for the /var/ directory hierarchy, and f for the /usr/ directory hierarchy. .-----------------. --. | | | | DOS / Windows | | : : > First slice, ad0s1 : : | | | | :=================: ==: --. | | | Partition a, mounted as / | | | > referred to as ad0s2a | | | | | :-----------------: ==: | | | | Partition b, used as swap | | | > referred to as ad0s2b | | | | | :-----------------: ==: | Partition c, no | | | Partition e, used as /var > file system, all | | > referred to as ad0s2e | of FreeBSD slice, | | | | ad0s2c :-----------------: ==: | | | | | : : | Partition f, used as /usr | : : > referred to as ad0s2f | : : | | | | | | | | --' | `-----------------' --'
Mounting and Unmounting File Systems The file system is best visualized as a tree, rooted, as it were, at /. /dev, /usr, and the other directories in the root directory are branches, which may have their own branches, such as /usr/local, and so on. root file system There are various reasons to house some of these directories on separate file systems. /var contains the directories log/, spool/, and various types of temporary files, and as such, may get filled up. Filling up the root file system is not a good idea, so splitting /var from / is often favorable. Another common reason to contain certain directory trees on other file systems is if they are to be housed on separate physical disks, or are separate virtual disks, such as Network File System mounts, described in , or CDROM drives. The <filename>fstab</filename> File file systems mounted with fstab During the boot process (), file systems listed in /etc/fstab are automatically mounted except for the entries containing . This file contains entries in the following format: device /mount-point fstype options dumpfreq passno device An existing device name as explained in . mount-point An existing directory on which to mount the file system. fstype The file system type to pass to &man.mount.8;. The default &os; file system is ufs. options Either for read-write file systems, or for read-only file systems, followed by any other options that may be needed. A common option is for file systems not normally mounted during the boot sequence. Other options are listed in &man.mount.8;. dumpfreq Used by &man.dump.8; to determine which file systems require dumping. If the field is missing, a value of zero is assumed. passno Determines the order in which file systems should be checked. File systems that should be skipped should have their passno set to zero. The root file system needs to be checked before everything else and should have its passno set to one. The other file systems should be set to values greater than one. If more than one file system has the same passno, &man.fsck.8; will attempt to check file systems in parallel if possible. Refer to &man.fstab.5; for more information on the format of /etc/fstab and its options. Using &man.mount.8; file systems mounting File systems are mounted using &man.mount.8;. The most basic syntax is as follows: &prompt.root; mount device mountpoint This command provides many options which are described in &man.mount.8;, The most commonly used options include: Mount Options Mount all the file systems listed in /etc/fstab, except those marked as noauto, excluded by the flag, or those that are already mounted. Do everything except for the actual mount system call. This option is useful in conjunction with the flag to determine what &man.mount.8; is actually trying to do. Force the mount of an unclean file system (dangerous), or the revocation of write access when downgrading a file system's mount status from read-write to read-only. Mount the file system read-only. This is identical to using . fstype Mount the specified file system type or mount only file systems of the given type, if is included. ufs is the default file system type. Update mount options on the file system. Be verbose. Mount the file system read-write. The following options can be passed to as a comma-separated list: nosuid Do not interpret setuid or setgid flags on the file system. This is also a useful security option. Using &man.umount.8; file systems unmounting To unmount a file system use &man.umount.8;. This command takes one parameter which can be a mountpoint, device name, or . All forms take to force unmounting, and for verbosity. Be warned that is not generally a good idea as it might crash the computer or damage data on the file system. To unmount all mounted file systems, or just the file system types listed after , use or . Note that does not attempt to unmount the root file system. Processes &os; is a multi-tasking operating system. Each program running at any one time is called a process. Every running command starts at least one new process and there are a number of system processes that are run by &os;. Each process is uniquely identified by a number called a process ID (PID). Similar to files, each process has one owner and group, and the owner and group permissions are used to determine which files and devices the process can open. Most processes also have a parent process that started them. For example, the shell is a process, and any command started in the shell is a process which has the shell as its parent process. The exception is a special process called &man.init.8; which is always the first process to start at boot time and which always has a PID of 1. To see the processes on the system, use &man.ps.1; and &man.top.1;. To display a static list of the currently running processes, their PIDs, how much memory they are using, and the command they were started with, use &man.ps.1;. To display all the running processes and update the display every few seconds in order to interactively see what the computer is doing, use &man.top.1;. By default, &man.ps.1; only shows the commands that are running and owned by the user. For example: &prompt.user; ps PID TT STAT TIME COMMAND 298 p0 Ss 0:01.10 tcsh 7078 p0 S 2:40.88 xemacs mdoc.xsl (xemacs-21.1.14) 37393 p0 I 0:03.11 xemacs freebsd.dsl (xemacs-21.1.14) 72210 p0 R+ 0:00.00 ps 390 p1 Is 0:01.14 tcsh 7059 p2 Is+ 1:36.18 /usr/local/bin/mutt -y 6688 p3 IWs 0:00.00 tcsh 10735 p4 IWs 0:00.00 tcsh 20256 p5 IWs 0:00.00 tcsh 262 v0 IWs 0:00.00 -tcsh (tcsh) 270 v0 IW+ 0:00.00 /bin/sh /usr/X11R6/bin/startx -- -bpp 16 280 v0 IW+ 0:00.00 xinit /home/nik/.xinitrc -- -bpp 16 284 v0 IW 0:00.00 /bin/sh /home/nik/.xinitrc 285 v0 S 0:38.45 /usr/X11R6/bin/sawfish The output from &man.ps.1; is organized into a number of columns. The PID column displays the process ID. PIDs are assigned starting at 1, go up to 99999, then wrap around back to the beginning. However, a PID is not reassigned if it is already in use. The TT column shows the tty the program is running on and STAT shows the program's state. TIME is the amount of time the program has been running on the CPU. This is usually not the elapsed time since the program was started, as most programs spend a lot of time waiting for things to happen before they need to spend time on the CPU. Finally, COMMAND is the command that was used to start the program. &man.ps.1; supports a number of different options to change the information that is displayed. One of the most useful sets is auxww. displays information about all the running processes of all users. displays the username of the process' owner, as well as memory usage. displays information about daemon processes, and causes &man.ps.1; to display the full command line for each process, rather than truncating it once it gets too long to fit on the screen. The output from &man.top.1; is similar. A sample session looks like this: &prompt.user; top last pid: 72257; load averages: 0.13, 0.09, 0.03 up 0+13:38:33 22:39:10 47 processes: 1 running, 46 sleeping CPU states: 12.6% user, 0.0% nice, 7.8% system, 0.0% interrupt, 79.7% idle Mem: 36M Active, 5256K Inact, 13M Wired, 6312K Cache, 15M Buf, 408K Free Swap: 256M Total, 38M Used, 217M Free, 15% Inuse PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND 72257 nik 28 0 1960K 1044K RUN 0:00 14.86% 1.42% top 7078 nik 2 0 15280K 10960K select 2:54 0.88% 0.88% xemacs-21.1.14 281 nik 2 0 18636K 7112K select 5:36 0.73% 0.73% XF86_SVGA 296 nik 2 0 3240K 1644K select 0:12 0.05% 0.05% xterm 175 root 2 0 924K 252K select 1:41 0.00% 0.00% syslogd 7059 nik 2 0 7260K 4644K poll 1:38 0.00% 0.00% mutt ... The output is split into two sections. The header (the first five lines) shows the PID of the last process to run, the system load averages (which are a measure of how busy the system is), the system uptime (time since the last reboot) and the current time. The other figures in the header relate to how many processes are running (47 in this case), how much memory and swap space has been used, and how much time the system is spending in different CPU states. Below the header is a series of columns containing similar information to the output from &man.ps.1;, such as the PID, username, amount of CPU time, and the command that started the process. By default, &man.top.1; also displays the amount of memory space taken by the process. This is split into two columns: one for total size and one for resident size. Total size is how much memory the application has needed and the resident size is how much it is actually using at the moment. In this example, mutt has required almost 8 MB of RAM, but is currently only using 5 MB. &man.top.1; automatically updates the display every two seconds. A different interval can be specified with . Daemons, Signals, and Killing Processes When using an editor, it is easy to control the editor and load files because the editor provides facilities to do so, and because the editor is attached to a terminal. Some programs are not designed to be run with continuous user input and disconnect from the terminal at the first opportunity. For example, a web server responds to web requests, rather than user input. Mail servers are another example of this type of application. These programs are known as daemons. The term daemon comes from Greek mythology and represents an entity that is neither good or evil, and which invisibly performs useful tasks. This is why the BSD mascot is the cheerful-looking daemon with sneakers and a pitchfork. There is a convention to name programs that normally run as daemons with a trailing d. BIND is the Berkeley Internet Name Domain, but the actual program that executes is &man.named.8;. The Apache web server program is httpd and the line printer spooling daemon is &man.lpd.8;. This is only a naming convention. For example, the main mail daemon for the Sendmail application is &man.sendmail.8;, and not maild. One way to communicate with a daemon, or any running process, is to send a signal using &man.kill.1;. There are a number of different signals; some have a specific meaning while others are described in the application's documentation. A user can only send a signal to a process they own and sending a signal to someone else's process will result in a permission denied error. The exception is the root user, who can send signals to anyone's processes. &os; can also send a signal to a process. If an application is badly written and tries to access memory that it is not supposed to, &os; will send the process the Segmentation Violation signal (SIGSEGV). If an application has used the &man.alarm.3; system call to be alerted after a period of time has elapsed, it will be sent the Alarm signal (SIGALRM). Two signals can be used to stop a process: SIGTERM and SIGKILL. SIGTERM is the polite way to kill a process as the process can read the signal, close any log files it may have open, and attempt to finish what it is doing before shutting down. In some cases, a process may ignore SIGTERM if it is in the middle of some task that can not be interrupted. SIGKILL can not be ignored by a process. This is the I do not care what you are doing, stop right now signal. Sending a SIGKILL to a process will usually stop that process there and then. There are a few tasks that can not be interrupted. For example, if the process is trying to read from a file that is on another computer on the network, and the other computer is unavailable, the process is said to be uninterruptible. Eventually the process will time out, typically after two minutes. As soon as this time out occurs the process will be killed. . Other commonly used signals are SIGHUP, SIGUSR1, and SIGUSR2. These are general purpose signals and different applications will respond differently. For example, after changing a web server's configuration file, the web server needs to be told to re-read its configuration. Restarting httpd would result in a brief outage period on the web server. Instead, send the daemon the SIGHUP signal. Be aware that different daemons will have different behavior, so refer to the documentation for the daemon to determine if SIGHUP will achieve the desired results. Sending a Signal to a Process This example shows how to send a signal to &man.inetd.8;. The &man.inetd.8; configuration file is /etc/inetd.conf, and &man.inetd.8; will re-read this configuration file when it is sent a SIGHUP. Find the PID of the process to send the signal to using &man.pgrep.1;. In this example, the PID for &man.inetd.8; is 198: &prompt.user; pgrep -l inetd 198 inetd -wW Use &man.kill.1; to send the signal. Because &man.inetd.8; is owned by root, use &man.su.1; to become root first. &prompt.user; su Password: &prompt.root; /bin/kill -s HUP 198 Like most &unix; commands, &man.kill.1; will not print any output if it is successful. If a signal is sent to a process not owned by that user, the message kill: PID: Operation not permitted will be displayed. Mistyping the PID will either send the signal to the wrong process, which could have negative results, or will send the signal to a PID that is not currently in use, resulting in the error kill: PID: No such process. Why Use <command>/bin/kill</command>? Many shells provide kill as a built in command, meaning that the shell will send the signal directly, rather than running /bin/kill. Be aware that different shells have a different syntax for specifying the name of the signal to send. Rather than try to learn all of them, it can be simpler to use /bin/kill ... directly. When sending other signals, substitute TERM or KILL in the command line as necessary. Killing a random process on the system can be a bad idea. In particular, &man.init.8;, PID 1, is special. Running /bin/kill -s KILL 1 is a quick, and unrecommended, way to shutdown the system. Always double check the arguments to &man.kill.1; before pressing Return. Shells shells command line &os; provides a command line interface called a shell. A shell receives commands from the input channel and executes them. Many shells provide built in functions to help with everyday tasks such as file management, file globbing, command line editing, command macros, and environment variables. &os; comes with several shells, including the Bourne shell (&man.sh.1;) and the extended C shell (&man.tcsh.1;). Other shells are available from the &os; Ports Collection, such as zsh and bash. The shell that is used is really a matter of taste. A C programmer might feel more comfortable with a C-like shell such as &man.tcsh.1;. A &linux; user might prefer bash. Each shell has unique properties that may or may not work with a user's preferred working environment, which is why there is a choice of which shell to use. One common shell feature is filename completion. After a user types the first few letters of a command or filename and presses Tab, the shell will automatically complete the rest of the command or filename. Consider two files called foobar and foo.bar. To delete foo.bar, type rm fo[Tab].[Tab]. The shell should print out rm foo[BEEP].bar. The [BEEP] is the console bell, which the shell used to indicate it was unable to complete the filename because there is more than one match. Both foobar and foo.bar start with fo. By typing ., then pressing Tab again, the shell would be able to fill in the rest of the filename. environment variables Another feature of the shell is the use of environment variables. Environment variables are a variable/key pair stored in the shell's environment. This environment can be read by any program invoked by the shell, and thus contains a lot of program configuration. Here is a list of common environment variables and their meanings: Variable Description USER Current logged in user's name. PATH Colon-separated list of directories to search for binaries. DISPLAY Network name of the &xorg; display to connect to, if available. SHELL The current shell. TERM The name of the user's type of terminal. Used to determine the capabilities of the terminal. TERMCAP Database entry of the terminal escape codes to perform various terminal functions. OSTYPE Type of operating system. MACHTYPE The system's CPU architecture. EDITOR The user's preferred text editor. PAGER The user's preferred text pager. MANPATH Colon-separated list of directories to search for manual pages. Bourne shells How to set an environment variable differs between shells. In &man.tcsh.1; and &man.csh.1;, use setenv to set environment variables. In &man.sh.1; and bash, use export to set the current environment variables. This example sets the default EDITOR to /usr/local/bin/emacs for the &man.tcsh.1; shell: &prompt.user; setenv EDITOR /usr/local/bin/emacs The equivalent command for bash would be: &prompt.user; export EDITOR="/usr/local/bin/emacs" To expand an environment variable in order to see its current setting, type a $ character in front of its name on the command line. For example, echo $TERM displays the current $TERM setting. Shells treat special characters, known as meta-characters, as special representations of data. The most common meta-character is *, which represents any number of characters in a filename. Meta-characters can be used to perform filename globbing. For example, echo * is equivalent to &man.ls.1; because the shell takes all the files that match * and &man.echo.1; lists them on the command line. To prevent the shell from interpreting a special character, escape it from the shell by starting it with a backslash (\). For example, echo $TERM prints the terminal setting whereas echo \$TERM literally prints the string $TERM. Changing Your Shell The easiest way to permanently change the default shell is to use chsh. Running this command will open the editor that is configured in the EDITOR environment variable, which by default is set to &man.vi.1;. Change the Shell: line to the full path of the new shell. Alternately, use chsh -s which will set the specified shell without opening an editor. For example, to change the shell to bash: &prompt.user; chsh -s /usr/local/bin/bash The new shell must be present in /etc/shells. If the shell was installed from the &os; Ports Collection as described in , it should be automatically added to this file. If it is missing, add it using this command, replacing the path with the path of the shell: &prompt.root; echo /usr/local/bin/bash >> /etc/shells Then rerun &man.chsh.1;. Text Editors text editors editors Most &os; configuration is done by editing text files. Because of this, it is a good idea to become familiar with a text editor. &os; comes with a few as part of the base system, and many more are available in the Ports Collection. ee editors &man.ee.1; A simple editor to learn is &man.ee.1;, which stands for easy editor. To start this editor, type ee filename where filename is the name of the file to be edited. Once inside the editor, all of the commands for manipulating the editor's functions are listed at the top of the display. The caret ^ represents Ctrl, so ^e expands to Ctrle. To leave &man.ee.1;, press Esc, then choose the leave editor option from the main menu. The editor will prompt to save any changes if the file has been modified. &man.vi.1; editors &man.vi.1; emacs editors emacs &os; also comes with more powerful text editors, such as &man.vi.1;, as part of the base system. Other editors, like editors/emacs and editors/vim, are part of the &os; Ports Collection. These editors offer more functionality at the expense of being a more complicated to learn. Learning a more powerful editor such as vim or Emacs can save more time in the long run. Many applications which modify files or require typed input will automatically open a text editor. To alter the default editor used, set the EDITOR environment variable as described in . Devices and Device Nodes A device is a term used mostly for hardware-related activities in a system, including disks, printers, graphics cards, and keyboards. When &os; boots, the majority of the boot messages refer to devices being detected. A copy of the boot messages are saved to /var/run/dmesg.boot. Each device has a device name and number. For example, acd0 is the first IDE CD-ROM drive, while kbd0 represents the keyboard. Most devices in a &os; must be accessed through special files called device nodes, which are located in /dev. For More Information Manual Pages manual pages The most comprehensive documentation on &os; is in the form of manual pages. Nearly every program on the system comes with a short reference manual explaining the basic operation and available arguments. These manuals can be viewed using man: &prompt.user; man command where command is the name of the command to learn about. For example, to learn more about &man.ls.1;, type: &prompt.user; man ls The online manual is divided into numbered sections: User commands. System calls and error numbers. Functions in the C libraries. Device drivers. File formats. Games and other diversions. Miscellaneous information. System maintenance and operation commands. Kernel developers. In some cases, the same topic may appear in more than one section of the online manual. For example, there is a &man.chmod.1; user command and a chmod() system call. To tell &man.man.1; which section to display, specify the section number: &prompt.user; man 1 chmod This will display the manual page for the user command &man.chmod.1;. References to a particular section of the online manual are traditionally placed in parenthesis in written documentation, so &man.chmod.1; refers to the user command and &man.chmod.2; refers to the system call. If the command name is unknown, use man -k to search for keywords in the command descriptions: &prompt.user; man -k mail This command displays a list of commands that have the keyword mail in their descriptions. This is equivalent to using &man.apropos.1;. To determine what the commands in /usr/bin do, type: &prompt.user; cd /usr/bin &prompt.user; man -f * or &prompt.user; cd /usr/bin &prompt.user; whatis * GNU Info Files Free Software Foundation &os; includes many applications and utilities produced by the Free Software Foundation (FSF). In addition to manual pages, these programs may include hypertext documents called info files. These can be viewed using &man.info.1; or, if editors/emacs is installed, the info mode of emacs. To use &man.info.1;, type: &prompt.user; info For a brief introduction, type h. For a quick command reference, type ?.
diff --git a/en_US.ISO8859-1/books/handbook/book.xml b/en_US.ISO8859-1/books/handbook/book.xml index f30705c8e4..e23d7ec009 100644 --- a/en_US.ISO8859-1/books/handbook/book.xml +++ b/en_US.ISO8859-1/books/handbook/book.xml @@ -1,302 +1,301 @@ %chapters; %txtfiles; ]> FreeBSD Handbook The FreeBSD Documentation Project $FreeBSD$ $FreeBSD$ 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 The FreeBSD Documentation Project &legalnotice; &tm-attrib.freebsd; &tm-attrib.3com; &tm-attrib.3ware; &tm-attrib.arm; &tm-attrib.adaptec; &tm-attrib.adobe; &tm-attrib.apple; &tm-attrib.creative; &tm-attrib.cvsup; &tm-attrib.heidelberger; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.intuit; &tm-attrib.linux; &tm-attrib.lsilogic; &tm-attrib.m-systems; &tm-attrib.microsoft; &tm-attrib.opengroup; &tm-attrib.oracle; &tm-attrib.realnetworks; &tm-attrib.redhat; &tm-attrib.sun; &tm-attrib.themathworks; &tm-attrib.thomson; &tm-attrib.usrobotics; &tm-attrib.vmware; &tm-attrib.waterloomaple; &tm-attrib.wolframresearch; &tm-attrib.xfree86; &tm-attrib.xiph; &tm-attrib.general; Welcome to FreeBSD! This handbook covers the installation and day to day use of FreeBSD &rel2.current;-RELEASE and FreeBSD &rel.current;-RELEASE. This manual is a work in progress and is the work of many individuals. As such, some sections may become dated and require updating. If you are interested in helping out with this project, send email to the &a.doc;. The latest version of this document is always available from the FreeBSD web site (previous versions of this handbook can be obtained from ). It may also be downloaded in a variety of formats and compression options from the FreeBSD FTP server or one of the numerous mirror sites. If you would prefer to have a hard copy of the handbook, you can purchase one at the FreeBSD Mall. You may also want to search the handbook. &chap.preface; Getting Started This part of the FreeBSD Handbook is for users and administrators who are new to FreeBSD. These chapters: Introduce you to FreeBSD. Guide you through the installation process. Teach you &unix; basics and fundamentals. Show you how to install the wealth of third party applications available for FreeBSD. Introduce you to X, the &unix; windowing system, and detail how to configure a desktop environment that makes you more productive. We have tried to keep the number of forward references in the text to a minimum so that you can read this section of the Handbook from front to back with the minimum page flipping required. &chap.introduction; &chap.bsdinstall; &chap.install; &chap.basics; &chap.ports; &chap.x11; Common Tasks Now that the basics have been covered, this part of the FreeBSD Handbook will discuss some frequently used features of FreeBSD. These chapters: Introduce you to popular and useful desktop applications: browsers, productivity tools, document viewers, etc. Introduce you to a number of multimedia tools available for FreeBSD. Explain the process of building a customized FreeBSD kernel, to enable extra functionality on your system. Describe the print system in detail, both for desktop and network-connected printer setups. Show you how to run Linux applications on your FreeBSD system. Some of these chapters recommend that you do some prior reading, and this is noted in the synopsis at the beginning of each chapter. &chap.desktop; &chap.multimedia; &chap.kernelconfig; &chap.printing; &chap.linuxemu; System Administration The remaining chapters of the FreeBSD Handbook cover all aspects of FreeBSD system administration. Each chapter starts by describing what you will learn as a result of reading the chapter, and also details what you are expected to know before tackling the material. These chapters are designed to be read when you need the information. You do not have to read them in any particular order, nor do you need to read all of them before you can begin using FreeBSD. &chap.config; &chap.boot; - &chap.users; &chap.security; &chap.jails; &chap.mac; &chap.audit; &chap.disks; &chap.geom; &chap.filesystems; &chap.virtualization; &chap.l10n; &chap.cutting-edge; &chap.dtrace; Network Communication FreeBSD is one of the most widely deployed operating systems for high performance network servers. The chapters in this part cover: Serial communication PPP and PPP over Ethernet Electronic Mail Running Network Servers Firewalls Other Advanced Networking Topics These chapters are designed to be read when you need the information. You do not have to read them in any particular order, nor do you need to read all of them before you can begin using FreeBSD in a network environment. &chap.serialcomms; &chap.ppp-and-slip; &chap.mail; &chap.network-servers; &chap.firewalls; &chap.advanced-networking; Appendices &chap.mirrors; &chap.bibliography; &chap.eresources; &chap.pgpkeys; &freebsd-glossary; &chap.index; &chap.colophon; diff --git a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml index 620615895e..70e676e6c6 100644 --- a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml @@ -1,2753 +1,2753 @@ Jim Mock Restructured, reorganized, and parts rewritten by Randy Pratt The sysinstall walkthrough, screenshots, and general copy by Gavin Atkinson Updated for bsdinstall by Warren Block Installing &os; 9.<replaceable>X</replaceable> and Later Synopsis installation &os; comes with a text-based, easy to use installation program. &os; 9.0-RELEASE and later use an installation program called bsdinstall, while releases prior to &os; 9.0-RELEASE using sysinstall for installation. This chapter describes the use of bsdinstall. The use of sysinstall is covered in . After reading this chapter, you will know: How to create the &os; installation media. How &os; subdivides and refers to hard disks. How to start bsdinstall. The questions bsdinstall will ask you, what they mean, and how to answer them. Before reading this chapter, you should: Read the supported hardware list that shipped with the version of &os; you are installing, and verify that your hardware is supported. In general, these installation instructions are written for &i386; (PC compatible) architecture computers. Where applicable, instructions specific to other platforms will be listed. There may be minor differences between the installer and what is shown here, so use this chapter as a general guide rather than as exact literal instructions. Hardware Requirements Minimal Configuration The minimal configuration to install &os; varies with the &os; version and the hardware architecture. A summary of this information is given in the following sections. Depending on the method you choose to install &os;, you may also need a supported CDROM drive, and in some cases a network adapter. This will be covered by . &os;/&arch.i386; &os;/&arch.i386; requires a 486 or better processor and at least 64 MB of RAM. At least 1.1 GB of free hard drive space is needed for the most minimal installation. On old computers, increasing RAM and hard drive space is usually more effective at improving performance than installing a faster processor. &os;/&arch.amd64; There are two classes of processors capable of running &os;/&arch.amd64;. The first are AMD64 processors, including the &amd.athlon;64, &amd.athlon;64-FX, &amd.opteron; or better processors. The second class of processors that can use &os;/&arch.amd64; includes those using the &intel; EM64T architecture. Examples of these processors include the &intel; &core; 2 Duo, Quad, Extreme processor families, the &intel; &xeon; 3000, 5000, and 7000 sequences of processors, and the &intel; &core; i3, i5 and i7 processors. If you have a machine based on an nVidia nForce3 Pro-150, you must use the BIOS setup to disable the IO APIC. If you do not have an option to do this, you will likely have to disable ACPI instead. There are bugs in the Pro-150 chipset for which we have not yet found a workaround. &os;/&arch.powerpc; &apple; &macintosh; All New World &apple; &macintosh; systems with built-in USB are supported. SMP is supported on machines with multiple CPUs. A 32-bit kernel can only use the first 2 GB of RAM. &firewire; is not supported on the Blue & White PowerMac G3. &os;/&arch.sparc64; Systems supported by &os;/&arch.sparc64; are listed at the FreeBSD/sparc64 Project. A dedicated disk is required for &os;/&arch.sparc64;. It is not possible to share a disk with another operating system at this time. Supported Hardware Hardware architectures and devices supported by a &os; release are listed in the Hardware Notes file. Usually named HARDWARE.TXT, the file is located in the root directory of the release media. Copies of the supported hardware list are also available on the Release Information page of the &os; web site. Pre-Installation Tasks Back Up Your Data Back up all important data on the target computer where &os; will be installed. Test the backups before continuing. The &os; installer will ask before making changes to the disk, but once the process has started it cannot be undone. Decide Where to Install &os; If &os; will be the only operating system installed, and will be allowed to use the entire hard disk, the rest of this section can be skipped. But if &os; will share the disk with other operating systems, an understanding of disk layout is useful during the installation. Disk Layouts for &os;/&arch.i386; and &os;/&arch.amd64; Hard disks can be divided into multiple sections. These sections are called partitions. There are two ways of dividing a disk into partitions. A traditional Master Boot Record (MBR) holds a partition table defining up to four primary partitions. (For historical reasons, &os; calls primary partitions slices.) A limit of only four partitions is restrictive for large disks, so one of these primary partitions can be made into an extended partition. Multiple logical partitions may then be created inside the extended partition. This may sound a little unwieldy, and it is. The GUID Partition Table (GPT) is a newer and simpler method of partitioning a disk. GPT is far more versatile than the traditional MBR partition table. Common GPT implementations allow up to 128 partitions per disk, eliminating the need for inconvenient workarounds like logical partitions. Some older operating systems like &windows; XP are not compatible with the GPT partition scheme. If &os; will be sharing a disk with such an operating system, MBR partitioning is required. &os;'s standard boot loader requires either a primary or GPT partition. (See for more information about the &os; booting process.) If all of the primary or GPT partitions are already in use, one must be freed for &os;. A minimal installation of &os; takes as little as 1 GB of disk space. However, that is a very minimal install, leaving almost no free space. A more realistic minimum is 3 GB without a graphical environment, and 5 GB or more if a graphical user interface will be used. Third-party application software requires more space. A variety of free and commercial partition resizing tools are available. GParted Live is a free Live CD which includes the GParted partition editor. GParted is also included with many other Linux Live CD distributions. Disk partition applications can destroy data. Make a full backup and verify its integrity before modifying disk partitions. Resizing µsoft; Vista partitions can be difficult. A Vista installation CDROM can be useful when attempting such an operation. Using an Existing Partition A &windows; computer has a single 40 GB disk that has been split into two 20 GB partitions. &windows; calls them C: and D:. The C: partition contains 10 GB of data, and the D: partition contains 5 GB of data. Moving the data from D: to C: frees up the second partition to be used for &os;. Shrinking an Existing Partition A &windows; computer has a single 40 GB disk and one large partition using the whole disk. &windows; shows this 40 GB partition as a single C:. 15 GB of space is being used. The goal is to end up with &windows; in a 20 GB partition, and have another 20 GB partition for &os;. There are two ways to do this: Back up your &windows; data. Then reinstall &windows;, creating a 20 GB partition during the install. Use a partition resizing tool like GParted to shrink the &windows; partition and create a new partition in the freed space for &os;. Disk partitions containing different operating systems make it possible to run any one of those operating systems at a time. An alternative method that allows running multiple operating systems at the same time is covered in . Collect Network Information Some &os; installation methods need a network connection to download files. To connect to an Ethernet network (or cable or DSL modem with an Ethernet interface), the installer will request some information about the network. DHCP is commonly used to provide automatic network configuration. If DHCP is not available, this network information must be obtained from the local network administrator or service provider: Network Information IP address Subnet mask Default router IP address Domain name of the local network DNS server IP address(es) Check for &os; Errata Although the &os; Project strives to ensure that each release of &os; is as stable as possible, bugs occasionally creep into the process. On very rare occasions those bugs affect the installation process. As these problems are discovered and fixed, they are noted in the FreeBSD Errata on the &os; web site. Check the errata before installing to make sure that there are no problems that might affect the installation. Information and errata for all the releases can be found on the release information section of the &os; web site. Prepare the Installation Media A &os; installation is started by booting the computer with a &os; installation CD, DVD, or USB memory stick. The installer is not a program that can be run from within another operating system. In addition to the standard installation media which contains copies of all the &os; installation files, there is a bootonly variant. Bootonly install media does not have copies of the installation files, but downloads them from the network during an install. The bootonly install CD is consequently much smaller, and reduces bandwidth usage during the install by only downloading required files. Copies of &os; installation media are available at the &os; web site. If you already have a copy of &os; on CDROM, DVD, or USB memory stick, this section can be skipped. &os; CD and DVD images are bootable ISO files. Only one CD or DVD is needed for an install. Burn the ISO image to a bootable CD or DVD using the CD recording applications available with your current operating system. To create a bootable memory stick, follow these steps: Acquire the Memory Stick Image Memory stick images for &os; 9.0-RELEASE and later can be downloaded from the ISO-IMAGES/ directory at ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/arch/arch/ISO-IMAGES/version/&os;-version-RELEASE-arch-memstick.img. Replace arch and version with the architecture and the version number which you want to install, respectively. For example, the memory stick images for &os;/&arch.i386; 9.0-RELEASE are available from . A different directory path is used for &os; 8.X and earlier versions. Details of download and installation of &os; 8.X and earlier is covered in . The memory stick image has a .img extension. The ISO-IMAGES/ directory contains a number of different images, and the one needed depends on the version of &os; being installed, and in some cases, the target hardware. Before proceeding, back up the data on the USB stick, as this procedure will erase it. Write the Image File to the Memory Stick Using &os; to Write the Image The example below shows /dev/da0 as the target device where the image will be written. Be very careful that the correct device is used as the output target, or you may destroy existing data. Writing the Image with &man.dd.1; The .img file is not a regular file. It is an image of the complete contents of the memory stick. It cannot simply be copied like a regular file, but must be written directly to the target device with &man.dd.1;: &prompt.root; dd if=&os;-9.0-RELEASE-&arch.i386;-memstick.img of=/dev/da0 bs=64k Using &windows; to Write the Image Be sure to give the correct drive letter as the output target, or you may overwrite and destroy existing data. Obtaining <application>Image Writer for &windows;</application> Image Writer for &windows; is a free application that can correctly write an image file to a memory stick. Download it from and extract it into a folder. Writing the Image with Image Writer Double-click the Win32DiskImager icon to start the program. Verify that the drive letter shown under Device is the drive with the memory stick. Click the folder icon and select the image to be written to the memory stick. Click [ Save ] to accept the image file name. Verify that everything is correct, and that no folders on the memory stick are open in other windows. When everything is ready, click [ Write ] to write the image file to the memory stick. Installation from floppy disks is no longer supported. You are now ready to start installing &os;. Starting the Installation By default, the installation will not make any changes to your disk(s) until you see the following message: Your changes will now be written to disk. If you have chosen to overwrite existing data, it will be PERMANENTLY ERASED. Are you sure you want to commit your changes? The install can be exited at any time prior to this warning without changing the contents of the hard drive. If you are concerned that you have configured something incorrectly you can just turn the computer off before this point, and no damage will be done. Booting Booting on &i386; and &arch.amd64; If you prepared a bootable USB stick, as described in , then plug in your USB stick before turning on the computer. If you are booting from CDROM, then you will need to turn on the computer, and insert the CDROM at the first opportunity. Configure your machine to boot from either the CDROM or from USB, depending on the media being used for the installation. BIOS configurations allow the selection of a specific boot device. Most systems also provide for selecting a boot device during startup, typically by pressing F10, F11, F12, or Escape. If your computer starts up as normal and loads your existing operating system, then either: The disks were not inserted early enough in the boot process. Leave them in, and try restarting your computer. The BIOS changes earlier did not work correctly. You should redo that step until you get the right option. Your particular BIOS does not support booting from the desired media. The Plop Boot Manager can be used to boot older computers from CD or USB media. &os; will start to boot. If you are booting from CDROM you will see a display similar to this (version information omitted): Booting from CD-ROM... 645MB medium detected CD Loader 1.2 Building the boot loader arguments Looking up /BOOT/LOADER... Found Relocating the loader and the BTX Starting the BTX loader BTX loader 1.00 BTX version is 1.02 Consoles: internal video/keyboard BIOS CD is cd0 BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 636kB/261056kB available memory FreeBSD/i386 bootstrap loader, Revision 1.1 Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x64daa0 data=0xa4e80+0xa9e40 syms=[0x4+0x6cac0+0x4+0x88e9d] \ The &os; boot loader is displayed:
&os; Boot Loader Menu
Either wait ten seconds, or press Enter.
Booting for &macintosh; &powerpc; On most machines, holding C on the keyboard during boot will boot from the CD. Otherwise, hold Command Option O F , or Windows Alt O F on non-&apple; keyboards. At the 0 > prompt, enter boot cd:,\ppc\loader cd:0 For Xserves without keyboards, see &apple;'s support web site about booting into Open Firmware. Booting for &sparc64; Most &sparc64; systems are set up to boot automatically from disk. To install &os;, you need to boot over the network or from a CDROM, which requires you to break into the PROM (OpenFirmware). To do this, reboot the system, and wait until the boot message appears. It depends on the model, but should look about like: Sun Blade 100 (UltraSPARC-IIe), Keyboard Present Copyright 1998-2001 Sun Microsystems, Inc. All rights reserved. OpenBoot 4.2, 128 MB memory installed, Serial #51090132. Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4. If your system proceeds to boot from disk at this point, you need to press L1A or StopA on the keyboard, or send a BREAK over the serial console (using for example ~# in &man.tip.1; or &man.cu.1;) to get to the PROM prompt. It looks like this: ok ok {0} This is the prompt used on systems with just one CPU. This is the prompt used on SMP systems, the digit indicates the number of the active CPU. At this point, place the CDROM into your drive, and from the PROM prompt, type boot cdrom.
Reviewing the Device Probe Results The last few hundred lines that have been displayed on screen are stored and can be reviewed. To review the buffer, press Scroll Lock. This turns on scrolling in the display. You can then use the arrow keys, or PageUp and PageDown to view the results. Press Scroll Lock again to stop scrolling. Do this now, to review the text that scrolled off the screen when the kernel was carrying out the device probes. You will see text similar to , although the precise text will differ depending on the devices that you have in your computer.
Typical Device Probe Results Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 9.0-RELEASE #0 r225473M: Sun Sep 11 16:07:30 BST 2011 root@psi:/usr/obj/usr/src/sys/GENERIC amd64 CPU: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (2527.05-MHz K8-class CPU) Origin = "GenuineIntel" Id = 0x10676 Family = 6 Model = 17 Stepping = 6 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x8e3fd<SSE3,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> TSC: P-state invariant, performance statistics real memory = 3221225472 (3072 MB) avail memory = 2926649344 (2791 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <TOSHIB A0064 > FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 1 ioapic0 <Version 2.0> irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: <TOSHIB A0064> on motherboard acpi0: Power Button (fixed) acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, b6690000 (3) failed Timecounter "ACPI-safe" frequency 3579545 Hz quality 850 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xd808-0xd80b on acpi0 cpu0: <ACPI CPU> on acpi0 ACPI Warning: Incorrect checksum in table [ASF!] - 0xFE, should be 0x9A (20110527/tbutils-282) cpu1: <ACPI CPU> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 vgapci0: <VGA-compatible display> port 0xcff8-0xcfff mem 0xff400000-0xff7fffff,0xe0000000-0xefffffff irq 16 at device 2.0 on pci0 agp0: <Intel GM45 SVGA controller> on vgapci0 agp0: aperture size is 256M, detected 131068k stolen memory vgapci1: <VGA-compatible display> mem 0xffc00000-0xffcfffff at device 2.1 on pci0 pci0: <simple comms> at device 3.0 (no driver attached) em0: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0xcf80-0xcf9f mem 0xff9c0000-0xff9dffff,0xff9fe000-0xff9fefff irq 20 at device 25.0 on pci0 em0: Using an MSI interrupt em0: Ethernet address: 00:1c:7e:6a:ca:b0 uhci0: <Intel 82801I (ICH9) USB controller> port 0xcf60-0xcf7f irq 16 at device 26.0 on pci0 usbus0: <Intel 82801I (ICH9) USB controller> on uhci0 uhci1: <Intel 82801I (ICH9) USB controller> port 0xcf40-0xcf5f irq 21 at device 26.1 on pci0 usbus1: <Intel 82801I (ICH9) USB controller> on uhci1 uhci2: <Intel 82801I (ICH9) USB controller> port 0xcf20-0xcf3f irq 19 at device 26.2 on pci0 usbus2: <Intel 82801I (ICH9) USB controller> on uhci2 ehci0: <Intel 82801I (ICH9) USB 2.0 controller> mem 0xff9ff800-0xff9ffbff irq 19 at device 26.7 on pci0 usbus3: EHCI version 1.0 usbus3: <Intel 82801I (ICH9) USB 2.0 controller> on ehci0 hdac0: <Intel 82801I High Definition Audio Controller> mem 0xff9f8000-0xff9fbfff irq 22 at device 27.0 on pci0 pcib1: <ACPI PCI-PCI bridge> irq 17 at device 28.0 on pci0 pci1: <ACPI PCI bus> on pcib1 iwn0: <Intel(R) WiFi Link 5100> mem 0xff8fe000-0xff8fffff irq 16 at device 0.0 on pci1 pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.1 on pci0 pci2: <ACPI PCI bus> on pcib2 pcib3: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0 pci4: <ACPI PCI bus> on pcib3 pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci5: <ACPI PCI bus> on pcib4 cbb0: <RF5C476 PCI-CardBus Bridge> at device 11.0 on pci5 cardbus0: <CardBus bus> on cbb0 pccard0: <16-bit PCCard bus> on cbb0 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 ahci0: <Intel ICH9M AHCI SATA controller> port 0x8f58-0x8f5f,0x8f54-0x8f57,0x8f48-0x8f4f,0x8f44-0x8f47,0x8f20-0x8f3f mem 0xff9fd800-0xff9fdfff irq 19 at device 31.2 on pci0 ahci0: AHCI v1.20 with 4 3Gbps ports, Port Multiplier not supported ahcich0: <AHCI channel> at channel 0 on ahci0 ahcich1: <AHCI channel> at channel 1 on ahci0 ahcich2: <AHCI channel> at channel 4 on ahci0 acpi_lid0: <Control Method Lid Switch> on acpi0 battery0: <ACPI Control Method Battery> on acpi0 acpi_button0: <Power Button> on acpi0 acpi_acad0: <AC Adapter> on acpi0 acpi_toshiba0: <Toshiba HCI Extras> on acpi0 acpi_tz0: <Thermal Zone> on acpi0 attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model GlidePoint, device ID 0 atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 950 Event timer "HPET" frequency 14318180 Hz quality 450 Event timer "HPET1" frequency 14318180 Hz quality 440 Event timer "HPET2" frequency 14318180 Hz quality 440 Event timer "HPET3" frequency 14318180 Hz quality 440 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ppc0: cannot reserve I/O port range est0: <Enhanced SpeedStep Frequency Control> on cpu0 p4tcc0: <CPU Frequency Thermal Control> on cpu0 est1: <Enhanced SpeedStep Frequency Control> on cpu1 p4tcc1: <CPU Frequency Thermal Control> on cpu1 Timecounters tick every 1.000 msec hdac0: HDA Codec #0: Realtek ALC268 hdac0: HDA Codec #1: Lucent/Agere Systems (Unknown) pcm0: <HDA Realtek ALC268 PCM #0 Analog> at cad 0 nid 1 on hdac0 pcm1: <HDA Realtek ALC268 PCM #1 Analog> at cad 0 nid 1 on hdac0 usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen0.1: <Intel> at usbus0 uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 ugen1.1: <Intel> at usbus1 uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 ugen2.1: <Intel> at usbus2 uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 ugen3.1: <Intel> at usbus3 uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3 uhub0: 2 ports with 2 removable, self powered uhub1: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhub3: 6 ports with 6 removable, self powered ugen2.2: <vendor 0x0b97> at usbus2 uhub8: <vendor 0x0b97 product 0x7761, class 9/0, rev 1.10/1.10, addr 2> on usbus2 ugen1.2: <Microsoft> at usbus1 ada0 at ahcich0 bus 0 scbus1 target 0 lun 0 ada0: <Hitachi HTS543225L9SA00 FBEOC43C> ATA-8 SATA 1.x device ada0: 150.000MB/s transfers (SATA 1.x, UDMA6, PIO 8192bytes) ada0: Command Queueing enabled ada0: 238475MB (488397168 512 byte sectors: 16H 63S/T 16383C) ada0: Previously was known as ad4 ums0: <Microsoft Microsoft 3-Button Mouse with IntelliEyeTM, class 0/0, rev 1.10/3.00, addr 2> on usbus1 SMP: AP CPU #1 Launched! cd0 at ahcich1 bus 0 scbus2 target 0 lun 0 cd0: <TEAC DV-W28S-RT 7.0C> Removable CD-ROM SCSI-0 device cd0: 150.000MB/s transfers (SATA 1.x, ums0: 3 buttons and [XYZ] coordinates ID=0 UDMA2, ATAPI 12bytes, PIO 8192bytes) cd0: cd present [1 x 2048 byte records] ugen0.2: <Microsoft> at usbus0 ukbd0: <Microsoft Natural Ergonomic Keyboard 4000, class 0/0, rev 2.00/1.73, addr 2> on usbus0 kbd2 at ukbd0 uhid0: <Microsoft Natural Ergonomic Keyboard 4000, class 0/0, rev 2.00/1.73, addr 2> on usbus0 Trying to mount root from cd9660:/dev/iso9660/FREEBSD_INSTALL [ro]...
Check the probe results carefully to make sure that &os; found all the devices you expected. If a device was not found, then it will not be listed. Kernel modules allows you to add in support for devices which are not in the GENERIC kernel. After the procedure of device probing, you will see . The install media can be used in three ways: to install &os;, as a live CD, or to simply access a &os; shell. Use the arrow keys to choose an option, and Enter to select.
Selecting Installation Media Mode
Selecting [ Install ] here will enter the installer.
Introducing <application>bsdinstall</application> bsdinstall is a text-based &os; installer program written by &a.nwhitehorn.email; and introduced in 2011 for &os; 9.0. &a.kmoore.email;'s pc-sysinstall is included with PC-BSD, and can also be used to install &os;. Although sometimes confused with bsdinstall, the two are not related. The bsdinstall menu system is controlled by the arrow keys, Enter, Tab, Space, and other keys. Selecting the Keymap Menu Depending on the system console being used, bsdinstall may initially prompt to select a non-default keyboard layout.
Keymap Selection
If [ YES ] is selected, the following keyboard selection screen will be displayed. Otherwise, this selection menu will not be displayed, and a default keyboard mapping will be used.
Selecting Keyboard Menu
Select the keymap that most closely represents the mapping of the keyboard attached to the system, using the up/down arrow keys and pressing Enter. Pressing Esc will use the default keymap. United States of America ISO-8859-1 is also a safe option if the choice of keymap is not clear.
Setting the Hostname Next, bsdinstall will prompt for the hostname to be given to the newly installed system.
Setting the Hostname
The entered hostname should be a fully-qualified hostname, such as machine3.example.com
Selecting Components to Install Next, bsdinstall will prompt to select optional components to install.
Selecting Components to Install
Deciding which components to install will depend largely on the intended use of the system and the amount of disk space available. The &os; Kernel and userland (collectively the base system) are always installed. Depending on the type of installation, some of these components may not appear. Optional Components doc - Additional documentation, mostly of historical interest. Documentation provided by the &os; Documentation Project may be installed later. games - Several traditional BSD games, including fortune, rot13, and others. lib32 - Compatibility libraries for running 32-bit applications on a 64-bit version of &os;. ports - The &os; Ports Collection. The ports collection is an easy and convenient way to install software. The Ports Collection does not contain the source code necessary to compile the software. Instead, it is a collection of files which automates the downloading, compiling and installation of third-party software packages. discusses how to use the ports collection. The installation program does not check to see if you have adequate space. Select this option only if you have adequate hard disk space. As of &os; 9.0, the &os; Ports Collection takes up about &ports.size; of disk space. You can safely assume a larger value for more recent versions of &os;. src - System source code. &os; comes with full source code for both the kernel and the userland. Although not required for the majority of applications, it may be required to build certain software supplied as source (for example, device drivers or kernel modules), or for developing &os; itself. The full source tree requires 1 GB of disk space, and recompiling the entire &os; system requires an additional 5 GB of space.
Installing from the Network The bootonly installation media does not hold copies of the installation files. When a bootonly installation method is used, the files must be retrieved over a network connection as they are needed.
Installing from the Network
After the network connection has been configured as shown in , a mirror site is selected. Mirror sites cache copies of the &os; files. Choose a mirror site located in the same region of the world as the computer on which &os; is being installed. Files can be retrieved more quickly when the mirror is close to the target computer, and installation time will be reduced.
Choosing a Mirror
Installation will continue as if the installation files were located on local media.
Allocating Disk Space There are three ways to allocate disk space for &os;. Guided partitioning automatically sets up disk partitions, while Manual partitioning allows advanced users to create customized partitions. Finally, there's the option of starting a shell where command-line programs like &man.gpart.8;, &man.fdisk.8;, and &man.bsdlabel.8; can be used directly.
Selecting Guided or Manual Partitioning
Guided Partitioning If multiple disks are connected, choose the one where &os; is to be installed.
Selecting from Multiple Disks
The entire disk can be allocated to &os;, or just a portion of it. If [ Entire Disk ] is chosen, a general partition layout filling the whole disk is created. Selecting [ Partition ] creates a partition layout in unused space on the disk.
Selecting Entire Disk or Partition
After the partition layout has been created, review it carefully for accuracy. If a mistake has been made, selecting [ Revert ] will reset the partitions as they were previously, or [ Auto ] will recreate the automatic &os; partitions. Partitions can be manually created, modified, or deleted. When the partitioning is correct, select [ Finish ] to continue with the installation.
Review Created Partitions
Manual Partitioning Manual partitioning goes straight to the partition editor.
Manually Create Partitions
Highlighting a drive (ada0 in this example) and selecting [ Create ] displays a menu for choosing the type of partitioning scheme.
Manually Create Partitions
GPT partitioning is usually the most appropriate choice for PC-compatible computers. Older PC operating systems that are not compatible with GPT may require MBR partitioning instead. The other partitioning schemes are generally used for uncommon or older computer systems. Partitioning Schemes Abbreviation Description APM Apple Partition Map, used by &powerpc; &macintosh;. BSD BSD Labels without an MBR, sometimes called "dangerously dedicated mode". See &man.bsdlabel.8;. GPT GUID Partition Table. MBR Master Boot Record. PC98 MBR variant, used by NEC PC-98 computers. VTOC8 Volume Table Of Contents, used by Sun SPARC64 and UltraSPARC computers.
After the partitioning scheme has been selected and created, selecting [ Create ] again will create new partitions.
Manually Create Partitions
A standard &os; GPT installation uses at least three partitions: Standard &os; <acronym>GPT</acronym> Partitions freebsd-boot - &os; boot code. freebsd-ufs - A &os; UFS filesystem. freebsd-swap - &os; swap space. Another partition type worth noting is freebsd-zfs, used for partitions that will contain a &os; ZFS filesystem. See . &man.gpart.8; shows more of the available GPT partition types. Multiple filesystem partitions can be used, and some people may prefer a traditional layout with separate partitions for the /, /var, /tmp, and /usr filesystems. See for an example. Size may be entered with common abbreviations: K for kilobytes, M for megabytes, or G for gigabytes. Proper sector alignment provides the best performance, and making partition sizes even multiples of 4K bytes helps to ensure alignment on drives with either 512-byte or 4K-byte sectors. Generally, using partition sizes that are even multiples of 1M or 1G is the easiest way to make sure every partition starts at an even multiple of 4K. One exception: at present, the freebsd-boot partition should be no larger than 512K due to boot code limitations. A mountpoint is needed if this partition will contain a filesystem. If only a single UFS partition will be created, the mountpoint should be /. A label is also requested. A label is a name by which this partition will be known. Drive names or numbers can change if the drive is connected to a different controller or port, but the partition label does not change. Referring to labels instead of drive names and partition numbers in files like /etc/fstab makes the system more tolerant of changing hardware. GPT labels appear in /dev/gpt/ when a disk is attached. Other partitioning schemes have different label capabilities, and their labels appear in different directories in /dev/. Use a unique label on every filesystem to avoid conflicts from identical labels. A few letters from the computer's name, use, or location can be added to the label. "labroot" or "rootfs-lab" for the UFS root partition on the lab's computer, for example. Creating Traditional Split Filesystem Partitions For a traditional partition layout where the /, /var, /tmp, and /usr directories are separate filesystems on their own partitions, create a GPT partitioning scheme, then create the partitions as shown. Partition sizes shown are typical for a 20G target disk. If more space is available on the target disk, larger swap or /var partitions may be useful. Labels shown here are prefixed with ex for "example", but readers should use other unique label values as described above. By default, &os;'s gptboot expects the first UFS partition found to be the / partition. Partition Type Size Mountpoint Label freebsd-boot 512K freebsd-ufs 2G / exrootfs freebsd-swap 4G exswap freebsd-ufs 2G /var exvarfs freebsd-ufs 1G /tmp extmpfs freebsd-ufs accept the default (remainder of the disk) /usr exusrfs After the custom partitions have been created, select [ Finish ] to continue with the installation.
Committing to the Installation This is the last chance for aborting the installation to prevent changes to the hard drive.
Final Confirmation
Select [ Commit ] and press Enter to proceed. If changes need to be made, select [ Back ] to return to the partition editor. [ Revert & Exit ] will exit the installer without making any changes to the hard drive. Installation time will vary depending on the distributions chosen, installation media, and speed of the computer. There will be a series of messages displayed indicating progress. Firstly, the installer will write the partitions to the disk, and perform a newfs to initialise the partitions. If doing a network install, bsdinstall will then proceed to download the required distribution files.
Fetching Distribution Files
Next, the integrity of the distribution files is verified, to ensure they have not been corrupted during download or misread from the installation media.
Verifying Distribution Files
Finally, the verified distribution files are extracted to the disk.
Extracting Distribution Files
Once all requested distribution files have been extracted, bsdinstall will then drop straight into the post-installation configuration tasks (see ).
Post-Installation Configuration of various options follows a successful installation of &os;. An option can be configured by re-entering the configuration options from the final menu before booting into the newly installed &os; system. Setting the <username>root</username> Password The root password must be set. Note that while entering the password, the characters being typed are not displayed on the screen. After the password has been entered, it must be entered again. This helps prevent typing errors.
Setting the <username>root</username> Password
After the password has been successfully entered, the installation will continue.
Configuring Network Interfaces Network configuration will be skipped if it has already been done as part of a bootonly installation. A list of all the network interfaces found on the computer is shown next. Select one to be configured.
Choose a Network Interface
Configuring a Wireless Network Interface If a wireless network interface is chosen, wireless identification and security parameters must be entered to allow it to connect to the network. Wireless networks are identified by a Service Set Identifier, or SSID. The SSID is a short, unique name given to each network. Most wireless networks encrypt transmitted data to protect information from unauthorized viewing. WPA2 encryption is strongly recommended. Older encryption types, like WEP, offer very little security. The first step in connecting to a wireless network is to scan for wireless access points.
Scanning for Wireless Access Points
SSIDs found during the scan are listed, followed by a description of the encryption types available for that network. If the desired SSID does not appear in the list, select [ Rescan ] to scan again. If the desired network still does not appear, check for problems with antenna connections or try moving the computer closer to the access point. Rescan after each change is made.
Choosing a Wireless Network
The encryption information for connecting to the selected wireless network is entered after selecting the network. With WPA2, only a password (also known as the Pre-Shared Key, or PSK) is needed. Characters typed into the input box are shown as asterisks for security.
WPA2 Setup
Network configuration continues after selection of the wireless network and entry of the connection information.
Configuring IPv4 Networking Choose whether IPv4 networking is to be used. This is the most common type of network connection.
Choose IPv4 Networking
There are two methods of IPv4 configuration. DHCP will automatically configure the network interface correctly, and is the preferred method. Static configuration requires manual entry of network information. Do not enter random network information, as it will not work. Obtain the information shown in from the network administrator or service provider. IPv4 DHCP Network Configuration If a DHCP server is available, select [ Yes ] to automatically configure the network interface.
Choose IPv4 DHCP Configuration
IPv4 Static Network Configuration Static configuration of the network interface requires entry of some IPv4 information.
IPv4 Static Configuration
IP Address - The manually-assigned IPv4 address to be assigned to this computer. This address must be unique and not already in use by another piece of equipment on the local network. Subnet Mask - The subnet mask used for the local network. Typically, this is 255.255.255.0. Default Router - The IP address of the default router on this network. Usually this is the address of the router or other network equipment that connects the local network to the Internet. Also known as the default gateway.
Configuring IPv6 Networking IPv6 is a newer method of network configuration. If IPv6 is available and desired, choose [ Yes ] to select it.
Choose IPv6 Networking
IPv6 also has two methods of configuration. SLAAC , or StateLess Address AutoConfiguration, will automatically configure the network interface correctly. Static configuration requires manual entry of network information. IPv6 Stateless Address Autoconfiguration SLAAC allows an IPv6 network component to request autoconfiguration information from a local router. See RFC4862 for more information.
Choose IPv6 SLAAC Configuration
IPv6 Static Network Configuration Static configuration of the network interface requires entry of the IPv6 configuration information.
IPv6 Static Configuration
IPv6 Address - The manually-assigned IP address to be assigned to this computer. This address must be unique and not already in use by another piece of equipment on the local network. Default Router - The IPv6 address of the default router on this network. Usually this is the address of the router or other network equipment that connects the local network to the Internet. Also known as the default gateway.
Configuring <acronym role="Domain Name System">DNS</acronym> The Domain Name System (or DNS) Resolver converts hostnames to and from network addresses. If DHCP or SLAAC was used to autoconfigure the network interface, the Resolver Configuration values may already be present. Otherwise, enter the local network's domain name in the Search field. DNS #1 and DNS #2 are the IP addresses for the local DNS servers. At least one DNS server is required.
DNS Configuration
Setting the Time Zone Setting the time zone for your machine will allow it to automatically correct for any regional time changes and perform other time zone related functions properly. The example shown is for a machine located in the Eastern time zone of the United States. Your selections will vary according to your geographical location.
Select Local or UTC Clock
Select [ Yes ] or [ No ] according to how the machine's clock is configured and press Enter. If you do not know whether the system uses UTC or local time, select [ No ] to choose the more commonly-used local time.
Select a Region
The appropriate region is selected using the arrow keys and then pressing Enter.
Select a Country
Select the appropriate country using the arrow keys and press Enter.
Select a Time Zone
The appropriate time zone is selected using the arrow keys and pressing Enter.
Confirm Time Zone
Confirm the abbreviation for the time zone is correct. If it looks okay, press Enter to continue with the post-installation configuration.
Selecting Services to Enable Additional system services which will be started at boot can be enabled. All of these services are optional.
Selecting Additional Services to Enable
Additional Services sshd - Secure Shell (SSH) daemon for secure remote access. moused - Provides mouse usage within the system console. ntpd - Network Time Protocol (NTP) daemon for automatic clock synchronization. powerd - System power control utility for power control and energy saving.
Enabling Crash Dumps bsdinstall will prompt if crash dumps should be enabled on the target system. Enabling crash dumps can be very useful in debugging issues with the system, so users are encouraged to enable crash dumps whenever possible. Select [ Yes ] to enable crash dumps, or [ No ] to proceed without crash dumps enabled.
Enabling Crash Dumps
Add Users Adding at least one user during the installation allows the system to be used without being logged in as root. When logged in as root, there are essentially no limits or protection on what can be done. Logging in as a normal user is safer and more secure. Select [ Yes ] to add new users.
Add User Accounts
Enter the information for the user to be added.
Enter User Information
User Information Username - The name the user will enter to log in. Typically the first letter of their first name combined with their last name. Full name - The user's full name. Uid - User ID. Typically, this is left blank so the system will assign a value. Login group - The user's group. Typically left blank to accept the default. Invite user into other groups? - Additional groups to which the user will be added as a member. Login class - Typically left blank for the default. Shell - The interactive shell for this user. In the example, &man.csh.1; has been chosen. Home directory - The user's home directory. The default is usually correct. Home directory permissions - Permissions on the user's home directory. The default is usually correct. Use password-based authentication? - Typically "yes". Use an empty password? - Typically "no". Use a random password? - Typically "no". Enter password - The actual password for this user. Characters typed will not show on the screen. Enter password again - The password must be typed again for verification. Lock out the account after creation? - Typically "no". After entering everything, a summary is shown, and the system asks if it is correct. If a mistake was made during entry, enter no and try again. If everything is correct, enter yes to create the new user.
Exit User and Group Management
If there are more users to add, answer the "Add another user?" question with yes. Enter no to finish adding users and continue the installation. For more information on adding users and user management, - see . + see .
Final Configuration After everything has been installed and configured, a final chance is provided to modify settings.
Final Configuration
Use this menu to make any changes or do any additional configuration before completing the installation. Final Configuration Options Add User - Described in . Root Password - Described in . Hostname - Described in . Network - Described in . Services - Described in . Time Zone - Described in . Handbook - Download and install the &os; Handbook (which is what you are reading now). After any final configuration is complete, select Exit to leave the installation.
Manual Configuration
bsdinstall will prompt if there are any additional configuration that needs to be done before rebooting into the new system. Select [ Yes ] to exit to a shell within the new system, or [ No ] to proceed to the last step of the installation.
Complete the Installation
If further configuration or special setup is needed, selecting [ Live CD ] will boot the install media into Live CD mode. When the installation is complete, select [ Reboot ] to reboot the computer and start the new &os; system. Do not forget to remove the &os; install CD, DVD, or USB memory stick, or the computer may boot from it again.
&os; Booting and Shutdown &os;/&arch.i386; Booting As &os; boots, many informational messages are displayed. Most will scroll off the screen; this is normal. After the system finishes booting, a login prompt is displayed. Messages that scrolled off the screen can be reviewed by pressing Scroll-Lock to turn on the scroll-back buffer. The PgUp, PgDn, and arrow keys can be used to scroll back through the messages. Pressing Scroll-Lock again unlocks the display and returns to the normal screen. At the login: prompt, enter the username added during the installation, asample in the example. Avoid logging in as root except when necessary. The scroll-back buffer examined above is limited in size, so not all of the messages may have been visible. After logging in, most of them can be seen from the command line by typing dmesg | less at the prompt. Press q to return to the command line after viewing. Typical boot messages (version information omitted): Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz (3007.77-MHz K8-class CPU) Origin = "GenuineIntel" Id = 0x10676 Family = 6 Model = 17 Stepping = 6 Features=0x783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2> Features2=0x209<SSE3,MON,SSSE3> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> real memory = 536805376 (511 MB) avail memory = 491819008 (469 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <VBOX VBOXAPIC> ioapic0: Changing APIC ID to 1 ioapic0 <Version 1.1> irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: <VBOX VBOXXSDT> on motherboard acpi0: Power Button (fixed) acpi0: Sleep Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0 cpu0: <ACPI CPU> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 isab0: <PCI-ISA bridge> at device 1.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0 ata0: <ATA channel 0> on atapci0 ata1: <ATA channel 1> on atapci0 vgapci0: <VGA-compatible display> mem 0xe0000000-0xe0ffffff irq 18 at device 2.0 on pci0 em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.3> port 0xd010-0xd017 mem 0xf0000000-0xf001ffff irq 19 at device 3.0 on pci0 em0: Ethernet address: 08:00:27:9f:e0:92 pci0: <base peripheral> at device 4.0 (no driver attached) pcm0: <Intel ICH (82801AA)> port 0xd100-0xd1ff,0xd200-0xd23f irq 21 at device 5.0 on pci0 pcm0: <SigmaTel STAC9700/83/84 AC97 Codec> ohci0: <OHCI (generic) USB controller> mem 0xf0804000-0xf0804fff irq 22 at device 6.0 on pci0 usbus0: <OHCI (generic) USB controller> on ohci0 pci0: <bridge> at device 7.0 (no driver attached) acpi_acad0: <AC Adapter> on acpi0 atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse Explorer, device ID 4 attimer0: <AT timer> port 0x40-0x43,0x50-0x53 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0 Event timer "RTC" frequency 32768 Hz quality 0 ppc0: cannot reserve I/O port range Timecounters tick every 10.000 msec pcm0: measured ac97 link rate at 485193 Hz em0: link state changed to UP usbus0: 12Mbps Full Speed USB v1.0 ugen0.1: <Apple> at usbus0 uhub0: <Apple OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 cd0 at ata1 bus 0 scbus1 target 0 lun 0 cd0: <VBOX CD-ROM 1.0> Removable CD-ROM SCSI-0 device cd0: 33.300MB/s transfers (UDMA2, ATAPI 12bytes, PIO 65534bytes) cd0: Attempt to query device size failed: NOT READY, Medium not present ada0 at ata0 bus 0 scbus0 target 0 lun 0 ada0: <VBOX HARDDISK 1.0> ATA-6 device ada0: 33.300MB/s transfers (UDMA2, PIO 65536bytes) ada0: 12546MB (25694208 512 byte sectors: 16H 63S/T 16383C) ada0: Previously was known as ad0 Timecounter "TSC" frequency 3007772192 Hz quality 800 Root mount waiting for: usbus0 uhub0: 8 ports with 8 removable, self powered Trying to mount root from ufs:/dev/ada0p2 [rw]... Setting hostuuid: 1848d7bf-e6a4-4ed4-b782-bd3f1685d551. Setting hostid: 0xa03479b2. Entropy harvesting: interrupts ethernet point_to_point kickstart. Starting file system checks: /dev/ada0p2: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ada0p2: clean, 2620402 free (714 frags, 327461 blocks, 0.0% fragmentation) Mounting local file systems:. vboxguest0 port 0xd020-0xd03f mem 0xf0400000-0xf07fffff,0xf0800000-0xf0803fff irq 20 at device 4.0 on pci0 vboxguest: loaded successfully Setting hostname: machine3.example.com. Starting Network: lo0 em0. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 08:00:27:9f:e0:92 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active Starting devd. Starting Network: usbus0. DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPACK from 10.0.2.2 bound to 192.168.1.142 -- renewal in 43200 seconds. add net ::ffff:0.0.0.0: gateway ::1 add net ::0.0.0.0: gateway ::1 add net fe80::: gateway ::1 add net ff02::: gateway ::1 ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib 32-bit compatibility ldconfig path: /usr/lib32 Creating and/or trimming log files. Starting syslogd. No core dumps found. Clearing /tmp (X related). Updating motd:. Configuring syscons: blanktime. Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. Your public key has been saved in /etc/ssh/ssh_host_key.pub. The key fingerprint is: 10:a0:f5:af:93:ae:a3:1a:b2:bb:3c:35:d9:5a:b3:f3 root@machine3.example.com The key's randomart image is: +--[RSA1 1024]----+ | o.. | | o . . | | . o | | o | | o S | | + + o | |o . + * | |o+ ..+ . | |==o..o+E | +-----------------+ Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: 7e:1c:ce:dc:8a:3a:18:13:5b:34:b5:cf:d9:d1:47:b2 root@machine3.example.com The key's randomart image is: +--[ DSA 1024]----+ | .. . .| | o . . + | | . .. . E .| | . . o o . . | | + S = . | | + . = o | | + . * . | | . . o . | | .o. . | +-----------------+ Starting sshd. Starting cron. Starting background file system checks in 60 seconds. Thu Oct 6 19:15:31 MDT 2011 FreeBSD/amd64 (machine3.example.com) (ttyv0) login: Generating the RSA and DSA keys may take some time on slower machines. This happens only on the initial boot-up of a new installation, and only if sshd is set to start automatically. Subsequent boots will be faster. &os; does not install graphical environments by default, but many are available. See for more information. &os; Shutdown Proper shutdown of a &os; computer helps protect data and even hardware from damage. Do not just turn off the power. If the user is a member of the wheel group, become the superuser by typing su at the command line and entering the root password. Otherwise, log in as root and use shutdown -p now. The system will close down cleanly and turn itself off. The Ctrl Alt Del key combination can be used to reboot the system, but is not recommended during normal operation.
Troubleshooting installation troubleshooting The following section covers basic installation troubleshooting, such as common problems people have reported. What to Do If Something Goes Wrong Due to various limitations of the PC architecture, it is impossible for probing to be 100% reliable, however, there are a few things you can do if it fails. Check the Hardware Notes document for your version of &os; to make sure your hardware is supported. If your hardware is supported and you still experience lock-ups or other problems, you will need to build a custom kernel. This will allow you to add in support for devices which are not present in the GENERIC kernel. The kernel on the boot disks is configured assuming that most hardware devices are in their factory default configuration in terms of IRQs, IO addresses, and DMA channels. If your hardware has been reconfigured, you will most likely need to edit the kernel configuration and recompile to tell &os; where to find things. It is also possible that a probe for a device not present will cause a later probe for another device that is present to fail. In that case, the probes for the conflicting driver(s) should be disabled. Some installation problems can be avoided or alleviated by updating the firmware on various hardware components, most notably the motherboard. Motherboard firmware is usually referred to as the BIOS. Most motherboard and computer manufacturers have a website for upgrades and upgrade information. Manufacturers generally advise against upgrading the motherboard BIOS unless there is a good reason for doing so, like a critical update. The upgrade process can go wrong, leaving the BIOS incomplete and the computer inoperative. Troubleshooting Questions and Answers My system hangs while probing hardware during boot, or it behaves strangely during install. &os; makes extensive use of the system ACPI service on the i386, amd64, and ia64 platforms to aid in system configuration if it is detected during boot. Unfortunately, some bugs still exist in both the ACPI driver and within system motherboards and BIOS firmware. ACPI can be disabled by setting the hint.acpi.0.disabled hint in the third stage boot loader: set hint.acpi.0.disabled="1" This is reset each time the system is booted, so it is necessary to add hint.acpi.0.disabled="1" to the file /boot/loader.conf. More information about the boot loader can be found in . Using the Live CD A live CD of &os; is available on the same CD as the main installation program. This is useful for those who are still wondering whether &os; is the right operating system for them and want to test some of the features before installing. The following points should be noted while using the live CD: To gain access to the system, authentication is required. The username is root, and the password is blank. As the system runs directly from the CD, performance will be significantly slower than that of a system installed on a hard disk. The live CD provides a command prompt and not a graphical interface.
diff --git a/en_US.ISO8859-1/books/handbook/chapters.ent b/en_US.ISO8859-1/books/handbook/chapters.ent index 8bcfe3497c..d5cd395e7f 100644 --- a/en_US.ISO8859-1/books/handbook/chapters.ent +++ b/en_US.ISO8859-1/books/handbook/chapters.ent @@ -1,70 +1,69 @@ %pgpkeys; - diff --git a/en_US.ISO8859-1/books/handbook/preface/preface.xml b/en_US.ISO8859-1/books/handbook/preface/preface.xml index 1c62859409..4fcdec1d0a 100644 --- a/en_US.ISO8859-1/books/handbook/preface/preface.xml +++ b/en_US.ISO8859-1/books/handbook/preface/preface.xml @@ -1,751 +1,742 @@ Preface Intended Audience The &os; newcomer will find that the first section of this book guides the user through the &os; installation process and gently introduces the concepts and conventions that underpin &unix;. Working through this section requires little more than the desire to explore, and the ability to take on board new concepts as they are introduced. Once you have traveled this far, the second, far larger, section of the Handbook is a comprehensive reference to all manner of topics of interest to &os; system administrators. Some of these chapters may recommend that you do some prior reading, and this is noted in the synopsis at the beginning of each chapter. For a list of additional sources of information, please see . Changes from the Third Edition The current online version of the Handbook represents the cumulative effort of many hundreds of contributors over the past 10 years. The following are some of the significant changes since the two volume third edition was published in 2004: , &dtrace;, has been added with information about the powerful &dtrace; performance analysis tool. , File Systems Support, has been added with information about non-native file systems in &os;, such as ZFS from &sun;. , Security Event Auditing, has been added to cover the new auditing capabilities in &os; and explain its use. , Virtualization, has been added with information about installing &os; on virtualization software. , Installing &os; 9.x and Later, has been added to cover installation of &os; using the new installation utility, bsdinstall. Changes from the Second Edition (2004) The third edition was the culmination of over two years of work by the dedicated members of the &os; Documentation Project. The printed edition grew to such a size that it was necessary to publish as two separate volumes. The following are the major changes in this new edition: , Configuration and Tuning, has been expanded with new information about the ACPI power and resource management, the cron system utility, and more kernel tuning options. , Security, has been expanded with new information about virtual private networks (VPNs), file system access control lists (ACLs), and security advisories. , Mandatory Access Control (MAC), is a new chapter with this edition. It explains what MAC is and how this mechanism can be used to secure a &os; system. , Storage, has been expanded with new information about USB storage devices, file system snapshots, file system quotas, file and network backed filesystems, and encrypted disk partitions. A troubleshooting section has been added to , PPP and SLIP. , Electronic Mail, has been expanded with new information about using alternative transport agents, SMTP authentication, UUCP, fetchmail, procmail, and other advanced topics. , Network Servers, is all new with this edition. This chapter includes information about setting up the Apache HTTP Server, ftpd, and setting up a server for µsoft; &windows; clients with Samba. Some sections from , Advanced Networking, were moved here to improve the presentation. , Advanced Networking, has been expanded with new information about using &bluetooth; devices with &os;, setting up wireless networks, and Asynchronous Transfer Mode (ATM) networking. A glossary has been added to provide a central location for the definitions of technical terms used throughout the book. A number of aesthetic improvements have been made to the tables and figures throughout the book. Changes from the First Edition (2001) The second edition was the culmination of over two years of work by the dedicated members of the &os; Documentation Project. The following were the major changes in this edition: A complete Index has been added. All ASCII figures have been replaced by graphical diagrams. A standard synopsis has been added to each chapter to give a quick summary of what information the chapter contains, and what the reader is expected to know. The content has been logically reorganized into three parts: Getting Started, System Administration, and Appendices. (Installing &os;) was completely rewritten with many screenshots to make it much easier for new users to grasp the text. (&unix; Basics) has been expanded to contain additional information about processes, daemons, and signals. (Installing Applications) has been expanded to contain additional information about binary package management. (The X Window System) has been completely rewritten with an emphasis on using modern desktop technologies such as KDE and GNOME on &xfree86; 4.X. (The &os; Booting Process) has been expanded. (Storage) has been written from what used to be two separate chapters on Disks and Backups. We feel that the topics are easier to comprehend when presented as a single chapter. A section on RAID (both hardware and software) has also been added. (Serial Communications) has been completely reorganized and updated for &os; 4.X/5.X. (PPP and SLIP) has been substantially updated. Many new sections have been added to (Advanced Networking). (Electronic Mail) has been expanded to include more information about configuring sendmail. (&linux; Compatibility) has been expanded to include information about installing &oracle; and &sap.r3;. The following new topics are covered in this second edition: Configuration and Tuning (). Multimedia () Organization of This Book This book is split into five logically distinct sections. The first section, Getting Started, covers the installation and basic usage of &os;. It is expected that the reader will follow these chapters in sequence, possibly skipping chapters covering familiar topics. The second section, Common Tasks, covers some frequently used features of &os;. This section, and all subsequent sections, can be read out of order. Each chapter begins with a succinct synopsis that describes what the chapter covers and what the reader is expected to already know. This is meant to allow the casual reader to skip around to find chapters of interest. The third section, System Administration, covers administration topics. The fourth section, Network Communication, covers networking and server topics. The fifth section contains appendices of reference information. , Introduction Introduces &os; to a new user. It describes the history of the &os; Project, its goals and development model. , Installation of &os; 9.x and Later Walks a user through the entire installation process of &os; 9.x and later using bsdinstall. , Installation of &os; 8.x and Earlier Walks a user through the entire installation process of &os; 8.x and earlier using sysinstall. Some advanced installation topics, such as installing through a serial console, are also covered. , &unix; Basics Covers the basic commands and functionality of the &os; operating system. If you are familiar with &linux; or another flavor of &unix; then you can probably skip this chapter. , Installing Applications Covers the installation of third-party software with both &os;'s innovative Ports Collection and standard binary packages. , The X Window System Describes the X Window System in general and using X11 on &os; in particular. Also describes common desktop environments such as KDE and GNOME. , Desktop Applications Lists some common desktop applications, such as web browsers and productivity suites, and describes how to install them on &os;. , Multimedia Shows how to set up sound and video playback support for your system. Also describes some sample audio and video applications. , Configuring the &os; Kernel Explains why you might need to configure a new kernel and provides detailed instructions for configuring, building, and installing a custom kernel. , Printing Describes managing printers on &os;, including information about banner pages, printer accounting, and initial setup. , &linux; Binary Compatibility Describes the &linux; compatibility features of &os;. Also provides detailed installation instructions for many popular &linux; applications such as &oracle; and &mathematica;. , Configuration and Tuning Describes the parameters available for system administrators to tune a &os; system for optimum performance. Also describes the various configuration files used in &os; and where to find them. , Booting Process Describes the &os; boot process and explains how to control this process with configuration options. - - , Users and Basic Account - Management - - Describes the creation and manipulation of user - accounts. Also discusses resource limitations that can be - set on users and other account management tasks. - - , Security Describes many different tools available to help keep your &os; system secure, including Kerberos, IPsec and OpenSSH. , Jails Describes the jails framework, and the improvements of jails over the traditional chroot support of &os;. , Mandatory Access Control Explains what Mandatory Access Control (MAC) is and how this mechanism can be used to secure a &os; system. , Security Event Auditing Describes what &os; Event Auditing is, how it can be installed, configured, and how audit trails can be inspected or monitored. , Storage Describes how to manage storage media and filesystems with &os;. This includes physical disks, RAID arrays, optical and tape media, memory-backed disks, and network filesystems. , GEOM Describes what the GEOM framework in &os; is and how to configure various supported RAID levels. , File Systems Support Examines support of non-native file systems in &os;, like the Z File System from &sun;. , Virtualization Describes what virtualization systems offer, and how they can be used with &os;. , Localization Describes how to use &os; in languages other than English. Covers both system and application level localization. , Updating and Upgrading &os; Explains the differences between &os;-STABLE, &os;-CURRENT, and &os; releases. Describes which users would benefit from tracking a development system and outlines that process. Covers the methods users may take to update their system to the latest security release. , &dtrace; Describes how to configure and use the &dtrace; tool from &sun; in &os;. Dynamic tracing can help locate performance issues, by performing real time system analysis. , Serial Communications Explains how to connect terminals and modems to your &os; system for both dial in and dial out connections. , PPP and SLIP Describes how to use PPP, SLIP, or PPP over Ethernet to connect to remote systems with &os;. , Electronic Mail Explains the different components of an email server and dives into simple configuration topics for the most popular mail server software: sendmail. , Network Servers Provides detailed instructions and example configuration files to set up your &os; machine as a network filesystem server, domain name server, network information system server, or time synchronization server. , Firewalls Explains the philosophy behind software-based firewalls and provides detailed information about the configuration of the different firewalls available for &os;. , Advanced Networking Describes many networking topics, including sharing an Internet connection with other computers on your LAN, advanced routing topics, wireless networking, &bluetooth;, ATM, IPv6, and much more. , Obtaining &os; Lists different sources for obtaining &os; media on CDROM or DVD as well as different sites on the Internet that allow you to download and install &os;. , Bibliography This book touches on many different subjects that may leave you hungry for a more detailed explanation. The bibliography lists many excellent books that are referenced in the text. , Resources on the Internet Describes the many forums available for &os; users to post questions and engage in technical conversations about &os;. , PGP Keys Lists the PGP fingerprints of several &os; Developers. Conventions used in this book To provide a consistent and easy to read text, several conventions are followed throughout the book. Typographic Conventions Italic An italic font is used for filenames, URLs, emphasized text, and the first usage of technical terms. Monospace A monospaced font is used for error messages, commands, environment variables, names of ports, hostnames, user names, group names, device names, variables, and code fragments. Bold A bold font is used for applications, commands, and keys. User Input Keys are shown in bold to stand out from other text. Key combinations that are meant to be typed simultaneously are shown with `+' between the keys, such as: Ctrl Alt Del Meaning the user should type the Ctrl, Alt, and Del keys at the same time. Keys that are meant to be typed in sequence will be separated with commas, for example: Ctrl X , Ctrl S Would mean that the user is expected to type the Ctrl and X keys simultaneously and then to type the Ctrl and S keys simultaneously. Examples Examples starting with C:\> indicate a &ms-dos; command. Unless otherwise noted, these commands may be executed from a Command Prompt window in a modern µsoft.windows; environment. E:\> tools\fdimage floppies\kern.flp A: Examples starting with &prompt.root; indicate a command that must be invoked as the superuser in &os;. You can login as root to type the command, or login as your normal account and use &man.su.1; to gain superuser privileges. &prompt.root; dd if=kern.flp of=/dev/fd0 Examples starting with &prompt.user; indicate a command that should be invoked from a normal user account. Unless otherwise noted, C-shell syntax is used for setting environment variables and other shell commands. &prompt.user; top Acknowledgments The book you are holding represents the efforts of many hundreds of people around the world. Whether they sent in fixes for typos, or submitted complete chapters, all the contributions have been useful. Several companies have supported the development of this document by paying authors to work on it full-time, paying for publication, etc. In particular, BSDi (subsequently acquired by Wind River Systems) paid members of the &os; Documentation Project to work on improving this book full time leading up to the publication of the first printed edition in March 2000 (ISBN 1-57176-241-8). Wind River Systems then paid several additional authors to make a number of improvements to the print-output infrastructure and to add additional chapters to the text. This work culminated in the publication of the second printed edition in November 2001 (ISBN 1-57176-303-1). In 2003-2004, &os; Mall, Inc, paid several contributors to improve the Handbook in preparation for the third printed edition. diff --git a/en_US.ISO8859-1/books/handbook/users/Makefile b/en_US.ISO8859-1/books/handbook/users/Makefile deleted file mode 100644 index b44bd80628..0000000000 --- a/en_US.ISO8859-1/books/handbook/users/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# Build the Handbook with just the content from this chapter. -# -# $FreeBSD$ -# - -CHAPTERS= users/chapter.xml - -VPATH= .. - -MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX} - -DOC_PREFIX?= ${.CURDIR}/../../../.. - -.include "../Makefile" diff --git a/en_US.ISO8859-1/books/handbook/users/chapter.xml b/en_US.ISO8859-1/books/handbook/users/chapter.xml deleted file mode 100644 index 9a9b1b27b4..0000000000 --- a/en_US.ISO8859-1/books/handbook/users/chapter.xml +++ /dev/null @@ -1,1001 +0,0 @@ - - - - - - - - Neil - Blakey-Milner - Contributed by - - - - - - Users and Basic Account Management - - - Synopsis - - &os; allows multiple users to use the computer at the same - time. While only one user can sit in front of the screen and - use the keyboard at any one time, any number of users can log - in to the system through the network. To use the system, each - user should have their own user account. - - This chapter describes: - - - - The different types of user accounts on a - &os; system. - - - - How to add, remove, and modify user accounts. - - - - How to set limits to control the - resources that users and - groups are allowed to access. - - - - How to create groups and add users as members of a group. - - - - - - Account Types - - Since all access to the &os; system is achieved using accounts - and all processes are run by users, user and account management - is important. - - There are three main types of accounts: - system accounts, - user accounts, and the - superuser account. - - - System Accounts - - - accounts - system - - - System accounts are used to run services such as DNS, - mail, and web servers. The reason for this is security; if - all services ran as the superuser, they could act without - restriction. - - - accounts - daemon - - - accounts - operator - - - Examples of system accounts are - daemon, operator, - bind, news, and - www. - - - accounts - nobody - - - nobody is the generic unprivileged - system account. However, the more services that use - nobody, the more files and processes that - user will become associated with, and hence the more - privileged that user becomes. - - - - User Accounts - - - accounts - user - - - User accounts are - assigned to real people and are used to log in and use the - system. Every person accessing the system should have a unique - user account. This allows the administrator to find out who - is doing what and prevents users from clobbering the - settings of other users. - - Each user can set up their own environment to accommodate - their use of the system, by configuring their default shell, editor, - key bindings, and language settings. - Every user account on a &os; system has certain information - associated with it: - - - - User name - - - The user name is typed at the login: - prompt. User names must be unique on the system as no two - users can have the same user name. There are a number of - rules for creating valid user names which are documented in - &man.passwd.5;. It is recommended to use user names that consist of eight or - fewer, all lower case characters in order to maintain - backwards compatibility with applications. - - - - - Password - - - Each user account should have an associated password. While the - password can be blank, this is highly discouraged. - - - - - User ID (UID) - - - The User ID (UID) is a number - used to uniquely identify the user to the - &os; system. Commands that - allow a user name to be specified will first convert it to - the UID. It is recommended to use a UID of - 65535 or lower as higher UIDs may cause compatibility - issues with software that does not support integers larger - than 32-bits. - - - - - Group ID (GID) - - - The Group ID (GID) is a number used to uniquely identify - the primary group that the user belongs to. Groups are a - mechanism for controlling access to resources based on a - user's GID rather than their - UID. This can significantly reduce the - size of some configuration files and allows users to be - members of more than one group. It is recommended to use a GID of - 65535 or lower as higher GIDs may break some - software. - - - - - Login class - - - Login classes are an extension to the group mechanism - that provide additional flexibility when tailoring the - system to different users. Login classes are discussed - further in - - - - - Password change time - - - By default, &os; does not force users to change their - passwords periodically. Password expiration can be - enforced on a per-user basis using &man.pw.8;, forcing some or all users to - change their passwords after a certain amount of time has - elapsed. - - - - - Account expiry time - - - By default, &os; does not expire accounts. When - creating accounts that need a limited lifespan, such as - student accounts in a school, specify the account expiry - date using &man.pw.8;. After the expiry time has elapsed, the account - cannot be used to log in to the system, although the - account's directories and files will remain. - - - - - User's full name - - - The user name uniquely identifies the account to &os;, - but does not necessarily reflect the user's real name. - Similar to a comment, this information - can contain a space, uppercase characters, and be more - than 8 characters long. - - - - - Home directory - - - The home directory is the full path to a directory on - the system. This is the user's starting directory when - the user logs in. A common convention is to put all user - home directories under /home/username - or /usr/home/username. - Each user stores their personal files and subdirectories - in their own home directory. - - - - - User shell - - - The shell provides the user's default environment for - interacting with the system. There are many different - kinds of shells and experienced users will have their own - preferences, which can be reflected in their account - settings. - - - - - - - The Superuser Account - - - accounts - superuser (root) - - - The superuser account, usually called - root, is used to - manage the system with no limitations on privileges. For this - reason, it should not be used for day-to-day - tasks like sending and receiving mail, general exploration of - the system, or programming. - - The superuser, unlike other user - accounts, can operate without limits, and misuse of the - superuser account may result in spectacular disasters. User - accounts are unable to destroy the operating system by mistake, so it is - recommended to login as a user account and to only become the superuser - when a command requires extra privilege. - - Always double and triple-check any commands issued as the - superuser, since an extra space or missing character can mean - irreparable data loss. - - There are several ways to become gain superuser privilege. While one - can log in as root, this is highly discouraged. - - Instead, use &man.su.1; to become the superuser. If - - is specified when running this command, the user will also inherit the root user's environment. - The user running this command must - be in the wheel group or else the command - will fail. The user must also know the password for the - root user account. - - In this example, the user only becomes superuser in order to run - make install as this step requires superuser privilege. - Once the command completes, the user types exit - to leave the superuser account and return to the privilege of - their user account. - - - Install a Program As The Superuser - - &prompt.user; configure -&prompt.user; make -&prompt.user; su - -Password: -&prompt.root; make install -&prompt.root; exit -&prompt.user; - - - The built-in &man.su.1; framework works well for single systems or small - networks with just one system administrator. An alternative - is to install the - security/sudo package or port. This software - provides activity logging and allows the administrator to configure which users - can run which commands - as the superuser. - - - - - Managing Accounts - - - accounts - modifying - - - &os; provides a variety of different commands to manage - user accounts. The most common commands are summarized below, - followed by more detailed examples of their usage. - - - - - - - - - Command - Summary - - - - - &man.adduser.8; - The recommended command-line application for adding - new users. - - - - &man.rmuser.8; - The recommended command-line application for - removing users. - - - - &man.chpass.1; - A flexible tool for changing user database - information. - - - - &man.passwd.1; - The simple command-line tool to change user - passwords. - - - - &man.pw.8; - A powerful and flexible tool for modifying all - aspects of user accounts. - - - - - - - <command>adduser</command> - - - accounts - adding - - - adduser - - - /usr/share/skel - - skeleton directory - &man.adduser.8; is a simple program for adding new users - When a new user is added, this program automatically updates - /etc/passwd and - /etc/group. It also creates a home - directory for the new user, copies in the default - configuration files from /usr/share/skel, and can - optionally mail the new user a welcome message. - - - Adding a User on &os; - - &prompt.root; adduser -Username: jru -Full name: J. Random User -Uid (Leave empty for default): -Login group [jru]: -Login group is jru. Invite jru into other groups? []: wheel -Login class [default]: -Shell (sh csh tcsh zsh nologin) [sh]: zsh -Home directory [/home/jru]: -Home directory permissions (Leave empty for default): -Use password-based authentication? [yes]: -Use an empty password? (yes/no) [no]: -Use a random password? (yes/no) [no]: -Enter password: -Enter password again: -Lock out the account after creation? [no]: -Username : jru -Password : **** -Full Name : J. Random User -Uid : 1001 -Class : -Groups : jru wheel -Home : /home/jru -Shell : /usr/local/bin/zsh -Locked : no -OK? (yes/no): yes -adduser: INFO: Successfully added (jru) to the user database. -Add another user? (yes/no): no -Goodbye! -&prompt.root; - - - - Since the password is not echoed when typed, be careful - to not mistype the password when creating the user - account. - - - - - <command>rmuser</command> - - rmuser - - accounts - removing - - - To completely remove a user from the system use - &man.rmuser.8;. This command performs the following - steps: - - - - Removes the user's &man.crontab.1; entry if one - exists. - - - - Removes any &man.at.1; jobs belonging to the - user. - - - - Kills all processes owned by the user. - - - - Removes the user from the system's local password - file. - - - - Removes the user's home directory, if it is owned by - the user. - - - - Removes the incoming mail files belonging to the user - from /var/mail. - - - - Removes all files owned by the user from temporary - file storage areas such as /tmp. - - - - Finally, removes the username from all groups to which - it belongs in /etc/group. - - - If a group becomes empty and the group name is the - same as the username, the group is removed. This - complements the per-user unique groups created by - &man.adduser.8;. - - - - - &man.rmuser.8; cannot be used to remove superuser - accounts since that is almost always an indication of massive - destruction. - - By default, an interactive mode is used, as shown - in the following example. - - - <command>rmuser</command> Interactive Account - Removal - - &prompt.root; rmuser jru -Matching password entry: -jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh -Is this the entry you wish to remove? y -Remove user's home directory (/home/jru)? y -Updating password file, updating databases, done. -Updating group file: trusted (removing group jru -- personal group is empty) done. -Removing user's incoming mail file /var/mail/jru: done. -Removing files belonging to jru from /tmp: done. -Removing files belonging to jru from /var/tmp: done. -Removing files belonging to jru from /var/tmp/vi.recover: done. -&prompt.root; - - - - - <command>chpass</command> - - chpass - &man.chpass.1; can be used to change user database - information such as passwords, shells, and personal - information. - - Only the superuser can change other users' information and - passwords with &man.chpass.1;. - - When passed no options, aside from an optional username, - &man.chpass.1; displays an editor containing user information. - When the user exists from the editor, the user database is - updated with the new information. - - - You will be asked for your password after exiting the - editor if you are not the superuser. - - - - Interactive <command>chpass</command> by - Superuser - - #Changing user database information for jru. -Login: jru -Password: * -Uid [#]: 1001 -Gid [# or name]: 1001 -Change [month day year]: -Expire [month day year]: -Class: -Home directory: /home/jru -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information: - - - A user can change only a small subset of this - information, and only for their own user account. - - - Interactive <command>chpass</command> by Normal - User - - #Changing user database information for jru. -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information: - - - - &man.chfn.1; and &man.chsh.1; are links to - &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and - &man.ypchsh.1;. NIS support is - automatic, so specifying the yp before - the command is not necessary. How to configure NIS is - covered in . - - - - <command>passwd</command> - - passwd - - accounts - changing password - - &man.passwd.1; is the usual way to change your own - password as a user, or another user's password as the - superuser. - - - To prevent accidental or unauthorized changes, the user - must enter their original password before a new password can - be set. This is not the case when the superuser changes a - user's password. - - - - Changing Your Password - - &prompt.user; passwd -Changing local password for jru. -Old password: -New password: -Retype new password: -passwd: updating the database... -passwd: done - - - - Changing Another User's Password as the - Superuser - - &prompt.root; passwd jru -Changing local password for jru. -New password: -Retype new password: -passwd: updating the database... -passwd: done - - - - As with &man.chpass.1;, &man.yppasswd.1; is a link to - &man.passwd.1;, so NIS works with either command. - - - - - - <command>pw</command> - - pw - - &man.pw.8; is a command line utility to create, remove, - modify, and display users and groups. It functions as a front - end to the system user and group files. &man.pw.8; has a very - powerful set of command line options that make it suitable for - use in shell scripts, but new users may find it more - complicated than the other commands presented in this - section. - - - - - - - Limiting Users - - limiting users - - accounts - limiting - - &os; provides several methods for an administrator to limit - the amount of system resources an individual may use. These - limits are discussed in two sections: disk quotas and other - resource limits. - - quotas - - limiting users - quotas - - disk quotas - Disk quotas limit the amount of disk space available to - users and provide a way to quickly check that usage without - calculating it every time. Quotas are discussed in . - - The other resource limits include ways to limit the amount - of CPU, memory, and other resources a user may consume. These - are defined using login classes and are discussed here. - - - /etc/login.conf - - Login classes are defined in - /etc/login.conf and are described in detail - in &man.login.conf.5;. Each user account is assigned to a login - class, default by default, and each login - class has a set of login capabilities associated with it. A - login capability is a - name=value - pair, where name is a well-known - identifier and value is an arbitrary - string which is processed accordingly depending on the - name. Setting up login classes and - capabilities is rather straightforward and is also described in - &man.login.conf.5;. - - - &os; does not normally read the configuration in - /etc/login.conf directly, but instead - reads the /etc/login.conf.db database - which provides faster lookups. Whenever - /etc/login.conf is edited, the - /etc/login.conf.db must be updated by - executing the following command: - - &prompt.root; cap_mkdb /etc/login.conf - - - Resource limits differ from the default login capabilities - in two ways. First, for every limit, there is a soft (current) - and hard limit. A soft limit may be adjusted by the user or - application, but may not be set higher than the hard limit. The - hard limit may be lowered by the user, but can only be raised - by the superuser. Second, most resource limits apply per - process to a specific user, not to the user as a whole. These - differences are mandated by the specific handling of the limits, - not by the implementation of the login capability - framework. - - Below are the most commonly used resource limits. The rest - of the limits, along with all the other login capabilities, can - be found in &man.login.conf.5;. - - - - coredumpsize - - - The limit on the size of a core filecoredumpsize generated by a - program is subordinate to other limitslimiting userscoredumpsize on disk usage, such - as filesize, or disk quotas. - This limit is often used as a less-severe method of - controlling disk space consumption. Since users do not - generate core files themselves, and often do not delete - them, setting this may save them from running out of disk - space should a large program crash. - - - - - cputime - - - The maximum amount of CPUcputimelimiting userscputime time a user's process may - consume. Offending processes will be killed by the - kernel. - - - This is a limit on CPU time - consumed, not percentage of the CPU as displayed in - some fields by &man.top.1; and &man.ps.1;. - - - - - - filesize - - - The maximum size of a filefilesizelimiting usersfilesize the user may own. Unlike - disk quotas, this limit is - enforced on individual files, not the set of all files a - user owns. - - - - - maxproc - - - The maximum number of processesmaxproclimiting usersmaxproc a user can run. This - includes foreground and background processes. This limit - may not be larger than the system limit specified by the - kern.maxproc &man.sysctl.8;. Setting - this limit too small may hinder a user's productivity as - it is often useful to be logged in multiple times or to - execute pipelines. Some tasks, such as compiling a large - program, spawn multiple processes and other intermediate - preprocessors. - - - - - memorylocked - - - The maximum amount of memorymemorylockedlimiting usersmemorylocked a process may request - to be locked into main memory using &man.mlock.2;. Some - system-critical programs, such as &man.amd.8;, lock into - main memory so that if the system begins to swap, they do - not contribute to disk thrashing. - - - - - memoryuse - - - The maximum amount of memorymemoryuselimiting usersmemoryuse a process may consume at - any given time. It includes both core memory and swap - usage. This is not a catch-all limit for restricting - memory consumption, but is a good start. - - - - - openfiles - - - The maximum number of files a process may have openopenfileslimiting usersopenfiles. - In &os;, files are used to represent sockets and IPC - channels, so be careful not to set this too low. The - system-wide limit for this is defined by the - kern.maxfiles &man.sysctl.8;. - - - - - sbsize - - - The limit on the amount of network memory, and - thus mbufssbsizelimiting userssbsize, a user may consume in order to limit network - communications. - - - - - stacksize - - - The maximum size of a process stackstacksizelimiting usersstacksize. This alone is - not sufficient to limit the amount of memory a program - may use so it should be used in conjunction with other - limits. - - - - - There are a few other things to remember when setting - resource limits. Following are some general tips, suggestions, - and miscellaneous comments. - - - - Processes started at system startup by - /etc/rc are assigned to the - daemon login class. - - - - Although the /etc/login.conf that - comes with the system is a good source of reasonable values - for most limits, they may not be appropriate for every - system. Setting a limit too high may open the system up to - abuse, while setting it too low may put a strain on - productivity. - - - - Users of &xorg; should - probably be granted more resources than other users. - &xorg; by itself takes a lot of - resources, but it also encourages users to run more programs - simultaneously. - - - - Many limits apply to individual processes, not the user - as a whole. For example, setting - openfiles to 50 means that each process - the user runs may open up to 50 files. The total amount - of files a user may open is the value of - openfiles multiplied by the value of - maxproc. This also applies to memory - consumption. - - - - For further information on resource limits and login classes - and capabilities in general, refer to &man.cap.mkdb.1;, - &man.getrlimit.2;, and &man.login.conf.5;. - - - - Managing Groups - - groups - - /etc/groups - - - accounts - groups - - A group is a list of users. A group is identified by its - group name and GID. In &os;, the - kernel uses the UID of a process, and the - list of groups it belongs to, to determine what the process is - allowed to do. Most of the time, the GID of - a user or process usually means the first group in the - list. - - The group name to GID mapping is listed - in /etc/group. This is a plain text file - with four colon-delimited fields. The first field is the group - name, the second is the encrypted password, the third the - GID, and the fourth the comma-delimited list - of members. For a more complete description of the syntax, - refer to &man.group.5;. - - The superuser can modify /etc/group - using a text editor. Alternatively, &man.pw.8; can be used to - add and edit groups. For example, to add a group called - teamtwo and then confirm that it - exists: - - - Adding a Group Using &man.pw.8; - - &prompt.root; pw groupadd teamtwo -&prompt.root; pw groupshow teamtwo -teamtwo:*:1100: - - - In this example, 1100 is the - GID of teamtwo. Right - now, teamtwo has no members. This - command will add jru as a member of - teamtwo. - - - Adding User Accounts to a New Group Using - &man.pw.8; - - &prompt.root; pw groupmod teamtwo -M jru -&prompt.root; pw groupshow teamtwo -teamtwo:*:1100:jru - - - The argument to is a comma-delimited - list of users to be added to a new (empty) group or to replace - the members of an existing group. To the user, this group - membership is different from (and in addition to) the user's - primary group listed in the password file. This means that - the user will not show up as a member when using - with &man.pw.8;, but will show up - when the information is queried via &man.id.1; or a similar - tool. When &man.pw.8; is used to add a user to a group, it only - manipulates /etc/group and does not attempt - to read additional data from - /etc/passwd. - - - Adding a New Member to a Group Using &man.pw.8; - - &prompt.root; pw groupmod teamtwo -m db -&prompt.root; pw groupshow teamtwo -teamtwo:*:1100:jru,db - - - In this example, the argument to is a - comma-delimited list of users who are to be added to the group. - Unlike the previous example, these users are appended to the - group list and do not replace the list of existing users in the - group. - - - Using &man.id.1; to Determine Group Membership - - &prompt.user; id jru -uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo) - - - In this example, jru is a member of the - groups jru and - teamtwo. - - For more information about this command and the format of - /etc/group, refer to &man.pw.8; and - &man.group.5;. - -