diff --git a/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml b/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml
index 61446d6846..4b9b537a3e 100644
--- a/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml
+++ b/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml
@@ -1,3027 +1,2970 @@
Жим
Мок
Бүтцийг дахин өөрчлөн зохион байгуулж зарим хэсгүүдийг шинэчилсэн
Жордан
Хаббард
Анхлан эхийг бичсэн
Поул-Хэннинг
Камп
Жон
Полстра
Ник
Клэйтон
Цагаанхүүгийн
Ганболд
Орчуулсан
&os;-г шинэчилж сайжруулах нь
Ерөнхий агуулга
&os; нь өөрийн хувилбаруудын хооронд байнгын хөгжүүлэлтийн доор оршин тогтнож
байдаг. Зарим хүмүүс албан ёсоор гаргасан хувилбаруудыг ашиглах хүсэлтэй
байдаг бол зарим хүмүүс хамгийн сүүлийн үеийн хөгжүүлэлтийг дагах сонирхолтой
байдаг. Гэхдээ албан ёсны хувилбарууд хүртэл аюулгүй байдлын болоод бусад
чухал засваруудаар шинэчлэгдэж байдаг. Ямар хувилбар ашиглаж байгаагаас үл
хамаараад &os; нь таны системийг шинэ байлгахад шаардлагатай бүх л хэрэгслүүд
болон хувилбар хооронд хялбараар шинэчлэх боломжоор хангадаг.
Энэхүү бүлэг нь хөгжүүлэлтийн системийг дагахыг хүсэх эсвэл гаргасан
хувилбартай үлдэх эсэхийг шийдэхэд танд туслах болно. Таны системийг шинэчлэхэд
зориулсан үндсэн хэрэгслүүдийг бас харуулах болно.
Энэ бүлгийг уншсаны дараа, та дараах зүйлсийг мэдэх болно:
Систем болон портын цуглуулгыг ямар хэрэгслүүд
ашиглан шинэчилж болох талаар.
freebsd-update,
Subversion,
CVSup,
CVS, эсвэл
CTM програмуудын тусламжтай өөрийн системийг
хэрхэн хамгийн сүүлийн хэлбэрт авчрах талаар.
Суулгагдсан системийн төлвийг мэдэгдэж байгаа сайн хуулбартай
хэрхэн харьцуулах талаар.
Subversion эсвэл баримтжуулах порт ашиглан өөрийн баримтуудыг
хэрхэн сүүлийн хувилбарт байлгаж байх талаар.
&os.stable; болон &os.current; хөгжүүлэлтийн
салбаруудын ялгаа.
Бүх үндсэн системийг make buildworld
(гэх мэт) ашиглан хэрхэн дахин бүтээж суулгах талаар.
Энэ бүлгийг уншихаасаа өмнө, та дараах зүйлсийг мэдэх шаардлагатай:
Өөрийн сүлжээний холболтыг зөв тохируулах ().
Нэмэлт гуравдагч програм хангамжуудыг
хэрхэн суулгахыг мэдэх ().
Энэ бүлэгт &os;-ийн эхийг авч шинэчлэхийн тулд
svn тушаалыг ашиглагдсан. Үүнийг хэрэглэхийн
тулд devel/subversion
гэсэн порт буюу багцыг та суулгах хэрэгтэй.
Том
Рөүдс
Бичсэн
Колин
Персивал
Тэмдэглэгээ бичсэн
FreeBSD-ийн шинэчлэлт
Updating and Upgrading
freebsd-update
updating-upgrading
Аюулгүй байдлын засваруудыг хийнэ гэдэг компьютерийн програм
хангамж ялангуяа үйлдлийн системийг арчлалтын чухал хэсгийн нэг юм.
Удаан хугацааны туршид &os; дээр энэ процесс хялбар биш байлаа.
Засваруудыг эх код руу хийж кодыг хоёртын хэлбэр рүү дахин бүтээж
дараа нь хоёртын файлуудыг дахин суулгах шаардлагатай байлаа.
Энэ нь одоо тийм биш болсон бөгөөд &os; нь
freebsd-update гэгддэг хэрэгслийг агуулдаг.
Энэ хэрэгсэл нь хоёр тусдаа функцээр хангадаг. Нэгдүгээрт энэ нь
бүтээлт болон суулгах шаардлагагүйгээр хоёртын аюулгүй байдал болон
алдааны шинэчлэлтүүдийг &os;-ийн үндсэн системд оруулах боломжийг
олгодог. Хоёрдугаарт уг хэрэгсэл бага болон том хувилбарын шинэчлэлтүүдийг
дэмждэг.
Аюулгүй байдлын багаар дэмжигдсэн бүх архитектур болон
хувилбаруудын хувьд хоёртын шинэчлэлтүүд байдаг. Шинэ хувилбар
руу шинэчлэхээс өмнө хүссэн хувилбарт чинь хамаатай чухал мэдээлэл байж
болох учир одоогийн хувилбарын зарлалуудыг дахин үзэх хэрэгтэй. Тэдгээр
зарлалуудыг дараах холбоосоос үзэж болно:
.
Хэрэв crontab нь freebsd-update-ийн
боломжуудыг хэрэглэж байвал дараах үйлдлийг эхлэхээс өмнө түүнийг болиулах
хэрэгтэй.
Тохиргооны файл
Процессийг илүү хянах боломжтой болгож зарим хэрэглэгчид
/etc/freebsd-update.conf анхны тохиргооны
файлыг өөрчлөхийг хүсэж болох юм. Тохиргоонууд нь
маш сайн баримтжуулагдсан байдаг боловч дараах хэдэн зүйлийг
арай илүү тайлбарлах шаардлагатай байж болох юм:
# Components of the base system which should be kept updated.
Components src world kernel
Энэ өгөгдөл нь &os;-ийн аль хэсгийг шинэчлэхийг хянадаг.
Анхдагчаар эх код, үндсэн систем бүтнээрээ ба цөмийг шинэчлэх
байдаг. Бүрэлдэхүүн хэсгүүд нь суулгах явцад байдагтай адил
байдаг бөгөөд жишээ нь world/games гэдгийг энд нэмэхэд
тоглоомын засваруудыг хийх боломжийг олгоно. src/bin гэдгийг
ашиглах нь src/bin
дахь эх кодыг шинэчлэх боломжийг олгодог.
Хамгийн сайн тохиргоо бол үүнийг анхдагчаар нь үлдээх бөгөөд
тусгай зүйлс оруулж үүнийг өөрчилснөөр хэрэглэгчид өөрсдийн шинэчлэхийг
хүссэн зүйл болгоноо жагсааж оруулах шаардлагатай болно. Ингэснээр
эх код болон хоёртын файлуудын хоорондох уялдаа алдагдаж гамшигт
үр дагаварт хүргэж болно.
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
/bin эсвэл
/sbin зэрэг замуудыг
нэмж эдгээр тусгай сангуудыг шинэчлэх процессийн явцад
оролдохгүй орхиж болно. Энэ тохиргоо нь
freebsd-update локал өөрчлөлтүүдийг
дарж бичихээс хамгаалахад хэрэглэж болно.
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
Заагдсан сангууд дахь тохиргооны файлууд өөрчлөгдөөгүй
тохиолдолд шинэчилнэ. Хэрэглэгчийн хийсэн өөрчлөлтүүд эдгээр
файлуудын автомат шинэчлэлтийг хүчингүй болгоно.
freebsd-update-г нийлүүлэх явцад
өөрчлөлтүүдийг хадгалахыг тушаах KeepModifiedMetadata
гэсэн өөр нэг тохиргоо байдаг.
# When upgrading to a new &os; release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /var/named/etc/
freebsd-update-ийн нийлүүлэхийг оролдох
тохиргооны файлуудтай сангуудын жагсаалт. Файл нийлүүлэх процесс нь
цөөн тохиргоотой &man.mergemaster.8;-тай төстэй &man.diff.1; засварууд
бөгөөд нийлүүлэлтийг эсвэл хүлээн авах юм уу эсвэл засварлагч нээж эсвэл
freebsd-update ажиллагаагаа зогсоох болно. Эргэлзэж
байвал /etc санг нөөцөлж аваад
нийлүүлэлтүүдийг хүлээн авах хэрэгтэй. mergemaster тушаалын
талаар дэлгэрэнгүй мэдээллийг -с үзнэ үү.
# Directory in which to store downloaded updates and temporary
# files used by &os; Update.
# WorkDir /var/db/freebsd-update
Энэ сан нь бүх засварууд болон түр зуурын файлууд байх сан
юм. Хэрэглэгч хувилбар шинэчлэлт хийж байвал энэ байрлал нь хамгийн
багаар бодоход гигабайт дискийн зайтай байх шаардлагатай.
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which &os; Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
yes гэж тохируулсан үед
freebsd-update нь Components буюу
бүрэлдэхүүн хэсгүүдийн жагсаалт бүрэн гэж тооцох бөгөөд жагсаалтаас гадна өөрчлөлт
хийхийг оролдохгүй. freebsd-update нь
Components-ийн жагсаалтад хамаарах файл
бүрийг шинэчлэхийг оролдох болно.
Аюулгүй байдлын засварууд
Аюулгүй байдлын засварууд нь алсын машин дээр хадгалагддаг
бөгөөд дараах тушаал ашиглан татан авч суулгаж болно:
&prompt.root; freebsd-update fetch
&prompt.root; freebsd-update install
Хэрэв цөмийн ямар нэг засвар хийгдсэн бол системийг дахин
ачаалах хэрэгтэй. Хэрэв бүгд зөв явагдсан бол систем нь засвар хийгдсэн
байх ёстой бөгөөд freebsd-update-ийг
&man.cron.8; ажлаас шөнө бүр ажиллуулж болно. Энэ ажлыг хийхэд
дараах мөрийг /etc/crontab-д хийхэд
хангалттай байх болно:
@daily root freebsd-update cron
Энэ мөр нь өдөр бүр freebsd-update хэрэгслийг
ажиллуулахыг зааж байна. Ийм аргаар -ий нэмэлт
өгөгдлийг ашиглан freebsd-update нь зөвхөн
шинэчлэлт байгаа эсэхийг шалгах болно. Хэрэв засварууд байвал тэдгээрийг
автоматаар диск рүү татаж авах бөгөөд гэхдээ засваруудыг хийхгүй.
root хэрэглэгч рүү захиа илгээгдэх бөгөөд
дараа нь тэд гараар суулгаж болох юм.
Хэрэв ямар нэг зүйл буруу болбол freebsd-update нь
дараах тушаалаар сүүлийн өөрчлөлтүүдийг буцаах чадвартай байдаг:
&prompt.root; freebsd-update rollback
Дууссаны дараа цөм эсвэл цөмийн модулиуд өөрчлөгдсөн бол
системийг дахин эхлүүлэх хэрэгтэй. Энэ нь шинэ хоёртын файлуудыг санах
ой руу дуудах боломжийг &os;-д олгоно.
freebsd-update хэрэгсэл нь автоматаар
зөвхөн GENERIC цөмийг шинэчилж чаддаг.
Хэрэв өөрчлөн тохируулсан цөм ашиглагдаж байвал freebsd-update нь
шинэчлэлтийг хийж дууссаны дараа цөмийг дахин бүтээж суулгах шаардлагатай.
Гэхдээ freebsd-update нь /boot/GENERIC (хэрэв байгаа бол)
дахь GENERIC цөмийг системийн тухайн үеийн (ажиллаж байгаа)
цөм биш байсан ч гэсэн олж шинэчилдэг.
/boot/GENERIC дахь
GENERIC цөмийн хуулбарыг үргэлж хадгалах нь ер нь зүйтэй
байдаг. Энэ нь төрөл бүрийн асуудлуудыг шинжлэх болон
-т тайлбарласны дагуу
freebsd-update-г ашиглан
хувилбар шинэчлэлтийг хийхэд ач тустай байх болно.
/etc/freebsd-update.conf дахь анхдагч тохиргоо
өөрчлөгдөөгүй л бол freebsd-update шинэчлэгдсэн
цөмийн эхийг бусад шинэчлэлттэй цуг суулгах болно. Дараа нь өөрийн өөрчлөн
тохируулсан цөмийг дахин бүтээж суулгахдаа энгийн сурсан аргаараа хийж
болно.
freebsd-update-аар түгээгдсэн шинэчлэлтүүд нь
цөмтэй үргэлж холбоотой байдаггүй. freebsd-update install
тушаалаар цөмийн эх өөрчлөгдөөгүй бол өөрийн өөрчлөн тохируулсан цөмийг дахин
бүтээх шаардлагагүй юм. Гэхдээ freebsd-update
тушаал /usr/src/sys/conf/newvers.sh файлыг
үргэлж шинэчлэх болно. Тухайн үеийн нөхөөсийн түвшинг (uname -r
тушаалаас гарсан -p дугаараар заагдсан) энэ файлаас
авдаг. Өөр бусад юмс өөрчлөгдөөгүй байсан ч гэсэн өөрийн өөрчлөн тохируулсан
цөмийг дахин бүтээх нь системийн тухайн үеийн нөхөөсийн түвшинг зөв гаргах
боломжийг &man.uname.1;-д олгоно. Энэ нь олон системийг арчилж байгаа үед
ялангуяа ач тустай байдаг бөгөөд ингэснээр тэр системүүд дээр суулгагдсан
шинэчлэлтүүдэд түргэн шуурхай үнэлгээ өгөх боломжийг олгодог.
Major ба Minor буюу Том ба Бага шинэчлэлтүүд
Энэ процесс нь ихэнх гуравдагч талын прорамуудыг эвдэх
хуучин обьект файлууд болон сангуудыг устгах болно.
Бүх суулгагдсан портуудыг устгаж дахин суулгах эсвэл
ports-mgmt/portupgrade
хэрэгсэл ашиглан сүүлд нь шинэчлэхийг зөвлөдөг. Дараах тушаалыг
ашиглан ихэнх хэрэглэгчид тест бүтээлтийг ажиллуулахыг хүснэ:
&prompt.root; portupgrade -af
Энэ нь бүгдийг зөв дахин суулгах баталгаа болох юм.
BATCH орчны хувьсагчийг yes
гэж тохируулснаар энэ процессийн явцад гарч ирэх хүлээх мөрөнд
yes гэж хариулан бүтээх процессийн
үед оролцох шаардлагыг үгүй болгоно.
Хэрэв өөрчлөн тохируулсан цөм ашиглагдаж байгаа бол шинэчлэх
процесс арай илүү ажиллагаатай. GENERIC цөмийн
хуулбар шаардлагатай бөгөөд /boot/GENERIC-д байрлуулах
шаардлагатай. Хэрэв GENERIC цөм системд байхгүй
бол үүнийг доор дурдсан аргуудын аль нэгийг ашиглан олж авч болно:
Хэрэв өөрчлөн тохируулсан цөм зөвхөн нэг удаа бүтээгдсэн бол
/boot/kernel.old дахь
цөм нь GENERIC цөм юм. Энэ санг
/boot/GENERIC гэж
өөрчлөхөд л болно.
Машинд физикээр хандах боломжтой гэж тооцвол
GENERIC цөмийн хуулбарыг CD-ROM зөөвөрлөгчөөс
суулгаж болно. Өөрийн суулгац дискийг хийж дараах тушаалуудыг
ашиглана:
&prompt.root; mount /cdrom
&prompt.root; cd /cdrom/X.Y-RELEASE/kernels
&prompt.root; ./install.sh GENERIC
X.Y-RELEASE-г
өөрийн ашиглаж байгаа хувилбараар солих хэрэгтэй. GENERIC
цөм анхдагчаар /boot/GENERIC-д суулгагдах болно.
Дээр дурдсан бүгдийг хийх боломжгүй бол GENERIC
цөмийг эхээс нь дахин бүтээж суулгаж болох юм:
&prompt.root; cd /usr/src
&prompt.root; env DESTDIR=/boot/GENERIC make kernel
&prompt.root; mv /boot/GENERIC/boot/kernel/* /boot/GENERIC
&prompt.root; rm -rf /boot/GENERIC/boot
Энэ цөмийг freebsd-update хэрэгсэлд
GENERIC гэж харуулахын тулд GENERIC
тохиргооны файлыг ямар ч тохиолдолд өөрчилсөн байх ёсгүй. Бас ямар нэг
тусгай сонголтуудгүйгээр (аль болох хоосон /etc/make.conf
файлтайгаар) бүтээгдсэн байх ёстойг зөвлөдөг.
Энэ үед GENERIC цөм рүү дахин ачаалах
шаардлагагүй юм.
Том ба бага хувилбарын шинэчлэлтүүдийг
freebsd-update тушаалд хувилбарын дугаарыг өгч
гүйцэтгэж болно, жишээ нь дараах тушаал &os; 8.1 руу
шинэчилнэ:
&prompt.root; freebsd-update -r 8.1-RELEASE upgrade
Тушаал хүлээн авсны дараа freebsd-update
системийг шинэчлэхэд шаардлагатай мэдээллийг цуглуулахын тулд
тохиргооны файл болон одоогийн системийг шалгана. Ямар бүрэлдэхүүн
хэсгүүд илрүүлэгдсэн болон ямар бүрэлдэхүүн хэсгүүд илрүүлэгдээгүй
гэдгийг дэлгэц дээр үзүүлнэ. Жишээ нь:
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching metadata signature for 8.1-RELEASE from update1.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
The following components of FreeBSD seem to be installed:
kernel/smp src/base src/bin src/contrib src/crypto src/etc src/games
src/gnu src/include src/krb5 src/lib src/libexec src/release src/rescue
src/sbin src/secure src/share src/sys src/tools src/ubin src/usbin
world/base world/info world/lib32 world/manpages
The following components of FreeBSD do not seem to be installed:
kernel/generic world/catpages world/dict world/doc world/games
world/proflibs
Does this look reasonable (y/n)? y
Энд хүрэхэд freebsd-update шинэчлэлтэд
шаардлагатай бүх файлуудыг татан авахаар оролдох болно. Зарим
тохиолдолд хэрэглэгчээс юу суулгах эсвэл хэрхэн цааш үргэлжлүүлэх
талаар асуултууд асууж болох юм.
Өөрчлөн тохируулсан цөмийг ашиглаж байх үед дээрх алхам
дараахтай төстэй анхааруулгыг харуулах болно:
WARNING: This system is running a "MYKERNEL" kernel, which is not a
kernel configuration distributed as part of FreeBSD 8.0-RELEASE.
This kernel will not be updated: you MUST update the kernel manually
before running "/usr/sbin/freebsd-update install"
Энэ анхааруулгыг энэ үед орхигдуулахад аюулгүй байдаг. Шинэчлэгдсэн
GENERIC цөм шинэчлэлтийн явцад завсрын алхам
болон ашиглагдах болно.
Бүх засварууд локал систем рүү татагдсаны дараа тэдгээрийг
хийж өгөх болно. Машины хурд болон ачааллаас хамаарч энэ процесс нь
хугацаа шаардаж болох юм. Тохиргооны файлуудыг нийлүүлэх болно.
Файл нийлүүлэгдэх юм уу эсвэл гараар нийлүүлэхэд зориулж засварлагч
дэлгэц дээр гарч ирч болох учир процессийн энэ хэсэг хэрэглэгчийн
оролцоо шаардана. Амжилттай нийлүүлэлт болгоны үр дүн хэрэглэгчид
харуулагдаж процесс үргэлжлэх болно. Амжилтгүй болсон эсвэл орхигдсон
нийлүүлэлт нь процессийг зогсоох болно. Хэрэглэгчид нь
/etc сангийн нөөцийг
хийж master.passwd эсвэл
group зэрэг чухал файлуудыг гараар сүүлд нь
нийлүүлэхийг хүсэж болох юм.
Систем нь өөрчлөгдөөгүй байгаа бөгөөд бүх засвар оруулалт
болон нийлүүлэлт өөр сан дотор болж байгаа болно. Бүх засварууд
амжилттай хийгдэж бүх тохиргооны файлууд нийлүүлэгдэж процесс
тэгш явагдаж байгаа мэт санагдвал хэрэглэгч өөрчлөлтүүдийг хийх
хэрэгтэй.
Энэ процесс дууссаны дараа шинэчлэлтийг дараах тушаалыг ашиглан
диск рүү хийж болно.
&prompt.root; freebsd-update install
Цөм болон цөмийн модулиудад эхлээд засвар хийнэ. Энэ үед
машиныг дахих ачаалах ёстой. Хэрэв систем өөрчлөн тохируулсан цөмөөр
ажиллаж байгаа бол цөмийг /boot/GENERIC (шинэчлэгдсэн)
цөмөөр дараа нь ачаалахаар болгохын тулд &man.nextboot.8;-ийг
ашиглана:
&prompt.root; nextboot -k GENERIC
GENERIC цөмөөр ачаалахаас өмнө (хэрэв шинэчлэгдэж
байгаа машинд алсаас хандаж байгаа бол сүлжээнд холбогдон) таны систем зөв ачаалахын
тулд шаардлагатай бүх драйверуудыг агуулсан эсэхийг шалгах хэрэгтэй. Ялангуяа
хэрэв өмнө нь ажиллаж байсан өөрчлөн тохируулсан цөм ерөнхийдөө цөмийн модулиудаар
хангагдаж байдаг ажиллагааг өөртөө агуулсан бол /boot/loader.conf
боломжийг ашиглан эдгээр модулиудыг GENERIC цөмд түр зуур
ачаалахаа мартуузай. Шинэчлэх процесс бүрэн дуустал шаардлагагүй үйлчилгээнүүд, диск
болон сүлжээний холболтууд гэх мэтийг та бас хааж өгч болох юм.
Одоо машин шинэчлэгдсэн цөмөөр ачаалагдах ёстой:
&prompt.root; shutdown -r now
Систем буцаж ассаны дараа freebsd-update-г
дахин эхлүүлэх хэрэгтэй. Процессийн төлөв хадгалагдсан болохоор
freebsd-update эхнээсээ эхлэхгүй бөгөөд бүх
хуучин хуваалцсан сангууд болон обьект файлуудыг устгах болно.
Энэ шатыг үргэлжлүүлэхийн тулд дараах тушаалыг ажиллуулна:
&prompt.root; freebsd-update install
Сангуудын хувилбарын тоо дээшилсэн эсэхээс хамаарч
суулгах гурван шатны оронд хоёр шат байж болох юм.
Бүх гуравдагч талын програм хангамжийг дахин бүтээж дахин суулгах
хэрэгтэй. Суулгагдсан програм хангамж нь шинэчлэлтийн процессийн явцад
устгагдсан сангуудаас хамаарч болох учраас энэ нь шаардлагатай юм.
ports-mgmt/portupgrade тушаалыг
үүнийг автоматжуулахад ашиглаж болох юм. Энэ процессийг эхлүүлэхийн
тулд дараах тушаалыг хэрэглэж болно:
&prompt.root; portupgrade -f ruby
&prompt.root; rm /var/db/pkg/pkgdb.db
&prompt.root; portupgrade -f ruby18-bdb
&prompt.root; rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db
&prompt.root; portupgrade -af
Үүнийг дууссаны дараа шинэчлэлтийн процессийг
freebsd-update-ийг сүүлийн удаа дуудаж
төгсгөнө. Шинэчлэлтийн процессийн сул байгаа бүх зүйлсийг гүйцээхийн
тулд дараах тушаалыг ажиллуулна:
&prompt.root; freebsd-update install
Хэрэв GENERIC цөм түр зуур ашиглагдаж байсан
бол өөрчлөн тохируулсан шинэ цөмийг ердийн хэвшсэн аргаар одоо бүтээж суулгах цаг
болжээ.
Машинаа &os;-ийн шинэ хувилбар руу дахин ачаалах хэрэгтэй.
Процесс дууслаа.
Системийн төлвийн харьцуулалт
freebsd-update хэрэгслийг
&os;-ийн суулгагдсан хувилбарын төлвийг байгаа зөв хуулбарын
эсрэг тест хийхэд хэрэглэж болно. Энэ сонголт нь системийн хэрэгслүүд
сангууд болон тохиргооны файлуудын одоогийн хувилбаруудыг шалгадаг.
Харьцуулалтыг эхлүүлэхийн тулд дараах тушаалыг ажиллуулна:
&prompt.root; freebsd-update IDS >> outfile.ids
Тушаалын нэр IDS боловч энэ нь
ямар ч тохиолдолд security/snort зэрэг
халдлага илрүүлэгч системийг солих зориулалттай биш юм.
freebsd-update нь өгөгдлийг диск дээр
хадгалдаг бөгөөд түүнийг өөрчлөх боломж тодорхой юм.
kern.securelevel тохиргоог ашиглах болон
freebsd-update-ийн өгөгдлийг зөвхөн уншигдах файлын
систем дээр ашиглагдаагүй тохиолдолд хадгалах нь энэ боломжийг
багасгах боловч илүү сайн шийдэл нь системийг DVD эсвэл
нууцлаг хадгалсан гадаад USB дискийн төхөөрөмж зэрэг
нууцлаг дисктэй харьцуулах явдал юм.
Систем нь одоо шалгагдах бөгөөд файлууд нь өөрсдийн
&man.sha256.1; утгуудын хамт, хувилбар дахь мэдэгдэж байгаа сайн утгууд болон
одоо суугдсан байгаа утгуудын хамт хэвлэгдэн харуулагдана.
Энэ нь яагаад гаралт outfile.ids файл руу
илгээгдсэн шалтгаан юм. Үүнийг нүдээр шалгахад хэтэрхий хурдан дээш
гүйж удалгүй консолын буфферийг дүүргэх болно.
Эдгээр мөрүүд нь бас хэтэрхий урт боловч гаралтын хэлбэрийг
хялбараар задлан ялгаж болно. Жишээ нь хувилбарт байгаагаас ондоо
бүх файлуудын жагсаалтыг авахын тулд дараах тушаалыг ажиллуулна:
&prompt.root; cat outfile.ids | awk '{ print $1 }' | more
/etc/master.passwd
/etc/motd
/etc/passwd
/etc/pf.conf
Энэ гаралт нь тайрагдсан бөгөөд олон файл байгаа болно.
Эдгээр файлуудын зарим нь төрөлхийн өөрчлөлтүүдтэй байна, жишээ нь
/etc/passwd нь хэрэглэгч системд нэмэгдсэн
болохоор өөрчлөгдсөн байна. Зарим тохиолдолд
freebsd-update нь шинэчилсэн байж болзошгүй учир
цөмийн модулиуд зэрэг бусад файлууд өөр байж болох юм.
Тусгай файлууд болон сангуудыг хасахын тулд тэдгээрийг
/etc/freebsd-update.conf файлын
IDSIgnorePaths тохиргоонд нэмж өгнө.
Өмнө хэлэлцсэн хувилбараас гадна нарийн нягт шинэчлэлтийн аргын
хэсэг болгон энэ системийг ашиглаж болно.
Том
Рөүдс
Бичсэн
Колин
Персивал
Тэмдэглэгээ бичсэн
Portsnap: Портын цуглуулгыг шинэчлэх хэрэгсэл
Updating and Upgrading
Portsnap
updating-upgrading
&os;-ийн үндсэн систем портын цуглуулгыг бас шинэчилдэг
&man.portsnap.8; хэрэгслийг агуулдаг. Ажиллуулсны дараа энэ нь
алсын сайт руу холбогдож нууц түлхүүрийг шалгаж портын цуглуулгын шинэ
хуулбарыг татан авдаг. Түлхүүр нь бүх татаж авсан файлууд татагдаж байхдаа
өөрчлөгдөөгүй эсэхийг хянан бүрэн бүтэн байдлыг шалгахад ашиглагддаг.
Хамгийн сүүлийн үеийн портын цуглуулгыг татаж авахын тулд дараах
тушаалыг ажиллуулна:
&prompt.root; portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 9 mirrors found.
Fetching snapshot tag from geodns-1.portsnap.FreeBSD.org... done.
Fetching snapshot metadata... done.
Updating from Tue May 22 02:12:15 CEST 2012 to Wed May 23 16:28:31 CEST 2012.
Fetching 3 metadata patches.. done.
Applying metadata patches... done.
Fetching 3 metadata files... done.
Fetching 90 patches.....10....20....30....40....50....60....70....80....90. done.
Applying patches... done.
Fetching 133 new ports or files... done.
Энэ жишээ нь юу үзүүлж байна вэ гэхээр &man.portsnap.8;
одоо байгаа портын өгөгдөлд хэд хэдэн засварууд байгааг олж шалгаж байна.
Энэ нь бас уг хэрэгсэл өмнө нь ажилласныг харуулж байгаа бөгөөд
хэрэв эхний удаа ажилласан бол цуглуулга татагдан авагдах байсан
юм.
&man.portsnap.8; нь fetch үйлдлийг хийж
дууссаны дараа локал систем дээр байгаа портын цуглуулга болон дараа дараагийн
засваруудыг шалгалтад дамжуулна. portsnap-ийг эхний удаа ажиллуулахдаа
extract-г ашиглан татан авсан файлуудыг суулгаж болно:
&prompt.root; portsnap extract
/usr/ports/.cvsignore
/usr/ports/CHANGES
/usr/ports/COPYRIGHT
/usr/ports/GIDs
/usr/ports/KNOBS
/usr/ports/LEGAL
/usr/ports/MOVED
/usr/ports/Makefile
/usr/ports/Mk/bsd.apache.mk
/usr/ports/Mk/bsd.autotools.mk
/usr/ports/Mk/bsd.cmake.mk
...
Аль хэдийн суулгасан портын цуглуулгыг шинэчлэхдээ
portsnap update тушаалыг ашиглах ёстой:
&prompt.root; portsnap update
Процесс одоо дууссан бөгөөд портын цуглуулыг ашиглан
програмуудыг суулгаж эсвэл шинэчилж болно.
fetch болон extract эсвэл
update үйлдлүүдийг доор харуулсан шиг дараалуулан
ажиллуулж болно:
&prompt.root; portsnap fetch update
Энэ тушаал нь портын цуглуулгын сүүлийн хувилбарыг
татан авч таны машин дээр байгаа локал хувилбарыг
/usr/ports санд
шинэчилдэг.
Баримтын цуглуулгыг шинэчлэх нь
Updating and Upgrading
Documentation
Updating and Upgrading
Үндсэн систем болон портын цуглуулгаас гадна
баримтууд нь &os; үйлдлийн системийн салшгүй хэсэг юм. Хэдийгээр
&os;-ийн хамгийн сүүлийн үеийн баримтын цуглуулга &os; вэб сайт дээр
үргэлж байдаг боловч зарим хэрэглэгчид удаан сүлжээний холболттой эсвэл
бүр тогтмол сүлжээний холболтгүй байж болох юм. Азаар &os;-ийн хамгийн
сүүлийн үеийн баримтын цуглуулгын локал хуулбарыг арчлан хувилбар бүртэй цуг
ирдэг баримтыг шинэчлэх хэд хэдэн арга байдаг.
Баримтыг шинэчлэхийн тулд Subversion-г ашиглах нь
&os;-ийн
баримтуудын эхийг Subversion
ашиглан авч болно. Энэ хэсэг дараах зүйлсийг
тайлбарладаг:
&os;-ийн баримтуудыг эхээс нь бүтээхэд шаардлагатай
хэрэгслүүд, баримтын хэрэгслүүдийг хэрхэн суулгах
талаар.
Subversion ашиглан
/usr/doc дахь
баримтын эхийн хуулбарыг хэрхэн татаж авах талаар.
&os;-ийн баримтыг эхээс нь хэрхэн бүтээж
/usr/share/doc дотор
суулгах талаар.
Баримтыг бүтээх системийн дэмждэг бүтээлтийн
зарим тохируулгууд, өөрөөр хэлбэл баримтын зарим нэг
хэл дээрх орчуулгыг зөвхөн бүтээдэг тохируулгууд эсвэл
тусгай гаралтын хэлбэржүүлэлтийг сонгодог тохируулгууд.
Subversion болон баримтын хэрэгслүүдийг суулгах нь
&os;-ийн баримтыг эхээс нь бүтээхэд нэлээн олон
тооны хэрэгслүүдийг шаарддаг. Эдгээр хэрэгслүүд нь
&os;-ийн үндсэн системийн хэсэг биш байдаг. Учир нь эдгээр нь
ихээхэн хэмжээний дискийн зай шаарддаг бөгөөд &os;-ийн бүх
хэрэглэгчдэд хэрэгтэй байдаггүй. Тэдгээр нь &os;-д зориулж
шинэ баримтууд идэвхтэй бичдэг эсвэл өөрсдийн баримтыг
эхээс нь байнга шинэчилдэг хэрэглэгчдэд зөвхөн хэрэгтэй
байдаг.
Бүх шаардлагатай хэрэгслүүд портын цуглуулгад байдаг.
Эдгээр хэрэгслүүдийн эхний суулгалт болон хожмын шинэчлэлтүүдийг
хялбаршуулах textproc/docproj порт нь &os;-ийг
баримтжуулах төслөөс хөгжүүлсэн мастер порт юм.
&postscript; эсвэл PDF баримт шаардлагагүй үед харин
textproc/docproj-nojadetex портыг
суулгаж болох юм. Баримтын хэрэгслийн энэ хувилбар нь
teTeX тайпсет хөдөлгүүрээс бусад
бүгдийг багтаасан байдаг. teTeX нь
маш олон хэрэгслүүдийн цуглуулга учир PDF гаралт үнэхээр
шаардлагагүй тохиолдолд суулгахгүй байх нь зохимжтой
байдаг.
Subversion нь
textproc/docproj порттой цуг суудаг.
Баримтын эхийг шинэчлэх нь
Subversion нь
баримтын эхийн цэвэр хуулбарыг татан
авч чаддаг.
&prompt.root; svn checkout svn://svn.FreeBSD.org/doc/head /usr/doc
Баримтын эхийн эхний таталт хугацаа шаардаж болох юм. Дуустал нь
хүлээх хэрэгтэй.
Баримтын эхийн дараа дараагийн шинэчлэлтүүдийг доорх тушаалыг
ашиглан татан авч болно.
&prompt.root; svn update /usr/doc
Эхийг татан авсныхаа дараа баримтыг шинэчлэх өөр нэг арга нь
/usr/doc сангийн
Makefile-аар дэмжигдсэн байдаг бөгөөд
дараахийг ажиллуулна:
&prompt.root; cd /usr/doc
&prompt.root; make update
Баримтын эхийн тааруулж болох тохируулгууд
&os;-ийн баримтжуулалтыг бүтээж шинэчлэх систем нь баримтын
зөвхөн тодорхой хэсгийг шинэчлэх эсвэл тусгай орчуулгыг бүтээх
процессийг амарчлах хэдэн тохируулгыг дэмждэг. Эдгээр тохируулгуудыг
/etc/make.conf файлд бүхэл системийн
хувьд зааж өгөх юм уу эсвэл &man.make.1; хэрэгсэлд тушаалын
мөрийн тохиргоо маягаар зааж өгч болно.
Дараах тохируулгууд нь эдгээрийн зарим нь юм:
DOC_LANG
Бүтээж суулгах хэл ба кодчилолын жагсаалт, жишээ нь
Англи баримтад зөвхөн зориулсан en_US.ISO8859-1
байна.
FORMATS
Бүтээх ганц хэлбэржүүлэлт эсвэл гаралтын хэлбэржүүлэлтийн
жагсаалт. Одоогоор html,
html-split, txt,
ps, pdf,
болон rtf дэмжигдсэн байгаа.
DOCDIR
Баримтыг суулгах газар. Анхдагчаар
/usr/share/doc байдаг.
&os; дээрх системийн тохируулга болон дэмжигдсэн бүтээлтийн
хувьсагчуудын талаар дэлгэрэнгүйг &man.make.conf.5;-с үзнэ үү.
&os;-ийн баримтжуулалт бүтээх системийн дэмждэг бүтээлтийн
хувьсагчуудын талаар дэлгэрэнгүйг
Шинэ хувь нэмэр оруулагчдад
зориулсан &os; баримтжуулах төслийн гарын авлагаас үзнэ үү.
&os;-ийн баримтуудыг эхээс суулгах нь
Баримтын эхийн хамгийн сүүлийн хормын хувилбарыг
/usr/doc санд татаж авснаар
суулгагдсан баримтын шинэчлэлтийг хийхэд бүх юм бэлэн болно.
DOC_LANG makefile-ийн тохиргоонд заагдсан
бүх хэлний бүрэн шинэчлэлтийг дараахийг бичин хийж болно:
&prompt.root; cd /usr/doc
&prompt.root; make install clean
Хэрэв зөвхөн тусгай хэлний шинэчлэлт хэрэгтэй бол
/usr/doc-ийн тухайн хэлний
тусгай дэд санд &man.make.1;-ийг ажиллуулж болно, жишээ нь:
&prompt.root; cd /usr/doc/en_US.ISO8859-1
&prompt.root; make update install clean
Суулгах гаралтын хэлбэржүүлэлтийг FORMATS
бүтээлтийн хувьсагчийг зааж өгөн хийж өгч болно,
жишээ нь:
&prompt.root; cd /usr/doc
&prompt.root; make FORMATS='html html-split' install clean
Марк
Фонвил
Хувь нэмэр болгосон
Баримтжуулах портуудыг ашиглах нь
Updating and Upgrading
documentation package
Updating and Upgrading
Өмнөх хэсэгт &os;-ийн баримтжуулалтыг эхээс нь
шинэчлэх аргыг бид танилцуулсан. &os;-ийн бүх системүүдийн
хувьд эх дээр тулгуурласан шинэчлэлтүүд нь боломжтой эсвэл
практикийн биш байж болох юм. Баримтжуулалтын эхүүдийг
бүтээх нь нэлээн их хэмжээний хэрэгслийн цуглуулга буюу
баримтжуулалт бүтээх хэрэгслийн олонлог,
Subversion-ийг тодорхой хэмжээгээр мэдэх,
репозиториос эхийг татаж авах болон татаж авсан эхээ
бүтээх хэд хэдэн шат дарааллуудыг шаарддаг. Энэ хэсэгт
бид &os;-ийн баримтжуулалтын суулгагдсан хуулбаруудыг
шинэчлэх өөр аргыг тайлбарлах болно. Энэ нь портын
цуглуулгыг ашиглах бөгөөд дараах боломжийг бүрдүүлнэ:
Бүгдийг бүтээлгүйгээр баримтжуулалтын урьдчилан
бүтээсэн хормын хувилбарыг татан авч суулгах
(ингэснээр баримтжуулалт бүтээх хэрэгслийн олонлогийг
бүхэлд нь суулгах шаардлагагүй болно).
Баримтжуулалтын эхийг татаж аван портын тогтолцоог
ашиглан бүтээх (татаж аван бүтээх алхмуудыг арай хялбар
болгодог).
&os;-ийн баримтжуулалтыг шинэчлэх эдгээр хоёр арга нь
&a.doceng;-ийн сар бүр шинэчилдэг баримтжуулалтын
портуудын цуглуулгаар дэмжигддэг. Эдгээр нь
&os;-ийн портын цуглуулгад docs
виртуал төрөлд байдаг.
Баримтжуулалтын портуудыг бүтээж суулгах нь
Баримтжуулалтын портууд нь баримтжуулалтын бүтээлтийг
хялбар болгохын тулд порт бүтээх тогтолцоог хэрэглэдэг.
&man.make.1;-ийг тохирох орчны тохиргоонууд болон тушаалын
мөрийн тохиргоонуудын хамтаар ажиллуулж баримтжуулалтын
эхийг татаж авах процессыг тэд автоматжуулдаг бөгөөд
баримтжуулалтын суулгалт болон устгалтыг &os;-ийн
бусад порт эсвэл багцын суулгалтын нэгэн адил хялбар
болгодог.
Мөн баримтжуулалтын портуудыг бүтээсний дараа тэд
хамааралтай баримтжуулалтыг бүтээх хэрэгслийн олонлогийн
портуудыг бүртгэдэг бөгөөд тэдгээрийг автоматаар бас
суулгадаг.
Баримтжуулалтын портуудын зохион байгуулалт нь
дараах хэлбэрийн байна:
Баримтжуулалтын портын файлууд байдаг
misc/freebsd-doc-en
мастер порт
байдаг. Энэ нь бүх
баримтжуулалтын портуудын үндэс болдог. Анхдагчаар
энэ нь Англи баримтжуулалтыг зөвхөн бүтээдэг.
Нэг портод бүгд багтсан
misc/freebsd-doc-all байдаг
бөгөөд энэ нь байгаа бүх хэл дээр бүх баримтжуулалтыг
бүтээж суулгадаг.
Эцэст нь орчуулга бүрийн хувьд зарц порт
байдаг, жишээ нь Унгар хэл дээрх баримтуудад зориулсан
misc/freebsd-doc-hu-г дурдаж
болно. Эдгээр нь бүгд мастер портоос хамаарах бөгөөд
тухайн хэлний орчуулсан баримтжуулалтыг суулгадаг.
Баримтжуулалтын портыг эхээс суулгахын тулд дараах
тушаалуудыг ажиллуулна (root эрхээр):
&prompt.root; cd /usr/ports/misc/freebsd-doc-en
&prompt.root; make install clean
Энэ нь Англи баримтжуулалтыг хуваагдсан HTML
хэлбэрээр ( дээр ашигладагийн адилаар)
бүтээж /usr/local/share/doc/freebsd санд
суулгадаг.
Нийтлэг Knob болон тохируулгууд
Баримтжуулалтын портуудын анхдагч байдлыг өөрчлөх
олон тохиргоо байдаг. Доор цөөхөн хэдэн жагсаалтыг
дурдав:
WITH_HTML
HTML хэлбэрээр бүтээхийг зөвшөөрдөг: баримт
бүрийн хувьд нэг HTML файл. Хэлбэршүүлсэн
баримтжуулалт нь тохирох article.html юм уу
эсвэл book.html гэсэн файлуудад зургийн
хамтаар хадгалагддаг.
WITH_PDF
&adobe; &acrobat.reader;,
Ghostscript эсвэл бусад PDF уншигчдыг
ашиглах &adobe;-ийн хөрвөх баримтын хэлбэрээр бүтээхийг
зөвшөөрдөг. Хэлбэршүүлсэн
баримтжуулалт нь тохирох article.pdf юм уу
эсвэл book.pdf гэсэн файлуудад
хадгалагддаг.
DOCBASE
Баримтжуулалтын суулгах байрлал. Энэ нь
анхдагчаар /usr/local/share/doc/freebsd
байдаг.
Анхдагч суулгах сан нь Subversion
аргын ашигладаг сангаас ялгаатайг санаарай.
Энэ нь яагаад гэвэл бид порт суулгаж байгаа
бөгөөд портууд нь ихэвчлэн /usr/local санд
суудаг. Үүнийг PREFIX хувьсагчийг
нэмэн өөрчилж болдог.
Энд Унгар баримтжуулалтыг Хөрвөх Баримтын Хэлбэрээр (PDF)
суулгахын тулд дээр дурдсан хувьсагчуудыг хэрхэн
ашиглахыг харуулсан жишээг үзүүлэв:
&prompt.root; cd /usr/ports/misc/freebsd-doc-hu
&prompt.root; make -DWITH_PDF DOCBASE=share/doc/freebsd/hu install clean
Баримтжуулалтын багцуудыг ашиглах нь
Өмнөх хэсэгт тайлбарласнаар баримтжуулалтын портуудыг
эхээс бүтээх нь баримтжуулалтыг бүтээх хэрэгслийн
олонлогийг суулгах болон портуудыг бүтээхэд тодорхой
хэмжээний дискийн зай шаарддаг. Баримтжуулалтын
хэрэгслүүдийг суулгахад эх үүсвэр хүрэлцэхгүй үед эсвэл
эхээс бүтээх нь ихээхэн хэмжээний дискийн зай эзлэх
бол баримтжуулалтын портуудын урьдчилан бүтээсэн
хормын хувилбаруудыг суулгах боломж бас байдаг.
&a.doceng; нь &os;-ийн баримтжуулалтын багцуудын
сар бүрийн хормын хувилбаруудыг бэлддэг. Эдгээр
хоёртын багцуудыг &man.pkg.add.1;,
&man.pkg.delete.1; гэх зэрэг багцын хэрэгслүүдийн
хамтаар ашиглаж болдог.
Хоёртын багцуудыг ашиглаж байгаа үед &os;-ийн
баримтжуулалт нь тухайн хэлний хувьд байгаа
бүх хэлбэрээр суудаг.
Жишээ нь дараах тушаал Унгар баримтжуулалтын
хамгийн сүүлийн урьдчилан бүтээсэн багцыг суулгах
болно:
&prompt.root; pkg_add -r hu-freebsd-doc
Багцууд нь харгалзах портын нэрнээсээ ялгаатай дараах
нэрийн хэлбэртэй байдаг:
lang-freebsd-doc.
Энд lang нь хэлний кодын богино
хэлбэр юм, жишээ нь hu нь Унгар, эсвэл
zh_cn нь хялбаршуулсан Хятад хэл юм.
Баримтжуулалтын портуудыг шинэчлэх нь
Өмнө нь суулгасан баримтжуулалтын портыг шинэчлэхийн
тулд портууд шинэчлэх аль ч хэрэгсэл байхад хангалттай.
Жишээ нь дараах тушаал суулгасан Унгар баримтжуулалтыг
ports-mgmt/portupgrade хэрэгслийн
тусламжтайгаар зөвхөн багцуудыг ашиглан шинэчилнэ:
&prompt.root; portupgrade -PP hu-freebsd-doc
Хөгжүүлэлтийн салбарыг дагах нь
-CURRENT
-STABLE
FreeBSD-ийн хоёр хөгжүүлэлтийн салбар байдаг: &os.current; болон
&os.stable;. Энэ хэсэгт эдгээр тус бүрийг тайлбарлаж өөрийн системийг тус
тусын модны хувьд хамгийн шинэ хэлбэрт байнга байлгах талаар тайлбарлах болно.
&os.current; эхлээд хэлэлцэгдэх бөгөөд дараа нь &os.stable;-ийн тухай
яригдах болно.
&os;-ийн одоо үеийн хэлбэрт байх нь
Та үүнийг уншихдаа &os.current; нь &os;-ийн хөгжүүлэлтийн
bleeding edge салбар буюу амжилт ололтын хамгийн тэргүүний
салбар
гэдгийг санаарай. &os.current; хэрэглэгчдийг техникийн өндөр
чадавхитай бөгөөд системийн хүнд хэцүү асуудлуудыг өөрсдөө шийдвэрлэх
чадвартай байна гэж тооцдог. Хэрэв та &os;-д анхлан суралцагч бол
үүнийг суулгахаасаа өмнө дахин сайн бодоорой.
&os.current; гэж юу вэ?
хормын агшны хувилбар
&os.current; нь &os;-ийн хамгийн сүүлийн үеийн ажлын эх юм.
Энэ нь хийгдэж байгаа ажлууд, туршилтын өөрчлөлтүүд болон програм хангамжийн
дараагийн албан ёсны хувилбарт байхгүй ч байж болох эсвэл байж ч болох
шилжилтийн аргуудыг багтаадаг. &os;-ийн олон хөгжүүлэгчид &os.current;-ийн
эх кодыг өдөр болгон эмхэтгэн хөрвүүлж байдаг боловч эхийг бүтээх боломжгүй үе бас
байдаг. Эдгээр асуудлууд нь боломжийн хэрээр хурдан шийдэгддэг боловч
&os.current; нь сүйрэл авчрах эсвэл тун их хүссэн ажиллагааг авчрах эсэх нь
та яг ямар агшинд эх кодыг татаж авснаас хамаарах юм!
&os.current; хэнд хэрэгтэй вэ?
&os.current; нь үндсэн 3 сонирхлын бүлэгт зориулагдан
хийгдсэн:
Эх модны зарим хэсэг дээр идэвхтэйгээр ажиллаж байгаа &os;-ийн хүрээний
гишүүд болон current буюу одоо үеийн хэлбэрт
байлгах нь
туйлын шаардлага болсон хүмүүст.
&os.current;-г аль болох ухаалаг байлгахыг хичээж асуудлуудыг шийдвэрлэхэд
цагаа зарах хүсэлтэй байдаг идэвхтэй тест хийгч &os;-ийн хүрээний гишүүд.
Эдгээр хүмүүс нь өөрчлөлтүүд болон &os;-ийн ерөнхий чиглэлд цаг үеийн
саналуудыг тусгахыг хүсэж тэдгээрийг шийдэх засваруудыг илгээдэг бас хүмүүс
юм..
Юу болж байгааг зөвхөн харж мэдэж байхыг хүссэн эсвэл одоо үеийн эхийг
лавлагааны зорилгоор ашиглахыг зөвхөн хүссэн хүмүүс (өөрөөр хэлбэл
ажиллуулах биш унших зорилгоор).
Эдгээр хүмүүс нь хааяа бас санал гаргаж кодонд хувь нэмэр оруулдаг.
&os.current; нь юу Биш вэ?
Та зарим нэг дажгүй шинэ боломж байгааг сонссон учраас бусдаас
түрүүлж урьдчилсан хувилбарын тэдгээр битүүдийг авах таны нэн тэргүүний
арга зам. Шинэ боломжийг авч эхэнд байна гэдэг нь та шинэ алдаанууд,
хорхойнуудыг бас авч эхэнд байна гэсэн үг юм.
Алдааны засваруудыг хурдан авах арга зам. &os.current;-ийн
өгөгдсөн дурын хувилбар нь илэрсэн алдаануудыг засахын хажуугаар бас
магадгүй шинэ алдаанууд бас гаргаж байдаг.
Аль ч үед албан ёсоор дэмжигдсэн
. Бид өөрсдийн
чадлын хирээр хууль ёсны
3 &os.current; бүлгийн
аль нэгэнд хүмүүст бодитоор туслахыг хичээдэг, гэхдээ бидэнд ердөө л
техникийн дэмжлэг үзүүлэх цаг байдаггүй.
Энэ нь бид хүмүүст туслах дургүй өөдгүй муухай хүмүүс учраас гэсэн үг
биш юм (хэрэв бид байгаагүй бол бид &os;-г хийж байхгүй байх байсан).
Бид ердөө л өдрийн хэдэн зуун захидлуудад хариулахын
хажуугаар FreeBSD дээр ажиллаж чаддаггүй!
&os;-г сайжруулах болон туршилтын кодон дээр тавигдсан маш олон
асуултуудад хариулах хоёр сонголтын эхнийхийг хөгжүүлэгчид сонгосон
юм.
&os.current; ашиглах нь
-
- -CURRENT
- ашиглах нь
-
-
- &a.current.name; болон &a.svn-src-head.name; жагсаалтуудад элсэн орно уу.
+ &a.current.name;-CURRENTашиглах нь болон &a.svn-src-head.name; жагсаалтуудад элсэн орно уу.
Энэ нь зөвхөн сайн санаанаас гадна бас чухал
юм. Хэрэв та &a.current.name; жагсаалтад
ороогүй бол системийн одоогийн төлвийн талаар хүмүүсийн өгч байгаа санал
хүсэлтүүдийг харахгүй учраас бусдын аль хэдийн олоод шийдсэн маш их асуудлууд
дээр магадгүй та бүдрэн төөрөлдөж дуусах биз ээ. Бүр илүү чухал зүйл нь юу вэ гэвэл
таны системийн эрүүл мэндэд эгзэгтэй байж болох чухал мэдээнүүдээс та хоцрох
болно.
&a.svn-src-head.name; жагсаалт нь кодонд оруулсан өөрчлөлт бүрийн
бүртгэл оруулгыг болзошгүй сөрөг нөлөөнүүдийн талаар тохирсон мэдээллийн
хамтаар танд харах боломжийг олгодог.
Эдгээр жагсаалтууд эсвэл байгаа бусдын аль нэгэнд элсэхийн тулд
&a.mailman.lists.link; хаяг уруу орж элсэхийг хүссэн жагсаалтаа
сонгоорой. Дарааллын үлдсэн зааврууд тэнд байгаа болно. Хэрэв та
бүх л эх модон дахь өөрчлөлтийг дагах сонирхолтой байгаа бол
&a.svn-src-all.name; жагсаалтад бүртгүүлэхийг бид зөвлөж байна.
&os;-ийн толин тусгалаас
эхийг авна. Та үүнийг гурван аргаар хийж болно:
-
- svn
-
-
- cvsup
-
-
- cron
-
-
- -CURRENT
- CVSup ашиглан сүүлийн хэлбэрт аваачих
-
-
Хүссэн хөгжүүлэлт эсвэл салбар хувилбарыг
- татаж авахдаа svn програмыг
+ татаж авахдаа svnsvn програмыг
ашиглах хэрэгтэй. Энэ аргыг &os;-н хөгжүүлэлтэд хандахад
зөвлөдөг. -CURRENT суурь системийн
- Subversion татаж авах үндсэн
+ Subversion-CURRENTSVN ашиглан сүүлийн хэлбэрт аваачих татаж авах үндсэн
URL нь http://svn.freebsd.org/base/head/ бөгөөд
репозиторын хэмжээ их тул зөвхөн хүссэн дэд модоо
татаж авахыг зөвлөдөг.
/usr/share/examples/cvsup санд байх
standard-supfile гэж нэрлэгдсэн
supfile-тай цуг
cvsup програм ашигла.
Та дээр дурдсан жишээ supfile-г
өөрчлөн cvsup-г өөрийн орчны хувьд
тохируулах хэрэгтэй.
cvsup-г ашиглах нь хуучирсан
бөгөөд төсөл ашиглахыг зөвлөдөггүй.
Жишээ standard-supfile нь
&os.current;-ийн биш &os;-ийн аюулгүй байдлын тусгай
салбарыг дагахад хэрэглэгдэнэ. Танд энэ файлыг засварлаж дараах
мөрийг өөрчлөх хэрэгтэй болно:
*default release=cvs tag=RELENG_X_Y
Дээрх мөрийг дараах мөрөөр сольно:
*default release=cvs tag=.
Хэрэгцээтэй хаяг/шошгонуудын дэлгэрэнгүй тайлбарыг
гарын авлагын CVS хаяг/шошгонууд хэсгээс үзнэ үү.
-
- -CURRENT
- CTM ашиглан сүүлийн хэлбэрт аваачих
-
-
CTM хэрэгслийг ашигла.
+ linkend="ctm">CTM-CURRENTCTM ашиглан сүүлийн хэлбэрт аваачих хэрэгслийг ашигла.
Хэрэв та маш муу холболттой (өндөр үнэтэй холболтууд эсвэл
зөвхөн цахим захидлын хандалт) бол CTM
нь сонголт болох юм. Гэхдээ энэ нь бөөн зовлон бөгөөд та эвдэрсэн
файлуудтай үлдэж болох юм. Энэ нь үүнийг ховор ашиглахад хүргэдэг бөгөөд
ингэснээр ажиллахгүй байх боломжийг нэлээн удаан хугацаагаар ихэсгэдэг.
Бид Интернэт холболттой хүмүүст
Subversion-г
ашиглахыг зөвлөдөг.
Хэрэв та эхийг зөвхөн харахаар биш ажиллуулахаар татаж авч байгаа бол
зөвхөн сонгосон хэсгүүдийг биш &os.current;-ийн бүх
эхийг татаж аваарай. Үүний шалтгаан нь эхийн төрөл бүрийн хэсгүүд нь бусад хаа нэгтээ байгаа
шинэчлэлтүүдээс хамаардаг бөгөөд зөвхөн хэсэг бүлэг эхийг хөрвүүлэхийг оролдох нь
таныг бараг л баталгаатайгаар асуудалтай учруулах болно.
-
- -CURRENT
- хөрвүүлэх
-
- &os.current;-ийг хөрвүүлэхээсээ өмнө /usr/src
+ &os.current;-ийг-CURRENTхөрвүүлэх хөрвүүлэхээсээ өмнө /usr/src
дахь Makefile-г анхааралтай уншина уу.
Эхний удаа та хамгийн багаар бодоход шинэчлэлтийн процессийн хэсэг болох шинэ цөмийг суулгаж ертенцийг дахин бүтээх хэсгээр
дамжих хэрэгтэй. &a.current; болон /usr/src/UPDATING
файлыг унших нь биднийг дараагийн хувилбар уруу шилжихэд заримдаа шаардлагатай
болдог бусад эхлүүлэх процедуруудын хувьд хамгийн сүүлийн мэдээлэлтэй байлгах
боломжийг бидэнд олгодог.
Идэвхтэй бай! Хэрэв та &os.current; ажиллуулж байгаа бол
түүний талаар таныг юу хэлэхийг ялангуяа хэрэв танд өргөжүүлэлт эсвэл
алдааны засваруудын талаар санал хүсэлт байвал түүнийг бид мэдэхийг
хүсдэг юм. Хавсаргасан кодтой санал хүсэлтүүдийг хамгийн их урам зоригтойгоор
хүлээн авдаг билээ!
&os;-ийн тогтвортой хэлбэрт байх нь
&os.stable; гэж юу вэ?
-STABLE
&os.stable; нь үндсэн хувилбарууд гардаг бидний хөгжүүлэлтийн салбар юм.
Өөрчлөлтүүд нь эхлээд тест хийгдэх зорилгоор &os.current; уруу ордог гэсэн
ерөнхий төсөөлөл/таамаглалтайгаар янз бүрийн зөвшөөрлөөр энэ салбар уруу
ордог. Энэ нь одоо болтол хөгжүүлэлтийн салбар
бөгөөд гэхдээ энэ нь ямар ч үед &os.stable;-д зориулагдсан эх нь ямар ч зорилгод
тохирч эсвэл тохирохгүй байж болно гэсэн үг юм. Энэ нь эцсийн хэрэглэгчид
зориулагдсан эх үүсвэр бус ердөө л өөр нэг инженерчлэлийн хөгжүүлэлтийн арга зам
юм.
&os.stable; хэнд хэрэгтэй вэ?
Хэрэв та FreeBSD-ийн хөгжүүлэлтийн процессод хувь нэмэр оруулах сонирхолтой,
энэ нь ялангуяа FreeBSD-ийн дараагийн гарах
хувилбартай холбоотой байдаг,
эсвэл юу болж байгааг мэдэж байх сонирхолтой байгаа бол та дараах
&os.stable;-г бодолцох хэрэгтэй.
Аюулгүй байдлын засварууд бас &os.stable; салбар уруу орж байдаг нь
үнэн боловч та үүнийг хийхийн тулд &os.stable;-г заавал дагах
хэрэггүй. FreeBSD-ийн аюулгүй байдлын
зөвлөмжүүд нь тухайн хувилбарт хамааралтай асуудлыг хэрхэн засах тухай
тайлбарладаг
Энэ нь бүр яг үнэн биш юм. Бид FreeBSD-ийн хуучин хувилбаруудыг
үргэлж дэмжиж чадахгүй, гэхдээ бид тэдгээрийг олон жилийн турш дэмжсээр
ирсэн. FreeBSD-ийн хуучин хувилбаруудын одоогийн аюулгүй байдлын бодлогын
бүрэн тайлбарыг http://www.FreeBSD.org/security/-с
үзнэ үү.
бөгөөд зөвхөн аюулгүй байдлын үүднээс бүхэл бүтэн хөгжүүлэлтийн салбарыг
дагаж байна гэдэг бас зөндөө олон хүсээгүй өөрчлөлтүүдийг авчрах
магадлалтай юм.
Бид &os.stable; салбар үргэлж хөрвүүлэгдэн эмхэтгэгдэж дандаа ажилладаг байлгахаар
чармайж байдаг боловч энэ нь баталгаатай биш юм. Нэмж хэлэхэд код нь &os.stable;-д
орохоосоо өмнө &os.current;-д хөгжүүлэгдэж байдаг боловч &os.current;-г
ашиглан ажиллуулдгаас илүү &os.stable;-г хүмүүс ажиллуулдаг болохоор
&os.current;-ийн хувьд илэрхий биш байсан алдаанууд болон булангийн тохиолдлууд
&os.stable;-д илрэх нь заримдаа зайлшгүй юм.
Эдгээр шалтгаануудаас болоод бид &os.stable;-г сохроор дагахыг танд
зөвлөдөггүй бөгөөд энэ нь
өөрийн хөгжүүлэлтийн орчиндоо кодыг эхлээд сайтар тест хийлгүйгээр
үйлдвэрлэлд (production) ашиглаж байгаа серверүүдээ &os.stable;
уруу шинэчлэхгүй байхад танд ялангуяа чухал ач холбогдолтой юм.
Хэрэв танд үүнийг хийх эх үүсвэрүүд байхгүй бол бид FreeBSD-ийн хамгийн сүүлийн үеийн
хувилбарыг ажиллуулж хоёртын шинэчлэлт хийх аргыг хувилбараас хувилбар уруу шилжихдээ
ашиглахыг танд зөвлөж байна.
&os.stable; ашиглах нь
-
- -STABLE
- ашиглах нь
-
-
- &a.stable.name; жагсаалтад элсэн орно уу. Энэ нь
+ &a.stable.name;-STABLEашиглах нь жагсаалтад элсэн орно уу. Энэ нь
&os.stable;-д илэрч болох бүтээлтийн хамаарлууд эсвэл
тусгайлсан анхаарал шаардлагатай өөр бусад асуудлуудын талаар
танд мэдээлж байх болно. Хөгжүүлэгчид нь зарим нэг маргаантай засвар
эсвэл шинэчлэлийн талаар бодож байгаа талаараа бас энэ захидлын жагсаалтад
мэдээлдэг бөгөөд ийнхүү санал болгож байгаа өөрчлөлтийн талаар хэрэглэгчдэд
ямар нэг асуудал байвал тэдэнд эргээд хариу өгөх боломж олгодог юм.
Өөрийн дагаж байгаа салбарын тохирох SVN
жагсаалтад элсэн орох хэрэгтэй. Жишээ нь хэрэв та 9-STABLE салбарыг дагаж
байгаа бол &a.svn-src-stable-9.name; жагсаалтад элсэн ороорой.
Энэ нь кодонд оруулсан өөрчлөлт бүрийн
бүртгэл оруулгыг болзошгүй сөрөг нөлөөнүүдийн талаар тохирсон мэдээллийн
хамтаар танд харах боломжийг олгодог.
Эдгээр жагсаалтууд эсвэл байгаа бусдын аль нэгэнд элсэхийн тулд
&a.mailman.lists.link; хаяг уруу орж элсэхийг хүссэн жагсаалтаа
сонгоорой. Дарааллын үлдсэн зааврууд тэнд байгаа болно. Хэрэв та
бүх л эх модон дахь өөрчлөлтийг дагах сонирхолтой байгаа бол
&a.svn-src-all.name; жагсаалтад бүртгүүлэхийг бид зөвлөж байна.
Хэрэв та шинэ систем суулгаж &os.stable;-ээс бүтээсэн сар бүрийн хормын
агшны хувилбарыг түүн дээр ажиллуулахыг хүсэж байгаа бол дэлгэрэнгүй
мэдээллийн талаар
Хормын агшны хувилбарууд вэб хуудаснаас шалгана уу.
Үүнээс гадна хамгийн сүүлийн үеийн &os.stable; хувилбарыг
толин тусгалын хаягуудаас
татан авч суулгах боломжтой бөгөөд доор дурдсан заавруудыг дагаж
өөрийн системийг хамгийн сүүлийн үеийн &os.stable; эх код уруу
шинэчилж болох юм.
Хэрэв та &os;-ийн урдны хувилбар аль хэдийн ажиллуулж байгаа бөгөөд
эхээс шинэчлэхийг хүсэж байгаа бол &os;-ийн
толин тусгал хуудасаас хялбараар
хийж болно. Үүнийг гурван аргаар хийж болно:
-
- svn
-
-
- cvsup
-
-
- cron
-
-
- -STABLE
- Subversion ашиглан сүүлийн хэлбэрт аваачих
-
-
Хүссэн хөгжүүлэлт эсвэл салбар хувилбарыг
- татахдаа svn програмыг ашиглах хэрэгтэй.
+ татахдаа svnsvn програмыг ашиглах хэрэгтэй.
Энэ аргыг &os;-н хөгжүүлэлтэд хандахад
зөвлөдөг. Салбарын нэрсэд одоогийн хөгжүүлэлтийн
толгой хувилбарын хувьд head,
болон stable/9 эсвэл
releng/9.0 гэх зэрэг хувилбар инженерчлэлийн хуудас
дахь салбарууд ордог. Суурь системийн
Subversion татаж авах үндсэн
- URL нь http://svn.freebsd.org/base/ бөгөөд
+ URL нь http://svn.freebsd.org/base/-STABLESubversion ашиглан сүүлийн хэлбэрт аваачих бөгөөд
репозиторын хэмжээ их тул зөвхөн хүссэн дэд модоо
татаж авахыг зөвлөдөг.
/usr/share/examples/cvsup санд байх
standard-supfile гэж нэрлэгдсэн
supfile-тай цуг
cvsup програм ашигла.
Та дээр дурдсан жишээ supfile-г
өөрчлөн cvsup-г өөрийн орчны хувьд
тохируулах хэрэгтэй.
cvsup нь хуучирсан бөгөөд
төсөл ашиглахыг зөвлөдөггүй.
-
- -STABLE
- CTM ашиглан сүүлийн хэлбэрт аваачих
-
-
CTM хэрэгслийг ашигла.
+ linkend="ctm">CTM-STABLECTM ашиглан сүүлийн хэлбэрт аваачих хэрэгслийг ашигла.
Хэрэв танд Интернэт уруу холбогдсон хурдан хямд холболт байхгүй бол
энэ аргыг та ашиглах хэрэгтэй.
Гол нь хэрэв та эхэд хурдан, шаардлагын улмаас хандах хэрэгтэй болоод
холболтуудын зурвасын өргөн ач холбогдолгүй бол cvsup эсвэл
ftp ашиглаарай. Бусад тохиолдолд
CTM-г ашигла.
-
- -STABLE
- хөрвүүлэх нь
-
-
- &os.current;-ийг хөрвүүлэхээсээ өмнө /usr/src
+ &os.current;-ийг-STABLEхөрвүүлэх нь хөрвүүлэхээсээ өмнө /usr/src
дахь Makefile-г анхааралтай уншина уу.
Эхний удаа та хамгийн багаар бодоход шинэчлэлтийн процессийн хэсэг болох шинэ цөмийг суулгаж ертенцийг дахин бүтээх хэсгээр
дамжих хэрэгтэй. &a.current; болон /usr/src/UPDATING
файлыг унших нь биднийг дараагийн хувилбар уруу шилжихэд заримдаа шаардлагатай
болдог бусад эхлүүлэх процедуруудын хувьд хамгийн сүүлийн мэдээлэлтэй байлгах
боломжийг бидэнд олгодог.
Өөрийн эхийг хамгийн сүүлийн хэлбэрт аваачих нь
Интернетийн (эсвэл цахим захидал) холболт ашиглан &os; төслийн эхүүдийн аль ч
хэсгийн хувьд эсвэл таны юу сонирхож байгаагаас хамааран бүх хэсгүүдийг
хамгийн шинэ байлгаж байх төрөл бүрийн аргууд байдаг. Бидний санал болгодог үндсэн
үйлчилгээнүүд бол Subversion, Anonymous буюу нэргүй
CVS, CVSup болон CTM юм.
Өөрийн эх модны зөвхөн зарим хэсгийг шинэчлэх боломжтой боловч
цорын ганц шинэчлэх арга бол модыг бүтнээр нь шинэчилж хэрэглэгчийн талбар
(өөрөөр хэлбэл /bin болон
/sbin гэх мэт дэх хэрэглэгчийн талбарт ажилладаг
бүх програмууд) болон цөмийн эхүүдийг дахин эмхэтгэх явдал юм. Өөрийн эх модны
зөвхөн нэг хэсэг зөвхөн цөм эсвэл зөвхөн хэрэглэгчийн талбарыг шинэчлэх нь
асуудлууд гарахад ихэвчлэн хүргэдэг. Эдгээр асуудлууд нь эмхэтгэлтийн үеийн
алдаануудаас авахуулаад цөмийн сүйрлүүд эсвэл өгөгдлийн эвдрэлийг хүртэл
хамардаг.
CVS
anonymous буюу нэргүй
Subversion, Нэргүй CVS болон
CVSup нь эхийг шинэчлэхдээ
татах загварыг хэрэглэдэг.
Subversion-ийн хувьд хэрэглэгч (эсвэл
cron скрипт) svn
програмыг эхлүүлэн файлуудыг хамгийн шинэ хэлбэрт авчирдаг.
Локал эх модыг шинэчлэхэд зөвлөдөг арга бол Subversion
юм. cvsup ба cvs нь ижил
зарчмаар ажиллах боловч хуучирсан бөгөөд Subversion-ийг ашиглахыг зөвлөдөг.
Таны хүлээн авах шинэчлэлтүүд нь хамгийн сүүлийн минут хүртэлх үеийнх
байх бөгөөд та тэдгээрийг зөвхөн өөрийн хүссэн тэр үедээ авдаг. Та өөрийн
шинэчлэлтүүдийг таны сонирхож байгаа тусгайлсан файлууд эсвэл сангуудаар
хялбараар хязгаарлаж болно. Шинэчлэлтүүд нь таны юуг авахыг хүссэн болон танд
юу байгаагаас хамааран серверээр тухайн үед үүсгэгддэг.
Үнэхээр шаардлагагүй л бол хуучирч ирээдүйд үргэлжүүлэн ашиглахаа болих
бусад синхрон хийх аргуудаас илүүтэй Subversion-г
ашиглах ёстой юм.
CTM
Нөгөө талаас CTM нь танд байгаа эхийг
мастер архив дахь эхтэй лавлаж асуух зарчмаар харьцуулдаггүй бөгөөд өөрөөр хэлбэл
тэдгээрийг татаж авдаггүй. Ингэхийн оронд харин өмнө нь ажиллуулснаас хойшх
файл дахь өөрчлөлтүүдийг таньдаг скрипт өдөрт хэд хэдэн удаа мастер CTM машин
дээр ажиллаж илэрсэн өөрчлөлтүүдийг шахаж дарааллын-дугаар тавин цахим
захидлаар дамжуулахад зориулан кодчилдог (зөвхөн хэвлэгдэх боломжтой ASCII
хэлбэрээр). Эдгээр CTM дельтануудыг
авсаны дараа
тэдгээрийг автоматаар декод хийж шалган хэрэгчид байгаа эхийн хуулбарт
өөрчлөлтүүдийг хийх &man.ctm.rmail.1; хэрэгсэл уруу өгдөг. Энэ процесс
нь CVSup-с хамаагүй илүү үр дүнтэй
бөгөөд энэ нь татах биш харин
түлхэх загвар учраас бидний серверийн эх үүсвэрт
бага ачаалал учруулдаг юм.
Мэдээж үүнээс гадна харилцан сул болон давуу талуудтай асуудлууд байдаг.
Хэрэв та санамсаргүйгээр өөрийн архивын хэсгийг устгачих юм бол
CVSup үүнийг илрүүлж эвдэрсэн хэсгүүдийг
дахин бүтээж өгдөг. CTM ингэж
хийдэггүй бөгөөд хэрэв та өөрийн эх модны зарим хэсгийг устгасан
(бас нөөцлөн аваагүй) бол та дахин шинээр эхнээс нь (хамгийн сүүлийн үеийн
CVS суурь дельтагаас
) эхэлж
CTM-ийн тусламжтайгаар бүгдийг дахин бүтээх
буюу эсвэл Нэргүй CVS-ийн тусламжтайгаар
муу битүүдийг ердөө л устгаж дахин сүүлийн хэлбэрт аваачих хэрэгтэй болно.
Ертөнц
ийг дахин бүтээх нь
Ертөнц
ийг дахин бүтээх нь
Та өөрийн локал эх модоо &os;-ийн тухайн хувилбарын (&os.stable;,
&os.current;, гэх зэрэг) хамгийн сүүлийн үеийн хэлбэрт аваачсаныхаа
дараа та эх модоо ашиглан системийг дахин бүтээж болно.
Нөөц хий
Та дээрхийг хийхээсээ өмнө өөрийн системийг
нөөцлөн авах нь ямар чухал болохыг энэ нь хангалттай хэлж өгч чаддаггүй.
Ертөнцийг дахин бүтээх нь (хэрэв та эдгээр заавруудыг дагасан тохиолдолд)
хялбар боловч таныг алдаа гаргахад эсвэл бусдын эх модонд хийсэн алдаанууд
нь таны системийг ачаалагдахгүй болгох нөхцөлд зайлшгүй хүргэдэг.
Нөөц хийж авсан эсэхээ шалгаарай. Засварлах уян диск эсвэл ачаалагдах
CD-г гарын дор байлгаарай. Магадгүй та үүнийг хэзээ ч хэрэглэхгүй байж болох
юм, гэхдээ харамсахаасаа өмнө аюулгүй байж байх нь илүү дээр юм!
Тохирох захидлын жагсаалтад бүртгүүл
захидлын жагсаалт
&os.stable; болон &os.current; салбарууд нь угаасаа
хөгжүүлэлтэд байдаг. &os;-д хувь нэмэр
оруулж байгаа хүмүүс нь хүн л учраас алдаанууд заримдаа гардаг.
Заримдаа эдгээр алдаанууд нь нэг их хор хөнөөлгүй бөгөөд ердөө л таны
системийг шинэ оношлогооны анхааруулга хэвлэхэд хүргэдэг. Эсвэл
өөрчлөлт нь сүйрлийн байж болзошгүй байдаг бөгөөд таны системийг ачаалагдахгүй
болгож эсвэл файлын системүүдийг чинь устгаж (эсвэл бүр муу юм болж) болох юм.
Эдгээртэй адил асуудлууд гарвал асуудлын учир шалтгаан болон аль систем дээр
энэ асуудал хамааралтайг тайлбарласан heads up буюу бүхний сонорт
хандсан зарлал тохирох захидлын жагсаалтад илгээгддэг. Тэгээд
all clear буюу бүгд цэвэр
зарлал асуудал шийдэгдсэний дараа
тавигддаг.
Хэрэв та &os.stable; эсвэл &os.current;-ийг дагахыг оролдож &a.stable;
эсвэл &a.current;-г харгалзуулан уншихгүй байгаа бол энэ нь та өөртөө гай төвөг асууж
байна л гэсэн үг юм.
make world тушаалыг бүү ашигла
Ихэнх хуучин баримтууд үүнд зориулан make world
тушаалыг ашиглахыг зөвлөдөг. Энэ тушаалыг ажиллуулснаар зарим нэг чухал алхмуудыг
алгасах бөгөөд та юу хийж байгаагаа мэдэж байгаа тохиолдолд үүнийг зөвхөн ашиглах
хэрэгтэй. Бараг ихэнх тохиолдолд make world хийх нь
буруу зүйл бөгөөд энд тайлбарласан процедурыг түүний оронд ашиглах ёстой юм.
Шалгагдсан аргаар өөрийн системийг шинэчлэх нь
Өөрийн системийг шинэчлэхийн тулд өөрт чинь байгаа эхийн хувилбарт шаардлагатай байгаа
бүтээхээс урьдах алхмууд та /usr/src/UPDATING
файлд байгаа эсэхийг шалгах хэрэгтэй бөгөөд үүний дараа энд дурдсан процедурыг
ашиглана.
Эдгээр шинэчлэлтийн алхмууд нь таныг хуучин хөрвүүлэгч, хуучин цөм, хуучин
ертөнц болон хуучин тохиргооны файлууд бүхий &os;-ийн хуучин хувилбар ашиглаж
байгаа гэж тооцдог. Ертөнц
гэдгийг бид энд системийн гол хоёртын
файлууд, сангууд болон програмын файлууд гэж ойлгоно. Хөрвүүлэгч нь
ертөнц
ийн хэсэг бөгөөд цөөн асуудлуудтай байдаг.
Таныг шинэ системийн эхийг аль хэдийн авсан байгаа гэж бид бас
энд тооцдог. Тухайн систем дээр байгаа эхүүд бас хуучин байвал шинэ хувилбар
руу шилжүүлэх талаар бичсэн -с дэлгэрэнгүйг
үзнэ үү.
Системийг эхээс шинэчлэх нь эхлээд санагдсанаасаа илүү нарийн байдаг
бөгөөд тойрон гарах боломжгүй, хамаарлууд бүхий шинэ асуудлууд гардгаас болоод
&os;-ийн хөгжүүлэгчид зөвлөдөг чиг хандлагаа жил ирэх тутам нэлээнээр
өөрчлөх шаардлагатай болсон. Энэ хэсгийн үлдсэн хэсэг нь одоогоор зөвлөж
байгаа шинэчлэх дарааллын талаар тайлбарлах болно.
Амжилттай болох шинэчлэх дараалал бүр дараах асуудлуудыг
шийдэх ёстой:
Хуучин хөрвүүлэгч шинэ цөмийг бүтээж чадахгүй байж болох
юм. (Хуучин хөрвүүлэгчид заримдаа алдаатай байдаг.) Тиймээс шинэ
цөмийг шинэ хөрвүүлэгчээр бүтээх ёстой. Ялангуяа шинэ цөм бүтээхээсээ
өмнө шинэ хөрвүүлэгчийг бүтээх хэрэгтэй. Энэ нь шинэ хөрвүүлэгчийг
заавал шинэ цөмөөс өмнө суулгасан байх ёстой
гэсэн үг биш юм.
Шинэ ертөнц шинэ цөмийн боломжууд дээр тулгуурлаж байж
болох юм. Тиймээс шинэ цөмийг шинэ ертөнцийг суулгахаасаа өмнө
суулгасан байх шаардлагатай.
Эдгээр хоёр асуудал нь бидний дараагийн хэсгүүдэд тайлбарлах
гол buildworld,
buildkernel,
installkernel,
installworld дарааллын үндэс болдог.
Энэ нь одоогоор зөвлөдөг шинэчлэлтийн просессийг та яагаад заавал
сонгох ёстойг харуулсан бүх шалтгаануудын бүрэн дүүрэн жагсаалт
биш юм. Зарим нэг тийм ч мэдээжийн биш зүйлсийг доор жагсаав:
Хуучин ертөнц шинэ цөм дээр зөв ажиллахгүй байж болох учир
та шинэ цөм суулгасныхаа дараа шинэ ертөнцийг даруйхан суулгах
ёстой.
Шинэ ертөнц суулгахаасаа өмнө зарим нэг тохиргооны өөрчлөлтүүдийг
хийх ёстой боловч зарим нь хуучин ертөнцийг эвдэж магадгүй юм. Тийм
болохоор хоёр өөр тохиргооны шинэчлэлтийн алхам ерөнхийдөө шаардлагатай
байдаг.
Ихэнх хэсгийн хувьд шинэчлэх процесс нь зөвхөн файлуудыг солих юм уу
эсвэл нэмдэг бөгөөд байгаа хуучин файлуудыг устгадаггүй. Цөөн тохиолдолд
энэ нь асуудал үүсгэж болох юм. Үүний дүнд шинэчлэх арга зам нь зарим нэг
алхам дээр гараар устгах тодорхой файлуудыг заримдаа зааж өгдөг. Үүнийг
ирээдүйд автоматчилах юм уу эсвэл үгүй ч байж болох юм.
Эдгээр зүйлс нь дараах зөвлөсөн дараалалд хүргэдэг. Тухайн шинэчлэлтүүдэд
зориулсан дэлгэрэнгүй дараалал нь нэмэлт алхмуудыг шаардаж болохыг санаарай.
Гэхдээ эдгээр гол процессууд тодорхой хугацаагаар өөрчлөгдөхгүй байх
ёстой юм:
make buildworld
Энэ нь эхлээд шинэ хөрвүүлэгч болон хамааралтай цөөн хэрэгслүүдийг
бүтээж дараа нь шинэ ертөнцийн бусдыг хөрвүүлэхийн тулд шинэ хөрвүүлэгчийг
ашигладаг. Үр дүн нь /usr/obj-д
хадгалагддаг.
make buildkernel
&man.config.8; болон &man.make.1;-ийг ашигладаг хуучин аргаасаа
ялгаатай нь энэ тушаал /usr/obj
санд байрлаж байгаа шинэ хөрвүүлэгчийг ашигладаг.
Энэ нь хөрвүүлэгч болон цөмийн хооронд тохиромжгүй байдал үүсэхээс таныг
хамгаалдаг.
make installkernel
Шинэ цөм болон цөмийн модулиудыг дискэд байрлуулж шинээр шинэчилсэн
цөмөөр ачаалах боломжийг бүрдүүлдэг.
Ганц хэрэглэгчийн горим руу ачаалан орно.
Ганц хэрэглэгчийн горим нь ажиллаж байгаа програм хангамжуудыг
шинэчлэхэд гарах асуудлуудыг багасгадаг. Энэ нь бас шинэ цөм дээр
хуучин ертөнцийг ажиллуулахад гарах асуудлыг багасгадаг.
mergemaster
Энэ нь шинэ ертөнцөд зориулж зарим нэг тохиргооны файлуудын эхний
шинэчлэлтүүдийг хийдэг. Жишээ нь энэ нь шинэ хэрэглэгчийн бүлгийг
системд нэмэх, эсвэл шинэ хэрэглэгчийн нэрсийг нууц үгийн мэдээллийн санд
нэмж болох юм. Сүүлийн шинэчлэлтээс хойш шинэ бүлгүүд эсвэл системийн
тусгай хэрэглэгчийн бүртгэлүүдийг нэмэх үед энэ нь ихэвчлэн шаардлагатай
байдаг. Ингэснээр installworld алхам нь
шинээр суулгагдсан системийн хэрэглэгч эсвэл системийн бүлгийн нэрсийг
ямар ч асуудалгүйгээр ашиглах боломжтой болох юм.
make installworld
/usr/obj сангаас
ертөнцийг хуулдаг. Та одоо диск дээрээ шинэ цөм болон шинэ ертөнцтэй
боллоо.
mergemaster
Нэгэнт диск дээрээ шинэ ертөнцтэй болсон болохоор та одоо
үлдсэн тохиргооны файлуудаа шинэчилж болно.
Дахин ачаална.
Шинэ цөм болон шинэ ертөнцийг шинэ тохиргооны файлуудтай
дуудахын тулд машиныг бүрэн дахин ачаалах хэрэгтэй.
Хэрэв та &os;-ийн нэг салбар дотор нэг хувилбараас илүү сүүлийн
хувилбар руу шинэчилж байгаа бол, өөрөөр хэлбэл 7.0-с 7.1 рүү шинэчилж
байгаа бол хөрвүүлэгч, цөм, хэрэглэгчийн талбар болон тохиргооны файлуудын
хооронд айхтар таарамжгүй байдлууд тантай бараг л тохиолдохгүй учир энэ
арга нь заавал шаардлагатай биш байж болох юм. Хуучин арга болох
make world болон шинэ
цөмийг бүтээж суулгах нь жижиг шинэчлэлтийн хувьд хангалттай сайн
ажиллаж болох юм.
Гэхдээ гол хувилбаруудын хооронд шинэчлэлт хийж байх үед энэ арга
замыг дагахгүй байгаа хүмүүст зарим асуудлууд учирч болох юм.
Олон шинэчлэлтүүд (өөрөөр хэлбэл 4.X-с
5.0 руу) тусгайлсан нэмэлт алхмуудыг (жишээ нь installworld хийхээс өмнө
тусгай файлуудын нэрийг өөрчлөх эсвэл устгах гэх мэт) шаардаж болохыг энд
тэмдэглэх нь зүйтэй юм. /usr/src/UPDATING файлыг
анхааралтай уншина уу, ялангуяа одоогоор зөвлөсөн байгаа шинэчлэх дарааллыг
тусгайлан тайлбарласан төгсгөл хэсгийг уншаарай.
Зарим нэг тохиромжгүй байдалтай холбоотой асуудлуудаас бүрэн
гүйцэд хамгаалах боломжгүйг хөгжүүлэгчид мэдсэнээр энэ арга нь цаг хугацааны
туршид сайжруулагдсаар ирсэн юм. Одоогийн арга замууд нь удаан хугацааны
туршид тогвортой байна гэдэгт найдаж байна.
Дүгнэхэд &os;-г эхээс шинэчлэхэд одоогоор зөвлөдөг арга
бол:
&prompt.root; cd /usr/src
&prompt.root; make buildworld
&prompt.root; make buildkernel
&prompt.root; make installkernel
&prompt.root; shutdown -r now
buildworld алхмаас өмнө
mergemaster -p тушаалыг нэмж ажиллуулах
цөөн ховор тохиолдлууд байдаг. Эдгээрийн талаар UPDATING
файлд тайлбарласан байдаг. Хэрэв та &os;-ийн нэг буюу олон голлох
хувилбаруудын дагуу шинэчлэл хийхгүй байгаа бол ерөнхийдөө энэ алхмыг
эмээлгүйгээр орхиж болох юм.
installkernel амжилттай дууссаны
дараа та ганц хэрэглэгчийн горим уруу ачаалах хэрэгтэй (өөрөөр хэлбэл
boot -s тушаалыг дуудагч мөрөөс ашиглана).
Дараа нь доор дурдсан тушаалуудыг ажиллуулна:
&prompt.root; mount -u /
&prompt.root; mount -a -t ufs
&prompt.root; adjkerntz -i
&prompt.root; mergemaster -p
&prompt.root; cd /usr/src
&prompt.root; make installworld
&prompt.root; mergemaster
&prompt.root; reboot
Тайлбаруудыг цааш уншина уу
Дээр тайлбарласан дараалал нь зөвхөн таныг эхлэхэд туслах богино
сэргээлт болох юм. Гэхдээ хэрэв та ялангуяа өөрчлөн тохируулсан
цөмийн тохиргоо ашиглахыг хүсэж байгаа бол дараах хэсгүүдийг уншиж
алхам бүрийг сайтар ойлгох хэрэгтэй.
/usr/src/UPDATING файлыг унш
Өөр юм хийж эхлэхээсээ өмнө та /usr/src/UPDATING-г
(эсвэл эх кодын хуулбар хаана байгаа тэндээс үүнтэй төстэй файлыг ) уншаарай.
Энэ файл нь танд учирч болзошгүй асуудлуудын талаар чухал мэдээлэл агуулдаг бөгөөд
эсвэл таны ажиллуулах зарим нэг тушаалуудын дарааллын талаар заасан байдаг.
Хэрэв UPDATING файл таны энд уншсантай зөрчилдөж
байвал UPDATING файлд заасныг дагах хэрэгтэй.
UPDATING файлыг унших нь өмнө нь тайлбарласнаар
зөв захидлын жагсаалтад бүртгүүлэхтэй харьцуулах юм бол хүлээн зөвшөөрч болохуйц
орлогч байж чадахгүй юм. Энэ хоёр шаардлага нь нэмэлт бөгөөд заавал шаардлагатай
биш юм.
/etc/make.conf файлыг шалга
make.conf
/usr/share/examples/etc/make.conf
болон /etc/make.conf файлыг шалгаарай.
Эхнийх нь зарим нэг анхдагч тодорхойлолтуудыг агуулдаг – тэдгээрийн
ихэнх нь тайлбар болон хаагдсан байдаг. Та системээ эхээс нь дахин бүтээх үедээ
тэдгээрийг ашиглахын тулд /etc/make.conf
файлд нэмэх хэрэгтэй. /etc/make.conf файлд
нэмсэн болгон make тушаалыг ажиллуулах бүрд
бас ашиглагддаг учир өөрийн системдээ зориулан тэдгээрийг боломжийн утгаар
тохируулж өгөх нь зүйтэй юм.
Ердийн хэрэглэгч /usr/share/examples/etc/make.conf
файлд байдаг NO_PROFILE мөрийг
/etc/make.conf уруу хуулж
тайлбар болгосныг болиулж нээхийг магадгүй хүсэж
болох юм.
NOPORTDOCS гэх зэрэг бусад
тодорхойлолтуудыг шалгаж танд хамаатай
эсэхээс хамаарч оруулах эсэхээ шийдээрэй.
/etc дэх файлуудыг шинэчил
/etc сан нь таны системийн тохиргооны мэдээллийн
ихэнх хэсгийг агуулдгаас гадна системийг эхлүүлэхэд ажилладаг скриптүүд энд байдаг.
Эдгээр скриптүүдийн зарим нь FreeBSD-ийн хувилбараас хувилбарт өөрчлөгддөг.
Тохиргооны файлуудын зарим нь бас системийг ажиллуулахад өдөр тутам хэрэглэгддэг.
Ялангуяа /etc/group-г дурдаж болно.
make installworld тушаалын суулгалт хийх хэсэг нь
зарим нэг хэрэглэгчийн нэр эсвэл бүлгүүд байж байна гэж тооцдог тохиолдлууд байдаг.
Шинэчлэл хийж байх үед эдгээр хэрэглэгчид эсвэл бүлгүүд ихэнхдээ байхгүй байдаг.
Энэ нь шинэчлэл хийхэд асуудал учруулдаг. Зарим тохиолдолд make buildworld
нь эдгээр хэрэглэгчид эсвэл бүлгүүд байгаа эсэхийг шалгана.
Үүний нэг жишээ нь smmsp хэрэглэгч нэмэгдсэн
тохиолдол юм. &man.mtree.8; нь /var/spool/clientmqueue-г
үүсгэхийг оролдох үед хэрэглэгчийн суулгалтын процесс энэ асуудлаас болж амжилтгүй
болж байсан.
Үүний шийдэл нь &man.mergemaster.8;-г ертөнцийг бүтээхээс урд
тохируулгатай ажиллуулах явдал юм. Энэ нь buildworld
эсвэл installworld тушаалыг амжилттай болгоход
зөвхөн шаардлагатай файлуудыг харьцуулдаг.
Хэрэв та ялангуяа хэтэрхий санаа зовж байгаа бол тухайн бүлэгт харьяалагдаж байгаа
нэрийг нь өөрчилж байгаа эсвэл устгаж байгаа ямар файлууд байгааг өөрийн системээс
шалгаарай:
&prompt.root; find / -group GID -print
дээрх нь GID (энэ бүлгийн нэр байж болно эсвэл
бүлгийн тоон ID байж болно) бүлгийн эзэмшдэг файлуудыг харуулна.
Ганц хэрэглэгчийн горимд шилж
ганц хэрэглэгчийн горим
Та системийг ганц хэрэглэгчийн горимд эмхэтгэхийг хүсэж болох юм.
Энэ нь шинэчлэлтийг арай илүү хурдасгах илэрхий ашиг тустайгаас гадна
системийг дахин суулгах нь системийн стандарт хоёртын файлууд,
libraries буюу туслах сангууд, оруулгын файлууд гэх зэрэг системийн
маш олон чухал файлуудыг хөнддөг. Ажиллаж байгаа систем дээр эдгээрийг
өөрчлөх нь (ялангуяа хэрэв тухайн үед таны систем дээр идэвхтэй хэрэглэгчид
байвал) гай төвгийг өөрөө эрж байна гэсэн үг юм.
олон хэрэглэгчийн горим
Өөр нэг арга бол системийг олон хэрэглэгчийн горимд эмхэтгэж дараа нь
суулгахдаа ганц хэрэглэгчийн горимд шилжин хийх явдал юм. Хэрэв та энэ замаар
хийхийг хүсэж байвал бүтээлт дуустал дараах алхмууд дээр хүлээж байгаарай.
Та installkernel эсвэл
installworld хийх хүртлээ ганц хэрэглэгчийн горимд
оролгүйгээр хүлээж байж болно.
Супер хэрэглэгч болоод та доор дурдсаныг:
&prompt.root; shutdown now
ажиллаж байгаа системээс ганц хэрэглэгчийн горим уруу оруулахдаа
ажиллуулж болно.
Өөр нэг арга нь системийг дахин ачаалаад ачаалалтын тушаал хүлээх мөрөн дээр
single user буюу ганц хэрэглэгч
тохируулгыг сонгоорой.
Ингэхэд систем ганц хэрэглэгчийг ачаална. Бүрхүүлийн тушаал хүлээх мөрөнд та
доор дурдсан тушаалуудыг ажиллуулах шаардлагатай:
&prompt.root; fsck -p
&prompt.root; mount -u /
&prompt.root; mount -a -t ufs
&prompt.root; swapon -a
Энэ нь файлын системүүдийг шалгаж /-г
дахин унших/бичихээр дахин холбож бусад бүх UFS файлын системүүдийг
/etc/fstab-д заасны дагуу холбон дараа нь
swap-ийг идэмвхжүүлэх болно.
Хэрэв таны CMOS цаг нь GMT биш локал хугацаагаар тохируулагдсан бол
(хэрэв &man.date.1; тушаалын гаралт зөв цаг болон бүсийг харуулахгүй
бол энэ нь үнэн) та дараах тушаалыг бас ажиллуулах хэрэгтэй болж
болох юм:
&prompt.root; adjkerntz -i
Энэ нь таны локал цагийн бүсийн тохируулгуудыг зөвөөр тохируулж өгдөг —
үүнийг хийхгүй бол та дараа нь зарим асуудлуудтай тулгарч магадгүй.
/usr/obj-г устга
Системийн хэсгүүд дахин бүтээгдсэнийхээ дараа (анхдагчаар)
/usr/obj дахь сангуудад байршдаг. Эдгээр сангууд нь
/usr/src дотор байгааг халхалдаг.
Та make buildworld процессийг хурдасгаж болох бөгөөд
энэ санг бас устгаснаар хамаарлын зовлонгуудаас өөрийгөө магадгүй аврах болно.
/usr/obj доторх зарим файлуудад immutable
буюу хувиршгүй туг тавигдсан (дэлгэрэнгүй мэдээллийг &man.chflags.1;-с үзнэ үү )
байж болох бөгөөд түүнийг эхлээд арилгах хэрэгтэй.
&prompt.root; cd /usr/obj
&prompt.root; chflags -R noschg *
&prompt.root; rm -rf *
Үндсэн системийг дахин эмхэтгэ
Гаралтыг хадгалах нь
&man.make.1;-г ажиллуулахдаа гарах үр дүнг өөр файл уруу хадгалах нь
зүйтэй юм. Хэрэв ямар нэг юм болохоо боливол та алдааны мэдэгдлийн хуулбартай
байх болно. Энэ нь танд юу буруутсаныг шинжлэхэд чинь тус болохгүй байж болох боловч
та өөрийн энэ асуудлаа &os;-ийн аль нэг захидлын жагсаалт уруу илгээсэн тохиолдолд
бусдад тус болж болох юм.
Үүнийг хамгийн амраар хийхийн тулд &man.script.1; тушаалыг бүх гаралтыг хадгалах
файлын нэрийг заасан параметрийн хамтаар ашиглана. Та үүнийг ертөнцийг дахин бүтээхээс
өмнөхөн нэн даруй хийж дараа нь процесс дууссаны дараа exit
гэж бичиж гарна.
&prompt.root; script /var/tmp/mw.out
Script started, output file is /var/tmp/mw.out
&prompt.root; make TARGET
… compile, compile, compile …
&prompt.root; exit
Script done, …
Хэрэв та үүнийг хийх бол гаралтыг /tmp дотор
битгий хадгалаарай. Энэ сан нь таныг дахин ачаалсны
дараа цэвэрлэгдэж болох юм. Энэ файлыг хадгалах арай илүү боломжийн газар нь
/var/tmp (өмнөх жишээн дээрх шиг) эсвэл
root хэрэглэгчийн гэр сан байж болох юм.
Үндсэн системийг эмхэтгэ
Та /usr/src сан дотор байх
шаардлагатай:
&prompt.root; cd /usr/src
(гэхдээ мэдээж таны код өөр газар байгаа тохиолдолд тэр сан уруугаа орох
хэрэгтэй).
make
Ертөнцийг дахин бүтээхдээ та &man.make.1; тушаалыг ашиглана. Энэ
тушаал нь &os;-ийн агуулсан програмууд ямар дарааллаар дахин хэрхэн бүтээгдэх зэргийг
тайлбарласан Makefile файлаас заавруудыг уншдаг.
Таны бичих тушаалын мөрийн ерөнхий хэлбэр нь дараах байдлаар байна:
&prompt.root; make -x -DVARIABLE target
Энэ жишээн дээр нь
&man.make.1; уруу таны дамжуулах тохируулга юм. &man.make.1;-н гарын авлагын хуудаснаас
та дамжуулж болох тохируулгуудын жишээг үзнэ үү.
тохируулга нь Makefile уруу хувьсагч дамжуулж байна.
Makefile-ийн ажиллагаа эдгээр хувьсагчуудаар
хянагдана. Эдгээр нь /etc/make.conf дотор
зааж өгсөн хувьсагчуудтай адил бөгөөд энэ нь тэдгээрийг тохируулах бас нэг өөр
арга юм.
&prompt.root; make -DNO_PROFILE target
тушаал нь профиль хийгдсэн сангууд бүтээгдэх ёсгүйг заах өөр нэг арга бөгөөд
энэ нь /etc/make.conf дахь дараах
NO_PROFILE= true # Avoid compiling profiled libraries
мөрд харгалзах юм.
target нь &man.make.1;-д
таны юу хийхийг хэлж өгдөг. Makefile болгон
өөр өөр targets буюу даалгаврын төрлүүдийг
тодорхойлдог
бөгөөд таны сонгосон төрөл юу болохыг тодорхойлдог.
Зарим төрлүүд Makefile-д жагсаагдсан байх
бөгөөд гэхдээ эдгээр нь таныг ажиллуулахад зориулагдаагүй. Харин тэдгээр нь
системийг дахин бүтээхэд шаардлагатай алхмуудыг хэд хэдэн дэд алхмуудад хуваахын
тулд бүтээх процессод хэрэглэгддэг.
Ихэнх тохиолдолд та &man.make.1; уруу ямар ч параметр дамжуулах
хэрэггүй бөгөөд тэгэхээр таны тушаал дараахтай ижил байж болно:
&prompt.root; make target
дээрх target нь олон бүтээх тохируулгуудын
нэг болно. Эхний төрөл нь үргэлж buildworld
байх ёстой.
Нэртэйгээ адилаар buildworld нь
/usr/obj дотор бүрэн гүйцэд шинэ модыг бүтээх бөгөөд
өөр нэг төрөл болох installworld нь
энэ модыг тухайн машин дээр суулгадаг.
Тусдаа тохируулгуудтай байх нь хоёр шалтгаанаар маш ач холбогдолтой юм.
Нэгдүгээрт энэ нь бүтээлтийг таны ажиллаж байгаа системийн ямар ч хэсэгт нөлөөлөхгүйгээр
аюулгүйгээр хийхийг танд зөвшөөрдөг. Бүтээлт нь өөр дээрээ хийгдэнэ (self hosted)
.
Ийм болохоор та buildworld тушаалыг олон
хэрэглэгчийн горимд ажиллаж байгаа машин дээр буруу нөлөөллөөс айлгүйгээр аюулгүйгээр
хийж болно. Гэхдээ installworld хэсгийн хувьд ганц
хэрэглэгчийн горимд хийхийг танд зөвлөдөг.
Хоёрдугаарт энэ нь сүлжээн дэх олон машинуудыг шинэчлэхэд
NFS холболтуудыг ашиглахыг танд зөвшөөрдөг. Хэрэв танд гурван машин байгаа бөгөөд
A, B болон C
машинуудыг шинэчлэхийг хүсвэл make
buildworld болон make installworld
тушаалыг A дээр ажиллуулна. Дараа нь B болон C
машинууд A дээрх /usr/src
болон /usr/obj сангуудыг NFS холболт хийн
make installworld-г ажиллуулж
бүтээлтийн үр дүнг B болон C дээр
суулгаж болох юм.
world төрөл байсаар байгаа хэдий ч
танд түүнийг ашиглахгүй байхыг зөвлөж байна.
Дараах тушаалыг ажиллуул
&prompt.root; make buildworld
Хэд хэдэн зэрэгцээ процессуудыг үүсгэх тохируулгыг
make тушаалд зааж өгөх боломжтой. Энэ нь олон CPU-тэй
машинууд дээр хамгийн их ашигтай. Гэхдээ эмхэтгэх процессийн ихэнх нь CPU дээр биш
IO дээр ажилладаг болохоор энэ нь бас нэг CPU-тэй машинууд дээр ашигтай юм.
Ердийн нэг CPU-тэй машин дээр та доор дурдсаныг ажиллуулж болох юм:
&prompt.root; make -j4 buildworld
&man.make.1; нь 4 хүртэлх процессийг нэгэн зэрэг ажиллуулах юм. Захидлын
жагсаалтуудад илгээгдсэн туршлагаас харахад энэ нь ерөнхийдөө ажиллагааг хамгийн сайн
хангаж хурдасгадаг байна.
Хэрэв та олон CPU машинтай бөгөөд SMP тохируулагдсан цөм ашиглаж байвал
утгыг 6-аас 10 хүртэл болгож хэр хурдсаж байгааг хараарай.
Хугацаа
ертөнцийг
дахин бүтээх нь
хугацаа
Бүтээхэд шаардагдах хугацаанд олон хүчин зүйлс нөлөөлдөг, гэхдээ
нэлээн сүүлийн үеийн машинуудын хувьд &os.stable; модыг процессийн явцад ямар нэгэн
заль мэх эсвэл дөт зам ашиглалгүйгээр бүтээхэд зөвхөн нэг юм уу эсвэл хоёр цаг л
шаардагдах болох юм. &os.current; модны хувьд арай удах болов уу.
Шинэ цөмийг эмхэтгэж суулга
цөм
суулгах нь
Та өөрийн шинэ системийн давуу талыг бүгдийг нь авахын тулд цөмөө дахин эмхэтгэх
хэрэгтэй. Зарим нэг санах ойн бүтцүүд өөрчлөгдсөн байх талтай бөгөөд
&man.ps.1; болон &man.top.1; зэрэг програмууд нь цөм болон эх кодын хувилбарууд
адил болтол ажилладаггүй болохоор эмхэтгэх нь үнэндээ чухал хэрэгцээтэй юм.
Үүнийг хамгийн хялбараар аюулгүйгээр хийхийн тулд GENERIC
дээр тулгуурласан цөмийг бүтээж суулгах явдал юм. GENERIC нь
таны системийн хувьд хэрэгцээтэй төхөөрөмжүүдийг агуулаагүй байж болох боловч
таны системийг ядаж ганц хэрэглэгчийн горимд ачаалахад шаардлагатай бүгдийг агуулсан
байх ёстой. Шинэ систем зөв ажиллуулахад энэ сайн тест болж өгдөг.
GENERIC-с ачаалж таны систем ажиллаж байгааг шалгасны
дараа та өөрийн ердийн цөмийн тохиргооны файл дээр тулгуурлан шинэ цөмөө бүтээж
болох юм.
&os; дээр шинэ цөм бүтээхээсээ өмнө ертөнцийг бүтээх нь чухал юм.
Хэрэв та өөрчлөн тохируулсан цөмийг бүтээхийг хүсэж тохиргооны файлаа аль
хэдийн үүсгэсэн бол доор дурдсантай адилаар
KERNCONF=MYKERNEL
гэж ашиглаарай:
&prompt.root; cd /usr/src
&prompt.root; make buildkernel KERNCONF=MYKERNEL
&prompt.root; make installkernel KERNCONF=MYKERNEL
Хэрэв та kern.securelevel хувьсагчийг
1-ээс дээш болгон ихэсгэсэн бөгөөд
noschg эсвэл түүнтэй адил тугуудыг өөрийн цөмийн хоёртын
файлд тавьсан бол installkernel хийхийн тулд
та ганц хэрэглэгчийн горимд шилжин орох шаардлагатай байж болох юм. Үгүй бол
та энэ хоёр тушаалыг олон хэрэглэгчийн горимоос ямар ч асуудалгүйгээр
ажиллуулах ёстой. kern.securelevel-ийн талаар
дэлгэрэнгүйг &man.init.8; болон төрөл бүрийн файлын тугуудын талаар дэлгэрэнгүйг
&man.chflags.1; гарын авлагын хуудаснуудаас үзнэ үү.
Ганц хэрэглэгчийн горим уруу дахин ачаалан ор
ганц хэрэглэгчийн горим
Та шинэ цөмийн ажиллагааг шалгахын тулд ганц хэрэглэгчийн горимд дахин
ачаалан орох хэрэгтэй. Үүнийг
дахь заавруудын дагуу хийнэ.
Шинэ системийн хоёртын файлуудыг суулга
Та шинэ системийн хоёртын
файлуудыг суулгахын тулд installworld
тушаалыг ашиглах шаардлагатай.
Доор дурдсаныг ажиллуулна
&prompt.root; cd /usr/src
&prompt.root; make installworld
Хэрэв та make buildworld тушаалын мөрөнд
хувьсагчуудыг зааж өгсөн бол тэдгээр хувьсагчуудыг
make installworld тушаалын мөрөнд бас адилаар
зааж өгөх хэрэгтэй. Энэ бусад тохируулгуудын хувьд заавал шаардлагатай биш
байж болох юм; жишээ нь тохируулга
installworld-той цуг хэзээ ч хэрэглэгдэх
ёсгүй.
Жишээ нь хэрэв та доор дурдсаныг ажиллуулсан бол:
&prompt.root; make -DNO_PROFILE buildworld
хоёртын файлуудыг дараах тушаалаар суулгана:
&prompt.root; make -DNO_PROFILE installworld
ингэхгүй бол make buildworld тушаалын ажиллах
явцад бүтээгдээгүй профиль хийгдсэн сангуудыг (libraries) суулгахыг оролдох болно.
make installworld тушаалаар шинэчлэгдээгүй файлуудыг шинэчил
Ертөнцийг дахин бүтээх нь зарим нэг сангуудыг (ялангуяа /etc,
/var болон /usr) шинэ болон
өөрчлөгдсөн тохиргооны файлуудаар шинэчилдэггүй.
Эдгээр файлуудыг хамгийн амархнаар шинэчлэх арга нь &man.mergemaster.8;-г
ашиглах явдал юм, гэхдээ та хэрэв хүсвэл үүнийг гараар ажиллуулах боломжтой юм.
Аль ч аргыг сонголоо гэсэн ямар нэгэн зүйл буруутсан тохиолдолд сэргээх боломжтойгоор
/etc-г нөөцөлж авах нь зүйтэй юм.
Том
Рөүдс
Хувь нэмэр болгон оруулсан
mergemaster
mergemaster
&man.mergemaster.8; хэрэгсэл нь /etc дэх
таны тохиргооны файлууд болон /usr/src/etc эх модон дахь
тохиргооны файлуудын ялгааг тодорхойлоход танд тусалдаг Bourne скрипт юм.
Энэ нь системийн тохиргооны файлуудыг эх модон дахь тохиргооны файлуудаар шинэчлэх
зориулалттай бидний зөвлөдөг шийдэл юм.
Эхлэхийн тулд өөрийн тушаал оруулах мөрөнд ердөө л mergemaster-г
бичиж түүний эхлэхийг нь хараарай. mergemaster нь түр зуурын
root орчныг /-с доошлуулан бүтээж төрөл бүрийн системийн тохиргооны
файлуудаар дамждаг. Тэдгээр файлууд нь таны системд суулгагдсан файлуудтай харьцуулагддаг.
Энэ үед хоорондоо ялгаатай файлууд &man.diff.1; хэлбэрээр үзүүлэгддэг бөгөөд
тэмдэгтээр нэмэгдсэн эсвэл өөрчлөгдсөн мөрүүдийг
тэмдэгтээр устгагдсан эсвэл шинэ мөрөөр солигдсон мөрүүдийг
харуулдаг. &man.diff.1;-н синтакс болон файлын өөрчлөлтүүдийг хэрхэн үзүүлдэг талаар
дэлгэрэнгүй мэдээллийг &man.diff.1; гарын авлагын хуудаснаас үзнэ үү.
&man.mergemaster.8; нь зөрчилдөөнүүдийг үзүүлсэн файл болгоныг харуулдаг бөгөөд
энэ үед танд шинэ файлыг устгах (түр зуурын файл гэгддэг), түр зуурын файлыг өөрчлөлгүйгээр
суулгах, суусан байгаа файлтай түр зуурын файлыг нийлүүлэх эсвэл &man.diff.1;-н
гаралтыг дахин харах сонголтыг үзүүлэх болно.
Түр зуурын файлыг устгахыг сонгосноор бид одоо байгаа файлаа хэвээр өөрчлөлгүй үлдээж
шинэ хувилбарыг устгахыг хүсэж байгаагаа &man.mergemaster.8;-д хэлж байна гэсэн үг юм.
Хэрэв та одоо байгаа файлаа өөрчлөх шалтгааныг олж харахгүй байгаагаас бусад тохиолдолд
энэ сонголтыг хийхийг зөвлөдөггүй. Та ямар ч үед &man.mergemaster.8; тушаал хүлээх
мөрөн дээр ? гэж бичин тусламж авч болох юм. Хэрэв хэрэглэгч
файлыг орхихоор сонгосон бол энэ нь бусад бүх файлуудтай ажилсны дараа дахин үзүүлэгдэн
хэрэглэгчээс тушаал хүлээх болно.
Өөрчлөгдөөгүй түр зуурын файлыг суулгахыг сонгосноор одоо байгаа файлыг шинээр
сольдог. Ихэнх өөрчлөгдөөгүй файлуудын хувьд энэ нь хамгийн шилдэг сонголт юм.
Файлыг нийлүүлэхийг сонгосноор текст засварлагч болон хоёр файлын агуулгыг танд
харуулах болно. Та дэлгэцийн хоёр талд байрласан тэдгээр хоёр файлыг хоёуланг нь
шалган аль аль талаас нь хэрэгтэй хэсгүүдийг сонгон эцсийн бүтээгдэхүүн гаргаж аван
нийлүүлж болно. Файлууд нь дэлгэцийн хоёр талд байрлан харьцуулагдах явцад
l түлхүүр таны зүүн талын агуулгыг сонгодог бол
r түлхүүр нь таны баруун тал дахь агуулгыг сонгох юм.
Гарах эцсийн үр дүн нь хоёр файлын хоёулангийн хэсгүүдийг агуулсан файл болох бөгөөд
түүнийг дараа нь суулгах боломжтой болох юм. Энэ сонголтыг хэрэглэгчийн тохиргоонуудад
хийгдсэн өөрчлөлтүүдтэй файлуудын хувьд хэрэглэх нь зуршил болжээ.
&man.diff.1;-ээс гарах үр дүнг дахин харахыг сонгосноор өмнө нь
&man.mergemaster.8; файлын өөрчлөлтүүдийг харуулан таны сонголтыг хүлээсний
нэгэн адилыг дахин харуулдаг.
&man.mergemaster.8; системийн файлуудтай ажиллаж дууссаны дараа
танаас бусад сонголтуудыг хийхийг хүлээдэг. &man.mergemaster.8; тушаал
нууц үгийн файлыг дахин бүтээхийг хүсэж байгаа эсэхийг танаас асууж үлдсэн
түр зуурын файлуудыг устгах сонголтыг үзүүлэн дуусдаг.
Гараар шинэчлэх
Хэрэв та гараар шинэчлэхийг хүсвэл гэхдээ та /usr/src/etc
сангаас /etc сан уруу файлуудыг зүгээр л дарж хуулж ажиллуулж
чадахгүй. Зарим файлуудыг эхлээд суулгах
хэрэгтэй. Учир нь
/usr/src/etc сан таны /etc
сангийн хуулбар шиг байхаар харагддагүй. Мөн
/usr/src/etc санд байдаггүй хэрнээ
/etc сан дотор байх шаардлагатай зарим файлууд
байдаг.
Хэрэв та &man.mergemaster.8; (зөвлөсний дагуу) ашиглаж байвал та
дагаагийн хэсэг уруу
орж болно.
Үүнийг гараар хамгийн хялбар аргаар хийхийн тулд файлуудыг шинэ сан уруу
суулгаж нэг бүрчлэн өөрчлөлтүүдийг хайн ажиллах хэрэгтэй.
Өөрт байгаа /etc-г нөөцөл
Онолоор бол автоматаар энэ санд юу ч хүрдэггүй ч үүнд үргэлж итгэлтэй
байх хэрэгтэй. Тэгэхээр өөрийн байгаа /etc санг
хаа нэг аюулгүй газар хуулах хэрэгтэй. Доорхтой адилаар:
&prompt.root; cp -Rp /etc /etc.old
нь рекурсив хуулбар хийх бөгөөд
нь файлуудын хугацаа, эзэмшигч гэх мэтийг
хадгалдаг.
Та шинэ /etc болон бусад файлуудыг суулгахын тулд
хоосон сангууд бүтээх хэрэгтэй. /var/tmp/root нь
боломжийн сонголт болох бөгөөд энэ сангийн доор хэд хэдэн дэд сангууд бас
шаардлагатай болно.
&prompt.root; mkdir /var/tmp/root
&prompt.root; cd /usr/src/etc
&prompt.root; make DESTDIR=/var/tmp/root distrib-dirs distribution
Энэ нь шаардлагатай сангийн бүтцийг бүтээж файлуудыг суулгадаг.
/var/tmp/root дотор үүсгэгдсэн олон дэд сангууд
хоосон бөгөөд тэдгээрийг устгах шаардлагатай байдаг. Үүнийг хамгийн хялбараар
хийхийн тулд:
&prompt.root; cd /var/tmp/root
&prompt.root; find -d . -type d | xargs rmdir 2>/dev/null
Энэ нь бүх хоосон сангуудыг устгана. (Хоосон биш сангуудын тухай анхааруулгуудыг
гаргахгүйн тулд стандарт алдаа нь /dev/null
уруу илгээгддэг.)
Одоо /var/tmp/root нь /-с
доор байрлах тохирох байрлалуудад байршуулах ёстой бүх файлуудыг агуулсан байх болно.
Та одоо эдгээр файл бүрийг шалгаж танд байгаа файлуудаас хэрхэн ялгаатай болохыг
тогтоох хэрэгтэй.
/var/tmp/root дотор суулгагдсан зарим файлуудын нэр
урдаа .
тэмдэгттэй байдгийг анхаарна уу. Энэ баримтыг бичиж байх үед
ийм файлуудтай адил файлууд /var/tmp/root/ болон
/var/tmp/root/root/ сан дахь бүрхүүлийн эхлүүлэх файлууд
байсан, гэхдээ (таны хэзээ үүнийг уншиж байгаагаас хамаарч) өөр бусад файлууд байхыг
үгүйсгэхгүй. Тэдгээрийг олж харахын тулд ls -a тушаалыг
заавал ашиглаарай.
Үүнийг хамгийн хялбар аргаар хийж хоёр файлыг харьцуулахын тулд &man.diff.1;
тушаалыг ашиглах явдал юм:
&prompt.root; diff /etc/shells /var/tmp/root/etc/shells
Энэ нь таны /etc/shells файл болон
шинэ /var/tmp/root/etc/shells файлын хоорондын
ялгааг харуулна. Эдгээрийг ашиглаж өөрийн хийсэн өөрчлөлтүүдийг нийлүүлэх эсвэл
өөрийн хуучин файл дээрээс хуулах эсэхээ шийдээрэй.
Хувилбаруудын Хоорондох Ялгаануудыг Хялбараар Харьцуулахын Тулд Та
Шинэ Root Сангаа Тухайн Үеийн Хугацаагаар Нэрлээрэй
Ертөнцийг байнга дахин бүтээнэ гэдэг нь /etc-г
та бас байнга шинэчилнэ гэсэн үг бөгөөд энэ нь ердөө л жижиг хэвшмэл ажил юм.
Та энэ процессийг /etc уруу нийлүүлсэн
өөрийн хамгийн сүүлийн өөрчлөгдсөн файлуудыг хадгалснаар хурдасгаж болох юм.
Дараах процедур үүнийг хэрхэн хийж болох нэг санааг өгч байна.
Ертөнцийг жирийнээр бүтээ. /etc болон
бусад сангуудыг шинэчлэхийг хүсэхдээ тухайн цаг дээр тулгуурласан нэр бүхий
санг өг. Хэрэв та үүнийг 1998 оны 2 сарын 14-нд хийж байгаа бол дараах
байдлаар хийнэ:
&prompt.root; mkdir /var/tmp/root-19980214
&prompt.root; cd /usr/src/etc
&prompt.root; make DESTDIR=/var/tmp/root-19980214 \
distrib-dirs distribution
Энэ сангийн өөрчлөлтүүдийг дээр дурдсаны дагуу нийлүүл.
Та дууссаныхаа дараа /var/tmp/root-19980214
санг битгий устгаарай.
Та эхийн хамгийн сүүлийн хувилбарыг татан авч дахин бүтээхдээ 1-р алхмыг дага.
Энэ нь танд шинэ сан өгөх бөгөөд /var/tmp/root-19980221
гэж нэрлэгдсэн байж болох юм (хэрэв та шинэчлэлтүүдийг хийхдээ долоо хоног
хүлээсэн бол).
Та одоо &man.diff.1; ашиглан хоёр сангийн хооронд рекурсив diff үүсгэж
долоо хоногийн хооронд хийгдсэн өөрчлөлтүүдийг харж болно:
&prompt.root; cd /var/tmp
&prompt.root; diff -r root-19980214 root-19980221
Ихэнхдээ энэ нь /var/tmp/root-19980221/etc болон
/etc хоёрын хоорондох өөрчлөлтүүдийг бодох юм бол
харьцангуй бага өөрчлөлтүүд байдаг. Өөрчлөлтүүд нь арай бага болохоор тэдгээр
өөрчлөлтүүдийг өөрийн /etc сан уруу шилжүүлэх нь
илүү хялбар байдаг.
Та одоо хоёр /var/tmp/root-* сангуудын аль хуучныг
устгаж болно:
&prompt.root; rm -rf /var/tmp/root-19980214
/etc уруу өөрчлөлтүүдийг
нийлүүлэх болгондоо энэ процессийг давтах хэрэгтэй.
Та &man.date.1;-г ашиглан сангийн нэрсийг автоматаар үүсгэж
болно:
&prompt.root; mkdir /var/tmp/root-`date "+%Y%m%d"`
Дахин ачаалах нь
Та ерөнхийдөө ингээд хийгээд дуусч байна. Та бүх зүйл байх ёстой байрандаа байгаа эсэхийг шалгасныхаа
дараа системийг дахин ачаалж болно. Энгийн &man.shutdown.8; үүнийг
хийх болно:
&prompt.root; shutdown -r now
Дууслаа
Одоо та өөрийн &os; системийг амжилттайгаар шинэчлээд дууссан байх
ёстой. Баяр хүргэе.
Хэрэв юмс шал буруугаар эргэвэл системийн тухайн хэсгийг дахин бүтээхэд амархан
байдаг. Жишээ нь хэрэв та шинэчлэлтийн явцад эсвэл /etc-г
нийлүүлэх явцад санамсаргүйгээр /etc/magic файлыг
устгасан бол &man.file.1; тушаал ажиллахаа больно. Ийм тохиолдолд дараах
засварыг ажиллуулж болох юм:
&prompt.root; cd /usr/src/usr.bin/file
&prompt.root; make all install
Асуултууд
Өөрчлөлт бүрт зориулан ертөнцийг дахин бүтээх хэрэгтэй юу?
Үүнд хялбар хариулт байхгүй, учир нь өөрчлөлтийн цаад утга чанараас
хамаарна. Жишээ нь хэрэв та CVSup-г
дөнгөж ажиллуулахад дараах файлууд шинэчлэгдэж байгааг үзүүлж байгаа бол:
src/games/cribbage/instr.c
src/games/sail/pl_main.c
src/release/sysinstall/config.c
src/release/sysinstall/media.c
src/share/mk/bsd.port.mk
магадгүй бүхэл ертөнцийг дахин бүтээх хэрэггүй байж болох юм.
Та тохирох дэд сангууд уруу орж make all install
гэж тушаалыг өгөөд л болох юм. Хэрэв зарим нэг гол чухал зүйл жишээ нь
src/lib/libc/stdlib өөрчлөгдсөн бол
та ертөнцийг эсвэл хамгийн багаар бодоход статикаар холбогдсон (statically linked)
түүний тэдгээр хэсгүүдийг дахин бүтээх шаардлагатай болно.
Эцсийн эцэст энэ нь танаас л хамаарна. Та жишээ нь хоёр долоо хоног тутам
ертөнцийг дахин бүтээж тэр хоёр долоо хоногийн хугацаанд өөрчлөлтүүдийг
хуримтлуулж байгаадаа сэтгэл хангалуун байж болно. Эсвэл та зөвхөн өөрчлөгдсөн
зүйлсүүдийг дахин бүтээхийг хүсэж магадгүй бөгөөд бүх хамаарлуудыг шийднэ
гэдэгтээ итгэлтэй байх хэрэгтэй.
Тэгээд мэдээж энэ бүхэн таны ямар давтамжтайгаар шинэчлэхийг хүсдэг болон
&os.stable; эсвэл &os.current;-ийн алийг дагаж байгаагаас хамаарах
болно.
Миний эмхэтгэл маш олон дохио 11
дохио 11 (эсвэл бусад дохионы дугаар)
алдаагаар амжилтгүй болсон. Юу болсон юм бол?
Энэ нь ихэвчлэн тоног төхөөрөмжийн асуудлыг илэрхийлдэг.
Ертөнцийг (дахин) бүтээх нь өөрийн тоног төхөөрөмжийг ачаалах тест
хийх үр дүнтэй арга бөгөөд удаа дараа санах ойн асуудлууд байвал
тэдгээрийг илрүүлдэг. Эмхэтгэгч нь сонин/хачин дохионуудыг хүлээн авч
ид шидийн байдлаар амжилтгүй болсноор тэдгээр асуудлууд нь өөрсдийгөө
зарлан тунхагладаг.
Хэрэв та бүтээлтийг дахин эхлүүлээд тэр нь процессийн өөр өөр хэсэгт
амжилтгүй болж байвал энэ нь үүнийг тодоор зааж байна
гэсэн үг юм.
Энэ тохиолдолд та өөрийн машин дахь бүрэлдэхүүн хэсгүүдээ өөрчлөн
нэгээс нөгөөд сольж тавин аль нь ажиллахгүй байгааг олохоос өөр зүйл
хийж чадахгүй л болов уу.
Би дууссаныхаа дараа /usr/obj-г устгаж болох уу?
Товчхондоо бол болно.
/usr/obj нь эмхэтгэх үед бүтээгдсэн бүх
обьект файлуудыг агуулдаг. Жирийн үед make buildworld
процессийн эхний алхмуудын нэг нь энэ санг устгаад цоо шинээр эхлэх явдал
юм. Энэ тохиолдолд /usr/obj-г дууссаныхаа
дараа байлгаад байх нь ухаалаг биш бөгөөд үүнийг устгаснаар ихээхэн хэмжээний дискний зайг
суллах болно (одоогоор 2 GB орчим).
Гэхдээ хэрэв та юу хийж байгаагаа мэдэж байгаа бол make buildworld
хийхдээ энэ алхмыг алгасаж болно. Энэ нь дараа дараагийн бүтээлтийг илүү хурдасгадаг
бөгөөд учир нь ихэнх эхүүд дахин эмхэтгэх шаардлагагүй байдаг. Үүний сул тал нь
баригдашгүй хамаарлын асуудлууд илэрч таны бүтээлтийг хачин байдлаар амжилтгүй
болгодог. Хэн нэгэн илүү дөтлөх гэснээсээ болоод амжилтгүй болсныг мэдэлгүй өөрийн
бүтээлтийг амжилтгүй болсныг гомдоллосноор &os;-ийн захидлын жагсаалтуудад
хий дэмий шуугианыг удаа дараа үүсгэдэг билээ.
Тасалдсан бүтээлтүүдийг үргэлжлүүлж болох уу?
Энэ нь асуудлыг олох хүртлээ та хэр хол явснаас хамаарна.
Ерөнхийдөө (энэ нь хэцүү бас хурдан дүрэм биш)
make buildworld процесс нь үндсэн
багажуудын (&man.gcc.1;, болон &man.make.1; зэрэг) болон системийн
сангуудын шинэ хуулбаруудыг бүтээдэг. Тэдгээр багажууд болон сангууд нь
дараа нь суулгагддаг. Шинэ багажууд болон сангууд дараа нь
өөрсдийгөө дахин бүтээхэд ашиглагддаг бөгөөд дахин суулгагддаг. Бүхэл бүтэн
систем (одоо &man.ls.1; эсвэл &man.grep.1; зэрэг ердийн хэрэглэгчийн програмууд)
дараа нь шинэ системийн файлуудтайгаар дахин бүтээгддэг.
Хэрэв та сүүлийн шатанд байгаа бөгөөд та үүнийг мэдэж байгаа бол (та
хадгалж байгаа гаралтаас харсан болохоор) та дараах тушаалыг ажиллуулж
(бараг л аюулгүйгээр) болно:
… fix the problem …
&prompt.root; cd /usr/src
&prompt.root; make -DNO_CLEAN all
Энэ нь өмнөх make buildworld тушаалын
хийснийг буцаахгүй.
Хэрэв та доорх мэдэгдлийг :
--------------------------------------------------------------
Building everything..
--------------------------------------------------------------
make buildworld тушаалын гаралт дээр харсан
бол магадгүй тэгж хийх нь аюулгүй байж болох юм.
Хэрэв та тийм мэдэгдэл харахгүй байгаа бол эсвэл та итгэлтэй биш байгаа бол
харамсахаасаа өмнө аюулгүй байдлыг бодож бүтээлтийг бүр эхнээс нь дахин эхлүүлсэн нь
дээр юм.
Би ертөнцийг бүтээхийг хэрхэн хурдасгах вэ?
Ганц хэрэглэгчийн горимд ажиллуул.
/usr/src болон
/usr/obj сангуудыг тус тусдаа байх дискнүүд
дээр тус тусдаа байх файлын системүүд дээр байрлуул. Хэрэв боломжтой бол
эдгээр дискнүүдийг тус тусад нь дискний хянагчууд дээр байрлуул.
&man.ccd.4; (нийлүүлсэн дискний драйвер) төхөөрөмж ашиглан
эдгээр файлын системүүдийг олон дискнүүдийн дагуу байрлуулах нь бас
арай илүү хурдасгах юм.
Профиль хийгдэхийг (/etc/make.conf файлд
NO_PROFILE=true
гэж зааж өг) болиул. Танд энэ бараг
гарцаагүй хэрэггүй.
тохируулгыг
&man.make.1;-д дамжуулж олон процессийг зэрэгцээгээр ажиллуул. Энэ нь
танд ганц эсвэл олон процессортой машин аль нь ч байсан ялгаагүйгээр ихэвчлэн тусалдаг.
/usr/src-г агуулж байгаа файлын
систем тохируулгаар холболт хийгдэж (эсвэл салгагдаж)
болно. Энэ нь файлын систем файл уруу хандах хандалтын хугацааг бүртгэхийг
болиулдаг. Танд магадгүй энэ мэдээлэл бараг л хэрэггүй биз ээ.
&prompt.root; mount -u -o noatime /usr/src
Энэ жишээ /usr/src нь өөрийн файлын
систем дээр байгаа гэж тооцож байгаа болно. Хэрэв энэ нь тийм биш бол
(хэрэв энэ сан жишээ нь /usr-ийн хэсэг маягаар
байгаа бол) та /usr/src-г биш харин тэр
файлын системээ холболтын цэг болгон ашиглах хэрэгтэй.
/usr/obj-г агуулж байгаа файлын систем
тохируулгатай холболт хийгдэж (эсвэл салгагдаж)
болно. Энэ нь диск уруу хийх бичилтийг асинхроноор буюу зэрэг биш хийлгэдэг.
Өөрөөр хэлбэл бичилт нэн даруй хийгдээд өгөгдөл диск уруу цөөн секундын дараа
бичигддэг. Энэ нь бичилтүүдийг бүлэглэхийг зөвшөөрч маш их үр дүнтэйгээр
ажиллагааг хурдасгаж болох юм.
Энэ тохируулга нь таны файлын системийг илүү
эмзэг болгохыг санаарай. Тэжээл тасалдаж машин дахин ачаалах үед
файлын систем сэргээж болшгүй төлөвт орох магадлал энэ тохируулгатай
байхад илүү байдаг.
Хэрэв /usr/obj нь энэ файлын систем
дээрх цорын ганц зүйл бол энэ асуудал биш юм. Хэрэв танд уг файлын
систем дээр өөр, үнэтэй өгөгдөл байгаа бол энэ тохируулгыг
идэвхжүүлэхээсээ өмнө өөрийн нөөц чинь шинэ эсэхийг шалгаарай.
&prompt.root; mount -u -o async /usr/obj
Дээр дурдсан шиг хэрэв /usr/obj нь
өөрийн файлын систем дээр биш байх юм бол жишээн дээрхийг
тохирох холболт хийх цэгийн нэрээр солиорой.
Хэрэв ямар нэг юм буруутвал би юу хийх вэ?
Таны орчинд өмнөх бүтээлтүүдийн үеийн илүү үлдэгдлүүд
байхгүйд үнэхээр итгэлтэй байх хэрэгтэй. Энэ нь их амархан
юм.
&prompt.root; chflags -R noschg /usr/obj/usr
&prompt.root; rm -rf /usr/obj/usr
&prompt.root; cd /usr/src
&prompt.root; make cleandir
&prompt.root; make cleandir
Тиймээ, make cleandir тушаалыг үнэндээ
хоёр удаа ажиллуулах шаардлагатай.
Тэгээд make buildworld
тушаалыг эхлүүлж бүх процессийг дахин эхлүүл.
Хэрэв та асуудалтай хэвээр байгаа бол алдаа болон
uname -a тушаалын дүнг &a.questions;
уруу явуулаарай. Өөрийн тохиргооныхоо талаар бусад асуултанд
хариулахад бэлэн байгаарай!
Антон
Штеренлихт
Тэмдэглэгээ хийсэн
Хуучин файлууд, хавтаснууд болон сангуудыг устгах
Хуучин файлууд, хавтаснууд болон сангуудыг устгах
&os; хөгжүүлэлтийн явцад файлууд болон тэдгээрийн агуулга
үе үе хуучирдаг.Тэдгээрийн үүрэг болон боломжууд өөр хаа нэгтээ
хийгдсэн юм уу эсвэл сангийн хувилбарын дугаар өөрчлөгдсөн юм уу эсвэл
системээс бүрмөсөн хасагдсанаас болоод тийм
байж болох юм. Эдгээрт хуучин файлууд, сангууд болон хавтаснууд
ордог бөгөөд эдгээрийг системийг шинэчлэхдээ устгах ёстой. Энэ нь
хэрэглэгчийн хувьд хадгалах (болон нөөц) төхөөрөмж дээр хэрэгцээгүй
зай эзлээд байгаа хуучин файлуудаар систем дүүрэхгүй байх ашигтай юм.
Үүнээс гадна хуучин сан аюулгүй байдлын болон найдвартай ажиллагааны
хувьд асуудалтай байсан бол та өөрийн системийг аюулгүй болгож хуучин
сангаас болоод ажиллахаа болиод байсан асуудлаас сэргийлэхийн тулд
шинэ сан руу шинэчлэх хэрэгтэй.
Хуучин гэгдсэн файлууд, хавтаснууд, сангуудын жагсаалт
/usr/src/ObsoleteFiles.inc файлд байдаг.
Дараах заавар нь системийг шинэчлэх явцад хуучин файлуудыг устгахад
туслах болно.
Таныг -д заасны дагуу явж байгаа гэж энд үзнэ.
make
installworld болон дараагийн
mergemaster тушаал амжилттай хэрэгжсэний
дараа дараах маягаар та хуучин файлууд болон сангуудыг шалгах
ёстой:
&prompt.root; cd /usr/src
&prompt.root; make check-old
Хэрэв ямар нэг хуучин файл олдвол дараах тушаал
ашиглан тэдгээрийг устгаж болно:
&prompt.root; make delete-old
Түлхүүр үгсийн талаар дэлгэрэнгүйг сонирхож байгаа бол /usr/src/Makefile
файлыг үзнэ үү.
Хуучин файл бүрийг устгахын өмнө асууж хариулах дэлгэц гарна.
Та энэ дэлгэцийг өнгөрөөж систем эдгээр файлуудыг автоматаар устгахаар
тохируулахын тулд BATCH_DELETE_OLD_FILES хувьсагчийг
дараах байдлаар ашиглана:
&prompt.root; make -DBATCH_DELETE_OLD_FILES delete-old
Мөн энэ зорилгод хүрэхийн тулд
доорхитой адилаар эдгээр тушаалд yes өгч хүрч болно:
&prompt.root; yes|make delete-old
Анхааруулга
Хуучин файлуудыг устгах нь тэдгээр хуучин файлуудаас
хамааралтай програмуудыг ажиллахгүй болгоно.
Энэ нь ялангуяа хуучин сангуудын хувьд үнэн байдаг.
Ихэнх тохиолдолд та make
delete-old-libs тушаалыг биелүүлэхээсээ
өмнө хуучин сан ашиглаж байсан програмууд, портууд эсвэл сангуудыг
дахин бүтээх хэрэгтэй.
Хуваалцсан сангуудаас хамааралтай эсэхийг шалгадаг хэрэгслүүд
sysutils/libchk эсвэл
sysutils/bsdadminscripts зэрэг портын
цуглуулгад байдаг.
Хуучин хуваалцсан сангууд нь шинэ сангуудтай зөрчилдөж болох
бөгөөд доорх шиг алдаа өгч болно:
/usr/bin/ld: warning: libz.so.4, needed by /usr/local/lib/libtiff.so, may conflict with libz.so.5
/usr/bin/ld: warning: librpcsvc.so.4, needed by /usr/local/lib/libXext.so, may conflict with librpcsvc.so.5
Эдгээр асуудлуудыг шийдэхийн тулд уг санг аль порт суулгасныг
олно:
&prompt.root; pkg_info -W /usr/local/lib/libtiff.so
/usr/local/lib/libtiff.so was installed by package tiff-3.9.4
&prompt.root; pkg_info -W /usr/local/lib/libXext.so
/usr/local/lib/libXext.so was installed by package libXext-1.1.1,1
Дараа нь уг портыг deinstall хийгээд дахин бүтээж суулгах
хэрэгтэй. Энэ явцыг автоматжуулахын тулд ports-mgmt/portmaster болон ports-mgmt/portupgrade
хэрэгслийг ашиглаж болно. Бүх портуудыг дахин бүтээсэн гэдэгтээ
итгэлтэй болсны дараа хуучин сангуудыг ашиглах хэрэггүй бөгөөд тэдгээрийг
дараах тушаал ашиглан устгаж болно:
&prompt.root; make delete-old-libs
Майк
Мэйэр
Хувь нэмэр болгон оруулсан
Олон машины хувьд дагах нь
NFS
олон машин суулгах нь
Хэрэв та олон машинуудын хувьд ижил эх модыг дагахыг хүсэж бүгдийн хувьд
эхийг татан авахуулж бүгдийг дахин бүтээхийг хүсэж байгаа бол энэ нь дискний зай,
сүлжээний зурвасын өргөн болон
CPU циклүүд зэрэг эх үүсвэрүүдийг үр ашиггүйгээр ашиглахад хүргэхээр санагдаж
болох юм. Тиймээ, үүний шийдэл нь нэг машинаар ихэнх ажлыг хийлгэж
бусад машинууд нь тэр ажлыг NFS-ээр дамжуулан холбох явдал юм. Энэ хэсэгт
ингэж хийх аргыг тайлбарсан.
Бэлтгэл ажлууд
Эхлээд хоёртын адил файлуудыг ажиллуулах build set буюу
бүтээх олонлог гэж бидний нэрлэх машинуудыг олох хэрэгтэй.
Машин бүр өөрчлөн тохируулсан цөмтэй байж болох бөгөөд гэхдээ тэд ижил хэрэглэгчийн
талбарын хоёртын файлуудыг ажиллуулж байх ёстой. Тэр олонлогоос
бүтээх машиныг сонгох хэрэгтэй. Энэ нь
ертөнц болон цөм бүтээгдэх машин байх юм. Туйлын хүслээр бол энэ
нь make buildworld болон
make buildkernel тушаалуудыг ажиллуулахад
хангалттай нөөц CPU бүхий хурдан машин байх хэрэгтэй. Та мөн
үйлдвэрлэлд ашиглахаас өмнө програм хангамжуудыг тест хийдэг
тест машин сонгохыг бас хүсэж болох юм.
Энэ нь удаан хугацаагаар унтраастай эсвэл зогссон байж болох машин байх
ёстой. Энэ нь бүтээх машин байж болох юм, гэхдээ заавал
биш юм.
Энэ бүтээх олонлог дахь бүх машинууд нь өөр өөрийн машин дээрээсээ ижил цэг дээр
/usr/obj болон /usr/src-г
холболт хийх хэрэгтэй. Туйлын хүслээр бол энэ нь бүтээх машин дээрх хоёр өөр дискнүүд
байж болох бөгөөд гэхдээ эдгээр нь уг машин дээр NFS холболт бас хийгдэж болохоор
байж болох юм. Хэрэв танд олон бүтээх олонлогууд байгаа бол
/usr/src сан нь нэг бүтээх машин дээр байрлаж
бусад дээр нь NFS холболт хийгдсэн байх юм.
Төгсгөлд нь бүтээх олонлогийн бүх машинууд дээрх /etc/make.conf
болон /etc/src.conf файлууд бүтээх машиныхтай тохирч байгаа эсэхийг шалгаарай. Энэ нь бүтээх олонлогийн
машин бүрийн суулгах үндсэн системийн бүх хэсгүүдийг бүтээх машин хийх ёстой гэсэн
үг юм. Мөн бүтээх машин бүр өөрийн цөмийн нэрийг /etc/make.conf
файлд KERNCONF хувьсагчид заан өгөх ёстой бөгөөд бүтээх
машин бүр KERNCONF хувьсагчдаа өөрийн цөмийг эхэнд
оруулан дараа нь тэдгээрийг жагсаах ёстой байдаг. Бүтээх машин нь машин бүрийн
цөмийг бүтээхээр болох юм бол тэдгээрийн тохиргооны файлыг
/usr/src/sys/arch/conf
санд агуулсан байх шаардлагатай.
Үндсэн систем
Одоо бүх юм ингэж хийгдсэний дараа та бүгдийг бүтээхэд бэлэн боллоо.
Бүтээх машин дээр -д тайлбарласны
дагуу цөм болон ертөнцийг бүтээ, гэхдээ юуг ч битгий суулгаарай. Бүтээлт
дууссаны дараа тест машин дээр дөнгөж саяхан бүтээсэн цөмөө суулга.
Хэрэв энэ машин нь /usr/src
болон /usr/obj сангуудыг NFS-ээр холболт хийх
гэж байгаа бол та ганц хэрэглэгчийн горимд дахин ачаалахдаа сүлжээг нээж
тэдгээрийг холбож өгөх хэрэгтэй. Үүнийг хамгийн хялбараар хийхийн тулд
олон хэрэглэгчийн горимд ачаалан shutdown now
тушаалыг ажиллуулж ганц хэрэглэгчийн горимд орох явдал юм. Тэгэж орсныхоо
дараа та шинэ цөм болон ертөнцийг суулгаж жирийн үедээ хийдэг
mergemaster тушаалыг ажиллуулж болно.
Ингэж дууссаныхаа дараа энэ машины хувьд ердийн олон хэрэглэгчийн
үйлдлүүдэд дахин ачаалж орно.
Тест машин дээрх бүх зүйлс зөв ажиллаж байгааг мэдсэнийхээ дараа та
бүтээх олонлогийн бусад машин бүр дээр шинэ програм хангамж суулгахдаа
ижил процедурыг ашиглаарай.
Портууд
Үүнтэй адил санааг бас портуудын модонд ашиглаж болно. Эхний чухал
алхам бол нөгөө машин дээрх /usr/ports санг
бүтээх олонлогийн бусад машинууд дээр холбож өгөх явдал юм. Дараа нь та
/etc/make.conf файлыг distfiles
буюу түгээлтийн файлуудыг хуваалцахаар зөв тохируулж өгч болно.
Та DISTDIR хувьсагчийг таны NFS холболтуудад заагдсан
аль ч root хэрэглэгчийн хувьд бичигдэх боломжтой байх
нийтлэг хуваалцсан сангаар тохируулах шаардлагатай.
Машин бүр WRKDIRPREFIX хувьсагчийг локал
бүтээх сангаар зааж өгөх хэрэгтэй. Эцэст нь хэрэв та багцуудыг бүтээж түгээх
гэж байгаа бол PACKAGES хувьсагчийг
DISTDIR хувьсагчийн нэгэн адил сангаар зааж өгөх
хэрэгтэй.
diff --git a/zh_CN.GB2312/articles/contributing/article.xml b/zh_CN.GB2312/articles/contributing/article.xml
index 4309e0c9bc..ba80c2c4cd 100644
--- a/zh_CN.GB2312/articles/contributing/article.xml
+++ b/zh_CN.GB2312/articles/contributing/article.xml
@@ -1,510 +1,505 @@
Ϊ FreeBSD ṩ
Ϊ˻֯ϣΪFreeBSDĿṩ
ڱҵʵķ
Jordan
Hubbard
ԭ
&tm-attrib.freebsd;
&tm-attrib.ieee;
&tm-attrib.general;
$FreeBSD$
$FreeBSD$
ϣ FreeBSD Ŀʲô ̫ˣ ǻӭ FreeBSD
ûĹײŵԷչ׳ġ
DzdzлĹףңЩ FreeBSD ijչҲҪ
ҲIJͬ ȲһɫijԱ Ҳ
FreeBSD ŶӳԱкܺõ˽ ǻһͬʵĶԴĹ
FreeBSD ĿԱ鲼ȫ Ҽר죬 ֲҲdz㷺
ÿ죬 ǶԳĹû㹻֣
ʱӭİ
FreeBSD ĿһIJϵͳ
ֻһں˻һЩɢĹ߰ ˣ ǵ
TODO бָĹ
ĵûԡʾ ϵͳװ߶רҵں˿
ļˮƽΣ º Ŀ
ǹº FreeBSD عҵϵ
ҪһЩչʹIJƷתô
ᷢǺӦ رϡŹֵġ
Ƿصֵҵ ɣ
ҲеijЩЭ
ŬƾеĹ ۺάĿ
ϣܸһλᡣ
ǵ
гһЩҪɵĿ
ǻϿԱͬ TODO(б)
б ԼûҪ
ڽеķǿ
ܶμFreeBSDĿ˲dzԱ
Ŀĵдߡ ҳʦ Լ֧Ա
Щ־Ը˵ ֻҪһЩʱ䣬
ҾѧϰԸ
ԾͨFAQֲᣬ ˷Ľͣ
ǹʱ֪ʶ ȫȷĵط ǡ
˳ְǸĹǾ
(SGMLʵѧ Ҳֱύ
ASCII İ汾)
ǰ FreeBSD ĵĸ
ĸ汾Ѿˣ
ҲԷһЩĵЩеĵǷ¸¹ġ
ȼ FreeBSD ĵƻй ij
μӷ빤˵Ҫ¾սе FreeBSD ĵ
Ϊһ־Ըߣ ٹȫȡԸ һij˿ʼˣ
˼һ뵽Щ
ֻʱ߾ȥ벿ĵ
ȥ밲װָϡ
Ķ &a.questions; żһ &ng.misc;
(йɵ) ˷רҵ֪ʶ
ǽһõ飻
ЩʱѧһЩ¶
Щ̳ʱҲΪṩһЩмֵ⡣
ڽеĿ
ĴҪͶɹ۵ʱ䣬
Ҫ FreeBSD ں˷зḻ֪ʶ ߶Ҫ
ȻҲкܶҪҲһ
ĩԱ
ͿԸꡣ
FreeBSD-CURRENT 汾һٵ
Internet· Է current.FreeBSD.org
ÿһ°汾 — пգ
ԸһݲҰװ
ʲô⣬ǡ
Ķ &a.bugs; ܻΪЩṩнۣ
߰æһЩ ⣬
ԳеһЩ⡣
֪һЩѾ -CURRENT ϳɹؽУ
ھһʱ֮Ȼûкϲ -STABLE
(ͨ 2) ص committer һòʾš
뵽Դе
src/contrib Ŀ¼
ȷ src/contrib
еĴµ
Ըߵľ漶Դ (һԴ)
Щ档
Щ ports ʹùʱĶ
gets()
malloc.h ľ档
ports һЩ
&os; ĸĶ IJظԭ
(´ʱĹһЩ)
ȡһʽı &posix; ĸ
FreeBSD
C99 & POSIX ˳ӦĿ վϵõصӡ
FreeBSD ΪͬбȽϡ ͬ
رЩϸڵطС죬 뷢һ PR (ⱨ)
ܣ ָ PR ύ
Ϊ⣬
ҪµĿǡ
Ϊбݣ
鿴 PR ݿ
ⱨݿ
FreeBSD
PR б չʾеǰڻԾ״̬ⱨ棬 Լ
FreeBSD ûύĸĽ顣 PR
ݿͬʱ˿ԱͷǿԱ
鿴Щδ PR ǷȤ
пһЩǷdz⣬
ֻҪһȷ PR ȷġ һЩܻdzӣ
ȫûаκ
ȿһЩû˽ֵ PR
PR Ѿˣ ܹģ
ԸǸ˷ţ ѯǷṩ —
ǿѾ˿ɹԵIJ һЩɹ۵
ҳĿ
&os;
־ԸĿ͵嵥 ҲṩԸΪ
&os; Ŀǵġ
嵥һֱڱڸţ
˶ԳԱͷdzԱõÿĿϢ
ṩ
ĽϵͳϿԷΪ 5 ࣺ
һע
ͨ һϵ
뷨ͽӦ÷ &a.hackers;
ͬأ ЩȤ (Ȼ
ͬʱҪܹ ʼ)
ԿǶ &a.hackers;
μ FreeBSD
ʹֲ ˽ʼб
Լʼбϸ
bug ҪύijЩģ
ͨ &man.send-pr.1; ʹ
WEB
ύҳ ύ д bug ÿһ
һ˵ ǽ bug ֱӸϲ 65KB
ֱӦõԴϣ ڱ
synopsis һд [PATCH]
ڸʱ Ҫ
ͨƺճУ Ϊ tab ɿո
ܾܿͲˡ 20KB ܶ࣬
Ӧǽѹ (ʹ &man.gzip.1; &man.bzip2.1;)
֮ &man.uuencode.1; б֮ٷŽⱨС
һ汻浵 յһȷʼԼһ¼ٱš
뱣ţ Ϊ֮ʹţ
ʼ &a.bugfollowup;
ṩڸ¼ĽһϢ ҪǽŷŵʼıУ
"Re:
kern/3377"
ͬһһӦַͨʽύ
һʱ֮Ȼûյȷ ( 3
1 ܣ ȡʼ)
ijԭʹ &man.send-pr.1;
ԷŸ &a.bugs; Ҫ˴
μ ƪ
˽дõⱨ档
ĵ
ύĵ
ĵ &a.doc; 顣
μ FreeBSD
ĵƻ ָ
밴 нܵķʹ &man.send-pr.1;
µĵ߶ĵ (ǺСĸĽҲǻӭģ)
Դ
FreeBSD-CURRENT
дϽĻӹij̶ֳҪ༼ɵ飬
һĿǰ FreeBSD Ŀ״˽йء
жַʽԵõ FreeBSD-CURRENT
FreeBSD 汾 ͨ˽Ŀ
μ FreeBSD
ʹֲ ˽ʹ FreeBSD-CURRENT Ľһ顣
ھɵĴϽģ ͨڴѾʱ
µĿ汾̫¼ɵ FreeBSD С
&a.announce; Լ &a.current; ʼб
ͨ˽ĿǰĿ״̬
˵ܹھµĴģ
һҪеĵIJļ
FreeBSD άԱ ͨ &man.diff.1;
ɡ
ύʱƼ &man.diff.1; ʽһ² (unified diff)
ͨ diff
-u ɡ ˴Ĵ룬
ʹ diff -c ɵĸʽ (context diff)
IJܸĶ Ƽʹá
diff
磺
&prompt.user; diff -c oldfile newfile
&prompt.user; diff -c -r olddir newdir
ֱɸļĿ¼ṹ context diff
Ƶأ
&prompt.user; diff -u oldfile newfile
&prompt.user; diff -u -r olddir newdir
ǰƣ õĸʽ unified diff
μ &man.diff.1; ֲ˽ϸڡ
һʹ &man.diff.1; ˲켯 (ʹ
&man.patch.1; һ) Ϳύǣ
Ա㱻 FreeBSD ¼ ͨʹ
ܵ &man.send-pr.1; Ϳ
Ҫ ֻǰѲ켯 &a.hackers;
ǿܻᱻ ǻdzмύ
(һ־ԸĿ) ΪǶæ
ʱһܹ⣬ PR
ݿ⽫һֱЩ¼
ֻҪʱǾܱˡ
ⱨа һҪڱ
[PATCH] ǿһ¡
uuencode
Ϊ (ӡ ɾļ)
Կʹ
tar ļ Ȼ &man.uuencode.1;
롣 Ҳӭ &man.shar.1; İ
ĿܴDZڵ飬 磬
ȷ֮صİȨ⣬ ߸оҪϸĸſԷǣ
Ӧֱӷ &a.core; ͨ &man.send-pr.1; ͡
&a.core; һС飬 ԱĴ FreeBSD ճ
Ҫעǣ СҲ æ
ֻڷdzҪʱӦдš
ο &man.intro.9; &man.style.9; ˽ڱϰߺԼ顣
˽ЩԼ ˵Ǽİ
´Ҫֵ
ṩģϴĴ룬 Ϊ FreeBSD Ҫ¹ܣ
ܱ뽫ͨ uuencode б룬 ij Web
FTP վ㣬 Աܹõ ûķ
뵽ص FreeBSD ʼб ǷԸǡ
ڴĴԣ ڰȨ϶ᱻ
FreeBSD ϵͳܹʹõİȨ
- BSD Ȩ
- BSD Ȩ ʹȨĴ룬
+ BSDBSD Ȩ Ȩ ʹȨĴ룬
Ϊ Ӷ
ܹҵҵʹá
FreeBSD ҵ˾ʹĴ룬 ෴
ǻعҵ˾ʹǵĴ룬
Ȼ հһִ¾ FreeBSD
ˡ
- GPLGNU General Public License
-
- GNU General Public License
-
- GNU General Public License GPL
+ GNU General Public LicenseGPLGNU General Public LicenseGNU General Public License GPL
DzܻӭʹȨĴ룬
Ϊҵ˾ʹҪĹ ںܶʹ
GPL ȨĴĿǰ (
ıŰȵ) ܾʹвȨǺܲǵġ
GPL ȨĴᱻŵԴһЩרŵλã
/sys/gnu
/usr/src/gnu
ԷЩʹ GPL ܻǴʶ
ʹȨĴڽ FreeBSD ֮ǰ뾭صĸͿǡ
ðƵҵȨĴ룬 һ˵ᱻܾ
ǹЩͨԼǡ
Ҫijɹϼ BSDʽ
İȨ
ıŵÿһԴļʼ֣
ʵ滻 %% ֮֡
Copyright (c) %%proper_years_here%%
%%your_name_here%%, %%your_state%% %%your_zip%%.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer as
the first lines of this file unmodified.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY %%your_name_here%% ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL %%your_name_here%% BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
$Id$
Ϊ˷ʹã
/usr/share/examples/etc/bsd-style-copyright
ҲҵȨĸ
ʽ Ӳ Internet
ǷdzԸܸʽľ Խһչ FreeBSD
Project ҵ Ϊ֧֣
־ԸŬܹиijɾͣ
ӲҲdzҪ Ϊܹӿֵ֧Ӳ࣬
еĺܶ˲û㹻ʽЩӲ
FreeBSD һӪġ п˰ȨĻᣬ
ĿΪ FreeBSD Project ܹɸӳԶĿꡣ
Ϊ 501(c)3 ʵ壬 һԻϽ˰
Լ˰ ͨڿ˰ʵо
۵Ӧ˰ֵĽ
֧Ʊ
The FreeBSD Foundation
7321 Brockway Dr.
Boulder, CO 80303
USA
FreeBSD ڿͨ PayPal Ͻܾ
web
վ
FreeBSD ĸ飬 FreeBSD
-- ҵ Ҫᣬ
뷢͵ʼ
bod@FreeBSDFoundation.org
Ӳ
FreeBSD ƻӭκ˾ʹõӲ
ȤӲ ϵ ˰칫
Internet
ǻӭµ FTP WWW
cvsup ϣΪľ
μ μ FreeBSD
һģ ˽һ
diff --git a/zh_CN.GB2312/books/handbook/boot/chapter.xml b/zh_CN.GB2312/books/handbook/boot/chapter.xml
index 67e51f1240..72edb0e0df 100644
--- a/zh_CN.GB2312/books/handbook/boot/chapter.xml
+++ b/zh_CN.GB2312/books/handbook/boot/chapter.xml
@@ -1,868 +1,864 @@
FreeBSD
ԼزϵͳḺ́Ϊ
Ϊ
FreeBSD ̸ûԶṩ˺ܴԣ
ѡͬIJϵͳͬһϵͳIJͬ汾ںˡ
½ϸ FreeBSD õѡ
ںˡ̽豸 &man.init.8; ȵ֮ǰ顣
Щһ㷢ıɰױʱ
֪
FreeBSD ϵͳĸ
Լ֮Ľʽ.
FreeBSD ʱѡԿ̡
&man.device.hints.5;Ļ֪ʶ
ֻx86
ֻ Intel x86 ϵ֮ϵ FreeBSD ̡
ԼϵͳһȤѾء
նڲϵͳ֮ǰκģдϵij
ûвϵͳ²ڴϵijϵͳǷڴϵģ
Dzϵͳأ
Munchausenоռ (The Adventures of
Baron Munchausen) ⱾһƵĹ£
һ˵ˮܵ ȻԼѥ (bootstrap)
˷˳ У
bootstrap ָϵͳļػƣ
дΪ booting
BIOS
/ϵͳBIOS
x86 ӲϵУ/ϵͳ (BIOS) زϵͳ
Ϊһ㣬BIOS ڴѰ¼ (MBR) MBR
ڷõĴ̵ضλáBIOS 㹻 MBR
ҼʹΪ MBR ɼزϵͳʣ
MBRҪBIOSİ
Master Boot Record (MBR)
Boot Manager
Boot Loader
MBRеĴͨΪ
ûࡣһͨиλڴ̵һ
ڲϵͳļϵͳС
(ʱҲΪboot loader
FreeBSDԺβʹ)
еboot0(Boot
Easy &os; )
GrubGAGԼ
LILO
(ֻboot0װýMBR)
ֻװһϵͳôһ MBR 㹻ˡ
MBR ڴ(ơġ)
ȻзϵĴԼزϵͳ֡
MBR&man.fdisk.8;װһȱʡMBRļΪ
/boot/mbr
ڴϰװ˶ϵͳôװһͬ
ʾһŲϵͳбܴѡĸ
һСۡ
ϵͳʣಿֱΪΡһ
MBR ִ,ֻʹض״̬ȻִеڶΡ
ڶɵöһЩɼزϵͳ
ΪΪ PC ԵһڶִеijĴСơ
Щһʹ FreeBSD ṩԵļ (loader)
ں
init
Ȼںʼ̽豸ʼǡ
һںں˽Ȩû &man.init.8;
ȷϴǷڿ״̬&man.init.8; ȻʼûԴã
ļϵͳԵ FreeBSD
ϵͳʱеĽ̡
Boot Manager
The Boot Manager
¼ (MBR)
MBRеĴʱΪ̵
0һСڱǰᵽе֣
boot0LILO
boot0
FreeBSD İװԼ boot0cfg(8) װ MBR
Ĭϻ /boot/boot0
(boot0dz
MBRеijֻ446ֽڳ
MBRĩ˵0x55AAʶҲҪռһЩռ䡣)
Ѿװboot0
жϵͳӲϣ
ôװ FreeBSD MBR Ұװ˶ϵͳ
ϵͳʱʾ
boot0
F1 DOS
F2 FreeBSD
F3 Linux
F4 ??
F5 Drive 1
Default: F2
ĿǰѾ֪һЩϵͳر &windows; Լ
MBR MBR 飬
FreeBSD MBR е MBRʹµ
&prompt.root; fdisk -B -b /boot/boot0 device
device Ҫд MBR
豸 ad0
һ IDE ̣ad2
ڶ IDE ϵĵһ IDE ̣
da0 һ SCSI ̣ȵȡ
ֻҪһõMBRʹ&man.boot0cfg.8;
The LILO Boot Manager:
Ҫ밲װҲFreeBSD
Linuxѡ뵽еļ
/etc/lilo.conf
other=/dev/hdXY
table=/dev/hdX
loader=/boot/chain.b
label=FreeBSD
ʹLinuxıʾָFreeBSD
X滻ΪLinuxĸ
Y滻ΪLinuxš
ʹõ SCSI Ҫ
/dev/hd ij /dev/sd
ٴʹ XY
װϵͳͬһϣ
ѡȥִ /sbin/lilo -v
ʹЧӦĻϵϢȷġ
һΣ/boot/boot1͵ڶΣ
/boot/boot2
ϣһڶͬһڴ̵ͬڿռƣ
DZΪ֡ǻһװǡɰװ
bsdlabel()Ա϶ɵ
/boot/boot
λļϵͳ⣬ĵһӵһʼboot0κ
ҵһУ̡
ʹõ/boot/bootĴСȷ
boot1 dzΪٶҲֻ 512 ֽڣ
ֻʶŷϢ bsdlabel
Ѱִ boot2
boot2 еǿܹ FreeBSD
ļϵͳԱѰļ
ṩѡں˺ͼļ档
Ϊ loader ŸǿĹܣ
ṩһʹõãboot2 һ㶼ִ loader
ǰֱںˡ
boot2 Ļ
>> FreeBSD/i386 BOOT
Default: 0:ad(0,a)/boot/loader
boot:
ҪѰװ boot1
boot2ʹ
&man.bsdlabel.8;
&prompt.root; bsdlabel -B diskslice
diskslice Ĵ̺ͷ
ad0s1
һ IDE ϵĵһ
dangerously dedicated
&man.bsdlabel.8; ֻʹ˴
ad0ͻƻϵз
Ȼϣģڰ س ֮ǰ
һҪжȷϡ
Σ/boot/loader
boot-loader
(loader) еΣ
Ƿļϵͳ֮еģһļ
/boot/loader
loader ΪһѺõ÷ʽʹһڽõ
ЩһǿĶĽֹ֧䱾иӵö
Loader
ʼʱloader ̨̽ʹ̣ʶǴĿġ
ЩϢñ
Խͨűʽû
loader
loader
loader Ȼȡ /boot/loader.rc
Ĭϵضȡ /boot/defaults/loader.conf
ÿɿĬϱȡ /boot/loader.conf
Щġloader.rc
Щжκαѡģںˡ
Ĭϵأloader ͣ 10 ȴ
ûзжϣͿʼںˡжϣûõһʾ
ûøıжģ顢ģ顢
Loader ڽ
Щõ loader .пĽμ
&man.loader.8;
autobootseconds
ڸʱûжϷںˡʾһʱ
Ĭϵʱ䷶Χ 10 롣
boot
-options
kernelname
ָѡֵָں (ָĻ)
ִֻй unload
ָ֮ںֲŻЧ
ĽǰѾصںˡ
boot-conf
ڱԸģԶ (ںʱһ)
ֻסҪʹ unload
ȻһЩ kernel
help
topic
ʾļ /boot/loader.help
ȡİϢ index
ôгпõ⡣
include filename
…
ͨļļļ룬Ȼһһеؽ͡
κδֹ include
load
type
filename
ںˡںģ飬Ǹ͵ļ (ͨļ)
κļIJᱻļ
ls
path
ʾ·ǸĿ¼ (·ûָ) ļб
ָ ѡļСҲʾ
lsdev
гпԼģ豸
ָ ѡʾϸڡ
lsmod
ʾѱصģ顣ָ ѡ
ʾϸڡ
more filename
ʾָļÿ LINES ͣһΡ
reboot
ϵͳ
set variable
set
variable=value
loader Ļ
unload
Ƴѱصģ顣
Loader ʾ
һЩʵ loader ÷ʾ
- single-user mode
- ֻǼĬںˣͬǽ뵥ûģʽ
+ ֻǼĬںˣͬǽ뵥ûģʽsingle-user mode
boot -s
жĬں˺ģ飬Ȼؾɵ () ںˣ
-
- kernel.old
-
unload
load kernel.old
ʹñΪͨں˵ kernel.GENERIC
- ǰװں kernel.old
+ ǰװں kernel.oldkernel.old
(Լں˵ʱ)
ʹسõģһںˣ
unload
set kernel="kernel.old"
boot-conf
ںýű
load -t userconfig_script /boot/kernel.conf
Joseph J.
Barbish
Contributed by
ʱ Splash ͼ
ʱֵ splash ͼԭϢӿӻ
ͼʼʾĻֱֿ̨ĵ¼ʾ
X ʾṩ˵¼档
&os; ϵͳĻ
һĬϴͳĿ̨л ϵͳ֮
ڿ̨ϳһ¼ʾ ڶ X11
ͼλ ڰװ X11
һͼ 滷
GNOME
KDE
XFce
X11 startx С
ͳַĵ¼ʾЩûܸϲ X11
ͼλĵ¼档 ͼλĵ¼
&xorg; XDM
GNOME gdm
KDE kdm
( Port Collection е)
϶ṩһͼλĵ¼̨ϵĵ¼ʾ
ڳɹ¼֮ չָûһͼλ档
л splash
ͼʾ¼ʾ֮ǰʱļϢ
X11 ûһӾϸˬ飬
ijЩ (µsoft; &windows; ߷ &unix; ͵ϵͳ)
ûϣ鵽ġ
Splash ͼ
Ŀǰ splash ͼĹ֧ܽ 256 ɫλͼ
(.bmp) ZSoft
PCX (.pcx) ļ
⣬ splash ͼļķֱʱ 320x200 ػ߸٣
Źڱ VGA ʹá
Ҫʹóߴͼ ﵽֱ 1024x768 أ
迪 &os; VESA ֧֡
ͨϵͳʱ VESA ģɣ
ںļм VESA ѡ
( ) VESA
ָ֧ûʾʾ
ʱ splash ͼͻᱻʾĻϣ
κʱرա
Splash ͼͬҲ X11 ֮ĬϵĻ
һʱúĻתΪԵı任ʾ splash ͼ
ܶʼ Ĭϵ splash ͼ (Ļ)
/etc/rc.conf е
saver= ѡơ
saver= ѡһЩõĻɹѡ
б &man.splash.4; ֲҳҵ
ĬϵĻΪ warp
ע /etc/rc.conf ָ
saver= ѡӦ̨
X11 ͼλĵ¼Ч
һЩйϢ
ѡ˵һʱʾʱʾ
ǿ splash ͼܡ
splash ͼļԴ http://artwork.freebsdgr.org ء
װ sysutils/bsd-splash-changer
port ֮ ÿʱܴӼѡ
splash ͼ
Splash ͼ
Splash ͼ (.bmp)
(.pcx) ļ root ϣ
/boot Ŀ¼
Ĭϵʾֱ (256 ɫ320x200 ػ)
༭ /boot/lodaer.conf
µã
splash_bmp_load="YES"
bitmap_load="YES"
bitmap_name="/boot/splash.bmp"
ڸߵķֱʣ 1024x768 أ
༭ /boot/lodaer.conf
µã
vesa_load="YES"
splash_bmp_load="YES"
bitmap_load="YES"
bitmap_name="/boot/splash.bmp"
Щü
/boot/splash.bmp
ΪҪʹõ splash ͼ Ҫʹ PCX
ļʱ ã ݷֱʵĸߵ
vesa_load="YES"
splash_pcx_load="YES"
bitmap_load="YES"
bitmap_name="/boot/splash.pcx"
ļе splash
κƣֻҪ BMP
PCX ͵ļ
splash_640x400.bmp
blue_wave.pcx.
һЩȤ loader.conf ѡ
beastie_disable="YES"
⽫رʾѡ˵
ǵʱȻ֡ ˵ѡõʱ
ڵʱμӦѡȻЧ
loader_logo="beastie"
⽫滻ѡ˵ҲĬʾ
&os;
ΪɫСħ־
ķа
&man.splash.4; &man.loader.conf.5;
&man.vga.4; ֲҳȡϸϢ
ںʱĽ
ں
һں˱ loader (һ) boot2 (Խ loader) أ
־еĻͻбҪĶ
ں־
ں
־
һЩõ־
ں˳ʼʱѯΪص豸
CDROM
UserConfig (ʱں)
뵥ûģʽ
ںʾеϢ
и־Ķ &man.boot.8;
ԻȡйǵϢ
Tom
Rhodes
Contributed by
Device Hints
device.hints
ڳʼϵͳʱ&man.loader.8; ȡ
&man.device.hints.5; ļļԱʽںϢ
ʱΪ device hints
豸device hints
豸á
Device hints Ҳ
εboot loader ʾָ
set ӣunset ɾ
show 鿴ļ /boot/device.hints
õıﱻǡ boot loader
еıԵģ´ʱͻᱻǡ
һϵͳɹ&man.kenv.1; еı
ļ /boot/device.hints һһ
ʹ#
Ϊעͱǡ
ÿǰ·ʽ֯ģ
hint.driver.unit.keyword="value"
boot loader ǣ
set hint.driver.unit.keyword=value
driver 豸unit
豸λkeyword hint ؼ֡
ؼֿѡɣ
atָ豸
portָʹ I/O
ʼַ
irqָʹõжš
drqָ DMA channel š
maddrָ豸ռõڴַ
flags豸øֱ־λ
disabled 1
豸á
豸ܹܸ hintsƼοǵֲᡣο
&man.device.hints.5;&man.kenv.1;&man.loader.conf.5;
&man.loader.8; ֲԻȡϢ
Init̿Ƽʼ
init
һںͰѿȨû
&man.init.8; /sbin/init
init_path ָij·С
loader õġ
Զ
Զ̻ȷϵͳпõļϵͳڽ״̬
ǣ ʹ &man.fsck.8; ҲЩ⣬
&man.init.8; ûģʽ
ԱϵͳԱֱЩ⡣
ûģʽ
ûģʽ
̨
ģʽͨ
Զ ͨ
ѡûͨ loader
boot_single ȶַʽﵽ
Ҳڶûģʽµ () ѡͣ
() ѡ &man.shutdown.8;
뵥ûģʽ
ϵͳ ̨ ļ
/etc/ttys бΪ
ȫ(insecure)
ڳʼûģʽǰҪ root
ʾ
/etc/ttys ļеIJǫ̈̄
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password # when going to single-user mode.
console none unknown off insecure
ѿ̨ó ȫ (insecure)
ʹֻ֪ root ˲ܽ뵥ûģʽ
ΪΪ̨Dzȫġǵȫԣ
ѡ ȫ (insecure)
ȫ (secure)
ûģʽ
ûģʽ
&man.init.8; ļϵͳһֻûûģʽ˹
ϵͳͻûģʽʼϵͳԴá
Դ (rc)
rc ļ
Դ÷ֱļ /etc/defaults/rc.conf
/etc/rc.conf жȡĬúϸã
Ȼļ /etc/fstab ἰļϵͳ
ϵͳػ̣ذװű
&man.rc.8; ֲǹԴõĺܺõIJο
ػ (shutdown)
shutdown
&man.shutdown.8; ķĹػУ
&man.init.8; /etc/rc.shutdown ű
н̷ TERM źţ ʱֹͣĽ̷
KILL źš
ֵ֧Դƽ̨Ϲر FreeBSD ϵͳĵԴ ֻҪʹ
shutdown -p now ɡ ⣬
shutdown -r now FreeBSD Ҫִ &man.shutdown.8;
root û operator ijԱ
Ҳʹ &man.halt.8; &man.reboot.8; رϵͳ
οǵֲԻøϢ
ԴҪ֧֣ Ҫں֧
&man.acpi.4; ģʽ
diff --git a/zh_CN.GB2312/books/handbook/l10n/chapter.xml b/zh_CN.GB2312/books/handbook/l10n/chapter.xml
index 2975100ce9..63be4917f6 100644
--- a/zh_CN.GB2312/books/handbook/l10n/chapter.xml
+++ b/zh_CN.GB2312/books/handbook/l10n/chapter.xml
@@ -1,846 +1,843 @@
Andrey
Chernov
Contributed by
Michael C.
Wu
Rewritten by
ػI18N/L10Nʹú
FreeBSDһɷֲȫûֵ֧Ŀ
½FreeBSDĹʻͱػ,ӢûҲʹFreeBSDܺõع
ϵͳӦˮƽϣҪִͨi18NʵֵģǽΪṩϸĽܡ
һ£˽⣺
ͬԺ͵ִϵͳϽбġ
Ϊĵshellñػ
Ŀ̨ΪӢԡ
languages.
ʹòͬЧʹX Windows
ҵйؿi18NӦóϢ
Ķ֮ǰӦ˽⣺
װĵ
֪ʶ
I18N/L10N ʲô
ʻ
ػ
ػ
ԱinternationalizationдI18N,мǰĸĸ
L10Nlocalization
ʹͬ
I18N/L10NЭӦýһûʹԼѡԡ
I18NӦóʹI18N̡Աдһļ
ͿԽʾIJ˵ıɱԡǷdzԱѭֹ
ΪʲôҪʹI18N/L10N?
I18N/L10Nܹܺõ֧鿴Ӣԡ
I18N֧Щԣ
I18NL10NFreeBSDеġǰ֧Ͼԣ
ڣģģģģģģԽĵȵȡ
ʹñػ
I18NFreeBSDеģһǹFreeBSDһ
locale
ػҪ߱Դ (Language Code) Ҵ
(Country Code) ͱ(Encoding) ֿЩ죺
Դ_Ҵ.
ԺҴ
Դ
Ҵ
ΪFreeBSDϵͳбػ&unix;ϵͳ
ûҪ֪ӦĹҺԴ루ҴӦóʹһԹ淶
⣬WEBSMTP/POPwebȶΪġһҺԴ:
/Ҵ
en_US
Ӣ
ru_RU
zh_CN
ASCII
һЩԲʹ ASCII 룬ʹ8-λ ֽڵַ
Ϣο &man.multibyte.3;
ȽϵӦóܻʶǣ Ϊǿַ
ȽµӦóͨϳ 8-λַ ʵֵIJͬ
ûܲòֱַֽ֧Ӧó һЩã
ܹʹǡ Ҫʹַֽ FreeBSD Ports Collection
ѾΪÿṩ˲ͬij ο FreeBSD Port е I18N
ĵ
رҪָǣ ûҪ鿴Ӧóĵ
ȷȷ ҪΪ configure/Makefile/
ָʲôIJ
סЩ:
ضԵļCַ (μ &man.multibyte.3;)
ISO8859-1, ISO8859-15, KOI8-R, CP437
ֽڻֽڱ룬EUC, Big5
IANA Registryһеַб
˲ͬǣ &os; ʹ X11-ݵıرģʽ
I18NӦó
FreeBSD PortsPackageϵͳ棬I18NӦóѾʹI18N
ȻDz֧Ҫԡ
ػ
ֻͨҪڵshellLANGΪػ
һͨû ~/.login_conf
ûshellļ~/.profile~/.bashrc,
~/.cshrcûбҪ
LC_CTYPELC_CTIME
ϢοضԵFreeBSDĵ
Ӧļ
- POSIX
- LANG Ϊ&posix;ñػԹܡ
+ LANG Ϊ&posix;ñػԹܡPOSIX
- MIME
-
- MM_CHARSETӦóMIMEַ
+ MM_CHARSETӦóMIMEַMIME
ûshellãضӦúX11á
ñػķ
ػ
ַñػ
һ (Ƽ) ָ
ڶַǰѻӵshellļ档
ַѱػƺMIMEַĻܵshell
Ǽӵÿضshellļ档
û
Level Setup ͨûԼãԱҪûȨޡ
û
һûĿ¼ļ.login_confСӣ
ΪLatin-1롣
me:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:
BIG-5
һΪ.login_conf÷ĵBIG-5ӡӦĴֱ
ΪܶûΪģĺͺȷıػ
#Users who do not wish to use monetary units or time formats
#of Taiwan can manually change each variable
me:\
:lang=zh_TW.Big5:\
:setenv=LC_ALL=zh_TW.Big5:\
:setenv=LC_COLLATE=zh_TW.Big5:\
:setenv=LC_CTYPE=zh_TW.Big5:\
:setenv=LC_MESSAGES=zh_TW.Big5:\
:setenv=LC_MONETARY=zh_TW.Big5:\
:setenv=LC_NUMERIC=zh_TW.Big5:\
:setenv=LC_TIME=zh_TW.Big5:\
:charset=big5:\
:xmodifiers="@im=gcin": #Set gcin as the XIM Input Server
ϢοԱ&man.login.conf.5;
Ա
ûĵ
/etc/login.confǷȷԡҪȷļã
language_name|Account Type Description:\
:charset=MIME_charset:\
:lang=locale_name:\
:tc=default:
ٴʹǰLatin-1ӣ
german|German Users Accounts:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:\
:tc=default:
ûĵ֮ǰ Ӧִ
&prompt.root; cap_mkdb /etc/login.conf
Աʹ
/etc/login.conf Ч
ʹ &man.vipw.8; ı͡
vipw
ʹvipwû
user:password:1111:11:language:0:0:User Name:/home/user:/bin/sh
&man.adduser.8;ı͡
adduser
adduserû
/etc/adduser.confdefaultclass =
ӦüסΪʹԵû
ȱʡ
ÿһʹ&man.adduser.8;ʱһضԵĿѡԻش
Enter login class: default []:
ÿһûʹһԣӦ
&prompt.root; adduser -class language
ʹ&man.pw.8;ı͡
pw
ʹ&man.pw.8;ûӦʹã
&prompt.root; pw useradd user_name -L language
Shellļ
ƼʹַΪҪÿһܵshellһͬļ
Ӧַ
MIME
locale
ΪñػƺMIMEַֻҪ/etc/profile
/etc/csh.loginļʹõӣ
/etc/profile棺
LANG=de_DE.ISO8859-1; export LANG
MM_CHARSET=ISO-8859-1; export MM_CHARSET
/etc/csh.login棺
setenv LANG de_DE.ISO8859-1
setenv MM_CHARSET ISO-8859-1
⣬ӵ/usr/share/skel/dot.profile
ǰ/etc/profileһ/usr/share/skel/dot.login
ǰ/etc/csh.loginһ
X11
$HOME/.xinitrc棺
LANG=de_DE.ISO8859-1; export LANG
ߣ
setenv LANG de_DE.ISO8859-1
shell(棩
̨
еļCַ/etc/rc.conf۵ȷĿַ̨
font8x16=font_name
font8x14=font_name
font8x8=font_name
font_name/usr/share/syscons/fontsĿ¼
.fnt
sysinstall
keymap
screenmap
ҪĻ Ӧͨ
sysinstall 뵥ֽ C
ַӦ keymap screenmap
sysinstall У
ѡ Configure ֮ѡ
Console ɽá
֮⣬ Ҳ /etc/rc.conf мã
scrnmap=screenmap_name
keymap=keymap_name
keychange="fkey_number sequence"
screenmap_name/usr/share/syscons/scrnmapsĿ¼
.scm һӰĻͨΪһ
VGAչ8λ9λ Ļʹһ8λУҪƶЩĸ뿪Щ
/etc/rc.confmoused daemon
moused_enable="YES"
ôҪһμָϢ
moused
Ĭ£ &man.syscons.4;ַָռ0xd0-0xd3ķΧ
ʹΧָ뷶ΧƳΧ
Ҫƹ⣬ Ҫ
/etc/rc.conf м룺
mousechar_start=3
keymap_name
/usr/share/syscons/keymaps Ŀ¼
ȥ .kbd
ȷӦʹһ̲֣ ʹ &man.kbdmap.1;
ԣ 跴
ͨ keychange 趨ܼʱ
ƥѡն˵DZģ Ϊܼڼ̲ж塣
Ӧü鲢ȷ
/etc/ttys ѾΪе ttyv*
ȷն͡ Ŀǰ صĬ϶ǣ
ַ
ն
ISO8859-1 or ISO8859-15
cons25l1
ISO8859-2
cons25l2
ISO8859-7
cons25l7
KOI8-R
cons25r
KOI8-U
cons25u
CP437 (VGA default)
cons25
US-ASCII
cons25w
ڶַֽԣ
/usr/ports/language
Ŀ¼ʹȷFreeBSD portһЩportԿ̨֣
ϵͳΪvttyնˣˣ Ϊ X11
αп̨㹻vttyնˡ
ڿ̨ʹԵӦóIJб
ض
Traditional Chinese (BIG-5)
chinese/big5con
Japanese
japanese/kon2-16dot or
japanese/mule-freewnn
Korean
korean/han
X11
ȻX11FreeBSDƻһ֣
ѾΪFreeBSDûһЩϢ
ϸڿԲο&xorg;
Web վ
ʹõ X11 Server վ
~/.Xresources棬ʵضӦóI18Nã壬˵ȣ
ʾ
X11 True Type
װ &xorg;
(x11-servers/xorg-server)
ȻװӦԵ &truetype; 塣 ȷĵϢ
⽫ܹڲ˵طѡԡ
Ӣַ
X11뷽(XIM)
X11뷽XIMЭX11ͻ˵һ±
нΪXIMͻдX11ӦóXIM롣
ͬмXIMá
ӡ
һЩCַͨӲӡġλַҪضã
ƼʹapsfilterҲʹضתĵתΪ
&postscript;PDFʽ
ں˺ļϵͳ
FreeBSD Ŀļϵͳ (FFS) ȫ֧ 8-λ ַģ
Աκμ C ַ (μ &man.multibyte.3;)
ļϵͳвᱣַ֣
Ҳ˵ ĵر 8-λϢ ֪α롣
ʽ˵ FFS Ŀǰ֧κʽĿַֽ
ijЩַṩ˶
FFS IJùǵ֧֡ ĿǰЩҪôֲģ
Ҫôڴֲڣ DzǼ뵽ԴС
οԵ Web վ㣬 ˽ЩĽһ
DOS
Unicode
FreeBSD &ms-dos;Ѿܹó&ms-dos;ϣUnicodeַͿѡFreeBSDļϵͳַĸϢ
ο &man.mount.msdosfs.8; ֲᡣ
I18N
FreeBSD PortsѾ֧I18NˡеһЩ-I18Nǡ
ЩܶѾڽI18N֧֣Ҫˡ
MySQL
ȻһЩMySQLӦóҪַ
MakefileãֱӰѲݸconfigure
ػFreeBSD
Andrey
Chernov
Originally contributed by
KOI8-R룩
ػ
KOI8-RĸϢKOI8-RοRussian Net Character Set
м뵽~/.login_confļ
me:My Account:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:
οǰػӡ
̨
һмӵ
/etc/rc.conf
mousechar_start=3
/etc/rc.conf ã
keymap="ru.koi8-r"
scrnmap="koi8-r2cp866"
font8x16="cp866b-8x16"
font8x14="cp866-8x14"
font8x8="cp866-8x8"
/etc/ttysttyv*¼Ҫʹ
cons25rΪն͡
οǰ̨ӡ
ӡ
ӡ
ȻַĴӡѭCP866ı
ôҪһKOI8-RCP866תضһĬϵİװ
/usr/libexec/lpr/ru/koi2alt
һֶ֧Ĵӡ/etc/printcap¼ģ
lp|Russian local line printer:\
:sh:of=/usr/libexec/lpr/ru/koi2alt:\
:lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:
Ϣο&man.printcap.5;ֲҳ
&ms-dos;ļϵͳͶļ
ڹ&ms-dos; ļϵͳöԶļֵ֧&man.fstab.5;¼
/dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0
ѡ ѡƣ
ַת
Ҫʹ ѡ
һҪȹҽ /usr
Ȼٹҽ &ms-dos; ΪתǷ
/usr/libdata/msdosfs ġ
Ҫ˽һϸڣ ο &man.mount.msdosfs.8; ֲᡣ
X11
ǰܵ -X
ıػ
ʹ &xorg; 밲װ
x11-fonts/xorg-fonts-cyrillic
package
/etc/X11/xorg.conf ļе
"Files" Сڡ У Ӧӵκ
FontPath ֮ǰ
FontPath "/usr/local/lib/X11/fonts/cyrillic"
鿴 ports е塣
Ҫ̣ Ҫ
xorg.conf ļ
"Keyboard" Смݣ
Option "XkbLayout" "us,ru"
Option "XkbOptions" "grp:toggle"
ҪȷXkbDisable Ѿر (ע͵) ˡ
RUS/LATлCapsLockϵCapsLockܿͨ
ShiftCapsLock
ģ⣨ֻLATģʽʱ
ʹ grp:toggle
ʱ RUS/LAT л Alt
ʹ grp:ctrl_shift_toggle ʾл
CtrlShift
ʹ grp:caps_toggle
ʱ RUS/LAT л CapsLock
ɵ CapsLock Կͨ ShiftCapsLock (ֻ LAT
ģʽЧ) ڲԭ
grp:caps_toggle
&xorg; ʹá
ļ &windows;
RUS ģʽ£ ijЩĸӳ䲻 Ӧ
xorg.conf ļмУ
Option "XkbVariant" ",winkeys"
XKB ̿ܲΪijЩ߱ػܵӦó֧֡
ػӦڳʱ XtSetLanguageProc (NULL, NULL,
NULL);
μ
KOI8-R for X Window Իùڶ X11 Ӧýбػָ
÷
ػ
FreeBSD-TaiwanƻһʹúܶportsĻָ
Ŀǰ FreeBSD Ļָ άԱ
statue@freebsd.sinica.edu.tw
statue@freebsd.sinica.edu.tw
FreeBSD-Taiwan zh-L10N-tut
Chinese FreeBSD Collection (CFC) ص packages ͽűȿ
ҵ
ﱾػʺеISO 8859-1ԣ
ػ
Slaven Rezic eserte@cs.tu-berlin.de
дһ FreeBSD ʹնԵĵָϡ ݵ̳̿
ҵ
ϣﱾػ
localization (ػ)
Greek (ϣ)
Nikos Kokkalis nickkokkalis@gmail.com
д˹ &os; ֧ϣ£ http://www.freebsd.org/doc/el_GR.ISO8859-7/articles/greek-language-support/index.html
עƪ ֻ ϣİ汾
ͺﱾػ
ػ
ػ
ﱾػοο
ӢFreeBSDĵ
һЩ FreeBSD ĹѾ FreeBSD ĵԡ
վ Լ
/usr/share/doc ҵ
diff --git a/zh_CN.GB2312/books/handbook/network-servers/chapter.xml b/zh_CN.GB2312/books/handbook/network-servers/chapter.xml
index ab71f2b27e..18435169f1 100644
--- a/zh_CN.GB2312/books/handbook/network-servers/chapter.xml
+++ b/zh_CN.GB2312/books/handbook/network-servers/chapter.xml
@@ -1,4843 +1,4829 @@
Murray
Stokely
Reorganized by
Ҫ
½ijЩ &unix; ϵͳϳõ⽫漰
ΰװáԺάֲͬ͵½н
ļܹ档
ڶ걾֪֮
ι inetd
һļϵͳ
һϢԹûʺš
ͨDHCPԶ硣
һ
Apache HTTP
ļ䣨FTP
ʹSambaΪ &windows;
ͻļʹӡ
ͬʱڣԼʹNTPЭʱ
ñ־ػ̣
syslogd Զ־
ͽ֮ǰӦ
й/etc/rcнűĻ֪ʶ
Ϥ
ΰװĵ
Chern
Lee
Contributed by
The &os; Documentation Project
inetd
&man.inetd.8; ʱҲ Internet
ΪΪַӡ
inetd յʱ
ܹȷij ӦḶ̌
socket ( socket Ϊı롢
ʹ) ʹ
inetd Щزصķڽϵͳأ
ΪҪΪÿķ
һ˵ inetd Ҫ
ҲֱӴijЩķ
chargen
auth Լ
daytime
һڽܹͨѡ Լļ
/etc/inetd.conf
inetd õһЩ֪ʶ
inetd ͨ &man.rc.8; ϵͳġ
inetd_enable ѡĬΪ
NO ڰװϵͳʱ
ûҪͨ sysinstall
inetd_enable="YES"
inetd_enable="NO"
д
/etc/rc.conf ûϵͳʱ
inetd Զ
&prompt.root; /etc/rc.d/inetd rcvar
ʾĿǰá
⣬ ͨ
inetd_flags inetd
ݶ
ѡ
ƣ inetd
ҲṩΪڶԿΪIJ IJб£
inetd
Щͨ
/etc/rc.conf
inetd_flags ѡ inetd
Ĭ£
inetd_flags Ϊ
-wW -C 60 ߱ʾϣΪ
inetd ķ TCP wrapping
ֹͬһ IP ÿӳ 60 ε
ȻǻܹƵʵѡ
ѧûܻܸ˵طЩͨҪġ
յʱ Щѡпܻᷢá
IJб &man.inetd.8; ֲҵ
-c maximum
ָĬΪޡ
Ҳڴ˷ľͨĵ
-C rate
ָһܱIPַõ
ĬϲޡҲڴ˷ľͨ
ĵ
-R rate
ָһܱõĬΪ256
Ϊ0 á
-s maximum
ָͬһ IP ͬʱͬһʱֵ ĬֵΪơ
ͨ
ԷΪλơ
inetd.conf
inetd ã
ͨ /etc/inetd.conf ļɵġ
/etc/inetd.conf ֮ ʹǿ
inetd ¶ȡļ
¼ inetd
ļ
&prompt.root; /etc/rc.d/inetd reload
ļеÿһжһķ ļУ ǰ
#
ݱΪע͡
/etc/inetd.conf ļĸʽ£
service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
user[:group][/login-class]
server-program
server-program-arguments
IPv4 &man.ftpd.8; ӣ
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
service-name
ָķ/etc/servicesгһ¡
⽫inetdĸport
һµķҪӣ/etc/servicesӡ
socket-type
streamdgramraw
seqpacket stream
ڻӵ TCP dgram ʹ UDP Эķ
protocol
֮һ
Э
˵
tcp tcp4
TCP IPv4
udp udp4
UDP IPv4
tcp6
TCP IPv6
udp6
UDP IPv6
tcp46
Both TCP IPv4 and v6
udp46
Both UDP IPv4 and v6
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]]
ָinetd
ͷõķǷԼsocket.
socketͱʹ
stream socket daemons ͨʹö̷߳ʽӦʹ
. ͨѶ
socket ̣
Ϊÿµ socket һӽ̡
ѡܹ
inetd Ϊӽ
ijضҪ10ʵ /10
ŵͷͿˡ ָ /0
ʾӽ̵
֮⣬
ѡͬһλõض
ض IP
ַÿӵ 磬 κ
IP ַÿʮΡ
Ϊijһ IP ַκʱӽ
ЩѡڷֹԷԴĽߺ;ܾ (DoS)
ʮá
ֶУ ָ
֮һ
ǿѡ
ʽ̷߳ Ҳκ
ʱ
Ϊ nowait
ͬһ ϣΪʮʱ
ǣ nowait/10
ͬã ÿ IP ַÿӶʮΣ
ͬʱӽʮ Ӧд
nowait/10/20
&man.fingerd.8; Ĭã
finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
У ӽΪ
100 IP ͬʱ 5 ӣ
nowait/100/0/5
user
ÿָʲôûСһԣ
rootڰȫĿģԿЩ
daemonݣСȨ
nobodyС
server-program
ӵʱִзȫ·
inetdṩģ档
server-program-arguments
õʱÿ
ֵͨargv[0]ͨݸ
Ϊmydaemon -d
mydaemon -dΪ
صֵͬģinetd
ṩģﻹ
Security
氲װʱѡģʽͬ
inetd ķѾĬá
ȷʵҪijضķ Ӧǽ
/etc/inetd.conf У
Ӧǰ #
Ȼ ¼
inetd Ϳˡ ijЩ
fingerd ȫҪģ
ΪṩϢܶԹá
ijЩʱȱٰȫʶģ йѹûijʱơ
ʹùܹͨضЩӣ ľõԴ
ƣ
ԼΪǸð취
Ĭ£TCP wrapping Ǵġο
&man.hosts.access.5; ֲᣬԻøڸ inetd
õķTCPƵϢ
daytime
time
echo
discard
chargen Լ
auth inetd
ṩڽ
auth ṩݷ
Ϊṩͬķ ֻܼͨĴرա
ο &man.inetd.8; ֲøϢ
Tom
Rhodes
Reorganized and enhanced by
Bill
Swingle
Written by
ļϵͳNFS
NFS
ļϵͳFreeBSDֵ֧ļϵͳеһ֣
ҲΪ NFS NFSһϵͳ˹Ŀ¼ļͨʹNFSûͳʱļ
һԶϵͳϵļ
NFSԶĺô
عվʹøٵĴ̿ռ䣬ΪͨݿԴһ
̨϶ҿͨʵ
ûÿϻͷһhomeĿ¼HomeĿ¼
ԱNFSϲϴá
CDROM &iomegazip; ֮Ĵ洢豸汻Ļʹá
ԼϵĿƶ豸
NFSι
NFS ٰҪIJ֣ һ̨
Լһ̨ͻ ͻԶ̵طʱڷϵݡ
Ҫһת Ҫòм
·
NFS
server ()
ļ
UNIX ͻ
rpcbind
mountd
nfsd
nfsd
NFSΪNFSͻ˵
mountd
NFSط&man.nfsd.8;ݽ
rpcbind
˷
NFS ͻѯڱ NFS ʹõĶ˿ڡ
ͻͬһЩ̣
nfsiod
nfsiodNFS
ǿѡģҿܣͨȷIJ˵DZġ
ο&man.nfsiod.8;ֲøϢ
NFS
NFS
configuration
NFSùԼֻҪ
/etc/rc.confļһЩġ
NFSˣȷ/etc/rc.conf
ļͷ¿ض:
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
ֻҪNFSΪenablemountd
ԶС
ڿͻһ࣬ȷس
/etc/rc.confͷ:
nfs_client_enable="YES"
/etc/exportsļָĸļϵͳ
NFSӦʱΪ
/etc/exportsÿָһļϵͳ
ЩԷʸļϵͳָȨͬʱѡ
ҲԱָкܶؿԱļͷ
ϸ̸ͨĶ&man.exports.5; ֲЩء
һЩ/etc/exportsӣ
NFS
export examples
һļϵͳӣ 绷ء
磬 Ҫ /cdrom ̨ͬ
(ֻл ûиЩ)
/etc/hosts ļнá
־ʾļϵͳΪֻ ʹ־
ԶϵͳļϵͳϾͲдκα䶯ˡ
/cdrom -ro host1 host2 host3
ӿ/homeIPַʽʾ
ûDNS˽ͷá
⣬ /etc/hosts ļҲο &man.hosts.5;
Ŀ¼Ϊص㡣
Ҳ˵ͻ˿ԸҪҪĿ¼
/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4
漸 /a ԱԲͬĿͻ˿Էļϵͳ
ȨԶϵͳϵ
root ûڱļϵͳrootݽжд
ûرָ -maproot=root ǣ
ʹûԶϵͳ root ݣ
Ҳıļϵͳϵļ
/a -maproot=root host.example.com box.example.org
Ϊܹʵļϵͳͻ˱뱻Ȩ
ȷϿͻ /etc/exports г
/etc/exports ͷÿһ棬ϢļϵͳһһӦ
һԶÿֻܶӦһļϵͳֻһĬڡ磬
/usr Ƕļϵͳ /etc/exports Чģ
# Invalid when /usr is one file system
/usr/src client
/usr/ports client
һļϵͳ/usr ָͬһ
client.
һȷĸʽǣ
/usr/src /usr/ports client
ͬһļϵͳУ ָͻĿ¼ дͬһϡ
ûָͻлᱻΪǵһ ļϵͳ
Ծ˵ⲻ⡣
һЧбӣ
/usr /exports
DZļϵͳ
# Export src and ports to client01 and client02, but only
# client01 has root privileges on it
/usr/src /usr/ports -maproot=root client01
/usr/src /usr/ports client02
# The client machines have root and can mount anywhere
# on /exports. Anyone in the world can mount /exports/obj read-only
/exports -alldirs -maproot=root client01 client02
/exports/obj -ro
/etc/exports ļ֮
ͱ mountd ¼
ԱʹЧ һַͨеķ HUP
źɣ
&prompt.root; kill -HUP `cat /var/run/mountd.pid`
ָʵIJ mountd &man.rc.8; ű
&prompt.root; /etc/rc.d/mountd onereload
ʹ rc űϸڣ μ
⣬ ϵͳ FreeBSD һжŪá ˣ
DZġ root ִԸ㶨һС
NFS ˣ
&prompt.root; rpcbind
&prompt.root; nfsd -u -t -n 4
&prompt.root; mountd -r
NFS ͻˣ
&prompt.root; nfsiod -n 4
ÿ鶼ӦþԱһԶļϵͳ Щͷ
ֽǣserver ͻ˵ֽǣ client
ֻʱһԶļϵͳֻǴȷ
ֻҪڿͻ root ִ
NFS
mounting
&prompt.root; mount server:/home /mnt
ѷ˵ /home Ŀ¼صͻ˵ /mnt ϡ
ȷӦÿԽͻ˵ /mnt Ŀ¼ҿз˵ļ
ϵͳÿʱԶԶ˵ļϵͳǸļϵͳӵ
/etc/fstab ļͷȥӣ
server:/home /mnt nfs rw 0 0
&man.fstab.5; ֲпõĿء
ijЩӦó ( mutt)
Ҫļֲ֧С ʹ
NFS ʱ rpc.lockd
֧ļܡ Ҫ
ҪڷͿͻ /etc/rc.conf м
(ٶ˾ NFS)
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
Ȼʹó
&prompt.root; /etc/rc.d/lockd start
&prompt.root; /etc/rc.d/statd start
Ҫ NFS ͻ
NFS ȷ壬
NFS ͻڱ
ʹ &man.mount.nfs.8; ʱָ
μ &man.mount.nfs.8; ֲ˽ϸڡ
ʵӦ
NFS кܶʵӦáDZȽϳһЩ
NFS
uses
һ̨CDROM豸ڶ̨аװ˵ӱ˸㡣
ڴУһ̨ NFS ûhomeĿ¼ܻ
ЩĿ¼ܱԱų̂վϵ¼ܵõͬhomeĿ¼
̨ͨõ/usr/ports/distfiles Ŀ¼
ĻҪڼ̨ϰװportʱÿ̨豸ضٷԴ롣
Wylie
Stilwell
Contributed by
Chern
Lee
Rewritten by
ͨ amd Զعҽ
amd
Զҽӷ
&man.amd.8; (Զҽӷ) ܹԶڷʱҽԶ̵ļϵͳ
ļϵͳһʱ֮ûл ᱻ
amd Զж¡ ͨʹ
amd ܹṩһ־ùҽѡ
Ҫ
/etc/fstab
amd ͨԼ NFS ʽ
ӵ /host
/net Ŀ¼
ЩĿ¼еļʱ amd
ӦԶ̹ҽӵ㣬 Զعҽӡ
/net ڹҽԶ IP ַϵļϵͳ
/host ڹҽԶϵļϵͳ
/host/foobar/usr еļ ൱ڸ
amd Թҽ
foobar ϵ
/usr
ͨ amd ҽӵļϵͳ
ͨʹ showmount
鿴Զϵļϵͳ 磬
Ҫ鿴 foobar ϵļϵͳ ã
&prompt.user; showmount -e foobar
Exports list on foobar:
/usr 10.10.10.0
/a 10.10.10.0
&prompt.user; cd /host/foobar/usr
ͬǰģ showmount ʾ˵
/usr
/host/foobar/usr Ŀ¼ʱ amd
Խ foobar
ԶعҽҪļϵͳ
amd ͨű
/etc/rc.conf м룺
amd_enable="YES"
֮⣬ Ը
amd ͨ
amd_flags ѡݶIJ Ĭ£
amd_flags Ϊ
amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
/etc/amd.map
ļ˹ҽӵļϵͳʱʹõĬѡ
/etc/amd.conf ļ ˸
amd ĸѡ
ο &man.amd.8; &man.amd.conf.5; ֲᣬ
˽һ
John
Lind
Contributed by
ϵͳʱij
ijЩض ISA PC ϵͳϵ̫һЩƣ
Щƿܻᵼص⣬ ر NFS ʹʱ
ЩⲢ FreeBSD еģ FreeBSD ϵͳܵЩӰ졣
⣬ ڵ (FreeBSD) PC ϵͳܵĹվ
Silicon Graphics, Inc., Sun Microsystems, Inc. Ĺվʱ
NFS ҽܹ һЩҲܳɹ
ܿöԿͻ̫ᣬ
ȻͻȻܹ
ͨڿͻˣ һ FreeBSD ϵͳնˡ
ϵͳϣ һ⣬ ͨû취عرտͻ
Ψһİ취ͨն˸λ Ϊһ NFS ״ûа취
ȷ
취 Ϊ
FreeBSD ϵͳ䱸һܵġ õ̫
ȻҲа취ƹⲢõĽ
FreeBSD ϵͳ
ڿͻҽʱ Ӧָ
FreeBSD ϵͳ ͻ
Ӧ ЩѡͨڶӦ
fstab ĵĸֶμ룬
ԱÿͻܹԶعҽӣ ͨ &man.mount.8;
ֹҽʱָ
Ҫעһ⣬ ʱᱻΪǺһ⡣
NFS Ϳͻڲͬʱ һҪ
ȷ ·ȷʵѱ UDP
Ϣ·ɵĿĵأ ʲôҲˡ
У fastws
(ӿ) ֣ һ̨ܵնˣ
freebox һ̨ (ӿ) ֣
һʹýϵ̫ܵ FreeBSD ϵͳ ͬʱ
/sharedfs Ϊ NFS
ļϵͳ (μ &man.exports.5;)
/project
ǿͻϹҽһļϵͳĹҽӵ㡣 еӦóУ
ע⸽ѡ
Լ ӦҪġ
FreeBSD ϵͳ (freebox)
Ϊͻʾ /etc/fstab ļ
freebox ֮ϣ
fastws:/sharedfs /project nfs rw,-r=1024 0 0
freebox ֹҽӣ
&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /project
FreeBSD ϵͳΪӣ fastws ϵ
/etc/fstab
freebox:/sharedfs /project nfs rw,-w=1024 0 0
fastws ֹҽӵǣ
&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /project
е 16-λ ̫
ܹûдߴƵ
Щĵʲôˣ ʧηĽͣ
ͬʱҲ˵Ϊʲôһָ⡣ £
NFS ʹһ
Ϊλв ߴ
8 K (ȻܻὫֳɸСߴķƬ)
̫ߴԼ 1500 ֽڣ
NFS
ֳɶ̫
Ȼڸ߲Ĵ뿴ȻһĵԪ
ڽշװ Ϊһ
ȷ ܵĹվ
Խ NFS ԪİѸٷ 쵽ȡ
СĿϣ İͬһԪڵĽİ
Ԫؽȷϡ ǣ
վʱԣ Ȼ 8 K Ԫ
һֹ̽ظȥ
Ԫߴ̫ߴ֮£
Ǿܹȷÿһ̫ܹؽպȷϣ
ӶΡ
ڸܹվݿͶ PC ϵͳʱԻᷢ
ڸõϣ ܹ֤ÿһ NFS
Ԫ
϶ ʱ
ӰĵԪش ʱкܴĻȷա
飬 ȷϡ
Bill
Swingle
Written by
Eric
Ogren
Enhanced by
Udo
Erdelhoff
Ϣ (NIS/YP)
ʲô
NIS
Solaris
HP-UX
AIX
Linux
NetBSD
OpenBSD
NIS
ʾϢ (Network Information Services)
Sun Microsystems &unix;
( &sunos;) ϵͳļй Ŀǰ
ѾΪҵ &unix; ϵͳ
(&solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, FreeBSD,
ȵ) ֧ NIS
ҳ (yellow pages)NIS
NIS
Ҳ֪Ļҳ(Yellow Pages) ̱⣬
Sun Ϊڵ֡ ɵ (Լ yp)
ȻԿ 㷺ʹá
NIS
һ RPC Ŀͻ/ϵͳ
һ NIS еһһϵļ
ϵͳԱͿֻݵ NIS ͻϵͳ
ڵӡ ɾݡ
Windows NT
ʵֵڲϸڽȻͬ &windowsnt; ϵͳdzƣ
ڿԽߵĻȡ
Ӧ֪ͽ
һϵҪû̽ FreeBSD
ʵ NIS ʱõ ڴ
NIS Ϊ NIS ͻ
rpcbind
portmap
˵
NIS
NIS ͻ
(ӷ) ʹͬһ NIS
&windowsnt; ƣ NIS
DNS ء
rpcbind
ܹ
RPC (Զ̵̹ã NIS
õһЭ) û
rpcbind
ûа취 NIS
Ϊ NIS ͻ
ypbind
(bind)
NIS ͻ NIS
ϡ ϵͳлȡ NIS
ʹ RPC ӵϡ
ypbind NIS У
ͻ-ͨѶĺģ ͻϵ
ypbind Ļ
NIS
ypserv
ֻӦ NIS NIS ķ̡
&man.ypserv.8; Ļ
پӦ NIS (ʱ
дӷĻ ӹܲ) һЩ NIS
ʵ ( FreeBSD ) Ŀͻϣ
֮ǰùһ ̨Ļ
ӵһ ͨ
ʱ Ψһİ취
(ߣ ) ͻϵ
ypbind ̡
rpc.yppasswdd
һֻӦ
NIS еḶ̌ һ
NIS ͻıǵ NIS
û û¼ NIS
ϣ Ŀ
ιģ
NIS У ͵
ӷ Լͻ
dz䵱Ϣݿ⡣
ϱЩϢȨ
ӷDZЩϢั
ͻڷṩЩϢ
ļϢַͨʽ
ͨ£ master.passwd
group Լ hosts
ͨ NIS ַġ ʲôʱ
ͻϵijЩӦڱصļеϵʱ
NIS ʹñصİ汾
-
- NIS
-
-
- һ̨ NIS
+ һ̨ NIS NIS
̨ &windowsnt; ƣ
ά NIS ͻʹõļ passwd
group Լ NIS
ͻʹõļ ŵϡ
Խһ̨ NIS ڶ NIS С
Ȼ 鲻ýнܣ
Ϊã ֻͨСģ NIS С
-
- NIS
- ӷ
-
-
- NIS ӷ һ
+ NIS ӷNISӷ һ
&windowsnt; ıơ NIS ӷ
ά NIS ļ
NIS ӷṩһ࣬
ҪĻDZġ ⣬
Ҳĸɣ NIS
ͻǹҽӵӦǵ NIS ϣ
ҲԴӷӦ
-
- NIS
- ͻ
-
-
- NIS ͻ NIS ͻ
+ NIS ͻNISͻ NIS ͻ
Ͷ &windowsnt; վƣ ͨ
NIS ( &windowsnt; վ
&windowsnt; ) ɵ¼ʱ̡֤
ʹ NIS/YP
һڽͨʵ NIS
滮
ٶڹѧеһСʵҡ ʵУ
15 ̨ FreeBSD ĿǰûмеĹ㣻
ÿһ̨Լ
/etc/passwd
/etc/master.passwd
Щļͨ˹Ԥķϰ汾ͬ
Ŀǰ ʵһû ò 15
ִֹ̨ adduser
ӹɣ һ״ı䣬
ʵתΪʹ NIS
ʹ̨Ϊ
ˣ ʵҵӦģ
IP ַ
Ľɫ
ellington
10.0.0.2
NIS
coltrane
10.0.0.3
NIS ӷ
basie
10.0.0.4
Ավ
bird
10.0.0.5
ͻ
cli[1-11]
10.0.0.[6-17]
ͻ
״ NIS ϸ˼νй滮ʮҪ
ĴСΣ мߡ
ѡ NIS
NIS
ܲȥʹõ (domainname)
Ĺ淶Ľз Ӧ
NIS
ͻ㲥ԴϢʱ
Ὣ NIS Ϊһַ
ͳһϵĶ ܹ֪˭ӦûӦ
NIS ijַʽصһ֡
һЩѡʹǵ Internet
Ϊ NIS Ƽ Ϊڵʱ
ܻᵼ²Ҫš NIS ӦΨһģ
˽ĵһ Acme
˾ţ Կʹ
acme-art
NIS
У ʹõ
test-domain
SunOS
Ȼ ijЩϵͳ ( &sunos;)
ʹ NIS Ϊ Internet
ϴڰƵĻ
ʹ Internet Ϊ NIS
Ҫ
ѡ NIS ʱ ҪʱμһЩ
NIS һ̫õԾͻڷ̶ȡ
ͻ NIS ķϵ
̨ͨڲõ״̬ ȱûϢ
ʹϵͳݵĶ״̬ Ŀǣ
Ҫѡһ̨ ڿĻеΡ
粻̫æ ҲʹĻ NIS
ֻҪע⣬ һ NIS ã
NIS ͻܵӰ졣
NIS
е NIS Ϣ汾
һ̨ij NIS Ļϡ
ڱЩϢݿ⣬ Ϊ NIS ӳ(map)
FreeBSD У Щӳ䱻
/var/yp/[domainname]
[domainname] ṩ NIS
֡ һ̨ NIS ͬʱֶ֧
˿ԽܶĿ¼ ֧һӦһ
ÿһһӳ䡣
NIS ʹӷ ͨ ypserv
е NIS
ypserv ν NIS ͻ
ӳΪصݿļ·
Ȼݿݴؿͻ
NIS
NIS
NIS Զʮֵļ
岽ȡҪ FreeBSD
ṩһλ NIS ֧֡ Ҫȫ飬 ֻ
/etc/rc.conf мһЩã
FreeBSD ɡ
nisdomainname="test-domain"
һн () ʱ NIS Ϊ
test-domain
nis_server_enable="YES"
⽫Ҫ FreeBSD ϵͳ֮
NIS ̡
nis_yppasswdd_enable="YES"
⽫ rpc.yppasswdd
ǰᵽģ
ûڿͻԼ NIS
NIS õIJͬ ܻҪһЩĿ μ NIS ͬʱ䵱 NIS
ͻ һڣ ˽һ
úǰЩ֮ ҪԳû
/etc/netstart
/etc/rc.conf ϵͳе֡
ڳʼ NIS ӳ֮ǰ Ҫֹ
ypserv
&prompt.root; /etc/rc.d/ypserv start
ʼ NIS ӳ
NIS
ӳ
NIS ӳ һЩݿļ
λ /var/yp Ŀ¼С
Щļ϶Ǹ NIS /etc
Ŀ¼Զɵģ Ψһǣ
/etc/master.passwd ļ һ˵
зdzֵɲ root
ԼʺŵĿ NIS ϵķϡ
ˣ ڿʼʼ NIS ӳ֮ǰ Ӧã
&prompt.root; cp /etc/master.passwd /var/yp/master.passwd
&prompt.root; cd /var/yp
&prompt.root; vi master.passwd
ɾϵͳйصʺŶӦ (bin
tty kmem
games ȵ)
Լϣɢ NIS ͻʺ
( root κ UID 0
(û) ʺ)
ȷ
/var/yp/master.passwd ļͬû
Լûɶ (ģʽ 600) ҪĻ
chmod
Tru64 UNIX
Щ֮ ͿԳʼ
NIS ӳˣ FreeBSD ṩһΪ
ypinit Ľű (ϸϢ
ֲ) ע⣬ űھ &unix;
ϵͳ϶ҵ вϵͳĶṩ
Digital UNIX/Compaq Tru64 UNIX
ypsetup ɵ NIS
ӳ䣬 Ӧʹ ypinit
Ѿ裬
Ҫ NIS ӳ䣬 ִֻУ
ellington&prompt.root; ypinit -m test-domain
Server Type: MASTER Domain: test-domain
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
At this point, we have to construct a list of this domains YP servers.
rod.darktech.org is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
master server : ellington
next host to add: coltrane
next host to add: ^D
The current list of NIS servers looks like this:
ellington
coltrane
Is this correct? [y/n: y] y
[..output from map generation..]
NIS Map update completed.
ellington has been setup as an YP master server without any errors.
ypinit Ӧû
/var/yp/Makefile.dist
/var/yp/Makefile ļ
֮ ļٶڲֻ FreeBSD
ĵ NIS test-domain
һӷ ༭
/var/yp/Makefile
ellington&prompt.root; vi /var/yp/Makefile
ӦܹһУ
NOPUSH = "True"
(ûע͵Ļ)
NIS ӷ
NIS
ӷ
NIS ӷ Ҫ
¼ӷϣ ǰķ
༭ /etc/rc.conf ļ Ψһǣ
ypinit ʱҪʹ
ѡ ͬʱҪṩ NIS
֣ ǵӦǣ
coltrane&prompt.root; ypinit -s ellington test-domain
Server Type: SLAVE Domain: test-domain Master: ellington
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from ellington.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred
coltrane has been setup as an YP slave server without any errors.
Don't forget to update map ypservers on ellington.
Ӧûһ
/var/yp/test-domain Ŀ¼
Ŀ¼У Ӧñ NIS ϵӳĸ
ҪȷЩļʱͬˡ ڴӷϣ
/etc/crontab ȷһ㣺
20 * * * * root /usr/libexec/ypxfr passwd.byname
21 * * * * root /usr/libexec/ypxfr passwd.byuid
нǿƴӷӳͬ
᳢ȷ NIS ӳı䶯֪ӷ
ЩǾԱġ
ڱͻ˵ĿϢȷʮҪ ڴӷ
ǿƼȷָϵͳʱǿƸ¿ӳ䡣 ڷæԣ
һҪ Ϊʱܳӳ²ȫ
ڣ ڴӷִ /etc/netstart
Ϳ NIS ˡ
NIS ͻ
NIS ͻͨ
ypbind ض NIS
һֳϵ
ypbind ϵͳĬ
(ͨ domainname õ)
ʼڱϹ㲥 RPC Щָ
ypbind
Ѿ˷ Щӵ˹㲥 Ӧ
ypbind ¼ĵַ
жõķ (һ ϶ӷ)
ypbind ʹõһӦĵַ
һʱ̿ʼ ͻе NIS ֱӷǸ
ypbind ż ping
ȷȻС ںʱûеõӦ
ypbind Ϊδ ٴη㲥
ҵһ̨
NIS ͻ
NIS
ͻ
һ̨ FreeBSD Ϊ NIS ͻǷdzġ
༭ /etc/rc.conf ļ
м漸У NIS
ʱ ypbind
nisdomainname="test-domain"
nis_client_enable="YES"
Ҫ NIS еĿ
Ҫ
/etc/master.passwd ļɾû
ʹ
vipw ļһм룺
+:::::::::
һн NFS Ŀӳеʺܹ¼
Ҳкܶһ NIS ͻİ취
μԺ netgroups
С ˽һ
Ҫ˽Ϣ Բ O'Reilly
Managing NFS and NIS Ȿ顣
Ҫٱһʺ (ҲDzͨ NIS )
/etc/master.passwd ļУ
ʺӦ
wheel ijԱ NIS ⣬
ʺſԶ̵¼
Ϊ root ⡣
Ҫ NIS ϵϢ Ҫ
/etc/group ļĩβ룺
+:*::
Ҫ NIS ͻˣ ҪԳûִ
&prompt.root; /etc/netstart
&prompt.root; /etc/rc.d/ypbind start
Щ֮ Ӧÿͨ
ypcat passwd NIS Ŀӳˡ
NIS İȫ
ϣ κԶûԷһ RPC
&man.ypserv.8; NIS ӳݣ
Զû˽Ļ
ҪδȨķʣ &man.ypserv.8;
֧һΪ securenets
ԣ
ԽһضĻϡ У
&man.ypserv.8; ᳢Դ
/var/yp/securenets
м securenet Ϣ
·
ı䡣 ļһЩ
ÿһаһʶ룬 мÿոֿ
#
ͷлᱻΪע͡
ʾ securenets ļʾ
# allow connections from local host -- mandatory
127.0.0.1 255.255.255.255
# allow connections from any host
# on the 192.168.128.0 network
192.168.128.0 255.255.255.0
# allow connections from any host
# between 10.0.0.0 to 10.0.15.255
# this includes the machines in the testlab
10.0.0.0 255.255.240.0
&man.ypserv.8; ӵƥһĵַ
֮ ԣ ¼һϢ
/var/yp/securenets ļڣ
ypserv
ypserv Ҳ֧
Wietse Venema TCP Wrapper
Աܹʹ
TCP Wrapper ļ
/var/yp/securenets ɷʿơ
ַʿƻƶܹṩij̶ֳȵİȫ
ǣ Ȩ˿ڼһ
IP α
ķǽӦֹ
NIS йصķʡ
ʹ /var/yp/securenets ķ
ܻΪijЩʹó¾ɵ TCP/IP ʵֵ NIS ͻ
Щʵֿܻڹ㲥ʱ λΪ 0
ڼ㲥ַʱ롣
ЩͨĿͻ
һЩҲܵ²ò̭Щͻϵͳ
߲ʹ /var/yp/securenets
ʹó¾ɵ TCP/IP ʵֵϵͳϣ
ʹ /var/yp/securenets һdz
Ϊ⽫ϵ NIS ɥʧֹܡ
TCP Wrappers
ʹ TCP Wrapper
ᵼ NIS Ӧӳӡ
ӵӳ٣ ܻᵼ¿ͻ˳ʱ
رڷæߺ
NIS ϡ ijͻ˶һЩ쳣
ӦЩͻΪ NIS ӷ
ǿԼ
ijЩû¼
ǵʵУ basie ̨
һ̨ԱרõĹվ Dzϣ̨ó NIS
NIS ϵ passwd ļ
ͬʱ˽Աѧʺš ʱӦô
һְ취ֹضû¼ ʹ NIS ݿ֮С
Ҫһ ֻҪڿͻ /etc/master.passwd
ļмһЩ
-username
У username ϣֹ¼û
һƼʹ vipw
Ϊ vipw /etc/master.passwd
ļĽкϷԼ飬
ڱ༭ʱ¹ݿ⡣ 磬 ϣֹû
bill ¼
basie Ӧã
basie&prompt.root; vipw
[ĩβ -bill ˳]
vipw: rebuilding the database...
vipw: done
basie&prompt.root; cat /etc/master.passwd
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+:::::::::
-bill
basie&prompt.root;
Udo
Erdelhoff
Contributed by
ʹ Netgroups
netgroups
ǰһڽܵķ
ҪΪdzٵû/Ĺʱպϡ
ڸϣ
һ ǽֹijЩû¼еĻϣ
ߣ 뵥ÿһ̨ã NIS ҪԽԣ
ʽ
NIS ԱΪṩĽ
netgroups ǵú壬
ϿԵͬ &unix; ļϵͳʹõ顣
Ҫûֻ ID Լ netgroup
ͬʱû netgroup
Netgroups ġ ӵİûͻ硣
һ棬 òʱ һõĶ
һ棬 ĸʹͨdzӺѽ netgroup
ʲô һڵಿֵӽչʾ⡣
ʵгɹز NIS ˾Ȥ
ǽ NIS չ ԸУеһЩĻ
аû» Ҫ˵
û
˵
alpha, beta
IT ŵͨԱ
charlie, delta
IT ŵѧͽ
echo, foxtrott, golf, ...
ͨԱ
able, baker, ...
Ŀǰʵϰ
˵
war, death,
famine,
pollution
Ҫķ ֻ IT
ŵĹԱ¼Щ
pride, greed,
envy, wrath,
lust, sloth
̫Ҫķ IT ŵijԱ
Ե¼Щ
one, two,
three, four,
...
ͨվ ֻ
Ա¼Щ
trashcan
һ̨ؼݵľɻ
ʹʵϰ Ҳ¼
ͨһһֹûʵЩƣ
Ҫÿһϵͳ passwd ļУ
Ϊÿһ¼ϵͳûӶӦ
-user С
κһ Ϳܻ⡣ ڽгʼʱ
ȷҲʲô⣬ ոһյû
һ ΪûijС
Ͼ Murphy һֹ۵ˡ
ʹ netgroups һ״Դô
Ҫشÿһû Ըûһ netgroups
ݣ ֹijһ netgroup гԱ¼
µĻ ֻҪ netgroup ĵ¼ơ
û ҲֻҪûһ netgroup
Щ仯ģ Ҫ ÿһûͻִ
NIS þ˽Ĺ滮
ֻҪһļ ֹܹij̨Ȩˡ
һdzʼ NIS ӳ
netgroup FreeBSD &man.ypinit.8; Ĭ²ӳ䣬
NIS ʵܹڴӳ֮ṩ֧֡
Ҫӳ䣬
ellington&prompt.root; vi /var/yp/netgroup
ʼݡ ǵУ Ҫĸ nergruop
IT Ա IT ѧͽ ͨԱʵϰ
IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
USERS (,echo,test-domain) (,foxtrott,test-domain) \
(,golf,test-domain)
INTERNS (,able,test-domain) (,baker,test-domain)
IT_EMP, IT_APP ȵȣ
netgroup ֡ ÿһеУ
һЩûʺš еֶǣ
ЩܹʹЩ ָ
л϶Ч ָ
ɻ
netgroup ʺš
ʺŵ NIS Դ NIS
аʺŵ뵽 netgroup У
NIS Ļ
ÿһֶζͨ μ
&man.netgroup.5; ˽ϸڡ
netgroups
Netgroup һ˵Ӧ 8 ַ
رǵ NIS лϵͳʱ
ִСдģ ʹôдĸΪ netgroup ֣
ܹû netgroup ֡
ijЩ NIS ͻ (FreeBSD Щ) д
netgroup 磬 ijЩڰ汾 &sunos; netgroup
а 15 ʱ⡣
Ҫƹ⣬ Դ netgroupÿһа 15 û
Լһ netgroup netgroup
BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
BIGGRP2 (,joe16,domain) (,joe17,domain) [...]
BIGGRP3 (,joe31,domain) (,joe32,domain)
BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3
Ҫ 225 û ԼظĹ̡
ַµ NIS ӳdz
ellington&prompt.root; cd /var/yp
ellington&prompt.root; make
NIS ӳ䣬
netgroup
netgroup.byhost
netgroup.byuser &man.ypcat.1;
ԼЩ NIS ӳǷˣ
ellington&prompt.user; ypcat -k netgroup
ellington&prompt.user; ypcat -k netgroup.byhost
ellington&prompt.user; ypcat -k netgroup.byuser
һ
Ӧ /var/yp/netgroup
ڶ ûָרе netgroup
Ӧû
ʾijûӦ netgroup б
ͻҲܼ Ҫ÷
war ֻ
&man.vipw.8;
+:::::::::
Ϊ
+@IT_EMP:::::::::
ڣ ֻ netgroup
IT_EMP жûᱻ뵽
war ĿݿУ
ֻЩûܹ¼
Ҳ shell
~ Լûû ID
֮ʵʩתĺĹܡ ֮ cd
~user
ls -l Ҳʾֵ ID û
find . -user joe -print
ʧܣ No such user ĴϢ
Ҫ⣬ Ҫеû
ǵ¼
ͨ
/etc/master.passwd һɡ
еǣ
+:::::::::/sbin/nologin ˼
е shell 滻Ϊ
/sbin/nologin
ͨ /etc/master.passwd
Ĭֵ 滻
passwd еֶΡ
ȷ
+:::::::::/sbin/nologin һг
+@IT_EMP::::::::: ֮
д NIS ûʺŽ /sbin/nologin
Ϊ¼ shell
֮ IT Աʱ
ֻһ NIS ӳ㹻ˡ ҲƵķ
ڲ̫Ҫķϣ ǰذ汾 /etc/master.passwd
е +::::::::: Ϊ
+@IT_EMP:::::::::
+@IT_APP:::::::::
+:::::::::/sbin/nologin
صͨվӦǣ
+@IT_EMP:::::::::
+@USERS:::::::::
+:::::::::/sbin/nologin
һƽ£ ֱܺ һԷ˱仯
IT Ҳʼʵϰˡ IT ʵϰʹͨնˣ
Լ̫Ҫķ IT ѧͽ Ե¼
µ netgroup IT_INTERN Լµ IT
ʵϰ netgroup ʼÿһ̨ϵá
ϻ˵úãǣһ ȫ
NIS ͨ netgroup netgroup
ԱΡ һֿܵķǽڽɫ netgroup
磬 ԴΪ
BIGSRV netgroup ڶҪķϵĵ¼ƣ
ԼһΪ SMALLSRV netgroup
ԶҪķ Լ ͨվ netgroup
USERBOX netgroup еÿһ
¼Щϵ netgroup
NIS ӳеʾ
BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERS
ֶ¼Ƶķ
ܹ鲢ƵʱԹ൱á
ҵǣ ⣬ dz ʱ
Ҫȥ¼ơ
ص netgroup 壬 ǴԸĶһֿܵķ
ʱ ÿ̨ /etc/master.passwd У
+
ͷС һ¼ netgroup
ʺţ ڶʺţ shell
Ϊ /sbin/nologin ʹ ȫд
ĻΪ netgroup Ǹ⡣ ֮ ЩӦڣ
+@BOXNAME:::::::::
+:::::::::/sbin/nologin
һл϶ģ ҲҪıص
/etc/master.passwd ˡ
δĶ NIS ӳнС һӣ
չʾһӦ龰Ҫ netgroup ӳ䣬
ԼһЩõļɣ
# Define groups of users first
IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
DEPT1 (,echo,test-domain) (,foxtrott,test-domain)
DEPT2 (,golf,test-domain) (,hotel,test-domain)
DEPT3 (,india,test-domain) (,juliet,test-domain)
ITINTERN (,kilo,test-domain) (,lima,test-domain)
D_INTERNS (,able,test-domain) (,baker,test-domain)
#
# Now, define some groups based on roles
USERS DEPT1 DEPT2 DEPT3
BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERS
#
# And a groups for a special tasks
# Allow echo and golf to access our anti-virus-machine
SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain)
#
# machine-based netgroups
# Our main servers
WAR BIGSRV
FAMINE BIGSRV
# User india needs access to this server
POLLUTION BIGSRV (,india,test-domain)
#
# This one is really important and needs more access restrictions
DEATH IT_EMP
#
# The anti-virus-machine mentioned above
ONE SECURITY
#
# Restrict a machine to a single user
TWO (,hotel,test-domain)
# [...more groups to follow]
ʹijݿʺţ
Ӧÿʹݿı湤ӳĵһ֡
ûԶؿԷЩˡ
ѣ ʹûڻ netgroup õġ
ΪѧʵҲʮ̨ϰ̨ͬĻ
Ӧʹûڽɫ netgroup ǻڻ netgroup
Ա NIS ӳijߴ籣һķΧڡ
Ҫμǵ
һЩʹ NIS ʱҪעĵط
ÿҪʵûʱ
ֻ NIS ϼû
һҪǵؽ NIS ӳ
û¼ NIS
֮κ 磬 Ҫʵû
jsmith Ҫ
&prompt.root; pw useradd jsmith
&prompt.root; cd /var/yp
&prompt.root; make test-domain
Ҳ adduser jsmith
pw useradd jsmith.
õʺų
NIS ӳ֮ һ˵
ϣЩʺźͿɢЩӦʹǵûĻϡ
ȷ NIS ʹӷİȫ
ܼͣʱ
˹عرЩ
ʵҵҲ¼ˡ
ǼʽϵͳĻڡ
ûб NIS дŭûҪԸˣ
NIS v1
FreeBSD ypserv ṩijЩΪ NIS v1
ͻṩ֧ FreeBSD NIS ʵ֣
ֻʹ NIS v2 Э飬 ʵֿܻ v1 Э飬
ṩԾϵͳ¼ Щϵͳṩ
ypbind ȳ NIS v1
ʹDzҪ (Щܻһֱ㲥
ʹѾij̨ v2 õ˻ӦҲ)
ע⣬ ֧һĿͻã 汾
ypserv ܴ v1 ӳ䴫
Ͳ֧ v1 Э NIS ʹã
ΪǴӷ ˵ǣ
ֽӦѾûȻõķˡ
ͬʱΪ NIS ͻ NIS
ڶĻУ ͬʱΪ NIS ͻ
ypserv ʱҪرСġ
һ˵ ǿƷԼҪǹ㲥Ҫã
Ϊǿܻ ijЩĹϣ
ܿijһ̨ͣ µġ
գ еĿͻᳬʱ
ӳٿܻ൱ɹۣ
һָ֮Ȼٴη
ǿһ̨ضķ ͨ
ypbind
ɵġ ϣÿ NIS ʱֹ
/etc/rc.conf м룺
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S NIS domain,server"
μ &man.ypbind.8; ˽
ʽ
NIS
ʽ
ʵ NIS ʱ ʽļһΪ⡣
NIS ʹ DES ܿ ֻ֧ʹ DES
Ŀͻ 磬
&solaris; NIS ͻ ϶Ҫʹ DES ܿ
ҪķͿͻʹõĿʽ
Ҫ鿴 /etc/login.conf
Ϊʹ DES ܵĿ
default class
default:\
:passwd_format=des:\
:copyright=/etc/COPYRIGHT:\
[Further entries elided]
һЩܵ passwd_format
blf md5
(ֱӦ Blowfish MD5 ܿ)
/etc/login.conf ͱؽ¼ݿ⣬
ͨ
root ijɵģ
&prompt.root; cap_mkdb /etc/login.conf
Ѿ
/etc/master.passwd еĿĸʽᱻ£
ֱûڵ¼ݿؽ
֮ ״ĿΪֹ
ΪȷеĿѡĸʽˣ
Ҫ /etc/auth.conf
crypt_default ѡĿʽ
Ҫɴ˹ ѡĸʽŵбĵһ 磬
ʹ DES ܵĿʱ ӦӦΪ
crypt_default = des blf md5
ÿһ̨ &os; NIS Ϳͻ֮
ͿԿ϶ǶʹͬĿʽˡ NIS
ͻ֤ʱ⣬ Ҳǵһܳĵط
ע⣺ ϣڻϵϲ NIS
ܾҪϵͳ϶ʹ DES
Ϊϵͳֵܹ֧ȵĹ
Greg
Sutter
Written by
Զ (DHCP)
ʲô DHCP
̬Э
DHCP
Internet Systems Consortium (ISC)
DHCP ̬Э飬 һϵͳӵϣ
ȡҪòֶΡ FreeBSD ʹ OpenBSD 3.7
OpenBSD dhclient
ṩй dhclient Ϣ
ISC OpenBSD DHCP ͻ˳Ϊġ DHCP
ISC һ֡
һڶЩ
һ ISC DHCP ϵͳеĿͻˣ
Լ ISC DHCP ϵͳеķ˵
ͻ˳ dhclient
FreeBSD Ϊһṩģ ֣
ͨ net/isc-dhcp31-server port õ
&man.dhclient.8; &man.dhcp-options.5; Լ
&man.dhclient.conf.5; ֲᣬ ܵIJοף
ǷdzõԴ
ι
UDP
DHCP ͻ dhclient
ڿͻʱ Ὺʼ㲥ϢϢ Ĭ£
Щ UDP ˿ 68 ϡ ͨ UDP 67
Ӧ ͻṩһ IP ַ Լйصò
롢 · Լ DNS
ЩϢ DHCP
lease
ʽ ֻһضʱЧ
( DHCP άõ)
ЩѾϿĿͻʹõij¾ɵ IP ַܱԶػˡ
DHCP ͻԴӷ˻ȡϢ
ܻõϢϸб ο
&man.dhcp-options.5;
FreeBSD
&os; ȫؼ OpenBSD DHCP ͻˣ
dhclient
DHCP ͻ֧ڰװͻϵͳоṩ
ʹҪȥ˽ЩѾ DHCP ľò
sysinstall
sysinstall ܹ֧ DHCP
sysinstall ӿʱ
ѯʵĵڶǣ Do you want to try DHCP configuration of
the interface? (Ƿϣڴ˽ӿϳ DHCP ?)
϶Ļش dhclient
һɹ ԶдϢ
Ҫϵͳʱʹ DHCP £
DHCP
ںУ bpf
豸 Ҫ Ҫ
device bpf ӵں˵ıļУ ±ںˡ
Ҫ˽ڱں˵ĽһϢ μ bpf
豸Ѿ FreeBSD аĬϵ GENERIC
ں˵һˣ ûжں˽жƣ
ôһµںļ DHCP ܹˡ
Щȫʶǿ˵
Ӧ֪ bpf
Ҳǰܹȷ֮һ (Ȼ
ǻҪ
root в) bpf
ʹ DHCP ģ
ȫdzУ
ܻܿɲ bpf
뵽ںУ ֱҪʹ DHCP
Ϊֹ
༭ /etc/rc.conf ã
ifconfig_fxp0="DHCP"
ؽ fxp0
滻ΪϣԶõӿڵ֣
ҵһĽܡ
ϣʹһλõ
dhclient
Ҫ dhclient
(Ҫ)
dhclient_program="/sbin/dhclient"
dhclient_flags=""
DHCP
DHCP dhcpd
Ϊ net/isc-dhcp31-server port һṩġ
port ISC DHCP ĵ
ļ
DHCP
ļ
/etc/dhclient.conf
dhclient Ҫһļ
/etc/dhclient.conf һ˵
ļֻעͣ Ĭֵ϶Ǻġ
ļ &man.dhclient.conf.5; ֲн˽һIJ
/sbin/dhclient
dhclient һ̬ģ
װ /sbin С &man.dhclient.8;
ֲ˹
dhclient Ľһϸڡ
/sbin/dhclient-script
dhclient-script һ FreeBSD רõ
DHCP ͻýű
&man.dhclient-script.8; ж
һ˵ ûҪκģ
ܹһתˡ
/var/db/dhclient.leases
DHCP ͻάһݿЧ lease
DZ־ʽ浽ļС &man.dhclient.leases.5;
˸ΪϸµĽܡ
DHCP Э
RFC 2131
ϢԴվ
Ҳṩ꾡ϡ
װ DHCP
һ°Щ
һṩ˹ FreeBSD ϵͳʹ ISC
(Internet ϵͳЭ) DHCP ʵ DHCP Ϣ
DHCP еķֲûΪ FreeBSD һṩ
Ҫװ
net/isc-dhcp31-server
port ṩ μ
˽ʹ Ports Collection Ľһ顣
װ DHCP
DHCP
װ
Ϊ FreeBSD ϵͳϽԱΪ DHCP ʹã
Ҫ &man.bpf.4; 豸ںˡ Ҫ Ҫ
device bpf 뵽ںļУ
ںˡ Ҫõں˵ĽһϢ μ
bpf 豸 FreeBSD
GENERIC ںѾ
ҪΪ DHCP رضںˡ
нǿİȫʶ Ӧע
bpf ͬʱҲܹȷ豸
(ȻҪȨû)
bpf
ʹ DHCP ģ
ȫdzУ ܻϣ
bpf Žںˣ
ֱΪ DHCP DZΪֹ
ҪDZ༭ʾ
dhcpd.conf
net/isc-dhcp31-server port
װ Ĭ£ Ӧ
/usr/local/etc/dhcpd.conf.sample
ڿʼ֮ǰ ҪΪ
/usr/local/etc/dhcpd.conf
DHCP
DHCP
dhcpd.conf
dhcpd.conf һϵйĶ壬
ӿ
option domain-name "example.com";
option domain-name-servers 192.168.4.100;
option subnet-mask 255.255.255.0;
default-lease-time 3600;
max-lease-time 86400;
ddns-update-style none;
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.129 192.168.4.254;
option routers 192.168.4.1;
}
host mailhost {
hardware ethernet 02:03:04:05:06:07;
fixed-address mailhost.example.com;
}
ѡָṩͻΪĬ ο
&man.resolv.conf.5; ˽һ顣
ѡָһͻʹõ DNS
֮Զŷָ
ṩͻ롣
ͻԼЧڣ ûУ
ָһԼЧڣ Ҳֵ (λ)
Ƿַʱ
ͻ˸ڣ õһַ
ڽ max-lease-time 롣
ѡָ DHCP һַܻͷʱǷӦӦԸ
DNS ISC ʵУ һѡ ָ
ַָпͻ IP ַΧ
Χ֮䣬 Լ߽ IP ַͻ
ͻĬء
Ӳ MAC ַ ( DHCP
ܹڽӵʱ֪)
ָǵõͬһ IP ַ
עڴ˴ʹǶԵģ Ϊ DHCP
ڷַϢ֮ǰн
ƺ
dhcpd.conf ֮ Ӧ
/etc/rc.conf DHCP
Ҳӣ
dhcpd_enable="YES"
dhcpd_ifaces="dc0"
˴ dc0 ӿӦΪ DHCP
Ҫ DHCP ͻĽӿ (ж ÿոֿ)
&prompt.root; /usr/local/etc/rc.d/isc-dhcpd start
δҪķã μǷ
SIGHUP źŸ
dhcpd
ļ¼أ DZȽձԼ
Ҫ SIGTERM ẓֹ́ͣ
Ȼʹ
ļ
DHCP
ļ
/usr/local/sbin/dhcpd
dhcpd Ǿ̬ӵģ װ
/usr/local/sbin С port װ
&man.dhcpd.8; ֲṩ˹
dhcpd Ϊ꾡Ϣ
/usr/local/etc/dhcpd.conf
dhcpd Ҫļ
/usr/local/etc/dhcpd.conf
ܹͻṩ ļҪӦṩͻϢ
ԼڷеϢ ļϸ port
װ &man.dhcpd.conf.5; ֲҵ
/var/db/dhcpd.leases
DHCP άһǩõַݿ⣬
ļУ ļ־ʽġ
port װ
&man.dhcpd.leases.5; ֲṩ˸ϸ
/usr/local/sbin/dhcrelay
dhcrelay ڸΪӵĻУ
֧ʹ DHCP תһϵ
DHCP Ҫܣ Ҫװ net/isc-dhcp31-relay port
&man.dhcrelay.8; ֲṩ˸Ϊ꾡Ľܡ
Chern
Lee
Contributed by
Tom
Rhodes
Daniel
Gerzo
ϵͳ (DNS)
BIND
&os; Ĭʹһ汾 BIND (Berkeley
Internet Name Domain) ĿǰΪе DNS Эʵ֡
DNS һЭ飬 ͨͬ IP ַӦ
磬 ѯ www.FreeBSD.org
õ &os; Project web IP ַ ѯ ftp.FreeBSD.org õӦ FTP
IP ַ Ƶأ Ҳ෴顣 ѯ IP
ַԵõ Ȼ DNS
ѯҪϵͳ
Ŀǰ Ĭ&os; ʹõ BIND9
DNS ڽϵͳеİ汾ṩǿİȫԡ
µļĿ¼ṹ ԼԶ &man.chroot.8; á
DNS
Internet ϵ DNS ͨһΪӵȨϵͳ
(TLD) ԼһϵСģģ
ṩϢлɵġ
Ŀǰ BIND
Internet Systems Consortium
ά
Ҫĵ Ҫ˽һЩص
DNS
resolver ()
reverse DNS ( DNS)
root zone ()
DNS
ӳ䵽 IP ַ
ԭ (Origin)
ʾضļڵ
named, BIND
&os; BIND ijз
(Resolver)
ѯϢһϵͳ
DNS
IP ַӳΪ
Internet ε㡣 еڸ֮£
ļϵͳУ ļڸĿ¼֮
(Zone)
ͬһ DNS һ֡
ӣ
. ڱĵָͨ
org. Ǹ֮µһ
(TLD)
example.org.
org.
TLD ֮µһ
1.168.192.in-addr.arpa һʾ
192.168.1.*
IP ַռ IP
ַ
ԽϸڵIJֻԽ֡ 磬 example.org. ͱ
org. ΧС Ƶ org. ֱȸС
ֵĸļϵͳʮƣ
/dev Ŀ¼ڸĿ¼֮£ ȵȡ
ͨʽ Ȩ
Լ
ҪȨ
Ҫȫṩ DNS Ϣ
ȨӦ
ע example.org
Ҫ IP ָµϡ
ij IP ַҪ
DNS (IP )
ݷ ˵Ĵ (slave)
ʱӦѯ
Ҫл
ص DNS ܹ棬
ֱصõӦ
˲ѯ www.FreeBSD.org ʱͨϼ
ISP ûӦ бصĻ
DNS ѯֻڵһα DNS
ⲿ硣 IJѯᷢ⣬
ΪѾڱصĻˡ
DNS
&os; У BIND Ϊ
named
ļ
&man.named.8;
BIND
&man.rndc.8;
Ƴ
/etc/namedb
BIND Ϣλá
/etc/namedb/named.conf
ļ
ڷõʲͬ
Ķļһŵ
/etc/namedb Ŀ¼е master slave dynamic Ŀ¼С
ЩļṩӦѯʱҪ DNS Ϣ
BIND
BIND
starting ()
BIND Ĭϰװģ ԶԺܼ
Ĭϵ named ã
&man.chroot.8; ṩ
ֻڼ IPv4 ػַ (127.0.0.1)
ϣһã ʹ
&prompt.root; /etc/rc.d/named onestart
ϣ named
ÿʱܹ Ҫ
/etc/rc.conf м룺
named_enable="YES"
Ȼ ĵܵѡ֮⣬
/etc/namedb/named.conf лкܶѡ
Ҫ˽ &os; named
ЩѡĻ Բ鿴
/etc/defaults/rc.conf е
named_* ο
&man.rc.conf.5; ֲᡣ ֮⣬
Ҳһ㡣
ļ
BIND
configuration files (ļ)
Ŀǰ named ļ
/etc/namedb Ŀ¼
ʹǰӦҪģ
ֻɼ
Ŀ¼ͬʱҲоõĵط
/etc/namedb/named.conf
// $FreeBSD$
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer. Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
// forward only;
// If you wish to have forwarding configured automatically based on
// the entries in /etc/resolv.conf, uncomment the following line and
// set named_auto_forward=yes in /etc/rc.conf. You can also enable
// named_auto_forward_only (the effect of which is described above).
// include "/etc/namedb/auto_forward.conf";
עԣ ϣϼ棬
ڴ˴ forwarders
£ زѯ
Internet ҵض ֱõΪֹ
ѡȲѯϼ (ṩ)
ӶǵĻеõ ϼһæĸ
ڸƷƷʡ
127.0.0.1
һҪѵַΪϼ IP ַ
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users are strongly encouraged to utilize
this feature, and to configure their firewalls to accommodate it.
AS A LAST RESORT in order to get around a restrictive firewall
policy you can try enabling the option below. Use of this option
will significantly reduce your ability to withstand cache poisoning
attacks, and should be avoided if at all possible.
Replace NNNNN in the example with a number between 49160 and 65530.
*/
// query-source address * port NNNNN;
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "named.root"; };
/* Slaving the following zones from the root name servers has some
significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
3. Greater resilience to any potential root server failure/DDoS
On the other hand, this method requires more monitoring than the
hints file to be sure that an unexpected failure mode has not
incapacitated your server. Name servers that are serving a lot
of clients will benefit more from this approach than individual
hosts. Use with caution.
To use this mechanism, uncomment the entries below, and comment
the hint zone above.
*/
/*
zone "." {
type slave;
file "slave/root.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
zone "arpa" {
type slave;
file "slave/arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
zone "in-addr.arpa" {
type slave;
file "slave/in-addr.arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
notify no;
};
*/
/* Serving the following zones locally will prevent any queries
for these zones leaving your network and going to the root
name servers. This has two significant advantages:
1. Faster local resolution for your users
2. No spurious traffic will be sent from your network to the roots
*/
// RFC 1912
zone "localhost" { type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address
zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; };
// "This" Network (RFCs 1912 and 3330)
zone "0.in-addr.arpa" { type master; file "master/empty.db"; };
// Private Use Networks (RFC 1918)
zone "10.in-addr.arpa" { type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
// Link-local/APIPA (RFCs 3330 and 3927)
zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; };
// TEST-NET for Documentation (RFC 3330)
zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; };
// Router Benchmark Testing (RFC 3330)
zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; };
// IANA Reserved - Old Class E Space
zone "240.in-addr.arpa" { type master; file "master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.ip6.arpa" { type master; file "master/empty.db"; };
zone "8.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.ip6.arpa" { type master; file "master/empty.db"; };
zone "c.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.ip6.arpa" { type master; file "master/empty.db"; };
zone "e.ip6.arpa" { type master; file "master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; };
// IPv6 ULA (RFC 4193)
zone "c.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file "master/empty.db"; };
// IPv6 Link Local (RFC 4291)
zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFC 3879)
zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" { type master; file "master/empty.db"; };
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries. It can be convenient to become
// a slave at least for the zone your own domain is in. Ask
// your network administrator for the IP address of the responsible
// master name server.
//
// Do not forget to include the reverse lookup zone!
// This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
//
// Before starting to set up a master zone, make sure you fully
// understand how DNS and BIND work. There are sometimes
// non-obvious pitfalls. Setting up a slave zone is usually simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
/* An example dynamic zone
key "exampleorgkey" {
algorithm hmac-md5;
secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
type master;
allow-update {
key "exampleorgkey";
};
file "dynamic/example.org";
};
*/
/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
type slave;
file "slave/1.168.192.in-addr.arpa";
masters {
192.168.1.1;
};
};
*/
named.conf У
˴תͷӡ
ͱ named.conf мӦĿ
磬
example.org ļ
zone "example.org" {
type master;
file "master/example.org";
};
ʾ
һ Ϣ
/etc/namedb/master/example.org
У ʾ
zone "example.org" {
type slave;
file "slave/example.org";
};
ڴУ ָϢݹ
浽ӦļС ɴʱ
һݿõϢ Ӷܹṩ
ļ
BIND
zone files (ļ)
չʾ example.org ļ (
/etc/namedb/master/example.org)
$TTL 3600 ; 1 hour default TTL
example.org. IN SOA ns1.example.org. admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ; Negative Reponse TTL
)
; DNS Servers
IN NS ns1.example.org.
IN NS ns2.example.org.
; MX Records
IN MX 10 mx.example.org.
IN MX 20 mail.example.org.
IN A 192.168.1.1
; Machine Names
localhost IN A 127.0.0.1
ns1 IN A 192.168.1.2
ns2 IN A 192.168.1.3
mx IN A 192.168.1.4
mail IN A 192.168.1.5
; Aliases
www IN CNAME example.org.
ע .
βȫ βû
.
ԭ 磬
ns1 תΪ
ns1.example.org.
Ϣļĸʽ£
¼ IN ¼ ֵ
DNS
¼
õ DNS ¼
SOA
Ȩʼ
NS
Ȩ
A
ַ
CNAME
Ӧ
MX
ʼݷ
PTR
ָ (ڷ DNS)
example.org. IN SOA ns1.example.org. admin.example.org. (
2006051501 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
300 ) ; Negative Reponse TTL
example.org.
ͬʱҲϢļԭ㡣
ns1.example.org.
/Ȩ
admin.example.org.
ĸ˵ĵʼַ
@
Ҫ (admin@example.org Ӧ
admin.example.org)
2006051501
ļš ÿļʱ֡
ֽ Աῼʹ
yyyymmddrr ĸʽʾš
2006051501 ͨʾϴ
05/15/2006
01 ʾĵһġ
ŷdzҪ ֪ͨݡ
IN NS ns1.example.org.
һ NS ÿṩȨӦķһӦ
localhost IN A 127.0.0.1
ns1 IN A 192.168.1.2
ns2 IN A 192.168.1.3
mx IN A 192.168.1.4
mail IN A 192.168.1.5
A ¼ָ˻ ǰģ
ns1.example.org Ϊ
192.168.1.2
IN A 192.168.1.1
һаѵǰԭ example.org
ָΪʹ IP ַ
192.168.1.1
www IN CNAME @
(CNAME) ¼ͨΪijָ̨
У www
ָ
һ
ߵ
example.org
(192.168.1.1) ͬ
CNAME ֵ֮ͬͬκ¼档
MX ¼
IN MX 10 mail.example.org.
MX ¼ʾĸʼշʼ
mail.example.org ʼ
10 ȼ
ж̨ʼ ȼֱ 10
20 ȵȡ example.org Ͷʼķ
ȳȼߵ MX (ȼֵСļ¼)
ųԴθߵģ ظһֱʼݴΪֹ
in-addr.arpa Ϣļ ( DNS) õĸʽͬģ
ֻ PTR A CNAME λá
$TTL 3600
1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
2006051501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ) ; Negative Reponse TTL
IN NS ns1.example.org.
IN NS ns2.example.org.
1 IN PTR example.org.
2 IN PTR ns1.example.org.
3 IN PTR ns2.example.org.
4 IN PTR mx.example.org.
5 IN PTR mail.example.org.
ļ IP ַӳϵ
Ҫ˵ǣ PTR ¼Ҳֱȫ
(ҲDZ .
)
BIND
һҪеݹѯɫ
нвѯ ѯסԱʹá
ȫ
BIND Ϊõ DNS ʵ֣ һЩȫ⡣
ʱ˷һЩܵõİȫ©
&os; Զ
named ŵ &man.chroot.8;
У һЩõİȫDZڵ
DNS Ĺ
Ķ CERT İȫ棬
the &a.security-notifications; һڰ˽
Internet &os; ȫĺϰߡ
⣬ ȷԴµģ
һ named пܻ
һĶ
BIND/named ֲ
&man.rndc.8; &man.named.8; &man.named.conf.5;
ٷ ISC BIND
ҳ
Official ISC BIND
Forum
O'Reilly
DNS BIND 5
RFC1034
- -
RFC1035
- - ʵּ
Murray
Stokely
Contributed by
Apache HTTP
web
Apache
&os; ȫΪæ web վ㡣
Internet ϵ web
ʹ Apache HTTP
Apache FreeBSD
װҵ û״ΰװʱװ
Apache ͨ www/apache13 www/apache22 port װ
һɹذװ Apache
ͱá
һڽ 1.3.X 汾
Apache HTTP ã
Ϊ &os; һͬʹõİ汾
Apache 2.X ˺ܶ¼
ڴ˲ۡ Ҫ˽ Apache 2.X
ĸϣ μ
Apache
ļ
Ҫ Apache HTTP Server ļ
&os; ϻᰲװΪ
/usr/local/etc/apache/httpd.conf
һ͵ &unix; ıļ ʹ #
Ϊעͷ ȫѡ꾡ܳ˱ķΧ
ォֻĵЩ
ServerRoot "/usr/local"
ָ Apache
װĶĿ¼ ִļŵĿ¼ (server root)
bin
sbin Ŀ¼У
ļλ
etc/apache
ServerAdmin you@your.address
ַڷʱӦ͵ʼĵַ
ڷɵҳϣ ҳ档
ServerName www.example.com
ServerName ÷ͻؿͻ˵
ķûԱַ (磬 ʹ www
ʵ)
DocumentRoot "/usr/local/www/data"
DocumentRoot Ŀ¼ĵڵĿ¼
Ĭ£ еλȥȡ
ҲͨӺͱָλá
֮ǰ
Apache ļԶһϰߡ
һԳʼˣ ͿԿʼ Apache ˡ
Apache
Apache
ֹͣ
ͬ Apache
inetd С
һ»Ϊһķ ڿͻ web
HTTP ʱ ܹøõܡ ṩһ shell
űʹ ֹͣþܵؼ
״ Apache
ִֻУ
&prompt.root; /usr/local/sbin/apachectl start
κʱʹֹͣ
&prompt.root; /usr/local/sbin/apachectl stop
ijԭļ֮ Ҫ
&prompt.root; /usr/local/sbin/apachectl restart
Ҫ Apache ʱжϵǰӣ
ӦУ
&prompt.root; /usr/local/sbin/apachectl graceful
Ϣ
&man.apachectl.8; ֲҵ
Ҫϵͳʱ Apache Ӧ
/etc/rc.conf м룺
apache_enable="YES"
߶Apache 2.2
apache22_enable="YES"
ϣϵͳʱ Apache
httpd ָһЩѡ
мӵ
rc.conf
apache_flags=""
web Ϳʼˣ ʹ web
http://localhost/ Ĭʾ web ҳ
/usr/local/www/data/index.html
Apache ֲ֧ͬ͵
һַǻֵ ֵʹÿͻ
HTTP/1.1 ͷ ʹòͬԹͬһ IP ַ
Ҫ Apache ʹûֵ
Ҫӵ httpd.conf У
NameVirtualHost *
web www.domain.tld
ϣһ
www.someotherdomain.tld
Ӧ
httpd.conf м룺
<VirtualHost *>
ServerName www.domain.tld
DocumentRoot /www/domain.tld
</VirtualHost>
<VirtualHost *>
ServerName www.someotherdomain.tld
DocumentRoot /www/someotherdomain.tld
</VirtualHost>
Ҫĵַĵ·ΪʹõЩ
Ҫ˽ĸϢ
οٷ Apache ĵ Щĵ ҵ
Apache ģ
Apache
ģ
ͬ Apache ģ飬
ǿڻķṩӵĹܡ FreeBSD
Ports Collection Ϊװ
Apache
ͳõĸģṩ˷dzķ
mod_ssl
web
ȫ
SSL
ѧ
mod_ssl ģʹ OpenSSL ⣬
ṩͨ ȫֲ (SSL v2/v3) 㰲ȫ (TLS v1)
Эǿ
ģṩ˴ijһŵ֤ǩǩ֤йߣ
Խ &os; аȫ web
δװ
Apache ҲֱӰװһݰ
mod_ssl İ汾
Apache
1.3.X ䷽ͨ www/apache13-modssl port С SSL
֧ѾΪ Apache 2.X һṩ
ͨ
www/apache22 port װߡ
ApacheһЩҪĽűԶӦģ顣
Щģʹȫʹijֽűд
Apache ģΪܡ
ͨҲǶ뵽ΪһפڴĽ
ԱһⲿһڽĶ̬վʱԴϵĿ
̬վ
web servers
dynamic
ڹȥʮԽԽҵΪͱʶת˻
Ҳͬʱ˶ڻҳݵЩ˾ µsoft;
Ƴ˻רвƷĽԴҲ˻ĻӦ
Ƚʱеѡ DjangoRuby on Rails
mod_perl, and
mod_php.
Django
Python
Django
Django һ BSD ֤ framework
ÿ߿дܸƷʵ web Ӧó
ṩһϵӳͿԱ Python
еĶһḻĶ̬ݿ API
ʹ߱д SQL 䡣ͬʱṩ˿չģϵͳ
Ӧó HTML ıֲ롣
Django mod_python
Apache, һѡ SQL
ݿ档 һЩǡı־FreeBSD Port
ϵͳ㰲װЩ⡣
װ DjangoApache2 mod_python3 PostgreSQL
&prompt.root; cd /usr/ports/www/py-django; make all install clean -DWITH_MOD_PYTHON3 -DWITH_POSTGRESQL
ڰװ Django Щ֮
Ҫһ Django ĿĿ¼Ȼ
ApacheжվӦóijЩָ URL
ʱǶ Python
Django/mod_python й Apache ֵ
Ҫ Apache ļ
httpd.conf ⼸У
ѶijЩ URL web Ӧó
<Location "/">
SetHandler python-program
PythonPath "['/dir/to/your/django/packages/'] + sys.path"
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAutoReload On
PythonDebug On
</Location>
Ruby on Rails
Ruby on Rails
Ruby on Rails һԴ web framework
ṩһȫĿܣܰ web
߹гЧͿдǿӦá
ܷdzĴ posts ϵͳװ
&prompt.root; cd /usr/ports/www/rubygem-rails; make all install clean
mod_perl
mod_perl
Perl
Apache/Perl ɼƻ Perl
Եǿܣ Apache
HTTP ܵؽϵһ
ͨ mod_perl ģ飬
ȫʹ Perl д Apache ģ顣
⣬ Ƕij־Խ ⲿĽΪ Perl
űɵʧ
mod_perl ַͨʽṩ
Ҫʹ mod_perl
Ӧע mod_perl 1.0
ֻ Apache 1.3
mod_perl 2.0 ֻ
Apache 2.X ʹá
mod_perl 1.0 ͨ
www/mod_perl װ
Ծ̬ʽİ汾 ͨ
www/apache13-modperl
װ
mod_perl 2.0 ͨ
www/mod_perl2 װ
Tom
Rhodes
Written by
mod_php
mod_php
PHP
PHP ҲΪ PHP:
Hypertext Preprocessor
һرʺ Web ͨýűԡ
ܹǶ뵽 HTML ֮У
ӽ C &java; Լ Perl web
ԱһѸд̬ɵҳ档
Ҫ
Apache web
PHP5 ֧֣ ԴӰװ
lang/php5
port ʼ
״ΰװ lang/php5 port
ʱ ϵͳԶʾõһϵ
OPTIONS (ѡ) ûп˵
ڹȥװ lang/php5 port ȵȣ
ٴʾò˵ port Ŀ¼ִУ
&prompt.root; make config
ѡԻУ ѡ
APACHE һ Ϳ
Apache web ʹõĿɶ̬ص
mod_php5 ģˡ
ڸʽԭ (磬 Ѿ web ӦõļԿ)
վʹ PHP4 Ҫ
mod_php4
mod_php5 ʹ
lang/php4 port
lang/php4 port Ҳ֧
lang/php5 port ṩúͱʱѡ
ǰѾɹذװֶ֧̬ PHP Ӧģ顣
鲢ȷѽü뵽
/usr/local/etc/apache/httpd.conf У
LoadModule php5_module libexec/apache/libphp5.so
AddModule mod_php5.c
<IfModule mod_php5.c>
DirectoryIndex index.php index.html
</IfModule>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
Щ֮ Ҫʹ
apachectl һ graceful
restart Ա PHP ģ飺
&prompt.root; apachectl graceful
δ PHP ʱ
make config ⲽͲDZˣ
ѡ OPTIONS &os;
Ports Զ档
&os; е PHP ֧Ǹ߶ģ黯ģ
˻װĹʮޡ ַ֧ܵdz ֻͨ
lang/php5-extensions port
ɡ port ṩһ˵Ľ
PHP չİװ ⣬ ҲͨӦ port
װչ
磬 Ҫ
MySQL ݿּ֧
PHP5 ֻذװ
databases/php5-mysql
װչ֮
Apache
Ӧµñ
&prompt.root; apachectl graceful
Murray
Stokely
Contributed by
ļЭ (FTP)
FTP
ļЭ (FTP) Ϊûṩһģ FTP ļķ &os;
ϵͳа FTP
ftpd ʹ &os;
Ͻ FTP ÷dz
ҪòǾЩʺŷ FTP
һ &os; ϵͳһϵϵͳʺŷֱִвͬķ
δ֪ûӦ¼ʹЩʺš
/etc/ftpusers ļУ г˲ͨ
FTP ʵû Ĭ£ ǰϵͳʺţ
ҲӦͨ FTP ʵû
ܻϣͨ FTP ¼ijЩû
ȫֹʹ FTP ͨ /etc/ftpchroot
ļɡ һļгϣ FTP ʽƵûı
&man.ftpchroot.5; ֲУ ѾԴ˽꾡Ľܣ
ʶ
FTP
Ҫڷ FTP ʣ 뽨һΪ
ftp &os; û ûͿʹ
ftp anonymous
Ŀ (ϰϣ ӦǸûʼַΪ)
¼ͷ FTP FTP û¼ʱ
&man.chroot.2; Ա㽫
ftp ûĿ¼С
ıļָʾ FTP ͻеĻӭ֡
/etc/ftpwelcome ļеݽû֮
ڵ¼ʾ֮ǰʾ ڳɹĵ¼֮ ʾ
/etc/ftpmotd ļеݡ
עڵ¼ģ ˶ûԣ
ʾ ~ftp/etc/ftpmotd
һȷ FTP
ͱ /etc/inetd.conf
Ҫȫǽעͷ
#
е
ftpd ֮ǰȥ
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ܵ
ļ֮ inetd ¼
ʹµЧ
Իȡйϵͳ inetd
ϸϢ
ftpd ҲΪһķ
ĻҪ /etc/rc.conf
µı
ftpd_enable="YES"
֮ķ´ϵͳʱ
ͨ root ִֶµ
&prompt.root; /etc/rc.d/ftpd start
ڿͨ¼ FTP ˣ
&prompt.user; ftp localhost
ά
syslog
־ļ
FTP
ftpd ʹ
&man.syslog.3; ¼Ϣ Ĭ£
ϵͳ־Ѻ FTP صϢ¼
/var/log/xferlog ļС FTP ־λã
ͨ
/etc/syslog.conf ʾģ
ftp.info /var/log/xferlog
FTP
һҪСĶԴ FTP пDZ⡣
һԣ ûϴļӦ˼ ܷԼ FTP
վΪ˽δȨҵ̳
Ҫ FTP ϴ ļȨޣ
ʹܹûܹЩļ֮ǰǡ
Murray
Stokely
Contributed by
Ϊ µsoft.windows; ͻṩļʹӡ (Samba)
Samba
Microsoft Windows
ļ
Windows ͻ
ӡ
Windows ͻ
Samba һеĿԴ
ṩ µsoft.windows; ͻļʹӡ
ͻӲʹ FreeBSD ϵͳϵļռ䣬
ͬʹñصĴһ ʹñشӡһʹ
FreeBSD ϵĴӡ
Samba FreeBSD
װҵ ûڳΰװ FreeBSD
ʱװ Samba ͨ net/samba34 port package װ
Ĭϵ Samba ļ
/usr/local/share/examples/samba34/smb.conf.default
ְװļ븴Ϊ
/usr/local/etc/smb.conf жƣ
ܿʼʹ Samba
smb.conf ļа
Samba ʱϢ
ڴӡĶ壬 Լϣ &windows;
ͻ ļϵͳ
Samba һΪ
swat web ߣ
ṩ smb.conf ļļ
ʹ Samba Web (SWAT)
Samba Web (SWAT) һͨ
inetd еķ ˣ
Ҫ /etc/inetd.conf 漸еעȥ
ܹʹ swat
Samba
swat stream tcp nowait/400 root /usr/local/sbin/swat swat
ܵ
ļ֮ inetd
¼ã ʹЧ
һ inetd.conf
swat Ϳ
connect to ˡ
ʹϵͳ root
ʺŵ¼
ֻҪɹص¼
Samba ҳ棬
Ϳϵͳĵ
Globals(ȫ) ѡʼˡ
Globals СڶӦ [global]
Сеı ǰλ
/usr/local/etc/smb.conf С
ȫ
ʹ swat
ֱӱ༭ /usr/local/etc/smb.conf
ͨҪõ Samba
ѡǣ
workgroup
NT
ͨЩҵ
netbios name
NetBIOS
ѡ Samba
NetBIOS ֡ Ĭ£ DNS ֵĵһ֡
server string
ѡͨ net view
ԼijЩ繤߿Բ鿴Ĺڷ˵֡
ȫ
/usr/local/etc/smb.conf еҪã
ѡİȫģͣ ԼͻûĿźˡ
Щѡ
security
ѡʽ
security = share security
= user Ŀͻʹû
Щû &os; һ£
һӦѡû (user) ȫ Ĭϵİȫԣ
Ҫͻȵ¼ ȻܷʹԴ
ù (share) ȫ
ͻҪЧûͿ¼
ܹӹԴ ǽ汾
Samba еĬֵ
passdb backend
NIS+
LDAP
SQL ݿ
Samba ṩֲ֤ͬģ͡
ͨ LDAP NIS+ SQL ݿ⣬ ĵĿļ
ɿͻ˵֤ Ĭϵ֤ģʽ
smbpasswd ҲDZ½ܵȫݡ
ʹõĬϵ smbpasswd
ˣ ȴһ
/usr/local/etc/samba/smbpasswd ļ
Samba Կͻ֤
&unix; ûʺܹ &windows;
ͻϵ¼ ʹ
&prompt.root; smbpasswd -a username
ĿǰƼʹõĺ tdbsam
Ӧʹûʺţ
&prompt.root; pdbedit username
ο
ٷ Samba HOWTO
˽ѡĽһϢ ǰĻ
ӦѾ
Samba ˡ
Samba
net/samba34 port
һµڿ
Samba ű Ҫű
Ա ֹͣ
Samba Ҫ
/etc/rc.conf ļм룺
samba_enable="YES"
⣬ ҲԽиϸȵĿƣ
nmbd_enable="YES"
smbd_enable="YES"
Ҳͬʱϵͳʱ Samba
ú֮ Ϳκʱͨ
Samba ˣ
&prompt.root; /usr/local/etc/rc.d/samba start
Starting SAMBA: removing stale tdbs :
Starting nmbd.
Starting smbd.
μ ˽ʹ rc űĽһϢ
Samba ʵϰķ
Ӧܹ
nmbd smbd
ͨ samba űġ
smb.conf winbind ֽ
ӦÿԿ winbindd
κʱֹͨͣ
Samba
&prompt.root; /usr/local/etc/rc.d/samba stop
Samba һӵ
ṩ µsoft.windows; мɵĸʽĹܡ
Ҫ˽ܵĻװܣ
Tom
Hukins
Contributed by
ͨ NTP ʱͬ
NTP
ʱƣ ʱӻƯơ
ʱЭ (NTP) һȷʱӱȷķ
Internet ڱؼʱӵȷԡ
磬 web ܻյһ
Ҫļijһʱ֮Ĺŷ
ھУ ļļ֮ʱǷͬҪ
Ϊʹʱһ¡ &man.cron.8;
ij Ҳȷϵͳʱӣ ܹȷִв
NTP
ntpd
FreeBSD &man.ntpd.8; NTP
ڲѯ NTP
ñؼʱӣ Ϊṩ
ѡʵ NTP
NTP
ѡ
Ϊͬϵͳʱӣ
Ҫҵһ NTP Թʹá Ա
ISP ܻṩĿĵ NTP
—鿴ǵĵ˽Ƿ
⣬ Ҳһߵ
NTP б ԴѡһϽ NTP
ȷѡķķʲԣ ҪĻ
һɡ
ѡӵ NTP һ⣬
ijɴ ʱӲɿʱͿбѡ
Ϊ &man.ntpd.8;
ܵѡյӦ—ʹÿɿķ
Ļ
NTP
ntpdate
ֻϵͳʱͬʱӣ
ʹ &man.ntpdate.8; ھ
ҲҪͬϵͳ˵Ƚʺϣ
Ӧ &man.ntpd.8;
ʱʹ &man.ntpdate.8; &man.ntpd.8;
Ҳһ⡣ &man.ntpd.8; ʱӣ
&man.ntpdate.8; ֱʱӣ
ۻĵǰʱȷʱжƫ
Ҫʱ &man.ntpdate.8; Ҫ
ntpdate_enable="YES" ӵ
/etc/rc.conf С ⣬
Ҫͨ ntpdate_flags
ͬķѡ
ǽݸ &man.ntpdate.8;
һ
NTP
ntp.conf
NTP ͨ
/etc/ntp.conf ļõģ
ʽ &man.ntp.conf.5; н
һӣ
server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.drift
server ѡָʹһ
ÿһһС ijһָ̨ prefer
(ƫ) ntplocal.example.com
ѡ
ƫõķӦIJ
Ӧ ʹӦ
һ˵
prefer Ӧñעڷdzȷ NTP
ʱԴ ЩʱӲķϡ
driftfile ѡ
ָϵͳʱƵƫļ
&man.ntpd.8; ʹԶزʱӵȻƯƣ
ӶʹʱӼʹжʱԴ£
ܱ൱ȷȡ
⣬ driftfile
ѡҲһӦʹõ NTP Ϣ
ļ NTP ڲϢ Ӧκġ
ķķ
Ĭ£ NTP Ա Internet ϵʡ
/etc/ntp.conf ָ restrict
ԿЩķ
ϣܾеĻ NTP
ֻ
/etc/ntp.conf м룺
restrict default ignore
ֹķڱгķ
Ҫ NTP NTP
ͬʱ䣬 Ӧָ μֲ
&man.ntp.conf.5; ˽һϸڡ
ֻϣڵĻͨķͬʱӣ
Ϊ ΪͬʱӵĽڵʱã
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Ҫ 192.168.1.0 Ϊϵ
IP ַ 255.255.255.0 Ϊ롣
/etc/ntp.conf ܰ
restrict ѡ Ҫ˽һϸڣ
μ &man.ntp.conf.5;
Access Control Support(ʿ֧)
Сڡ
NTP
Ҫ NTP ϵͳʱ֮
Ҫ ntpd_enable="YES" 뵽
/etc/rc.conf С
ϣ &man.ntpd.8; ݸ Ҫ༭
/etc/rc.conf е
ntpd_flags
Ҫڲǰ Ҫֹ
ntpd
/etc/rc.conf
е ntpd_flags ָIJ
磺
&prompt.root; ntpd -p /var/run/ntpd.pid
ʱԵ Internet ʹ ntpd
&man.ntpd.8; ҪԵ Internet ӡ
Ȼ ʱΪ貦ŵģ
ôֹ NTP ͨѶƵţ ӾбҪˡ
ʹû PPP ʹ filter
䣬 /etc/ppp/ppp.conf нбҪá
磺
set filter dial 0 deny udp src eq 123
# Prevent NTP traffic from initiating dial out
set filter dial 1 permit 0 0
set filter alive 0 deny udp src eq 123
# Prevent incoming NTP traffic from keeping the connection open
set filter alive 1 deny udp dst eq 123
# Prevent outgoing NTP traffic from keeping the connection open
set filter alive 2 permit 0/0 0/0
Ҫ˽һϢ ο &man.ppp.8; PACKET
FILTERING() Сڣ Լ
/usr/share/examples/ppp/ еӡ
ijЩ Internet ṩֹ̻ͱŵĶ˿ڣ
ᵼ NTP ΪӦĻ
һϢ
NTP ĵ
/usr/share/doc/ntp/ ҵ HTML
ʽİ汾
Tom
Rhodes
Contributed by
ʹ syslogd ¼Զ־
ϵͳ־ϵͳȫһҪ档
жֲ̨ͻĻٻǴڸֲͬ͵У
־ļԵ÷dzԲ £
Զ־¼ʹ̱øɡ
м¼־һָ̨ĻܹһЩ־ļĸ
־ļռ ϲѭһã
ʹ &os; ԭĹߣ &man.syslogd.8; &man.newsyslog.8;
µʾУ A Ϊ
logserv.example.com
ռ־Ϣ B
Ϊ logclient.example.com
־Ϣ ʵУ
Ҫȷͷ DNS
/etc/hosts м¼
ݽա
־
־óԶ־ϢĻ
ڴΪ˷ã Ϊ˸õĹ
Ǻԭ ڼ֮ǰҪһЩ
һȷõ־¼
Ϳͻ˵ķǽ 514 ˿ϵ
UDP ͨ
syslogd óɽܴԶ̿ͻϢ
syslogd еĿͻ˶ȷͷ
DNS
/etc/hosts Ӧá
־ ͻ˱
/etc/syslog.conf г,
ָ־ facility
+logclient.example.com
*.* /var/log/logclient.log
ڸֱֲ֧õ facility
&man.syslog.conf.5; ֲҳҵ
һԺ д facility
Ϣᱻ¼ǰָļ
/var/log/logclient.log
ṩĻҪ
/etc/rc.conf ã
syslogd_enable="YES"
syslogd_flags="-a logclient.example.com -v -v"
һѡʾϵͳʱ syslogd
ڶѡʾָ־Դͻ˵ݡ
ڶIJ֣ ʹ
ʾ־Ϣϸ̶ȡ ڵ facility õʱ
÷dzã ΪԱܹЩϢΪĸ
facility ¼
ͬʱָ ѡͻ
⣬ ָ IP
ַΣ
&man.syslog.3; ֲ˽õб
־ļӦñ úַ
&man.touch.1; ܺܺõɴ
&prompt.root; touch /var/log/logclient.log
ʱ Ӧȷһ syslogd
ػ̣
&prompt.root; /etc/rc.d/syslogd restart
&prompt.root; pgrep syslog
һ PIC Ļ
Ӧñɹ, ʼÿͻˡ
ûĻ
/var/log/messages
־в
־ͻ
־ͻһ̨־Ϣ־Ļ
ڱر濽
־ƣ ͻҲҪһЩ
&man.syslogd.8;
뱻óɷָ͵Ϣܽǵ־
ǽ 514 ˿ϵ UDP ͨ
뷴 DNS
/etc/hosts ȷļ¼
ȷ˵ÿͻ˸һЩ
ͻ˵Ļ /etc/rc.conf
µã
syslogd_enable="YES"
syslogd_flags="-s -v -v"
ǰƣ Щѡϵͳ
syslogd ־Ϣϸ̶ȡ
ѡʾֹ־
Facility ijϢϵͳIJɵġ ˵
ftp ipfw facility
־Ϣʱ ͨ־Ϣаֹߡ
Facility ͨһȼȼ
һ־ϢҪ̶ȡ ͨΪ
warning info
&man.syslog.3; ֲҳԻһõ
facility ȼб
־ڿͻ˵ /etc/syslog.conf
ָ ڴУ @
űʾ־ݵԶ̵ķ
ȥ
*.* @logserv.example.com
Ӻ syslogd
ʹЧ
&prompt.root; /etc/rc.d/syslogd restart
־ϢǷͨ緢ͣ
ϢĿͻ &man.logger.1;
syslogd Ϣ
&prompt.root; logger "Test message from logclient"
ϢӦͬʱڿͻ
/var/log/messages Լ־
/var/log/logclient.log С
־
ijЩ£ ־ûյϢĻҪһˡ
мܵԭ ӵ
DNS ⡣ Ϊ˲Щ⣬
ȷߵĻʹ /etc/rc.conf
趨ʵԷ Ļ
ôҪ /etc/rc.conf
е syslogd_flags ѡЩˡ
µʾУ
/var/log/logclient.log ǿյģ
/var/log/message Ҳûбκʧܵԭ
ΪӵԵ ayalogd_flags
ѡµʾ
syslogd_flags="-d -a logclien.example.com -v -v"
&prompt.root; /etc/rc.d/syslogd restart
֮ ĻϽĵݣ
logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel
Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
cvthname(192.168.1.10)
validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com;
rejected in rule 0 due to name mismatch.
ԣϢƥյġ
һһļļ֮
/etc/rc.conf
syslogd_flags="-d -a logclien.example.com -v -v"
Ӧð logclient
logclien
ȷIJܼ֮ԤڵЧˣ
&prompt.root; /etc/rc.d/syslogd restart
logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from logserv.example.com,
msg Dec 10 20:55:02 <syslog.err> logserv.example.com syslogd: exiting on signal 2
cvthname(192.168.1.10)
validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com;
accepted in rule 0.
logmsg: pri 15, flags 0, from logclient.example.com, msg Dec 11 02:01:28 trhodes: Test message 2
Logging to FILE /var/log/logclient.log
Logging to FILE /var/log/messages
˿̣ Ϣܹȷղļˡ
ȫԷ˼
һ ʵ֮ǰҪǰȫԡ
ʱ־ļҲϢ 籾õķ
ûʺźݡ ӿͻ˷ݾ絽
ڼûмҲû뱣 мҪĻ
ʹ security/stunnel
һܵдݡ
ذȫҲͬǸ⡣ ־ļʹлѭתûбܡ
ûܶȡЩļԻöϵͳ˽⡣
ЩļȷȨǷdzбҪġ
&man.newsyslog.8; ָ֧´ѭ־Ȩޡ
־ļȨΪ 600
ֹûҪĿ̽
diff --git a/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml b/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml
index 55bf7c23b6..2d14e538cd 100644
--- a/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml
+++ b/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml
@@ -1,2883 +1,2837 @@
Jim
Mock
Restructured, reorganized, and updated by
PPP SLIP
-
- PPP
-
-
- SLIP
-
FreeBSD кܶԽ
ͨʹò modem Internet ӣ
ͨĻ磬
- ЩҪʹ PPP SLIP
+ ЩҪʹ PPPPPP SLIPSLIP
½ϸЩ modem ͨŷķ
һ£ ˽⣺
û PPP
ں˼ PPP ( &os; 7.X)
PPPoE (PPP over
Ethernet)
PPPoA (PPP over
ATM)
úͰװ SLIP ͻ˺ͷ ( &os; 7.X)
PPP
û PPP
PPP
ں˼ PPP
PPP
PPPoE
Ķ֮ǰ Ӧ
Ϥ
ⲦӺ PPP SLIP Ļ֪ʶ
֪û PPP ں˼ PPP ֮IJ֮ͬ شܼ
û PPP ûݣ ں˼
ںû֮临ݵĻҪһЩ
ṩиԵPPPʵ֡
ûPPPʹ tun
豸ͨŶں˼ PPP ʹ
ppp 豸
У û˵
ppp ָû̬ PPP
Ҫ PPP
pppd ( &os; 7.X) ֡
⣬ ûжע ܵҪ
root Ȩޡ
Tom
Rhodes
Updated and enhanced by
Brian
Somers
Originally contributed by
Nik
Clayton
With input from
Dirk
Frömberg
Peter
Childs
ʹû PPP
&os; 8.0 ʼ &man.uart.4; ȡ
&man.sio.4; Աʾڵ豸ڵɷֱ
/dev/cuadN Ϊ
/dev/cuauN
/dev/ttydN Ϊ
/dev/ttyuN
&os; 7.X ûʱҪӦ֮ļбҪĸġ
û PPP
ǰ
¼ٶ߱
-
- ISP
-
-
- PPP
-
- һ ISP ṩʹ PPP ʺš
+ һ ISPISP ṩʹ PPPPPP ʺš
Ҫϵͳϣ ȷõ modem
ܹ ISP 豸
ISP IJź롣
-
- PAP
-
-
- CHAP
-
-
- UNIX
-
-
- login name
-
-
- password
-
- ĵ¼ƺ (һ UNIX ĵ¼ԣ
- Ҳ PAP CHAP ¼)
+ ĵ¼ƺ (һ UNIXUNIX ĵ¼ԣlogin namepassword
+ Ҳ PAPPAP CHAPCHAP ¼)
-
- nameserver
-
-
һ IP ַ
ͨ ISPõIPַ
ٵõһ Ϳļ
ppp.conf м enable dns
ʹ ppp
- ȡ ISP ֧ DNS Э̵ľʵ֡
+ ȡ ISP ֧ DNS Э̵ľʵ֡nameserver
Ϣ ISP ṩ DZģ
ISPIPַ ӣ Ϊ
Ĭ·
ûϢ 鹹һ
ʱ ISP PPP Զȷֵ
鹹 IP ַ ppp м
HISADDR
ʹõ롣 ISPûṩ һʹ
255.255.255.255 ûġ
-
- static IP address (̬ IP ַ)
-
-
ISP ṩ˾̬IPַ ǡ
- ֮ ӦöԷָΪʵ IP ַ
+ ֮ ӦöԷָΪʵ IP ַstatic IP address (̬ IP ַ)
֪ЩϢ ISP ϵ
У Ϊչʾļжкš
ЩкֻΪʹͺ۱÷㣬 ʵļвڡ
⣬ ڱҪʱӦʹ Tab Ϳո
PPPԶ
PPP
configuration ()
ppppppd(PPPں˼ʵ֣ &os; 7.X)
ʹ /etc/ppp Ŀ¼еļ û PPP
ӿ
/usr/share/examples/ppp/ ҵ
pppҪҪ༭ļ
༭ļļȡ
IP Ǿ̬ (ÿζʹͬһַ)
Ƕ̬ (ÿӵ ISP òͬ IP ַ)
PPP;̬IPַ
PPP
with static IP addresses
Ҫ༭ļ/etc/ppp/ppp.conf ʾ
ð:βдӵһ ()ʼ
ежҪʹÿոƱ (Tab)
1 default:
2 set log Phase Chat LCP IPCP CCP tun command
3 ident user-ppp VERSION (built COMPILATIONDATE)
4 set device /dev/cuau0
5 set speed 115200
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
8 set timeout 180
9 enable dns
10
11 provider:
12 set phone "(123) 456 7890"
13 set authname foo
14 set authkey bar
15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp"
16 set timeout 300
17 set ifaddr x.x.x.x y.y.y.y 255.255.255.255 0.0.0.0
18 add default HISADDR
1
ָĬϵ PPPʱеԶִС
2
õ¼ Ϊ־ļ ӦüΪ
set log phase tun
3
PPP ԷʶԼ
ڽʹʱκ鷳 PPPͻԷұʶ
ԷԱڴʱ ЩϢá
4
modemҪӵĶ˿ںš
COM1 Ӧ豸
/dev/cuau0
COM2
Ӧ
/dev/cuau1
5
ӵٶȡ 115200
⣬ 38400
6 & 7
-
- PPP
- user PPP
-
-
- ַ û PPP ʹһ &man.chat.8;Ƶ
+ ַ û PPPPPPuser PPP ʹһ &man.chat.8;Ƶ
οֲ˽ԵϢ
ע⣬ Ϊ˱Ķ˻С κ
ppp.conf
ǰеһַ \
8
ӵʱ Ĭ 180 룬 һǶġ
9
PPPԷȷϱá
˱ص ҪעͻɾһС
10
Ϊ˿ɶԵҪһС лᱻPPPԡ
11
Ϊ provider
ָһ Ըij
ISP֣ ԺͿʹ
ӡ
12
ṩ̵ĵ绰롣 绰ʹð (:)
ܵ (|)
ַ&man.ppp.8;ֲнܡ
ܵ ҪѭʹЩ룬 ʹðš
ʹõһ룬 һʧõڶ룬
ʹùܵš ʾ Ҫ绰(")
绰пո (")
ɼȴԲĴ
13 & 14
ָû롣 ʹ &unix; ʾ¼ʱ
Щֵô \U \P set login
ġ ʹPAPCHAPʱ Щֵ֤ʹá
15
- PAP
- CHAP
ʹõPAPCHAP Ͳе¼
ҪעͻɾһС
- ο PAP CHAP֤
+ ο PAPPAP CHAP֤CHAP
˽ϸڡ
¼ǵchat͵ġ ģ
J. Random Provider
login: foo
password: bar
protocol: ppp
ҪıűʺԼҪ
һдűʱ ӦȷѾ
chat
ڵ¼״̬
ȷͨǷڰƻС
16
- timeout
-
Ĭϵijʱʱ䡣 300
ӦϿóɳʱ
- ֵó0 ʹ ѡ
+ ֵó0 ʹ ѡtimeout
17
- ISP
-
- ýӿڵַ Ҫ ISP ṩ IP ַ滻ַ
+ ýӿڵַ Ҫ ISPISP ṩ IP ַ滻ַ
x.x.x.x ISP IP
ַ (Ҫӵ) 滻ַ
y.y.y.y
ISPûиṩصַ ʹ
10.0.0.2/0
Ҫʹһ µ
ĵַ
ȷ /etc/ppp/ppp.linkup
Ϊÿ PPPͶ̬IPַ
ָһ ûһУ ppp
ģʽС
18У
һISPصĬ·ɡ
HISADDRؼֻᱻ17ָصַ滻
бڵ17֮ HISADDR
ʼ֮ǰʹֵ
ʹ PPPӦŲ
ppp.linkup ļС
һ̬IPַ ʹ
ģʽppp(Ϊ֮ǰѾȷ·ɱ) ǾͲҪppp.linkup
ϣԺһó Ժsendmailл͡
ʾļĿ¼
/usr/share/examples/ppp/ ҵ
PPPͶ̬IPַ
PPP
with dynamic IP addresses
IPCP
ISPûָ̬IPַ pppҪóܹԷЭȷغԶ̵ַ
Ҫ Ҫ
һIPַ Ȼ
pppӺʹIPЭ(IPCP)ȷá
ppp.conf
PPP;̬IPַһģ µĸı䣺
17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0
ٴǿ Ҫкţ ֻһñǡ һոDZġ
17
/ ַ PPP Ҫĵַ롣
ԸҪʹòͬ IP ַ ϵԶǿеġ
IJ(0.0.0.0)
PPP0.0.0.0 10.0.0.1 ʼЭ̵ַ ЩISP
DZġ Ҫ 0.0.0.0
Ϊ set ifaddr ĵһ
Ϊʹ PPP ģʽʱóʼ·ɡ
ģʽ
Ҫ/etc/ppp/ppp.linkupдһ
ӽ֮ ppp.linkupá ʱ
pppָɽӿڵַ ·ɱ
1 provider:
2 add default HISADDR
1
Ϊ˽ӣ
ppp ᰴ¹
ppp.linkupѰ:ȣ ͼѰͬıǩ
(ͬppp.confһ ʧˣ
ѰΪ IP ַ ĸλֽڵķ
ûҵ Ѱ MYADDR
2
и pppָ
HISADDRĬ·ɡ
HISADDRͨIPCPЭ̵õIP滻
ο/usr/share/examples/ppp/ppp.conf.sample
/usr/share/examples/ppp/ppp.linkup.sample
еpmdemandԻȡϸڻӡ
ղ
PPP
receiving incoming calls
Ҫ pppLANϵ
ʱ ҪǷתLAN ǵĻ ͱ LAN
иԷһIP Ҫļ /etc/ppp/ppp.conf
ʹ enable proxy Ӧȷļ
/etc/rc.conf аݣ
gateway_enable="YES"
ʹĸgetty
FreeBSD IJŷ
&man.getty.8; ŷ
getty ֮ mgetty (ͨ
comms/mgetty+sendfax port
װ)
getty ܰ汾 ǰղߵ˼Ƶġ
ʹ mgetty ĺôܻ modem
Ự
ζ/etc/ttysеĶ˿ڱرգ
modermͲӦ롣
°汾 mgetty (
0.99beta ) Ҳ֧Զ PPP
ͻ˲ʹýűҲܷʷˡ
οMgetty
AutoPPPֲ˽Ϣ
PPP Ȩ
ppp ͨ root
ûС ϣͨû ppp
() ͱѴû
network 飬 ʹ ppp
Ȩޡ
Ҫʹallowʹûܷ
һ֣
allow users fred mary
default
У ָûκζ
̬IPûPPP Shell
PPP shells
һΪ/etc/ppp/ppp-shellļ ݣ
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENT
űҪпִԡ Ȼͨһָ˽űΪ
ppp-dialupķӣ
&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialup
ӦýűΪвû
shell
ļ /etc/passwd
й PPP û
pchilds (мǣ
Ҫֱļ &man.vipw.8; )
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup
һΪ /home/ppp
Ŀ¼ΪûĿ¼ аЩļ
-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts
ͿԷֹ/etc/motdʾ
̬IPûShell
PPP shells
ppp-shellļ
Ϊÿ̬IPûһ ppp-shell
ӡ
磬 ϣΪû
fred sam
mary · /24 CIDR 磬 Ҫݣ
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary
ÿûShell뱻һ(û
maryShellӦ/etc/ppp/ppp-mary)
Ϊ̬IPûppp.conf
/etc/ppp/ppp.confļӦð
ЩУ
default:
set debug phase lcp chat
set timeout 0
ttyu0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyu1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxy
ñġ
default:ÿλỰʱء ÿ
/etc/ttys õжΪ䴴һ
ttyu0: ÿһӦôӶ̬ IP
ַȡΨһIPַ
Ϊ̬ IP û ppp.conf
/usr/share/examples/ppp/ppp.conf ļݣ
Ϊÿ̬ûһ Ǽ
fred sam
Լ maryΪ
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255
Ҫ /etc/ppp/ppp.linkup
ҲӦðÿ̬IPûĵ·Ϣ
һΪͻ˵
203.14.101.0/24 ·ɡ
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDR
mgettyAutoPPP
mgetty
AutoPPP
LCP
Ĭ£ comms/mgetty+sendfax port
ڱʱ AUTO_PPP ѡ
ʹ mgetty ܹ PPP ӵ LCP ״̬
Զ PPP shell Ĭе
login/password в֣ ˣ
ͱʹ PAP CHAP ûݡ
ڼٶûѾϵͳгɹر벢װ comms/mgetty+sendfax
ȷ
/usr/local/etc/mgetty+sendfax/login.config
ļаݣ
/AutoPPP/ - - /etc/ppp/ppp-pap-dialup
иmgetty
ppp-pap-dialupűPPPӡ
/etc/ppp/ppp-pap-dialupļд (ļӦǿִе)
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT
Ӧÿ/etc/ttysУ Ҫ/etc/ppp/ppp.conf
дӦ Ķͬġ
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxy
ÿַʽ¼û
/etc/ppp/ppp.secret ļиû/
ʹѡ ͨ PAP ʽ /etc/passwd
ļṩϢ֤
enable passwdauth
ΪijЩû侲̬IP
/etc/ppp/ppp.secret
нIPΪָ μ
/usr/share/examples/ppp/ppp.secret.sample
еӡ
MS Extensions
DNS
NetBIOS
PPPMicrosoft extensions
PPPṩDNSNetBIOSַ
Ҫ PPP 1.x 汾Щչ Ҫ
/etc/ppp/ppp.conf ĶӦмã
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
PPP汾2ϣ
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
⽫߿ͻѡͱ
ڰ汾2ϰ汾У ʡ
set dns PPPʹ
/etc/resolv.confеֵ
PAP CHAP ֤
PAP
CHAP
һЩ ISP ϵͳΪʹ PAP CHAP ֤
ʱ ISP Ͳῴ
login: ʾ ʼ PPP Ի
PAP ȫҪ CHAP һЩ ﰲȫԲ⣬
Ϊ (ʹĴ) ֻͨߴͣ
߲û̫ȥ
ο PPP
뾲̬ IP ַ PPP 붯̬ IP ַ
Сڣ иĶ
13 set authname MyUserName
14 set authkey MyPassword
15 set login
13 У
һָPAP/CHAPû
ҪΪMyUserNameȷֵ
14 У
password
һָ PAP/CHAP password롣
ҪΪ MyPassword ȷֵ
⣬ϣһЩѡ磺
16 accept PAP
16 accept CHAP
ȷͼ Ĭ PAP CHAP ᱻܡ
15
ʹõ PAP CHAP һ˵ ISP
ͲҪ¼ˡ ʱ
ͱ set login
á
ʱıppp
̨еpppжԻǿܵģ
ǰһʵ϶˿ڡ һ㣬 Ҫм뵽У
set server /var/run/ppp-tun%d DiagnosticPassword 0177
и PPPָ&unix;socket ûʱҪָ롣
%dtun豸滻
һsocket Ϳڽűеó&man.pppctl.8;е
PPP
ʹPPPַ
PPP
NAT
PPP ʹڽ NAT ں֧֡
/etc/ppp/ppp.conf м
nat enable yes
PPP NATҲʹѡ
-nat
/etc/rc.conf ļҲ
ppp_nat Ĭá
ʹԣ ᷢ
/etc/ppp/ppp.conf
ѡincoming connections forwardingõģ
nat port tcp 10.0.0.2:ftp ftp
nat port tcp 10.0.0.2:http http
ȫ
nat deny_incoming yes
ϵͳ
PPPconfiguration
ppp ֮ǰһЩҪ
/etc/rc.conf
¿ ȷѾȷ
hostname= 磺
hostname="foo.example.com"
ISPṩһ̬IP֣ Ϊhostnameʵġ
Ѱ network_interfaces
ҪϵͳͨISP
һҪtun0豸б ɾ
network_interfaces="lo0 tun0"
ifconfig_tun0=
ifconfig_tun0Ӧǿյģ ҪһΪ
/etc/start_if.tun0ļ
ļӦðһУ
ppp -auto mysystem
˽űʱִУ PPPػ̽Զģʽ
̨ӳ䵱һLANأ ϣʹ
οֲ˽ϸڡ
/etc/rc.conf У
·ɳΪ NO
router_enable="NO"
routed
routed dzҪ Ϊ
routed ܻɾ ppp
Ĭ·ɡ
⣬ ǽȷһ
sendmail_flags һûָ
sendmail ϵسԲ磬
ᵼ»ϵؽвš Կǣ
sendmail_flags="-bd"
sendmail
ǵÿ PPP ӽʱͨǿ
sendmail ¼ʼУ
&prompt.root; /usr/sbin/sendmail -q
Ҳppp.linkupʹ!bgԶЩ
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30m
SMTP
ϲ һ
dfilter
ֹ SMTP 䡣
οļ˽ϸڡ
ΨһҪ
֮룺
&prompt.root; ppp
Ȼdial providerԿ PPPỰ
pppԶỰ
Ϊһ (ûд start_if.tun0
ű) 룺
&prompt.root; ppp -auto provider
ܽ
һPPPʱ 漸DZģ
ͻˣ
ȷ tun˽ˡ
ȷ /dev
Ŀ¼Ϊ
tunN
豸ļǿõġ
/etc/ppp/ppp.confдһ
pmdemandʾӦʺھISP
ʹö̬IPַ /etc/ppp/ppp.linkupһ
/etc/rc.conf
ļ
Ҫ貦ţ һstart_if.tun0ű
ˣ
ȷtun豸ѱںˡ
ȷ /dev
Ŀ¼Ϊ
tunN
豸ļǿõġ
/etc/passwdдһ
(ʹ&man.vipw.8;)
ûhomeĿ¼һ
ppp -direct direct-serverprofile
/etc/ppp/ppp.confдһ
direct-serverʾӦҪ
/etc/ppp/ppp.linkupдһ
/etc/rc.conf
ļ
Gennady B.
Sorokopud
Parts originally contributed by
Robert
Huff
ʹں˼PPP
ֻ
&os; 7.X Ͽá
ں˼PPP
PPP
kernel PPP
ڿʼ PPP ֮ǰ
ȷ pppd Ѿ
/usr/sbin У
/etc/ppp Ŀ¼Ǵڵġ
pppdģʽ¹
Ϊһ ͻ
—
ҪͨPPPmodem߰Ļӵϡ
PPP
server
Ϊ
—Ѿλϣ ұͨPPPӡ
Ҫһѡļ
(/etc/ppp/options
~/.ppprc ļжûʹPPP)
ҪһЩmodem/serial(comms/kermitͺʺ)
ʹܹŲԶӡ
Trev
Roydhouse
Based on information provided by
ʹpppdΪͻ
PPP
client
Cisco
/etc/ppp/optionsѡļܹCISCOն˷
PPPӡ
crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address
# if the remote host does not send your IP during IPCP
# negotiation, remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:remote_ip # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to local_ip:remote_ip
defaultroute # put this if you want that PPP server will be your
# default router
ӣ
Kermit
modem
ʹ Kermit ( modem
) ȻûͿ
(Զ PPP Ϣ)
˳ Kermit (Ҷ)
У
&prompt.root; /usr/sbin/pppd /dev/tty01 19200
һҪʹȷٶȺ豸
ļѾPPPӡ ʧܣ
ļ /etc/ppp/options
ѡ 鿴̨ϢԸ⡣
/etc/ppp/pppupűԶ裺
#!/bin/sh
pgrep -l pppd
pid=`pgrep pppd`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
pgrep -l kermit
pid=`pgrep kermit`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200
Kermit
/etc/ppp/kermit.dial һ Kermit
ű ɲţ ԶҪ֤
(ĵһűʵ)
ʹű/etc/ppp/pppdownϿPPPߣ
#!/bin/sh
pid=`pgrep pppd`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
pgrep -l kermit
pid=`pgrep kermit`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptest
ִͨ/usr/etc/ppp/ppptest
pppd ǷУ
#!/bin/sh
pid=`pgrep pppd`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0
ִнű
/etc/ppp/kermit.hupԹmoderm ļ
set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exit
Ҳchat
kermit
ļԽpppdӡ
/etc/ppp/options
/dev/cuad1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain your.domain # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to local_ip:remote_ip
defaultroute # put this if you want that PPP server will be
# your default router
/etc/ppp/login.chat.script
µӦ÷һڡ
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDTphone.number
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: login-id
TIMEOUT 5 sword: password
һЩװȷ Ҫľpppd
&prompt.root; pppd
ʹpppdΪ
/etc/ppp/optionsҪЩݣ
crtscts # Hardware flow control
netmask 255.255.255.0 # netmask (not required)
192.114.208.20:192.114.208.165 # IP's of local and remote hosts
# local ip must be different from one
# you assigned to the Ethernet (or other)
# interface on your machine.
# remote IP is IP address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem line
ű/etc/ppp/pppserv
ʹpppdԷʽ
#!/bin/sh
pgrep -l pppd
pid=`pgrep pppd`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
pgrep -l kermit
pid=`pgrep kermit`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200
ʹýű/etc/ppp/pppservdownֹͣ
#!/bin/sh
pgrep -l pppd
pid=`pgrep pppd`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
pgrep -l kermit
pid=`pgrep kermit`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noans
Kermit ű
(/etc/ppp/kermit.ans) ܹ/ modem
ԶӦģʽ
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mode
inp 5 OK
echo \13
exit
һΪ/etc/ppp/kermit.dialĽűԶ
вź֤ ҪҪ ҪĵѰ룬
Ҫ modem ԶķӦ䡣
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:
Tom
Rhodes
Contributed by
PPP ӹų
PPP
troubleshooting
&os; 8.0 ʼ &man.uart.4; ȡ
&man.sio.4; Աʾڵ豸ڵɷֱ
/dev/cuadN Ϊ
/dev/cuauN
/dev/ttydN Ϊ
/dev/ttyuN
&os; 7.X ûʱҪӦ֮ļбҪĸġ
ڽͨmodemʹPPPʱֵܳ⡣
磬 Ҫȷе֪ϵͳһʾ
Щ ISP ṩ sswordʾ
Ŀܻ password
ûиIJͬӦرд ppp
ű ¼ͻʧܡ ppp
õķֶӡ µϢһһشֶӡ
豸ڵ
ʹõǶںˣ ȷаã
device uart
Ĭϵ GENERIC ںа
uart 豸 ʹõĻ
ͲҪˡ ֻҪ鿴 dmesg Ƿ modem
豸
&prompt.root; dmesg | grep uart
Ӧҵ uart 豸йص
ЩҪ COM ˿ڡ modem ձж˿ڹ
ͻ uart1 COM2
ҵ modem 豸 uart1
ӿ ( DOS гΪCOM2)
ô modem /dev/cuau1
ֶ
ֶͨpppInternet
Ӽ֪ISPPPPͻ˷ʽһ٣ ķ
ǴPPP пʼ еʹ
example ʾ PPP
ppp
ppp
&prompt.root; ppp
Ѿppp
ppp ON example> set device /dev/cuau1
modem豸 ڱ
cuau1
ppp ON example> set speed 115200
ٶȣ ڱʹ15,200 kbps
ppp ON example> enable dns
ʹppp
ļ/etc/resolv.confС
pppȷǵ Ժá
ppp ON example> term
л ն
Ǿֶؿ̨ modem ģʽ
deflink: Entering terminal mode on /dev/cuau1
type '~h' for help
at
OK
atdt123456789
ʹatʼmodem
ȻʹatdtISPĺвš
CONNECT
ã Ӳص⣬ ﳢԽ
ISP Login:myusername
ʾû ISPṩûȻس
ISP Pass:mypassword
ʱʾ룬
ISPṩ롣
ͬ¼&os; 벻ʾ
Shell or PPP:ppp
ISPIJͬ ʾܲ֡
Ҫǣ ʹṩ̶˵ Shell
ppp ⱾУ
ѡʹ ppp Ϊϣõ Internet ӡ
Ppp ON example>
עУ һ Ѿд
ʾѾɹ ISP
PPp ON example>
Ѿɹͨ
ISP֤ ڵȴIPַ
PPP ON example>
ǵõһ IP
ַ ɹӡ
PPP ON example>add default HISADDR
Ĭ·á ͨġ
Ϊ֮ǰֻ˽ӡ Ѵڵ·ɶ²ʧܣ
ǰ !š
֮⣬ Ҳ֮ǰЩ (ָ add default HISADDR)
ppp 趨Эȡµ·ɡ
һ˳ Ӧܵõһ Internet ӣ
ʹ CTRL
z ʹת̨
PPP±Ϊ ppp
ʾӱϿ д P ˵ ISP ӣ
Сд p ʾijԭϿ ڰ˽ӵ״̬
ppp ֻ״̬
Ŵ
һֱƺܽӣ ҪʹԹرֽCTS/RTS
һ㷢Ӽ PPP ն˷ʱ
ͨдʱ PPPͻ
һֱȴһCTS
һֵܳ Clear to Send źš ʹѡ Ӧʹ
ѡ
ijЩȱݵӲɶ˶Զ˷ضַ ر
XON/XOFF ʱܻѡ μ &man.ppp.8;
ֲ˽ڿѡĸϸڣ Լʹǡ
modem ȽϾɣ Ҫʹ
ˡ żУĬ none
ھʽ (ʱ) ƽijЩ
ISP Ҫʹѡʹ
Compuserve ISP
PPP ܲģʽ
ͨ ISP ȴһ˷Эʱ˴
ʱ ʹ ~p ǿ ppp ʼϢ
ûп¼ʾ ܿҪʹ
PAP
CHAP ֤ǰе
&unix; ֤ Ҫʹ
PAP CHAP
ֻڽնģʽ֮ǰѡ
PPP
ppp ON example> set authname myusername
˴ myusername ӦΪ
ISP û
ppp ON example> set authkey mypassword
˴ mypassword ӦΪ
ISP Ŀ
볢
&man.ping.8; ij IP
ַǷϢ ְٷ֮ (100%)
ôܿûзĬ·ɡ ϸѡ
Ƿʱˡ ӵԶ̵
IP ַпĵַûб뵽
/etc/resolv.conf ļӦӣ
domain example.com
nameserver x.x.x.x
nameserver y.y.y.y
˴ x.x.x.x
y.y.y.y ӦøΪ
ISP DNS
IP ַ
һϢעʱܻṩ
ֻͨ ISP 绰֪ˡ
&man.syslog.3; Ϊ PPP
ṩ־ ֻӣ
!ppp
*.* /var/log/ppp.log
/etc/syslog.conf С £
ĬѾˡ
Jim
Mock
Contributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by
ʹû̫PPP(PPPoE)
PPP
over Ethernet
PPPoE
PPP, over Ethernet (̫ϵ PPP)
ڽν̫PPP
(PPPoE)
ں
PPPOE ûбںá netgraph
֧ûбںˣ ppp ̬ء
ppp.conf
һppp.confӣ
default:
set log Phase tun command # you can add more detailed logging if you wish
set ifaddr 10.0.0.1/0 10.0.0.2/0
name_of_service_provider:
set device PPPoE:xl1 # replace xl1 with your Ethernet device
set authname YOURLOGINNAME
set authkey YOURPASSWORD
set dial
set login
add default HISADDR
ppp
root ִУ
&prompt.root; ppp -ddial name_of_service_provider
ʱppp
/etc/rc.conf мݣ
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO
ppp_profile="name_of_service_provider"
ʹ PPPoE ǩ
ijЩʱ бҪʹһǩӡ
ǩͬһеIJͬ
ISPṩĵҵҪķǩϢ
ҵ Ӧ ISP Ѱ֧֡
Ϊķ
Roaring Penguin
PPPoE Ports Collection ҵ
ȻҪעǣ ܻ modem Ĺ̼ ʹ
һҪϸ֮ ذװɷṩ modem
ṩij ѡ
System ˵ ļӦûг
һ˵Ӧ
ISP
ļ (service tag ǩ) PPPoE
ppp.conf е
Ϊ set device һ (μ &man.ppp.8;
ֲ˽ϸ) Ӧӣ
set device PPPoE:xl1:ISP
סxl1ʵʵ̫豸
ס ISP
ոҵprofile
øϢ ο
Cheaper
Broadband with FreeBSD on DSL by Renaud
Waldura.
Nutzung von T-DSL und T-Online mit FreeBSD
by Udo Erdelhoff (in German).
һ&tm.3com;
HomeConnect
ADSL ModemPPPOE˫
modem ѭ RFC 2516
(A Method for transmitting PPP over Ethernet
(PPPoE) Ϊ L. Mamakos K. Lidl J. Evarts
D. Carrel D. Simone Լ R. Wheeler)
ʹòͬݰʽΪ̫Ŀܡ
3Com Թ
ΪӦ PPPoE Ĺ淶
ΪFreeBSDܹ豸ͨţ sysctl
ͨ/etc/sysctl.conf
һʱԶɣ
net.graph.nonstandard_pppoe=1
ߣ Ҳֱִ
&prompt.root; sysctl net.graph.nonstandard_pppoe=1
ܲңϵͳȫã ͬʱPPPͻ()
&tm.3com;HomeConnect
ADSL Modemͨš
ʹ ATM ϵ PPP (PPPoA)
PPP
over ATM
PPPoA
ATMPPP
½ûATMPPP(PPPoA)
PPPoAŷDSLṩ̵ձѡ
ʹ Alcatel &speedtouch;USB PPPoA
һ豸 PPPoA ֧֣
FreeBSD Ϊ port ṩģ Ϊ̼ʹ Э
FreeBSD Ļϵͳһѵٷ
ʹ Ports Էdzذװ
net/pppoa port
֮ṩָʾͿˡ
USB 豸ƣ ص &speedtouch; USB
Ҫع̼ܹ &os; Խ˲Զ
豸嵽ij USB ڵʱԶع̼
/etc/usbd.conf
ļмϢԶɹ̼Ĵ͡ ע⣬
root ûݱ༭
device "Alcatel SpeedTouch USB"
devname "ugen[0-9]+"
vendor 0x06b9
product 0x4061
attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o"
ҪUSBػusbd
/etc/rc.confУ
usbd_enable="YES"
ҲԽpppóʱš
/etc/rc.conf⼸С
ͬҪrootû¼
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="adsl"
Ϊʹ Ҫʹnet/pppoa
portṩppp.conf
ʹmpd
ʹ mpd Ӷ͵ķ
ر PPTP Ports Collection ҵ
mpd λ
net/mpd ADSL modem
Ҫ modem ͼ֮佨һ PPTP
&speedtouch; Home еһ֡
Ҫ port ɰװ
Ȼ mpd Ҫ
ɷ̵á port һϵаϸעļʵŵ
PREFIX/etc/mpd/
ע⣬ PREFIX ʾ ports
װĿ¼ Ĭ£ Ӧ
/usr/local/
mpd ˵
HTML ʽ port һװ Щļ
PREFIX/share/doc/mpd/
ͨ mpd ADSL
һӡ ñֱŵļУ һ
mpd.conf
default:
load adsl
adsl:
new -i ng0 adsl adsl
set bundle authname username
set bundle password password
set bundle disable multilink
set link no pap acfcomp protocomp
set link disable chap
set link accept chap
set link keep-alive 30 10
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface route default
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
open
usernameISP֤
passwordISP֤
mpd.linksӵϢ
adsl:
set link type pptp
set pptp mode active
set pptp enable originate outcall
set pptp self 10.0.0.1
set pptp peer 10.0.0.138
mpdIPַ
ADSL modemIPַ Alcatel
&speedtouch; Home Ĭϵ 10.0.0.138
ʼӣ
&prompt.root; mpd -b adsl
ͨ鿴״̬
&prompt.user; ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500
inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff
ʹmpdADSLƼķʽ
ʹpptpclient
Ҳʹnet/pptpclient
PPPoA
Ҫʹ net/pptpclient
DSL Ҫװ port package ༭
/etc/ppp/ppp.conf Ҫ
root Ȩ
ppp.conf еһʾ
ο ppp ֲ &man.ppp.8;
˽й ppp.conf ѡϢ
adsl:
set log phase chat lcp ipcp ccp tun command
set timeout 0
enable dns
set authname username
set authkey password
set ifaddr 0 0
add default HISADDR
DSL ṩû
ʻĿ
뽫ʺĵķʽppp.conf
Ӧȷûκܿļݡ һϵȷļֻ
rootûɶ
μ &man.chmod.1; &man.chown.8; ֲ˽йβĽһϢ
&prompt.root; chown root:wheel /etc/ppp/ppp.conf
&prompt.root; chmod 600 /etc/ppp/ppp.conf
½Ϊ DSL ·ĻỰһ tunnel
̫DSL modemһõľIPַ Alcatel &speedtouch; Home
Ϊ ַ 10.0.0.138
·ĵӦûʹõĵַ
ִԴ tunnel ʼỰ
&prompt.root; pptp address adsl
Ӧ(&
)ţ pptp
صʾ
Ҫһ tun豸ڽpptp
ppp ֮Ľ һصУ
pptp
ȷһӣ tunnel豸
&prompt.user; ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00
Opened by PID 918
ӣ һͨtelnetweb·(modem)á
ӣ Ӧüpptpppp־ļ
/var/log/ppp.log Ի
Satoshi
Asami
Originally contributed by
Guy
Helmer
With input from
Piero
Serini
ʹSLIP
SLIP
ֻ
&os; 7.X Ͽá
SLIP ͻ
SLIP
client (ͻ)
ھ̬ FreeBSD ʹ SLIP ķ
ڶ̬ (ĵַÿβŶͬ)
ҪԸһЩá
ȣ ҪȷϵƽӵĴڡ
˻һӣ
/dev/modem ָʵʵ豸
/dev/cuadN
ͿԶʵʵ豸г
Աƽʱ֮á Ȼ
/etc ͱ鲼ϵͳе .kermrc
ļһ鷳飡
/dev/cuad0 Ӧ
COM1 /dev/cuad1
Ӧ
COM2 ȵȡ
ȷںļݣ
device sl
GENERICںˣ ӦòǸ⣬
Ѿɾ
ֻһε
ϵĻ Լ
뵽 /etc/hosts ļС
ǵӣ
127.0.0.1 localhost loghost
136.152.64.181 water.CS.Example.EDU water.CS water
136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway
128.32.136.9 ns1.Example.EDU ns1
128.32.136.12 ns2.Example.EDU ns2
ȷ /etc/nsswitch.conf
е hosts: С棬 files
dns ֡ Ļ
ܻһЩϣ
༭/etc/rc.conf
༭(hostname)
hostname="myname.my.domain"
ӦInternetȫ档
default route
ıһָĬϵ·ɣ
defaultrouter="NO"
Ϊ
defaultrouter="slip-gateway"
ļ/etc/resolv.conf дݣ
domain CS.Example.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12
nameserver
domain name
ģ Щ Ȼ
ʵʵIPַȡĻ
root
toor(κûʺ)
Ȼȷʹȷ
һSLIP
SLIP
connecting with
ʾ֮ slip вţ
ĻͿ Ҫʲô
Ļء ʹ
Kermit
ʹĽű
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a
Ȼ ҪûͿʵҪ
Щ֮ ֻ Kermit
ʾ֮ slip Ϳˡ
ԴıʽļϵͳζǸ ⡣
뿼ķա
˳ Kermit (Ҳ
Ctrl
z
) root û룺
&prompt.root; slattach -h -c -s 115200 /dev/modem
pingͨ·һ˵ Ӻ! У
ʹѡ
ΪslattachIJ
ر
IJ
&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`
ɱ slattach мֻ
root ݲɡ ص
kermit (֮ǰǽˣ
ʹ fg) ˳ (q)
&man.slattach.8; ֲᵽ
ʹ ifconfig sl0 down
ܽӿڱΪرգ ƺûʲô
(ifconfig sl0 ȻͬĶ)
ʱ modem ܻܾҶϡ
£ ֻ kermit
ٴ˳Ϳˡ һ˵ԶξͿˡ
У ܷʼ &a.net.name; ʼбʡ
ִ slattach ʱʹ
ѡ
(Ӧòǹؼģ Щû)
ʹ滻
(һЩºѿͬ)
ifconfig sl0鿴Ľӿ״̬
磬
&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00
ʹ &man.ping.8; ʱõ
no route to host ʾ
˵·ɱ⡣ netstat -r
ʾǰ·ɣ
&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Example.EDU UG 8 224515 sl0 - -
localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438
inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - -
water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
(root node)
ǰһdzæϵͳ
ϵͳϵЩֻIJͬı䡣
SLIP
SLIP
server
ṩ FreeBSD SLIP
Ҳϵͳ ʹԶ SLIP
ͻ˵¼ʱԶؿӵĽ顣
ǰ
TCP/IP networking
һڼԺǿ Ҫһı֪ʶ
ڼٶϤ TCP/IP Э飬 رͽڵѰַ
롢 ֡ ·ɡ ·Э (RIP) ֪ʶ
ڲŷ SLIP ҪЩԵ֪ʶ
Ϥǣ Ķ Craig Hunt TCP/IP
O'Reilly & Associates, Inc. (ISBN 0-937175-82-X)
Douglas Comer й TCP/IP Э鼮
modem
ٶѾúĵƽԼӦϵͳļ
ͨƽе¼ ûΪúϵͳ
μ ˽νвŷá
Ҳ뿴һ &man.sio.4; ֲᣬ
˽ڴ豸ĽһϢ Լ &man.ttys.5;
&man.gettytab.5; &man.getty.8; & &man.init.8;
ϹϵͳԵƽĵ¼ľ
&man.stty.1; ˽ôڲ
( clocal ʾֱ) ȡ
ʹFreeBSDΪSLIP ڵʱ ģ
һSLIPͻŲרõlogin ID¼FreeBSD SLIPϵͳ
ûʹ /usr/sbin/sliplogin
Ϊ shell sliplogin ļ
/etc/sliphome/slip.hosts вû
ҵƥ ͽӵһõ SLIP ӿڣ
Ȼ shell ű /etc/sliphome/slip.login
SLIP ӿڡ
һSLIP¼
磬 һSLIPûIDShelmerg
/etc/master.passwdShelmergµʾ
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin
Shelmerg¼ʱ
sliploginļ
/etc/sliphome/slip.hostsûIDƥ;ʾ
Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
sliploginҵУ
һõSLIPӿ
Ȼִ/etc/sliphome/slip.loginű
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
һ˳
/etc/sliphome/slip.login
sliplogin SLIP ӿϷ
ifconfig (ǰ SLIP ӿ
0 slip.login ĵһ)
ñ IP ַ (dc-slip) Զ IP ַ
(sl-helmer) һ SLIP
ӿڵ (0xfffffc00)
Լκ־ (autocomp)
sliplogin ͨͨ
syslogd daemon facility
õϢ ǰЩϢ浽
/var/log/messages
(μ &man.syslogd.8; &man.syslog.conf.5; Լ
/etc/syslog.conf ֲᣬ ˽
syslogd ڼ¼ʲô
ԼЩݽ)
ں
kernel
configuration
SLIP
&os; Ĭں (GENERIC)
ṩ SLIP (&man.sl.4;) ֧֣ ʹöƵںʱ
ü뵽ļ
device sl
Ĭ£ &os; ת
ϣ FreeBSD SLIP Ϊ·ʹã
Ҫ /etc/rc.conf ļ
gateway_enable Ϊ
´ϵͳʱܹһˡ
ҪӦЩã root
У
&prompt.root; /etc/rc.d/routing start
˽ FreeBSD
ںˣ ں˷ָ
Sliplogin
ǰᵽģ
/etc/sliphome Ŀ¼ļ
ǹͬ /usr/sbin/sliplogin (ο
sliplogin ֲ &man.sliplogin.8;)
ڶ SLIP ûص IP
ַ slip.hosts
ͨ SLIP ӿڵ slip.login Լ (ѡ)
slip.logout Գ
slip.login ִеĶ
slip.hosts
/etc/sliphome/slip.hostsÿаĸԪأ Ԫ֮ɿո
SLIPûĵ¼ID
SLIPӵıصַ(ָSLIP)
SLIPӵԶ̵ַ
غԶ̵ַ
(ͨļ/etc/hostsΪIPַ
ȡļ/etc/nsswitch.conf
е) һ
ͨļ/etc/networks֡
һϵͳУ
/etc/sliphome/slip.hostsģ
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp
ĩβһѡ
—ѹͷ
— ѹͷ
—Զ̶ ѹͷ
—ICMPݰ
(ͻᶪеping
ݰ ռĴ)
SLIP
TCP/IP networking
SLIPӵıؼԶ̵ַѡȡSLIPʹ TCP/IP
ʹARP
(
ARP ڱڽܵ)
ȷѡַʽηַ ο"ǰ"()гTCP/IP鼮
IPԱ̡
Ϊ SLIP ͻʹһ
Ҫȴӷõȡһţ
Ȼÿ SLIP ͻ IP ַ
Ҫͨ SLIP IP
·һָ SLIP ľ̬·ɡ
Ethernet
Ҫʹ ARP
ķʽ Ҫ SLIP ̫Ϊÿ SLIP ͻIPַ
/etc/sliphome/slip.login
/etc/sliphome/slip.logoutűʹ
&man.arp.8; SLIP
ARP е ARP
slip.login Configuration
͵/etc/sliphome/slip.login
ʾ
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
slip.loginűΪӦؼԶ̵ַSLIPӿִ
ifconfig
ʹARP
ʽ(ΪSLIPͻʹö) /etc/sliphome/slip.login
Ӧ
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub
slip.login¼ӵarp -s
$5 00:11:22:33:44:55 pub SLIP ARP
мһ ARPʹÿ̫ϵ
IP ڵ SLIP ͻ IP ַ ARP ʱ
SLIP ѵ̫MACַΪӦ
Ethernet (̫)
MAC address (MAC ַ)
ʹϵʱ һҪ
̫MACַ 00:11:22:33:44:55
滻ϵͳMACַ ARP
ȫ Բ鿴 netstat -i
ȡ̫ MAC ַ; ĵڶӦ
ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116
бϵͳ̫MACַ00:02:c1:28:5f:4a
—netstat -i̫MACַijðŸ Ҫʮǰϡ
&man.arp.8;Ҫĸʽ; ο&man.arp.8; ֲԻȡʹ÷
ڱд
/etc/sliphome/slip.login
/etc/sliphome/slip.logout ʱ һҪ
ִ
(execute) λ (֮ chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
sliploginִ
slip.logout
/etc/sliphome/slip.logoutDZ
(ʹARP
) һ
slip.logout űӣ
#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
ʹ ARP
ϣ /etc/sliphome/slip.logout
ûעʱԶΪ SLIP ͻɾ
ARP
#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5
arp -d $5 ɾ ARP
slip.login SLIP ͻ¼ʱɵ
ARP
ٴǿ
/etc/sliphome/slip.logout ֮
һҪÿִλ (Ҳ˵ chmod 755
/etc/sliphome/slip.logout)
·ɿ
SLIP
routing
ûʹ ARP
ķ
SLIP ͻಿ (Ҳ Internet)
֮·ݰ ҪĬ·ľ̬·ɣ
Աͨ SLIP SLIP ͻϽ·ɡ
̬·
static routes
Ĭ·һ̬·ɿ˵Ǻ鷳
(˵Dzܣ ûȨô) ֯ʹö·磬
Щ· ( Cisco Proteon ) Ҫָ SLIP
·ɣ һҪýЩ̬·ɴ·
һЩרʹھ̬·ɱ·бҪ
diff --git a/zh_TW.Big5/articles/contributing/article.xml b/zh_TW.Big5/articles/contributing/article.xml
index d372acf288..f888dfdf8b 100644
--- a/zh_TW.Big5/articles/contributing/article.xml
+++ b/zh_TW.Big5/articles/contributing/article.xml
@@ -1,488 +1,483 @@
U FreeBSD
LOӤHάOUز´ApGƱ欰 FreeBSD UAiHb夤XAkC
Jordan
Hubbard
ۡG
&tm-attrib.freebsd;
&tm-attrib.ieee;
&tm-attrib.general;
$FreeBSD$
$FreeBSD$
^m
AƱ FreeBSD IܡHӦnFAڭwACFreeBSD
OsjϥΪ̪^m~oHoijCڭ̤ȫD`P±zҰ^mAӥBAoǤu@ FreeBSD oi]nC
]\PzQPAzJoO@WX⪺ ProgrammerA]LM
FreeBSD core team ܦnpAڭ̷|@Pݱzu@C
FreeBSD }oHMyAjaNMUA~֤]D`sxC
MӡACѧڭ̳bW[u@AӭWSHA]ڭHwzUC
FreeBSD pҳBzO@ӧ㪺@~tҡAӤuO@ kernel άO@ǹsu]C
]Aڭ̪ TODO ݿȦC̥]tUU˪u@G
qBϥΪ̴աBdemoAtΦw˵{MM~ kernel }oC
]LױzNǦpAqƦػAiHUoӭpC
ڭ̹yqƩM FreeBSD u@~MڭpôC
zݭn@ǯSXiӨϱz~B_ӶܡH
z|o{ڭַ̫ܼNzШDADOSO}_jǪC
zO_qƬWȷ~ȡH ڭ̨UzaA
ڭ̤]\iHbYǤ譱ۤX@C
ۥѳnɥbVO}¦خ(On}oBPM@)A
ڭ̧Ʊбzܤ֯൹@|C
ڭ̪ݨD
UCXF@ǻݭnȩMlpA
̥N TODO(ݿȦC)
CNAHΨϥΪ̪nDC
bi椤(D{}oH)
ܦhѥ[ FreeBSD pHO ProgrammerC
oӭp̦g̡B]pvBHΧN䴩HC
oǸquӻAL̥uݭn^m@ǮɶAåB㦳DzߪN@C
ziHɱ`½\ FAQ MU(Handbook)
ApGo{MaAάOXɩyAƦܧTaA
ЧiDڭ̡CMAYබḼץAçɻ~Hڭ̡ANnFC:)
(SGML äǡAڭ̤]Ϲz@ ASCII ¤r)C
Uڭ̧ FreeBSD ½ĶAyC
pGAywgsbFA
]iH½Ķ@B~AΪˬdǤwO_̷sC
ziH²ݬ FreeBSD p ½Ķɪ`DC
ѥ[½Ķu@AäOzntxľ½ĶҦ FreeBSD C
quAnh֤u@MzN@C@YӤH}l½ĶFA
XG@w|LHѻPoǤu@ӡC
pGɶAΪ̺Oh½ĶAiHh½Ķw˫nC
\Ū &a.questions; ð½\(ƦܦWߦao˰) &ng.misc;
CPOHɱzM~ѡA
UL̸ѨMDAOOHrƱF
ɭԡAzƦܥiHboӹL{Ǩ@ǷsFI
oǽ¦ɤ]|zEoX@ǤQkC
bi椤({}oH)
Cbo̪jȳݭnzJi[ɶAΪ̻ݭnzb FreeBSD kernel
譱״IѡAΪ̨̳nCMo̤]ܦhnȡAAXO
weekend hackers
ouζgNiHdw HackerC
pGzb]O FreeBSD -CURRENT AåBt٤A
iH current.FreeBSD.orgA
oxCѷ|@ӷs — pGzšA
ziHTɤUæwˡA
䶡pGXFDAЧiDڭ̡C
\Ū &a.bugs;CoǰDAγ\zണѦس]ʷNqNA
Ϊդ@ patch C~AƦܥiHխץ䤤@ǰDC
pGzD@ǭץwgb -CURRENT W\aϥΡA
bgL@qɶ(q`O 2 gk)AX֨ -STABLE
(oBJNO MFC -- Merged From Current)AiH committer Ho§HC
NĤT(3rd party)n[JlX
src/contrib ؿC
TO src/contrib lXO̷sC
sĶlX(άOlX)ɡAЧΧĵi(warning level)
HK(debug)ΡAæbաBT{`AMoǽsĶĵišC
sǦb ports ϥιLɪFA
Ҧp gets() Υ]t
malloc.h ҲͪĵiC
pG ports @FץA
аOoNz patch o@ (oˤUɯŮɡAzu@|ܱoP@)C
oзǡAp &posix; ƥC
b FreeBSD
C99 & POSIX зǬۮep WAiHo챵C
бN FreeBSD 欰PWzзǶiAYұoGP C99 & POSIX зǤPܡA
SOODzӸ`a誺LptAеo@ PR (Di)C
pGiAЫXpץAH PR patch C
pGz{зǦDAЦVodzWзǪAШDi歫sҼ{C
oCѧhijI
d\ PR Ʈw
DiƮw
FreeBSD
PR C o̷|ܥثeҦ PR DAAHΥ
FreeBSD ϥΪ̴檺iijC
PR ƮwPɥ]AF}oHMD}oHȡC
dݨǩ|ѨM PRAìݬݬO_zP쪺ȡC
o䤤i@ǬOD`²檺DAuݭnݤ@ݨýT{ PR OTC
t~@ǥi|D`AΪ̧ץC
ݤ@ݨ٨SH⪺ PRC
pG PR wgtF䥦HAݰ_ӬOzBzA
ziHHHӤHAø߰ݱzO_iHU —
L̥iwgiѴժ patch AΦ@ǥiѰQתNC
Ideas
@
&os; list of
projects and ideas for volunteers P˦a}N@ѻP
&os; pHC
oMNasAPɴѦUӶتTҦH
]O_{]pH^C
pU
WiHHU 5 ؤ覡G
~iMNo
q`A@
NQkMijӵo &a.hackers;C
P˦aAoǪF観쪺H (MA
L̦P٭ne jq lI)
iHҼ{q\ &a.hackers;C
аѾ\ FreeBSD
ϥΤU HFoӶl¡A
HΨ䥦lªԲӱpC
pGzo{F bug Ϊ̷QnYǭקA
гzL &man.send-pr.1; {Ψϥ
^ ӴCиյ۶g PR CӶءC
@ӻAD patch ɶWL 65 KBAڭ̫ijb PR W patch NiHFC
YiM patch lXܡAijb PR
Synopsis [PATCH]C
FAbW patch ɡA n
zLƹyƻsBKWzӶiA]o˰| Tab ܦŮA
|ɭP patch NΤFCpG patch WL 20KBA
ЦҼ{Yèϥ &man.uuencode.1; ӶisXC
bg PR Az|@ʽT{lHΨƥlܽsC
ЫOdoӽsA]ƫiHγosoH &a.bugfollowup;
Ӧ^СBӨƥơCzݭnONslDA
Ҧp "Re:
kern/3377"C
YOP@D^Ф譱AӳzLoؤ覡ӶiC
pGzb@qɶ (WL 3 ѬƦ 1 gAoMzlA)ᤴMST{H
Ϊ̥ѩ@ǭ]Lkϥ &man.send-pr.1; {A
hiHoH &a.bugs; ӽЧOHANHC
аѾ\ og峹
FѦpgnDiC
q
ק譱AO &a.doc; ӼfdC
аѾ\ FreeBSD Documentation Project Primer
o㪺оDzӸ`C
Ы Ъkϥ &man.send-pr.1;
ӴsAΪ̧ﵽ{ (ȬOܤpi]Ow諸I)C
{lXק
FreeBSD-CURRENT
b{lXWiקμW[\AbYص{פWOݭnhޥơA
åBٸzثe FreeBSD }o{Fѵ{צC
hؤ覡iHoQ٧@ FreeBSD-CURRENT
FreeBSD }oC
аѾ\ FreeBSD ϥΤU AӤFѨϥ FreeBSD-CURRENT ԱC
bªlXWiקAhq`ilXwLɡA
λPstӤjӵLkQsX FreeBSD C
pGzq &a.announce; H &a.current; ܡA
hiHzL̨ӤjPFѥثe}oAC
YzqH̷slXӶizקA
hU@BnƱNOͱzҭק諸 diff ɡA
ñNo FreeBSD @HCou@iHzL &man.diff.1;
ROӧC
patch ɡAij &man.diff.1; 榡ĥ unified diff (iH diff
-u Ӳ)CLApGzקFjqlXA
hϥ diff -c ӥͦ context diff
diff ie\ŪA]ӱ˨ϥΡC@ӨAjOĥ diff -ruN YiC
diff
ҦpG
&prompt.user; diff -c oldfile newfile
&prompt.user; diff -c -r olddir newdir
N|SwؿA context diff ɡC
Ϊ̹O...
&prompt.user; diff -u oldfile newfile
&prompt.user; diff -u -r olddir newdir
Nͤ@˪ diff AO榡 unified C
hӸ`AаѾ\ &man.diff.1;C
@zϥ &man.diff.1; Ӳ diff (iHϥ
&man.patch.1; ROӴդ@U)ANiH楦̡AHKQ FreeBSD C
zLϥ
ҤЪ &man.send-pr.1; {NiHou@C
Ъ`NGnu diff ɵo &a.hackers;A
_h̥i|QѡI ڭ̷|D`PEz檺ק
(oO@ӸqupI)F ]ڭ̳ܦA
]ɤ@wߧYץDA PR ƮwN@O۳oǰOA
]unHFɶ̴NQ勵FC
pGzDi]A patch AnѤFbD[W
[PATCH] ӱjդ@UC
uuencode
pGz{XA (ҦpWBRɮשΧɦW)A
٥iHҼ{ϥ
tar ӱNɮץ]AM &man.uuencode.1;
ӽsXC~A]iH &man.shar.1; ͪ覡C
pGzקisbbijAҦpA
zTwvDAΪ̷PıݭngLY檺_f~iHoG̡A
ho &a.core;AӤOzL &man.send-pr.1; ӵoeC
&a.core; opզjhq FreeBSD `u@C
ݭn`NOAoӤpդ]]QLA
]ubD`nɭԡA~gHL̡C
аѦ &man.intro.9; M &man.style.9; HFg{X氾nC
YbeX{XeAFѳoǡAjaӻNOjUC
slXέn[ȳn]
pGzⴣѳWҸjlXAΪ̬ FreeBSD W[ns\A
hiॲN̳zL uuencode isXAζǨY Web
FTP IAHKhHo쥦CpGzSo˪DA
Ш FreeBSD l´XAݬݬO_H@Nzm̡C
jqlXӨAvD֩w|QXC
FreeBSD tΤϥΪvn]AG
- BSD vn
- BSD vCڭ̶ɦVϥγovlXA
+ BSDBSD vn vCڭ̶ɦVϥγovlXA
]y[hlzA]ӧlްӷ~~ϥΡC
FreeBSD äϹӷ~qϥΥlXAۤϡA
ڭ̿nayӷ~qϥΧڭ̪lXA
MApG̭Y̲ׯⳡlXAsص FreeBSD NnFC
- GPLGNU General Public License
-
- GNU General Public License
-
- GNU General Public LicenseA² GPL
C
+ GNU General Public LicenseA² GPL
CGPLGNU General Public LicenseGNU General Public License
ڭ̨äwϥγo˱vlXA
]ӷ~qϥΥݭnhu@CLAѩܦhϥ
GPL vlXثeOLkקK (compiler, assembler, text formatter)
AڵϥΩҦĥγo˱vnOܤC
ĥ GPL vlX|QlX@ǯSwmAҦp
/sys/gnu
/usr/src/gnuAHKǻ{ GPL
i|y·ЪH@XAP_C
ϥΨ䥦vlXbiJ FreeBSD egLV_fMҼ{C
ĥΥ]tYFӷ~vlXA@ӻ|QڵA
ڭ̹yoǭlX@̡AzLۤvDӵo̡C
YnbzGW[J BSD-based
vܡA
ЧUCrClX̶}lA
åξAr %% rC
Copyright (c) %%proper_years_here%%
%%your_name_here%%, %%your_state%% %%your_zip%%.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer as
the first lines of this file unmodified.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY %%your_name_here%% ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL %%your_name_here%% BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
$Id$
FKzϥΡAb
/usr/share/examples/etc/bsd-style-copyright
]iH즹vƥC
٧UBw Internet mirror
ڭ̫D`@NUاΦءAHi@Bݮi FreeBSD p
A]zAڭ̳o˪quVO~jNI
صw]D`nA]o˯Uڭ̼W[i䴩wA
ӧڭ̤ܦhHèSʸmoǵwC
FreeBSD |O@ӫDQBҵ|ŧKv|A
ҥH|إ߳oӰ|AOF FreeBSD pii[C
]Ӱ| 501(c)3 A@Өڵ|ܡAiHKúpJ|A
HάùԦh{J|Cq`ҵ|ŧKvi殽تܡA
iHpJҵ|BC
ziH䲼HG
The FreeBSD Foundation
7321 Brockway Dr.
Boulder, CO 80303
USA
FreeBSD |{biHzL PayPal qWڡC
pGzQV|ڡAаѾ\ FreeBSD | C
FreeBSD |hԱAiHb FreeBSD
| -- Cnp|A
еoeqll
bod@FreeBSDFoundation.orgC
صw
FreeBSD pwHإiHϥΪwC
pGz쮽صwApô pH줽C
FreeBSD mirror
ڭws FTPBWWW
cvsup mirror CpGzƱ榨o˪ mirror A
аѾ\ p[] FreeBSD mirror
@AHFѶi@BpC
diff --git a/zh_TW.Big5/books/handbook/boot/chapter.xml b/zh_TW.Big5/books/handbook/boot/chapter.xml
index 5400fc8b2c..55e11f129a 100644
--- a/zh_TW.Big5/books/handbook/boot/chapter.xml
+++ b/zh_TW.Big5/books/handbook/boot/chapter.xml
@@ -1,816 +1,812 @@
FreeBSD }y{g
z
booting
bootstrap
The process of starting a computer and loading the operating system
is referred to as the bootstrap process
, or simply
booting
. FreeBSD's boot process provides a great deal of
flexibility in customizing what happens when you start the system,
allowing you to select from different operating systems installed on the
same computer, or even different versions of the same operating system
or installed kernel.
This chapter details the configuration options you can set and how
to customize the FreeBSD boot process. This includes everything that
happens until the FreeBSD kernel has started, probed for devices, and
started &man.init.8;. If you are not quite sure when this happens, it
occurs when the text color changes from bright white to grey.
ŪoAzNFѡG
What the components of the FreeBSD bootstrap system are, and how
they interact.
The options you can give to the components in the FreeBSD
bootstrap to control the boot process.
&man.device.hints.5; C
x86 Only
This chapter only describes the boot process for FreeBSD running
on Intel x86 systems.
Booting D
Turning on a computer and starting the operating system poses an
interesting dilemma. By definition, the computer does not know how to
do anything until the operating system is started. This includes
running programs from the disk. So if the computer can not run a
program from the disk without the operating system, and the operating
system programs are on the disk, how is the operating system
started?
This problem parallels one in the book The Adventures of
Baron Munchausen. A character had fallen part way down a
manhole, and pulled himself out by grabbing his bootstraps, and
lifting. In the early days of computing the term
bootstrap was applied to the mechanism used to
load the operating system, which has become shortened to
booting
.
BIOS
Basic Input/Output SystemBIOS
On x86 hardware the Basic Input/Output System (BIOS) is responsible
for loading the operating system. To do this, the BIOS looks on the
hard disk for the Master Boot Record (MBR), which must be located on a
specific place on the disk. The BIOS has enough knowledge to load and
run the MBR, and assumes that the MBR can then carry out the rest of the
tasks involved in loading the operating system,
possibly with the help of the BIOS.
Master Boot Record (MBR)
Boot Manager
Boot Loader
The code within the MBR is usually referred to as a boot
manager, especially when it interacts with the user. In this case
the boot manager usually has more code in the first
track of the disk or within some OS's file system. (A
boot manager is sometimes also called a boot loader,
but FreeBSD uses that term for a later stage of booting.) Popular boot
managers include boot0 (a.k.a. Boot
Easy, the standard &os; boot manager),
Grub, GAG, and
LILO.
(Only boot0 fits within the MBR.)
If you have only one operating system installed on your disks then
a standard PC MBR will suffice. This MBR searches for the first bootable
(a.k.a. active) slice on the disk, and then runs the code on that slice to
load the remainder of the operating system. The MBR installed by
&man.fdisk.8;, by default, is such an MBR. It is based on
/boot/mbr.
If you have installed multiple operating systems on your disks then
you can install a different boot manager, one that can display a list of
different operating systems, and allows you to choose the one to boot
from. Two of these are discussed in the next subsection.
The remainder of the FreeBSD bootstrap system is divided into three
stages. The first stage is run by the MBR, which knows just enough to
get the computer into a specific state and run the second stage. The
second stage can do a little bit more, before running the third stage.
The third stage finishes the task of loading the operating system. The
work is split into these three stages because the PC standards put
limits on the size of the programs that can be run at stages one and
two. Chaining the tasks together allows FreeBSD to provide a more
flexible loader.
kernel
init
The kernel is then started and it begins to probe for devices
and initialize them for use. Once the kernel boot
process is finished, the kernel passes control to the user process
&man.init.8;, which then makes sure the disks are in a usable state.
&man.init.8; then starts the user-level resource configuration which
mounts file systems, sets up network cards to communicate on the
network, and generally starts all the processes that usually
are run on a FreeBSD system at startup.
The Boot Manager and Boot Stages
Boot Manager
The Boot Manager
Master Boot Record (MBR)
The code in the MBR or boot manager is sometimes referred to as
stage zero of the boot process. This subsection
discusses two of the boot managers previously mentioned:
boot0 and LILO.
The boot0 Boot Manager:
The MBR installed by FreeBSD's installer or &man.boot0cfg.8;, by
default, is based on /boot/boot0.
(The boot0 program is very simple, since the
program in the MBR can only be 446 bytes long because of the slice
table and 0x55AA identifier at the end of the MBR.)
If you have installed boot0 and
multiple operating systems on your hard disks, then you will see a
display similar to this one at boot time:
boot0 Screenshot
F1 DOS
F2 FreeBSD
F3 Linux
F4 ??
F5 Drive 1
Default: F2
Other operating systems, in particular &windows;, have been known
to overwrite an existing MBR with their own. If this happens to you,
or you want to replace your existing MBR with the FreeBSD MBR then use
the following command:
&prompt.root; fdisk -B -b /boot/boot0 device
where device is the device that you
boot from, such as ad0 for the first IDE
disk, ad2 for the first IDE disk on a second
IDE controller, da0 for the first SCSI disk,
and so on. Or, if you want a custom configuration of the MBR,
use &man.boot0cfg.8;.
The LILO Boot Manager:
To install this boot manager so it will also boot FreeBSD, first
start Linux and add the following to your existing
/etc/lilo.conf configuration file:
other=/dev/hdXY
table=/dev/hdX
loader=/boot/chain.b
label=FreeBSD
In the above, specify FreeBSD's primary partition and drive using
Linux specifiers, replacing X with the Linux
drive letter and Y with the Linux primary
partition number. If you are using a SCSI drive, you
will need to change /dev/hd to read something
similar to /dev/sd. The
line can be omitted if you have
both operating systems on the same drive. Now run
/sbin/lilo -v to commit your new changes to the
system; this should be verified by checking its screen messages.
Stage One, /boot/boot1, and Stage Two,
/boot/boot2
Conceptually the first and second stages are part of the same
program, on the same area of the disk. Because of space constraints
they have been split into two, but you would always install them
together. They are copied from the combined file
/boot/boot by the installer or
disklabel (see below).
They are located outside file systems, in the first track of
the boot slice, starting with the first sector. This is where boot0, or any other boot manager,
expects to find a program to run which will
continue the boot process. The number of sectors used is easily
determined from the size of /boot/boot.
boot1 is very simple, since it
can only be 512 bytes
in size, and knows just enough about the FreeBSD
disklabel, which stores information
about the slice, to find and execute boot2.
boot2 is slightly more sophisticated, and understands
the FreeBSD file system enough to find files on it, and can
provide a simple interface to choose the kernel or loader to
run.
Since the loader is
much more sophisticated, and provides a nice easy-to-use
boot configuration, boot2 usually runs
it, but previously it
was tasked to run the kernel directly.
boot2 Screenshot
>> FreeBSD/i386 BOOT
Default: 0:ad(0,a)/kernel
boot:
If you ever need to replace the installed
boot1 and boot2 use
&man.disklabel.8;:
&prompt.root; disklabel -B diskslice
where diskslice is the disk and slice
you boot from, such as ad0s1 for the first
slice on the first IDE disk.
Dangerously Dedicated Mode
If you use just the disk name, such as
ad0, in the &man.disklabel.8; command you
will create a dangerously dedicated disk, without slices. This is
almost certainly not what you want to do, so make sure you double
check the &man.disklabel.8; command before you press
Return.
Stage Three, /boot/loader
boot-loader
The loader is the final stage of the three-stage
bootstrap, and is located on the file system, usually as
/boot/loader.
The loader is intended as a user-friendly method for
configuration, using an easy-to-use built-in command set,
backed up by a more powerful interpreter, with a more complex
command set.
Loader Program Flow
During initialization, the loader will probe for a
console and for disks, and figure out what disk it is
booting from. It will set variables accordingly, and an
interpreter is started where user commands can be passed from
a script or interactively.
loader
loader configuration
The loader will then read
/boot/loader.rc, which by default reads
in /boot/defaults/loader.conf which
sets reasonable defaults for variables and reads
/boot/loader.conf for local changes to
those variables. loader.rc then acts
on these variables, loading whichever modules and kernel are
selected.
Finally, by default, the loader issues a 10 second wait
for key presses, and boots the kernel if it is not interrupted.
If interrupted, the user is presented with a prompt which
understands the easy-to-use command set, where the user may
adjust variables, unload all modules, load modules, and then
finally boot or reboot.
Loader Built-In Commands
These are the most commonly used loader commands. For a
complete discussion of all available commands, please see
&man.loader.8;.
autoboot seconds
Proceeds to boot the kernel if not interrupted
within the time span given, in seconds. It displays a
countdown, and the default time span is 10
seconds.
boot
-options
kernelname
Immediately proceeds to boot the kernel, with the
given options, if any, and with the kernel name given,
if it is.
boot-conf
Goes through the same automatic configuration of
modules based on variables as what happens at boot.
This only makes sense if you use
unload first, and change some
variables, most commonly kernel.
help
topic
Shows help messages read from
/boot/loader.help. If the topic
given is index, then the list of
available topics is given.
include filename
…
Processes the file with the given filename. The
file is read in, and interpreted line by line. An
error immediately stops the include command.
load
type
filename
Loads the kernel, kernel module, or file of the
type given, with the filename given. Any arguments
after filename are passed to the file.
ls
path
Displays a listing of files in the given path, or
the root directory, if the path is not specified. If
is specified, file sizes will be
shown too.
lsdev
Lists all of the devices from which it may be
possible to load modules. If is
specified, more details are printed.
lsmod
Displays loaded modules. If is
specified, more details are shown.
more filename
Displays the files specified, with a pause at each
LINES displayed.
reboot
Immediately reboots the system.
set variable
set
variable=value
Sets the loader's environment variables.
unload
Removes all loaded modules.
Loader Examples
Here are some practical examples of loader usage:
- single-user mode
To simply boot your usual kernel, but in single-user
- mode:
+ mode:single-user mode
boot -s
To unload your usual kernel and modules, and then
load just your old (or another) kernel:
-
- kernel.old
-
unload
load kernel.old
You can use kernel.GENERIC to
refer to the generic kernel that comes on the install
- disk, or kernel.old to refer to
+ disk, or kernel.oldkernel.old to refer to
your previously installed kernel (when you have upgraded
or configured your own kernel, for example).
Use the following to load your usual modules with
another kernel:
unload
set kernel="kernel.old"
boot-conf
To load a kernel configuration script (an automated
script which does the things you would normally do in the
kernel boot-time configurator):
load -t userconfig_script /boot/kernel.conf
Kernel Interaction During Boot
kernel
boot interaction
Once the kernel is loaded by either loader (as usual) or boot2 (bypassing the loader), it
examines its boot flags, if any, and adjusts its behavior as
necessary.
Kernel Boot Flags
kernel
bootflags
Here are the more common boot flags:
during kernel initialization, ask for the device
to mount as the root file system.
boot from CDROM.
run UserConfig, the boot-time kernel
configurator
boot into single-user mode
be more verbose during kernel startup
There are other boot flags, read &man.boot.8; for more
information on them.
Tom
Rhodes
Contributed by
Device Hints
device.hints
This is a FreeBSD 5.0 and later feature which does not
exist in earlier versions.
During initial system startup, the boot &man.loader.8; will read the
&man.device.hints.5; file. This file stores kernel boot information
known as variables, sometimes referred to as device hints
.
These device hints
are used by device drivers for device
configuration.
Device hints may also be specified at the
Stage 3 boot loader prompt. Variables can be added using
set, removed with unset, and viewed
with the show commands. Variables set in the
/boot/device.hints file can be overridden here also. Device hints entered at
the boot loader are not permanent and will be forgotten on the next
reboot.
Once the system is booted, the &man.kenv.1; command can be used to
dump all of the variables.
The syntax for the /boot/device.hints file is one variable per line, using
the standard hash #
as comment markers. Lines are
constructed as follows:
hint.driver.unit.keyword="value"
The syntax for the Stage 3 boot loader is:
set hint.driver.unit.keyword=value
driver is the device driver name, unit
is the device driver unit number, and keyword is the hint
keyword. The keyword may consist of the following options:
at: specifies the bus which the device is attached to.
port: specifies the start address of the I/O
to be used.
irq: specifies the interrupt request number to be used.
drq: specifies the DMA channel number.
maddr: specifies the physical memory address occupied by the
device.
flags: sets various flag bits for the device.
disabled: if set to 1 the device is disabled.
Device drivers may accept (or require) more hints not listed here, viewing
their manual page is recommended. For more information, consult the
&man.device.hints.5;, &man.kenv.1;, &man.loader.conf.5;, and &man.loader.8;
manual pages.
Init: Process Control Initialization
init
Once the kernel has finished booting, it passes control to
the user process &man.init.8;, which is located at
/sbin/init, or the program path specified
in the init_path variable in
loader.
Automatic Reboot Sequence
The automatic reboot sequence makes sure that the
file systems available on the system are consistent. If they
are not, and &man.fsck.8; cannot fix the
inconsistencies, &man.init.8; drops the system
into single-user mode
for the system administrator to take care of the problems
directly.
Single-User Mode
single-user mode
console
This mode can be reached through the automatic reboot
sequence, or by the user booting with the
option or setting the
boot_single variable in
loader.
It can also be reached by calling
&man.shutdown.8; without the reboot
() or halt () options,
from multi-user
mode.
If the system console is set
to insecure in /etc/ttys,
then the system prompts for the root password
before initiating single-user mode.
An Insecure Console in /etc/ttys
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off insecure
An insecure console means that you
consider your physical security to the console to be
insecure, and want to make sure only someone who knows the
root password may use single-user mode, and it
does not mean that you want to run your console insecurely. Thus,
if you want security, choose insecure,
not secure.
Multi-User Mode
multi-user mode
If &man.init.8; finds your file systems to be
in order, or once the user has finished in single-user mode, the
system enters multi-user mode, in which it starts the
resource configuration of the system.
Resource Configuration (rc)
rc files
The resource configuration system reads in
configuration defaults from
/etc/defaults/rc.conf, and
system-specific details from
/etc/rc.conf, and then proceeds to
mount the system file systems mentioned in
/etc/fstab, start up networking
services, start up miscellaneous system daemons, and
finally runs the startup scripts of locally installed
packages.
The &man.rc.8; manual page is a good reference to the resource
configuration system, as is examining the scripts
themselves.
Shutdown Sequence
shutdown
Upon controlled shutdown, via &man.shutdown.8;,
&man.init.8; will attempt to run the script
/etc/rc.shutdown, and then proceed to send
all processes the TERM signal, and subsequently
the KILL signal to any that do not terminate
timely.
To power down a FreeBSD machine on architectures and systems
that support power management, simply use the command
shutdown -p now to turn the power off
immediately. To just reboot a FreeBSD system, just use
shutdown -r now. You need to be
root or a member of
operator group to run &man.shutdown.8;.
The &man.halt.8; and &man.reboot.8; commands can also be used,
please refer to their manual pages and to &man.shutdown.8;'s one
for more information.
Power management requires &man.acpi.4; support in the kernel
or loaded as module for FreeBSD 5.X and &man.apm.4;
support for FreeBSD 4.X.
diff --git a/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml b/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml
index d595f24567..08ea2f4dd1 100644
--- a/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml
+++ b/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml
@@ -1,1619 +1,1570 @@
Jim
Mock
Restructured, reorganized, and parts updated by
Jordan
Hubbard
Original work by
Poul-Henning
Kamp
John
Polstra
Nik
Clayton
sBɯ FreeBSD
z
&os; Oӫoi@~tΡCwlDsABEϥΪ̦ӨA
ܦhkiHϱztλPs̷sC
`NGëDCӤHAXoI@DnOUzMw쩳n}oA
άOnϥθíwXC
ŪoAzNFѡJ
&os.stable; P &os.current;@o䪺PBF
pH
CSup,
CVSup,
CVS
CTM ӧsAt
pH make buildworld
OӭssĶBw˾ base systemC
b}l\ŪoeAzݭnJ
]nA()C
DpzL port/package w˳n()C
&os.current; vs. &os.stable;
-CURRENT
-STABLE
FreeBSD ӵoiG&os.current;
&os.stable;C`N|СAäХ̤OSOpsC
A &os.current;AۦA &os.stable;C
ϥγ̷s &os; CURRENT
o̦AjաA&os.current; O &os; }o ̫eu
C
&os.current; ϥΪ̶jNOA
ӥBӭnOۤvѨMxtΰDC YzO &os; sA
Цbw˫e̦nTC
O &os.current;H
snapshot
&os.current; O &os; ̷sC]tG
boqBʽ誺קBLɴA
oǪFbU@ relase i|A]iण|C
ަ\h &os; }ǫCѳ|sĶ &os.current; source codeA
ɳoǭlXOLksĶ\C MAoǰDq`|ָѨMA
&os.current; 쩳OaӯETάOhFQnΪs\BﵽA
oIDnMzslXɾөwI
ֻݭn &os.current;H
&os.current; AXUCoTHG
&os; sGnM` source tree Y@A
Hλ{O current(̷sA)
ݨDHC
&os; sGFTO &os.current;
iabíwAA
ӥDʪɶѨMDժ̡C ~A٦ &os;
ണXijHΧﵽVAôX patch ץɪHC
uOߩΪ̷QѦ(pAuO\ŪA
ӫD)HC
oǤHɤ]|ǵѡAΰ^mlXC
&os.current; äO H
lD̷s\C ṱ̌ǫܻŪs\A
çƱ榨zPHĤ@ӹժHA
]N &os.current; omA|C
ޡAz]AѨ̷s\A
o]NۭYX{s bug ɡAz]OġC
״_ bug tkC ] &os.current;
b״_w bug PɡASi|ͷs bugC
LҤb officially supported
C
ڭ̷|ɤOUWz &os.current; TO
legitimate
ϥΪ̡A
ڭSɶL̴ѧN䴩C
oNڭ̫ܴcHAάOQUH(YOܡA
ڭ̤]| &os; VOF)
AbO]ڭ̤FNALkCѦ^ƦʭӰDA
ӦP~}o &os;C
iHTw@INOA
bﵽ &os; άO^jqXDA
YnӿܪܡA}o̷|ܫe̡C
ϥ &os.current;
-
- -CURRENT
- using
-
- [J &a.current.name; &a.cvsall.name; ¡C
+ [J &a.current.name;-CURRENTusing &a.cvsall.name; ¡C
ouOӫijA]O @C
YzSq\ &a.current.name;
AN|LOHثetΪAAӬ\ӦbOHwѪDC
nOAi|@ǹvҺިtΦwM۷niC
b &a.cvsall.name; WhiHݨC commit A
]oǰO|savTLTC
nq\oǽ©ΨL¡AаѦ &a.mailman.lists.link;
IQq\YiC ܩLBJpiA
b̷|C
q &os; mirror
olXC ؤ覡iHFG
-
- cvsup
-
-
- cron
-
-
- -CURRENT
- Syncing with CVSup
-
-
- H csup
+ H csupcvsup
cvsup {ft
/usr/share/examples/cvsup ɦW
standard-supfile
supfileC
oOja̱`˪覡A]iHz tree ^ӡA
NusYiC
~A\hH| csup
cvsup
- cron Hw۰ʧsC
+ croncron Hw۰ʧsC
znۭqez supfile dɡA
ðwۨҥHվ csup
- cvsup ]wC
+ cvsup-CURRENTSyncing with CVSup ]wC
-
- -CURRENT
- Syncing with CTM
-
-
ϥ CTM uC YҤ
+ linkend="ctm">CTM-CURRENTSyncing with CTM uC YҤ
(WOζQAΥu email Ӥw)
CTM |AXzݨDC
MӡAo]@ǪijåB`@ǦDɮסC ]A
ܤ֤H|ΥC o]wF̿oӧs覡C
YOϥ 9600 bps modem WejW̡Aijϥ
CVSup
C
Y source code OnΨӶ]AӤȥuOݬݦӤwA
N &os.current;AӤnu쳡C
]j source code |̨ۨL source code `A
YOzusĶ䤤@AOҷ|ܳ·СC
-
- -CURRENT
- compiling
-
- bsĶ &os.current; eAХJӾ\Ū
+ bsĶ &os.current;-CURRENTcompiling eAХJӾ\Ū
/usr/src MakefileC
ޥuOɯųFӤwAzܤ֤]n
˷s kernel HέssĶ worldC ~Ahh\Ū
&a.current; H /usr/src/UPDATING
]OA
~ાDثeiO˥HΤU@|sFC
IYzb] &os.current;A
ڭ̫ܷQDzQkOAרO[jǥ\A
θӭץǿ~ijC pGzbijɯW{XܡA
uOӴΤFI
ϥγ̷s &os; STABLE
O &os.stable;H
-STABLE
&os.stable; Oڭ̪}oADno檩NѦӨӡC
oӤ|HPtק@קܤơAåB]oǬOĤ@iJ &os.current;
iաC MӡAo M ݩ}oA
]NObYǮɭԡA&os.stable; i|B]iण|ŦX@ǯSݨDC
uLOt@Ӷ}oӤwAiणӾAX@ϥΪ̡C
ֻݭn &os.stable;H
YzhlܡB^m FreeBSD }oL{Χ@ǰ^mA
רO| FreeBSD UӪ
o榳A
ӦҼ{ĥ &os.stable;C
Mw|}ɤ]|iJ &os.stable; A
ȶȦ] ݭn h &os.stable;C
FreeBSD C security advisory(wi)
|ѻph״_vT
MӡAo]@wOTAڭ̤iû䴩 FreeBSD
骺Uصo檩AިCӵo檩oGA|䴩Ʀ~[C
YA FreeBSD ثeª䴩FӸ`AаѾ\ http://www.FreeBSD.org/security/
C
AYȦ]w]ӥhĥζ}oAM|ѨM{wDA
]iaӤ@ǼêDC
ާڭ̺ɤOTO &os.stable; bɭԧॿTsĶBB@A
SHOHɳiHŦXWzتC ~AMlXbiJ
&os.stable; eA|b &os.current; }oAϥ &os.current;
H &os.stable; ϥΪ̨Ӫ֡AҥHq`ǰDAib
&os.current; SH`NAH &os.stable;
ϥΪ̪sxϥΤ~|B{C
ѩWzoDzzѡAڭä ذlH
&os.stable;AӥBnOAOblX|gդeA
Nİʧ production server ಾ &os.stable; ҡC
YzSoǦhɶB믫ܡA˱zϥγ̷s FreeBSD
o檩YiAñĥΨҴѪ binary sӧɯಾC
ϥ &os.stable;
-
- -STABLE
- using
-
-
- q\ &a.stable.name; listC iHzHA &os.stable;
+ q\ &a.stable.name;-STABLEusing listC iHzHA &os.stable;
nsĶɪۨYAHΨLݯSO`NDC
}o̦bҼ{@ǦijץΧsɡAN|bo̵oHA
ϥΪ̦|iHA
ݥL̹ҴO_ijΰDC
&a.cvsall.name; list oiHݨC commit logA
䤤]AF\h֪TAҦp@ǥioͪڮC
Qn[JodzqHªܡAun &a.mailman.lists.link;
IUQq\ list YiC lBJbW|C
Ynwˤ@ӥstΡAåBƱ &os.stable;
Cw snapshotAаѾ\ Snapshots HAѬӸ`C
~A]iq mirror
Ӧw˳̷s &os.stable; o檩AózLUCӧs̷s
&os.stable; lXC
Yw˪O &os; HeAӷQzLlX覡ӤɯšA
]OiHQ &os; mirror
ӧC HUШؤ覡G
-
- cvsup
-
-
- cron
-
-
- -STABLE
- syncing with CVSup
-
- H csup
+ H csupcvsup
cvsup {ft
/usr/share/examples/cvsup ɦW
stable-supfile
supfileC oOja̱`˪覡A
]iHA tree ^ӡA
NusYiC
~A\hH| csup
- cvsup cron
+ cvsup croncron
Hw۰ʧsC znۭqez
supfile dɡAðwۨҥHվ
csup
- cvsup ]wC
+ cvsup-STABLEsyncing with CVSup ]wC
-
- -STABLE
- syncing with CTM
-
-
ϥ CTM suC
+ linkend="ctm">CTM-STABLEsyncing with CTM suC
Y֩κOζQAiHҼ{ĥΡC
@ӨAY`ݦs̷slXAӤpWeܡA
iHϥ csup cvsup
ftpC _hANҼ{
CTMC
-
- -STABLE
- compiling
-
-
- bsĶ &os.stable; eAХJӾ\Ū
+ bsĶ &os.stable;-STABLEcompiling eAХJӾ\Ū
/usr/src Makefile
ɡC ޥuOɯųFӤwAzܤ֤]n ˷s kernel HέssĶ worldC
~Ahh\Ū &a.stable; H
/usr/src/UPDATING ]OƪA
oˤ~ાDثeiOˡAHΤU@|ǷsFC
sA Source
&os; plX\hzL( email)覡ӧsA
LOs@AoǥѱzۦMwC ڭ̥DnѪO Anonymous CVSBCVSup
BCTMC
MiHuslXAߤ@䴩sy{Os treeA
åBs userland(pGѨϥΪ̥h檺Ҧ{AO
/binB/sbin {)H
kernel lXC
Yus source treeBΥu kernel BΥu userland
Aq`|y@ǿ~AOGsĶ~Bkernel panicBƷl
C
CVS
anonymous
Anonymous CVS
CVSup O pull
ҦӧslXC H CVSup ҡA
ϥΪ( cron script)| cvsup
{A̷|PY@x cvsupd A@ǤʡA
HslXɮסC zҦs|Oɳ̷sA
ӥBu|ݧsC ~A]iHܻPh]wnsdC
s|ѦA蠟AXɱzһݭnsɮAC
Anonymous CVS ۹
CVSup ӱo²ǡA]uO
CVS ӤwA@Aiqݪ
CVS repository X̷slXC M CVSup
bo譱|IJvAL Anonymous CVS
sӨAOΰ_Ӥ²C
CTM
t@ؤ覡hO CTMC
äOHͦӤzҾ֦ sources MAW sources
άOzosC ۤϪA|@ script
ɱMΨӿܧLɮסAoӵ{O CTM AӰA
Cѷ|ƦAç⦸ܧLɮץ[HYA
õ̤@ӧǸAMN[HsX(u printable ASCII r)A
åH email 覡HXC z쥦ɭԡAo CTM deltas
NiH &man.ctm.rmail.1; {ӳBzAӵ{|۰ʸѽXBT{B
MγoܧC o{Ǥ CVSup ӻOֱohFA
ӥBAoӼҦڭ̪AӻOPA]oO@
push ҦAӫD pull
ҦC
MAo˰]|aӤ@ǤKC Ypߧz{MFA
CVSup |XӡAæ۰ʬz⤣ɻC
CTM ä|zoǰʧ@C
YMFz source (ӥBSƥ)AziHqY}l(q̷s CVS
base delta
)å CTM ӭإ
AάO Anonymous CVS ӧA
un⤣Ta屼AAsPBʧ@YiC
ssĶ world
Rebuilding world
bs &os; source tree ̷s(LO &os.stable;B
&os.current; )AUӴNiHγo source tree ӭssĶt
C
nƥ
b@jʧ@ e
nOotΧ@ƥnʵLjաC ޭssĶ world O
(unӤܥh@)@²檺ƱAX]ObKC
t~AOHb source tree VdV~A]i|ytεLk}
C
нT{ۤvw@ƥAåB䦳 fixit Ϥζ}СC
ziû]ΤoǪFA
wĤ@`ƫỡpӱonaI
q\ Mailing List
mailing list
&os.stable; H &os.current; AWNOݩ
}oqC &os; @^m]OHA]|ǿ~C
ɭԳoǿ~õLjêAuO|tβͷs~ĵiӤwC
ɫhOaAi|ɭP}ɮרtΪl(ΧV)C
YJDAKʼD heads up(`N)
}YH mailing listAMDIHη|vTǨtΡC
bDѨMAAKD all clear(wѨM)
}YnHC
YΪO &os.stable; &os.current;AoS\Ū &a.stable;
&a.current; QסA|Oۧ·ЦӤwC
n make world
@玲¤|ijϥ make worldC
o˰|L@ǭnBJAijubADۤvb@AAoC
bjhƪpUAФnå make worldA
ӸӧΤUЪ覡C
stΪзǤ覡
nɯŨtΫeA@wnd\ /usr/src/UPDATING
AHA buildworld eݭn@ǨƱΪ`NƶA
M~ΤUCBJG
&prompt.root; make buildworld
&prompt.root; make buildkernel
&prompt.root; make installkernel
&prompt.root; reboot
bּƪpAiݭnb buildworld
BJe@ mergemaster -p ~৹C
ܩɻݭnΤݭnAаѾ\ UPDATING C
@ӻAunOi(major) &os; ɯšA
NiLoBJC
installkernel Aݭn}ä
single user Ҧ(|ҡG]iHb loader ܲŸ᭱[W
boot -s)C UӰG
&prompt.root; mergemaster -p
&prompt.root; make installworld
&prompt.root; mergemaster
&prompt.root; reboot
Read Further Explanations
WzBJuOUzɯŪ²满ӤwAYnMAѨC@BJA
רOYۦ楴y kernel ]wANӾ\ŪUeC
\Ū /usr/src/UPDATING
b@ƱeAаȥ\Ū
/usr/src/UPDATING (Φb source code )
C o|giDJDAΫwǷ|檺OǬC
pGA{b UPDATING
Po䪺yzĬB٬ޤBAХHW
UPDATING ǡC
MӡApPeҭzAua\Ū UPDATING
ä৹N mailing listC o̳OɪAӤ۱ƥC
ˬd /etc/make.conf
make.conf
ˬd
/usr/share/examples/etc/make.conf
H
/etc/make.confC Ĥ@DO@Ǩtιw]
– LAjQѰ_ӡC FbssĶɯϥγoǡA
Чodz]w[ /etc/make.confC Ъ`Nb
/etc/make.conf ]w]|vTCϥ
make GA
]]w@ǾAXۤvtΪﶵ|O@kC
@ϥΪ̳q`|q
/usr/share/examples/etc/make.conf ƻs
CFLAGS H NO_PROFILE
]w /etc/make.confAøѰѦLO
C
~A]iHոլݨL]w (COPTFLAGSB
NOPORTDOCS )AO_ŦXۤvһݡC
s /etc ]w
b /etc ؿ|tΪ]wɡA
Hζ}ɪUAȱҰ scriptC script H FreeBSD
PӦǮtC
䤤dz]wɷ|bCB@tθ̤]|ΨC רO
/etc/groupC
ɭԦb make installworld w˹L{A
|ݭnإ߬YǯSwbθsաC biɯŤeḀiäsbA
]ɯŮɴN|yDC ɭ make buildworld
|ˬdoǩһݪbθsլO_wsbC
|ӳo˪ҤlAOYɯŤᥲsW smmsp
bC YϥΪ̩|sWӱbNnɯžާ@ܡA
|b &man.mtree.8; իإ /var/spool/clientmqueue
ɵoͥѡC
ѪkOb buildworld qeA &man.mergemaster.8; ÷ft
ﶵC |墨ǰ
buildworld
installworld һݤ]wɡC
YAҥΪO䴩
mergemaster Aϥ source tree
sYiG
&prompt.root; cd /usr/src/usr.sbin/mergemaster
&prompt.root; ./mergemaster.sh -p
YzOg(paranoid)A
iHUo˥hյˬdtΤWɮݩwWγQRs
G
&prompt.root; find / -group GID -print
o|ܩҦŦXn䪺 GID s
(iHOsզW١AΪ̬OsժƦrN)ҦɮסC
Single User Ҧ
single-user mode
zi|Qb single user ҦUsĶtΡC
FiH֧~Aw˹L{N|oA\hntɮסA
]AҦt binariesBlibrariesBinclude ɮC
YbB@t(ר䦳\hϥΪ̦bΪɭ)oɮסA
²Oۧ·Ъ@kC
multi-user mode
t@ؼҦOb multi-user ҦUsĶntΡAMA single user
ҦhwˡC Yzwoؤ覡Auݦb build(sĶL{) A
AhUBJYiC @i single user ҦɡAAh
installkernel
installworld YiC
root G
&prompt.root; shutdown now
o˴N|q쥻 multi-user Ҧ single user ҦC
~]iH}Aۦb}B
single user
ﶵC p@ӴN|iJ single user ҦA
Mb shell ܲŸBJG
&prompt.root; fsck -p
&prompt.root; mount -u /
&prompt.root; mount -a -t ufs
&prompt.root; swapon -a
o˷|ˬdɮרtΡAísN /
HiŪgҦAH /etc/fstab
ҳ]wL UFS ɮרtΡA̫ҥ swap ϰϡC
Y CMOS O]aɶAӫD GMT ɰ(Y &man.date.1;
OSܥTɶBɰ)AiݭnAJUCOG
&prompt.root; adjkerntz -i
oBJiHT{zaɰϳ]wO_T —
_h|y@ǰDC
/usr/obj
bssĶtΪL{AsĶG|(w]p)
/usr/obj C o̭ؿ|
/usr/src ؿcC
屼oؿAiHH᪺ make buildworld
L{֤@ǡAӥBiקKHesĶF{bVcb@_ۨ̿
C
Ӧ /usr/obj ɮץi|]wiʪ
flag(Ӹ`аѾ\ &man.chflags.1;)Aӥo flag ]w~
C
&prompt.root; cd /usr/obj
&prompt.root; chflags -R noschg *
&prompt.root; rm -rf *
ssĶ Base System
OdsĶ
ijinߺDA &man.make.1; ɲͪs_ӡC
o˭YXAN|~TC MoˡA
AiणDpROXFáAYADOK &os;
mailing list NiHHiHݬO@^ƱC
²檺ONO &man.script.1; OAå[WѼ
(AQsOɮצmBɦW)YiC
oBJӦbssĶtήɴNn@AMbsĶJ
exit Yi}C
&prompt.root; script /var/tmp/mw.out
Script started, output file is /var/tmp/mw.out
&prompt.root; make TARGET
… compile, compile, compile …
&prompt.root; exit
Script done, …
FA٦@IqOɮצs
/tmp ؿC ]}A
oؿF賣|QMšC aO
/var/tmp (pWҩҥ) Ϊ̬O
root aؿC
sĶ Base System
Х /usr/src ؿG
&prompt.root; cd /usr/src
(MADA source code LaAYuOoˡA
N쨺ӥؿYi)C
make
ϥ &man.make.1; OӭssĶ worldC
oO|q Makefile (oɷ|g &os;
{ӦpssĶBHǶǨӽsĶ)hŪOC
@UO榡pUG
&prompt.root; make -x -DVARIABLE target
boӨҤlA
OAQǵ &man.make.1; ﶵAӸ`аѾ\ &man.make.1; A
̭dһC
hOܼƳ]wǵ MakefileC oܼƷ|
Makefile 欰C odz]wP
/etc/make.conf ܼƳ]wO@ˡA
uOt@س]w覡ӤwC
&prompt.root; make -DNO_PROFILE target
WҤlhOt@س]w覡A]NOǤnC
oӨҤlNOhsĶ profiled librariesAĪGNpP]wb
/etc/make.conf
NO_PROFILE= true # Avoid compiling profiled libraries
target hOiD &man.make.1;
ӥhǡC C Makefile |wqP
targets
AM̱zҵ target N|Mw|ǰʧ@
C
Some targets are listed in the
Makefile, but are not meant for you to run.
Instead, they are used by the build process to break out the
steps necessary to rebuild the system into a number of
sub-steps.
Most of the time you will not need to pass any parameters to
&man.make.1;, and so your command like will look like
this:
&prompt.root; make target
Where target will be one of
many build options. The first target should always be
buildworld.
As the names imply, buildworld
builds a complete new tree under /usr/obj,
and installworld, another target, installs this tree on
the current machine.
Having separate options is very useful for two reasons. First, it allows you
to do the build safe in the knowledge that no components of
your running system will be affected. The build is
self hosted
. Because of this, you can safely
run buildworld on a machine running
in multi-user mode with no fear of ill-effects. It is still
recommended that you run the
installworld part in single user
mode, though.
Secondly, it allows you to use NFS mounts to upgrade
multiple machines on your network. If you have three machines,
A, B and C that you want to upgrade, run make
buildworld and make installworld on
A. B and C should then NFS mount /usr/src
and /usr/obj from A, and you can then run
make installworld to install the results of
the build on B and C.
Although the world target still exists,
you are strongly encouraged not to use it.
Run
&prompt.root; make buildworld
It is possible to specify a option to
make which will cause it to spawn several
simultaneous processes. This is most useful on multi-CPU machines.
However, since much of the compiling process is IO bound rather
than CPU bound it is also useful on single CPU machines.
On a typical single-CPU machine you would run:
&prompt.root; make -j4 buildworld
&man.make.1; will then have up to 4 processes running at any one
time. Empirical evidence posted to the mailing lists shows this
generally gives the best performance benefit.
If you have a multi-CPU machine and you are using an SMP
configured kernel try values between 6 and 10 and see how they speed
things up.
Timings
rebuilding world
timings
Many factors influence the build time, but fairly recent
machines may only take a one or two hours to build
the &os.stable; tree, with no tricks or shortcuts used during the
process. A &os.current; tree will take somewhat longer.
Compile and Install a New Kernel
kernel
compiling
To take full advantage of your new system you should recompile the
kernel. This is practically a necessity, as certain memory structures
may have changed, and programs like &man.ps.1; and &man.top.1; will
fail to work until the kernel and source code versions are the
same.
The simplest, safest way to do this is to build and install a
kernel based on GENERIC. While
GENERIC may not have all the necessary devices
for your system, it should contain everything necessary to boot your
system back to single user mode. This is a good test that the new
system works properly. After booting from
GENERIC and verifying that your system works you
can then build a new kernel based on your normal kernel configuration
file.
On &os; it is important to build world before building a
new kernel.
If you want to build a custom kernel, and already have a configuration
file, just use KERNCONF=MYKERNEL
like this:
&prompt.root; cd /usr/src
&prompt.root; make buildkernel KERNCONF=MYKERNEL
&prompt.root; make installkernel KERNCONF=MYKERNEL
Note that if you have raised kern.securelevel
above 1 and you have set either the
noschg or similar flags to your kernel binary, you
might find it necessary to drop into single user mode to use
installkernel. Otherwise you should be able
to run both these commands from multi user mode without
problems. See &man.init.8; for details about
kern.securelevel and &man.chflags.1; for details
about the various file flags.
Reboot into Single User Mode
single-user mode
You should reboot into single user mode to test the new kernel
works. Do this by following the instructions in
.
Install the New System Binaries
If you were building a version of &os; recent enough to have
used make buildworld then you should now use
installworld to install the new system
binaries.
Run
&prompt.root; cd /usr/src
&prompt.root; make installworld
If you specified variables on the make
buildworld command line, you must specify the same
variables in the make installworld command
line. This does not necessarily hold true for other options;
for example, must never be used with
installworld.
For example, if you ran:
&prompt.root; make -DNO_PROFILE buildworld
you must install the results with:
&prompt.root; make -DNO_PROFILE installworld
otherwise it would try to install profiled libraries that
had not been built during the make buildworld
phase.
Update Files Not Updated by make installworld
Remaking the world will not update certain directories (in
particular, /etc, /var and
/usr) with new or changed configuration files.
The simplest way to update these files is to use
&man.mergemaster.8;, though it is possible to do it manually
if you would prefer to do that. Regardless of which way you
choose, be sure to make a backup of /etc in
case anything goes wrong.
Tom
Rhodes
Contributed by
mergemaster
mergemaster
The &man.mergemaster.8; utility is a Bourne script that will
aid you in determining the differences between your configuration files
in /etc, and the configuration files in
the source tree /usr/src/etc. This is
the recommended solution for keeping the system configuration files up to date
with those located in the source tree.
To begin simply type mergemaster at your prompt, and
watch it start going. mergemaster will then build a
temporary root environment, from / down, and populate
it with various system configuration files. Those files are then compared
to the ones currently installed in your system. At this point, files that
differ will be shown in &man.diff.1; format, with the sign
representing added or modified lines, and representing
lines that will be either removed completely, or replaced with a new line.
See the &man.diff.1; manual page for more information about the &man.diff.1;
syntax and how file differences are shown.
&man.mergemaster.8; will then show you each file that displays variances,
and at this point you will have the option of either deleting the new file (referred
to as the temporary file), installing the temporary file in its unmodified state,
merging the temporary file with the currently installed file, or viewing the
&man.diff.1; results again.
Choosing to delete the temporary file will tell &man.mergemaster.8; that we
wish to keep our current file unchanged, and to delete the new version.
This option is not recommended, unless you see no
reason to change the current file. You can get help at any time by
typing ? at the &man.mergemaster.8; prompt. If the user
chooses to skip a file, it will be presented again after all other files
have been dealt with.
Choosing to install the unmodified temporary file will replace the
current file with the new one. For most unmodified files, this is the best
option.
Choosing to merge the file will present you with a text editor,
and the contents of both files. You can now merge them by
reviewing both files side by side on the screen, and choosing parts from
both to create a finished product. When the files are compared side by side,
the l key will select the left contents and the
r key will select contents from your right.
The final output will be a file consisting of both parts, which can then be
installed. This option is customarily used for files where settings have been
modified by the user.
Choosing to view the &man.diff.1; results again will show you the file differences
just like &man.mergemaster.8; did before prompting you for an option.
After &man.mergemaster.8; is done with the system files you will be
prompted for other options. &man.mergemaster.8; may ask if you want to rebuild
the password file and will finish up with an option to
remove left-over temporary files.
Manual Update
If you wish to do the update manually, however,
you cannot just copy over the files from
/usr/src/etc to /etc and
have it work. Some of these files must be installed
first. This is because the /usr/src/etc
directory is not a copy of what your
/etc directory should look like. In addition,
there are files that should be in /etc that are
not in /usr/src/etc.
If you are using &man.mergemaster.8; (as recommended),
you can skip forward to the next
section.
The simplest way to do this by hand is to install the
files into a new directory, and then work through them looking
for differences.
Backup Your Existing /etc
Although, in theory, nothing is going to touch this directory
automatically, it is always better to be sure. So copy your
existing /etc directory somewhere safe.
Something like:
&prompt.root; cp -Rp /etc /etc.old
does a recursive copy,
preserves times, ownerships on files and suchlike.
You need to build a dummy set of directories to install the new
/etc and other files into.
/var/tmp/root is a reasonable choice, and
there are a number of subdirectories required under this as
well.
&prompt.root; mkdir /var/tmp/root
&prompt.root; cd /usr/src/etc
&prompt.root; make DESTDIR=/var/tmp/root distrib-dirs distribution
This will build the necessary directory structure and install the
files. A lot of the subdirectories that have been created under
/var/tmp/root are empty and should be deleted.
The simplest way to do this is to:
&prompt.root; cd /var/tmp/root
&prompt.root; find -d . -type d | xargs rmdir 2>/dev/null
This will remove all empty directories. (Standard error is
redirected to /dev/null to prevent the warnings
about the directories that are not empty.)
/var/tmp/root now contains all the files that
should be placed in appropriate locations below
/. You now have to go through each of these
files, determining how they differ with your existing files.
Note that some of the files that will have been installed in
/var/tmp/root have a leading .
. At the
time of writing the only files like this are shell startup files in
/var/tmp/root/ and
/var/tmp/root/root/, although there may be others
(depending on when you are reading this). Make sure you use
ls -a to catch them.
The simplest way to do this is to use &man.diff.1; to compare the
two files:
&prompt.root; diff /etc/shells /var/tmp/root/etc/shells
This will show you the differences between your
/etc/shells file and the new
/var/tmp/root/etc/shells file. Use these to decide whether to
merge in changes that you have made or whether to copy over your old
file.
Name the New Root Directory
(/var/tmp/root) with a Time Stamp, so You Can
Easily Compare Differences Between Versions
Frequently rebuilding the world means that you have to update
/etc frequently as well, which can be a bit of
a chore.
You can speed this process up by keeping a copy of the last set
of changed files that you merged into /etc.
The following procedure gives one idea of how to do this.
Make the world as normal. When you want to update
/etc and the other directories, give the
target directory a name based on the current date. If you were
doing this on the 14th of February 1998 you could do the
following:
&prompt.root; mkdir /var/tmp/root-19980214
&prompt.root; cd /usr/src/etc
&prompt.root; make DESTDIR=/var/tmp/root-19980214 \
distrib-dirs distribution
Merge in the changes from this directory as outlined
above.
Do not remove the
/var/tmp/root-19980214 directory when you
have finished.
When you have downloaded the latest version of the source
and remade it, follow step 1. This will give you a new
directory, which might be called
/var/tmp/root-19980221 (if you wait a week
between doing updates).
You can now see the differences that have been made in the
intervening week using &man.diff.1; to create a recursive diff
between the two directories:
&prompt.root; cd /var/tmp
&prompt.root; diff -r root-19980214 root-19980221
Typically, this will be a much smaller set of differences
than those between
/var/tmp/root-19980221/etc and
/etc. Because the set of differences is
smaller, it is easier to migrate those changes across into your
/etc directory.
You can now remove the older of the two
/var/tmp/root-* directories:
&prompt.root; rm -rf /var/tmp/root-19980214
Repeat this process every time you need to merge in changes
to /etc.
You can use &man.date.1; to automate the generation of the
directory names:
&prompt.root; mkdir /var/tmp/root-`date "+%Y%m%d"`
Rebooting
You are now done. After you have verified that everything appears
to be in the right place you can reboot the system. A simple
&man.shutdown.8; should do it:
&prompt.root; shutdown -r now
Finished
You should now have successfully upgraded your &os; system.
Congratulations.
If things went slightly wrong, it is easy to rebuild a particular
piece of the system. For example, if you accidentally deleted
/etc/magic as part of the upgrade or merge of
/etc, the &man.file.1; command will stop working.
In this case, the fix would be to run:
&prompt.root; cd /usr/src/usr.bin/file
&prompt.root; make all install
Questions
Do I need to re-make the world for every change?
There is no easy answer to this one, as it depends on the
nature of the change. For example, if you just ran CVSup, and
it has shown the following files as being updated:
src/games/cribbage/instr.c
src/games/sail/pl_main.c
src/release/sysinstall/config.c
src/release/sysinstall/media.c
src/share/mk/bsd.port.mk
it probably is not worth rebuilding the entire world.
You could just go to the appropriate sub-directories and
make all install, and that's about it. But
if something major changed, for example
src/lib/libc/stdlib then you should either
re-make the world, or at least those parts of it that are
statically linked (as well as anything else you might have added
that is statically linked).
At the end of the day, it is your call. You might be happy
re-making the world every fortnight say, and let changes
accumulate over that fortnight. Or you might want to re-make
just those things that have changed, and be confident you can
spot all the dependencies.
And, of course, this all depends on how often you want to
upgrade, and whether you are tracking &os.stable; or
&os.current;.
My compile failed with lots of signal 11
signal 11 (or other signal
number) errors. What has happened?
This is normally indicative of hardware problems.
(Re)making the world is an effective way to stress test your
hardware, and will frequently throw up memory problems. These
normally manifest themselves as the compiler mysteriously dying
on receipt of strange signals.
A sure indicator of this is if you can restart the make and
it dies at a different point in the process.
In this instance there is little you can do except start
swapping around the components in your machine to determine
which one is failing.
Can I remove /usr/obj when I have
finished?
The short answer is yes.
/usr/obj contains all the object files
that were produced during the compilation phase. Normally, one
of the first steps in the make buildworld process is to
remove this directory and start afresh. In this case, keeping
/usr/obj around after you have finished
makes little sense, and will free up a large chunk of disk space
(currently about 340 MB).
However, if you know what you are doing you can have
make buildworld skip this step. This will make subsequent
builds run much faster, since most of sources will not need to
be recompiled. The flip side of this is that subtle dependency
problems can creep in, causing your build to fail in odd ways.
This frequently generates noise on the &os; mailing lists,
when one person complains that their build has failed, not
realizing that it is because they have tried to cut
corners.
Can interrupted builds be resumed?
This depends on how far through the process you got before
you found a problem.
In general (and this is not a hard and
fast rule) the make buildworld process builds new
copies of essential tools (such as &man.gcc.1;, and
&man.make.1;) and the system libraries. These tools and
libraries are then installed. The new tools and libraries are
then used to rebuild themselves, and are installed again. The
entire system (now including regular user programs, such as
&man.ls.1; or &man.grep.1;) is then rebuilt with the new
system files.
If you are at the last stage, and you know it (because you
have looked through the output that you were storing) then you
can (fairly safely) do:
… fix the problem …
&prompt.root; cd /usr/src
&prompt.root; make -DNO_CLEAN all
This will not undo the work of the previous
make buildworld.
If you see the message:
--------------------------------------------------------------
Building everything..
--------------------------------------------------------------
in the make buildworld output then it is
probably fairly safe to do so.
If you do not see that message, or you are not sure, then it
is always better to be safe than sorry, and restart the build
from scratch.
How can I speed up making the world?
Run in single user mode.
Put the /usr/src and
/usr/obj directories on separate
file systems held on separate disks. If possible, put these
disks on separate disk controllers.
Better still, put these file systems across multiple
disks using the &man.ccd.4; (concatenated disk
driver) device.
Turn off profiling (set NO_PROFILE=true
in
/etc/make.conf). You almost certainly
do not need it.
Also in /etc/make.conf, set
CFLAGS to something like . The optimization is much
slower, and the optimization difference between
and is normally
negligible. lets the compiler use
pipes rather than temporary files for communication, which
saves disk access (at the expense of memory).
Pass the option to &man.make.1; to
run multiple processes in parallel. This usually helps
regardless of whether you have a single or a multi processor
machine.
The file system holding
/usr/src can be mounted (or remounted)
with the option. This prevents the
file system from recording the file access time. You probably
do not need this information anyway.
&prompt.root; mount -u -o noatime /usr/src
The example assumes /usr/src is
on its own file system. If it is not (if it is a part of
/usr for example) then you will
need to use that file system mount point, and not
/usr/src.
The file system holding /usr/obj can
be mounted (or remounted) with the
option. This causes disk writes to happen asynchronously.
In other words, the write completes immediately, and the
data is written to the disk a few seconds later. This
allows writes to be clustered together, and can be a
dramatic performance boost.
Keep in mind that this option makes your file system
more fragile. With this option there is an increased
chance that, should power fail, the file system will be in
an unrecoverable state when the machine restarts.
If /usr/obj is the only thing on
this file system then it is not a problem. If you have
other, valuable data on the same file system then ensure
your backups are fresh before you enable this
option.
&prompt.root; mount -u -o async /usr/obj
As above, if /usr/obj is not on
its own file system, replace it in the example with the
name of the appropriate mount point.
What do I do if something goes wrong?
Make absolutely sure your environment has no
extraneous cruft from earlier builds. This is simple
enough.
&prompt.root; chflags -R noschg /usr/obj/usr
&prompt.root; rm -rf /usr/obj/usr
&prompt.root; cd /usr/src
&prompt.root; make cleandir
&prompt.root; make cleandir
Yes, make cleandir really should
be run twice.
Then restart the whole process, starting
with make buildworld.
If you still have problems, send the error and the
output of uname -a to &a.questions;.
Be prepared to answer other questions about your
setup!
Mike
Meyer
Contributed by
Tracking for Multiple Machines
NFS
installing multiple machines
If you have multiple machines that you want to track the
same source tree, then having all of them download sources and
rebuild everything seems like a waste of resources: disk space,
network bandwidth, and CPU cycles. It is, and the solution is
to have one machine do most of the work, while the rest of the
machines mount that work via NFS. This section outlines a
method of doing so.
Preliminaries
First, identify a set of machines that is going to run
the same set of binaries, which we will call a
build set. Each machine can have a
custom kernel, but they will be running the same userland
binaries. From that set, choose a machine to be the
build machine. It is going to be the
machine that the world and kernel are built on. Ideally, it
should be a fast machine that has sufficient spare CPU to
run make buildworld and
make buildkernel. You will also want to
choose a machine to be the test
machine, which will test software updates before they
are put into production. This must be a
machine that you can afford to have down for an extended
period of time. It can be the build machine, but need not be.
All the machines in this build set need to mount
/usr/obj and
/usr/src from the same machine, and at
the same point. Ideally, those are on two different drives
on the build machine, but they can be NFS mounted on that machine
as well. If you have multiple build sets,
/usr/src should be on one build machine, and
NFS mounted on the rest.
Finally make sure that
/etc/make.conf on all the machines in
the build set agrees with the build machine. That means that
the build machine must build all the parts of the base
system that any machine in the build set is going to
install. Also, each build machine should have its kernel
name set with KERNCONF in
/etc/make.conf, and the build machine
should list them all in KERNCONF, listing
its own kernel first. The build machine must have the kernel
configuration files for each machine in
/usr/src/sys/arch/conf
if it is going to build their kernels.
The Base System
Now that all that is done, you are ready to build
everything. Build the kernel and world as described in on the build machine,
but do not install anything. After the build has finished, go
to the test machine, and install the kernel you just
built. If this machine mounts /usr/src
and /usr/obj via NFS, when you reboot
to single user you will need to enable the network and mount
them. The easiest way to do this is to boot to multi-user,
then run shutdown now to go to single user
mode. Once there, you can install the new kernel and world and run
mergemaster just as you normally would. When
done, reboot to return to normal multi-user operations for this
machine.
After you are certain that everything on the test
machine is working properly, use the same procedure to
install the new software on each of the other machines in
the build set.
Ports
The same ideas can be used for the ports tree. The first
critical step is mounting /usr/ports from
the same machine to all the machines in the build set. You can
then set up /etc/make.conf properly to share
distfiles. You should set DISTDIR to a
common shared directory that is writable by whichever user
root is mapped to by your NFS mounts. Each
machine should set WRKDIRPREFIX to a
local build directory. Finally, if you are going to be
building and distributing packages, you should set
PACKAGES to a directory similar to
DISTDIR.
diff --git a/zh_TW.Big5/books/handbook/l10n/chapter.xml b/zh_TW.Big5/books/handbook/l10n/chapter.xml
index 4029f6e690..ec34ee2791 100644
--- a/zh_TW.Big5/books/handbook/l10n/chapter.xml
+++ b/zh_TW.Big5/books/handbook/l10n/chapter.xml
@@ -1,908 +1,905 @@
Andrey
Chernov
Contributed by
Michael C.
Wu
Rewritten by
yt]w - I18N/L10N ΪkP]w
z
ѩ FreeBSD OG@ɪϥΪ̤ΧӤuҤpeADnQO
FreeBSD ڤơBgijDAHKyO^ytH]බQUu@C
b@~tΡBε{ؼhADnOzL i18n зǨӹ@AҥHA
o̧ڭ̱N|ФjPB@覡C
ŪoAzNFѡJ
UؤPyPaϳ]wpb@~tΤWisXC
p]wnJΪ shell ytҡC
pNA console ]^yH~yt]wC
pϥΤPyt]wA X Window B@ˤC
iHhP i18n Wۮeε{WơC
b}l\ŪoeAzݭnJ
DpH ports/packages Ӧwε{()C
L10N ¦
O I18N/L10N?
internationalization
localization
localization
{}oHߺD internationalization Yg I18NAƦr 18 DO̫eP̫᭱rrӼ`MA
L10N ]OH@˪覡AO localization
YgC
unŦX I18N/L10N WBwε{ANiHϥΪ̨̦Uۻytӧ@]wC
I18N ε{OH I18N }ouӶi}oA
iH{}oHzLg²檺rɡANiHeWBT½ĶUytC
ڭ̱jPij{}oH`oӹCWhC
Өϥ I18N/L10NH
unŦX I18N/L10N зǡANiHPaݡBJBBzD^媺ơC
I18N 䴩ǻytH
I18N M L10N ëD FreeBSD үSAثeo@ɤWXG@Dnyt䴩A
OGBwBBBkBXBVn嵥C
ϥλyt]w(Localization)
I18N M L10N ëD FreeBSD үSAӬO@qCWhC
ڭ̹yAb FreeBSD @ɤP˿uoCWhC
locale
Locale ]wѤTӳҲզGyNX(Language Code)BX(Country Code)BsX(Encoding)C
ҥHALocale ]wWٴNOѳoTӤ@_զG
yNX_X.sX
yBX
language codes
country codes
ϥΪ̥nDoǯSwXByNX(X|iDε{Өϥέ@ػy)A
~ FreeBSD ΨL䴩 I18N &unix; tΧ@ locale ]wC
~As(borwser)BSMTP/POP DBWeb D]Ho[cDC
UOpϥΡyyNXBXzҤlG
yNX/X
²
en_US
^()
ru_RU
X(X)
zh_TW
餤(xW)
sX
encodings
ASCII
ǻyëDĥ ASCII sXAiOG 8-bitBwide
multibyte rAԱаѾ\ &man.multibyte.3;C
j{iLkTPOBλ~PSrCӸs{iH{
8-bit rC ѩU{@k@AϥΪ̥iݭnbsĶ{ɡA[W
wide multibyte r䴩]wAάOTվ~C
nJBBz wide multibyte rܡAihhQ FreeBSD Ports Collection Uy{C
ԱаѾ\ FreeBSD U port I18N C
Specifically, the user needs to look at the application
documentation to decide on how to configure it correctly or to
pass correct values into the configure/Makefile/compiler.
Some things to keep in mind are:
Language specific single C chars character sets
(see &man.multibyte.3;), e.g.
ISO8859-1, ISO8859-15, KOI8-R, CP437.
Wide or multibyte encodings, e.g. EUC, Big5.
You can check the active list of character sets at the
IANA Registry.
&os; use X11-compatible locale encodings instead.
I18N Applications
In the FreeBSD Ports and Package system, I18N applications
have been named with I18N in their names for
easy identification. However, they do not always support the
language needed.
Setting Locale
Usually it is sufficient to export the value of the locale name
as LANG in the login shell. This could be done in
the user's ~/.login_conf file or in the
startup file of the user's shell (~/.profile,
~/.bashrc, ~/.cshrc).
There is no need to set the locale subsets such as
LC_CTYPE, LC_CTIME. Please
refer to language-specific FreeBSD documentation for more
information.
You should set the following two environment variables in your configuration
files:
- POSIX
- LANG for &posix; &man.setlocale.3; family
+ LANG for &posix;POSIX &man.setlocale.3; family
functions
- MIME
-
- MM_CHARSET for applications' MIME character
+ MM_CHARSET for applications' MIMEMIME character
set
This includes the user shell configuration, the specific application
configuration, and the X11 configuration.
Setting Locale Methods
locale
login class
There are two methods for setting locale, and both are
described below. The first (recommended one) is by assigning
the environment variables in login
class, and the second is by adding the environment
variable assignments to the system's shell startup file.
Login Classes Method
This method allows environment variables needed for locale
name and MIME character sets to be assigned once for every
possible shell instead of adding specific shell assignments to
each shell's startup file. User
Level Setup can be done by an user himself and Administrator Level Setup require
superuser privileges.
User Level Setup
Here is a minimal example of a
.login_conf file in user's home
directory which has both variables set for Latin-1
encoding:
me:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:
Traditional ChineseBIG-5 encoding
Here is an example of a
.login_conf that sets the variables
for Traditional Chinese in BIG-5 encoding. Notice the many
more variables set because some software does not respect
locale variables correctly for Chinese, Japanese, and Korean.
#Users who do not wish to use monetary units or time formats
#of Taiwan can manually change each variable
me:\
:lang=zh_TW.Big5:\
:lc_all=zh_TW.Big:\
:lc_collate=zh_TW.Big5:\
:lc_ctype=zh_TW.Big5:\
:lc_messages=zh_TW.Big5:\
:lc_monetary=zh_TW.Big5:\
:lc_numeric=zh_TW.Big5:\
:lc_time=zh_TW.Big5:\
:charset=big5:\
:xmodifiers="@im=xcin": #Setting the XIM Input Server
See Administrator Level
Setup and &man.login.conf.5; for more details.
Administrator Level Setup
Verify that the user's login class in
/etc/login.conf sets the correct
language. Make sure these settings
appear in /etc/login.conf:
language_name:accounts_title:\
:charset=MIME_charset:\
:lang=locale_name:\
:tc=default:
So sticking with our previous example using Latin-1, it
would look like this:
german:German Users Accounts:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:\
:tc=default:
Before changing users Login Classes execute
the following command
&prompt.root; cap_mkdb /etc/login.conf
to make new configuration in
/etc/login.conf visible to the system.
Changing Login Classes with &man.vipw.8;
vipw
Use vipw to add new users, and make
the entry look like this:
user:password:1111:11:language:0:0:User Name:/home/user:/bin/sh
Changing Login Classes with &man.adduser.8;
adduser
login class
Use adduser to add new users, and do
the following:
Set defaultclass =
language in
/etc/adduser.conf. Keep in mind
you must enter a default class for
all users of other languages in this case.
An alternative variant is answering the specified
language each time that
Enter login class: default []:
appears from &man.adduser.8;.
Another alternative is to use the following for each
user of a different language that you wish to
add:
&prompt.root; adduser -class language
Changing Login Classes with &man.pw.8;
pw
If you use &man.pw.8; for adding new users, call it in
this form:
&prompt.root; pw useradd user_name -L language
Shell Startup File Method
This method is not recommended because it requires a
different setup for each possible shell program chosen. Use
the Login Class Method
instead.
MIME
locale
To add the locale name and MIME character set, just set
the two environment variables shown below in the
/etc/profile and/or
/etc/csh.login shell startup files. We
will use the German language as an example below:
In /etc/profile:
LANG=de_DE.ISO8859-1; export LANG
MM_CHARSET=ISO-8859-1; export MM_CHARSET
Or in /etc/csh.login:
setenv LANG de_DE.ISO8859-1
setenv MM_CHARSET ISO-8859-1
Alternatively, you can add the above instructions to
/usr/share/skel/dot.profile (similar to
what was used in /etc/profile above), or
/usr/share/skel/dot.login (similar to
what was used in /etc/csh.login
above).
For X11:
In $HOME/.xinitrc:
LANG=de_DE.ISO8859-1; export LANG
Or:
setenv LANG de_DE.ISO8859-1
Depending on your shell (see above).
Console Setup
For all single C chars character sets, set the correct
console fonts in /etc/rc.conf for the
language in question with:
font8x16=font_name
font8x14=font_name
font8x8=font_name
The font_name here is taken from
the /usr/share/syscons/fonts directory,
without the .fnt suffix.
sysinstall
keymap
screenmap
Also be sure to set the correct keymap and screenmap for your
single C chars character set through
sysinstall (/stand/sysinstall
in &os; versions older than 5.2).
Once inside sysinstall, choose Configure, then
Console. Alternatively, you can add the
following to /etc/rc.conf:
scrnmap=screenmap_name
keymap=keymap_name
keychange="fkey_number sequence"
The screenmap_name here is taken
from the /usr/share/syscons/scrnmaps
directory, without the .scm suffix. A
screenmap with a corresponding mapped font is usually needed as a
workaround for expanding bit 8 to bit 9 on a VGA adapter's font
character matrix in pseudographics area, i.e., to move letters out
of that area if screen font uses a bit 8 column.
If you have the moused daemon
enabled by setting the following
in your /etc/rc.conf:
moused_enable="YES"
then examine the mouse cursor information in the next
paragraph.
moused
By default the mouse cursor of the &man.syscons.4; driver occupies the
0xd0-0xd3 range in the character set. If your language uses this
range, you need to move the cursor's range outside of it. To enable
the workaround for &os;, add the following line to
/etc/rc.conf:
mousechar_start=3
The keymap_name here is taken from
the /usr/share/syscons/keymaps directory,
without the .kbd suffix. If you are
uncertain which keymap to use, you use can &man.kbdmap.1; to test
keymaps without rebooting.
The keychange is usually needed to program
function keys to match the selected terminal type because
function key sequences cannot be defined in the key map.
Also be sure to set the correct console terminal type in
/etc/ttys for all ttyv*
entries. Current pre-defined correspondences are:
Character Set
Terminal Type
ISO8859-1 or ISO8859-15
cons25l1
ISO8859-2
cons25l2
ISO8859-7
cons25l7
KOI8-R
cons25r
KOI8-U
cons25u
CP437 (VGA default)
cons25
US-ASCII
cons25w
For wide or multibyte characters languages, use the correct
FreeBSD port in your
/usr/ports/language
directory. Some ports appear as console while the system sees it
as serial vtty's, hence you must reserve enough vtty's for both
X11 and the pseudo-serial console. Here is a partial list of
applications for using other languages in console:
Language
Location
Traditional Chinese (BIG-5)
chinese/big5con
Japanese
japanese/kon2-16dot or
japanese/mule-freewnn
Korean
korean/han
X11 Setup
Although X11 is not part of the FreeBSD Project, we have
included some information here for FreeBSD users. For more
details, refer to the &xorg;
web site or whichever X11 Server you use.
In ~/.Xresources, you can additionally
tune application specific I18N settings (e.g., fonts, menus,
etc.).
Displaying Fonts
X11 True Type font server
Install &xorg; server
(x11-servers/xorg-server)
or &xfree86; server
(x11-servers/XFree86-4-Server),
then install the language &truetype; fonts. Setting the correct
locale should allow you to view your selected language in menus
and such.
Inputting Non-English Characters
X11 Input Method (XIM)
The X11 Input Method (XIM) Protocol is a new standard for
all X11 clients. All X11 applications should be written as XIM
clients that take input from XIM Input servers. There are
several XIM servers available for different languages.
Printer Setup
Some single C chars character sets are usually hardware
coded into printers. Wide or multibyte
character sets require special setup and we recommend using
apsfilter. You may also convert the
document to &postscript; or PDF formats using language specific
converters.
Kernel and File Systems
The FreeBSD fast filesystem (FFS) is 8-bit clean, so it can be used
with any single C chars character set (see &man.multibyte.3;),
but there is no character set
name stored in the filesystem; i.e., it is raw 8-bit and does not
know anything about encoding order. Officially, FFS does not
support any form of wide or multibyte character sets yet. However, some
wide or multibyte character sets have independent patches for FFS
enabling such support. They are only temporary unportable
solutions or hacks and we have decided to not include them in the
source tree. Refer to respective languages' web sites for more
information and the patch files.
DOS
Unicode
The FreeBSD &ms-dos; filesystem has the configurable ability to
convert between &ms-dos;, Unicode character sets and chosen
FreeBSD filesystem character sets. See &man.mount.msdos.8; for
details.
Compiling I18N Programs
Many FreeBSD Ports have been ported with I18N support. Some
of them are marked with -I18N in the port name. These and many
other programs have built in support for I18N and need no special
consideration.
MySQL
However, some applications such as
MySQL need to be have the
Makefile configured with the specific
charset. This is usually done in the
Makefile or done by passing a value to
configure in the source.
Localizing FreeBSD to Specific Languages
Andrey
Chernov
Originally contributed by
Russian Language (KOI8-R Encoding)
localization
Russian
For more information about KOI8-R encoding, see the KOI8-R References
(Russian Net Character Set).
Locale Setup
Put the following lines into your
~/.login_conf file:
me:My Account:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:
See earlier in this chapter for examples of setting up the
locale.
Console Setup
Add the following line
to your /etc/rc.conf file:
mousechar_start=3
Also, use following settings in
/etc/rc.conf:
keymap="ru.koi8-r"
scrnmap="koi8-r2cp866"
font8x16="cp866b-8x16"
font8x14="cp866-8x14"
font8x8="cp866-8x8"
For each ttyv* entry in
/etc/ttys, use
cons25r as the terminal type.
See earlier in this chapter for examples of setting up the
console.
Printer Setup
printers
Since most printers with Russian characters come with
hardware code page CP866, a special output filter is needed
to convert from KOI8-R to CP866. Such a filter is installed by
default as /usr/libexec/lpr/ru/koi2alt.
A Russian printer /etc/printcap entry
should look like:
lp|Russian local line printer:\
:sh:of=/usr/libexec/lpr/ru/koi2alt:\
:lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:
See &man.printcap.5; for a detailed description.
&ms-dos; FS and Russian Filenames
The following example &man.fstab.5; entry enables support
for Russian filenames in mounted &ms-dos; filesystems:
/dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0
The option selects the locale name
used, and sets the character conversion
table. To use the option, be sure to
mount /usr before the &ms-dos; partition
because the conversion tables are located in
/usr/libdata/msdosfs. For more
information, see the &man.mount.msdos.8; manual
page.
X11 Setup
Do non-X locale
setup first as described.
If you use &xorg;,
install
x11-fonts/xorg-fonts-cyrillic
package.
Check the "Files" section
in your /etc/X11/xorg.conf file.
The following
lines must be added before any other
FontPath entries:
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/misc"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/75dpi"
FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/100dpi"
If you use a high resolution video mode, swap the 75 dpi
and 100 dpi lines.
To activate a Russian keyboard, add the following to the
"Keyboard" section of your
xorg.conf file.
Option "XkbLayout" "us,ru"
Option "XkbOptions" "grp:toggle"
Also make sure that XkbDisable is
turned off (commented out) there.
For grp:caps_toggle
the RUS/LAT switch will be CapsLock.
The old CapsLock function is still
available via ShiftCapsLock (in LAT mode
only). For grp:toggle
the RUS/LAT switch will be Right Alt.
grp:caps_toggle does not work in
&xorg; for unknown reason.
If you have &windows;
keys on your keyboard,
and notice that some non-alphabetical keys are mapped
incorrectly in RUS mode, add the following line in your
xorg.conf file.
Option "XkbVariant" ",winkeys"
The Russian XKB keyboard may not work with non-localized
applications.
Minimally localized applications
should call a XtSetLanguageProc (NULL, NULL,
NULL); function early in the program.
See
KOI8-R for X Window for more instructions on
localizing X11 applications.
Traditional Chinese Localization for Taiwan
localization
Traditional Chinese
The FreeBSD-Taiwan Project has an Chinese HOWTO for
FreeBSD at
using many Chinese ports.
Current editor for the FreeBSD Chinese HOWTO is
Shen Chuan-Hsing statue@freebsd.sinica.edu.tw.
Chuan-Hsing Shen statue@freebsd.sinica.edu.tw has
created the
Chinese FreeBSD Collection (CFC) using FreeBSD-Taiwan's
zh-L10N-tut. The packages and the script files
are available at .
German Language Localization (for All ISO 8859-1
Languages)
localization
German
Slaven Rezic eserte@cs.tu-berlin.de wrote a
tutorial how to use umlauts on a FreeBSD machine. The tutorial
is written in German and available at
.
Japanese and Korean Language Localization
localization
Japanese
localization
Korean
For Japanese, refer to
,
and for Korean, refer to
.
Non-English FreeBSD Documentation
Some FreeBSD contributors have translated parts of FreeBSD to
other languages. They are available through links on the main site or in
/usr/share/doc.
diff --git a/zh_TW.Big5/books/handbook/mail/chapter.xml b/zh_TW.Big5/books/handbook/mail/chapter.xml
index 5d93615541..37966654b2 100644
--- a/zh_TW.Big5/books/handbook/mail/chapter.xml
+++ b/zh_TW.Big5/books/handbook/mail/chapter.xml
@@ -1,2300 +1,2299 @@
Bill
Lloyd
Original work by
Jim
Mock
Rewritten by
qll
z
email
qll
Ϊ̫U٪ emailA
DO{ϥγ̼sxq覡@C DnЦpb &os; WwˡB
]w email AȡAHΦpb &os; oHF MӳoäO㪺ѦҤUA
ڤW\hݦҶqnƶåΡAYAѲӸ`аѾ\ ѦҮyC
ŪoAzNFѡJ
dzn餸PoqllC
FreeBSD sendmail
]wɦbC
ݫHcPHcϧOC
p spammer(Ulsy)DkBαzlA@
relay(o~I)C
pwˡB]wL Mail Transfer Agent(MTA) ӨN
sendmailC
pBz`lADC
pϥ UUCP Ӷi SMTPC
p]wtΡAϨuoelC
pbWҤAolC
p]w SMTP ҡAH[jwʡC
pwˡBϥ Mail User Agent(MUA) {Ap
mutt ӦolC
pq POP IMAP
DhUlC
pbH譱A۰ʮMζlLoC
b}l\ŪoeAzݭnJ
]nA
()C
ॿTlA]w DNS
()C
DpzL port/package w˳n
()C
ϥιqll
POP
IMAP
DNS
b email 洫L{ 5 ӥDnAOOGMUABMTAB
DNSB
ݩΥHcAM٦ lD
C
MUA {
]A@Ǥr{AO
muttB
pineBelmB
and mailAH GUI {A
O balsaB
xfmail C ~A٦
O WWW sC
oǵ{|lBz浹 lD
AΪ̳zLIs
MTA(Y)Ϊ̬OzL
TCP ӶǻlC
Mailhost Server Daemon
mail server daemons
sendmail
mail server daemons
postfix
mail server daemons
qmail
mail server daemons
exim
&os; ships with sendmail by
default, but also support numerous other mail server daemons,
just some of which include:
exim;
postfix;
qmail.
The server daemon usually has two functions—it is responsible
for receiving incoming mail as well as delivering outgoing mail. It is
not responsible for the collection of mail using protocols
such as POP or IMAP to
read your email, nor does it allow connecting to local
mbox or Maildir mailboxes. You may require
an additional daemon for
that.
Older versions of sendmail
have some serious security issues which may result in an
attacker gaining local and/or remote access to your machine.
Make sure that you are running a current version to avoid
these problems. Optionally, install an alternative
MTA from the &os;
Ports Collection.
Email and DNS
The Domain Name System (DNS) and its daemon
named play a large role in the delivery of
email. In order to deliver mail from your site to another, the
server daemon will look up the remote site in the DNS to determine the
host that will receive mail for the destination. This process
also occurs when mail is sent from a remote host to your mail
server.
MX record
DNS is responsible for mapping
hostnames to IP addresses, as well as for storing information
specific to mail delivery, known as MX records. The MX (Mail
eXchanger) record specifies which host, or hosts, will receive
mail for a particular domain. If you do not have an MX record
for your hostname or domain, the mail will be delivered
directly to your host provided you have an A record pointing
your hostname to your IP address.
You may view the MX records for any domain by using the
&man.host.1; command, as seen in the example below:
&prompt.user; host -t mx FreeBSD.org
FreeBSD.org mail is handled (pri=10) by mx1.FreeBSD.org
Receiving Mail
email
receiving
Receiving mail for your domain is done by the mail host. It
will collect all mail sent to your domain and store it
either in mbox (the default method for storing mail) or Maildir format, depending
on your configuration.
Once mail has been stored, it may either be read locally using
applications such as &man.mail.1; or
mutt, or remotely accessed and
collected using protocols such as
POP or IMAP.
This means that should you only
wish to read mail locally, you are not required to install a
POP or IMAP server.
Accessing remote mailboxes using POP and IMAP
POP
IMAP
In order to access mailboxes remotely, you are required to
have access to a POP or IMAP
server. These protocols allow users to connect to their mailboxes from
remote locations with ease. Though both
POP and IMAP allow users
to remotely access mailboxes, IMAP offers
many advantages, some of which are:
IMAP can store messages on a remote
server as well as fetch them.
IMAP supports concurrent updates.
IMAP can be extremely useful over
low-speed links as it allows users to fetch the structure
of messages without downloading them; it can also
perform tasks such as searching on the server in
order to minimize data transfer between clients and
servers.
In order to install a POP or
IMAP server, the following steps should be
performed:
Choose an IMAP or
POP server that best suits your needs.
The following POP and
IMAP servers are well known and serve
as some good examples:
qpopper;
teapop;
imap-uw;
courier-imap;
Install the POP or
IMAP daemon of your choosing from the
ports
collection.
Where required, modify /etc/inetd.conf
to load the POP or
IMAP server.
It should be noted that both POP and
IMAP transmit information, including
username and password credentials in clear-text. This means
that if you wish to secure the transmission of information
across these protocols, you should consider tunneling
sessions over &man.ssh.1;. Tunneling sessions is
described in .
Accessing local mailboxes
Mailboxes may be accessed locally by directly utilizing
MUAs on the server on which the mailbox
resides. This can be done using applications such as
mutt or &man.mail.1;.
The Mail Host
mail host
The mail host is the name given to a server that is
responsible for delivering and receiving mail for your host, and
possibly your network.
Christopher
Shumway
Contributed by
sendmail Configuration
sendmail
&man.sendmail.8; is the default Mail Transfer Agent (MTA) in
FreeBSD. sendmail's job is to accept
mail from Mail User Agents (MUA) and deliver it
to the appropriate mailer as defined by its configuration file.
sendmail can also accept network
connections and deliver mail to local mailboxes or deliver it to
another program.
sendmail uses the following
configuration files:
/etc/mail/access
/etc/mail/aliases
/etc/mail/local-host-names
/etc/mail/mailer.conf
/etc/mail/mailertable
/etc/mail/sendmail.cf
/etc/mail/virtusertable
Filename
Function
/etc/mail/access
sendmail access database
file
/etc/mail/aliases
Mailbox aliases
/etc/mail/local-host-names
Lists of hosts sendmail
accepts mail for
/etc/mail/mailer.conf
Mailer program configuration
/etc/mail/mailertable
Mailer delivery table
/etc/mail/sendmail.cf
sendmail master
configuration file
/etc/mail/virtusertable
Virtual users and domain tables
/etc/mail/access
The access database defines what host(s) or IP addresses
have access to the local mail server and what kind of access
they have. Hosts can be listed as ,
, or simply passed
to sendmail's error handling routine with a given mailer error.
Hosts that are listed as , which is the
default, are allowed to send mail to this host as long as the
mail's final destination is the local machine. Hosts that are
listed as are rejected for all mail
connections. Hosts that have the option
for their hostname are allowed to send mail for any destination
through this mail server.
Configuring the sendmail
Access Database
cyberspammer.com 550 We do not accept mail from spammers
FREE.STEALTH.MAILER@ 550 We do not accept mail from spammers
another.source.of.spam REJECT
okay.cyberspammer.com OK
128.32 RELAY
In this example we have five entries. Mail senders that
match the left hand side of the table are affected by the action
on the right side of the table. The first two examples give an
error code to sendmail's error
handling routine. The message is printed to the remote host when
a mail matches the left hand side of the table. The next entry
rejects mail from a specific host on the Internet,
another.source.of.spam. The next entry accepts
mail connections from a host
okay.cyberspammer.com, which is more exact than
the cyberspammer.com line above. More specific
matches override less exact matches. The last entry allows
relaying of electronic mail from hosts with an IP address that
begins with 128.32. These hosts would be able
to send mail through this mail server that are destined for other
mail servers.
When this file is updated, you need to run
make in /etc/mail/ to
update the database.
/etc/mail/aliases
The aliases database contains a list of virtual mailboxes
that are expanded to other user(s), files, programs or other
aliases. Here are a few examples that can be used in
/etc/mail/aliases:
Mail Aliases
root: localuser
ftp-bugs: joe,eric,paul
bit.bucket: /dev/null
procmail: "|/usr/local/bin/procmail"
The file format is simple; the mailbox name on the left
side of the colon is expanded to the target(s) on the right.
The
first example simply expands the mailbox root
to the mailbox localuser, which is then
looked up again in the aliases database. If no match is found,
then the message is delivered to the local user
localuser. The next example shows a mail
list. Mail to the mailbox ftp-bugs is
expanded to the three local mailboxes joe,
eric, and paul. Note
that a remote mailbox could be specified as user@example.com. The
next example shows writing mail to a file, in this case
/dev/null. The last example shows sending
mail to a program, in this case the mail message is written to the
standard input of /usr/local/bin/procmail
through a &unix; pipe.
When this file is updated, you need to run
make in /etc/mail/ to
update the database.
/etc/mail/local-host-names
This is a list of hostnames &man.sendmail.8; is to accept as
the local host name. Place any domains or hosts that
sendmail is to be receiving mail for.
For example, if this mail server was to accept mail for the
domain example.com and the host
mail.example.com, its
local-host-names might look something like
this:
example.com
mail.example.com
When this file is updated, &man.sendmail.8; needs to be
restarted to read the changes.
/etc/mail/sendmail.cf
sendmail's master configuration
file, sendmail.cf controls the overall
behavior of sendmail, including everything
from rewriting e-mail addresses to printing rejection messages to
remote mail servers. Naturally, with such a diverse role, this
configuration file is quite complex and its details are a bit
out of the scope of this section. Fortunately, this file rarely
needs to be changed for standard mail servers.
The master sendmail configuration
file can be built from &man.m4.1; macros that define the features
and behavior of sendmail. Please see
/usr/src/contrib/sendmail/cf/README for
some of the details.
When changes to this file are made,
sendmail needs to be restarted for
the changes to take effect.
/etc/mail/virtusertable
The virtusertable maps mail addresses for
virtual domains and
mailboxes to real mailboxes. These mailboxes can be local,
remote, aliases defined in
/etc/mail/aliases or files.
Example Virtual Domain Mail Map
root@example.com root
postmaster@example.com postmaster@noc.example.net
@example.com joe
In the above example, we have a mapping for a domain
example.com. This file is processed in a
first match order down the file. The first item maps
root@example.com to the local mailbox root. The next entry maps
postmaster@example.com to the mailbox postmaster on the host
noc.example.net. Finally, if nothing from example.com has
matched so far, it will match the last mapping, which matches
every other mail message addressed to someone at
example.com.
This will be mapped to the local mailbox joe.
Andrew
Boothman
Written by
Gregory
Neil Shapiro
Information taken from e-mails written by
Changing Your Mail Transfer Agent
email
change mta
As already mentioned, FreeBSD comes with
sendmail already installed as your
MTA (Mail Transfer Agent). Therefore by default it is
in charge of your outgoing and incoming mail.
However, for a variety of reasons, some system
administrators want to change their system's MTA. These
reasons range from simply wanting to try out another MTA to
needing a specific feature or package which relies on another
mailer. Fortunately, whatever the reason, FreeBSD makes it
easy to make the change.
Install a New MTA
You have a wide choice of MTAs available. A good
starting point is the
FreeBSD Ports Collection where
you will be able to find many. Of course you are free to use
any MTA you want from any location, as long as you can make
it run under FreeBSD.
Start by installing your new MTA. Once it is installed
it gives you a chance to decide if it really fulfills your
needs, and also gives you the opportunity to configure your
new software before getting it to take over from
sendmail. When doing this, you
should be sure that installing the new software will not attempt
to overwrite system binaries such as
/usr/bin/sendmail. Otherwise, your new
mail software has essentially been put into service before
you have configured it.
Please refer to your chosen MTA's documentation for
information on how to configure the software you have
chosen.
Disable sendmail
The procedure used to start
sendmail changed significantly
between 4.5-RELEASE, 4.6-RELEASE, and later releases.
Therefore, the procedure used to disable it is subtly
different.
If you disable sendmail's
outgoing mail service, it is important that you replace it
with an alternative mail delivery system. If
you choose not to, system functions such as &man.periodic.8;
will be unable to deliver their results by e-mail as they
would normally expect to. Many parts of your system may
expect to have a functional
sendmail-compatible system. If
applications continue to use
sendmail's binaries to try to send
e-mail after you have disabled them, mail could go into an
inactive sendmail queue, and
never be delivered.
FreeBSD 4.5-STABLE before 2002/4/4 and Earlier
(Including 4.5-RELEASE and Earlier)
Enter:
sendmail_enable="NO"
into /etc/rc.conf. This will disable
sendmail's incoming mail service,
but if /etc/mail/mailer.conf (see below)
is not changed, sendmail will
still be used to send e-mail.
FreeBSD 4.5-STABLE after 2002/4/4
(Including 4.6-RELEASE and Later)
In order to completely disable
sendmail, including the outgoing
mail service, you must use
sendmail_enable="NONE"
in /etc/rc.conf.
If you only want to disable
sendmail's incoming mail service,
you should set
sendmail_enable="NO"
in /etc/rc.conf. However, if
incoming mail is disabled, local delivery will still
function. More information on
sendmail's startup options is
available from the &man.rc.sendmail.8; manual page.
FreeBSD 5.0-STABLE and Later
In order to completely disable
sendmail, including the outgoing
mail service, you must use
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
in /etc/rc.conf.
If you only want to disable
sendmail's incoming mail service,
you should set
sendmail_enable="NO"
in /etc/rc.conf. More information on
sendmail's startup options is
available from the &man.rc.sendmail.8; manual page.
Running Your New MTA on Boot
You may have a choice of two methods for running your
new MTA on boot, again depending on what version of FreeBSD
you are running.
FreeBSD 4.5-STABLE before 2002/4/11
(Including 4.5-RELEASE and Earlier)
Add a script to
/usr/local/etc/rc.d/ that
ends in .sh and is executable by
root. The script should accept start and
stop parameters. At startup time the
system scripts will execute the command
/usr/local/etc/rc.d/supermailer.sh start
which you can also use to manually start the server. At
shutdown time, the system scripts will use the
stop option, running the command
/usr/local/etc/rc.d/supermailer.sh stop
which you can also use to manually stop the server
while the system is running.
FreeBSD 4.5-STABLE after 2002/4/11
(Including 4.6-RELEASE and Later)
With later versions of FreeBSD, you can use the
above method or you can set
mta_start_script="filename"
in /etc/rc.conf, where
filename is the name of some
script that you want executed at boot to start your
MTA.
Replacing sendmail as
the System's Default Mailer
The program sendmail is so ubiquitous
as standard software on &unix; systems that some software
just assumes it is already installed and configured.
For this reason, many alternative MTA's provide their own compatible
implementations of the sendmail
command-line interface; this facilitates using them as
drop-in
replacements for sendmail.
Therefore, if you are using an alternative mailer,
you will need to make sure that software trying to execute
standard sendmail binaries such as
/usr/bin/sendmail actually executes
your chosen mailer instead. Fortunately, FreeBSD provides
a system called &man.mailwrapper.8; that does this job for
you.
When sendmail is operating as installed, you will
find something like the following
in /etc/mail/mailer.conf:
sendmail /usr/libexec/sendmail/sendmail
send-mail /usr/libexec/sendmail/sendmail
mailq /usr/libexec/sendmail/sendmail
newaliases /usr/libexec/sendmail/sendmail
hoststat /usr/libexec/sendmail/sendmail
purgestat /usr/libexec/sendmail/sendmail
This means that when any of these common commands
(such as sendmail itself) are run,
the system actually invokes a copy of mailwrapper named sendmail, which
checks mailer.conf and
executes /usr/libexec/sendmail/sendmail
instead. This system makes it easy to change what binaries
are actually executed when these default sendmail functions
are invoked.
Therefore if you wanted
/usr/local/supermailer/bin/sendmail-compat
to be run instead of sendmail, you could change
/etc/mail/mailer.conf to read:
sendmail /usr/local/supermailer/bin/sendmail-compat
send-mail /usr/local/supermailer/bin/sendmail-compat
mailq /usr/local/supermailer/bin/mailq-compat
newaliases /usr/local/supermailer/bin/newaliases-compat
hoststat /usr/local/supermailer/bin/hoststat-compat
purgestat /usr/local/supermailer/bin/purgestat-compat
Finishing
Once you have everything configured the way you want it, you should
either kill the sendmail processes that
you no longer need and start the processes belonging to your new
software, or simply reboot. Rebooting will also
give you the opportunity to ensure that you have correctly
configured your system to start your new MTA automatically on boot.
Troubleshooting
email
troubleshooting
Why do I have to use the FQDN for hosts on my site?
You will probably find that the host is actually in a
different domain; for example, if you are in
foo.bar.edu and you wish to reach
a host called mumble in the bar.edu domain, you will have to
refer to it by the fully-qualified domain name, mumble.bar.edu, instead of just
mumble.
Traditionally, this was allowed by BSD BIND
BIND resolvers.
However the current version of BIND
that ships with FreeBSD no longer provides default abbreviations
for non-fully qualified domain names other than the domain you
are in. So an unqualified host mumble must
either be found as mumble.foo.bar.edu, or it will be searched
for in the root domain.
This is different from the previous behavior, where the
search continued across mumble.bar.edu, and mumble.edu. Have a look at RFC 1535
for why this was considered bad practice, or even a security
hole.
As a good workaround, you can place the line:
search foo.bar.edu bar.edu
instead of the previous:
domain foo.bar.edu
into your /etc/resolv.conf. However, make
sure that the search order does not go beyond the
boundary between local and public administration
,
as RFC 1535 calls it.
sendmail says mail
loops back to myself
This is answered in the
sendmail FAQ as follows:
I'm getting these error messages:
553 MX list for domain.net points back to relay.domain.net
554 <user@domain.net>... Local configuration error
How can I solve this problem?
You have asked mail to the domain (e.g., domain.net) to be
forwarded to a specific host (in this case, relay.domain.net)
by using an MXMX record
record, but the relay machine does not recognize
itself as domain.net. Add domain.net to /etc/mail/local-host-names
[known as /etc/sendmail.cw prior to version 8.10]
(if you are using FEATURE(use_cw_file)) or add Cw domain.net
to /etc/mail/sendmail.cf.
The sendmail FAQ can be found at
and is
recommended reading if you want to do any
tweaking
of your mail setup.
How can I run a mail server on a dial-up PPP
PPP host?
You want to connect a FreeBSD box on a LAN to the
Internet. The FreeBSD box will be a mail gateway for the LAN.
The PPP connection is non-dedicated.
There are at least two ways to do this. One way is to use
UUCPUUCP.
Another way is to get a full-time Internet server to provide secondary
MXMX record
services for your domain. For example, if your company's domain is
example.com and your Internet service provider has
set example.net up to provide secondary MX services
to your domain:
example.com. MX 10 example.com.
MX 20 example.net.
Only one host should be specified as the final recipient
(add Cw example.com in
/etc/mail/sendmail.cf on example.com).
When the sending sendmail is trying to
deliver the mail it will try to connect to you (example.com) over the modem
link. It will most likely time out because you are not online.
The program sendmail will automatically deliver it to the
secondary MX site, i.e. your Internet provider (example.net). The secondary MX
site will then periodically try to connect to
your host and deliver the mail to the primary MX host (example.com).
You might want to use something like this as a login
script:
#!/bin/sh
# Put me in /usr/local/bin/pppmyisp
( sleep 60 ; /usr/sbin/sendmail -q ) &
/usr/sbin/ppp -direct pppmyisp
If you are going to create a separate login script for a
user you could use sendmail -qRexample.com
instead in the script above. This will force all mail in your
queue for example.com to be processed immediately.
A further refinement of the situation is as follows:
Message stolen from the &a.isp;.
> we provide the secondary MX for a customer. The customer connects to
> our services several times a day automatically to get the mails to
> his primary MX (We do not call his site when a mail for his domains
> arrived). Our sendmail sends the mailqueue every 30 minutes. At the
> moment he has to stay 30 minutes online to be sure that all mail is
> gone to the primary MX.
>
> Is there a command that would initiate sendmail to send all the mails
> now? The user has not root-privileges on our machine of course.
In the privacy flags
section of sendmail.cf, there is a
definition Opgoaway,restrictqrun
Remove restrictqrun to allow non-root users to start the queue processing.
You might also like to rearrange the MXs. We are the 1st MX for our
customers like this, and we have defined:
# If we are the best MX for a host, try directly instead of generating
# local config error.
OwTrue
That way a remote site will deliver straight to you, without trying
the customer connection. You then send to your customer. Only works for
hosts
, so you need to get your customer to name their mail
machine customer.com
as well as
hostname.customer.com
in the DNS. Just put an A record in
the DNS for customer.com
.
Why do I keep getting Relaying
Denied errors when sending mail from other
hosts?
In default FreeBSD installations,
sendmail is configured to only
send mail from the host it is running on. For example, if
a POP server is available, then users
will be able to check mail from school, work, or other
remote locations but they still will not be able to send
outgoing emails from outside locations. Typically, a few
moments after the attempt, an email will be sent from
MAILER-DAEMON with a
5.7 Relaying Denied error
message.
There are several ways to get around this. The most
straightforward solution is to put your ISP's address in
a relay-domains file at
/etc/mail/relay-domains. A quick way
to do this would be:
&prompt.root; echo "your.isp.example.com" > /etc/mail/relay-domains
After creating or editing this file you must restart
sendmail. This works great if
you are a server administrator and do not wish to send mail
locally, or would like to use a point and click
client/system on another machine or even another ISP. It
is also very useful if you only have one or two email
accounts set up. If there is a large number of addresses
to add, you can simply open this file in your favorite
text editor and then add the domains, one per line:
your.isp.example.com
other.isp.example.net
users-isp.example.org
www.example.org
Now any mail sent through your system, by any host in
this list (provided the user has an account on your
system), will succeed. This is a very nice way to allow
users to send mail from your system remotely without
allowing people to send SPAM through your system.
Advanced Topics
The following section covers more involved topics such as mail
configuration and setting up mail for your entire domain.
Basic Configuration
email
configuration
Out of the box, you should be able to send email to external
hosts as long as you have set up
/etc/resolv.conf or are running your own
name server. If you would like to have mail for your host
delivered to the MTA (e.g., sendmail) on your own FreeBSD host, there are two methods:
Run your own name server and have your own domain. For
example, FreeBSD.org
Get mail delivered directly to your host. This is done by
delivering mail directly to the current DNS name for your
machine. For example, example.FreeBSD.org.
SMTP
Regardless of which of the above you choose, in order to have
mail delivered directly to your host, it must have a permanent
static IP address (not a dynamic address, as with most PPP dial-up configurations). If you are behind a
firewall, it must pass SMTP traffic on to you. If you want to
receive mail directly at your host, you need to be sure of either of two
things:
- MX record
- Make sure that the (lowest-numbered) MX record in your DNS points to your
+ Make sure that the (lowest-numbered) MX recordMX record in your DNS points to your
host's IP address.
Make sure there is no MX entry in your DNS for your
host.
Either of the above will allow you to receive mail directly at
your host.
Try this:
&prompt.root; hostname
example.FreeBSD.org
&prompt.root; host example.FreeBSD.org
example.FreeBSD.org has address 204.216.27.XX
If that is what you see, mail directly to
yourlogin@example.FreeBSD.org should work without
problems (assuming sendmail is
running correctly on example.FreeBSD.org).
If instead you see something like this:
&prompt.root; host example.FreeBSD.org
example.FreeBSD.org has address 204.216.27.XX
example.FreeBSD.org mail is handled (pri=10) by hub.FreeBSD.org
All mail sent to your host (example.FreeBSD.org) will end up being
collected on hub under the same username instead
of being sent directly to your host.
The above information is handled by your DNS server. The DNS
record that carries mail routing information is the
Mail eXchange entry. If
no MX record exists, mail will be delivered directly to the host by
way of its IP address.
The MX entry for freefall.FreeBSD.org at one time looked like
this:
freefall MX 30 mail.crl.net
freefall MX 40 agora.rdrop.com
freefall MX 10 freefall.FreeBSD.org
freefall MX 20 who.cdrom.com
As you can see, freefall had many MX entries.
The lowest MX number is the host that receives mail directly if
available; if it is not accessible for some reason, the others
(sometimes called backup MXes
) accept messages
temporarily, and pass it along when a lower-numbered host becomes
available, eventually to the lowest-numbered host.
Alternate MX sites should have separate Internet connections
from your own in order to be most useful. Your ISP or another
friendly site should have no problem providing this service for
you.
Mail for Your Domain
In order to set up a mailhost
(a.k.a. mail
server) you need to have any mail sent to various workstations
directed to it. Basically, you want to claim
any
mail for any hostname in your domain (in this case *.FreeBSD.org) and divert it to your mail
server so your users can receive their mail on
the master mail server.
DNS
To make life easiest, a user account with the same
username should exist on both machines. Use
&man.adduser.8; to do this.
The mailhost you will be using must be the designated mail
exchanger for each workstation on the network. This is done in
your DNS configuration like so:
example.FreeBSD.org A 204.216.27.XX ; Workstation
MX 10 hub.FreeBSD.org ; Mailhost
This will redirect mail for the workstation to the mailhost no
matter where the A record points. The mail is sent to the MX
host.
You cannot do this yourself unless you are running a DNS
server. If you are not, or cannot run your own DNS server, talk
to your ISP or whoever provides your DNS.
If you are doing virtual email hosting, the following
information will come in handy. For this example, we
will assume you have a customer with his own domain, in this
case customer1.org, and you want
all the mail for customer1.org
sent to your mailhost, mail.myhost.com. The entry in your DNS
should look like this:
customer1.org MX 10 mail.myhost.com
You do not need an A record for customer1.org if you only
want to handle email for that domain.
Be aware that pinging customer1.org will not work unless
an A record exists for it.
The last thing that you must do is tell
sendmail on your mailhost what domains
and/or hostnames it should be accepting mail for. There are a few
different ways this can be done. Either of the following will
work:
Add the hosts to your
/etc/mail/local-host-names file if you are using the
FEATURE(use_cw_file). If you are using
a version of sendmail earlier than 8.10, the file is
/etc/sendmail.cw.
Add a Cwyour.host.com line to your
/etc/sendmail.cf or
/etc/mail/sendmail.cf if you are using
sendmail 8.10 or higher.
SMTP with UUCP
The sendmail configuration that ships with FreeBSD is
designed for sites that connect directly to the Internet. Sites
that wish to exchange their mail via UUCP must install another
sendmail configuration file.
Tweaking /etc/mail/sendmail.cf manually
is an advanced topic. sendmail version 8 generates config files
via &man.m4.1; preprocessing, where the actual configuration
occurs on a higher abstraction level. The &man.m4.1;
configuration files can be found under
/usr/share/sendmail/cf. The file
README in the cf
directory can serve as a basic introduction to &man.m4.1;
configuration.
The best way to support UUCP delivery is to use the
mailertable feature. This creates a database
that sendmail can use to make routing decisions.
First, you have to create your .mc
file. The directory
/usr/share/sendmail/cf/cf contains a
few examples. Assuming you have named your file
foo.mc, all you need to do in order to
convert it into a valid sendmail.cf
is:
&prompt.root; cd /etc/mail
&prompt.root; make foo.cf
&prompt.root; cp foo.cf /etc/mail/sendmail.cf
A typical .mc file might look
like:
VERSIONID(`Your version number') OSTYPE(bsd4.4)
FEATURE(accept_unresolvable_domains)
FEATURE(nocanonify)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
define(`UUCP_RELAY', your.uucp.relay)
define(`UUCP_MAX_SIZE', 200000)
define(`confDONT_PROBE_INTERFACES')
MAILER(local)
MAILER(smtp)
MAILER(uucp)
Cw your.alias.host.name
Cw youruucpnodename.UUCP
The lines containing
accept_unresolvable_domains,
nocanonify, and
confDONT_PROBE_INTERFACES features will
prevent any usage of the DNS during mail delivery. The
UUCP_RELAY clause is needed to support UUCP
delivery. Simply put an Internet hostname there that is able to
handle .UUCP pseudo-domain addresses; most likely, you will
enter the mail relay of your ISP there.
Once you have this, you need an
/etc/mail/mailertable file. If you have
only one link to the outside that is used for all your mails,
the following file will suffice:
#
# makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable
. uucp-dom:your.uucp.relay
A more complex example might look like this:
#
# makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable
#
horus.interface-business.de uucp-dom:horus
.interface-business.de uucp-dom:if-bus
interface-business.de uucp-dom:if-bus
.heep.sax.de smtp8:%1
horus.UUCP uucp-dom:horus
if-bus.UUCP uucp-dom:if-bus
. uucp-dom:
The first three lines handle special cases where
domain-addressed mail should not be sent out to the default
route, but instead to some UUCP neighbor in order to
shortcut
the delivery path. The next line handles
mail to the local Ethernet domain that can be delivered using
SMTP. Finally, the UUCP neighbors are mentioned in the .UUCP
pseudo-domain notation, to allow for a
uucp-neighbor
!recipient
override of the default rules. The last line is always a single
dot, matching everything else, with UUCP delivery to a UUCP
neighbor that serves as your universal mail gateway to the
world. All of the node names behind the
uucp-dom: keyword must be valid UUCP
neighbors, as you can verify using the command
uuname.
As a reminder that this file needs to be converted into a
DBM database file before use. The command line to accomplish
this is best placed as a comment at the top of the mailertable file.
You always have to execute this command each time you change
your mailertable file.
Final hint: if you are uncertain whether some particular
mail routing would work, remember the
option to sendmail. It starts sendmail in address test
mode; simply enter 3,0, followed
by the address you wish to test for the mail routing. The last
line tells you the used internal mail agent, the destination
host this agent will be called with, and the (possibly
translated) address. Leave this mode by typing CtrlD.
&prompt.user; sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 foo@example.com
canonify input: foo @ example . com
...
parse returns: $# uucp-dom $@ your.uucp.relay $: foo < @ example . com . >
> ^D
Bill
Moran
Contributed by
Setting Up to Send Only
There are many instances where you may only want to send
mail through a relay. Some examples are:
Your computer is a desktop machine, but you want
to use programs such as &man.send-pr.1;. To do so, you should use
your ISP's mail relay.
The computer is a server that does not handle mail
locally, but needs to pass off all mail to a relay for
processing.
Just about any MTA is capable of filling
this particular niche. Unfortunately, it can be very difficult
to properly configure a full-featured MTA
just to handle offloading mail. Programs such as
sendmail and
postfix are largely overkill for
this use.
Additionally, if you are using a typical Internet access
service, your agreement may forbid you from running a
mail server
.
The easiest way to fulfill those needs is to install the
mail/ssmtp port. Execute
the following commands as root:
&prompt.root; cd /usr/ports/mail/ssmtp
&prompt.root; make install replace clean
Once installed,
mail/ssmtp can be configured
with a four-line file located at
/usr/local/etc/ssmtp/ssmtp.conf:
root=yourrealemail@example.com
mailhub=mail.example.com
rewriteDomain=example.com
hostname=_HOSTNAME_
Make sure you use your real email address for
root. Enter your ISP's outgoing mail relay
in place of mail.example.com (some ISPs call
this the outgoing mail server
or
SMTP server
).
Make sure you disable sendmail,
including the outgoing mail service. See
for details.
mail/ssmtp has some
other options available. See the example configuration file in
/usr/local/etc/ssmtp or the manual page of
ssmtp for some examples and more
information.
Setting up ssmtp in this manner
will allow any software on your computer that needs to send
mail to function properly, while not violating your ISP's usage
policy or allowing your computer to be hijacked for spamming.
Using Mail with a Dialup Connection
If you have a static IP address, you should not need to
adjust anything from the defaults. Set your host name to your
assigned Internet name and sendmail will do the rest.
If you have a dynamically assigned IP number and use a
dialup PPP connection to the Internet, you will probably have a
mailbox on your ISPs mail server. Let's assume your ISP's domain
is example.net, and that your
user name is user, you have called your
machine bsd.home, and your ISP has
told you that you may use relay.example.net as a mail relay.
In order to retrieve mail from your mailbox, you must
install a retrieval agent. The
fetchmail utility is a good choice as
it supports many different protocols. This program is available
as a package or from the Ports Collection (mail/fetchmail). Usually, your ISP will
provide POP. If you are using user PPP, you can
automatically fetch your mail when an Internet connection is
established with the following entry in
/etc/ppp/ppp.linkup:
MYADDR:
!bg su user -c fetchmail
If you are using sendmail (as
shown below) to deliver mail to non-local accounts, you probably
want to have sendmail process your
mailqueue as soon as your Internet connection is established.
To do this, put this command after the
fetchmail command in
/etc/ppp/ppp.linkup:
!bg su user -c "sendmail -q"
Assume that you have an account for
user on bsd.home. In the home directory of
user on bsd.home, create a
.fetchmailrc file:
poll example.net protocol pop3 fetchall pass MySecret
This file should not be readable by anyone except
user as it contains the password
MySecret.
In order to send mail with the correct
from: header, you must tell
sendmail to use
user@example.net rather than
user@bsd.home. You may also wish to tell
sendmail to send all mail via relay.example.net, allowing quicker mail
transmission.
The following .mc file should
suffice:
VERSIONID(`bsd.home.mc version 1.0')
OSTYPE(bsd4.4)dnl
FEATURE(nouucp)dnl
MAILER(local)dnl
MAILER(smtp)dnl
Cwlocalhost
Cwbsd.home
MASQUERADE_AS(`example.net')dnl
FEATURE(allmasquerade)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(nocanonify)dnl
FEATURE(nodns)dnl
define(`SMART_HOST', `relay.example.net')
Dmbsd.home
define(`confDOMAIN_NAME',`bsd.home')dnl
define(`confDELIVERY_MODE',`deferred')dnl
Refer to the previous section for details of how to turn
this .mc file into a
sendmail.cf file. Also, do not forget to
restart sendmail after updating
sendmail.cf.
James
Gorham
Written by
SMTP Authentication
Having SMTP Authentication in place on
your mail server has a number of benefits.
SMTP Authentication can add another layer
of security to sendmail, and has the benefit of giving mobile
users who switch hosts the ability to use the same mail server
without the need to reconfigure their mail client settings
each time.
Install security/cyrus-sasl2
from the ports. You can find this port in
security/cyrus-sasl2. The
security/cyrus-sasl2 port
supports a number of compile-time options. For the SMTP
Authentication method we will be using here, make sure that
the option is not disabled.
After installing security/cyrus-sasl2,
edit /usr/local/lib/sasl2/Sendmail.conf
(or create it if it does not exist) and add the following
line:
pwcheck_method: saslauthd
Next, install security/cyrus-sasl2-saslauthd,
edit /etc/rc.conf to add the following
line:
saslauthd_enable="YES"
and finally start the saslauthd daemon:
&prompt.root; /usr/local/etc/rc.d/saslauthd start
This daemon serves as a broker for sendmail to
authenticate against your FreeBSD passwd
database. This saves the trouble of creating a new set of usernames
and passwords for each user that needs to use
SMTP authentication, and keeps the login
and mail password the same.
Now edit /etc/make.conf and add the
following lines:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
These lines will give sendmail
the proper configuration options for linking
to cyrus-sasl2 at compile time.
Make sure that cyrus-sasl2
has been installed before recompiling
sendmail.
Recompile sendmail by executing the following commands:
&prompt.root; cd /usr/src/lib/libsmutil
&prompt.root; make cleandir && make obj && make
&prompt.root; cd /usr/src/lib/libsm
&prompt.root; make cleandir && make obj && make
&prompt.root; cd /usr/src/usr.sbin/sendmail
&prompt.root; make cleandir && make obj && make && make install
The compile of sendmail should not have any problems
if /usr/src has not been changed extensively
and the shared libraries it needs are available.
After sendmail has been compiled
and reinstalled, edit your /etc/mail/freebsd.mc
file (or whichever file you use as your .mc file. Many administrators
choose to use the output from &man.hostname.1; as the .mc file for
uniqueness). Add these lines to it:
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
These options configure the different methods available to
sendmail for authenticating users.
If you would like to use a method other than
pwcheck, please see the
included documentation.
Finally, run &man.make.1; while in /etc/mail.
That will run your new .mc file and create a .cf file named
freebsd.cf (or whatever name you have used
for your .mc file). Then use the
command make install restart, which will
copy the file to sendmail.cf, and will
properly restart sendmail.
For more information about this process, you should refer
to /etc/mail/Makefile.
If all has gone correctly, you should be able to enter your login
information into the mail client and send a test message.
For further investigation, set the of
sendmail to 13 and watch
/var/log/maillog for any errors.
For more information, please see the sendmail
page regarding
SMTP authentication.
Marc
Silver
Contributed by
Mail User Agents
Mail User Agents
A Mail User Agent (MUA) is an application
that is used to send and receive email. Furthermore, as email
evolves
and becomes more complex,
MUA's are becoming increasingly powerful in the
way they interact with email; this gives users increased
functionality and flexibility. &os; contains support for
numerous mail user agents, all of which can be easily installed
using the FreeBSD Ports Collection.
Users may choose between graphical email clients such as
evolution or
balsa, console based clients such as
mutt, pine
or mail, or the web interfaces used by some
large organizations.
mail
&man.mail.1; is the default Mail User Agent
(MUA) in &os;. It is a
console based MUA that offers all the basic
functionality required to send and receive text-based email,
though it is limited in interaction abilities with attachments
and can only support local mailboxes.
Although mail does not natively support
interaction with POP or
IMAP servers, these mailboxes may be
downloaded to a local mbox file using an
application such as fetchmail, which
will be discussed later in this chapter ().
In order to send and receive email, simply invoke the
mail command as per the following
example:
&prompt.user; mail
The contents of the user mailbox in
/var/mail are
automatically read by the mail utility.
Should the mailbox be empty, the utility exits with a
message indicating that no mails could be found. Once the
mailbox has been read, the application interface is started, and
a list of messages will be displayed. Messages are automatically
numbered, as can be seen in the following example:
Mail version 8.1 6/6/93. Type ? for help.
"/var/mail/marcs": 3 messages 3 new
>N 1 root@localhost Mon Mar 8 14:05 14/510 "test"
N 2 root@localhost Mon Mar 8 14:05 14/509 "user account"
N 3 root@localhost Mon Mar 8 14:05 14/509 "sample"
Messages can now be read by using the t
mail command, suffixed by the message number
that should be displayed. In this example, we will read the
first email:
& t 1
Message 1:
From root@localhost Mon Mar 8 14:05:52 2004
X-Original-To: marcs@localhost
Delivered-To: marcs@localhost
To: marcs@localhost
Subject: test
Date: Mon, 8 Mar 2004 14:05:52 +0200 (SAST)
From: root@localhost (Charlie Root)
This is a test message, please reply if you receive it.
As can be seen in the example above, the t
key will cause the message to be displayed with full headers.
To display the list of messages again, the h
key should be used.
If the email requires a response, you may use
mail to reply, by using either the
R or r mail
keys. The R key instructs
mail to reply only to the sender of the
email, while r replies not only to the sender,
but also to other recipients of the message. You may also
suffix these commands with the mail number which you would like
make a reply to. Once this has been done, the response should
be entered, and the end of the message should be marked by a
single . on a new line. An example can be seen
below:
& R 1
To: root@localhost
Subject: Re: test
Thank you, I did get your email.
.
EOT
In order to send new email, the m
key should be used, followed by the
recipient email address. Multiple recipients may also be
specified by separating each address with the ,
delimiter. The subject of the message may then be entered,
followed by the message contents. The end of the message should
be specified by putting a single . on a new
line.
& mail root@localhost
Subject: I mastered mail
Now I can send and receive email using mail ... :)
.
EOT
While inside the mail utility, the
? command may be used to display help at any
time, the &man.mail.1; manual page should also be consulted for
more help with mail.
As previously mentioned, the &man.mail.1; command was not
originally designed to handle attachments, and thus deals with
them very poorly. Newer MUAs such as
mutt handle attachments in a much
more intelligent way. But should you still wish to use the
mail command, the converters/mpack port may be of
considerable use.
mutt
mutt is a small yet very
powerful Mail User Agent, with excellent features,
just some of which include:
The ability to thread messages;
PGP support for digital signing and encryption of
email;
MIME Support;
Maildir Support;
Highly customizable.
All of these features help to make
mutt one of the most advanced mail
user agents available. See for more
information on mutt.
The stable version of mutt may be
installed using the mail/mutt port, while the current
development version may be installed via the mail/mutt-devel port. After the port
has been installed, mutt can be
started by issuing the following command:
&prompt.user; mutt
mutt will automatically read the
contents of the user mailbox in /var/mail and display the contents
if applicable. If no mails are found in the user mailbox, then
mutt will wait for commands from the
user. The example below shows mutt
displaying a list of messages:
In order to read an email, simply select it using the cursor
keys, and press the Enter key. An example of
mutt displaying email can be seen
below:
As with the &man.mail.1; command,
mutt allows users to reply only to
the sender of the message as well as to all recipients. To
reply only to the sender of the email, use the
r keyboard shortcut. To send a group reply,
which will be sent to the original sender as well as all the
message recipients, use the g shortcut.
mutt makes use of the
&man.vi.1; command as an editor for creating and replying to
emails. This may be customized by the user by creating or
editing their own .muttrc file in their home directory and setting the
editor variable or by setting the
EDITOR environment variable. See
for more
information about configuring
mutt.
In order to compose a new mail message, press
m. After a valid subject has been given,
mutt will start &man.vi.1; and the
mail can be written. Once the contents of the mail are
complete, save and quit from vi and
mutt will resume, displaying a
summary screen of the mail that is to be delivered. In order to
send the mail, press y. An example of the
summary screen can be seen below:
mutt also contains extensive
help, which can be accessed from most of the menus by pressing
the ? key. The top line also displays the
keyboard shortcuts where appropriate.
pine
pine is aimed at a beginner
user, but also includes some advanced features.
The pine software has had several remote vulnerabilities
discovered in the past, which allowed remote attackers to
execute arbitrary code as users on the local system, by the
action of sending a specially-prepared email. All such
known problems have been fixed, but the
pine code is written in a very insecure style and the &os;
Security Officer believes there are likely to be other
undiscovered vulnerabilities. You install
pine at your own risk.
The current version of pine may
be installed using the mail/pine4 port. Once the port has
installed, pine can be started by
issuing the following command:
&prompt.user; pine
The first time that pine is run
it displays a greeting page with a brief introduction, as well
as a request from the pine
development team to send an anonymous email message allowing
them to judge how many users are using their client. To send
this anonymous message, press Enter, or
alternatively press E to exit the greeting
without sending an anonymous message. An example of the
greeting page can be seen below:
Users are then presented with the main menu, which can be
easily navigated using the cursor keys. This main menu provides
shortcuts for the composing new mails, browsing of mail directories,
and even the administration of address book entries. Below the
main menu, relevant keyboard shortcuts to perform functions
specific to the task at hand are shown.
The default directory opened by pine
is the inbox. To view the message index, press
I, or select the MESSAGE INDEX
option as seen below:
The message index shows messages in the current directory,
and can be navigated by using the cursor keys. Highlighted
messages can be read by pressing the
Enter key.
In the screenshot below, a sample message is displayed by
pine. Keyboard shortcuts are
displayed as a reference at the bottom of the screen. An
example of one of these shortcuts is the r key,
which tells the MUA to reply to the current
message being displayed.
Replying to an email in pine is
done using the pico editor, which is
installed by default with pine.
The pico utility makes it easy to
navigate around the message and is slightly more forgiving on
novice users than &man.vi.1; or &man.mail.1;. Once the reply
is complete, the message can be sent by pressing
CtrlX
. The pine application
will ask for confirmation.
The pine application can be
customized using the SETUP option from the main
menu. Consult
for more information.
Marc
Silver
Contributed by
Using fetchmail
fetchmail
fetchmail is a full-featured
IMAP and POP client which
allows users to automatically download mail from remote
IMAP and POP servers and
save it into local mailboxes; there it can be accessed more easily.
fetchmail can be installed using the
mail/fetchmail port, and
offers various features, some of which include:
Support of POP3,
APOP, KPOP,
IMAP, ETRN and
ODMR protocols.
Ability to forward mail using SMTP, which
allows filtering, forwarding, and aliasing to function
normally.
May be run in daemon mode to check periodically for new
messages.
Can retrieve multiple mailboxes and forward them based
on configuration, to different local users.
While it is outside the scope of this document to explain
all of fetchmail's features, some
basic features will be explained. The
fetchmail utility requires a
configuration file known as .fetchmailrc,
in order to run correctly. This file includes server information
as well as login credentials. Due to the sensitive nature of the
contents of this file, it is advisable to make it readable only by the owner,
with the following command:
&prompt.user; chmod 600 .fetchmailrc
The following .fetchmailrc serves as an
example for downloading a single user mailbox using
POP. It tells
fetchmail to connect to example.com using a username of
joesoap and a password of
XXX. This example assumes that the user
joesoap is also a user on the local
system.
poll example.com protocol pop3 username "joesoap" password "XXX"
The next example connects to multiple POP
and IMAP servers and redirects to different
local usernames where applicable:
poll example.com proto pop3:
user "joesoap", with password "XXX", is "jsoap" here;
user "andrea", with password "XXXX";
poll example2.net proto imap:
user "john", with password "XXXXX", is "myth" here;
The fetchmail utility can be run in daemon
mode by running it with the flag, followed
by the interval (in seconds) that
fetchmail should poll servers listed
in the .fetchmailrc file. The following
example would cause fetchmail to poll
every 600 seconds:
&prompt.user; fetchmail -d 600
More information on fetchmail can
be found at .
Marc
Silver
Contributed by
Using procmail
procmail
The procmail utility is an
incredibly powerful application used to filter incoming mail.
It allows users to define rules
which can be
matched to incoming mails to perform specific functions or to
reroute mail to alternative mailboxes and/or email addresses.
procmail can be installed using the
mail/procmail port. Once
installed, it can be directly integrated into most
MTAs; consult your MTA
documentation for more information. Alternatively,
procmail can be integrated by adding
the following line to a .forward in the home
directory of the user utilizing
procmail features:
"|exec /usr/local/bin/procmail || exit 75"
The following section will display some basic
procmail rules, as well as brief
descriptions on what they do. These rules, and others must be
inserted into a .procmailrc file, which
must reside in the user's home directory.
The majority of these rules can also be found in the
&man.procmailex.5; manual page.
Forward all mail from user@example.com to an
external address of goodmail@example2.com:
:0
* ^From.*user@example.com
! goodmail@example2.com
Forward all mails shorter than 1000 bytes to an external
address of goodmail@example2.com:
:0
* < 1000
! goodmail@example2.com
Send all mail sent to alternate@example.com
into a mailbox called alternate:
:0
* ^TOalternate@example.com
alternate
Send all mail with a subject of Spam
to
/dev/null:
:0
^Subject:.*Spam
/dev/null
A useful recipe that parses incoming &os;.org mailing lists
and places each list in its own mailbox:
:0
* ^Sender:.owner-freebsd-\/[^@]+@FreeBSD.ORG
{
LISTNAME=${MATCH}
:0
* LISTNAME??^\/[^@]+
FreeBSD-${MATCH}
}
diff --git a/zh_TW.Big5/books/handbook/network-servers/chapter.xml b/zh_TW.Big5/books/handbook/network-servers/chapter.xml
index 92a98f24de..5588e07fc1 100644
--- a/zh_TW.Big5/books/handbook/network-servers/chapter.xml
+++ b/zh_TW.Big5/books/handbook/network-servers/chapter.xml
@@ -1,5202 +1,5185 @@
Murray
Stokely
Reorganized by
Network Servers
z
This chapter will cover some of the more frequently used
network services on &unix; systems. We will cover how to
install, configure, test, and maintain many different types of
network services. Example configuration files are included
throughout this chapter for you to benefit from.
After reading this chapter, you will know:
How to manage the inetd
daemon.
How to set up a network file system.
How to set up a network information server for sharing
user accounts.
How to set up automatic network settings using DHCP.
How to set up a domain name server.
How to set up the Apache HTTP Server.
How to set up a File Transfer Protocol (FTP) Server.
How to set up a file and print server for &windows;
clients using Samba.
How to synchronize the time and date, and set up a
time server, with the NTP protocol.
Before reading this chapter, you should:
Understand the basics of the
/etc/rc scripts.
Be familiar with basic network terminology.
Know how to install additional third-party
software ().
Chern
Lee
Contributed by
The inetd Super-Server
Overview
&man.inetd.8; is referred to as the Internet
Super-Server
because it manages connections for
several services. When a
connection is received by inetd, it
determines which program the connection is destined for, spawns
the particular process and delegates the socket to it (the program
is invoked with the service socket as its standard input, output
and error descriptors). Running
one instance of inetd reduces the
overall system load as compared to running each daemon
individually in stand-alone mode.
Primarily, inetd is used to
spawn other daemons, but several trivial protocols are handled
directly, such as chargen,
auth, and
daytime.
This section will cover the basics in configuring
inetd through its command-line
options and its configuration file,
/etc/inetd.conf.
Settings
inetd is initialized through
the /etc/rc.conf system. The
inetd_enable option is set to
NO by default, but is often times turned on
by sysinstall with the medium
security profile. Placing:
inetd_enable="YES" or
inetd_enable="NO" into
/etc/rc.conf can enable or disable
inetd starting at boot time.
Additionally, different command-line options can be passed
to inetd via the
inetd_flags option.
Command-Line Options
inetd synopsis:
-d
Turn on debugging.
-l
Turn on logging of successful connections.
-w
Turn on TCP Wrapping for external services (on by
default).
-W
Turn on TCP Wrapping for internal services which are
built into inetd (on by
default).
-c maximum
Specify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
parameter.
-C rate
Specify the default maximum number of times a
service can be invoked from a single IP address in one
minute; the default is unlimited. May be overridden on a
per-service basis with the
parameter.
-R rate
Specify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.
-a
Specify one specific IP address to bind to.
Alternatively, a hostname can be specified, in which case
the IPv4 or IPv6 address which corresponds to that
hostname is used. Usually a hostname is specified when
inetd is run inside a
&man.jail.8;, in which case the hostname corresponds to
the &man.jail.8; environment.
When hostname specification is used and both IPv4
and IPv6 bindings are desired, one entry with the
appropriate protocol type for each binding is required
for each service in
/etc/inetd.conf. For example, a
TCP-based service would need two entries, one using
tcp4 for the protocol and the other
using tcp6.
-p
Specify an alternate file in which to store the
process ID.
These options can be passed to
inetd using the
inetd_flags option in
/etc/rc.conf. By default,
inetd_flags is set to
-wW, which turns on TCP wrapping for
inetd's internal and external
services. For novice users, these parameters usually do not
need to be modified or even entered in
/etc/rc.conf.
An external service is a daemon outside of
inetd, which is invoked when a
connection is received for it. On the other hand, an
internal service is one that
inetd has the facility of
offering within itself.
inetd.conf
Configuration of inetd is
controlled through the /etc/inetd.conf
file.
When a modification is made to
/etc/inetd.conf,
inetd can be forced to re-read its
configuration file by sending a HangUP signal to the
inetd process as shown:
Sending inetd a HangUP Signal
&prompt.root; kill -HUP `cat /var/run/inetd.pid`
Each line of the configuration file specifies an
individual daemon. Comments in the file are preceded by a
#
. The format of
/etc/inetd.conf is as follows:
service-name
socket-type
protocol
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
user[:group][/login-class]
server-program
server-program-arguments
An example entry for the ftpd daemon
using IPv4:
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
service-name
This is the service name of the particular daemon.
It must correspond to a service listed in
/etc/services. This determines
which port inetd must listen
to. If a new service is being created, it must be
placed in /etc/services
first.
socket-type
Either stream,
dgram, raw, or
seqpacket. stream
must be used for connection-based, TCP daemons, while
dgram is used for daemons utilizing
the UDP transport protocol.
protocol
One of the following:
Protocol
Explanation
tcp, tcp4
TCP IPv4
udp, udp4
UDP IPv4
tcp6
TCP IPv6
udp6
UDP IPv6
tcp46
Both TCP IPv4 and v6
udp46
Both UDP IPv4 and v6
{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]]
indicates whether the
daemon invoked from inetd is
able to handle its own socket or not.
socket types must use the
option, while stream socket
daemons, which are usually multi-threaded, should use
. usually
hands off multiple sockets to a single daemon, while
spawns a child daemon for each
new socket.
The maximum number of child daemons
inetd may spawn can be set
using the option. If a limit
of ten instances of a particular daemon is needed, a
/10 would be placed after
.
In addition to , another
option limiting the maximum connections from a single
place to a particular daemon can be enabled.
does
just this. A value of ten here would limit any particular
IP address connecting to a particular service to ten
attempts per minute. This is useful to prevent
intentional or unintentional resource consumption and
Denial of Service (DoS) attacks to a machine.
In this field, or
is mandatory.
and
are
optional.
A stream-type multi-threaded daemon without any
or
limits
would simply be: nowait.
The same daemon with a maximum limit of ten daemons
would read: nowait/10.
Additionally, the same setup with a limit of twenty
connections per IP address per minute and a maximum
total limit of ten child daemons would read:
nowait/10/20.
These options are all utilized by the default
settings of the fingerd daemon,
as seen here:
finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
user
This is the username that the particular daemon
should run as. Most commonly, daemons run as the
root user. For security purposes, it is
common to find some servers running as the
daemon user, or the least privileged
nobody user.
server-program
The full path of the daemon to be executed when a
connection is received. If the daemon is a service
provided by inetd internally,
then should be
used.
server-program-arguments
This works in conjunction with
by specifying the
arguments, starting with argv[0],
passed to the daemon on invocation. If
mydaemon -d is the command line,
mydaemon -d would be the value of
. Again, if
the daemon is an internal service, use
here.
Security
Depending on the security profile chosen at install, many
of inetd's daemons may be enabled
by default. If there is no apparent need for a particular
daemon, disable it! Place a #
in front of the
daemon in question in /etc/inetd.conf,
and then send a hangup
signal to inetd. Some daemons, such as
fingerd, may not be desired at all
because they provide an attacker with too much
information.
Some daemons are not security-conscious and have long, or
non-existent timeouts for connection attempts. This allows an
attacker to slowly send connections to a particular daemon,
thus saturating available resources. It may be a good idea to
place and
limitations on certain
daemons.
By default, TCP wrapping is turned on. Consult the
&man.hosts.access.5; manual page for more information on placing
TCP restrictions on various inetd
invoked daemons.
Miscellaneous
daytime,
time,
echo,
discard,
chargen, and
auth are all internally provided
services of inetd.
The auth service provides
identity (ident,
identd) network services, and is
configurable to a certain degree.
Consult the &man.inetd.8; manual page for more in-depth
information.
Tom
Rhodes
Reorganized and enhanced by
Bill
Swingle
Written by
Network File System (NFS)
NFS
Among the many different file systems that FreeBSD supports
is the Network File System, also known as NFS. NFS allows a system to share directories and
files with others over a network. By using NFS, users and programs can
access files on remote systems almost as if they were local
files.
Some of the most notable benefits that
NFS can provide are:
Local workstations use less disk space because commonly
used data can be stored on a single machine and still remain
accessible to others over the network.
There is no need for users to have separate home
directories on every network machine. Home directories
could be set up on the NFS server and
made available throughout the network.
Storage devices such as floppy disks, CDROM drives, and
&iomegazip; drives can be used by other machines on the network.
This may reduce the number of removable media drives
throughout the network.
How NFS Works
NFS consists of at least two main
parts: a server and one or more clients. The client remotely
accesses the data that is stored on the server machine. In
order for this to function properly a few processes have to be
configured and running.
Under &os; 4.X, the portmap
utility is used in place of the
rpcbind utility. Thus, in &os; 4.X
the user is required to replace every instance of
rpcbind with
portmap in the forthcoming
examples.
The server has to be running the following daemons:
NFS
server
file server
UNIX clients
rpcbind
portmap
mountd
nfsd
Daemon
Description
nfsd
The NFS daemon which services
requests from the NFS
clients.
mountd
The NFS mount daemon which carries out
the requests that &man.nfsd.8; passes on to it.
rpcbind
This daemon allows
NFS clients to discover which port
the NFS server is using.
The client can also run a daemon, known as
nfsiod. The
nfsiod daemon services the requests
from the NFS server. This is optional, and
improves performance, but is not required for normal and
correct operation. See the &man.nfsiod.8; manual page for
more information.
Configuring NFS
NFS
configuration
NFS configuration is a relatively
straightforward process. The processes that need to be
running can all start at boot time with a few modifications to
your /etc/rc.conf file.
On the NFS server, make sure that the
following options are configured in the
/etc/rc.conf file:
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
mountd runs automatically
whenever the NFS server is enabled.
On the client, make sure this option is present in
/etc/rc.conf:
nfs_client_enable="YES"
The /etc/exports file specifies which
file systems NFS should export (sometimes
referred to as share
). Each line in
/etc/exports specifies a file system to be
exported and which machines have access to that file system.
Along with what machines have access to that file system,
access options may also be specified. There are many such
options that can be used in this file but only a few will be
mentioned here. You can easily discover other options by
reading over the &man.exports.5; manual page.
Here are a few example /etc/exports
entries:
NFS
export examples
The following examples give an idea of how to export
file systems, although the settings may be different depending
on your environment and network configuration. For instance,
to export the /cdrom directory to three
example machines that have the same domain name as the server
(hence the lack of a domain name for each) or have entries in
your /etc/hosts file. The
flag makes the exported file system
read-only. With this flag, the remote system will not be able
to write any changes to the exported file system.
/cdrom -ro host1 host2 host3
The following line exports /home to
three hosts by IP address. This is a useful setup if you have
a private network without a DNS server
configured. Optionally the /etc/hosts
file could be configured for internal hostnames; please review
&man.hosts.5; for more information. The
flag allows the subdirectories to be
mount points. In other words, it will not mount the
subdirectories but permit the client to mount only the
directories that are required or needed.
/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4
The following line exports /a so that
two clients from different domains may access the file system.
The flag allows the
root user on the remote system to write
data on the exported file system as root.
If the -maproot=root flag is not specified,
then even if a user has root access on
the remote system, he will not be able to modify files on
the exported file system.
/a -maproot=root host.example.com box.example.org
In order for a client to access an exported file system,
the client must have permission to do so. Make sure the
client is listed in your /etc/exports
file.
In /etc/exports, each line represents
the export information for one file system to one host. A
remote host can only be specified once per file system, and may
only have one default entry. For example, assume that
/usr is a single file system. The
following /etc/exports would be
invalid:
# Invalid when /usr is one file system
/usr/src client
/usr/ports client
One file system, /usr, has two lines
specifying exports to the same host, client.
The correct format for this situation is:
/usr/src /usr/ports client
The properties of one file system exported to a given host
must all occur on one line. Lines without a client specified
are treated as a single host. This limits how you can export
file systems, but for most people this is not an issue.
The following is an example of a valid export list, where
/usr and /exports
are local file systems:
# Export src and ports to client01 and client02, but only
# client01 has root privileges on it
/usr/src /usr/ports -maproot=root client01
/usr/src /usr/ports client02
# The client machines have root and can mount anywhere
# on /exports. Anyone in the world can mount /exports/obj read-only
/exports -alldirs -maproot=root client01 client02
/exports/obj -ro
You must restart
mountd whenever you modify
/etc/exports so the changes can take effect.
This can be accomplished by sending the HUP signal
to the mountd process:
&prompt.root; kill -HUP `cat /var/run/mountd.pid`
Alternatively, a reboot will make FreeBSD set everything
up properly. A reboot is not necessary though.
Executing the following commands as root
should start everything up.
On the NFS server:
&prompt.root; rpcbind
&prompt.root; nfsd -u -t -n 4
&prompt.root; mountd -r
On the NFS client:
&prompt.root; nfsiod -n 4
Now everything should be ready to actually mount a remote file
system. In these examples the
server's name will be server and the client's
name will be client. If you only want to
temporarily mount a remote file system or would rather test the
configuration, just execute a command like this as root on the
client:
NFS
mounting
&prompt.root; mount server:/home /mnt
This will mount the /home directory
on the server at /mnt on the client. If
everything is set up correctly you should be able to enter
/mnt on the client and see all the files
that are on the server.
If you want to automatically mount a remote file system
each time the computer boots, add the file system to the
/etc/fstab file. Here is an example:
server:/home /mnt nfs rw 0 0
The &man.fstab.5; manual page lists all the available
options.
Practical Uses
NFS has many practical uses. Some of
the more common ones are listed below:
NFS
uses
Set several machines to share a CDROM or other media
among them. This is cheaper and often a more convenient
method to install software on multiple machines.
On large networks, it might be more convenient to
configure a central NFS server in which
to store all the user home directories. These home
directories can then be exported to the network so that
users would always have the same home directory,
regardless of which workstation they log in to.
Several machines could have a common
/usr/ports/distfiles directory. That
way, when you need to install a port on several machines,
you can quickly access the source without downloading it
on each machine.
Wylie
Stilwell
Contributed by
Chern
Lee
Rewritten by
Automatic Mounts with amd
amd
automatic mounter daemon
&man.amd.8; (the automatic mounter daemon)
automatically mounts a
remote file system whenever a file or directory within that
file system is accessed. Filesystems that are inactive for a
period of time will also be automatically unmounted by
amd. Using
amd provides a simple alternative
to permanent mounts, as permanent mounts are usually listed in
/etc/fstab.
amd operates by attaching
itself as an NFS server to the /host and
/net directories. When a file is accessed
within one of these directories, amd
looks up the corresponding remote mount and automatically mounts
it. /net is used to mount an exported
file system from an IP address, while /host
is used to mount an export from a remote hostname.
An access to a file within
/host/foobar/usr would tell
amd to attempt to mount the
/usr export on the host
foobar.
Mounting an Export with amd
You can view the available mounts of a remote host with
the showmount command. For example, to
view the mounts of a host named foobar, you
can use:
&prompt.user; showmount -e foobar
Exports list on foobar:
/usr 10.10.10.0
/a 10.10.10.0
&prompt.user; cd /host/foobar/usr
As seen in the example, the showmount shows
/usr as an export. When changing directories to
/host/foobar/usr, amd
attempts to resolve the hostname foobar and
automatically mount the desired export.
amd can be started by the
startup scripts by placing the following lines in
/etc/rc.conf:
amd_enable="YES"
Additionally, custom flags can be passed to
amd from the
amd_flags option. By default,
amd_flags is set to:
amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
The /etc/amd.map file defines the
default options that exports are mounted with. The
/etc/amd.conf file defines some of the more
advanced features of amd.
Consult the &man.amd.8; and &man.amd.conf.5; manual pages for more
information.
John
Lind
Contributed by
Problems Integrating with Other Systems
Certain Ethernet adapters for ISA PC systems have limitations
which can lead to serious network problems, particularly with NFS.
This difficulty is not specific to FreeBSD, but FreeBSD systems
are affected by it.
The problem nearly always occurs when (FreeBSD) PC systems are
networked with high-performance workstations, such as those made
by Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS
mount will work fine, and some operations may succeed, but
suddenly the server will seem to become unresponsive to the
client, even though requests to and from other systems continue to
be processed. This happens to the client system, whether the
client is the FreeBSD system or the workstation. On many systems,
there is no way to shut down the client gracefully once this
problem has manifested itself. The only solution is often to
reset the client, because the NFS situation cannot be
resolved.
Though the correct
solution is to get a
higher performance and capacity Ethernet adapter for the
FreeBSD system, there is a simple workaround that will allow
satisfactory operation. If the FreeBSD system is the
server, include the option
on the mount from the client. If the
FreeBSD system is the client, then mount
the NFS file system with the option .
These options may be specified using the fourth field of the
fstab entry on the client for automatic
mounts, or by using the parameter of the
&man.mount.8; command for manual mounts.
It should be noted that there is a different problem,
sometimes mistaken for this one, when the NFS servers and
clients are on different networks. If that is the case, make
certain that your routers are routing the
necessary UDP information, or you will not get anywhere, no
matter what else you are doing.
In the following examples, fastws is the host
(interface) name of a high-performance workstation, and
freebox is the host (interface) name of a FreeBSD
system with a lower-performance Ethernet adapter. Also,
/sharedfs will be the exported NFS
file system (see &man.exports.5;), and
/project will be the mount point on the
client for the exported file system. In all cases, note that
additional options, such as or
and may be desirable in
your application.
Examples for the FreeBSD system (freebox)
as the client in /etc/fstab on
freebox:
fastws:/sharedfs /project nfs rw,-r=1024 0 0
As a manual mount command on freebox:
&prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /project
Examples for the FreeBSD system as the server in
/etc/fstab on
fastws:
freebox:/sharedfs /project nfs rw,-w=1024 0 0
As a manual mount command on fastws:
&prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /project
Nearly any 16-bit Ethernet adapter will allow operation
without the above restrictions on the read or write size.
For anyone who cares, here is what happens when the
failure occurs, which also explains why it is unrecoverable.
NFS typically works with a block
size of
8 K (though it may do fragments of smaller sizes). Since
the maximum Ethernet packet is around 1500 bytes, the NFS
block
gets split into multiple Ethernet
packets, even though it is still a single unit to the
upper-level code, and must be received, assembled, and
acknowledged as a unit. The
high-performance workstations can pump out the packets which
comprise the NFS unit one right after the other, just as close
together as the standard allows. On the smaller, lower
capacity cards, the later packets overrun the earlier packets
of the same unit before they can be transferred to the host
and the unit as a whole cannot be reconstructed or
acknowledged. As a result, the workstation will time out and
try again, but it will try again with the entire 8 K
unit, and the process will be repeated, ad infinitum.
By keeping the unit size below the Ethernet packet size
limitation, we ensure that any complete Ethernet packet
received can be acknowledged individually, avoiding the
deadlock situation.
Overruns may still occur when a high-performance
workstations is slamming data out to a PC system, but with the
better cards, such overruns are not guaranteed on NFS
units
. When an overrun occurs, the units
affected will be retransmitted, and there will be a fair
chance that they will be received, assembled, and
acknowledged.
Bill
Swingle
Written by
Eric
Ogren
Enhanced by
Udo
Erdelhoff
Network Information System (NIS/YP)
What Is It?
NIS
Solaris
HP-UX
AIX
Linux
NetBSD
OpenBSD
NIS,
which stands for Network Information Services, was developed
by Sun Microsystems to centralize administration of &unix;
(originally &sunos;) systems. It has now essentially become
an industry standard; all major &unix; like systems
(&solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, FreeBSD,
etc) support NIS.
yellow pagesNIS
NIS
was formerly known as Yellow Pages, but because of trademark
issues, Sun changed the name. The old term (and yp) is still
often seen and used.
NIS
domains
It is a RPC-based client/server system that allows a group
of machines within an NIS domain to share a common set of
configuration files. This permits a system administrator to
set up NIS client systems with only minimal configuration data
and add, remove or modify configuration data from a single
location.
Windows NT
It is similar to the &windowsnt; domain system; although
the internal implementation of the two are not at all similar,
the basic functionality can be compared.
Terms/Processes You Should Know
There are several terms and several important user
processes that you will come across when attempting to
implement NIS on FreeBSD, whether you are trying to create an
NIS server or act as an NIS client:
rpcbind
portmap
Term
Description
NIS domainname
An NIS master server and all of its clients
(including its slave servers) have a NIS domainname.
Similar to an &windowsnt; domain name, the NIS
domainname does not have anything to do with
DNS.
rpcbind
Must be running in order to enable
RPC (Remote Procedure Call, a
network protocol used by NIS). If
rpcbind is not running, it
will be impossible to run an NIS server, or to act as
an NIS client (Under &os; 4.X
portmap is used in place of
rpcbind).
ypbind
Binds
an NIS client to its NIS
server. It will take the NIS domainname from the
system, and using RPC, connect to
the server. ypbind is the
core of client-server communication in an NIS
environment; if ypbind dies
on a client machine, it will not be able to access the
NIS server.
ypserv
Should only be running on NIS servers; this is
the NIS server process itself. If &man.ypserv.8;
dies, then the server will no longer be able to
respond to NIS requests (hopefully, there is a slave
server to take over for it). There are some
implementations of NIS (but not the FreeBSD one), that
do not try to reconnect to another server if the
server it used before dies. Often, the only thing
that helps in this case is to restart the server
process (or even the whole server) or the
ypbind process on the
client.
rpc.yppasswdd
Another process that should only be running on
NIS master servers; this is a daemon that will allow NIS
clients to change their NIS passwords. If this daemon
is not running, users will have to login to the NIS
master server and change their passwords there.
How Does It Work?
There are three types of hosts in an NIS environment:
master servers, slave servers, and clients. Servers act as a
central repository for host configuration information. Master
servers hold the authoritative copy of this information, while
slave servers mirror this information for redundancy. Clients
rely on the servers to provide this information to
them.
Information in many files can be shared in this manner.
The master.passwd,
group, and hosts
files are commonly shared via NIS. Whenever a process on a
client needs information that would normally be found in these
files locally, it makes a query to the NIS server that it is
bound to instead.
Machine Types
-
- NIS
- master server
-
- A NIS master server. This
+ A NIS master serverNISmaster server. This
server, analogous to a &windowsnt; primary domain
controller, maintains the files used by all of the NIS
clients. The passwd,
group, and other various files used
by the NIS clients live on the master server.
It is possible for one machine to be an NIS
master server for more than one NIS domain. However,
this will not be covered in this introduction, which
assumes a relatively small-scale NIS
environment.
-
- NIS
- slave server
-
-
- NIS slave servers. Similar to
+ NIS slave serversNISslave server. Similar to
the &windowsnt; backup domain controllers, NIS slave
servers maintain copies of the NIS master's data files.
NIS slave servers provide the redundancy, which is
needed in important environments. They also help to
balance the load of the master server: NIS Clients
always attach to the NIS server whose response they get
first, and this includes slave-server-replies.
-
- NIS
- client
-
-
- NIS clients. NIS clients, like
+ NIS clientsNISclient. NIS clients, like
most &windowsnt; workstations, authenticate against the
NIS server (or the &windowsnt; domain controller in the
&windowsnt; workstations case) to log on.
Using NIS/YP
This section will deal with setting up a sample NIS
environment.
This section assumes that you are running
FreeBSD 3.3 or later. The instructions given here will
probably work for any version of FreeBSD
greater than 3.0, but there are no guarantees that this is
true.
Planning
Let us assume that you are the administrator of a small
university lab. This lab, which consists of 15 FreeBSD
machines, currently has no centralized point of
administration; each machine has its own
/etc/passwd and
/etc/master.passwd. These files are
kept in sync with each other only through manual
intervention; currently, when you add a user to the lab, you
must run adduser on all 15 machines.
Clearly, this has to change, so you have decided to convert
the lab to use NIS, using two of the machines as
servers.
Therefore, the configuration of the lab now looks something
like:
Machine name
IP address
Machine role
ellington
10.0.0.2
NIS master
coltrane
10.0.0.3
NIS slave
basie
10.0.0.4
Faculty workstation
bird
10.0.0.5
Client machine
cli[1-11]
10.0.0.[6-17]
Other client machines
If you are setting up a NIS scheme for the first time, it
is a good idea to think through how you want to go about it. No
matter what the size of your network, there are a few decisions
that need to be made.
Choosing a NIS Domain Name
NIS
domainname
This might not be the domainname
that
you are used to. It is more accurately called the
NIS domainname
. When a client broadcasts
its requests for info, it includes the name of the NIS
domain that it is part of. This is how multiple servers
on one network can tell which server should answer which
request. Think of the NIS domainname as the name for a
group of hosts that are related in some way.
Some organizations choose to use their Internet
domainname for their NIS domainname. This is not
recommended as it can cause confusion when trying to debug
network problems. The NIS domainname should be unique
within your network and it is helpful if it describes the
group of machines it represents. For example, the Art
department at Acme Inc. might be in the
acme-art
NIS domain. For this example,
assume you have chosen the name
test-domain.
SunOS
However, some operating systems (notably &sunos;) use
their NIS domain name as their Internet domain name. If one
or more machines on your network have this restriction, you
must use the Internet domain name as
your NIS domain name.
Physical Server Requirements
There are several things to keep in mind when choosing
a machine to use as a NIS server. One of the unfortunate
things about NIS is the level of dependency the clients
have on the server. If a client cannot contact the server
for its NIS domain, very often the machine becomes
unusable. The lack of user and group information causes
most systems to temporarily freeze up. With this in mind
you should make sure to choose a machine that will not be
prone to being rebooted regularly, or one that might be
used for development. The NIS server should ideally be a
stand alone machine whose sole purpose in life is to be an
NIS server. If you have a network that is not very
heavily used, it is acceptable to put the NIS server on a
machine running other services, just keep in mind that if
the NIS server becomes unavailable, it will affect
all of your NIS clients
adversely.
NIS Servers
The canonical copies of all NIS information are stored
on a single machine called the NIS master server. The
databases used to store the information are called NIS maps.
In FreeBSD, these maps are stored in
/var/yp/[domainname] where
[domainname] is the name of the NIS
domain being served. A single NIS server can support
several domains at once, therefore it is possible to have
several such directories, one for each supported domain.
Each domain will have its own independent set of
maps.
NIS master and slave servers handle all NIS requests
with the ypserv daemon.
ypserv is responsible for receiving
incoming requests from NIS clients, translating the
requested domain and map name to a path to the corresponding
database file and transmitting data from the database back
to the client.
Setting Up a NIS Master Server
NIS
server configuration
Setting up a master NIS server can be relatively
straight forward, depending on your needs. FreeBSD comes
with support for NIS out-of-the-box. All you need is to
add the following lines to
/etc/rc.conf, and FreeBSD will do the
rest for you.
nisdomainname="test-domain"
This line will set the NIS domainname to
test-domain
upon network setup (e.g. after reboot).
nis_server_enable="YES"
This will tell FreeBSD to start up the NIS server processes
when the networking is next brought up.
nis_yppasswdd_enable="YES"
This will enable the rpc.yppasswdd
daemon which, as mentioned above, will allow users to
change their NIS password from a client machine.
Depending on your NIS setup, you may need to add
further entries. See the section about NIS
servers that are also NIS clients, below, for
details.
Now, all you have to do is to run the command
/etc/netstart as superuser. It will
set up everything for you, using the values you defined in
/etc/rc.conf.
Initializing the NIS Maps
NIS
maps
The NIS maps are database files,
that are kept in the /var/yp
directory. They are generated from configuration files in
the /etc directory of the NIS master,
with one exception: the
/etc/master.passwd file. This is for
a good reason, you do not want to propagate passwords to
your root and other administrative
accounts to all the servers in the NIS domain. Therefore,
before we initialize the NIS maps, you should:
&prompt.root; cp /etc/master.passwd /var/yp/master.passwd
&prompt.root; cd /var/yp
&prompt.root; vi master.passwd
You should remove all entries regarding system
accounts (bin,
tty, kmem,
games, etc), as well as any accounts
that you do not want to be propagated to the NIS clients
(for example root and any other UID 0
(superuser) accounts).
Make sure the
/var/yp/master.passwd is neither group
nor world readable (mode 600)! Use the
chmod command, if appropriate.
Tru64 UNIX
When you have finished, it is time to initialize the
NIS maps! FreeBSD includes a script named
ypinit to do this for you (see its
manual page for more information). Note that this script
is available on most &unix; Operating Systems, but not on
all. On Digital UNIX/Compaq Tru64 UNIX it is called
ypsetup. Because we are generating
maps for an NIS master, we are going to pass the
option to ypinit.
To generate the NIS maps, assuming you already performed
the steps above, run:
ellington&prompt.root; ypinit -m test-domain
Server Type: MASTER Domain: test-domain
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
At this point, we have to construct a list of this domains YP servers.
rod.darktech.org is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
master server : ellington
next host to add: coltrane
next host to add: ^D
The current list of NIS servers looks like this:
ellington
coltrane
Is this correct? [y/n: y] y
[..output from map generation..]
NIS Map update completed.
ellington has been setup as an YP master server without any errors.
ypinit should have created
/var/yp/Makefile from
/var/yp/Makefile.dist.
When created, this file assumes that you are operating
in a single server NIS environment with only FreeBSD
machines. Since test-domain has
a slave server as well, you must edit
/var/yp/Makefile:
ellington&prompt.root; vi /var/yp/Makefile
You should comment out the line that says
NOPUSH = "True"
(if it is not commented out already).
Setting up a NIS Slave Server
NIS
slave server
Setting up an NIS slave server is even more simple than
setting up the master. Log on to the slave server and edit the
file /etc/rc.conf as you did before.
The only difference is that we now must use the
option when running ypinit.
The option requires the name of the NIS
master be passed to it as well, so our command line looks
like:
coltrane&prompt.root; ypinit -s ellington test-domain
Server Type: SLAVE Domain: test-domain Master: ellington
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from ellington.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred
coltrane has been setup as an YP slave server without any errors.
Don't forget to update map ypservers on ellington.
You should now have a directory called
/var/yp/test-domain. Copies of the NIS
master server's maps should be in this directory. You will
need to make sure that these stay updated. The following
/etc/crontab entries on your slave
servers should do the job:
20 * * * * root /usr/libexec/ypxfr passwd.byname
21 * * * * root /usr/libexec/ypxfr passwd.byuid
These two lines force the slave to sync its maps with
the maps on the master server. Although these entries are
not mandatory, since the master server attempts to ensure
any changes to its NIS maps are communicated to its slaves
and because password information is vital to systems
depending on the server, it is a good idea to force the
updates. This is more important on busy networks where map
updates might not always complete.
Now, run the command /etc/netstart on the
slave server as well, which again starts the NIS server.
NIS Clients
An NIS client establishes what is called a binding to a
particular NIS server using the
ypbind daemon.
ypbind checks the system's default
domain (as set by the domainname command),
and begins broadcasting RPC requests on the local network.
These requests specify the name of the domain for which
ypbind is attempting to establish a binding.
If a server that has been configured to serve the requested
domain receives one of the broadcasts, it will respond to
ypbind, which will record the server's
address. If there are several servers available (a master and
several slaves, for example), ypbind will
use the address of the first one to respond. From that point
on, the client system will direct all of its NIS requests to
that server. ypbind will
occasionally ping
the server to make sure it is
still up and running. If it fails to receive a reply to one of
its pings within a reasonable amount of time,
ypbind will mark the domain as unbound and
begin broadcasting again in the hopes of locating another
server.
Setting Up a NIS Client
NIS
client configuration
Setting up a FreeBSD machine to be a NIS client is fairly
straightforward.
Edit the file /etc/rc.conf and
add the following lines in order to set the NIS domainname
and start ypbind upon network
startup:
nisdomainname="test-domain"
nis_client_enable="YES"
To import all possible password entries from the NIS
server, remove all user accounts from your
/etc/master.passwd file and use
vipw to add the following line to
the end of the file:
+:::::::::
This line will afford anyone with a valid account in
the NIS server's password maps an account. There are
many ways to configure your NIS client by changing this
line. See the netgroups
section below for more information.
For more detailed reading see O'Reilly's book on
Managing NFS and NIS.
You should keep at least one local account (i.e.
not imported via NIS) in your
/etc/master.passwd and this
account should also be a member of the group
wheel. If there is something
wrong with NIS, this account can be used to log in
remotely, become root, and fix things.
To import all possible group entries from the NIS
server, add this line to your
/etc/group file:
+:*::
After completing these steps, you should be able to run
ypcat passwd and see the NIS server's
passwd map.
NIS Security
In general, any remote user can issue an RPC to
&man.ypserv.8; and retrieve the contents of your NIS maps,
provided the remote user knows your domainname. To prevent
such unauthorized transactions, &man.ypserv.8; supports a
feature called securenets
which can be used to
restrict access to a given set of hosts. At startup,
&man.ypserv.8; will attempt to load the securenets information
from a file called
/var/yp/securenets.
This path varies depending on the path specified with the
option. This file contains entries that
consist of a network specification and a network mask separated
by white space. Lines starting with #
are
considered to be comments. A sample securenets file might look
like this:
# allow connections from local host -- mandatory
127.0.0.1 255.255.255.255
# allow connections from any host
# on the 192.168.128.0 network
192.168.128.0 255.255.255.0
# allow connections from any host
# between 10.0.0.0 to 10.0.15.255
# this includes the machines in the testlab
10.0.0.0 255.255.240.0
If &man.ypserv.8; receives a request from an address that
matches one of these rules, it will process the request
normally. If the address fails to match a rule, the request
will be ignored and a warning message will be logged. If the
/var/yp/securenets file does not exist,
ypserv will allow connections from any
host.
The ypserv program also has support for
Wietse Venema's TCP Wrapper package.
This allows the administrator to use the
TCP Wrapper configuration files for
access control instead of
/var/yp/securenets.
While both of these access control mechanisms provide some
security, they, like the privileged port test, are
vulnerable to IP spoofing
attacks. All
NIS-related traffic should be blocked at your firewall.
Servers using /var/yp/securenets
may fail to serve legitimate NIS clients with archaic TCP/IP
implementations. Some of these implementations set all
host bits to zero when doing broadcasts and/or fail to
observe the subnet mask when calculating the broadcast
address. While some of these problems can be fixed by
changing the client configuration, other problems may force
the retirement of the client systems in question or the
abandonment of /var/yp/securenets.
Using /var/yp/securenets on a
server with such an archaic implementation of TCP/IP is a
really bad idea and will lead to loss of NIS functionality
for large parts of your network.
TCP Wrappers
The use of the TCP Wrapper
package increases the latency of your NIS server. The
additional delay may be long enough to cause timeouts in
client programs, especially in busy networks or with slow
NIS servers. If one or more of your client systems
suffers from these symptoms, you should convert the client
systems in question into NIS slave servers and force them
to bind to themselves.
Barring Some Users from Logging On
In our lab, there is a machine basie that
is supposed to be a faculty only workstation. We do not want
to take this machine out of the NIS domain, yet the
passwd file on the master NIS server
contains accounts for both faculty and students. What can we
do?
There is a way to bar specific users from logging on to a
machine, even if they are present in the NIS database. To do
this, all you must do is add
-username to the
end of the /etc/master.passwd file on the
client machine, where username is
the username of the user you wish to bar from logging in.
This should preferably be done using vipw,
since vipw will sanity check your changes
to /etc/master.passwd, as well as
automatically rebuild the password database when you finish
editing. For example, if we wanted to bar user
bill from logging on to
basie we would:
basie&prompt.root; vipw
[add -bill to the end, exit]
vipw: rebuilding the database...
vipw: done
basie&prompt.root; cat /etc/master.passwd
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+:::::::::
-bill
basie&prompt.root;
Udo
Erdelhoff
Contributed by
Using Netgroups
netgroups
The method shown in the previous section works reasonably
well if you need special rules for a very small number of
users and/or machines. On larger networks, you
will forget to bar some users from logging
onto sensitive machines, or you may even have to modify each
machine separately, thus losing the main benefit of NIS:
centralized administration.
The NIS developers' solution for this problem is called
netgroups. Their purpose and semantics
can be compared to the normal groups used by &unix; file
systems. The main differences are the lack of a numeric ID
and the ability to define a netgroup by including both user
accounts and other netgroups.
Netgroups were developed to handle large, complex networks
with hundreds of users and machines. On one hand, this is
a Good Thing if you are forced to deal with such a situation.
On the other hand, this complexity makes it almost impossible to
explain netgroups with really simple examples. The example
used in the remainder of this section demonstrates this
problem.
Let us assume that your successful introduction of NIS in
your laboratory caught your superiors' interest. Your next
job is to extend your NIS domain to cover some of the other
machines on campus. The two tables contain the names of the
new users and new machines as well as brief descriptions of
them.
User Name(s)
Description
alpha, beta
Normal employees of the IT department
charlie, delta
The new apprentices of the IT department
echo, foxtrott, golf, ...
Ordinary employees
able, baker, ...
The current interns
Machine Name(s)
Description
war, death,
famine,
pollution
Your most important servers. Only the IT
employees are allowed to log onto these
machines.
pride, greed,
envy, wrath,
lust, sloth
Less important servers. All members of the IT
department are allowed to login onto these
machines.
one, two,
three, four,
...
Ordinary workstations. Only the
real employees are allowed to use
these machines.
trashcan
A very old machine without any critical data.
Even the intern is allowed to use this box.
If you tried to implement these restrictions by separately
blocking each user, you would have to add one
-user line to
each system's passwd for each user who is
not allowed to login onto that system. If you forget just one
entry, you could be in trouble. It may be feasible to do this
correctly during the initial setup, however you
will eventually forget to add the lines
for new users during day-to-day operations. After all, Murphy
was an optimist.
Handling this situation with netgroups offers several
advantages. Each user need not be handled separately; you
assign a user to one or more netgroups and allow or forbid
logins for all members of the netgroup. If you add a new
machine, you will only have to define login restrictions for
netgroups. If a new user is added, you will only have to add
the user to one or more netgroups. Those changes are
independent of each other: no more for each combination
of user and machine do...
If your NIS setup is planned
carefully, you will only have to modify exactly one central
configuration file to grant or deny access to machines.
The first step is the initialization of the NIS map
netgroup. FreeBSD's &man.ypinit.8; does not create this map by
default, but its NIS implementation will support it once it has
been created. To create an empty map, simply type
ellington&prompt.root; vi /var/yp/netgroup
and start adding content. For our example, we need at
least four netgroups: IT employees, IT apprentices, normal
employees and interns.
IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
USERS (,echo,test-domain) (,foxtrott,test-domain) \
(,golf,test-domain)
INTERNS (,able,test-domain) (,baker,test-domain)
IT_EMP, IT_APP etc.
are the names of the netgroups. Each bracketed group adds
one or more user accounts to it. The three fields inside a
group are:
The name of the host(s) where the following items are
valid. If you do not specify a hostname, the entry is
valid on all hosts. If you do specify a hostname, you
will enter a realm of darkness, horror and utter confusion.
The name of the account that belongs to this
netgroup.
The NIS domain for the account. You can import
accounts from other NIS domains into your netgroup if you
are one of the unlucky fellows with more than one NIS
domain.
Each of these fields can contain wildcards. See
&man.netgroup.5; for details.
netgroups
Netgroup names longer than 8 characters should not be
used, especially if you have machines running other
operating systems within your NIS domain. The names are
case sensitive; using capital letters for your netgroup
names is an easy way to distinguish between user, machine
and netgroup names.
Some NIS clients (other than FreeBSD) cannot handle
netgroups with a large number of entries. For example, some
older versions of &sunos; start to cause trouble if a netgroup
contains more than 15 entries. You can
circumvent this limit by creating several sub-netgroups with
15 users or less and a real netgroup that consists of the
sub-netgroups:
BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...]
BIGGRP2 (,joe16,domain) (,joe17,domain) [...]
BIGGRP3 (,joe31,domain) (,joe32,domain)
BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3
You can repeat this process if you need more than 225
users within a single netgroup.
Activating and distributing your new NIS map is
easy:
ellington&prompt.root; cd /var/yp
ellington&prompt.root; make
This will generate the three NIS maps
netgroup,
netgroup.byhost and
netgroup.byuser. Use &man.ypcat.1; to
check if your new NIS maps are available:
ellington&prompt.user; ypcat -k netgroup
ellington&prompt.user; ypcat -k netgroup.byhost
ellington&prompt.user; ypcat -k netgroup.byuser
The output of the first command should resemble the
contents of /var/yp/netgroup. The second
command will not produce output if you have not specified
host-specific netgroups. The third command can be used to
get the list of netgroups for a user.
The client setup is quite simple. To configure the server
war, you only have to start
&man.vipw.8; and replace the line
+:::::::::
with
+@IT_EMP:::::::::
Now, only the data for the users defined in the netgroup
IT_EMP is imported into
war's password database and only
these users are allowed to login.
Unfortunately, this limitation also applies to the
~ function of the shell and all routines
converting between user names and numerical user IDs. In
other words, cd
~user will not work,
ls -l will show the numerical ID instead of
the username and find . -user joe -print
will fail with No such user. To fix
this, you will have to import all user entries
without allowing them to login onto your
servers.
This can be achieved by adding another line to
/etc/master.passwd. This line should
contain:
+:::::::::/sbin/nologin, meaning
Import all entries but replace the shell with
/sbin/nologin in the imported
entries
. You can replace any field in the
passwd entry by placing a default value in
your /etc/master.passwd.
Make sure that the line
+:::::::::/sbin/nologin is placed after
+@IT_EMP:::::::::. Otherwise, all user
accounts imported from NIS will have /sbin/nologin as their
login shell.
After this change, you will only have to change one NIS
map if a new employee joins the IT department. You could use
a similar approach for the less important servers by replacing
the old +::::::::: in their local version
of /etc/master.passwd with something like
this:
+@IT_EMP:::::::::
+@IT_APP:::::::::
+:::::::::/sbin/nologin
The corresponding lines for the normal workstations
could be:
+@IT_EMP:::::::::
+@USERS:::::::::
+:::::::::/sbin/nologin
And everything would be fine until there is a policy
change a few weeks later: The IT department starts hiring
interns. The IT interns are allowed to use the normal
workstations and the less important servers; and the IT
apprentices are allowed to login onto the main servers. You
add a new netgroup IT_INTERN, add the new
IT interns to this netgroup and start to change the
configuration on each and every machine... As the old saying
goes: Errors in centralized planning lead to global
mess
.
NIS' ability to create netgroups from other netgroups can
be used to prevent situations like these. One possibility
is the creation of role-based netgroups. For example, you
could create a netgroup called
BIGSRV to define the login
restrictions for the important servers, another netgroup
called SMALLSRV for the less
important servers and a third netgroup called
USERBOX for the normal
workstations. Each of these netgroups contains the netgroups
that are allowed to login onto these machines. The new
entries for your NIS map netgroup should look like this:
BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERS
This method of defining login restrictions works
reasonably well if you can define groups of machines with
identical restrictions. Unfortunately, this is the exception
and not the rule. Most of the time, you will need the ability
to define login restrictions on a per-machine basis.
Machine-specific netgroup definitions are the other
possibility to deal with the policy change outlined above. In
this scenario, the /etc/master.passwd of
each box contains two lines starting with +
.
The first of them adds a netgroup with the accounts allowed to
login onto this machine, the second one adds all other
accounts with /sbin/nologin as shell. It
is a good idea to use the ALL-CAPS
version of
the machine name as the name of the netgroup. In other words,
the lines should look like this:
+@BOXNAME:::::::::
+:::::::::/sbin/nologin
Once you have completed this task for all your machines,
you will not have to modify the local versions of
/etc/master.passwd ever again. All
further changes can be handled by modifying the NIS map. Here
is an example of a possible netgroup map for this
scenario with some additional goodies:
# Define groups of users first
IT_EMP (,alpha,test-domain) (,beta,test-domain)
IT_APP (,charlie,test-domain) (,delta,test-domain)
DEPT1 (,echo,test-domain) (,foxtrott,test-domain)
DEPT2 (,golf,test-domain) (,hotel,test-domain)
DEPT3 (,india,test-domain) (,juliet,test-domain)
ITINTERN (,kilo,test-domain) (,lima,test-domain)
D_INTERNS (,able,test-domain) (,baker,test-domain)
#
# Now, define some groups based on roles
USERS DEPT1 DEPT2 DEPT3
BIGSRV IT_EMP IT_APP
SMALLSRV IT_EMP IT_APP ITINTERN
USERBOX IT_EMP ITINTERN USERS
#
# And a groups for a special tasks
# Allow echo and golf to access our anti-virus-machine
SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain)
#
# machine-based netgroups
# Our main servers
WAR BIGSRV
FAMINE BIGSRV
# User india needs access to this server
POLLUTION BIGSRV (,india,test-domain)
#
# This one is really important and needs more access restrictions
DEATH IT_EMP
#
# The anti-virus-machine mentioned above
ONE SECURITY
#
# Restrict a machine to a single user
TWO (,hotel,test-domain)
# [...more groups to follow]
If you are using some kind of database to manage your user
accounts, you should be able to create the first part of the
map with your database's report tools. This way, new users
will automatically have access to the boxes.
One last word of caution: It may not always be advisable
to use machine-based netgroups. If you are deploying a couple of
dozen or even hundreds of identical machines for student labs,
you should use role-based netgroups instead of machine-based
netgroups to keep the size of the NIS map within reasonable
limits.
Important Things to Remember
There are still a couple of things that you will need to do
differently now that you are in an NIS environment.
Every time you wish to add a user to the lab, you
must add it to the master NIS server only,
and you must remember to rebuild the NIS
maps. If you forget to do this, the new user will
not be able to login anywhere except on the NIS master.
For example, if we needed to add a new user
jsmith to the lab, we would:
&prompt.root; pw useradd jsmith
&prompt.root; cd /var/yp
&prompt.root; make test-domain
You could also run adduser jsmith instead
of pw useradd jsmith.
Keep the administration accounts out of the
NIS maps. You do not want to be propagating
administrative accounts and passwords to machines that
will have users that should not have access to those
accounts.
Keep the NIS master and slave secure, and
minimize their downtime. If somebody either
hacks or simply turns off these machines, they have
effectively rendered many people without the ability to
login to the lab.
This is the chief weakness of any centralized administration
system. If you do
not protect your NIS servers, you will have a lot of angry
users!
NIS v1 Compatibility
FreeBSD's ypserv has some
support for serving NIS v1 clients. FreeBSD's NIS
implementation only uses the NIS v2 protocol, however other
implementations include support for the v1 protocol for
backwards compatibility with older systems. The
ypbind daemons supplied with these
systems will try to establish a binding to an NIS v1 server
even though they may never actually need it (and they may
persist in broadcasting in search of one even after they
receive a response from a v2 server). Note that while support
for normal client calls is provided, this version of
ypserv does not handle v1 map
transfer requests; consequently, it cannot be used as a master
or slave in conjunction with older NIS servers that only
support the v1 protocol. Fortunately, there probably are not
any such servers still in use today.
NIS Servers That Are Also NIS Clients
Care must be taken when running
ypserv in a multi-server domain
where the server machines are also NIS clients. It is
generally a good idea to force the servers to bind to
themselves rather than allowing them to broadcast bind
requests and possibly become bound to each other. Strange
failure modes can result if one server goes down and others
are dependent upon it. Eventually all the clients will time
out and attempt to bind to other servers, but the delay
involved can be considerable and the failure mode is still
present since the servers might bind to each other all over
again.
You can force a host to bind to a particular server by running
ypbind with the
flag. If you do not want to do this manually each time you
reboot your NIS server, you can add the following lines to
your /etc/rc.conf:
nis_client_enable="YES" # run client stuff as well
nis_client_flags="-S NIS domain,server"
See &man.ypbind.8; for further information.
Password Formats
NIS
password formats
One of the most common issues that people run into when trying
to implement NIS is password format compatibility. If your NIS
server is using DES encrypted passwords, it will only support
clients that are also using DES. For example, if you have
&solaris; NIS clients in your network, then you will almost certainly
need to use DES encrypted passwords.
To check which format your servers
and clients are using, look at /etc/login.conf.
If the host is configured to use DES encrypted passwords, then the
default class will contain an entry like this:
default:\
:passwd_format=des:\
:copyright=/etc/COPYRIGHT:\
[Further entries elided]
Other possible values for the passwd_format
capability include blf and md5
(for Blowfish and MD5 encrypted passwords, respectively).
If you have made changes to
/etc/login.conf, you will also need to
rebuild the login capability database, which is achieved by
running the following command as
root:
&prompt.root; cap_mkdb /etc/login.conf
The format of passwords already in
/etc/master.passwd will not be updated
until a user changes his password for the first time
after the login capability database is
rebuilt.
Next, in order to ensure that passwords are encrypted with
the format that you have chosen, you should also check that
the crypt_default in
/etc/auth.conf gives precedence to your
chosen password format. To do this, place the format that you
have chosen first in the list. For example, when using DES
encrypted passwords, the entry would be:
crypt_default = des blf md5
Having followed the above steps on each of the &os; based
NIS servers and clients, you can be sure that they all agree
on which password format is used within your network. If you
have trouble authenticating on an NIS client, this is a pretty
good place to start looking for possible problems. Remember:
if you want to deploy an NIS server for a heterogenous
network, you will probably have to use DES on all systems
because it is the lowest common standard.
Greg
Sutter
Written by
Automatic Network Configuration (DHCP)
What Is DHCP?
Dynamic Host Configuration Protocol
DHCP
Internet Software Consortium (ISC)
DHCP, the Dynamic Host Configuration Protocol, describes
the means by which a system can connect to a network and obtain the
necessary information for communication upon that network. FreeBSD
versions prior to 6.0 use the ISC (Internet Software
Consortium) DHCP client (&man.dhclient.8;) implementation.
Later versions use the OpenBSD dhclient
taken from OpenBSD 3.7. All
information here regarding dhclient is for
use with either of the ISC or OpenBSD DHCP clients. The DHCP
server is the one included in the ISC distribution.
What This Section Covers
This section describes both the client-side components of the ISC and OpenBSD DHCP client and
server-side components of the ISC DHCP system. The
client-side program, dhclient, comes
integrated within FreeBSD, and the server-side portion is
available from the net/isc-dhcp3-server port. The
&man.dhclient.8;, &man.dhcp-options.5;, and
&man.dhclient.conf.5; manual pages, in addition to the
references below, are useful resources.
How It Works
UDP
When dhclient, the DHCP client, is
executed on the client machine, it begins broadcasting
requests for configuration information. By default, these
requests are on UDP port 68. The server replies on UDP 67,
giving the client an IP address and other relevant network
information such as netmask, router, and DNS servers. All of
this information comes in the form of a DHCP
lease
and is only valid for a certain time
(configured by the DHCP server maintainer). In this manner,
stale IP addresses for clients no longer connected to the
network can be automatically reclaimed.
DHCP clients can obtain a great deal of information from
the server. An exhaustive list may be found in
&man.dhcp-options.5;.
FreeBSD Integration
&os; fully integrates the ISC or OpenBSD DHCP client,
dhclient (according to the &os; version you run). DHCP client support is provided
within both the installer and the base system, obviating the need
for detailed knowledge of network configurations on any network
that runs a DHCP server. dhclient has been
included in all FreeBSD distributions since 3.2.
sysinstall
DHCP is supported by
sysinstall. When configuring a
network interface within
sysinstall, the second question
asked is: Do you want to try DHCP configuration of
the interface?
. Answering affirmatively will
execute dhclient, and if successful, will
fill in the network configuration information
automatically.
There are two things you must do to have your system use
DHCP upon startup:
DHCP
requirements
Make sure that the bpf
device is compiled into your kernel. To do this, add
device bpf (pseudo-device
bpf under &os; 4.X) to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see . The
bpf device is already part of
the GENERIC kernel that is supplied
with FreeBSD, so if you do not have a custom kernel, you
should not need to create one in order to get DHCP
working.
For those who are particularly security conscious,
you should be warned that bpf
is also the device that allows packet sniffers to work
correctly (although they still have to be run as
root). bpf
is required to use DHCP, but if
you are very sensitive about security, you probably
should not add bpf to your
kernel in the expectation that at some point in the
future you will be using DHCP.
Edit your /etc/rc.conf to
include the following:
ifconfig_fxp0="DHCP"
Be sure to replace fxp0 with the
designation for the interface that you wish to dynamically
configure, as described in
.
If you are using a different location for
dhclient, or if you wish to pass additional
flags to dhclient, also include the
following (editing as necessary):
dhcp_program="/sbin/dhclient"
dhcp_flags=""
DHCP
server
The DHCP server, dhcpd, is included
as part of the net/isc-dhcp3-server port in the ports
collection. This port contains the ISC DHCP server and
documentation.
Files
DHCP
configuration files
/etc/dhclient.conf
dhclient requires a configuration file,
/etc/dhclient.conf. Typically the file
contains only comments, the defaults being reasonably sane. This
configuration file is described by the &man.dhclient.conf.5;
manual page.
/sbin/dhclient
dhclient is statically linked and
resides in /sbin. The &man.dhclient.8;
manual page gives more information about
dhclient.
/sbin/dhclient-script
dhclient-script is the FreeBSD-specific
DHCP client configuration script. It is described in
&man.dhclient-script.8;, but should not need any user
modification to function properly.
/var/db/dhclient.leases
The DHCP client keeps a database of valid leases in this
file, which is written as a log. &man.dhclient.leases.5;
gives a slightly longer description.
Further Reading
The DHCP protocol is fully described in
RFC 2131.
An informational resource has also been set up at
.
Installing and Configuring a DHCP Server
What This Section Covers
This section provides information on how to configure
a FreeBSD system to act as a DHCP server using the ISC
(Internet Software Consortium) implementation of the DHCP
suite.
The server portion of the suite is not provided as part of
FreeBSD, and so you will need to install the
net/isc-dhcp3-server
port to provide this service. See for
more information on using the Ports Collection.
DHCP Server Installation
DHCP
installation
In order to configure your FreeBSD system as a DHCP
server, you will need to ensure that the &man.bpf.4;
device is compiled into your kernel. To do this, add
device bpf (pseudo-device
bpf under &os; 4.X) to your kernel
configuration file, and rebuild the kernel. For more
information about building kernels, see .
The bpf device is already
part of the GENERIC kernel that is
supplied with FreeBSD, so you do not need to create a custom
kernel in order to get DHCP working.
Those who are particularly security conscious
should note that bpf
is also the device that allows packet sniffers to work
correctly (although such programs still need privileged
access). bpf
is required to use DHCP, but if
you are very sensitive about security, you probably
should not include bpf in your
kernel purely because you expect to use DHCP at some
point in the future.
The next thing that you will need to do is edit the sample
dhcpd.conf which was installed by the
net/isc-dhcp3-server port.
By default, this will be
/usr/local/etc/dhcpd.conf.sample, and you
should copy this to
/usr/local/etc/dhcpd.conf before proceeding
to make changes.
Configuring the DHCP Server
DHCP
dhcpd.conf
dhcpd.conf is
comprised of declarations regarding subnets and hosts, and is
perhaps most easily explained using an example :
option domain-name "example.com";
option domain-name-servers 192.168.4.100;
option subnet-mask 255.255.255.0;
default-lease-time 3600;
max-lease-time 86400;
ddns-update-style none;
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.129 192.168.4.254;
option routers 192.168.4.1;
}
host mailhost {
hardware ethernet 02:03:04:05:06:07;
fixed-address mailhost.example.com;
}
This option specifies the domain that will be provided
to clients as the default search domain. See
&man.resolv.conf.5; for more information on what this
means.
This option specifies a comma separated list of DNS
servers that the client should use.
The netmask that will be provided to clients.
A client may request a specific length of time that a
lease will be valid. Otherwise the server will assign
a lease with this expiry value (in seconds).
This is the maximum length of time that the server will
lease for. Should a client request a longer lease, a lease
will be issued, although it will only be valid for
max-lease-time seconds.
This option specifies whether the DHCP server should
attempt to update DNS when a lease is accepted or released.
In the ISC implementation, this option is
required.
This denotes which IP addresses should be used in
the pool reserved for allocating to clients. IP
addresses between, and including, the ones stated are
handed out to clients.
Declares the default gateway that will be provided to
clients.
The hardware MAC address of a host (so that the DHCP server
can recognize a host when it makes a request).
Specifies that the host should always be given the
same IP address. Note that using a hostname is
correct here, since the DHCP server will resolve the
hostname itself before returning the lease
information.
Once you have finished writing your
dhcpd.conf, you can proceed to start the
server by issuing the following command:
&prompt.root; /usr/local/etc/rc.d/isc-dhcpd.sh start
Should you need to make changes to the configuration of your
server in the future, it is important to note that sending a
SIGHUP signal to
dhcpd does not
result in the configuration being reloaded, as it does with most
daemons. You will need to send a SIGTERM
signal to stop the process, and then restart it using the command
above.
Files
DHCP
configuration files
/usr/local/sbin/dhcpd
dhcpd is statically linked and
resides in /usr/local/sbin. The
&man.dhcpd.8; manual page installed with the
port gives more information about
dhcpd.
/usr/local/etc/dhcpd.conf
dhcpd requires a configuration
file, /usr/local/etc/dhcpd.conf before it
will start providing service to clients. This file needs to
contain all the information that should be provided to clients
that are being serviced, along with information regarding the
operation of the server. This configuration file is described
by the &man.dhcpd.conf.5; manual page installed
by the port.
/var/db/dhcpd.leases
The DHCP server keeps a database of leases it has issued
in this file, which is written as a log. The manual page
&man.dhcpd.leases.5;, installed by the port
gives a slightly longer description.
/usr/local/sbin/dhcrelay
dhcrelay is used in advanced
environments where one DHCP server forwards a request from a
client to another DHCP server on a separate network. If you
require this functionality, then install the net/isc-dhcp3-relay port. The
&man.dhcrelay.8; manual page provided with the
port contains more detail.
Chern
Lee
Contributed by
Domain Name System (DNS)
Overview
BIND
FreeBSD utilizes, by default, a version of BIND (Berkeley
Internet Name Domain), which is the most common implementation
of the DNS protocol. DNS is the protocol through which names
are mapped to IP addresses, and vice versa. For example, a
query for www.FreeBSD.org will
receive a reply with the IP address of The FreeBSD Project's
web server, whereas, a query for ftp.FreeBSD.org will return the IP
address of the corresponding FTP machine. Likewise, the
opposite can happen. A query for an IP address can resolve
its hostname. It is not necessary to run a name server to
perform DNS lookups on a system.
DNS
DNS is coordinated across the Internet through a somewhat
complex system of authoritative root name servers, and other
smaller-scale name servers who host and cache individual domain
information.
This document refers to BIND 8.x, as it is the stable version
used in &os;. Versions of &os; 5.3 and beyond include
BIND9 and the configuration instructions
may be found later in this chapter. Users of &os; 5.2
and other previous versions may install BIND9
from the net/bind9 port.
RFC1034 and RFC1035 dictate the DNS protocol.
Currently, BIND is maintained by the
Internet Software Consortium .
Terminology
To understand this document, some terms related to DNS must be
understood.
resolver
reverse DNS
root zone
Term
Definition
Forward DNS
Mapping of hostnames to IP addresses
Origin
Refers to the domain covered in a particular zone
file
named, BIND, name server
Common names for the BIND name server package within
FreeBSD
Resolver
A system process through which a
machine queries a name server for zone information
Reverse DNS
The opposite of forward DNS; mapping of IP addresses to
hostnames
Root zone
The beginning of the Internet zone hierarchy.
All zones fall under the root zone, similar to how
all files in a file system fall under the root directory.
Zone
An individual domain, subdomain, or portion of the DNS administered by
the same authority
zones
examples
Examples of zones:
. is the root zone
org. is a zone under the root zone
example.org. is a
zone under the org. zone
foo.example.org. is
a subdomain, a zone under the example.org. zone
1.2.3.in-addr.arpa is a zone referencing
all IP addresses which fall under the 3.2.1.* IP space.
As one can see, the more specific part of a hostname
appears to its left. For example, example.org. is more specific than
org., as org. is more
specific than the root zone. The layout of each part of a
hostname is much like a file system: the
/dev directory falls within the root, and
so on.
Reasons to Run a Name Server
Name servers usually come in two forms: an authoritative
name server, and a caching name server.
An authoritative name server is needed when:
one wants to serve DNS information to the
world, replying authoritatively to queries.
a domain, such as example.org, is
registered and IP addresses need to be assigned to hostnames
under it.
an IP address block requires reverse DNS entries (IP to
hostname).
a backup name server, called a slave, must reply to queries
when the primary is down or inaccessible.
A caching name server is needed when:
a local DNS server may cache and respond more quickly
than querying an outside name server.
a reduction in overall network traffic is desired (DNS
traffic has been measured to account for 5% or more of total
Internet traffic).
When one queries for www.FreeBSD.org, the resolver usually
queries the uplink ISP's name server, and retrieves the reply.
With a local, caching DNS server, the query only has to be
made once to the outside world by the caching DNS server.
Every additional query will not have to look to the outside of
the local network, since the information is cached
locally.
How It Works
In FreeBSD, the BIND daemon is called
named for obvious reasons.
File
Description
named
the BIND daemon
ndc
name daemon control program
/etc/namedb
directory where BIND zone information resides
/etc/namedb/named.conf
daemon configuration file
Zone files are usually contained within the
/etc/namedb
directory, and contain the DNS zone information
served by the name server.
Starting BIND
BIND
starting
Since BIND is installed by default, configuring it all is
relatively simple.
To ensure the named daemon is
started at boot, put the following line in
/etc/rc.conf:
named_enable="YES"
To start the daemon manually (after configuring it):
&prompt.root; ndc start
Configuration Files
BIND
configuration files
Using make-localhost
Be sure to:
&prompt.root; cd /etc/namedb
&prompt.root; sh make-localhost
to properly create the local reverse DNS zone file in
/etc/namedb/master/localhost.rev.
/etc/namedb/named.conf
// $FreeBSD$
//
// Refer to the named(8) manual page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
127.0.0.1;
};
*/
Just as the comment says, to benefit from an uplink's cache,
forwarders can be enabled here. Under normal
circumstances, a name server will recursively query the Internet
looking at certain name servers until it finds the answer it is
looking for. Having this enabled will have it query the uplink's
name server (or name server provided) first, taking advantage of
its cache. If the uplink name server in question is a heavily
trafficked, fast name server, enabling this may be worthwhile.
127.0.0.1
will not work here.
Change this IP address to a name server at your uplink.
/*
* If there is a firewall between you and name servers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs BIND in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to BIND. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind:bind /etc/namedb/s
// chmod 750 /etc/namedb/s
For more information on running BIND in a sandbox, see
Running named in a sandbox.
/*
zone "example.com" {
type slave;
file "s/example.com.bak";
masters {
192.168.1.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "s/0.168.192.in-addr.arpa.bak";
masters {
192.168.1.1;
};
};
*/
In named.conf, these are examples of slave
entries for a forward and reverse zone.
For each new zone served, a new zone entry must be added to
named.conf.
For example, the simplest zone entry for
example.org can look like:
zone "example.org" {
type master;
file "example.org";
};
The zone is a master, as indicated by the
statement, holding its zone information in
/etc/namedb/example.org indicated by
the statement.
zone "example.org" {
type slave;
file "example.org";
};
In the slave case, the zone information is transferred from
the master name server for the particular zone, and saved in the
file specified. If and when the master server dies or is
unreachable, the slave name server will have the transferred
zone information and will be able to serve it.
Zone Files
An example master zone file for example.org (existing within
/etc/namedb/example.org) is as follows:
$TTL 3600
example.org. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; DNS Servers
@ IN NS ns1.example.org.
@ IN NS ns2.example.org.
; Machine Names
localhost IN A 127.0.0.1
ns1 IN A 3.2.1.2
ns2 IN A 3.2.1.3
mail IN A 3.2.1.10
@ IN A 3.2.1.30
; Aliases
www IN CNAME @
; MX Record
@ IN MX 10 mail.example.org.
Note that every hostname ending in a .
is an
exact hostname, whereas everything without a trailing
.
is referenced to the origin. For example,
www is translated into
www.origin.
In our fictitious zone file, our origin is
example.org., so www
would translate to www.example.org.
The format of a zone file follows:
recordname IN recordtype value
DNS
records
The most commonly used DNS records:
SOA
start of zone authority
NS
an authoritative name server
A
a host address
CNAME
the canonical name for an alias
MX
mail exchanger
PTR
a domain name pointer (used in reverse DNS)
example.org. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
example.org.
the domain name, also the origin for this
zone file.
ns1.example.org.
the primary/authoritative name server for this
zone.
admin.example.org.
the responsible person for this zone,
email address with @
replaced. (admin@example.org becomes
admin.example.org)
5
the serial number of the file. This
must be incremented each time the zone file is
modified. Nowadays, many admins prefer a
yyyymmddrr format for the serial
number. 2001041002 would mean
last modified 04/10/2001, the latter
02 being the second time the zone
file has been modified this day. The serial number
is important as it alerts slave name servers for a
zone when it is updated.
@ IN NS ns1.example.org.
This is an NS entry. Every name server that is going to reply
authoritatively for the zone must have one of these entries.
The @ as seen here could have been
example.org.
The @ translates to the origin.
localhost IN A 127.0.0.1
ns1 IN A 3.2.1.2
ns2 IN A 3.2.1.3
mail IN A 3.2.1.10
@ IN A 3.2.1.30
The A record indicates machine names. As seen above,
ns1.example.org would resolve
to 3.2.1.2. Again, the
origin symbol, @, is used here, thus
meaning example.org would
resolve to 3.2.1.30.
www IN CNAME @
The canonical name record is usually used for giving aliases
to a machine. In the example, www is
aliased to the machine addressed to the origin, or
example.org
(3.2.1.30).
CNAMEs can be used to provide alias
hostnames, or round robin one hostname among multiple
machines.
MX record
@ IN MX 10 mail.example.org.
The MX record indicates which mail
servers are responsible for handling incoming mail for the
zone. mail.example.org is the
hostname of the mail server, and 10 being the priority of
that mail server.
One can have several mail servers, with priorities of 3, 2,
1. A mail server attempting to deliver to example.org would first try the
highest priority MX, then the second highest, etc, until the
mail can be properly delivered.
For in-addr.arpa zone files (reverse DNS), the same format is
used, except with PTR entries instead of
A or CNAME.
$TTL 3600
1.2.3.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
5 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum
@ IN NS ns1.example.org.
@ IN NS ns2.example.org.
2 IN PTR ns1.example.org.
3 IN PTR ns2.example.org.
10 IN PTR mail.example.org.
30 IN PTR example.org.
This file gives the proper IP address to hostname
mappings of our above fictitious domain.
Caching Name Server
BIND
caching name server
A caching name server is a name server that is not
authoritative for any zones. It simply asks queries of its
own, and remembers them for later use. To set one up, just
configure the name server as usual, omitting any inclusions of
zones.
Running named in a Sandbox
BIND
running in a sandbox
chroot
For added security you may want to run &man.named.8; as an
unprivileged user, and configure it to &man.chroot.8; into a
sandbox directory. This makes everything outside of the
sandbox inaccessible to the named
daemon. Should named be
compromised, this will help to reduce the damage that can be
caused. By default, FreeBSD has a user and a group called
bind, intended for this use.
Various people would recommend that instead of configuring
named to chroot, you
should run named inside a &man.jail.8;.
This section does not attempt to cover this situation.
Since named will not be able to
access anything outside of the sandbox (such as shared
libraries, log sockets, and so on), there are a number of steps
that need to be followed in order to allow
named to function correctly. In the
following checklist, it is assumed that the path to the sandbox
is /etc/namedb and that you have made no
prior modifications to the contents of this directory. Perform
the following steps as root:
Create all directories that named
expects to see:
&prompt.root; cd /etc/namedb
&prompt.root; mkdir -p bin dev etc var/tmp var/run master slave
&prompt.root; chown bind:bind slave var/*
named only needs write access to
these directories, so that is all we give it.
Rearrange and create basic zone and configuration files:
&prompt.root; cp /etc/localtime etc
&prompt.root; mv named.conf etc && ln -sf etc/named.conf
&prompt.root; mv named.root master
&prompt.root; sh make-localhost
&prompt.root; cat > master/named.localhost
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
^D
This allows named to log the
correct time to &man.syslogd.8;.
syslog
log files
named
If you are running a version of &os; prior to 4.9-RELEASE, build a statically linked copy of
named-xfer, and copy it into the sandbox:
&prompt.root; cd /usr/src/lib/libisc
&prompt.root; make cleandir && make cleandir && make depend && make all
&prompt.root; cd /usr/src/lib/libbind
&prompt.root; make cleandir && make cleandir && make depend && make all
&prompt.root; cd /usr/src/libexec/named-xfer
&prompt.root; make cleandir && make cleandir && make depend && make NOSHARED=yes all
&prompt.root; cp named-xfer /etc/namedb/bin && chmod 555 /etc/namedb/bin/named-xfer
After your statically linked
named-xfer is installed some cleaning up
is required, to avoid leaving stale copies of libraries or
programs in your source tree:
&prompt.root; cd /usr/src/lib/libisc
&prompt.root; make cleandir
&prompt.root; cd /usr/src/lib/libbind
&prompt.root; make cleandir
&prompt.root; cd /usr/src/libexec/named-xfer
&prompt.root; make cleandir
This step has been reported to fail occasionally. If this
happens to you, then issue the command:
&prompt.root; cd /usr/src && make cleandir && make cleandir
and delete your /usr/obj tree:
&prompt.root; rm -fr /usr/obj && mkdir /usr/obj
This will clean out any cruft
from your
source tree, and retrying the steps above should then work.
If you are running &os; version 4.9-RELEASE or later,
then the copy of named-xfer in
/usr/libexec is statically linked by
default, and you can simply use &man.cp.1; to copy it into
your sandbox.
Make a dev/null that
named can see and write to:
&prompt.root; cd /etc/namedb/dev && mknod null c 2 2
&prompt.root; chmod 666 null
Symlink /var/run/ndc to
/etc/namedb/var/run/ndc:
&prompt.root; ln -sf /etc/namedb/var/run/ndc /var/run/ndc
This simply avoids having to specify the
option to &man.ndc.8; every time you
run it. Since the contents of
/var/run are deleted on boot, it may
be useful to add this command to
root's &man.crontab.5;, using the
option.
syslog
log files
named
Configure &man.syslogd.8; to create an extra
log socket that
named can write to. To do this,
add -l /etc/namedb/dev/log to the
syslogd_flags variable in
/etc/rc.conf.
chroot
Arrange to have named start
and chroot itself to the sandbox by
adding the following to
/etc/rc.conf:
named_enable="YES"
named_flags="-u bind -g bind -t /etc/namedb /etc/named.conf"
Note that the configuration file
/etc/named.conf is denoted by a full
pathname relative to the sandbox, i.e. in
the line above, the file referred to is actually
/etc/namedb/etc/named.conf.
The next step is to edit
/etc/namedb/etc/named.conf so that
named knows which zones to load and
where to find them on the disk. There follows a commented
example (anything not specifically commented here is no
different from the setup for a DNS server not running in a
sandbox):
options {
directory "/";
named-xfer "/bin/named-xfer";
version ""; // Don't reveal BIND version
query-source address * port 53;
};
// ndc control socket
controls {
unix "/var/run/ndc" perm 0600 owner 0 group 0;
};
// Zones follow:
zone "localhost" IN {
type master;
file "master/named.localhost";
allow-transfer { localhost; };
notify no;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/localhost.rev";
allow-transfer { localhost; };
notify no;
};
zone "." IN {
type hint;
file "master/named.root";
};
zone "private.example.net" in {
type master;
file "master/private.example.net.db";
allow-transfer { 192.168.10.0/24; };
};
zone "10.168.192.in-addr.arpa" in {
type slave;
masters { 192.168.10.2; };
file "slave/192.168.10.db";
};
The
directory statement is specified as
/, since all files that
named needs are within this
directory (recall that this is equivalent to a
normal
user's
/etc/namedb).
Specifies the full path
to the named-xfer binary (from
named's frame of reference). This
is necessary since named is
compiled to look for named-xfer in
/usr/libexec by default.
Specifies the filename (relative
to the directory statement above) where
named can find the zone file for this
zone.
Specifies the filename
(relative to the directory statement above)
where named should write a copy of
the zone file for this zone after successfully transferring it
from the master server. This is why we needed to change the
ownership of the directory slave to
bind in the setup stages above.
After completing the steps above, either reboot your
server or restart &man.syslogd.8; and start &man.named.8;, making
sure to use the new options specified in
syslogd_flags and
named_flags. You should now be running a
sandboxed copy of named!
Security
Although BIND is the most common implementation of DNS,
there is always the issue of security. Possible and
exploitable security holes are sometimes found.
It is a good idea to read CERT's security advisories and
to subscribe to the &a.security-notifications;
to stay up to date with the current Internet and FreeBSD security
issues.
If a problem arises, keeping sources up to date and
having a fresh build of named would
not hurt.
Further Reading
BIND/named manual pages:
&man.ndc.8; &man.named.8; &man.named.conf.5;
Official ISC BIND
Page
BIND FAQ
O'Reilly
DNS and BIND 4th Edition
RFC1034
- Domain Names - Concepts and Facilities
RFC1035
- Domain Names - Implementation and Specification
Tom
Rhodes
Written by
BIND9 and &os;
bind9
setting up
The release of &os; 5.3 brought the
BIND9 DNS server software
into the distribution. New security features, a new file system
layout and automated &man.chroot.8; configuration came with the
import. This section has been written in two parts, the first
will discuss new features and their configuration; the latter
will cover upgrades to aid in move to &os; 5.3. From this
moment on, the server will be referred to simply as
&man.named.8; in place of BIND. This section
skips over the terminology described in the previous section as
well as some of the theoretical discussions; thus, it is
recommended that the previous section be consulted before reading
any further here.
Configuration files for named currently
reside in
/var/named/etc/namedb/ and
will need modification before use. This is where most of the
configuration will be performed.
Configuration of a Master Zone
To configure a master zone visit
/var/named/etc/namedb/
and run the following command:
&prompt.root; sh make-localhost
If all went well a new file should exist in the
master directory. The
filenames should be localhost.rev for
the local domain name and localhost-v6.rev
for IPv6 configurations. As the default
configuration file, configuration for its use will already
be present in the named.conf file.
Configuration of a Slave Zone
Configuration for extra domains or sub domains may be
done properly by setting them as a slave zone. In most cases,
the master/localhost.rev file could just be
copied over into the slave
directory and modified. Once completed, the files need
to be properly added in named.conf such
as in the following configuration for
example.com:
zone "example.com" {
type slave;
file "slave/example.com";
masters {
10.0.0.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "slave/0.168.192.in-addr.arpa";
masters {
10.0.0.1;
};
};
Note well that in this example, the master
IP address is the primary domain server
from which the zones are transferred; it does not necessary serve
as DNS server itself.
System Initialization Configuration
In order for the named daemon to start
when the system is booted, the following option must be present
in the rc.conf file:
named_enable="YES"
While other options exist, this is the bare minimal
requirement. Consult the &man.rc.conf.5; manual page for
a list of the other options. If nothing is entered in the
rc.conf file then named
may be started on the command line by invoking:
&prompt.root; /etc/rc.d/named start
BIND9 Security
While &os; automatically drops named
into a &man.chroot.8; environment; there are several other
security mechanisms in place which could help to lure off
possible DNS service attacks.
Query Access Control Lists
A query access control list can be used to restrict
queries against the zones. The configuration works by
defining the network inside of the acl
token and then listing IP addresses in
the zone configuration. To permit domains to query the
example host, just define it like this:
acl "example.com" {
192.168.0.0/24;
};
zone "example.com" {
type slave;
file "slave/example.com";
masters {
10.0.0.1;
};
allow-query { example.com; };
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "slave/0.168.192.in-addr.arpa";
masters {
10.0.0.1;
};
allow-query { example.com; };
};
Restrict Version
Permitting version lookups on the DNS
server could be opening the doors for an attacker. A
malicious user may use this information to hunt up known
exploits or bugs to utilize against the host.
Setting a false version will not protect the server
from exploits. Only upgrading to a version that is not
vulnerable will protect your server.
A false version string can be placed the
options section of
named.conf:
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "None of your business";
};
Murray
Stokely
Contributed by
Apache HTTP Server
web servers
setting up
Apache
Overview
&os; is used to run some of the busiest web sites in the
world. The majority of web servers on the Internet are using
the Apache HTTP Server.
Apache software packages should be
included on your FreeBSD installation media. If you did not
install Apache when you first
installed FreeBSD, then you can install it from the www/apache13 or www/apache20 port.
Once Apache has been installed
successfully, it must be configured.
This section covers version 1.3.X of the
Apache HTTP Server as that is the
most widely used version for &os;. Apache 2.X introduces many
new technologies but they are not discussed here. For more
information about Apache 2.X, please see .
Configuration
Apache
configuration file
The main Apache HTTP Server configuration file is
installed as
/usr/local/etc/apache/httpd.conf on &os;.
This file is a typical &unix; text configuration file with
comment lines beginning with the #
character. A comprehensive description of all possible
configuration options is outside the scope of this book, so
only the most frequently modified directives will be described
here.
ServerRoot "/usr/local"
This specifies the default directory hierarchy for
the Apache installation. Binaries are stored in the
bin and
sbin subdirectories
of the server root, and configuration files are stored in
etc/apache.
ServerAdmin you@your.address
The address to which problems with the server should
be emailed. This address appears on some
server-generated pages, such as error documents.
ServerName www.example.com
ServerName allows you to set a host name which is
sent back to clients for your server if it is different
to the one that the host is configured with (i.e., use www
instead of the host's real name).
DocumentRoot "/usr/local/www/data"
DocumentRoot: The directory out of which you will
serve your documents. By default, all requests are taken
from this directory, but symbolic links and aliases may
be used to point to other locations.
It is always a good idea to make backup copies of your
Apache configuration file before making changes. Once you are
satisfied with your initial configuration you are ready to
start running Apache.
Running Apache
Apache
starting or stopping
Apache does not run from the
inetd super server as many other
network servers do. It is configured to run standalone for
better performance for incoming HTTP requests from client web
browsers. A shell script wrapper is included to make
starting, stopping, and restarting the server as simple as
possible. To start up Apache for
the first time, just run:
&prompt.root; /usr/local/sbin/apachectl start
You can stop the server at any time by typing:
&prompt.root; /usr/local/sbin/apachectl stop
After making changes to the configuration file for any
reason, you will need to restart the server:
&prompt.root; /usr/local/sbin/apachectl restart
To restart Apache without
aborting current connections, run:
&prompt.root; /usr/local/sbin/apachectl graceful
Additional information available at
&man.apachectl.8; manual page.
To launch Apache at system
startup, add the following line to
/etc/rc.conf:
apache_enable="YES"
If you would like to supply additional command line
options for the Apache
httpd program started at system boot, you
may specify them with an additional line in
rc.conf:
apache_flags=""
Now that the web server is running, you can view your web
site by pointing a web browser to
http://localhost/. The default web page
that is displayed is
/usr/local/www/data/index.html.
Virtual Hosting
Apache supports two different
types of Virtual Hosting. The first method is Name-based
Virtual Hosting. Name-based virtual hosting uses the clients
HTTP/1.1 headers to figure out the hostname. This allows many
different domains to share the same IP address.
To setup Apache to use
Name-based Virtual Hosting add an entry like the following to
your httpd.conf:
NameVirtualHost *
If your webserver was named www.domain.tld and
you wanted to setup a virtual domain for
www.someotherdomain.tld then you would add
the following entries to
httpd.conf:
<VirtualHost *>
ServerName www.domain.tld
DocumentRoot /www/domain.tld
</VirtualHost>
<VirtualHost *>
ServerName www.someotherdomain.tld
DocumentRoot /www/someotherdomain.tld
</VirtualHost>
Replace the addresses with the addresses you want to use
and the path to the documents with what you are using.
For more information about setting up virtual hosts,
please consult the official Apache
documentation at: .
Apache Modules
Apache
modules
There are many different Apache modules available to add
functionality to the basic server. The FreeBSD Ports
Collection provides an easy way to install
Apache together with some of the
more popular add-on modules.
mod_ssl
web servers
secure
SSL
cryptography
The mod_ssl module uses the OpenSSL library to provide
strong cryptography via the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols. This
module provides everything necessary to request a signed
certificate from a trusted certificate signing authority so
that you can run a secure web server on &os;.
If you have not yet installed
Apache, then a version of Apache
1.3.X that includes mod_ssl may be installed with the www/apache13-modssl port. SSL
support is also available for Apache 2.X in the
www/apache20 port,
where it is enabled by default.
Dynamic Websites with Perl & PHP
In the past few years, more businesses have turned to the
Internet in order to enhance their revenue and increase
exposure. This has also increased the need for interactive
web content. While some companies, such as µsoft;, have
introduced solutions into their proprietary products, the
open source community answered the call. Two options for
dynamic web content include mod_perl & mod_php.
mod_perl
mod_perl
Perl
The Apache/Perl integration project brings together the
full power of the Perl programming language and the Apache
HTTP Server. With the mod_perl module it is possible to
write Apache modules entirely in Perl. In addition, the
persistent interpreter embedded in the server avoids the
overhead of starting an external interpreter and the penalty
of Perl start-up time.
mod_perl is available a few
different ways. To use mod_perl
remember that mod_perl 1.0 only
works with Apache 1.3 and
mod_perl 2.0 only works with
Apache 2.
mod_perl 1.0 is available in
www/mod_perl and a
statically compiled version is available in
www/apache13-modperl.
mod_perl 2.0 is avaliable in
www/mod_perl2.
Tom
Rhodes
Written by
mod_php
mod_php
PHP
PHP, also known as PHP:
Hypertext Preprocessor
is a general-purpose scripting
language that is especially suited for Web development.
Capable of being embedded into HTML its
syntax draws upon C, &java;, and Perl with the intention of
allowing web developers to write dynamically generated
webpages quickly.
To gain support for PHP5 for the
Apache web server, begin by
installing the
www/mod_php5
port.
This will install and configure the modules required
to support dynamic PHP applications. Check
to ensure the following lines have been added to
/usr/local/etc/apache/httpd.conf:
LoadModule php5_module libexec/apache/libphp5.so
AddModule mod_php5.c
<IfModule mod_php5.c>
DirectoryIndex index.php index.html
</IfModule>
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
Once completed, a simple call to the
apachectl command for a graceful
restart is needed to load the PHP
module:
&prompt.root; apachectl graceful
The PHP support in &os; is extremely
modular so the base install is very limited. It is very easy
to add support using the
lang/php5-extensions port.
This port provides a menu driven interface to
PHP extension installation.
Alternatively, individual extensions can be installed using
the appropriate port.
For instance, to add support for the
MySQL database server to
PHP5, simply install the
databases/php5-mysql
port.
After installing an extension, the
Apache server must be reloaded to
pick up the new configuration changes.
&prompt.root; apachectl graceful
Murray
Stokely
Contributed by
File Transfer Protocol (FTP)
FTP servers
Overview
The File Transfer Protocol (FTP) provides users with a
simple way to transfer files to and from an FTP server. &os;
includes FTP
server software, ftpd, in the base
system. This makes setting up and administering an FTP server on FreeBSD
very straightforward.
Configuration
The most important configuration step is deciding which
accounts will be allowed access to the FTP server. A normal
FreeBSD system has a number of system accounts used for
various daemons, but unknown users should not be allowed to
log in with these accounts. The
/etc/ftpusers file is a list of users
disallowed any FTP access. By default, it includes the
aforementioned system accounts, but it is possible to add
specific users here that should not be allowed access to
FTP.
You may want to restrict the access of some users without
preventing them completely from using FTP. This can be
accomplished with the /etc/ftpchroot
file. This file lists users and groups subject to FTP access
restrictions. The &man.ftpchroot.5; manual page has all of
the details so it will not be described in detail here.
FTP
anonymous
If you would like to enable anonymous FTP access to your
server, then you must create a user named
ftp on your &os; system. Users will then
be able to log on to your FTP server with a username of
ftp or anonymous and
with any password (by convention an email address for the user
should be used as the password). The FTP server will call
&man.chroot.2; when an anonymous user logs in, to restrict
access to only the home directory of the
ftp user.
There are two text files that specify welcome messages to
be displayed to FTP clients. The contents of the file
/etc/ftpwelcome will be displayed to
users before they reach the login prompt. After a successful
login, the contents of the file
/etc/ftpmotd will be displayed. Note
that the path to this file is relative to the login environment, so the
file ~ftp/etc/ftpmotd would be displayed
for anonymous users.
Once the FTP server has been configured properly, it must
be enabled in /etc/inetd.conf. All that
is required here is to remove the comment symbol
#
from in front of the existing
ftpd line :
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
As explained in , a
HangUP Signal must be sent to inetd
after this configuration file is changed.
You can now log on to your FTP server by typing:
&prompt.user; ftp localhost
Maintaining
syslog
log files
FTP
The ftpd daemon uses
&man.syslog.3; to log messages. By default, the system log
daemon will put messages related to FTP in the
/var/log/xferlog file. The location of
the FTP log can be modified by changing the following line in
/etc/syslog.conf:
ftp.info /var/log/xferlog
FTP
anonymous
Be aware of the potential problems involved with running
an anonymous FTP server. In particular, you should think
twice about allowing anonymous users to upload files. You may
find that your FTP site becomes a forum for the trade of
unlicensed commercial software or worse. If you do need to
allow anonymous FTP uploads, then you should set up the
permissions so that these files can not be read by other
anonymous users until they have been reviewed.
Murray
Stokely
Contributed by
File and Print Services for µsoft.windows; clients (Samba)
Samba server
Microsoft Windows
file server
Windows clients
print server
Windows clients
Overview
Samba is a popular open source
software package that provides file and print services for
µsoft.windows; clients. Such clients can connect to and
use FreeBSD filespace as if it was a local disk drive, or
FreeBSD printers as if they were local printers.
Samba software packages should
be included on your FreeBSD installation media. If you did
not install Samba when you first
installed FreeBSD, then you can install it from the net/samba3 port or package.
Configuration
A default Samba configuration
file is installed as
/usr/local/etc/smb.conf.default. This
file must be copied to
/usr/local/etc/smb.conf and customized
before Samba can be used.
The smb.conf file contains runtime
configuration information for
Samba, such as definitions of the
printers and file system shares
that you would
like to share with &windows; clients. The
Samba package includes a web based
tool called swat which provides a
simple way of configuring the smb.conf
file.
Using the Samba Web Administration Tool (SWAT)
The Samba Web Administration Tool (SWAT) runs as a
daemon from inetd. Therefore, the
following line in /etc/inetd.conf
should be uncommented before swat can be
used to configure Samba:
swat stream tcp nowait/400 root /usr/local/sbin/swat
As explained in , a
HangUP Signal must be sent to
inetd after this configuration
file is changed.
Once swat has been enabled in
inetd.conf, you can use a browser to
connect to . You will
first have to log on with the system root account.
Once you have successfully logged on to the main
Samba configuration page, you can
browse the system documentation, or begin by clicking on the
Globals tab. The Globals section corresponds to the
variables that are set in the [global]
section of
/usr/local/etc/smb.conf.
Global Settings
Whether you are using swat or
editing /usr/local/etc/smb.conf
directly, the first directives you are likely to encounter
when configuring Samba
are:
workgroup
NT Domain-Name or Workgroup-Name for the computers
that will be accessing this server.
netbios name
NetBIOS
This sets the NetBIOS name by which a Samba server
is known. By default it is the same as the first
component of the host's DNS name.
server string
This sets the string that will be displayed with
the net view command and some other
networking tools that seek to display descriptive text
about the server.
Security Settings
Two of the most important settings in
/usr/local/etc/smb.conf are the
security model chosen, and the backend password format for
client users. The following directives control these
options:
security
The two most common options here are
security = share and security
= user. If your clients use usernames that
are the same as their usernames on your &os; machine
then you will want to use user level security. This
is the default security policy and it requires clients
to first log on before they can access shared
resources.
In share level security, client do not need to log
onto the server with a valid username and password
before attempting to connect to a shared resource.
This was the default security model for older versions
of Samba.
passdb backend
- NIS+
- LDAP
- SQL database
-
Samba has several
different backend authentication models. You can
- authenticate clients with LDAP, NIS+, a SQL database,
+ authenticate clients with LDAPLDAP,
+ NIS+NIS+, a SQL databaseSQL database,
or a modified password file. The default
authentication method is smbpasswd,
and that is all that will be covered here.
Assuming that the default smbpasswd
backend is used, the
/usr/local/private/smbpasswd file must
be created to allow Samba to
authenticate clients. If you would like to give all of
your &unix; user accounts access from &windows; clients, use the
following command:
&prompt.root; grep -v "^#" /etc/passwd | make_smbpasswd > /usr/local/private/smbpasswd
&prompt.root; chmod 600 /usr/local/private/smbpasswd
Please see the Samba
documentation for additional information about configuration
options. With the basics outlined here, you should have
everything you need to start running
Samba.
Starting Samba
To enable Samba when your
system boots, add the following line to
/etc/rc.conf:
samba_enable="YES"
You can then start Samba at any
time by typing:
&prompt.root; /usr/local/etc/rc.d/samba.sh start
Starting SAMBA: removing stale tdbs :
Starting nmbd.
Starting smbd.
Samba actually consists of
three separate daemons. You should see that both the
nmbd and smbd daemons
are started by the samba.sh script. If
you enabled winbind name resolution services in
smb.conf, then you will also see that
the winbindd daemon is started.
You can stop Samba at any time
by typing :
&prompt.root; /usr/local/etc/rc.d/samba.sh stop
Samba is a complex software
suite with functionality that allows broad integration with
µsoft.windows; networks. For more information about
functionality beyond the basic installation described here,
please see .
Tom
Hukins
Contributed by
Clock Synchronization with NTP
NTP
Overview
Over time, a computer's clock is prone to drift. The
Network Time Protocol (NTP) is one way to ensure your clock stays
accurate.
Many Internet services rely on, or greatly benefit from,
computers' clocks being accurate. For example, a web server
may receive requests to send a file if it has been modified since a
certain time. In a local area network environment, it is
essential that computers sharing files from the same file
server have synchronized clocks so that file timestamps stay
consistent. Services such as &man.cron.8; also rely on
an accurate system clock to run commands at the specified
times.
NTP
ntpd
FreeBSD ships with the &man.ntpd.8; NTP server which can be used to query
other NTP
servers to set the clock on your machine or provide time
services to others.
Choosing Appropriate NTP Servers
NTP
choosing servers
In order to synchronize your clock, you will need to find
one or more NTP servers to use. Your network
administrator or ISP may have set up an NTP server for this
purpose—check their documentation to see if this is the
case. There is an online
list of publicly accessible NTP servers which you can
use to find an NTP server near to you. Make sure you are
aware of the policy for any servers you choose, and ask for
permission if required.
Choosing several unconnected NTP servers is a good idea in
case one of the servers you are using becomes unreachable or
its clock is unreliable. &man.ntpd.8; uses the responses it
receives from other servers intelligently—it will favor
unreliable servers less than reliable ones.
Configuring Your Machine
NTP
configuration
Basic Configuration
ntpdate
If you only wish to synchronize your clock when the
machine boots up, you can use &man.ntpdate.8;. This may be
appropriate for some desktop machines which are frequently
rebooted and only require infrequent synchronization, but
most machines should run &man.ntpd.8;.
Using &man.ntpdate.8; at boot time is also a good idea
for machines that run &man.ntpd.8;. The &man.ntpd.8;
program changes the clock gradually, whereas &man.ntpdate.8;
sets the clock, no matter how great the difference between a
machine's current clock setting and the correct time.
To enable &man.ntpdate.8; at boot time, add
ntpdate_enable="YES" to
/etc/rc.conf. You will also need to
specify all servers you wish to synchronize with and any
flags to be passed to &man.ntpdate.8; in
ntpdate_flags.
General Configuration
NTP
ntp.conf
NTP is configured by the
/etc/ntp.conf file in the format
described in &man.ntp.conf.5;. Here is a simple
example:
server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.drift
The server option specifies which
servers are to be used, with one server listed on each line.
If a server is specified with the prefer
argument, as with ntplocal.example.com, that server is
preferred over other servers. A response from a preferred
server will be discarded if it differs significantly from
other servers' responses, otherwise it will be used without
any consideration to other responses. The
prefer argument is normally used for NTP
servers that are known to be highly accurate, such as those
with special time monitoring hardware.
The driftfile option specifies which
file is used to store the system clock's frequency offset.
The &man.ntpd.8; program uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time.
The driftfile option specifies which
file is used to store information about previous responses
from the NTP servers you are using. This file contains
internal information for NTP. It should not be modified by
any other process.
Controlling Access to Your Server
By default, your NTP server will be accessible to all
hosts on the Internet. The restrict
option in /etc/ntp.conf allows you to
control which machines can access your server.
If you want to deny all machines from accessing your NTP
server, add the following line to
/etc/ntp.conf:
restrict default ignore
If you only want to allow machines within your own
network to synchronize their clocks with your server, but
ensure they are not allowed to configure the server or used
as peers to synchronize against, add
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
instead, where 192.168.1.0 is
an IP address on your network and 255.255.255.0 is your network's
netmask.
/etc/ntp.conf can contain multiple
restrict options. For more details, see
the Access Control Support subsection of
&man.ntp.conf.5;.
Running the NTP Server
To ensure the NTP server is started at boot time, add the
line ntpd_enable="YES" to
/etc/rc.conf. If you wish to pass
additional flags to &man.ntpd.8;, edit the
ntpd_flags parameter in
/etc/rc.conf.
To start the server without rebooting your machine, run
ntpd being sure to specify any additional
parameters from ntpd_flags in
/etc/rc.conf. For example:
&prompt.root; ntpd -p /var/run/ntpd.pid
Under &os; 4.X,
you have to replace every instance of ntpd
with xntpd in the options above.
Using ntpd with a Temporary Internet
Connection
The &man.ntpd.8; program does not need a permanent
connection to the Internet to function properly. However, if
you have a temporary connection that is configured to dial out
on demand, it is a good idea to prevent NTP traffic from
triggering a dial out or keeping the connection alive. If you
are using user PPP, you can use filter
directives in /etc/ppp/ppp.conf. For
example:
set filter dial 0 deny udp src eq 123
# Prevent NTP traffic from initiating dial out
set filter dial 1 permit 0 0
set filter alive 0 deny udp src eq 123
# Prevent incoming NTP traffic from keeping the connection open
set filter alive 1 deny udp dst eq 123
# Prevent outgoing NTP traffic from keeping the connection open
set filter alive 2 permit 0/0 0/0
For more details see the PACKET
FILTERING section in &man.ppp.8; and the examples in
/usr/share/examples/ppp/.
Some Internet access providers block low-numbered ports,
preventing NTP from functioning since replies never
reach your machine.
Further Information
Documentation for the NTP server can be found in
/usr/share/doc/ntp/ in HTML
format.
diff --git a/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml
index 234cd31fd2..d7d20829a5 100644
--- a/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml
+++ b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml
@@ -1,3233 +1,3193 @@
Jim
Mock
Restructured, reorganized, and updated by
PPP and SLIP
Synopsis
PPP
SLIP
FreeBSD has a number of ways to link one computer to
another. To establish a network or Internet connection through a
dial-up modem, or to allow others to do so through you, requires
the use of PPP or SLIP. This chapter describes setting up
these modem-based communication services in detail.
After reading this chapter, you will know:
How to set up user PPP.
How to set up kernel PPP.
How to set up PPPoE (PPP over
Ethernet).
How to set up PPPoA (PPP over
ATM).
How to configure and set up a SLIP client and
server.
PPP
user PPP
PPP
kernel PPP
PPP
over Ethernet
Before reading this chapter, you should:
Be familiar with basic network terminology.
Understand the basics and purpose of a dialup connection
and PPP and/or SLIP.
You may be wondering what the main difference is between user
PPP and kernel PPP. The answer is simple: user PPP processes the
inbound and outbound data in userland rather than in the kernel.
This is expensive in terms of copying the data between the kernel
and userland, but allows a far more feature-rich PPP implementation.
User PPP uses the tun device to communicate
with the outside world whereas kernel PPP uses the
ppp device.
Throughout in this chapter, user PPP will simply be
referred to as ppp unless a distinction needs to be made between it
and any other PPP software such as pppd.
Unless otherwise stated, all of the commands explained in this
chapter should be executed as root.
Tom
Rhodes
Updated and enhanced by
Brian
Somers
Originally contributed by
Nik
Clayton
With input from
Dirk
Frömberg
Peter
Childs
Using User PPP
User PPP
Assumptions
This document assumes you have the following:
-
- ISP
-
-
- PPP
-
- An account with an Internet Service Provider (ISP) which
- you connect to using PPP.
+ An account with an Internet Service Provider (ISP)ISP which
+ you connect to using PPPPPP.
You have a modem or
other device connected to your system and configured
correctly which allows you to connect to your ISP.
The dial-up number(s) of your ISP.
-
- PAP
-
-
- CHAP
-
-
- UNIX
-
-
- login name
-
-
- password
-
- Your login name and password. (Either a
- regular &unix; style login and password pair, or a PAP or CHAP
+ Your login namelogin name and passwordpassword. (Either a
+ regular &unix;UNIX style login and password pair, or a
+ PAPPAP or CHAPCHAP
login and password pair.)
-
- nameserver
-
-
- The IP address of one or more name servers.
+ The IP address of one or more name serversnameserver.
Normally, you will be given two IP addresses by your ISP to
use for this. If they have not given you at least one, then
you can use the enable dns command in
ppp.conf and
ppp will set the name servers for
you. This feature depends on your ISPs PPP implementation
supporting DNS negotiation.
The following information may be supplied by your ISP, but
is not completely necessary:
The IP address of your ISP's gateway. The gateway is
the machine to which you will connect and will be set up as
your default route. If you do not have
this information, we can make one up and your ISP's PPP
server will tell us the correct value when we connect.
This IP number is referred to as
HISADDR by
ppp.
The netmask you should use. If your ISP has not
provided you with one, you can safely use 255.255.255.255.
-
- static IP address
-
-
- If your ISP provides you with a static IP address and
+ If your ISP provides you with a static IP addressstatic IP address and
hostname, you can enter it. Otherwise, we simply let the
peer assign whatever IP address it sees fit.
If you do not have any of the required information, contact
your ISP.
Throughout this section, many of the examples showing
the contents of configuration files are numbered by line.
These numbers serve to aid in the presentation and
discussion only and are not meant to be placed in the actual
file. Proper indentation with tab and space characters is
also important.
Creating PPP Device Nodes
PPPcreating device nodes
Under normal circumstances, most users will only need
one tun device
(/dev/tun0). References to
tun0 below may be changed to
tunN
where N is any unit number
corresponding to your system.
For FreeBSD installations that do not have &man.devfs.5; enabled
(FreeBSD 4.X and earlier), the existence of the
tun0 device should be verified (this is not
necessary if &man.devfs.5; is enabled as device nodes will be created
on demand).
The easiest way to make sure that the
tun0 device is configured correctly
is to remake the device. To remake the device, do the
following:
&prompt.root; cd /dev
&prompt.root; sh MAKEDEV tun0
If you need 16 tunnel devices in your kernel, you will need
to create them. This can be done by executing the following
commands:
&prompt.root; cd /dev
&prompt.root; sh MAKEDEV tun15
Automatic PPP Configuration
PPPconfiguration
Both ppp and pppd
(the kernel level implementation of PPP) use the configuration
files located in the /etc/ppp directory.
Examples for user ppp can be found in
/usr/share/examples/ppp/.
Configuring ppp requires that you edit a
number of files, depending on your requirements. What you put
in them depends to some extent on whether your ISP allocates IP
addresses statically (i.e., you get given one IP address, and
always use that one) or dynamically (i.e., your IP address
changes each time you connect to your ISP).
PPP and Static IP Addresses
PPPwith static IP addresses
You will need to edit the
/etc/ppp/ppp.conf configuration file. It
should look similar to the example below.
Lines that end in a : start in
the first column (beginning of the line)— all other
lines should be indented as shown using spaces or
tabs.
1 default:
2 set log Phase Chat LCP IPCP CCP tun command
3 ident user-ppp VERSION (built COMPILATIONDATE)
4 set device /dev/cuaa0
5 set speed 115200
6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
8 set timeout 180
9 enable dns
10
11 provider:
12 set phone "(123) 456 7890"
13 set authname foo
14 set authkey bar
15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp"
16 set timeout 300
17 set ifaddr x.x.x.x y.y.y.y 255.255.255.255 0.0.0.0
18 add default HISADDR
Line 1:
Identifies the default entry. Commands in this
entry are executed automatically when ppp is run.
Line 2:
Enables logging parameters. When the configuration
is working satisfactorily, this line should be reduced
to saying
set log phase tun
in order to avoid excessive log file sizes.
Line 3:
Tells PPP how to identify itself to the peer.
PPP identifies itself to the peer if it has any trouble
negotiating and setting up the link, providing information
that the peers administrator may find useful when
investigating such problems.
Line 4:
Identifies the device to which the modem is
connected. COM1 is
/dev/cuaa0 and
COM2 is
/dev/cuaa1.
Line 5:
Sets the speed you want to connect at. If 115200
does not work (it should with any reasonably new modem),
try 38400 instead.
Line 6 & 7:
- PPPuser PPP
-
- The dial string. User PPP uses an expect-send
+ The dial string. User PPPPPPuser PPP uses an expect-send
syntax similar to the &man.chat.8; program. Refer to
the manual page for information on the features of this
language.
Note that this command continues onto the next line
for readability. Any command in
ppp.conf may do this if the last
character on the line is a ``\'' character.
Line 8:
Sets the idle timeout for the link. 180 seconds
is the default, so this line is purely cosmetic.
Line 9:
Tells PPP to ask the peer to confirm the local
resolver settings. If you run a local name server, this
line should be commented out or removed.
Line 10:
A blank line for readability. Blank lines are ignored
by PPP.
Line 11:
Identifies an entry for a provider called
provider
. This could be changed
to the name of your ISP so
that later you can use the
to start the connection.
Line 12:
Sets the phone number for this provider. Multiple
phone numbers may be specified using the colon
(:) or pipe character
(|)as a separator. The difference
between the two separators is described in &man.ppp.8;.
To summarize, if you want to rotate through the numbers,
use a colon. If you want to always attempt to dial the
first number first and only use the other numbers if the
first number fails, use the pipe character. Always
quote the entire set of phone numbers as shown.
You must enclose the phone number in quotation marks
(") if there is any intention on using
spaces in the phone number. This can cause a simple, yet
subtle error.
Line 13 & 14:
Identifies the user name and password. When
connecting using a &unix; style login prompt, these
values are referred to by the set
login command using the \U and \P
variables. When connecting using PAP or CHAP, these
values are used at authentication time.
Line 15:
- PAP
- CHAP
If you are using PAP or CHAP, there will be no login
at this point, and this line should be commented out or
- removed. See PAP and CHAP
+ removed. See PAPPAP and CHAPCHAP
authentication for further details.
The login string is of the same chat-like syntax as
the dial string. In this example, the string works for
a service whose login session looks like this:
J. Random Provider
login: foo
password: bar
protocol: ppp
You will need to alter this script to suit your
own needs. When you write this script for the first
time, you should ensure that you have enabled
chat
logging so you can determine if
the conversation is going as expected.
Line 16:
- timeout
-
- Sets the default idle timeout (in seconds) for the
+ Sets the default idle timeouttimeout (in seconds) for the
connection. Here, the connection will be closed
automatically after 300 seconds of inactivity. If you
never want to timeout, set this value to zero or use
the command line switch.
Line 17:
- ISP
-
Sets the interface addresses. The string
x.x.x.x should be
replaced by the IP address that your provider has
allocated to you. The string
y.y.y.y should be
replaced by the IP address that your ISP indicated
for their gateway (the machine to which you
- connect). If your ISP has not given you a gateway
+ connect). If your ISPISP has not given you a gateway
address, use 10.0.0.2/0. If you need to
use a guessed
address, make sure that
you create an entry in
/etc/ppp/ppp.linkup as per the
instructions for PPP and Dynamic IP
addresses. If this line is omitted,
ppp cannot run in
mode.
Line 18:
Adds a default route to your ISP's gateway. The
special word HISADDR is replaced with
the gateway address specified on line 17. It is
important that this line appears after line 17,
otherwise HISADDR will not yet be
initialized.
If you do not wish to run ppp in ,
this line should be moved to the
ppp.linkup file.
It is not necessary to add an entry to
ppp.linkup when you have a static IP
address and are running ppp in mode as your
routing table entries are already correct before you connect.
You may however wish to create an entry to invoke programs after
connection. This is explained later with the sendmail
example.
Example configuration files can be found in the
/usr/share/examples/ppp/ directory.
PPP and Dynamic IP Addresses
PPPwith dynamic IP addresses
IPCP
If your service provider does not assign static IP
addresses, ppp can be configured to
negotiate the local and remote addresses. This is done by
guessing
an IP address and allowing
ppp to set it up correctly using the IP
Configuration Protocol (IPCP) after connecting. The
ppp.conf configuration is the same as
PPP and Static IP
Addresses, with the following change:
17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255
Again, do not include the line number, it is just for
reference. Indentation of at least one space is
required.
Line 17:
The number after the / character
is the number of bits of the address that ppp will
insist on. You may wish to use IP numbers more
appropriate to your circumstances, but the above example
will always work.
The last argument (0.0.0.0) tells
PPP to start negotiations using address 0.0.0.0 rather than 10.0.0.1 and is necessary for some
ISPs. Do not use 0.0.0.0 as the first
argument to set ifaddr as it prevents
PPP from setting up an initial route in
mode.
If you are not running in mode, you
will need to create an entry in
/etc/ppp/ppp.linkup.
ppp.linkup is used after a connection has
been established. At this point, ppp will
have assigned the interface addresses and it will now be
possible to add the routing table entries:
1 provider:
2 add default HISADDR
Line 1:
On establishing a connection,
ppp will look for an entry in
ppp.linkup according to the
following rules: First, try to match the same label
as we used in ppp.conf. If
that fails, look for an entry for the IP address of
our gateway. This entry is a four-octet IP style
label. If we still have not found an entry, look
for the MYADDR entry.
Line 2:
This line tells ppp to add a
default route that points to
HISADDR.
HISADDR will be replaced with the
IP number of the gateway as negotiated by the
IPCP.
See the pmdemand entry in the files
/usr/share/examples/ppp/ppp.conf.sample
and
/usr/share/examples/ppp/ppp.linkup.sample
for a detailed example.
Receiving Incoming Calls
PPPreceiving
incoming calls
When you configure ppp to
receive incoming calls on a machine connected to a LAN, you
must decide if you wish to forward packets to the LAN. If you
do, you should allocate the peer an IP number from your LAN's
subnet, and use the command enable proxy in
your /etc/ppp/ppp.conf file. You should
also confirm that the /etc/rc.conf file
contains the following:
gateway_enable="YES"
Which getty?
Configuring FreeBSD for Dial-up
Services provides a good description on enabling
dial-up services using &man.getty.8;.
An alternative to getty is mgetty,
a smarter version of getty designed
with dial-up lines in mind.
The advantages of using mgetty is
that it actively talks to modems,
meaning if port is turned off in
/etc/ttys then your modem will not answer
the phone.
Later versions of mgetty (from
0.99beta onwards) also support the automatic detection of
PPP streams, allowing your clients script-less access to
your server.
Refer to Mgetty and
AutoPPP for more information on
mgetty.
PPP Permissions
The ppp command must normally be
run as the root user. If however,
you wish to allow ppp to run in
server mode as a normal user by executing
ppp as described below, that user
must be given permission to run ppp
by adding them to the network group
in /etc/group.
You will also need to give them access to one or more
sections of the configuration file using the
allow command:
allow users fred mary
If this command is used in the default
section, it gives the specified users access to
everything.
PPP Shells for Dynamic-IP Users
PPP shells
Create a file called
/etc/ppp/ppp-shell containing the
following:
#!/bin/sh
IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'`
CALLEDAS="$IDENT"
TTY=`tty`
if [ x$IDENT = xdialup ]; then
IDENT=`basename $TTY`
fi
echo "PPP for $CALLEDAS on $TTY"
echo "Starting PPP for $IDENT"
exec /usr/sbin/ppp -direct $IDENT
This script should be executable. Now make a symbolic
link called ppp-dialup to this script
using the following commands:
&prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialup
You should use this script as the
shell for all of your dialup users.
This is an example from /etc/passwd
for a dialup PPP user with username
pchilds (remember do not directly edit
the password file, use &man.vipw.8;).
pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup
Create a /home/ppp directory that
is world readable containing the following 0 byte
files:
-r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin
-r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts
which prevents /etc/motd from being
displayed.
PPP Shells for Static-IP Users
PPP shells
Create the ppp-shell file as above,
and for each account with statically assigned IPs create a
symbolic link to ppp-shell.
For example, if you have three dialup customers,
fred, sam, and
mary, that you route class C networks
for, you would type the following:
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam
&prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary
Each of these users dialup accounts should have their
shell set to the symbolic link created above (for example,
mary's shell should be
/etc/ppp/ppp-mary).
Setting Up ppp.conf for Dynamic-IP Users
The /etc/ppp/ppp.conf file should
contain something along the lines of:
default:
set debug phase lcp chat
set timeout 0
ttyd0:
set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255
enable proxy
ttyd1:
set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255
enable proxy
The indenting is important.
The default: section is loaded for
each session. For each dialup line enabled in
/etc/ttys create an entry similar to
the one for ttyd0: above. Each line
should get a unique IP address from your pool of IP
addresses for dynamic users.
Setting Up ppp.conf for Static-IP
Users
Along with the contents of the sample
/usr/share/examples/ppp/ppp.conf
above you should add a section for each of the
statically assigned dialup users. We will continue with
our fred, sam,
and mary example.
fred:
set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255
sam:
set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255
mary:
set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255
The file /etc/ppp/ppp.linkup
should also contain routing information for each static
IP user if required. The line below would add a route
for the 203.14.101.0
class C via the client's ppp link.
fred:
add 203.14.101.0 netmask 255.255.255.0 HISADDR
sam:
add 203.14.102.0 netmask 255.255.255.0 HISADDR
mary:
add 203.14.103.0 netmask 255.255.255.0 HISADDR
mgetty and AutoPPP
mgetty
AutoPPP
LCP
Configuring and compiling mgetty
with the AUTO_PPP option enabled
allows mgetty to detect the LCP phase
of PPP connections and automatically spawn off a ppp
shell. However, since the default login/password
sequence does not occur it is necessary to authenticate
users using either PAP or CHAP.
This section assumes the user has successfully
configured, compiled, and installed a version of
mgetty with the
AUTO_PPP option (v0.99beta or
later).
Make sure your
/usr/local/etc/mgetty+sendfax/login.config
file has the following in it:
/AutoPPP/ - - /etc/ppp/ppp-pap-dialup
This will tell mgetty to run the
ppp-pap-dialup script for detected
PPP connections.
Create a file called
/etc/ppp/ppp-pap-dialup containing the
following (the file should be executable):
#!/bin/sh
exec /usr/sbin/ppp -direct pap$IDENT
For each dialup line enabled in
/etc/ttys, create a corresponding entry
in /etc/ppp/ppp.conf. This will
happily co-exist with the definitions we created
above.
pap:
enable pap
set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40
enable proxy
Each user logging in with this method will need to have
a username/password in
/etc/ppp/ppp.secret file, or
alternatively add the following option to authenticate users
via PAP from the /etc/passwd file.
enable passwdauth
If you wish to assign some users a static IP number,
you can specify the number as the third argument in
/etc/ppp/ppp.secret. See
/usr/share/examples/ppp/ppp.secret.sample
for examples.
MS Extensions
DNS
NetBIOS
PPPMicrosoft extensions
It is possible to configure PPP to supply DNS and
NetBIOS nameserver addresses on demand.
To enable these extensions with PPP version 1.x, the
following lines might be added to the relevant section of
/etc/ppp/ppp.conf.
enable msext
set ns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
And for PPP version 2 and above:
accept dns
set dns 203.14.100.1 203.14.100.2
set nbns 203.14.100.5
This will tell the clients the primary and secondary
name server addresses, and a NetBIOS nameserver host.
In version 2 and above, if the
set dns line is omitted, PPP will use the
values found in /etc/resolv.conf.
PAP and CHAP Authentication
PAP
CHAP
Some ISPs set their system up so that the authentication
part of your connection is done using either of the PAP or
CHAP authentication mechanisms. If this is the case, your ISP
will not give a login: prompt when you
connect, but will start talking PPP immediately.
PAP is less secure than CHAP, but security is not normally
an issue here as passwords, although being sent as plain text
with PAP, are being transmitted down a serial line only.
There is not much room for crackers to
eavesdrop
.
Referring back to the PPP
and Static IP addresses or PPP and Dynamic IP addresses
sections, the following alterations must be made:
13 set authname MyUserName
14 set authkey MyPassword
15 set login
Line 13:
This line specifies your PAP/CHAP user name. You
will need to insert the correct value for
MyUserName.
Line 14:
- password
-
- This line specifies your PAP/CHAP password. You
+ This line specifies your PAP/CHAP passwordpassword. You
will need to insert the correct value for
MyPassword. You may want to
add an additional line, such as:
16 accept PAP
or
16 accept CHAP
to make it obvious that this is the intention, but
PAP and CHAP are both accepted by default.
Line 15:
Your ISP will not normally require that you log into
the server if you are using PAP or CHAP. You must
therefore disable your set login
string.
Changing Your ppp Configuration on the
Fly
It is possible to talk to the ppp
program while it is running in the background, but only if a
suitable diagnostic port has been set up. To do this, add the
following line to your configuration:
set server /var/run/ppp-tun%d DiagnosticPassword 0177
This will tell PPP to listen to the specified
&unix; domain socket, asking clients for the specified
password before allowing access. The
%d in the name is replaced with the
tun device number that is in
use.
Once a socket has been set up, the &man.pppctl.8;
program may be used in scripts that wish to manipulate the
running program.
Using PPP Network Address Translation Capability
PPPNAT
PPP has ability to use internal NAT without kernel diverting
capabilities. This functionality may be enabled by the following
line in /etc/ppp/ppp.conf:
nat enable yes
Alternatively, PPP NAT may be enabled by command-line
option -nat. There is also
/etc/rc.conf knob named
ppp_nat, which is enabled by default.
If you use this feature, you may also find useful
the following /etc/ppp/ppp.conf options
to enable incoming connections forwarding:
nat port tcp 10.0.0.2:ftp ftp
nat port tcp 10.0.0.2:http http
or do not trust the outside at all
nat deny_incoming yes
Final System Configuration
PPPconfiguration
You now have ppp configured, but there
are a few more things to do before it is ready to work. They
all involve editing the /etc/rc.conf
file.
Working from the top down in this file, make sure the
hostname= line is set, e.g.:
hostname="foo.example.com"
If your ISP has supplied you with a static IP address and
name, it is probably best that you use this name as your host
name.
Look for the network_interfaces variable.
If you want to configure your system to dial your ISP on demand,
make sure the tun0 device is added to
the list, otherwise remove it.
network_interfaces="lo0 tun0"
ifconfig_tun0=
The ifconfig_tun0 variable should be
empty, and a file called
/etc/start_if.tun0 should be created.
This file should contain the line:
ppp -auto mysystem
This script is executed at network configuration time,
starting your ppp daemon in automatic mode. If you have a LAN
for which this machine is a gateway, you may also wish to use
the switch. Refer to the manual page
for further details.
Make sure that the router program is set to NO with
the following line in your
/etc/rc.conf:
router_enable="NO"
routed
It is important that the routed daemon is
not started, as
routed tends to delete the default routing
table entries created by ppp.
It is probably worth your while ensuring that the
sendmail_flags line does not include the
option, otherwise
sendmail will attempt to do a network lookup
every now and then, possibly causing your machine to dial out.
You may try:
sendmail_flags="-bd"
sendmail
The downside of this is that you must force
sendmail to re-examine the mail queue
whenever the ppp link is up by typing:
&prompt.root; /usr/sbin/sendmail -q
You may wish to use the !bg command in
ppp.linkup to do this automatically:
1 provider:
2 delete ALL
3 add 0 0 HISADDR
4 !bg sendmail -bd -q30m
SMTP
If you do not like this, it is possible to set up a
dfilter
to block SMTP traffic. Refer to the
sample files for further details.
All that is left is to reboot the machine. After rebooting,
you can now either type:
&prompt.root; ppp
and then dial provider to start the PPP
session, or, if you want ppp to establish
sessions automatically when there is outbound traffic (and
you have not created the start_if.tun0
script), type:
&prompt.root; ppp -auto provider
Summary
To recap, the following steps are necessary when setting up
ppp for the first time:
Client side:
Ensure that the tun device is
built into your kernel.
Ensure that the
tunN device
file is available in the /dev
directory.
Create an entry in
/etc/ppp/ppp.conf. The
pmdemand example should suffice for
most ISPs.
If you have a dynamic IP address, create an entry in
/etc/ppp/ppp.linkup.
Update your /etc/rc.conf
file.
Create a start_if.tun0 script if
you require demand dialing.
Server side:
Ensure that the tun device is
built into your kernel.
Ensure that the
tunN device
file is available in the /dev
directory.
Create an entry in /etc/passwd
(using the &man.vipw.8; program).
Create a profile in this users home directory that runs
ppp -direct direct-server or
similar.
Create an entry in
/etc/ppp/ppp.conf. The
direct-server example should
suffice.
Create an entry in
/etc/ppp/ppp.linkup.
Update your /etc/rc.conf
file.
Gennady B.
Sorokopud
Parts originally contributed by
Robert
Huff
Using Kernel PPP
Setting Up Kernel PPP
PPPkernel PPP
Before you start setting up PPP on your machine, make sure
that pppd is located in
/usr/sbin and the directory
/etc/ppp exists.
pppd can work in two modes:
As a client
— you want to connect your
machine to the outside world via a PPP serial connection or
modem line.
- PPPserver
-
- As a server
— your machine is located on
+ As a server
PPPserver — your machine is located on
the network, and is used to connect other computers using
PPP.
In both cases you will need to set up an options file
(/etc/ppp/options or
~/.ppprc if you have more than one user on
your machine that uses PPP).
You will also need some modem/serial software (preferably
comms/kermit), so you can dial and
establish a connection with the remote host.
Trev
Roydhouse
Based on information provided by
Using pppd as a Client
PPPclient
Cisco
The following /etc/ppp/options might be
used to connect to a Cisco terminal server PPP line.
crtscts # enable hardware flow control
modem # modem control line
noipdefault # remote PPP server must supply your IP address
# if the remote host does not send your IP during IPCP
# negotiation, remove this option
passive # wait for LCP packets
domain ppp.foo.com # put your domain name here
:<remote_ip> # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be your
# default router
To connect:
Kermit
modem
Dial to the remote host using Kermit (or some other modem
program), and enter your user name and password (or whatever
is needed to enable PPP on the remote host).
Exit Kermit (without
hanging up the line).
Enter the following:
&prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty01 19200
Be sure to use the appropriate speed and device name.
Now your computer is connected with PPP. If the connection
fails, you can add the option to the
/etc/ppp/options file, and check console messages
to track the problem.
Following /etc/ppp/pppup script will make
all 3 stages automatic:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.dial
pppd /dev/tty01 19200
Kermit
/etc/ppp/kermit.dial is a Kermit
script that dials and makes all necessary authorization on the
remote host (an example of such a script is attached to the end
of this document).
Use the following /etc/ppp/pppdown script
to disconnect the PPP line:
#!/bin/sh
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill -TERM ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
/sbin/ifconfig ppp0 down
/sbin/ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.hup
/etc/ppp/ppptest
Check to see if pppd is still running by executing
/usr/etc/ppp/ppptest, which should look like
this:
#!/bin/sh
pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'`
if [ X${pid} != "X" ] ; then
echo 'pppd running: PID=' ${pid-NONE}
else
echo 'No pppd running.'
fi
set -x
netstat -n -I ppp0
ifconfig ppp0
To hang up the modem, execute
/etc/ppp/kermit.hup, which should
contain:
set line /dev/tty01 ; put your modem device here
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
echo \13
exit
Here is an alternate method using chat
instead of kermit:
The following two files are sufficient to accomplish a
pppd connection.
/etc/ppp/options:
/dev/cuaa1 115200
crtscts # enable hardware flow control
modem # modem control line
connect "/usr/bin/chat -f /etc/ppp/login.chat.script"
noipdefault # remote PPP serve must supply your IP address
# if the remote host doesn't send your IP during
# IPCP negotiation, remove this option
passive # wait for LCP packets
domain <your.domain> # put your domain name here
: # put the IP of remote PPP host here
# it will be used to route packets via PPP link
# if you didn't specified the noipdefault option
# change this line to <local_ip>:<remote_ip>
defaultroute # put this if you want that PPP server will be
# your default router
/etc/ppp/login.chat.script:
The following should go on a single line.
ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number>
CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id>
TIMEOUT 5 sword: <password>
Once these are installed and modified correctly, all you need
to do is run pppd, like so:
&prompt.root; pppd
Using pppd as a Server
/etc/ppp/options should contain something
similar to the following:
crtscts # Hardware flow control
netmask 255.255.255.0 # netmask (not required)
192.114.208.20:192.114.208.165 # IP's of local and remote hosts
# local ip must be different from one
# you assigned to the Ethernet (or other)
# interface on your machine.
# remote IP is IP address that will be
# assigned to the remote machine
domain ppp.foo.com # your domain
passive # wait for LCP
modem # modem line
The following /etc/ppp/pppserv script
will tell pppd to behave as a
server:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
# reset ppp interface
ifconfig ppp0 down
ifconfig ppp0 delete
# enable autoanswer mode
kermit -y /etc/ppp/kermit.ans
# run ppp
pppd /dev/tty01 19200
Use this /etc/ppp/pppservdown script to
stop the server:
#!/bin/sh
ps ax |grep pppd |grep -v grep
pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing pppd, PID=' ${pid}
kill ${pid}
fi
ps ax |grep kermit |grep -v grep
pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'`
if [ "X${pid}" != "X" ] ; then
echo 'killing kermit, PID=' ${pid}
kill -9 ${pid}
fi
ifconfig ppp0 down
ifconfig ppp0 delete
kermit -y /etc/ppp/kermit.noans
The following Kermit script
(/etc/ppp/kermit.ans) will enable/disable
autoanswer mode on your modem. It should look like this:
set line /dev/tty01
set speed 19200
set file type binary
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
pau 1
out +++
inp 5 OK
out ATH0\13
inp 5 OK
echo \13
out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable
; autoanswer mode
inp 5 OK
echo \13
exit
A script named /etc/ppp/kermit.dial is
used for dialing and authenticating on the remote host. You will
need to customize it for your needs. Put your login and password
in this script; you will also need to change the input statement
depending on responses from your modem and remote host.
;
; put the com line attached to the modem here:
;
set line /dev/tty01
;
; put the modem speed here:
;
set speed 19200
set file type binary ; full 8 bit file xfer
set file names literal
set win 8
set rec pack 1024
set send pack 1024
set block 3
set term bytesize 8
set command bytesize 8
set flow none
set modem hayes
set dial hangup off
set carrier auto ; Then SET CARRIER if necessary,
set dial display on ; Then SET DIAL if necessary,
set input echo on
set input timeout proceed
set input case ignore
def \%x 0 ; login prompt counter
goto slhup
:slcmd ; put the modem in command mode
echo Put the modem in command mode.
clear ; Clear unread characters from input buffer
pause 1
output +++ ; hayes escape sequence
input 1 OK\13\10 ; wait for OK
if success goto slhup
output \13
pause 1
output at\13
input 1 OK\13\10
if fail goto slcmd ; if modem doesn't answer OK, try again
:slhup ; hang up the phone
clear ; Clear unread characters from input buffer
pause 1
echo Hanging up the phone.
output ath0\13 ; hayes command for on hook
input 2 OK\13\10
if fail goto slcmd ; if no OK answer, put modem in command mode
:sldial ; dial the number
pause 1
echo Dialing.
output atdt9,550311\13\10 ; put phone number here
assign \%x 0 ; zero the time counter
:look
clear ; Clear unread characters from input buffer
increment \%x ; Count the seconds
input 1 {CONNECT }
if success goto sllogin
reinput 1 {NO CARRIER\13\10}
if success goto sldial
reinput 1 {NO DIALTONE\13\10}
if success goto slnodial
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 60 goto look
else goto slhup
:sllogin ; login
assign \%x 0 ; zero the time counter
pause 1
echo Looking for login prompt.
:slloop
increment \%x ; Count the seconds
clear ; Clear unread characters from input buffer
output \13
;
; put your expected login prompt here:
;
input 1 {Username: }
if success goto sluid
reinput 1 {\255}
if success goto slhup
reinput 1 {\127}
if success goto slhup
if < \%x 10 goto slloop ; try 10 times to get a login prompt
else goto slhup ; hang up and start again if 10 failures
:sluid
;
; put your userid here:
;
output ppp-login\13
input 1 {Password: }
;
; put your password here:
;
output ppp-password\13
input 1 {Entering SLIP mode.}
echo
quit
:slnodial
echo \7No dialtone. Check the telephone line!\7
exit 1
; local variables:
; mode: csh
; comment-start: "; "
; comment-start-skip: "; "
; end:
Tom
Rhodes
Contributed by
Troubleshooting PPP Connections
PPPtroubleshooting
This section covers a few issues which may arise when
using PPP over a modem connection. For instance, perhaps you
need to know exactly what prompts the system you are dialing
into will present. Some ISPs present the
ssword prompt, and others will present
password; if the ppp
script is not written accordingly, the login attempt will
fail. The most common way to debug ppp
connections is by connecting manually. The following
information will walk you through a manual connection step by
step.
Check the Device Nodes
If you reconfigured your kernel then you recall the
sio device. If you did not
configure your kernel, there is no reason to worry. Just
check the dmesg output for the modem
device with:
&prompt.root; dmesg | grep sio
You should get some pertinent output about the
sio devices. These are the COM
ports we need. If your modem acts like a standard serial
port then you should see it listed on
sio1, or COM2. If so, you are not
required to rebuild the kernel, you just need to make the
serial device. You can do this by changing your directory
to /dev and running the
MAKEDEV script like above. Now make
the serial devices with:
&prompt.root; sh MAKEDEV cuaa0 cuaa1 cuaa2 cuaa3
which will create the serial devices for your system.
When matching up sio modem is on sio1 or
COM2 if you are in DOS, then your
modem device would be /dev/cuaa1.
Connecting Manually
Connecting to the Internet by manually controlling
ppp is quick, easy, and a great way to
debug a connection or just get information on how your
ISP treats ppp client
connections. Lets start PPP from
the command line. Note that in all of our examples we will
use example as the hostname of the
machine running PPP. You start
ppp by just typing
ppp:
&prompt.root; ppp
We have now started ppp.
ppp ON example> set device /dev/cuaa1
We set our modem device, in this case it is
cuaa1.
ppp ON example> set speed 115200
Set the connection speed, in this case we
are using 115,200 kbps.
ppp ON example> enable dns
Tell ppp to configure our
resolver and add the nameserver lines to
/etc/resolv.conf. If ppp
cannot determine our hostname, we can set one manually later.
ppp ON example> term
Switch to terminal
mode so that we can manually
control the modem.
deflink: Entering terminal mode on /dev/cuaa1
type '~h' for help
at
OK
atdt123456789
Use at to initialize the modem,
then use atdt and the number for your
ISP to begin the dial in process.
CONNECT
Confirmation of the connection, if we are going to have
any connection problems, unrelated to hardware, here is where
we will attempt to resolve them.
ISP Login:myusername
Here you are prompted for a username, return the
prompt with the username that was provided by the
ISP.
ISP Pass:mypassword
This time we are prompted for a password, just
reply with the password that was provided by the
ISP. Just like logging into
&os;, the password will not echo.
Shell or PPP:ppp
Depending on your ISP this prompt
may never appear. Here we are being asked if we wish to
use a shell on the provider, or to start
ppp. In this example, we have chosen
to use ppp as we want an Internet
connection.
Ppp ON example>
Notice that in this example the first
has been capitalized. This shows that we have successfully
connected to the ISP.
PPp ON example>
We have successfully authenticated with our
ISP and are waiting for the
assigned IP address.
PPP ON example>
We have made an agreement on an IP
address and successfully completed our connection.
PPP ON example>add default HISADDR
Here we add our default route, we need to do this before
we can talk to the outside world as currently the only
established connection is with the peer. If this fails due to
existing routes you can put a bang character
! in front of the .
Alternatively, you can set this before making the actual
connection and it will negotiate a new route
accordingly.
If everything went good we should now have an active
connection to the Internet, which could be thrown into the
background using CTRL
z If you notice the
PPP return to ppp then
we have lost our connection. This is good to know because it
shows our connection status. Capital P's show that we have a
connection to the ISP and lowercase p's
show that the connection has been lost for whatever reason.
ppp only has these 2 states.
Debugging
If you have a direct line and cannot seem to make a
connection, then turn hardware flow
CTS/RTS to off with the . This is mainly the case if you are
connected to some PPP capable
terminal servers, where PPP hangs
when it tries to write data to your communication link, so
it would be waiting for a CTS, or Clear
To Send signal which may never come. If you use this option
however, you should also use the
option, which may be required to defeat hardware dependent
on passing certain characters from end to end, most of the
time XON/XOFF. See the &man.ppp.8; manual page for more
information on this option, and how it is used.
If you have an older modem, you may need to use the
. Parity is set at none
be default, but is used for error checking (with a large
increase in traffic) on older modems and some
ISPs. You may need this option for
the Compuserve ISP.
PPP may not return to the
command mode, which is usually a negotiation error where
the ISP is waiting for your side to start
negotiating. At this point, using the ~p
command will force ppp to start sending the configuration
information.
If you never obtain a login prompt, then most likely you
need to use PAP or
CHAP authentication instead of the
&unix; style in the example above. To use
PAP or CHAP just add
the following options to PPP
before going into terminal mode:
ppp ON example> set authname myusername
Where myusername should be
replaced with the username that was assigned by the
ISP.
ppp ON example> set authkey mypassword
Where mypassword should be
replaced with the password that was assigned by the
ISP.
If you connect fine, but cannot seem to find any domain
name, try to use &man.ping.8; with an IP
address and see if you can get any return information. If
you experience 100 percent (100%) packet loss, then it is most
likely that you were not assigned a default route. Double
check that the option
was set during the connection. If you can connect to a
remote IP address then it is possible
that a resolver address has not been added to the
/etc/resolv.conf. This file should
look like:
domain example.com
nameserver x.x.x.x
nameserver y.y.y.y
Where x.x.x.x and
y.y.y.y should be replaced with
the IP address of your
ISP's DNS servers. This information may
or may not have been provided when you signed up, but a
quick call to your ISP should remedy
that.
You could also have &man.syslog.3; provide a logging
function for your PPP connection.
Just add:
!ppp
*.* /var/log/ppp.log
to /etc/syslog.conf. In most cases, this
functionality already exists.
Jim
Mock
Contributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by
Using PPP over Ethernet (PPPoE)
PPPover Ethernet
PPPoE
PPP, over Ethernet
This section describes how to set up PPP over Ethernet
(PPPoE).
Configuring the Kernel
No kernel configuration is necessary for PPPoE any longer. If
the necessary netgraph support is not built into the kernel, it will
be dynamically loaded by ppp.
Setting Up ppp.conf
Here is an example of a working
ppp.conf:
default:
set log Phase tun command # you can add more detailed logging if you wish
set ifaddr 10.0.0.1/0 10.0.0.2/0
name_of_service_provider:
set device PPPoE:xl1 # replace xl1 with your Ethernet device
set authname YOURLOGINNAME
set authkey YOURPASSWORD
set dial
set login
add default HISADDR
Running ppp
As root, you can run:
&prompt.root; ppp -ddial name_of_service_provider
Starting ppp at Boot
Add the following to your /etc/rc.conf
file:
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO
ppp_profile="name_of_service_provider"
Using a PPPoE Service Tag
Sometimes it will be necessary to use a service tag to establish
your connection. Service tags are used to distinguish between
different PPPoE servers attached to a given network.
You should have been given any required service tag information
in the documentation provided by your ISP. If you cannot locate
it there, ask your ISP's tech support personnel.
As a last resort, you could try the method suggested by the
Roaring Penguin
PPPoE program which can be found in the Ports Collection. Bear in mind however,
this may de-program your modem and render it useless, so
think twice before doing it. Simply install the program shipped
with the modem by your provider. Then, access the
System menu from the program. The name of your
profile should be listed there. It is usually
ISP.
The profile name (service tag) will be used in the PPPoE
configuration entry in ppp.conf as the provider
part of the set device command (see the &man.ppp.8;
manual page for full details). It should look like this:
set device PPPoE:xl1:ISP
Do not forget to change xl1
to the proper device for your Ethernet card.
Do not forget to change ISP
to the profile you have just found above.
For additional information, see:
Cheaper
Broadband with FreeBSD on DSL by Renaud
Waldura.
Nutzung von T-DSL und T-Online mit FreeBSD
by Udo Erdelhoff (in German).
PPPoE with a &tm.3com; HomeConnect ADSL Modem Dual Link
This modem does not follow RFC 2516
(A Method for transmitting PPP over Ethernet
(PPPoE), written by L. Mamakos, K. Lidl, J. Evarts,
D. Carrel, D. Simone, and R. Wheeler). Instead, different packet
type codes have been used for the Ethernet frames. Please complain
to 3Com if you think it
should comply with the PPPoE specification.
In order to make FreeBSD capable of communicating with this
device, a sysctl must be set. This can be done automatically at
boot time by updating /etc/sysctl.conf:
net.graph.nonstandard_pppoe=1
or can be done immediately with the command:
&prompt.root; sysctl net.graph.nonstandard_pppoe=1
Unfortunately, because this is a system-wide setting, it is
not possible to talk to a normal PPPoE client or server and a
&tm.3com; HomeConnect ADSL Modem at the same time.
Using PPP over ATM (PPPoA)
PPPover ATM
PPPoA
PPP, over ATM
The following describes how to set up PPP over ATM (PPPoA).
PPPoA is a popular choice among European DSL providers.
Using PPPoA with the Alcatel &speedtouch; USB
PPPoA support for this device is supplied as a port in
FreeBSD because the firmware is distributed under Alcatel's
license agreement and can not be redistributed freely
with the base system of FreeBSD.
To install the software, simply use the Ports Collection. Install the
net/pppoa port and follow the
instructions provided with it.
Like many USB devices, the Alcatel &speedtouch; USB needs to
download firmware from the host computer to operate properly.
It is possible to automate this process in &os; so that this
transfer takes place whenever the device is plugged into a USB
port. The following information can be added to the
/etc/usbd.conf file to enable this
automatic firmware transfer. This file must be edited as the
root user.
device "Alcatel SpeedTouch USB"
devname "ugen[0-9]+"
vendor 0x06b9
product 0x4061
attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o"
To enable the USB daemon, usbd,
put the following the line into
/etc/rc.conf:
usbd_enable="YES"
It is also possible to set up
ppp to dial up at startup. To do
this add the following lines to
/etc/rc.conf. Again, for this procedure
you will need to be logged in as the root
user.
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="adsl"
For this to work correctly you will need to have used the
sample ppp.conf which is supplied with the
net/pppoa port.
Using mpd
You can use mpd to connect to a
variety of services, in particular PPTP services. You can find
mpd in the Ports Collection,
net/mpd. Many ADSL modems
require that a PPTP tunnel is created between the modem and
computer, one such modem is the Alcatel &speedtouch;
Home.
First you must install the port, and then you can
configure mpd to suit your
requirements and provider settings. The port places a set of
sample configuration files which are well documented in
PREFIX/etc/mpd/.
Note here that PREFIX means the directory
into which your ports are installed, this defaults to
/usr/local/. A complete guide to
configure mpd is available in
HTML format once the port has been installed. It is placed in
PREFIX/share/doc/mpd/.
Here is a sample configuration for connecting to an ADSL
service with mpd. The configuration
is spread over two files, first the
mpd.conf:
default:
load adsl
adsl:
new -i ng0 adsl adsl
set bundle authname username
set bundle password password
set bundle disable multilink
set link no pap acfcomp protocomp
set link disable chap
set link accept chap
set link keep-alive 30 10
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface route default
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
open
The username used to authenticate with your ISP.
The password used to authenticate with your ISP.
The mpd.links file contains information about
the link, or links, you wish to establish. An example
mpd.links to accompany the above example is given
beneath:
adsl:
set link type pptp
set pptp mode active
set pptp enable originate outcall
set pptp self 10.0.0.1
set pptp peer 10.0.0.138
The IP address of your &os; computer which you will be
using mpd from.
The IP address of your ADSL modem. For the Alcatel
&speedtouch; Home this address defaults to 10.0.0.138.
It is possible to initialize the connection easily by issuing the
following command as root:
&prompt.root; mpd -b adsl
You can see the status of the connection with the following
command:
&prompt.user; ifconfig ng0
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500
inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff
Using mpd is the recommended way to
connect to an ADSL service with &os;.
Using pptpclient
It is also possible to use FreeBSD to connect to other PPPoA
services using
net/pptpclient.
To use net/pptpclient to
connect to a DSL service, install the port or package and edit your
/etc/ppp/ppp.conf. You will need to be
root to perform both of these operations. An
example section of ppp.conf is given
below. For further information on ppp.conf
options consult the ppp manual page,
&man.ppp.8;.
adsl:
set log phase chat lcp ipcp ccp tun command
set timeout 0
enable dns
set authname username
set authkey password
set ifaddr 0 0
add default HISADDR
The username of your account with the DSL provider.
The password for your account.
Because you must put your account's password in the
ppp.conf file in plain text form you should
make sure than nobody can read the contents of this file. The
following series of commands will make sure the file is only
readable by the root account. Refer to the
manual pages for &man.chmod.1; and &man.chown.8; for further
information.
&prompt.root; chown root:wheel /etc/ppp/ppp.conf
&prompt.root; chmod 600 /etc/ppp/ppp.conf
This will open a tunnel for a PPP session to your DSL router.
Ethernet DSL modems have a preconfigured LAN IP address which you
connect to. In the case of the Alcatel &speedtouch; Home this address is
10.0.0.138. Your router documentation
should tell you which address your device uses. To open the tunnel and
start a PPP session execute the following
command:
&prompt.root; pptp address adsl
You may wish to add an ampersand (&
) to the
end of the previous command because pptp
will not return your prompt to you otherwise.
A tun virtual tunnel device will be
created for interaction between the pptp
and ppp processes. Once you have been
returned to your prompt, or the pptp
process has confirmed a connection you can examine the tunnel like
so:
&prompt.user; ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00
Opened by PID 918
If you are unable to connect, check the configuration of
your router, which is usually accessible via
telnet or with a web browser. If you still
cannot connect you should examine the output of the
pptp command and the contents of the
ppp log file,
/var/log/ppp.log for clues.
Satoshi
Asami
Originally contributed by
Guy
Helmer
With input from
Piero
Serini
Using SLIP
SLIP
Setting Up a SLIP Client
SLIPclient
The following is one way to set up a FreeBSD machine for SLIP
on a static host network. For dynamic hostname assignments (your
address changes each time you dial up), you probably need to
have a more complex setup.
First, determine which serial port your modem is connected to.
Many people set up a symbolic link, such as
/dev/modem, to point to the real device name,
/dev/cuaaN (or /dev/cuadN under &os; 6.X). This allows you to
abstract the actual device name should you ever need to move
the modem to a different port. It can become quite cumbersome when you
need to fix a bunch of files in /etc and
.kermrc files all over the system!
/dev/cuaa0 (or /dev/cuad0 under &os; 6.X) is
COM1, cuaa1 (or /dev/cuad1) is
COM2, etc.
Make sure you have the following in your kernel configuration
file:
device sl
Under &os; 4.X, use instead the following
line:
pseudo-device sl 1
It is included in the GENERIC kernel, so
this should not be a problem unless you have deleted it.
Things You Have to Do Only Once
Add your home machine, the gateway and nameservers to
your /etc/hosts file. Ours looks like
this:
127.0.0.1 localhost loghost
136.152.64.181 water.CS.Example.EDU water.CS water
136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway
128.32.136.9 ns1.Example.EDU ns1
128.32.136.12 ns2.Example.EDU ns2
Make sure you have hosts before
bind in your
/etc/host.conf on FreeBSD versions
prior to 5.0. Since FreeBSD 5.0, the system uses
the file /etc/nsswitch.conf instead,
make sure you have files before
dns in the line
of this file. Without these parameters funny
things may happen.
Edit the /etc/rc.conf file.
Set your hostname by editing the line that
says:
hostname="myname.my.domain"
Your machine's full Internet hostname should be
placed here.
default route
- Designate the default router by changing the
+ Designate the default routerdefault route by changing the
line:
defaultrouter="NO"
to:
defaultrouter="slip-gateway"
Make a file /etc/resolv.conf which
contains:
domain CS.Example.EDU
nameserver 128.32.136.9
nameserver 128.32.136.12
nameserver
domain name
As you can see, these set up the nameserver hosts. Of
course, the actual domain names and addresses depend on your
environment.
Set the password for root and
toor (and any other
accounts that do not have a password).
Reboot your machine and make sure it comes up with the
correct hostname.
Making a SLIP Connection
SLIPconnecting with
Dial up, type slip at the prompt,
enter your machine name and password. What is required to
be entered depends on your environment. If you use
Kermit, you can try a script like this:
# kermit setup
set modem hayes
set line /dev/modem
set speed 115200
set parity none
set flow rts/cts
set terminal bytesize 8
set file type binary
# The next macro will dial up and login
define slip dial 643-9600, input 10 =>, if failure stop, -
output slip\x0d, input 10 Username:, if failure stop, -
output silvia\x0d, input 10 Password:, if failure stop, -
output ***\x0d, echo \x0aCONNECTED\x0a
Of course, you have to change the username and password
to fit yours. After doing so, you can just type
slip from the Kermit prompt to
connect.
Leaving your password in plain text anywhere in the
filesystem is generally a bad idea.
Do it at your own risk.
Leave the Kermit there (you can suspend it by
Ctrl
z
) and as root, type:
&prompt.root; slattach -h -c -s 115200 /dev/modem
If you are able to ping hosts on the
other side of the router, you are connected! If it does not
work, you might want to try instead of
as an argument to
slattach.
How to Shutdown the Connection
Do the following:
&prompt.root; kill -INT `cat /var/run/slattach.modem.pid`
to kill slattach. Keep in mind you must be
root to do the above. Then go back to
kermit (by running fg if you suspended it) and
exit from
it (q).
The &man.slattach.8; manual page says you have
to use ifconfig sl0 down
to mark the interface down, but this does not
seem to make any difference.
(ifconfig sl0 reports the same thing.)
Some times, your modem might refuse to drop the carrier.
In that case, simply start kermit and quit
it again. It usually goes out on the second try.
Troubleshooting
If it does not work, feel free to ask on &a.net.name; mailing list. The things that
people tripped over so far:
Not using or in
slattach (This should not be fatal,
but some users have reported that this solves their
problems.)
Using instead of
(might be hard to see the difference on
some fonts).
Try ifconfig sl0 to see your
interface status. For example, you might get:
&prompt.root; ifconfig sl0
sl0: flags=10<POINTOPOINT>
inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00
If you get no route to host
messages from &man.ping.8;, there may be a problem with your
routing table. You can use the netstat -r
command to display the current routes :
&prompt.root; netstat -r
Routing tables
Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks:
(root node)
(root node)
Route Tree for Protocol Family inet:
(root node) =>
default inr-3.Example.EDU UG 8 224515 sl0 - -
localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438
inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - -
water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438
(root node)
The preceding examples are from a relatively busy system.
The numbers on your system will vary depending on
network activity.
Setting Up a SLIP Server
SLIPserver
This document provides suggestions for setting up SLIP Server
services on a FreeBSD system, which typically means configuring
your system to automatically startup connections upon login for
remote SLIP clients.
Prerequisites
TCP/IP networking
This section is very technical in nature, so background
knowledge is required. It is assumed that you are familiar with
the TCP/IP network protocol, and in particular, network and node
addressing, network address masks, subnetting, routing, and
routing protocols, such as RIP. Configuring SLIP services on a
dial-up server requires a knowledge of these concepts, and if
you are not familiar with them, please read a copy of either
Craig Hunt's TCP/IP Network Administration
published by O'Reilly & Associates, Inc. (ISBN Number
0-937175-82-X), or Douglas Comer's books on the TCP/IP
protocol.
modem
It is further assumed that you have already set up your
modem(s) and configured the appropriate system files to allow
logins through your modems. If you have not prepared your
system for this yet, please see for details on dialup services
configuration.
You may also want to check the manual pages for &man.sio.4; for
information on the serial port device driver and &man.ttys.5;,
&man.gettytab.5;, &man.getty.8;, & &man.init.8; for
information relevant to configuring the system to accept logins
on modems, and perhaps &man.stty.1; for information on setting
serial port parameters (such as clocal for
directly-connected serial interfaces).
Quick Overview
In its typical configuration, using FreeBSD as a SLIP server
works as follows: a SLIP user dials up your FreeBSD SLIP Server
system and logs in with a special SLIP login ID that uses
/usr/sbin/sliplogin as the special user's
shell. The sliplogin program browses the
file /etc/sliphome/slip.hosts to find a
matching line for the special user, and if it finds a match,
connects the serial line to an available SLIP interface and then
runs the shell script
/etc/sliphome/slip.login to configure the
SLIP interface.
An Example of a SLIP Server Login
For example, if a SLIP user ID were
Shelmerg, Shelmerg's
entry in /etc/master.passwd would look
something like this:
Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin
When Shelmerg logs in,
sliplogin will search
/etc/sliphome/slip.hosts for a line that
had a matching user ID; for example, there may be a line in
/etc/sliphome/slip.hosts that
reads:
Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
sliplogin will find that matching line,
hook the serial line into the next available SLIP interface,
and then execute /etc/sliphome/slip.login
like this:
/etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp
If all goes well,
/etc/sliphome/slip.login will issue an
ifconfig for the SLIP interface to which
sliplogin attached itself (SLIP interface
0, in the above example, which was the first parameter in the
list given to slip.login) to set the
local IP address (dc-slip), remote IP address
(sl-helmer), network mask for the SLIP
interface (0xfffffc00), and
any additional flags (autocomp). If
something goes wrong, sliplogin usually
logs good informational messages via the
syslogd daemon facility, which usually logs
to /var/log/messages (see the manual
pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps
check /etc/syslog.conf to see to what
syslogd is logging and where it is
logging to).
Kernel Configuration
kernelconfiguration
SLIP
&os;'s default kernel (GENERIC)
comes with SLIP (&man.sl.4;) support; in case of a custom
kernel, you have to add the following line to your kernel
configuration file:
device sl
Under &os; 4.X, use instead the following
line:
pseudo-device sl 2
The number at the end of the line is the maximum
number of SLIP connections that may be operating
simultaneously. Since &os; 5.0, the &man.sl.4;
driver is auto-cloning
.
By default, your &os; machine will not forward packets.
If you want your FreeBSD SLIP Server to act as a router, you
will have to edit the /etc/rc.conf file and
change the setting of the gateway_enable variable to
.
You will then need to reboot for the new settings to take
effect.
Please refer to on
Configuring the FreeBSD Kernel for help in
reconfiguring your kernel.
Sliplogin Configuration
As mentioned earlier, there are three files in the
/etc/sliphome directory that are part of
the configuration for /usr/sbin/sliplogin
(see &man.sliplogin.8; for the actual manual page for
sliplogin): slip.hosts,
which defines the SLIP users and their associated IP
addresses; slip.login, which usually just
configures the SLIP interface; and (optionally)
slip.logout, which undoes
slip.login's effects when the serial
connection is terminated.
slip.hosts Configuration
/etc/sliphome/slip.hosts contains
lines which have at least four items separated by
whitespace:
SLIP user's login ID
Local address (local to the SLIP server) of the SLIP
link
Remote address of the SLIP link
Network mask
The local and remote addresses may be host names
(resolved to IP addresses by
/etc/hosts or by the domain name
service, depending on your specifications in the file
/etc/nsswitch.conf,
or in /etc/host.conf
if you use FreeBSD 4.X), and the network mask may be
a name that can be resolved by a lookup into
/etc/networks. On a sample system,
/etc/sliphome/slip.hosts looks like
this:
#
# login local-addr remote-addr mask opt1 opt2
# (normal,compress,noicmp)
#
Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp
At the end of the line is one or more of the
options:
— no header
compression
— compress
headers
— compress headers if
the remote end allows it
— disable ICMP packets
(so any ping
packets will be dropped instead
of using up your bandwidth)
SLIP
TCP/IP networking
Your choice of local and remote addresses for your SLIP
links depends on whether you are going to dedicate a TCP/IP
subnet or if you are going to use proxy ARP
on
your SLIP server (it is not true
proxy ARP, but
that is the terminology used in this section to describe it).
If you are not sure which method to select or how to assign IP
addresses, please refer to the TCP/IP books referenced in
the SLIP Prerequisites ()
and/or consult your IP network manager.
If you are going to use a separate subnet for your SLIP
clients, you will need to allocate the subnet number out of
your assigned IP network number and assign each of your SLIP
client's IP numbers out of that subnet. Then, you will
probably need to configure a static route to the SLIP
subnet via your SLIP server on your nearest IP router.
Ethernet
Otherwise, if you will use the proxy ARP
method, you will need to assign your SLIP client's IP
addresses out of your SLIP server's Ethernet subnet, and you
will also need to adjust your
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout scripts to use
&man.arp.8; to manage the proxy-ARP entries in the SLIP
server's ARP table.
slip.login Configuration
The typical /etc/sliphome/slip.login
file looks like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
This slip.login file merely runs
ifconfig for the appropriate SLIP interface
with the local and remote addresses and network mask of the
SLIP interface.
If you have decided to use the proxy ARP
method (instead of using a separate subnet for your SLIP
clients), your /etc/sliphome/slip.login
file will need to look something like this:
#!/bin/sh -
#
# @(#)slip.login 5.1 (Berkeley) 7/1/90
#
# generic login file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 inet $4 $5 netmask $6
# Answer ARP requests for the SLIP client with our Ethernet addr
/usr/sbin/arp -s $5 00:11:22:33:44:55 pub
The additional line in this
slip.login, arp -s
$5 00:11:22:33:44:55 pub, creates an ARP entry
in the SLIP server's ARP table. This ARP entry causes the
SLIP server to respond with the SLIP server's Ethernet MAC
address whenever another IP node on the Ethernet asks to
speak to the SLIP client's IP address.
EthernetMAC address
When using the example above, be sure to replace the
Ethernet MAC address (00:11:22:33:44:55) with the MAC address of
your system's Ethernet card, or your proxy ARP
will definitely not work! You can discover your SLIP server's
Ethernet MAC address by looking at the results of running
netstat -i; the second line of the output
should look something like:
ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116
This indicates that this particular system's Ethernet MAC
address is 00:02:c1:28:5f:4a
— the periods in the Ethernet MAC address given by
netstat -i must be changed to colons and
leading zeros should be added to each single-digit hexadecimal
number to convert the address into the form that &man.arp.8;
desires; see the manual page on &man.arp.8; for complete
information on usage.
When you create
/etc/sliphome/slip.login and
/etc/sliphome/slip.logout, the
execute
bit (i.e., chmod 755
/etc/sliphome/slip.login /etc/sliphome/slip.logout)
must be set, or sliplogin will be unable
to execute it.
slip.logout Configuration
/etc/sliphome/slip.logout is not
strictly needed (unless you are implementing proxy
ARP
), but if you decide to create it, this is an
example of a basic
slip.logout script:
#!/bin/sh -
#
# slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
If you are using proxy ARP
, you will want to
have /etc/sliphome/slip.logout remove the
ARP entry for the SLIP client:
#!/bin/sh -
#
# @(#)slip.logout
#
# logout file for a slip line. sliplogin invokes this with
# the parameters:
# 1 2 3 4 5 6 7-n
# slipunit ttyspeed loginname local-addr remote-addr mask opt-args
#
/sbin/ifconfig sl$1 down
# Quit answering ARP requests for the SLIP client
/usr/sbin/arp -d $5
The arp -d $5 removes the ARP entry
that the proxy ARP
slip.login added when the SLIP client
logged in.
It bears repeating: make sure
/etc/sliphome/slip.logout has the execute
bit set after you create it (i.e., chmod 755
/etc/sliphome/slip.logout).
Routing Considerations
SLIP
routing
If you are not using the proxy ARP
method for
routing packets between your SLIP clients and the rest of your
network (and perhaps the Internet), you will probably
have to add static routes to your closest default router(s) to
route your SLIP clients subnet via your SLIP server.
Static Routes
static routes
Adding static routes to your nearest default routers
can be troublesome (or impossible if you do not have
authority to do so...). If you have a multiple-router
network in your organization, some routers, such as those
made by Cisco and Proteon, may not only need to be
configured with the static route to the SLIP subnet, but
also need to be told which static routes to tell other
routers about, so some expertise and
troubleshooting/tweaking may be necessary to get
static-route-based routing to work.
Running &gated;
&gated;
&gated; is proprietary software now and
will not be available as source code to the public anymore
(more info on the &gated; website). This
section only exists to ensure backwards compatibility for
those that are still using an older version.
An alternative to the headaches of static routes is to
install &gated; on your FreeBSD SLIP server
and configure it to use the appropriate routing protocols
(RIP/OSPF/BGP/EGP) to tell other routers about your SLIP
subnet.
You will need to write a /etc/gated.conf
file to configure your &gated;; here is a sample, similar to
what the author used on a FreeBSD SLIP server:
#
# gated configuration file for dc.dsu.edu; for gated version 3.5alpha5
# Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface
#
#
# tracing options
#
traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ;
rip yes {
interface sl noripout noripin ;
interface ed ripin ripout version 1 ;
traceoptions route ;
} ;
#
# Turn on a bunch of tracing info for the interface to the kernel:
kernel {
traceoptions remnants request routes info interface ;
} ;
#
# Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP
#
export proto rip interface ed {
proto direct {
xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections
} ;
} ;
#
# Accept routes from RIP via ed Ethernet interfaces
import proto rip interface ed {
all ;
} ;
RIP
The above sample gated.conf file
broadcasts routing information regarding the SLIP subnet
xxx.xxx.yy via RIP onto the
Ethernet; if you are using a different Ethernet driver than
the ed driver, you will need to
change the references to the ed
interface appropriately. This sample file also sets up
tracing to /var/tmp/gated.output for
debugging &gated;'s activity; you can
certainly turn off the tracing options if
&gated; works correctly for you. You will need to
change the xxx.xxx.yy's into the
network address of your own SLIP subnet (be sure to change the
net mask in the proto direct clause as
well).
Once you have installed and configured
&gated; on your system, you will need to
tell the FreeBSD startup scripts to run
&gated; in place of
routed. The easiest way to accomplish
this is to set the router and
router_flags variables in
/etc/rc.conf. Please see the manual
page for &gated; for information on
command-line parameters.
diff --git a/zh_TW.Big5/books/handbook/printing/chapter.xml b/zh_TW.Big5/books/handbook/printing/chapter.xml
index acec03c739..4e07ddb9f0 100644
--- a/zh_TW.Big5/books/handbook/printing/chapter.xml
+++ b/zh_TW.Big5/books/handbook/printing/chapter.xml
@@ -1,4834 +1,4803 @@
Sean
Kelly
Contributed by
Jim
Mock
Restructured and updated by
CL
z
LPD spooling system
LPD wĨt
printing
CL
FreeBSD iHMUU˪LftCLA
q̦ѪwL̷spgLSDA
zε{iHͥX~誺CLXC
]iH FreeBSD ]w@xCLAFoɭԪ FreeBSD
LqeӪCLu@A]AL FreeBSD qB&windows;
qH &macos; qC FreeBSD
|TOPɥu@bCLAӥBiHέpӨϥΪ̤ξLo̦hA
٦NOLXUӬO֪oD
C
ŪoAzNFѡG
p]w FreeBSD CLhuwijBzC
pw˦CLLoHOBzSCLu@A
]A⦬쪺ഫzLݱoCL榡C
FѦpbzCLɶKLXμDC
pQΧOxqWLCLC
pQΪbWLCLC
pLvA]ACLu@ɮפjpA
HΤ\SwϥΪ̦CLC
pOULέpơAHΦUbLϥζqC
pѨMCLɹJ쪺DC
b}l\ŪoeAzݭnJ
n]wBsĶ kernel ¦
()C
nb FreeBSD WϥΦLAzݭn]wn Berkeley
CLCLwĨtΡAS٬ LPD
CLwĨtΡAΪ̴NsL LPD aC
oO FreeBSD зǪLtΡA|Шñбzp]w
LPDC
pGzwg LPD
άOLCLwĨtΫܼxFA
ziH]wC
LPD ۥDWL@C
tdoǤu@G
κLϥΡC
- print jobs
-
- ϥΪ̥iHCLAeX٬u@C
+ ϥΪ̥iHCLAeX٬u@Cprint jobs
CxLdzƤ@CA
קKhӨϥΪ̦PɨϥΦP@xLC
CL header pages (S٬
banner or burst
pages)AKϥΪ̦bXȹhۤwCLC
ⱵbCWLqTѼƳ]wnC
QκǰeCLu@OxDW
LPDC
SOLo{NCLu@榡ƥHtXPCLyΦLC
έpLϥαpC
ǥѳ]w (/etc/printcap) HιLo{UA
ziHjhƪLtX LPD
FWzγ\C
ݭnϥΦhuwijBz
pGztάOӤHϥΡA
ݭnsvBCLDΪ̲έpϥαp\ɡA
zi|ıoܩ_ǬٻݭnhoӦhuwijBzC
MnLi檺A
LLצpz٬OݭnhuwijBzA]G
LPD iHbI (background)
CLAzݭnb䵥eLC
- &tex;
-
LPD iHܻPaιLoW[ /
- ɶάOSOɮ榡 (O &tex; DVI )
+ ɶάOSOɮ榡 (O &tex;&tex; DVI )
ഫLݱo榡AzݭnʥhoǨBJC
\hKOΰӷ~n鴣ѪCL\q`OMhuwijBzqC
zL]wwĨtΡA䴩z{άOYNnw˪LnNܱoeC
¦]w
nΦLft LPD
huwĨtΡAzݭnLoӵwH
LPD oMnC
UѤFⶥq]wG
\Ū ²L]w
ӾDzߦpsLBLM LPD
qHΦCL¤rC
\Ū iL]w
ӾDzߦpCLUدS榡BCLBCLB
LvHβέpϥΪpC
²L]w
`|iDzp]wL]ƩM
LPD nHϥΦLA
оǤeG
w]w
|ܦpNLWqsC
n]w
|ܽdpg LPD wľ]w
(/etc/printcap)C
pGznL]wCLƦӤOݪܡAаѦ
Lκƶǿ餶C
oӳ`Ms²L]w
A
ڤW٬OIC ̧xOALMqW
LPD wľ`B@C
@LiH`u@A
OLάOCLέpoǶi\NFC
w]w
`QצUسsL PC 覡C
o̷|줣PsMsuA
HάF FreeBSD MLqzi|ݭn}Ҫ֤߰ѼƵC
pGzwgLWqA
ӥBbL@~tΤW\CLLܡAiH
n]wC
sMƽu
ӤHqL@ӻXoTجɭG
-
- printers
- serial
-
- ǦC (Serial)
+ ǦC (Serial)printersserial
ɭAS٬ RS-232 COM A
αzqWǦCǰeƨLC
ǦCɭsxq~ɩұĥΡA
ҥHƽueoAn]wsuäxC
MӧǦCɭԷ|ݭnϥθSOƽuA
oɭԴNiݭn]w@ǸqTѼƤFC
j PC ǦC𪺶ǿt׳̰u 115200 bpsA
]QnΧǦCӦCLjϬOڪC
-
- printers
- parallel
-
-
- æC (Parallel)
+ æC (Parallel)printersparallel
ɭQιqæCNưeLC
æC RS-232 ǦC٧֡A]O@عq~ɱ`ΪɭC
oجɭƽuD`eoAOΤuyC
q`ӻæCɭèSqTѼƻݭnwA
ҥH]w_ӶWŮeC
-
- centronics
- parallel printers
-
- æCɭɭԤ]|Q٬ Centronics
+ æCɭɭԤ]|Q٬ Centronics
centronicsparallel printers
ɭAoOLYW١C
-
- printers
- USB
-
-
- USB ɭA]NOqΧǦCyơAǿtvæCɭάO
+ USBprintersUSB ɭA]NOqΧǦCyơAǿtvæCɭάO
RS-232 ǦCɭӱo֡AӥB USB ƽu¤SKyC
CLu@ӨAUSB RS-232
ǦCάOæCӱonAOb
&unix; tΤW䴩tC ʶRPɨ㦳 USB
ΨæCجɭLiHקKoذDC
@ӨAæCɭuണѳVǿ
(qܦL)Aӭn USB ~ണVC MӦb FreeBSD
UAϥθsæC (EPP M ECP) HΦLAAtXϥ
IEEE-1284 ۮeƽu]iHVqC
PostScript
qMLǥѨæCiVq覡ءC
Ĥ@جOϥίSsBMSwLq FreeBSD LXʵ{C
oؤ覡bQLWܱ`AΨӦ^sqHΨLATC
ĤGؤkO &postscript;ApGL䴩ܡC
&postscript; jobs are
actually programs sent to the printer; they need not produce
paper at all and may return results directly to the computer.
&postscript; also uses two-way communication to tell the
computer about problems, such as errors in the &postscript;
program or paper jams. Your users may be appreciative of such
information. Furthermore, the best way to do effective
accounting with a &postscript; printer requires two-way
communication: you ask the printer for its page count (how
many pages it has printed in its lifetime), then send the
user's job, then ask again for its page count. Subtract the
two values and you know how much paper to charge to the
user.
Parallel Ports
To hook up a printer using a parallel interface, connect
the Centronics cable between the printer and the computer.
The instructions that came with the printer, the computer, or
both should give you complete guidance.
Remember which parallel port you used on the computer.
The first parallel port is ppc0 to
FreeBSD; the second is ppc1, and so
on. The printer device name uses the same scheme:
/dev/lpt0 for the printer on the first
parallel ports etc.
Serial Ports
To hook up a printer using a serial interface, connect the
proper serial cable between the printer and the computer. The
instructions that came with the printer, the computer, or both
should give you complete guidance.
If you are unsure what the proper serial
cable
is, you may wish to try one of the following
alternatives:
A modem cable connects each pin
of the connector on one end of the cable straight through
to its corresponding pin of the connector on the other
end. This type of cable is also known as a
DTE-to-DCE
cable.
- null-modem cable
-
- A null-modem cable connects some
+ A null-modemnull-modem cable cable connects some
pins straight through, swaps others (send data to receive
data, for example), and shorts some internally in each
connector hood. This type of cable is also known as a
DTE-to-DTE
cable.
A serial printer cable, required
for some unusual printers, is like the null-modem cable,
but sends some signals to their counterparts instead of
being internally shorted.
baud rate
parity
flow control protocol
You should also set up the communications parameters for
the printer, usually through front-panel controls or DIP
switches on the printer. Choose the highest
bps (bits per second, sometimes
baud rate) that both your computer
and the printer can support. Choose 7 or 8 data bits; none,
even, or odd parity; and 1 or 2 stop bits. Also choose a flow
control protocol: either none, or XON/XOFF (also known as
in-band
or software
) flow control.
Remember these settings for the software configuration that
follows.
Software Setup
This section describes the software setup necessary to print
with the LPD spooling system in FreeBSD.
Here is an outline of the steps involved:
Configure your kernel, if necessary, for the port you
are using for the printer; section Kernel Configuration tells
you what you need to do.
Set the communications mode for the parallel port, if
you are using a parallel port; section Setting the
Communication Mode for the Parallel Port gives
details.
Test if the operating system can send data to the printer.
Section Checking Printer
Communications gives some suggestions on how to do
this.
Set up LPD for the printer by
modifying the file
/etc/printcap. You will find out how
to do this later in this chapter.
Kernel Configuration
The operating system kernel is compiled to work with a
specific set of devices. The serial or parallel interface for
your printer is a part of that set. Therefore, it might be
necessary to add support for an additional serial or parallel
port if your kernel is not already configured for one.
To find out if the kernel you are currently using supports
a serial interface, type:
&prompt.root; grep sioN /var/run/dmesg.boot
Where N is the number of the
serial port, starting from zero. If you see output similar to
the following:
sio2 at port 0x3e8-0x3ef irq 5 on isa
sio2: type 16550A
then the kernel supports the port.
To find out if the kernel supports a parallel interface,
type:
&prompt.root; grep ppcN /var/run/dmesg.boot
Where N is the number of the
parallel port, starting from zero. If you see output similar
to the following:
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/8 bytes threshold
then the kernel supports the port.
You might have to reconfigure your kernel in order for the
operating system to recognize and use the parallel or serial
port you are using for the printer.
To add support for a serial port, see the section on
kernel configuration. To add support for a parallel port, see
that section and the section that
follows.
Setting the Communication Mode for the Parallel
Port
When you are using the parallel interface, you can choose
whether FreeBSD should use interrupt-driven or polled
communication with the printer. The generic printer
device driver (&man.lpt.4;) on FreeBSD
uses the &man.ppbus.4; system, which controls the port
chipset with the &man.ppc.4; driver.
The interrupt-driven method is
the default with the GENERIC kernel. With this method,
the operating system uses an IRQ line to determine when
the printer is ready for data.
The polled method directs the
operating system to repeatedly ask the printer if it is
ready for more data. When it responds ready, the kernel
sends more data.
The interrupt-driven method is usually somewhat faster
but uses up a precious IRQ line. Some newer HP printers
are claimed not to work correctly in interrupt mode,
apparently due to some (not yet exactly understood) timing
problem. These printers need polled mode. You should use
whichever one works. Some printers will work in both
modes, but are painfully slow in interrupt mode.
You can set the communications mode in two ways: by
configuring the kernel or by using the &man.lptcontrol.8;
program.
To set the communications mode by configuring
the kernel:
Edit your kernel configuration file. Look for
an ppc0 entry. If you are setting up
the second parallel port, use ppc1
instead. Use ppc2 for the third port,
and so on.
If you want interrupt-driven mode, edit the following line:
hint.ppc.0.irq="N"
in the /boot/device.hints file
and replace N with the right
IRQ number. The kernel configuration file must
also contain the &man.ppc.4; driver:
device ppc
If you want polled mode, remove in your
/boot/device.hints file, the
following line:
hint.ppc.0.irq="N"
In some cases, this is not enough to put the
port in polled mode under FreeBSD. Most of
time it comes from &man.acpi.4; driver, this latter
is able to probe and attach devices, and therefore,
control the access mode to the printer port. You
should check your &man.acpi.4; configuration to
correct this problem.
Save the file. Then configure, build, and install the
kernel, then reboot. See kernel configuration for
more details.
To set the communications mode with
&man.lptcontrol.8;:
Type:
&prompt.root; lptcontrol -i -d /dev/lptN
to set interrupt-driven mode for
lptN.
Type:
&prompt.root; lptcontrol -p -d /dev/lptN
to set polled-mode for
lptN.
You could put these commands in your
/etc/rc.local file to set the mode each
time your system boots. See &man.lptcontrol.8; for more
information.
Checking Printer Communications
Before proceeding to configure the spooling system, you
should make sure the operating system can successfully send
data to your printer. It is a lot easier to debug printer
communication and the spooling system separately.
To test the printer, we will send some text to it. For
printers that can immediately print characters sent to them,
the program &man.lptest.1; is perfect: it generates all 96
printable ASCII characters in 96 lines.
PostScript
For a &postscript; (or other language-based) printer, we
will need a more sophisticated test. A small &postscript;
program, such as the following, will suffice:
%!PS
100 100 moveto 300 300 lineto stroke
310 310 moveto /Helvetica findfont 12 scalefont setfont
(Is this thing working?) show
showpage
The above &postscript; code can be placed into a file and
used as shown in the examples appearing in the following
sections.
PCL
When this document refers to a printer language, it is
assuming a language like &postscript;, and not Hewlett
Packard's PCL. Although PCL has great functionality, you
can intermingle plain text with its escape sequences.
&postscript; cannot directly print plain text, and that is the
kind of printer language for which we must make special
accommodations.
Checking a Parallel Printer
printers
parallel
This section tells you how to check if FreeBSD can
communicate with a printer connected to a parallel
port.
To test a printer on a parallel
port:
Become root with &man.su.1;.
Send data to the printer.
If the printer can print plain text, then use
&man.lptest.1;. Type:
&prompt.root; lptest > /dev/lptN
Where N is the number
of the parallel port, starting from zero.
If the printer understands &postscript; or other
printer language, then send a small program to the
printer. Type:
&prompt.root; cat > /dev/lptN
Then, line by line, type the program
carefully as you cannot edit a
line once you have pressed RETURN
or ENTER. When you have finished
entering the program, press
CONTROL+D, or whatever your end
of file key is.
Alternatively, you can put the program in a file
and type:
&prompt.root; cat file > /dev/lptN
Where file is the
name of the file containing the program you want to
send to the printer.
You should see something print. Do not worry if the
text does not look right; we will fix such things
later.
Checking a Serial Printer
printers
serial
This section tells you how to check if FreeBSD can
communicate with a printer on a serial port.
To test a printer on a serial
port:
Become root with &man.su.1;.
Edit the file /etc/remote. Add
the following entry:
printer:dv=/dev/port:br#bps-rate:pa=parity
bits-per-second
serial port
parity
Where port is the device
entry for the serial port (ttyd0,
ttyd1, etc.),
bps-rate is the
bits-per-second rate at which the printer communicates,
and parity is the parity
required by the printer (either even,
odd, none, or
zero).
Here is a sample entry for a printer connected via
a serial line to the third serial port at 19200 bps with
no parity:
printer:dv=/dev/ttyd2:br#19200:pa=none
Connect to the printer with &man.tip.1;.
Type:
&prompt.root; tip printer
If this step does not work, edit the file
/etc/remote again and try using
/dev/cuaaN
instead of
/dev/ttydN.
Send data to the printer.
If the printer can print plain text, then use
&man.lptest.1;. Type:
&prompt.user; $lptest
If the printer understands &postscript; or other
printer language, then send a small program to the
printer. Type the program, line by line,
very carefully as backspacing
or other editing keys may be significant to the
printer. You may also need to type a special
end-of-file key for the printer so it knows it
received the whole program. For &postscript;
printers, press CONTROL+D.
Alternatively, you can put the program in a file
and type:
&prompt.user; >file
Where file is the
name of the file containing the program. After
&man.tip.1; sends the file, press any required
end-of-file key.
You should see something print. Do not worry if the
text does not look right; we will fix that later.
Enabling the Spooler: the /etc/printcap
File
At this point, your printer should be hooked up, your kernel
configured to communicate with it (if necessary), and you have
been able to send some simple data to the printer. Now, we are
ready to configure LPD to control access
to your printer.
You configure LPD by editing the file
/etc/printcap. The
LPD spooling system
reads this file each time the spooler is used, so updates to the
file take immediate effect.
printers
capabilities
The format of the &man.printcap.5; file is straightforward.
Use your favorite text editor to make changes to
/etc/printcap. The format is identical to
other capability files like
/usr/share/misc/termcap and
/etc/remote. For complete information
about the format, see the &man.cgetent.3;.
The simple spooler configuration consists of the following
steps:
Pick a name (and a few convenient aliases) for the
printer, and put them in the
/etc/printcap file; see the
Naming the Printer
section for more information on naming.
- header pages
-
- Turn off header pages (which are on by default) by
+ Turn off header pagesheader pages (which are on by default) by
inserting the sh capability; see the
Suppressing Header
Pages section for more information.
Make a spooling directory, and specify its location with
the sd capability; see the Making the Spooling
Directory section for more information.
Set the /dev entry to use for the
printer, and note it in /etc/printcap
with the lp capability; see the Identifying the Printer
Device for more information. Also, if the printer is
on a serial port, set up the communication parameters with
the ms# capability which is discussed in the Configuring Spooler
Communications Parameters section.
Install a plain text input filter; see the Installing the Text
Filter section for details.
Test the setup by printing something with the
&man.lpr.1; command. More details are available in the
Trying It Out and
Troubleshooting
sections.
Language-based printers, such as &postscript; printers,
cannot directly print plain text. The simple setup outlined
above and described in the following sections assumes that if
you are installing such a printer you will print only files
that the printer can understand.
Users often expect that they can print plain text to any of
the printers installed on your system. Programs that interface
to LPD to do their printing usually
make the same assumption.
If you are installing such a printer and want to be able to
print jobs in the printer language and
print plain text jobs, you are strongly urged to add an
additional step to the simple setup outlined above: install an
automatic plain-text-to-&postscript; (or other printer language)
conversion program. The section entitled Accommodating Plain
Text Jobs on &postscript; Printers tells how to do
this.
Naming the Printer
The first (easy) step is to pick a name for your printer.
It really does not matter whether you choose functional or
whimsical names since you can also provide a number of aliases
for the printer.
At least one of the printers specified in the
/etc/printcap should have the alias
lp. This is the default printer's name.
If users do not have the PRINTER environment
variable nor specify a printer name on the command line of any
of the LPD commands,
then lp will be the
default printer they get to use.
Also, it is common practice to make the last alias for a
printer be a full description of the printer, including make
and model.
Once you have picked a name and some common aliases, put
them in the /etc/printcap file. The name
of the printer should start in the leftmost column. Separate
each alias with a vertical bar and put a colon after the last
alias.
In the following example, we start with a skeletal
/etc/printcap that defines two printers
(a Diablo 630 line printer and a Panasonic KX-P4455 &postscript;
laser printer):
#
# /etc/printcap for host rose
#
rattan|line|diablo|lp|Diablo 630 Line Printer:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:
In this example, the first printer is named
rattan and has as aliases
line, diablo,
lp, and Diablo 630 Line
Printer. Since it has the alias
lp, it is also the default printer. The
second is named bamboo, and has as aliases
ps, PS,
S, panasonic, and
Panasonic KX-P4455 PostScript v51.4.
Making the Spooling Directory
printer spool
print jobs
The next step in the simple spooler setup is to make a
spooling directory, a directory where
print jobs reside until they are printed, and where a number
of other spooler support files live.
Because of the variable nature of spooling directories, it
is customary to put these directories under
/var/spool. It is not necessary to
backup the contents of spooling directories, either.
Recreating them is as simple as running &man.mkdir.1;.
It is also customary to make the directory with a name
that is identical to the name of the printer, as shown
below:
&prompt.root; mkdir /var/spool/printer-name
However, if you have a lot of printers on your network,
you might want to put the spooling directories under a single
directory that you reserve just for printing with
LPD. We
will do this for our two example printers
rattan and
bamboo:
&prompt.root; mkdir /var/spool/lpd
&prompt.root; mkdir /var/spool/lpd/rattan
&prompt.root; mkdir /var/spool/lpd/bamboo
If you are concerned about the privacy of jobs that
users print, you might want to protect the spooling
directory so it is not publicly accessible. Spooling
directories should be owned and be readable, writable, and
searchable by user daemon and group daemon, and no one else.
We will do this for our example printers:
&prompt.root; chown daemon:daemon /var/spool/lpd/rattan
&prompt.root; chown daemon:daemon /var/spool/lpd/bamboo
&prompt.root; chmod 770 /var/spool/lpd/rattan
&prompt.root; chmod 770 /var/spool/lpd/bamboo
Finally, you need to tell LPD
about these directories
using the /etc/printcap file. You
specify the pathname of the spooling directory with the
sd capability:
#
# /etc/printcap for host rose - added spooling directories
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:
Note that the name of the printer starts in the first
column but all other entries describing the printer should be
indented and each line end escaped with a
backslash.
If you do not specify a spooling directory with
sd, the spooling system will use
/var/spool/lpd as a default.
Identifying the Printer Device
In the
Entries for the Ports
section, we identified which entry in the
/dev directory FreeBSD will use to
communicate with the printer. Now, we tell
LPD that
information. When the spooling system has a job to print, it
will open the specified device on behalf of the filter program
(which is responsible for passing data to the printer).
List the /dev entry pathname in the
/etc/printcap file using the
lp capability.
In our running example, let us assume that
rattan is on the first parallel port, and
bamboo is on a sixth serial port; here are
the additions to /etc/printcap:
#
# /etc/printcap for host rose - identified what devices to use
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:
If you do not specify the lp capability
for a printer in your /etc/printcap file,
LPD uses /dev/lp
as a default.
/dev/lp currently does not exist in
FreeBSD.
If the printer you are installing is connected to a
parallel port, skip to the section entitled, Installing the Text
Filter. Otherwise, be sure to follow the instructions
in the next section.
Configuring Spooler Communication Parameters
printers
serial
For printers on serial ports, LPD
can set up the bps rate,
parity, and other serial communication parameters on behalf of
the filter program that sends data to the printer. This is
advantageous since:
It lets you try different communication parameters by
simply editing the /etc/printcap
file; you do not have to recompile the filter
program.
It enables the spooling system to use the same filter
program for multiple printers which may have different
serial communication settings.
The following /etc/printcap
capabilities control serial communication parameters of the
device listed in the lp capability:
br#bps-rate
Sets the communications speed of the device to
bps-rate, where
bps-rate can be 50, 75, 110,
134, 150, 200, 300, 600, 1200, 1800, 2400, 4800, 9600,
19200, 38400, 57600, or 115200 bits-per-second.
ms#stty-mode
Sets the options for the terminal device after
opening the device. &man.stty.1; explains the
available options.
When LPD opens the device
specified by the lp capability, it sets
the characteristics of the device to those specified with
the ms# capability. Of particular
interest will be the parenb,
parodd, cs5,
cs6, cs7,
cs8, cstopb,
crtscts, and ixon
modes, which are explained in the &man.stty.1;
manual page.
Let us add to our example printer on the sixth serial
port. We will set the bps rate to 38400. For the mode,
we will set no parity with -parenb,
8-bit characters with cs8,
no modem control with clocal and
hardware flow control with crtscts:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:
Installing the Text Filter
printing
filters
We are now ready to tell LPD
what text filter to use to
send jobs to the printer. A text filter,
also known as an input filter, is a
program that LPD runs when it
has a job to print. When LPD
runs the text filter for a printer, it sets the filter's
standard input to the job to print, and its standard output to
the printer device specified with the lp
capability. The filter is expected to read the job from
standard input, perform any necessary translation for the
printer, and write the results to standard output, which will
get printed. For more information on the text filter, see
the Filters
section.
For our simple printer setup, the text filter can be a
small shell script that just executes
/bin/cat to send the job to the printer.
FreeBSD comes with another filter called
lpf that handles backspacing and
underlining for printers that might not deal with such
character streams well. And, of course, you can use any other
filter program you want. The filter lpf is
described in detail in section entitled lpf: a Text
Filter.
First, let us make the shell script
/usr/local/libexec/if-simple be a simple
text filter. Put the following text into that file with your
favorite text editor:
#!/bin/sh
#
# if-simple - Simple text input filter for lpd
# Installed in /usr/local/libexec/if-simple
#
# Simply copies stdin to stdout. Ignores all filter arguments.
/bin/cat && exit 0
exit 2
Make the file executable:
&prompt.root; chmod 555 /usr/local/libexec/if-simple
And then tell LPD to use it by specifying it with the
if capability in
/etc/printcap. We will add it to the two
printers we have so far in the example
/etc/printcap:
#
# /etc/printcap for host rose - added text filter
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:\
:if=/usr/local/libexec/if-simple:
A copy of the if-simple script
can be found in the /usr/share/examples/printing
directory.
Turn on LPD
&man.lpd.8; is run from /etc/rc,
controlled by the lpd_enable variable. This
variable defaults to NO. If you have not done
so already, add the line:
lpd_enable="YES"
to /etc/rc.conf, and then either restart
your machine, or just run &man.lpd.8;.
&prompt.root; lpd
Trying It Out
You have reached the end of the simple
LPD setup.
Unfortunately, congratulations are not quite yet in order,
since we still have to test the setup and correct any
problems. To test the setup, try printing something. To
print with the LPD system, you
use the command &man.lpr.1;,
which submits a job for printing.
You can combine &man.lpr.1; with the &man.lptest.1;
program, introduced in section Checking Printer
Communications to generate some test text.
To test the simple LPD
setup:
Type:
&prompt.root; lptest 20 5 | lpr -Pprinter-name
Where printer-name is a the
name of a printer (or an alias) specified in
/etc/printcap. To test the default
printer, type &man.lpr.1; without any
argument. Again, if you are testing a printer that expects
&postscript;, send a &postscript; program in that language instead
of using &man.lptest.1;. You can do so by putting the program
in a file and typing lpr
file.
For a &postscript; printer, you should get the results of
the program. If you are using &man.lptest.1;, then your
results should look like the following:
!"#$%&'()*+,-./01234
"#$%&'()*+,-./012345
#$%&'()*+,-./0123456
$%&'()*+,-./01234567
%&'()*+,-./012345678
To further test the printer, try downloading larger
programs (for language-based printers) or running
&man.lptest.1; with different arguments. For example,
lptest 80 60 will produce 60 lines of 80
characters each.
If the printer did not work, see the Troubleshooting
section.
Advanced Printer Setup
This section describes filters for printing specially formatted
files, header pages, printing across networks, and restricting and
accounting for printer usage.
Filters
printing
filters
Although LPD handles network protocols,
queuing, access control,
and other aspects of printing, most of the real
work happens in the filters. Filters are
programs that communicate with the printer and handle its device
dependencies and special requirements. In the simple printer setup,
we installed a plain text filter—an extremely simple one that
should work with most printers (section Installing the Text
Filter).
However, in order to take advantage of format conversion, printer
accounting, specific printer quirks, and so on, you should understand
how filters work. It will ultimately be the filter's responsibility
to handle these aspects. And the bad news is that most of the time
you have to provide filters yourself. The good
news is that many are generally available; when they are not, they are
usually easy to write.
Also, FreeBSD comes with one,
/usr/libexec/lpr/lpf, that works with many
printers that can print plain text. (It handles backspacing and tabs
in the file, and does accounting, but that is about all it does.)
There are also several filters and filter components in the FreeBSD
Ports Collection.
Here is what you will find in this section:
Section How Filters
Work, tries to give an overview of a filter's role in the
printing process. You should read this section to get an
understanding of what is happening under the hood
when LPD uses filters. This knowledge
could help you anticipate
and debug problems you might encounter as you install more and
more filters on each of your printers.
LPD expects every printer to be
able to print plain text by
default. This presents a problem for &postscript; (or other
language-based printers) which cannot directly print plain text.
Section Accommodating
Plain Text Jobs on &postscript; Printers tells you what you
should do to overcome this problem. You should read this
section if you have a &postscript; printer.
&postscript; is a popular output format for many programs.
Some people even write &postscript; code directly. Unfortunately,
&postscript; printers are expensive. Section Simulating &postscript; on
Non &postscript; Printers tells how you can further modify
a printer's text filter to accept and print &postscript; data on a
non &postscript; printer. You should read
this section if you do not have a &postscript; printer.
Section Conversion
Filters tells about a way you can automate the conversion
of specific file formats, such as graphic or typesetting data,
into formats your printer can understand. After reading this
section, you should be able to set up your printers such that
users can type lpr -t to print troff data, or
lpr -d to print &tex; DVI data, or lpr
-v to print raster image data, and so forth. I
recommend reading this section.
Section Output
Filters tells all about a not often used feature of
LPD:
output filters. Unless you are printing header pages (see Header Pages),
you can probably skip that section altogether.
Section lpf: a Text
Filter describes lpf, a fairly
complete if simple text filter for line printers (and laser
printers that act like line printers) that comes with FreeBSD. If
you need a quick way to get printer accounting working for plain
text, or if you have a printer which emits smoke when it sees
backspace characters, you should definitely consider
lpf.
A copy of the various scripts described below can be
found in the /usr/share/examples/printing
directory.
How Filters Work
As mentioned before, a filter is an executable program started
by LPD to handle the device-dependent part of
communicating with the printer.
When LPD wants to print a file in a
job, it starts a filter
program. It sets the filter's standard input to the file to print,
its standard output to the printer, and its standard error to the
error logging file (specified in the lf
capability in /etc/printcap, or
/dev/console by default).
troff
Which filter LPD starts and the
filter's arguments depend on
what is listed in the /etc/printcap file and
what arguments the user specified for the job on the
&man.lpr.1; command line. For example, if the user typed
lpr -t, LPD would
start the troff filter, listed
in the tf capability for the destination printer.
If the user wanted to print plain text, it would start the
if filter (this is mostly true: see Output Filters for
details).
There are three kinds of filters you can specify in
/etc/printcap:
The text filter, confusingly called the
input filter in
LPD documentation, handles
regular text printing. Think of it as the default filter.
LPD
expects every printer to be able to print plain text by default,
and it is the text filter's job to make sure backspaces, tabs,
or other special characters do not confuse the printer. If you
are in an environment where you have to account for printer
usage, the text filter must also account for pages printed,
usually by counting the number of lines printed and comparing
that to the number of lines per page the printer supports. The
text filter is started with the following argument list:
filter-name
-c
-wwidth
-llength
-iindent
-n login
-h host
acct-file
where
appears if the job is submitted with lpr
-l
width
is the value from the pw (page
width) capability specified in
/etc/printcap, default 132
length
is the value from the pl (page
length) capability, default 66
indent
is the amount of the indentation from lpr
-i, default 0
login
is the account name of the user printing the
file
host
is the host name from which the job was
submitted
acct-file
is the name of the accounting file from the
af capability.
-
- printing
- filters
-
-
- A conversion filter converts a specific
+ A conversion filterprintingfilters converts a specific
file format into one the printer can render onto paper. For
example, ditroff typesetting data cannot be directly printed,
but you can install a conversion filter for ditroff files to
convert the ditroff data into a form the printer can digest and
print. Section Conversion
Filters tells all about them. Conversion filters also
need to do accounting, if you need printer accounting.
Conversion filters are started with the following arguments:
filter-name
-xpixel-width
-ypixel-height
-n login
-h host
acct-file
where pixel-width is the value
from the px capability (default 0) and
pixel-height is the value from the
py capability (default 0).
The output filter is used only if there
is no text filter, or if header pages are enabled. In my
experience, output filters are rarely used. Section Output Filters describe
them. There are only two arguments to an output filter:
filter-name
-wwidth
-llength
which are identical to the text filters and
arguments.
Filters should also exit with the
following exit status:
exit 0
If the filter printed the file successfully.
exit 1
If the filter failed to print the file but wants
LPD to
try to print the file again. LPD
will restart a filter if it exits with this status.
exit 2
If the filter failed to print the file and does not want
LPD to try again.
LPD will throw out the file.
The text filter that comes with the FreeBSD release,
/usr/libexec/lpr/lpf, takes advantage of the
page width and length arguments to determine when to send a form
feed and how to account for printer usage. It uses the login, host,
and accounting file arguments to make the accounting entries.
If you are shopping for filters, see if they are LPD-compatible.
If they are, they must support the argument lists described above.
If you plan on writing filters for general use, then have them
support the same argument lists and exit codes.
Accommodating Plain Text Jobs on &postscript; Printers
print jobs
If you are the only user of your computer and &postscript; (or
other language-based) printer, and you promise to never send plain
text to your printer and to never use features of various programs
that will want to send plain text to your printer, then you do not
need to worry about this section at all.
But, if you would like to send both &postscript; and plain text
jobs to the printer, then you are urged to augment your printer
setup. To do so, we have the text filter detect if the arriving job
is plain text or &postscript;. All &postscript; jobs must start with
%! (for other printer languages, see your printer
documentation). If those are the first two characters in the job,
we have &postscript;, and can pass the rest of the job directly. If
those are not the first two characters in the file, then the filter
will convert the text into &postscript; and print the result.
How do we do this?
printers
serial
If you have got a serial printer, a great way to do it is to
install lprps. lprps is a
&postscript; printer filter which performs two-way communication with
the printer. It updates the printer's status file with verbose
information from the printer, so users and administrators can see
exactly what the state of the printer is (such as toner
low or paper jam). But more
importantly, it includes a program called psif
which detects whether the incoming job is plain text and calls
textps (another program that comes with
lprps) to convert it to &postscript;. It then uses
lprps to send the job to the printer.
lprps is part of the FreeBSD Ports Collection
(see The Ports Collection). You can
fetch, build and install it yourself, of course. After installing
lprps, just specify the pathname to the
psif program that is part of
lprps. If you installed lprps
from the Ports Collection, use the following in the serial
&postscript; printer's entry in
/etc/printcap:
:if=/usr/local/libexec/psif:
You should also specify the rw capability;
that tells LPD to open the printer in
read-write mode.
If you have a parallel &postscript; printer (and therefore cannot
use two-way communication with the printer, which
lprps needs), you can use the following shell
script as the text filter:
#!/bin/sh
#
# psif - Print PostScript or plain text on a PostScript printer
# Script version; NOT the version that comes with lprps
# Installed in /usr/local/libexec/psif
#
IFS="" read -r first_line
first_two_chars=`expr "$first_line" : '\(..\)'`
if [ "$first_two_chars" = "%!" ]; then
#
# PostScript job, print it.
#
echo "$first_line" && cat && printf "\004" && exit 0
exit 2
else
#
# Plain text, convert it, then print it.
#
( echo "$first_line"; cat ) | /usr/local/bin/textps && printf "\004" && exit 0
exit 2
fi
In the above script, textps is a program we
installed separately to convert plain text to &postscript;. You can
use any text-to-&postscript; program you wish. The FreeBSD Ports
Collection (see The Ports Collection)
includes a full featured text-to-&postscript; program called
a2ps that you might want to investigate.
Simulating &postscript; on Non &postscript; Printers
PostScript
emulating
Ghostscript
&postscript; is the de facto standard for
high quality typesetting and printing. &postscript; is, however, an
expensive standard. Thankfully, Aladdin
Enterprises has a free &postscript; work-alike called
Ghostscript that runs with FreeBSD.
Ghostscript can read most &postscript; files and can render their
pages onto a variety of devices, including many brands of
non-PostScript printers. By installing Ghostscript and using a
special text filter for your printer, you can make your
non &postscript; printer act like a real &postscript; printer.
Ghostscript is in the FreeBSD Ports Collection, if you
would like to install it from there. You can fetch, build, and
install it quite easily yourself, as well.
To simulate &postscript;, we have the text filter detect if it is
printing a &postscript; file. If it is not, then the filter will pass
the file directly to the printer; otherwise, it will use Ghostscript
to first convert the file into a format the printer will
understand.
Here is an example: the following script is a text filter
for Hewlett Packard DeskJet 500 printers. For other printers,
substitute the argument to the
gs (Ghostscript) command. (Type gs
-h to get a list of devices the current installation of
Ghostscript supports.)
#!/bin/sh
#
# ifhp - Print Ghostscript-simulated PostScript on a DeskJet 500
# Installed in /usr/local/libexec/ifhp
#
# Treat LF as CR+LF (to avoid the "staircase effect" on HP/PCL
# printers):
#
printf "\033&k2G" || exit 2
#
# Read first two characters of the file
#
IFS="" read -r first_line
first_two_chars=`expr "$first_line" : '\(..\)'`
if [ "$first_two_chars" = "%!" ]; then
#
# It is PostScript; use Ghostscript to scan-convert and print it.
#
/usr/local/bin/gs -dSAFER -dNOPAUSE -q -sDEVICE=djet500 \
-sOutputFile=- - && exit 0
else
#
# Plain text or HP/PCL, so just print it directly; print a form feed
# at the end to eject the last page.
#
echo "$first_line" && cat && printf "\033&l0H" &&
exit 0
fi
exit 2
Finally, you need to notify LPD of
the filter via the if capability:
:if=/usr/local/libexec/ifhp:
That is it. You can type lpr plain.text and
lpr whatever.ps and both should print
successfully.
Conversion Filters
After completing the simple setup described in Simple Printer Setup, the first
thing you will probably want to do is install conversion filters for
your favorite file formats (besides plain ASCII text).
Why Install Conversion Filters?
&tex;
printing DVI files
Conversion filters make printing various kinds of files easy.
As an example, suppose we do a lot of work with the &tex;
typesetting system, and we have a &postscript; printer. Every time
we generate a DVI file from &tex;, we cannot print it directly until
we convert the DVI file into &postscript;. The command sequence
goes like this:
&prompt.user; dvips seaweed-analysis.dvi
&prompt.user; lpr seaweed-analysis.ps
By installing a conversion filter for DVI files, we can skip
the hand conversion step each time by having
LPD do it for us.
Now, each time we get a DVI file, we are just one step away from
printing it:
&prompt.user; lpr -d seaweed-analysis.dvi
We got LPD to do the DVI file
conversion for us by specifying
the option. Section Formatting and Conversion
Options lists the conversion options.
For each of the conversion options you want a printer to
support, install a conversion filter and
specify its pathname in /etc/printcap. A
conversion filter is like the text filter for the simple printer
setup (see section Installing
the Text Filter) except that instead of printing plain
text, the filter converts the file into a format the printer can
understand.
Which Conversion Filters Should I Install?
You should install the conversion filters you expect to use.
If you print a lot of DVI data, then a DVI conversion filter is in
order. If you have got plenty of troff to print out, then you
probably want a troff filter.
The following table summarizes the filters that
LPD works
with, their capability entries for the
/etc/printcap file, and how to invoke them
with the lpr command:
File type
/etc/printcap capability
lpr option
cifplot
cf
DVI
df
plot
gf
ditroff
nf
FORTRAN text
rf
troff
tf
raster
vf
plain text
if
none, , or
In our example, using lpr -d means the
printer needs a df capability in its entry in
/etc/printcap.
FORTRAN
Despite what others might contend, formats like FORTRAN text
and plot are probably obsolete. At your site, you can give new
meanings to these or any of the formatting options just by
installing custom filters. For example, suppose you would like to
directly print Printerleaf files (files from the Interleaf desktop
publishing program), but will never print plot files. You could
install a Printerleaf conversion filter under the
gf capability and then educate your users that
lpr -g mean print Printerleaf
files.
Installing Conversion Filters
Since conversion filters are programs you install outside of
the base FreeBSD installation, they should probably go under
/usr/local. The directory
/usr/local/libexec is a popular location,
since they are specialized programs that only
LPD will run;
regular users should not ever need to run them.
To enable a conversion filter, specify its pathname under the
appropriate capability for the destination printer in
/etc/printcap.
In our example, we will add the DVI conversion filter to the
entry for the printer named bamboo. Here is
the example /etc/printcap file again, with
the new df capability for the printer
bamboo.
#
# /etc/printcap for host rose - added df filter for bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:
The DVI filter is a shell script named
/usr/local/libexec/psdf. Here is that
script:
#!/bin/sh
#
# psdf - DVI to PostScript printer filter
# Installed in /usr/local/libexec/psdf
#
# Invoked by lpd when user runs lpr -d
#
exec /usr/local/bin/dvips -f | /usr/local/libexec/lprps "$@"
This script runs dvips in filter mode (the
argument) on standard input, which is the job
to print. It then starts the &postscript; printer filter
lprps (see section Accommodating Plain
Text Jobs on &postscript; Printers) with the arguments
LPD
passed to this script. lprps will use those
arguments to account for the pages printed.
More Conversion Filter Examples
Since there is no fixed set of steps to install conversion
filters, let me instead provide more examples. Use these as
guidance to making your own filters. Use them directly, if
appropriate.
This example script is a raster (well, GIF file, actually)
conversion filter for a Hewlett Packard LaserJet III-Si
printer:
#!/bin/sh
#
# hpvf - Convert GIF files into HP/PCL, then print
# Installed in /usr/local/libexec/hpvf
PATH=/usr/X11R6/bin:$PATH; export PATH
giftopnm | ppmtopgm | pgmtopbm | pbmtolj -resolution 300 \
&& exit 0 \
|| exit 2
It works by converting the GIF file into a portable anymap,
converting that into a portable graymap, converting that into a
portable bitmap, and converting that into LaserJet/PCL-compatible
data.
Here is the /etc/printcap file with an
entry for a printer using the above filter:
#
# /etc/printcap for host orchid
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/hpif:\
:vf=/usr/local/libexec/hpvf:
The following script is a conversion filter for troff data
from the groff typesetting system for the &postscript; printer named
bamboo:
#!/bin/sh
#
# pstf - Convert groff's troff data into PS, then print.
# Installed in /usr/local/libexec/pstf
#
exec grops | /usr/local/libexec/lprps "$@"
The above script makes use of lprps again
to handle the communication with the printer. If the printer were
on a parallel port, we would use this script instead:
#!/bin/sh
#
# pstf - Convert groff's troff data into PS, then print.
# Installed in /usr/local/libexec/pstf
#
exec grops
That is it. Here is the entry we need to add to
/etc/printcap to enable the filter:
:tf=/usr/local/libexec/pstf:
Here is an example that might make old hands at FORTRAN blush.
It is a FORTRAN-text filter for any printer that can directly
print plain text. We will install it for the printer
teak:
#!/bin/sh
#
# hprf - FORTRAN text filter for LaserJet 3si:
# Installed in /usr/local/libexec/hprf
#
printf "\033&k2G" && fpr && printf "\033&l0H" &&
exit 0
exit 2
And we will add this line to the
/etc/printcap for the printer
teak to enable this filter:
:rf=/usr/local/libexec/hprf:
Here is one final, somewhat complex example. We will add a
DVI filter to the LaserJet printer teak
introduced earlier. First, the easy part: updating
/etc/printcap with the location of the DVI
filter:
:df=/usr/local/libexec/hpdf:
Now, for the hard part: making the filter. For that, we need
a DVI-to-LaserJet/PCL conversion program. The FreeBSD Ports
Collection (see The Ports Collection)
has one: dvi2xx is the name of the package.
Installing this package gives us the program we need,
dvilj2p, which converts DVI into LaserJet IIp,
LaserJet III, and LaserJet 2000 compatible codes.
dvilj2p makes the filter
hpdf quite complex since
dvilj2p cannot read from standard input. It
wants to work with a filename. What is worse, the filename has to
end in .dvi so using
/dev/fd/0 for standard input is problematic.
We can get around that problem by linking (symbolically) a
temporary file name (one that ends in .dvi)
to /dev/fd/0, thereby forcing
dvilj2p to read from standard input.
The only other fly in the ointment is the fact that we cannot
use /tmp for the temporary link. Symbolic
links are owned by user and group bin. The
filter runs as user daemon. And the
/tmp directory has the sticky bit set. The
filter can create the link, but it will not be able clean up when
done and remove it since the link will belong to a different
user.
Instead, the filter will make the symbolic link in the current
working directory, which is the spooling directory (specified by
the sd capability in
/etc/printcap). This is a perfect place for
filters to do their work, especially since there is (sometimes)
more free disk space in the spooling directory than under
/tmp.
Here, finally, is the filter:
#!/bin/sh
#
# hpdf - Print DVI data on HP/PCL printer
# Installed in /usr/local/libexec/hpdf
PATH=/usr/local/bin:$PATH; export PATH
#
# Define a function to clean up our temporary files. These exist
# in the current directory, which will be the spooling directory
# for the printer.
#
cleanup() {
rm -f hpdf$$.dvi
}
#
# Define a function to handle fatal errors: print the given message
# and exit 2. Exiting with 2 tells LPD to do not try to reprint the
# job.
#
fatal() {
echo "$@" 1>&2
cleanup
exit 2
}
#
# If user removes the job, LPD will send SIGINT, so trap SIGINT
# (and a few other signals) to clean up after ourselves.
#
trap cleanup 1 2 15
#
# Make sure we are not colliding with any existing files.
#
cleanup
#
# Link the DVI input file to standard input (the file to print).
#
ln -s /dev/fd/0 hpdf$$.dvi || fatal "Cannot symlink /dev/fd/0"
#
# Make LF = CR+LF
#
printf "\033&k2G" || fatal "Cannot initialize printer"
#
# Convert and print. Return value from dvilj2p does not seem to be
# reliable, so we ignore it.
#
dvilj2p -M1 -q -e- dfhp$$.dvi
#
# Clean up and exit
#
cleanup
exit 0
Automated Conversion: an Alternative to Conversion
Filters
All these conversion filters accomplish a lot for your
printing environment, but at the cost forcing the user to specify
(on the &man.lpr.1; command line) which one to use.
If your users are not particularly computer literate, having to
specify a filter option will become annoying. What is worse,
though, is that an incorrectly specified filter option may run a
filter on the wrong type of file and cause your printer to spew
out hundreds of sheets of paper.
Rather than install conversion filters at all, you might want
to try having the text filter (since it is the default filter)
detect the type of file it has been asked to print and then
automatically run the right conversion filter. Tools such as
file can be of help here. Of course, it will
be hard to determine the differences between
some file types—and, of course, you can
still provide conversion filters just for them.
apsfilter
printing
filters
apsfilter
The FreeBSD Ports Collection has a text filter that performs
automatic conversion called apsfilter. It can
detect plain text, &postscript;, and DVI files, run the proper
conversions, and print.
Output Filters
The LPD spooling system supports one
other type of filter that
we have not yet explored: an output filter. An output filter is
intended for printing plain text only, like the text filter, but
with many simplifications. If you are using an output filter but no
text filter, then:
LPD starts an output filter once
for the entire job instead
of once for each file in the job.
LPD does not make any provision
to identify the start or the
end of files within the job for the output filter.
LPD does not pass the user's
login or host to the filter, so
it is not intended to do accounting. In fact, it gets only two
arguments:
filter-name
-wwidth
-llength
Where width is from the
pw capability and
length is from the
pl capability for the printer in
question.
Do not be seduced by an output filter's simplicity. If you
would like each file in a job to start on a different page an output
filter will not work. Use a text filter (also
known as an input filter); see section Installing the Text Filter.
Furthermore, an output filter is actually more
complex in that it has to examine the byte stream being
sent to it for special flag characters and must send signals to
itself on behalf of LPD.
However, an output filter is necessary if
you want header pages and need to send escape sequences or other
initialization strings to be able to print the header page. (But it
is also futile if you want to charge header
pages to the requesting user's account, since
LPD does not give any
user or host information to the output filter.)
On a single printer, LPD
allows both an output filter and text or other filters. In
such cases, LPD will start the
output filter
to print the header page (see section Header Pages)
only. LPD then expects the
output filter to stop
itself by sending two bytes to the filter: ASCII 031
followed by ASCII 001. When an output filter sees these two bytes
(031, 001), it should stop by sending SIGSTOP
to itself. When
LPD's
done running other filters, it will restart the output filter by
sending SIGCONT to it.
If there is an output filter but no text
filter and LPD is working on a plain
text job, LPD uses the output
filter to do the job. As stated before, the output filter will
print each file of the job in sequence with no intervening form
feeds or other paper advancement, and this is probably
not what you want. In almost all cases, you
need a text filter.
The program lpf, which we introduced earlier
as a text filter, can also run as an output filter. If you need a
quick-and-dirty output filter but do not want to write the byte
detection and signal sending code, try lpf. You
can also wrap lpf in a shell script to handle any
initialization codes the printer might require.
lpf: a Text Filter
The program /usr/libexec/lpr/lpf that comes
with FreeBSD binary distribution is a text filter (input filter)
that can indent output (job submitted with lpr
-i), allow literal characters to pass (job submitted
with lpr -l), adjust the printing position for
backspaces and tabs in the job, and account for pages printed. It
can also act like an output filter.
lpf is suitable for many printing
environments. And although it has no capability to send
initialization sequences to a printer, it is easy to write a shell
script to do the needed initialization and then execute
lpf.
page accounting
accounting
printer
In order for lpf to do page accounting
correctly, it needs correct values filled in for the
pw and pl capabilities in the
/etc/printcap file. It uses these values to
determine how much text can fit on a page and how many pages were in
a user's job. For more information on printer accounting, see Accounting for Printer
Usage.
Networked Printing
printers
network
network printing
FreeBSD supports networked printing: sending jobs to remote
printers. Networked printing generally refers to two different
things:
Accessing a printer attached to a remote host. You install a
printer that has a conventional serial or parallel interface on
one host. Then, you set up LPD to
enable access to the printer
from other hosts on the network. Section Printers Installed on
Remote Hosts tells how to do this.
Accessing a printer attached directly to a network. The
printer has a network interface in addition (or in place of) a
more conventional serial or parallel interface. Such a printer
might work as follows:
It might understand the LPD
protocol and can even queue
jobs from remote hosts. In this case, it acts just like a
regular host running LPD. Follow
the same procedure in
section Printers
Installed on Remote Hosts to set up such a
printer.
It might support a data stream network connection. In this
case, you attach
the printer to one host on the
network by making that host responsible for spooling jobs and
sending them to the printer. Section Printers with
Networked Data Stream Interfaces gives some
suggestions on installing such printers.
Printers Installed on Remote Hosts
The LPD spooling system has built-in
support for sending jobs to
other hosts also running LPD (or are
compatible with LPD). This
feature enables you to install a printer on one host and make it
accessible from other hosts. It also works with printers that have
network interfaces that understand the
LPD protocol.
To enable this kind of remote printing, first install a printer
on one host, the printer host, using the simple
printer setup described in the Simple
Printer Setup section. Do any advanced setup in Advanced Printer Setup that you
need. Make sure to test the printer and see if it works with the
features of LPD you have enabled.
Also ensure that the
local host has authorization to use the
LPD
service in the remote host (see Restricting Jobs
from Remote Printers).
printers
network
network printing
If you are using a printer with a network interface that is
compatible with LPD, then the
printer host in
the discussion below is the printer itself, and the
printer name is the name you configured for the
printer. See the documentation that accompanied your printer and/or
printer-network interface.
If you are using a Hewlett Packard Laserjet then the printer
name text will automatically perform the LF to
CRLF conversion for you, so you will not require the
hpif script.
Then, on the other hosts you want to have access to the printer,
make an entry in their /etc/printcap files with
the following:
Name the entry anything you want. For simplicity, though,
you probably want to use the same name and aliases as on the
printer host.
Leave the lp capability blank, explicitly
(:lp=:).
Make a spooling directory and specify its location in the
sd capability. LPD
will store jobs here
before they get sent to the printer host.
Place the name of the printer host in the
rm capability.
Place the printer name on the printer
host in the rp
capability.
That is it. You do not need to list conversion filters, page
dimensions, or anything else in the
/etc/printcap file.
Here is an example. The host rose has two
printers, bamboo and rattan.
We will enable users on the host orchid to print
to those printers.
Here is the /etc/printcap file for
orchid (back from section Enabling Header
Pages). It already had the entry for the printer
teak; we have added entries for the two printers
on the host rose:
#
# /etc/printcap for host orchid - added (remote) printers on rose
#
#
# teak is local; it is connected directly to orchid:
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/ifhp:\
:vf=/usr/local/libexec/vfhp:\
:of=/usr/local/libexec/ofhp:
#
# rattan is connected to rose; send jobs for rattan to rose:
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
#
# bamboo is connected to rose as well:
#
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:
Then, we just need to make spooling directories on
orchid:
&prompt.root; mkdir -p /var/spool/lpd/rattan /var/spool/lpd/bamboo
&prompt.root; chmod 770 /var/spool/lpd/rattan /var/spool/lpd/bamboo
&prompt.root; chown daemon:daemon /var/spool/lpd/rattan /var/spool/lpd/bamboo
Now, users on orchid can print to
rattan and bamboo. If, for
example, a user on orchid typed
&prompt.user; lpr -P bamboo -d sushi-review.dvi
the LPD system on orchid
would copy the job to the spooling
directory /var/spool/lpd/bamboo and note that it was a
DVI job. As soon as the host rose has room in its
bamboo spooling directory, the two
LPDs would transfer the
file to rose. The file would wait in rose's
queue until it was finally printed. It would be converted from DVI to
&postscript; (since bamboo is a &postscript; printer) on
rose.
Printers with Networked Data Stream Interfaces
Often, when you buy a network interface card for a printer, you
can get two versions: one which emulates a spooler (the more
expensive version), or one which just lets you send data to it as if
you were using a serial or parallel port (the cheaper version).
This section tells how to use the cheaper version. For the more
expensive one, see the previous section Printers Installed on
Remote Hosts.
The format of the /etc/printcap file lets
you specify what serial or parallel interface to use, and (if you
are using a serial interface), what baud rate, whether to use flow
control, delays for tabs, conversion of newlines, and more. But
there is no way to specify a connection to a printer that is
listening on a TCP/IP or other network port.
To send data to a networked printer, you need to develop a
communications program that can be called by the text and conversion
filters. Here is one such example: the script
netprint takes all data on standard input and
sends it to a network-attached printer. We specify the hostname of
the printer as the first argument and the port number to which to
connect as the second argument to netprint. Note
that this supports one-way communication only (FreeBSD to printer);
many network printers support two-way communication, and you might
want to take advantage of that (to get printer status, perform
accounting, etc.).
#!/usr/bin/perl
#
# netprint - Text filter for printer attached to network
# Installed in /usr/local/libexec/netprint
#
$#ARGV eq 1 || die "Usage: $0 <printer-hostname> <port-number>";
$printer_host = $ARGV[0];
$printer_port = $ARGV[1];
require 'sys/socket.ph';
($ignore, $ignore, $protocol) = getprotobyname('tcp');
($ignore, $ignore, $ignore, $ignore, $address)
= gethostbyname($printer_host);
$sockaddr = pack('S n a4 x8', &AF_INET, $printer_port, $address);
socket(PRINTER, &PF_INET, &SOCK_STREAM, $protocol)
|| die "Can't create TCP/IP stream socket: $!";
connect(PRINTER, $sockaddr) || die "Can't contact $printer_host: $!";
while (<STDIN>) { print PRINTER; }
exit 0;
We can then use this script in various filters. Suppose we had
a Diablo 750-N line printer connected to the network. The printer
accepts data to print on port number 5100. The host name of the
printer is scrivener. Here is the text filter for the
printer:
#!/bin/sh
#
# diablo-if-net - Text filter for Diablo printer `scrivener' listening
# on port 5100. Installed in /usr/local/libexec/diablo-if-net
#
exec /usr/libexec/lpr/lpf "$@" | /usr/local/libexec/netprint scrivener 5100
Restricting Printer Usage
printers
restricting access to
This section gives information on restricting printer usage. The
LPD system lets you control who can access
a printer, both locally or
remotely, whether they can print multiple copies, how large their jobs
can be, and how large the printer queues can get.
Restricting Multiple Copies
The LPD system makes it easy for
users to print multiple copies
of a file. Users can print jobs with lpr -#5
(for example) and get five copies of each file in the job. Whether
this is a good thing is up to you.
If you feel multiple copies cause unnecessary wear and tear on
your printers, you can disable the option to
&man.lpr.1; by adding the sc capability to the
/etc/printcap file. When users submit jobs
with the option, they will see:
lpr: multiple copies are not allowed
Note that if you have set up access to a printer remotely (see
section Printers
Installed on Remote Hosts), you need the
sc capability on the remote
/etc/printcap files as well, or else users will
still be able to submit multiple-copy jobs by using another
host.
Here is an example. This is the
/etc/printcap file for the host
rose. The printer rattan is
quite hearty, so we will allow multiple copies, but the laser
printer bamboo is a bit more delicate, so we will
disable multiple copies by adding the sc
capability:
#
# /etc/printcap for host rose - restrict multiple copies on bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:
Now, we also need to add the sc capability on
the host orchid's
/etc/printcap (and while we are at it, let us
disable multiple copies for the printer
teak):
#
# /etc/printcap for host orchid - no multiple copies for local
# printer teak or remote printer bamboo
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:sc:\
:if=/usr/local/libexec/ifhp:\
:vf=/usr/local/libexec/vfhp:\
:of=/usr/local/libexec/ofhp:
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:sc:
By using the sc capability, we prevent the
use of lpr -#, but that still does not prevent
users from running &man.lpr.1;
multiple times, or from submitting the same file multiple times in
one job like this:
&prompt.user; lpr forsale.sign forsale.sign forsale.sign forsale.sign forsale.sign
There are many ways to prevent this abuse (including ignoring
it) which you are free to explore.
Restricting Access to Printers
You can control who can print to what printers by using the &unix;
group mechanism and the rg capability in
/etc/printcap. Just place the users you want
to have access to a printer in a certain group, and then name that
group in the rg capability.
Users outside the group (including root)
will be greeted with
lpr: Not a member of the restricted group
if they try to print to the controlled printer.
As with the sc (suppress multiple copies)
capability, you need to specify rg on remote
hosts that also have access to your printers, if you feel it is
appropriate (see section Printers Installed on
Remote Hosts).
For example, we will let anyone access the printer
rattan, but only those in group
artists can use bamboo. Here
is the familiar /etc/printcap for host
rose:
#
# /etc/printcap for host rose - restricted group for bamboo
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:
Let us leave the other example
/etc/printcap file (for the host
orchid) alone. Of course, anyone on
orchid can print to bamboo. It
might be the case that we only allow certain logins on
orchid anyway, and want them to have access to the
printer. Or not.
There can be only one restricted group per printer.
Controlling Sizes of Jobs Submitted
print jobs
If you have many users accessing the printers, you probably need
to put an upper limit on the sizes of the files users can submit to
print. After all, there is only so much free space on the
filesystem that houses the spooling directories, and you also need
to make sure there is room for the jobs of other users.
print jobs
controlling
LPD enables you to limit the maximum
byte size a file in a job
can be with the mx capability. The units are in
BUFSIZ blocks, which are 1024 bytes. If you put
a zero for this
capability, there will be no limit on file size; however, if no
mx capability is specified, then a default limit
of 1000 blocks will be used.
The limit applies to files in a job, and
not the total job size.
LPD will not refuse a file that is
larger than the limit you
place on a printer. Instead, it will queue as much of the file up
to the limit, which will then get printed. The rest will be
discarded. Whether this is correct behavior is up for
debate.
Let us add limits to our example printers
rattan and bamboo. Since
those artists' &postscript; files tend to be large, we will limit them
to five megabytes. We will put no limit on the plain text line
printer:
#
# /etc/printcap for host rose
#
#
# No limit on job size:
#
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:mx#0:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:
#
# Limit of five megabytes:
#
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:
Again, the limits apply to the local users only. If you have
set up access to your printers remotely, remote users will not get
those limits. You will need to specify the mx
capability in the remote /etc/printcap files as
well. See section Printers Installed on
Remote Hosts for more information on remote
printing.
There is another specialized way to limit job sizes from remote
printers; see section Restricting Jobs
from Remote Printers.
Restricting Jobs from Remote Printers
The LPD spooling system provides
several ways to restrict print
jobs submitted from remote hosts:
Host restrictions
You can control from which remote hosts a local
LPD accepts requests with the files
/etc/hosts.equiv and
/etc/hosts.lpd.
LPD checks to see if an
incoming request is from a host listed in either one of these
files. If not, LPD refuses the
request.
The format of these files is simple: one host name per
line. Note that the file
/etc/hosts.equiv is also used by the
&man.ruserok.3; protocol, and affects programs like
&man.rsh.1; and &man.rcp.1;, so be careful.
For example, here is the
/etc/hosts.lpd file on the host
rose:
orchid
violet
madrigal.fishbaum.de
This means rose will accept requests from
the hosts orchid, violet,
and madrigal.fishbaum.de. If any
other host tries to access rose's
LPD, the job will be refused.
Size restrictions
You can control how much free space there needs to remain
on the filesystem where a spooling directory resides. Make a
file called minfree in the spooling
directory for the local printer. Insert in that file a number
representing how many disk blocks (512 bytes) of free space
there has to be for a remote job to be accepted.
This lets you insure that remote users will not fill your
filesystem. You can also use it to give a certain priority to
local users: they will be able to queue jobs long after the
free disk space has fallen below the amount specified in the
minfree file.
For example, let us add a minfree
file for the printer bamboo. We examine
/etc/printcap to find the spooling
directory for this printer; here is bamboo's
entry:
bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\
:sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\
:lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:mx#5000:\
:if=/usr/local/libexec/psif:\
:df=/usr/local/libexec/psdf:
The spooling directory is given in the sd
capability. We will make three megabytes (which is 6144 disk blocks)
the amount of free disk space that must exist on the filesystem for
LPD to accept remote jobs:
&prompt.root; echo 6144 > /var/spool/lpd/bamboo/minfree
User restrictions
You can control which remote users can print to local
printers by specifying the rs capability in
/etc/printcap. When
rs appears in the entry for a
locally-attached printer, LPD will
accept jobs from remote
hosts if the user submitting the job also
has an account of the same login name on the local host.
Otherwise, LPD refuses the job.
This capability is particularly useful in an environment
where there are (for example) different departments sharing a
network, and some users transcend departmental boundaries. By
giving them accounts on your systems, they can use your
printers from their own departmental systems. If you would
rather allow them to use only your
printers and not your computer resources, you can give them
token
accounts, with no home directory and a
useless shell like /usr/bin/false.
Accounting for Printer Usage
accounting
printer
So, you need to charge for printouts. And why not? Paper and ink
cost money. And then there are maintenance costs—printers are
loaded with moving parts and tend to break down. You have examined
your printers, usage patterns, and maintenance fees and have come up
with a per-page (or per-foot, per-meter, or per-whatever) cost. Now,
how do you actually start accounting for printouts?
Well, the bad news is the LPD spooling
system does not provide
much help in this department. Accounting is highly dependent on the
kind of printer in use, the formats being printed, and
your requirements in charging for printer
usage.
To implement accounting, you have to modify a printer's text
filter (to charge for plain text jobs) and the conversion filters (to
charge for other file formats), to count pages or query the printer
for pages printed. You cannot get away with using the simple output
filter, since it cannot do accounting. See section Filters.
Generally, there are two ways to do accounting:
Periodic accounting is the more common
way, possibly because it is easier. Whenever someone prints a
job, the filter logs the user, host, and number of pages to an
accounting file. Every month, semester, year, or whatever time
period you prefer, you collect the accounting files for the
various printers, tally up the pages printed by users, and charge
for usage. Then you truncate all the logging files, starting with
a clean slate for the next period.
Timely accounting is less common,
probably because it is more difficult. This method has the
filters charge users for printouts as soon as they use the
printers. Like disk quotas, the accounting is immediate. You can
prevent users from printing when their account goes in the red,
and might provide a way for users to check and adjust their
print quotas.
But this method requires some database
code to track users and their quotas.
The LPD spooling system supports both
methods easily: since you
have to provide the filters (well, most of the time), you also have to
provide the accounting code. But there is a bright side: you have
enormous flexibility in your accounting methods. For example, you
choose whether to use periodic or timely accounting. You choose what
information to log: user names, host names, job types, pages printed,
square footage of paper used, how long the job took to print, and so
forth. And you do so by modifying the filters to save this
information.
Quick and Dirty Printer Accounting
FreeBSD comes with two programs that can get you set up with
simple periodic accounting right away. They are the text filter
lpf, described in section lpf: a Text Filter, and
&man.pac.8;, a program to gather and total
entries from printer accounting files.
As mentioned in the section on filters (Filters),
LPD starts
the text and the conversion filters with the name of the accounting
file to use on the filter command line. The filters can use this
argument to know where to write an accounting file entry. The name
of this file comes from the af capability in
/etc/printcap, and if not specified as an
absolute path, is relative to the spooling directory.
LPD starts lpf
with page width and length
arguments (from the pw and pl
capabilities). lpf uses these arguments to
determine how much paper will be used. After sending the file to
the printer, it then writes an accounting entry in the accounting
file. The entries look like this:
2.00 rose:andy
3.00 rose:kelly
3.00 orchid:mary
5.00 orchid:mary
2.00 orchid:zhang
You should use a separate accounting file for each printer, as
lpf has no file locking logic built into it, and
two lpfs might corrupt each other's entries if
they were to write to the same file at the same time. An easy way
to insure a separate accounting file for each printer is to use
af=acct in /etc/printcap.
Then, each accounting file will be in the spooling directory for a
printer, in a file named acct.
When you are ready to charge users for printouts, run the
&man.pac.8; program. Just change to the spooling directory for
the printer you want to collect on and type pac.
You will get a dollar-centric summary like the following:
Login pages/feet runs price
orchid:kelly 5.00 1 $ 0.10
orchid:mary 31.00 3 $ 0.62
orchid:zhang 9.00 1 $ 0.18
rose:andy 2.00 1 $ 0.04
rose:kelly 177.00 104 $ 3.54
rose:mary 87.00 32 $ 1.74
rose:root 26.00 12 $ 0.52
total 337.00 154 $ 6.74
These are the arguments &man.pac.8; expects:
Which printer to summarize.
This option works only if there is an absolute path in the
af capability in
/etc/printcap.
Sort the output by cost instead of alphabetically by user
name.
Ignore host name in the accounting files. With this
option, user smith on host
alpha is the same user
smith on host gamma.
Without, they are different users.
Compute charges with price
dollars per page or per foot instead of the price from the
pc capability in
/etc/printcap, or two cents (the
default). You can specify price as
a floating point number.
Reverse the sort order.
Make an accounting summary file and truncate the
accounting file.
name
…
Print accounting information for the given user
names only.
In the default summary that &man.pac.8; produces, you see the
number of pages printed by each user from various hosts. If, at
your site, host does not matter (because users can use any host),
run pac -m, to produce the following
summary:
Login pages/feet runs price
andy 2.00 1 $ 0.04
kelly 182.00 105 $ 3.64
mary 118.00 35 $ 2.36
root 26.00 12 $ 0.52
zhang 9.00 1 $ 0.18
total 337.00 154 $ 6.74
To compute the dollar amount due,
&man.pac.8; uses the pc capability in the
/etc/printcap file (default of 200, or 2 cents
per page). Specify, in hundredths of cents, the price per page or
per foot you want to charge for printouts in this capability. You
can override this value when you run &man.pac.8; with the
option. The units for the
option are in dollars, though, not hundredths of cents. For
example,
&prompt.root; pac -p1.50
makes each page cost one dollar and fifty cents. You can really
rake in the profits by using this option.
Finally, running pac -s will save the summary
information in a summary accounting file, which is named the same as
the printer's accounting file, but with _sum
appended to the name. It then truncates the accounting file. When
you run &man.pac.8; again, it rereads the
summary file to get starting totals, then adds information from the
regular accounting file.
How Can You Count Pages Printed?
In order to perform even remotely accurate accounting, you need
to be able to determine how much paper a job uses. This is the
essential problem of printer accounting.
For plain text jobs, the problem is not that hard to solve: you
count how many lines are in a job and compare it to how many lines
per page your printer supports. Do not forget to take into account
backspaces in the file which overprint lines, or long logical lines
that wrap onto one or more additional physical lines.
The text filter lpf (introduced in lpf: a Text Filter) takes
into account these things when it does accounting. If you are
writing a text filter which needs to do accounting, you might want
to examine lpf's source code.
How do you handle other file formats, though?
Well, for DVI-to-LaserJet or DVI-to-&postscript; conversion, you
can have your filter parse the diagnostic output of
dvilj or dvips and look to see
how many pages were converted. You might be able to do similar
things with other file formats and conversion programs.
But these methods suffer from the fact that the printer may not
actually print all those pages. For example, it could jam, run out
of toner, or explode—and the user would still get
charged.
So, what can you do?
There is only one sure way to do
accurate accounting. Get a printer that can
tell you how much paper it uses, and attach it via a serial line or
a network connection. Nearly all &postscript; printers support this
notion. Other makes and models do as well (networked Imagen laser
printers, for example). Modify the filters for these printers to
get the page usage after they print each job and have them log
accounting information based on that value
only. There is no line counting nor
error-prone file examination required.
Of course, you can always be generous and make all printouts
free.
Using Printers
printers
usage
This section tells you how to use printers you have set up with
FreeBSD. Here is an overview of the user-level commands:
&man.lpr.1;
Print jobs
&man.lpq.1;
Check printer queues
&man.lprm.1;
Remove jobs from a printer's queue
There is also an administrative command, &man.lpc.8;,
described in the section Administering Printers, used to
control printers and their queues.
All three of the commands &man.lpr.1;, &man.lprm.1;, and &man.lpq.1;
accept an option to specify on which
printer/queue to operate, as listed in the
/etc/printcap file. This enables you to submit,
remove, and check on jobs for various printers. If you do not use the
option, then these commands use the printer
specified in the PRINTER environment variable. Finally,
if you do not have a PRINTER environment variable, these
commands default to the printer named lp.
Hereafter, the terminology default printer
means the printer named in the PRINTER environment
variable, or the printer named lp when there is no
PRINTER environment variable.
Printing Jobs
To print files, type:
&prompt.user; lpr filename ...
printing
This prints each of the listed files to the default printer. If
you list no files, &man.lpr.1; reads data to
print from standard input. For example, this command prints some
important system files:
&prompt.user; lpr /etc/host.conf /etc/hosts.equiv
To select a specific printer, type:
&prompt.user; lpr -P printer-name filename ...
This example prints a long listing of the current directory to the
printer named rattan:
&prompt.user; ls -l | lpr -P rattan
Because no files were listed for the
&man.lpr.1; command, lpr read the data to print
from standard input, which was the output of the ls
-l command.
The &man.lpr.1; command can also accept a wide variety of options
to control formatting, apply file conversions, generate multiple
copies, and so forth. For more information, see the section Printing Options.
Checking Jobs
print jobs
When you print with &man.lpr.1;, the data you wish to print is put
together in a package called a print job
, which is sent
to the LPD spooling system. Each printer
has a queue of jobs, and
your job waits in that queue along with other jobs from yourself and
from other users. The printer prints those jobs in a first-come,
first-served order.
To display the queue for the default printer, type &man.lpq.1;.
For a specific printer, use the option. For
example, the command
&prompt.user; lpq -P bamboo
shows the queue for the printer named bamboo. Here
is an example of the output of the lpq
command:
bamboo is ready and printing
Rank Owner Job Files Total Size
active kelly 9 /etc/host.conf, /etc/hosts.equiv 88 bytes
2nd kelly 10 (standard input) 1635 bytes
3rd mary 11 ... 78519 bytes
This shows three jobs in the queue for bamboo.
The first job, submitted by user kelly, got assigned job
number
9. Every job for a printer gets a unique job number.
Most of the time you can ignore the job number, but you will need it
if you want to cancel the job; see section Removing Jobs for details.
Job number nine consists of two files; multiple files given on the
&man.lpr.1; command line are treated as part of a single job. It
is the currently active job (note the word active
under the Rank
column), which means the printer should
be currently printing that job. The second job consists of data
passed as the standard input to the &man.lpr.1; command. The third
job came from user mary; it is a much larger
job. The pathname of the file she is trying to print is too long to
fit, so the &man.lpq.1; command just shows three dots.
The very first line of the output from &man.lpq.1; is also useful:
it tells what the printer is currently doing (or at least what
LPD thinks the printer is doing).
The &man.lpq.1; command also support a option
to generate a detailed long listing. Here is an example of
lpq -l:
waiting for bamboo to become ready (offline ?)
kelly: 1st [job 009rose]
/etc/host.conf 73 bytes
/etc/hosts.equiv 15 bytes
kelly: 2nd [job 010rose]
(standard input) 1635 bytes
mary: 3rd [job 011rose]
/home/orchid/mary/research/venus/alpha-regio/mapping 78519 bytes
Removing Jobs
If you change your mind about printing a job, you can remove the
job from the queue with the &man.lprm.1; command. Often, you can
even use &man.lprm.1; to remove an active job, but some or all of the
job might still get printed.
To remove a job from the default printer, first use
&man.lpq.1; to find the job number. Then type:
&prompt.user; lprm job-number
To remove the job from a specific printer, add the
option. The following command removes job number
10 from the queue for the printer bamboo:
&prompt.user; lprm -P bamboo 10
The &man.lprm.1; command has a few shortcuts:
lprm -
Removes all jobs (for the default printer) belonging to
you.
lprm user
Removes all jobs (for the default printer) belonging to
user. The superuser can remove other
users' jobs; you can remove only your own jobs.
lprm
With no job number, user name, or
appearing on the command line,
&man.lprm.1; removes the currently active job on the
default printer, if it belongs to you. The superuser can remove
any active job.
Just use the option with the above shortcuts
to operate on a specific printer instead of the default. For example,
the following command removes all jobs for the current user in the
queue for the printer named rattan:
&prompt.user; lprm -P rattan -
If you are working in a networked environment, &man.lprm.1; will
let you remove jobs only from the
host from which the jobs were submitted, even if the same printer is
available from other hosts. The following command sequence
demonstrates this:
&prompt.user; lpr -P rattan myfile
&prompt.user; rlogin orchid
&prompt.user; lpq -P rattan
Rank Owner Job Files Total Size
active seeyan 12 ... 49123 bytes
2nd kelly 13 myfile 12 bytes
&prompt.user; lprm -P rattan 13
rose: Permission denied
&prompt.user; logout
&prompt.user; lprm -P rattan 13
dfA013rose dequeued
cfA013rose dequeued
Beyond Plain Text: Printing Options
The &man.lpr.1; command supports a number of options that control
formatting text, converting graphic and other file formats, producing
multiple copies, handling of the job, and more. This section
describes the options.
Formatting and Conversion Options
The following &man.lpr.1; options control formatting of the
files in the job. Use these options if the job does not contain
plain text or if you want plain text formatted through the
&man.pr.1; utility.
&tex;
For example, the following command prints a DVI file (from the
&tex; typesetting system) named fish-report.dvi
to the printer named bamboo:
&prompt.user; lpr -P bamboo -d fish-report.dvi
These options apply to every file in the job, so you cannot mix
(say) DVI and ditroff files together in a job. Instead, submit the
files as separate jobs, using a different conversion option for each
job.
All of these options except and
require conversion filters installed for the
destination printer. For example, the option
requires the DVI conversion filter. Section Conversion
Filters gives details.
Print cifplot files.
Print DVI files.
Print FORTRAN text files.
Print plot data.
Indent the output by number
columns; if you omit number, indent
by 8 columns. This option works only with certain conversion
filters.
Do not put any space between the and
the number.
Print literal text data, including control
characters.
Print ditroff (device independent troff) data.
-p
Format plain text with &man.pr.1; before printing. See
&man.pr.1; for more information.
Use title on the
&man.pr.1; header instead of the file name. This option has
effect only when used with the
option.
Print troff data.
Print raster data.
Here is an example: this command prints a nicely formatted
version of the &man.ls.1; manual page on the default printer:
&prompt.user; zcat /usr/share/man/man1/ls.1.gz | troff -t -man | lpr -t
The &man.zcat.1; command uncompresses the source of the
&man.ls.1; manual page and passes it to the &man.troff.1;
command, which formats that source and makes GNU troff
output and passes it to &man.lpr.1;, which submits the job
to the LPD spooler. Because we
used the
option to &man.lpr.1;, the spooler will convert the GNU
troff output into a format the default printer can
understand when it prints the job.
Job Handling Options
The following options to &man.lpr.1; tell
LPD to handle the job
specially:
-# copies
Produce a number of copies of
each file in the job instead of just one copy. An
administrator may disable this option to reduce printer
wear-and-tear and encourage photocopier usage. See section
Restricting
Multiple Copies.
This example prints three copies of
parser.c followed by three copies of
parser.h to the default printer:
&prompt.user; lpr -#3 parser.c parser.h
-m
Send mail after completing the print job. With this
option, the LPD system will send
mail to your account when it
finishes handling your job. In its message, it will tell you
if the job completed successfully or if there was an error,
and (often) what the error was.
-s
Do not copy the files to the spooling directory, but make
symbolic links to them instead.
If you are printing a large job, you probably want to use
this option. It saves space in the spooling directory (your
job might overflow the free space on the filesystem where the
spooling directory resides). It saves time as well since
LPD
will not have to copy each and every byte of your job to the
spooling directory.
There is a drawback, though: since
LPD will refer to the
original files directly, you cannot modify or remove them
until they have been printed.
If you are printing to a remote printer,
LPD will
eventually have to copy files from the local host to the
remote host, so the option will save
space only on the local spooling directory, not the remote.
It is still useful, though.
-r
Remove the files in the job after copying them to the
spooling directory, or after printing them with the
option. Be careful with this
option!
Header Page Options
These options to &man.lpr.1; adjust the text that normally
appears on a job's header page. If header pages are suppressed for
the destination printer, these options have no effect. See section
Header Pages
for information about setting up header pages.
-C text
Replace the hostname on the header page with
text. The hostname is normally the
name of the host from which the job was submitted.
-J text
Replace the job name on the header page with
text. The job name is normally the
name of the first file of the job, or
stdin if you are printing standard
input.
-h
Do not print any header page.
At some sites, this option may have no effect due to the
way header pages are generated. See Header
Pages for details.
Administering Printers
As an administrator for your printers, you have had to install,
set up, and test them. Using the &man.lpc.8; command, you
can interact with your printers in yet more ways. With &man.lpc.8;,
you can
Start and stop the printers
Enable and disable their queues
Rearrange the order of the jobs in each queue.
First, a note about terminology: if a printer is
stopped, it will not print anything in its queue.
Users can still submit jobs, which will wait in the queue until the
printer is started or the queue is
cleared.
If a queue is disabled, no user (except
root) can submit jobs for the printer. An
enabled queue allows jobs to be submitted. A
printer can be started for a disabled queue, in
which case it will continue to print jobs in the queue until the queue
is empty.
In general, you have to have root privileges
to use the &man.lpc.8; command. Ordinary users can use the &man.lpc.8;
command to get printer status and to restart a hung printer only.
Here is a summary of the &man.lpc.8; commands. Most of the
commands take a printer-name argument to
tell on which printer to operate. You can use all
for the printer-name to mean all printers
listed in /etc/printcap.
abort
printer-name
Cancel the current job and stop the printer. Users can
still submit jobs if the queue is enabled.
clean
printer-name
Remove old files from the printer's spooling directory.
Occasionally, the files that make up a job are not properly
removed by LPD, particularly if
there have been errors during
printing or a lot of administrative activity. This command
finds files that do not belong in the spooling directory and
removes them.
disable
printer-name
Disable queuing of new jobs. If the printer is running, it
will continue to print any jobs remaining in the queue. The
superuser (root) can always submit jobs,
even to a disabled queue.
This command is useful while you are testing a new printer
or filter installation: disable the queue and submit jobs as
root. Other users will not be able to submit
jobs until you complete your testing and re-enable the queue with
the enable command.
down printer-name
message
Take a printer down. Equivalent to
disable followed by stop.
The message appears as the printer's
status whenever a user checks the printer's queue with
&man.lpq.1; or status with lpc
status.
enable
printer-name
Enable the queue for a printer. Users can submit jobs but
the printer will not print anything until it is started.
help
command-name
Print help on the command
command-name. With no
command-name, print a summary of the
commands available.
restart
printer-name
Start the printer. Ordinary users can use this command if
some extraordinary circumstance hangs
LPD, but they cannot start
a printer stopped with either the stop or
down commands. The
restart command is equivalent to
abort followed by
start.
start
printer-name
Start the printer. The printer will print jobs in its
queue.
stop
printer-name
Stop the printer. The printer will finish the current job
and will not print anything else in its queue. Even though the
printer is stopped, users can still submit jobs to an enabled
queue.
topq printer-name
job-or-username
Rearrange the queue for
printer-name by placing the jobs with
the listed job numbers or the jobs
belonging to username at the top of
the queue. For this command, you cannot use
all as the
printer-name.
up
printer-name
Bring a printer up; the opposite of the
down command. Equivalent to
start followed by
enable.
&man.lpc.8; accepts the above commands on the command line. If
you do not enter any commands, &man.lpc.8; enters an interactive mode,
where you can enter commands until you type exit,
quit, or end-of-file.
Alternatives to the Standard Spooler
If you have been reading straight through this manual, by now you
have learned just about everything there is to know about the
LPD
spooling system that comes with FreeBSD. You can probably appreciate
many of its shortcomings, which naturally leads to the question:
What other spooling systems are out there (and work with
FreeBSD)?
LPRng
LPRng
LPRng, which purportedly means
LPR: the Next
Generation
is a complete rewrite of PLP. Patrick Powell
and Justin Mason (the principal maintainer of PLP) collaborated to
make LPRng. The main site for
LPRng is .
CUPS
CUPS
CUPS, the Common UNIX Printing
System, provides a portable printing layer for &unix;-based
operating systems. It has been developed by Easy Software
Products to promote a standard printing solution for all &unix;
vendors and users.
CUPS uses the Internet Printing
Protocol (IPP) as the basis for managing
print jobs and queues. The Line Printer Daemon
(LPD), Server Message Block
(SMB), and AppSocket (a.k.a. JetDirect)
protocols are also supported with reduced functionality. CUPS
adds network printer browsing and PostScript Printer Description
(PPD) based printing options to support
real-world printing under &unix;.
The main site for CUPS is .
Troubleshooting
After performing the simple test with &man.lptest.1;, you might
have gotten one of the following results instead of the correct
printout:
It worked, after awhile; or, it did not eject a full
sheet.
The printer printed the above, but it sat for awhile and
did nothing. In fact, you might have needed to press a
PRINT REMAINING or FORM FEED button on the printer to get any
results to appear.
If this is the case, the printer was probably waiting to
see if there was any more data for your job before it printed
anything. To fix this problem, you can have the text filter
send a FORM FEED character (or whatever is necessary) to the
printer. This is usually sufficient to have the printer
immediately print any text remaining in its internal buffer.
It is also useful to make sure each print job ends on a full
sheet, so the next job does not start somewhere on the middle
of the last page of the previous job.
The following replacement for the shell script
/usr/local/libexec/if-simple prints a
form feed after it sends the job to the printer:
#!/bin/sh
#
# if-simple - Simple text input filter for lpd
# Installed in /usr/local/libexec/if-simple
#
# Simply copies stdin to stdout. Ignores all filter arguments.
# Writes a form feed character (\f) after printing job.
/bin/cat && printf "\f" && exit 0
exit 2
It produced the staircase effect.
You got the following on paper:
!"#$%&'()*+,-./01234
"#$%&'()*+,-./012345
#$%&'()*+,-./0123456
MS-DOS
OS/2
ASCII
You have become another victim of the staircase
effect, caused by conflicting interpretations of
what characters should indicate a new line. &unix; style
operating systems use a single character: ASCII code 10, the
line feed (LF). &ms-dos;, &os2;, and others uses a pair of
characters, ASCII code 10 and ASCII code
13 (the carriage return or CR). Many printers use the &ms-dos;
convention for representing new-lines.
When you print with FreeBSD, your text used just the line
feed character. The printer, upon seeing a line feed
character, advanced the paper one line, but maintained the
same horizontal position on the page for the next character
to print. That is what the carriage return is for: to move
the location of the next character to print to the left edge
of the paper.
Here is what FreeBSD wants your printer to do:
Printer received CR
Printer prints CR
Printer received LF
Printer prints CR + LF
Here are some ways to achieve this:
Use the printer's configuration switches or control
panel to alter its interpretation of these characters.
Check your printer's manual to find out how to do
this.
If you boot your system into other operating systems
besides FreeBSD, you may have to
reconfigure the printer to use a an
interpretation for CR and LF characters that those other
operating systems use. You might prefer one of the other
solutions, below.
Have FreeBSD's serial line driver automatically
convert LF to CR+LF. Of course, this works with printers
on serial ports only. To enable this
feature, use the ms# capability and
set the onlcr mode
in the /etc/printcap file
for the printer.
Send an escape code to the
printer to have it temporarily treat LF characters
differently. Consult your printer's manual for escape
codes that your printer might support. When you find the
proper escape code, modify the text filter to send the
code first, then send the print job.
PCL
Here is an example text filter for printers that
understand the Hewlett-Packard PCL escape codes. This
filter makes the printer treat LF characters as a LF and
CR; then it sends the job; then it sends a form feed to
eject the last page of the job. It should work with
nearly all Hewlett Packard printers.
#!/bin/sh
#
# hpif - Simple text input filter for lpd for HP-PCL based printers
# Installed in /usr/local/libexec/hpif
#
# Simply copies stdin to stdout. Ignores all filter arguments.
# Tells printer to treat LF as CR+LF. Ejects the page when done.
printf "\033&k2G" && cat && printf "\033&l0H" && exit 0
exit 2
Here is an example /etc/printcap
from a host called orchid. It has a single printer
attached to its first parallel port, a Hewlett Packard
LaserJet 3Si named teak. It is using the
above script as its text filter:
#
# /etc/printcap for host orchid
#
teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\
:lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\
:if=/usr/local/libexec/hpif:
It overprinted each line.
The printer never advanced a line. All of the lines of
text were printed on top of each other on one line.
This problem is the opposite
of the
staircase effect, described above, and is much rarer.
Somewhere, the LF characters that FreeBSD uses to end a line
are being treated as CR characters to return the print
location to the left edge of the paper, but not also down a
line.
Use the printer's configuration switches or control panel
to enforce the following interpretation of LF and CR
characters:
Printer receives
Printer prints
CR
CR
LF
CR + LF
The printer lost characters.
While printing, the printer did not print a few characters
in each line. The problem might have gotten worse as the
printer ran, losing more and more characters.
The problem is that the printer cannot keep up with the
speed at which the computer sends data over a serial line
(this problem should not occur with printers on parallel
ports). There are two ways to overcome the problem:
If the printer supports XON/XOFF flow control, have
FreeBSD use it by specifying the ixon mode
in the ms# capability.
If the printer supports carrier flow control, specify
the crtscts mode in the
ms# capability.
Make sure the cable connecting the printer to the computer
is correctly wired for carrier flow control.
It printed garbage.
The printer printed what appeared to be random garbage,
but not the desired text.
This is usually another symptom of incorrect
communications parameters with a serial printer. Double-check
the bps rate in the br capability, and the
parity setting in the
ms# capability; make sure the printer is
using the same settings as specified in the
/etc/printcap file.
Nothing happened.
If nothing happened, the problem is probably within
FreeBSD and not the hardware. Add the log file
(lf) capability to the entry for the
printer you are debugging in the
/etc/printcap file. For example, here is
the entry for rattan, with the
lf capability:
rattan|line|diablo|lp|Diablo 630 Line Printer:\
:sh:sd=/var/spool/lpd/rattan:\
:lp=/dev/lpt0:\
:if=/usr/local/libexec/if-simple:\
:lf=/var/log/rattan.log
Then, try printing again. Check the log file (in our
example, /var/log/rattan.log) to see any
error messages that might appear. Based on the messages you
see, try to correct the problem.
If you do not specify a lf capability,
LPD uses
/dev/console as a default.