diff --git a/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml b/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml index 61446d6846..4b9b537a3e 100644 --- a/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml +++ b/mn_MN.UTF-8/books/handbook/cutting-edge/chapter.xml @@ -1,3027 +1,2970 @@ Жим Мок Бүтцийг дахин өөрчлөн зохион байгуулж зарим хэсгүүдийг шинэчилсэн Жордан Хаббард Анхлан эхийг бичсэн Поул-Хэннинг Камп Жон Полстра Ник Клэйтон Цагаанхүүгийн Ганболд Орчуулсан &os;-г шинэчилж сайжруулах нь Ерөнхий агуулга &os; нь өөрийн хувилбаруудын хооронд байнгын хөгжүүлэлтийн доор оршин тогтнож байдаг. Зарим хүмүүс албан ёсоор гаргасан хувилбаруудыг ашиглах хүсэлтэй байдаг бол зарим хүмүүс хамгийн сүүлийн үеийн хөгжүүлэлтийг дагах сонирхолтой байдаг. Гэхдээ албан ёсны хувилбарууд хүртэл аюулгүй байдлын болоод бусад чухал засваруудаар шинэчлэгдэж байдаг. Ямар хувилбар ашиглаж байгаагаас үл хамаараад &os; нь таны системийг шинэ байлгахад шаардлагатай бүх л хэрэгслүүд болон хувилбар хооронд хялбараар шинэчлэх боломжоор хангадаг. Энэхүү бүлэг нь хөгжүүлэлтийн системийг дагахыг хүсэх эсвэл гаргасан хувилбартай үлдэх эсэхийг шийдэхэд танд туслах болно. Таны системийг шинэчлэхэд зориулсан үндсэн хэрэгслүүдийг бас харуулах болно. Энэ бүлгийг уншсаны дараа, та дараах зүйлсийг мэдэх болно: Систем болон портын цуглуулгыг ямар хэрэгслүүд ашиглан шинэчилж болох талаар. freebsd-update, Subversion, CVSup, CVS, эсвэл CTM програмуудын тусламжтай өөрийн системийг хэрхэн хамгийн сүүлийн хэлбэрт авчрах талаар. Суулгагдсан системийн төлвийг мэдэгдэж байгаа сайн хуулбартай хэрхэн харьцуулах талаар. Subversion эсвэл баримтжуулах порт ашиглан өөрийн баримтуудыг хэрхэн сүүлийн хувилбарт байлгаж байх талаар. &os.stable; болон &os.current; хөгжүүлэлтийн салбаруудын ялгаа. Бүх үндсэн системийг make buildworld (гэх мэт) ашиглан хэрхэн дахин бүтээж суулгах талаар. Энэ бүлгийг уншихаасаа өмнө, та дараах зүйлсийг мэдэх шаардлагатай: Өөрийн сүлжээний холболтыг зөв тохируулах (). Нэмэлт гуравдагч програм хангамжуудыг хэрхэн суулгахыг мэдэх (). Энэ бүлэгт &os;-ийн эхийг авч шинэчлэхийн тулд svn тушаалыг ашиглагдсан. Үүнийг хэрэглэхийн тулд devel/subversion гэсэн порт буюу багцыг та суулгах хэрэгтэй. Том Рөүдс Бичсэн Колин Персивал Тэмдэглэгээ бичсэн FreeBSD-ийн шинэчлэлт Updating and Upgrading freebsd-update updating-upgrading Аюулгүй байдлын засваруудыг хийнэ гэдэг компьютерийн програм хангамж ялангуяа үйлдлийн системийг арчлалтын чухал хэсгийн нэг юм. Удаан хугацааны туршид &os; дээр энэ процесс хялбар биш байлаа. Засваруудыг эх код руу хийж кодыг хоёртын хэлбэр рүү дахин бүтээж дараа нь хоёртын файлуудыг дахин суулгах шаардлагатай байлаа. Энэ нь одоо тийм биш болсон бөгөөд &os; нь freebsd-update гэгддэг хэрэгслийг агуулдаг. Энэ хэрэгсэл нь хоёр тусдаа функцээр хангадаг. Нэгдүгээрт энэ нь бүтээлт болон суулгах шаардлагагүйгээр хоёртын аюулгүй байдал болон алдааны шинэчлэлтүүдийг &os;-ийн үндсэн системд оруулах боломжийг олгодог. Хоёрдугаарт уг хэрэгсэл бага болон том хувилбарын шинэчлэлтүүдийг дэмждэг. Аюулгүй байдлын багаар дэмжигдсэн бүх архитектур болон хувилбаруудын хувьд хоёртын шинэчлэлтүүд байдаг. Шинэ хувилбар руу шинэчлэхээс өмнө хүссэн хувилбарт чинь хамаатай чухал мэдээлэл байж болох учир одоогийн хувилбарын зарлалуудыг дахин үзэх хэрэгтэй. Тэдгээр зарлалуудыг дараах холбоосоос үзэж болно: . Хэрэв crontab нь freebsd-update-ийн боломжуудыг хэрэглэж байвал дараах үйлдлийг эхлэхээс өмнө түүнийг болиулах хэрэгтэй. Тохиргооны файл Процессийг илүү хянах боломжтой болгож зарим хэрэглэгчид /etc/freebsd-update.conf анхны тохиргооны файлыг өөрчлөхийг хүсэж болох юм. Тохиргоонууд нь маш сайн баримтжуулагдсан байдаг боловч дараах хэдэн зүйлийг арай илүү тайлбарлах шаардлагатай байж болох юм: # Components of the base system which should be kept updated. Components src world kernel Энэ өгөгдөл нь &os;-ийн аль хэсгийг шинэчлэхийг хянадаг. Анхдагчаар эх код, үндсэн систем бүтнээрээ ба цөмийг шинэчлэх байдаг. Бүрэлдэхүүн хэсгүүд нь суулгах явцад байдагтай адил байдаг бөгөөд жишээ нь world/games гэдгийг энд нэмэхэд тоглоомын засваруудыг хийх боломжийг олгоно. src/bin гэдгийг ашиглах нь src/bin дахь эх кодыг шинэчлэх боломжийг олгодог. Хамгийн сайн тохиргоо бол үүнийг анхдагчаар нь үлдээх бөгөөд тусгай зүйлс оруулж үүнийг өөрчилснөөр хэрэглэгчид өөрсдийн шинэчлэхийг хүссэн зүйл болгоноо жагсааж оруулах шаардлагатай болно. Ингэснээр эх код болон хоёртын файлуудын хоорондох уялдаа алдагдаж гамшигт үр дагаварт хүргэж болно. # Paths which start with anything matching an entry in an IgnorePaths # statement will be ignored. IgnorePaths /bin эсвэл /sbin зэрэг замуудыг нэмж эдгээр тусгай сангуудыг шинэчлэх процессийн явцад оролдохгүй орхиж болно. Энэ тохиргоо нь freebsd-update локал өөрчлөлтүүдийг дарж бичихээс хамгаалахад хэрэглэж болно. # Paths which start with anything matching an entry in an UpdateIfUnmodified # statement will only be updated if the contents of the file have not been # modified by the user (unless changes are merged; see below). UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile Заагдсан сангууд дахь тохиргооны файлууд өөрчлөгдөөгүй тохиолдолд шинэчилнэ. Хэрэглэгчийн хийсэн өөрчлөлтүүд эдгээр файлуудын автомат шинэчлэлтийг хүчингүй болгоно. freebsd-update-г нийлүүлэх явцад өөрчлөлтүүдийг хадгалахыг тушаах KeepModifiedMetadata гэсэн өөр нэг тохиргоо байдаг. # When upgrading to a new &os; release, files which match MergeChanges # will have any local changes merged into the version from the new release. MergeChanges /etc/ /var/named/etc/ freebsd-update-ийн нийлүүлэхийг оролдох тохиргооны файлуудтай сангуудын жагсаалт. Файл нийлүүлэх процесс нь цөөн тохиргоотой &man.mergemaster.8;-тай төстэй &man.diff.1; засварууд бөгөөд нийлүүлэлтийг эсвэл хүлээн авах юм уу эсвэл засварлагч нээж эсвэл freebsd-update ажиллагаагаа зогсоох болно. Эргэлзэж байвал /etc санг нөөцөлж аваад нийлүүлэлтүүдийг хүлээн авах хэрэгтэй. mergemaster тушаалын талаар дэлгэрэнгүй мэдээллийг -с үзнэ үү. # Directory in which to store downloaded updates and temporary # files used by &os; Update. # WorkDir /var/db/freebsd-update Энэ сан нь бүх засварууд болон түр зуурын файлууд байх сан юм. Хэрэглэгч хувилбар шинэчлэлт хийж байвал энэ байрлал нь хамгийн багаар бодоход гигабайт дискийн зайтай байх шаардлагатай. # When upgrading between releases, should the list of Components be # read strictly (StrictComponents yes) or merely as a list of components # which *might* be installed of which &os; Update should figure out # which actually are installed and upgrade those (StrictComponents no)? # StrictComponents no yes гэж тохируулсан үед freebsd-update нь Components буюу бүрэлдэхүүн хэсгүүдийн жагсаалт бүрэн гэж тооцох бөгөөд жагсаалтаас гадна өөрчлөлт хийхийг оролдохгүй. freebsd-update нь Components-ийн жагсаалтад хамаарах файл бүрийг шинэчлэхийг оролдох болно. Аюулгүй байдлын засварууд Аюулгүй байдлын засварууд нь алсын машин дээр хадгалагддаг бөгөөд дараах тушаал ашиглан татан авч суулгаж болно: &prompt.root; freebsd-update fetch &prompt.root; freebsd-update install Хэрэв цөмийн ямар нэг засвар хийгдсэн бол системийг дахин ачаалах хэрэгтэй. Хэрэв бүгд зөв явагдсан бол систем нь засвар хийгдсэн байх ёстой бөгөөд freebsd-update-ийг &man.cron.8; ажлаас шөнө бүр ажиллуулж болно. Энэ ажлыг хийхэд дараах мөрийг /etc/crontab-д хийхэд хангалттай байх болно: @daily root freebsd-update cron Энэ мөр нь өдөр бүр freebsd-update хэрэгслийг ажиллуулахыг зааж байна. Ийм аргаар -ий нэмэлт өгөгдлийг ашиглан freebsd-update нь зөвхөн шинэчлэлт байгаа эсэхийг шалгах болно. Хэрэв засварууд байвал тэдгээрийг автоматаар диск рүү татаж авах бөгөөд гэхдээ засваруудыг хийхгүй. root хэрэглэгч рүү захиа илгээгдэх бөгөөд дараа нь тэд гараар суулгаж болох юм. Хэрэв ямар нэг зүйл буруу болбол freebsd-update нь дараах тушаалаар сүүлийн өөрчлөлтүүдийг буцаах чадвартай байдаг: &prompt.root; freebsd-update rollback Дууссаны дараа цөм эсвэл цөмийн модулиуд өөрчлөгдсөн бол системийг дахин эхлүүлэх хэрэгтэй. Энэ нь шинэ хоёртын файлуудыг санах ой руу дуудах боломжийг &os;-д олгоно. freebsd-update хэрэгсэл нь автоматаар зөвхөн GENERIC цөмийг шинэчилж чаддаг. Хэрэв өөрчлөн тохируулсан цөм ашиглагдаж байвал freebsd-update нь шинэчлэлтийг хийж дууссаны дараа цөмийг дахин бүтээж суулгах шаардлагатай. Гэхдээ freebsd-update нь /boot/GENERIC (хэрэв байгаа бол) дахь GENERIC цөмийг системийн тухайн үеийн (ажиллаж байгаа) цөм биш байсан ч гэсэн олж шинэчилдэг. /boot/GENERIC дахь GENERIC цөмийн хуулбарыг үргэлж хадгалах нь ер нь зүйтэй байдаг. Энэ нь төрөл бүрийн асуудлуудыг шинжлэх болон -т тайлбарласны дагуу freebsd-update-г ашиглан хувилбар шинэчлэлтийг хийхэд ач тустай байх болно. /etc/freebsd-update.conf дахь анхдагч тохиргоо өөрчлөгдөөгүй л бол freebsd-update шинэчлэгдсэн цөмийн эхийг бусад шинэчлэлттэй цуг суулгах болно. Дараа нь өөрийн өөрчлөн тохируулсан цөмийг дахин бүтээж суулгахдаа энгийн сурсан аргаараа хийж болно. freebsd-update-аар түгээгдсэн шинэчлэлтүүд нь цөмтэй үргэлж холбоотой байдаггүй. freebsd-update install тушаалаар цөмийн эх өөрчлөгдөөгүй бол өөрийн өөрчлөн тохируулсан цөмийг дахин бүтээх шаардлагагүй юм. Гэхдээ freebsd-update тушаал /usr/src/sys/conf/newvers.sh файлыг үргэлж шинэчлэх болно. Тухайн үеийн нөхөөсийн түвшинг (uname -r тушаалаас гарсан -p дугаараар заагдсан) энэ файлаас авдаг. Өөр бусад юмс өөрчлөгдөөгүй байсан ч гэсэн өөрийн өөрчлөн тохируулсан цөмийг дахин бүтээх нь системийн тухайн үеийн нөхөөсийн түвшинг зөв гаргах боломжийг &man.uname.1;-д олгоно. Энэ нь олон системийг арчилж байгаа үед ялангуяа ач тустай байдаг бөгөөд ингэснээр тэр системүүд дээр суулгагдсан шинэчлэлтүүдэд түргэн шуурхай үнэлгээ өгөх боломжийг олгодог. Major ба Minor буюу Том ба Бага шинэчлэлтүүд Энэ процесс нь ихэнх гуравдагч талын прорамуудыг эвдэх хуучин обьект файлууд болон сангуудыг устгах болно. Бүх суулгагдсан портуудыг устгаж дахин суулгах эсвэл ports-mgmt/portupgrade хэрэгсэл ашиглан сүүлд нь шинэчлэхийг зөвлөдөг. Дараах тушаалыг ашиглан ихэнх хэрэглэгчид тест бүтээлтийг ажиллуулахыг хүснэ: &prompt.root; portupgrade -af Энэ нь бүгдийг зөв дахин суулгах баталгаа болох юм. BATCH орчны хувьсагчийг yes гэж тохируулснаар энэ процессийн явцад гарч ирэх хүлээх мөрөнд yes гэж хариулан бүтээх процессийн үед оролцох шаардлагыг үгүй болгоно. Хэрэв өөрчлөн тохируулсан цөм ашиглагдаж байгаа бол шинэчлэх процесс арай илүү ажиллагаатай. GENERIC цөмийн хуулбар шаардлагатай бөгөөд /boot/GENERIC-д байрлуулах шаардлагатай. Хэрэв GENERIC цөм системд байхгүй бол үүнийг доор дурдсан аргуудын аль нэгийг ашиглан олж авч болно: Хэрэв өөрчлөн тохируулсан цөм зөвхөн нэг удаа бүтээгдсэн бол /boot/kernel.old дахь цөм нь GENERIC цөм юм. Энэ санг /boot/GENERIC гэж өөрчлөхөд л болно. Машинд физикээр хандах боломжтой гэж тооцвол GENERIC цөмийн хуулбарыг CD-ROM зөөвөрлөгчөөс суулгаж болно. Өөрийн суулгац дискийг хийж дараах тушаалуудыг ашиглана: &prompt.root; mount /cdrom &prompt.root; cd /cdrom/X.Y-RELEASE/kernels &prompt.root; ./install.sh GENERIC X.Y-RELEASE-г өөрийн ашиглаж байгаа хувилбараар солих хэрэгтэй. GENERIC цөм анхдагчаар /boot/GENERIC-д суулгагдах болно. Дээр дурдсан бүгдийг хийх боломжгүй бол GENERIC цөмийг эхээс нь дахин бүтээж суулгаж болох юм: &prompt.root; cd /usr/src &prompt.root; env DESTDIR=/boot/GENERIC make kernel &prompt.root; mv /boot/GENERIC/boot/kernel/* /boot/GENERIC &prompt.root; rm -rf /boot/GENERIC/boot Энэ цөмийг freebsd-update хэрэгсэлд GENERIC гэж харуулахын тулд GENERIC тохиргооны файлыг ямар ч тохиолдолд өөрчилсөн байх ёсгүй. Бас ямар нэг тусгай сонголтуудгүйгээр (аль болох хоосон /etc/make.conf файлтайгаар) бүтээгдсэн байх ёстойг зөвлөдөг. Энэ үед GENERIC цөм рүү дахин ачаалах шаардлагагүй юм. Том ба бага хувилбарын шинэчлэлтүүдийг freebsd-update тушаалд хувилбарын дугаарыг өгч гүйцэтгэж болно, жишээ нь дараах тушаал &os; 8.1 руу шинэчилнэ: &prompt.root; freebsd-update -r 8.1-RELEASE upgrade Тушаал хүлээн авсны дараа freebsd-update системийг шинэчлэхэд шаардлагатай мэдээллийг цуглуулахын тулд тохиргооны файл болон одоогийн системийг шалгана. Ямар бүрэлдэхүүн хэсгүүд илрүүлэгдсэн болон ямар бүрэлдэхүүн хэсгүүд илрүүлэгдээгүй гэдгийг дэлгэц дээр үзүүлнэ. Жишээ нь: Looking up update.FreeBSD.org mirrors... 1 mirrors found. Fetching metadata signature for 8.1-RELEASE from update1.FreeBSD.org... done. Fetching metadata index... done. Inspecting system... done. The following components of FreeBSD seem to be installed: kernel/smp src/base src/bin src/contrib src/crypto src/etc src/games src/gnu src/include src/krb5 src/lib src/libexec src/release src/rescue src/sbin src/secure src/share src/sys src/tools src/ubin src/usbin world/base world/info world/lib32 world/manpages The following components of FreeBSD do not seem to be installed: kernel/generic world/catpages world/dict world/doc world/games world/proflibs Does this look reasonable (y/n)? y Энд хүрэхэд freebsd-update шинэчлэлтэд шаардлагатай бүх файлуудыг татан авахаар оролдох болно. Зарим тохиолдолд хэрэглэгчээс юу суулгах эсвэл хэрхэн цааш үргэлжлүүлэх талаар асуултууд асууж болох юм. Өөрчлөн тохируулсан цөмийг ашиглаж байх үед дээрх алхам дараахтай төстэй анхааруулгыг харуулах болно: WARNING: This system is running a "MYKERNEL" kernel, which is not a kernel configuration distributed as part of FreeBSD 8.0-RELEASE. This kernel will not be updated: you MUST update the kernel manually before running "/usr/sbin/freebsd-update install" Энэ анхааруулгыг энэ үед орхигдуулахад аюулгүй байдаг. Шинэчлэгдсэн GENERIC цөм шинэчлэлтийн явцад завсрын алхам болон ашиглагдах болно. Бүх засварууд локал систем рүү татагдсаны дараа тэдгээрийг хийж өгөх болно. Машины хурд болон ачааллаас хамаарч энэ процесс нь хугацаа шаардаж болох юм. Тохиргооны файлуудыг нийлүүлэх болно. Файл нийлүүлэгдэх юм уу эсвэл гараар нийлүүлэхэд зориулж засварлагч дэлгэц дээр гарч ирч болох учир процессийн энэ хэсэг хэрэглэгчийн оролцоо шаардана. Амжилттай нийлүүлэлт болгоны үр дүн хэрэглэгчид харуулагдаж процесс үргэлжлэх болно. Амжилтгүй болсон эсвэл орхигдсон нийлүүлэлт нь процессийг зогсоох болно. Хэрэглэгчид нь /etc сангийн нөөцийг хийж master.passwd эсвэл group зэрэг чухал файлуудыг гараар сүүлд нь нийлүүлэхийг хүсэж болох юм. Систем нь өөрчлөгдөөгүй байгаа бөгөөд бүх засвар оруулалт болон нийлүүлэлт өөр сан дотор болж байгаа болно. Бүх засварууд амжилттай хийгдэж бүх тохиргооны файлууд нийлүүлэгдэж процесс тэгш явагдаж байгаа мэт санагдвал хэрэглэгч өөрчлөлтүүдийг хийх хэрэгтэй. Энэ процесс дууссаны дараа шинэчлэлтийг дараах тушаалыг ашиглан диск рүү хийж болно. &prompt.root; freebsd-update install Цөм болон цөмийн модулиудад эхлээд засвар хийнэ. Энэ үед машиныг дахих ачаалах ёстой. Хэрэв систем өөрчлөн тохируулсан цөмөөр ажиллаж байгаа бол цөмийг /boot/GENERIC (шинэчлэгдсэн) цөмөөр дараа нь ачаалахаар болгохын тулд &man.nextboot.8;-ийг ашиглана: &prompt.root; nextboot -k GENERIC GENERIC цөмөөр ачаалахаас өмнө (хэрэв шинэчлэгдэж байгаа машинд алсаас хандаж байгаа бол сүлжээнд холбогдон) таны систем зөв ачаалахын тулд шаардлагатай бүх драйверуудыг агуулсан эсэхийг шалгах хэрэгтэй. Ялангуяа хэрэв өмнө нь ажиллаж байсан өөрчлөн тохируулсан цөм ерөнхийдөө цөмийн модулиудаар хангагдаж байдаг ажиллагааг өөртөө агуулсан бол /boot/loader.conf боломжийг ашиглан эдгээр модулиудыг GENERIC цөмд түр зуур ачаалахаа мартуузай. Шинэчлэх процесс бүрэн дуустал шаардлагагүй үйлчилгээнүүд, диск болон сүлжээний холболтууд гэх мэтийг та бас хааж өгч болох юм. Одоо машин шинэчлэгдсэн цөмөөр ачаалагдах ёстой: &prompt.root; shutdown -r now Систем буцаж ассаны дараа freebsd-update-г дахин эхлүүлэх хэрэгтэй. Процессийн төлөв хадгалагдсан болохоор freebsd-update эхнээсээ эхлэхгүй бөгөөд бүх хуучин хуваалцсан сангууд болон обьект файлуудыг устгах болно. Энэ шатыг үргэлжлүүлэхийн тулд дараах тушаалыг ажиллуулна: &prompt.root; freebsd-update install Сангуудын хувилбарын тоо дээшилсэн эсэхээс хамаарч суулгах гурван шатны оронд хоёр шат байж болох юм. Бүх гуравдагч талын програм хангамжийг дахин бүтээж дахин суулгах хэрэгтэй. Суулгагдсан програм хангамж нь шинэчлэлтийн процессийн явцад устгагдсан сангуудаас хамаарч болох учраас энэ нь шаардлагатай юм. ports-mgmt/portupgrade тушаалыг үүнийг автоматжуулахад ашиглаж болох юм. Энэ процессийг эхлүүлэхийн тулд дараах тушаалыг хэрэглэж болно: &prompt.root; portupgrade -f ruby &prompt.root; rm /var/db/pkg/pkgdb.db &prompt.root; portupgrade -f ruby18-bdb &prompt.root; rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db &prompt.root; portupgrade -af Үүнийг дууссаны дараа шинэчлэлтийн процессийг freebsd-update-ийг сүүлийн удаа дуудаж төгсгөнө. Шинэчлэлтийн процессийн сул байгаа бүх зүйлсийг гүйцээхийн тулд дараах тушаалыг ажиллуулна: &prompt.root; freebsd-update install Хэрэв GENERIC цөм түр зуур ашиглагдаж байсан бол өөрчлөн тохируулсан шинэ цөмийг ердийн хэвшсэн аргаар одоо бүтээж суулгах цаг болжээ. Машинаа &os;-ийн шинэ хувилбар руу дахин ачаалах хэрэгтэй. Процесс дууслаа. Системийн төлвийн харьцуулалт freebsd-update хэрэгслийг &os;-ийн суулгагдсан хувилбарын төлвийг байгаа зөв хуулбарын эсрэг тест хийхэд хэрэглэж болно. Энэ сонголт нь системийн хэрэгслүүд сангууд болон тохиргооны файлуудын одоогийн хувилбаруудыг шалгадаг. Харьцуулалтыг эхлүүлэхийн тулд дараах тушаалыг ажиллуулна: &prompt.root; freebsd-update IDS >> outfile.ids Тушаалын нэр IDS боловч энэ нь ямар ч тохиолдолд security/snort зэрэг халдлага илрүүлэгч системийг солих зориулалттай биш юм. freebsd-update нь өгөгдлийг диск дээр хадгалдаг бөгөөд түүнийг өөрчлөх боломж тодорхой юм. kern.securelevel тохиргоог ашиглах болон freebsd-update-ийн өгөгдлийг зөвхөн уншигдах файлын систем дээр ашиглагдаагүй тохиолдолд хадгалах нь энэ боломжийг багасгах боловч илүү сайн шийдэл нь системийг DVD эсвэл нууцлаг хадгалсан гадаад USB дискийн төхөөрөмж зэрэг нууцлаг дисктэй харьцуулах явдал юм. Систем нь одоо шалгагдах бөгөөд файлууд нь өөрсдийн &man.sha256.1; утгуудын хамт, хувилбар дахь мэдэгдэж байгаа сайн утгууд болон одоо суугдсан байгаа утгуудын хамт хэвлэгдэн харуулагдана. Энэ нь яагаад гаралт outfile.ids файл руу илгээгдсэн шалтгаан юм. Үүнийг нүдээр шалгахад хэтэрхий хурдан дээш гүйж удалгүй консолын буфферийг дүүргэх болно. Эдгээр мөрүүд нь бас хэтэрхий урт боловч гаралтын хэлбэрийг хялбараар задлан ялгаж болно. Жишээ нь хувилбарт байгаагаас ондоо бүх файлуудын жагсаалтыг авахын тулд дараах тушаалыг ажиллуулна: &prompt.root; cat outfile.ids | awk '{ print $1 }' | more /etc/master.passwd /etc/motd /etc/passwd /etc/pf.conf Энэ гаралт нь тайрагдсан бөгөөд олон файл байгаа болно. Эдгээр файлуудын зарим нь төрөлхийн өөрчлөлтүүдтэй байна, жишээ нь /etc/passwd нь хэрэглэгч системд нэмэгдсэн болохоор өөрчлөгдсөн байна. Зарим тохиолдолд freebsd-update нь шинэчилсэн байж болзошгүй учир цөмийн модулиуд зэрэг бусад файлууд өөр байж болох юм. Тусгай файлууд болон сангуудыг хасахын тулд тэдгээрийг /etc/freebsd-update.conf файлын IDSIgnorePaths тохиргоонд нэмж өгнө. Өмнө хэлэлцсэн хувилбараас гадна нарийн нягт шинэчлэлтийн аргын хэсэг болгон энэ системийг ашиглаж болно. Том Рөүдс Бичсэн Колин Персивал Тэмдэглэгээ бичсэн Portsnap: Портын цуглуулгыг шинэчлэх хэрэгсэл Updating and Upgrading Portsnap updating-upgrading &os;-ийн үндсэн систем портын цуглуулгыг бас шинэчилдэг &man.portsnap.8; хэрэгслийг агуулдаг. Ажиллуулсны дараа энэ нь алсын сайт руу холбогдож нууц түлхүүрийг шалгаж портын цуглуулгын шинэ хуулбарыг татан авдаг. Түлхүүр нь бүх татаж авсан файлууд татагдаж байхдаа өөрчлөгдөөгүй эсэхийг хянан бүрэн бүтэн байдлыг шалгахад ашиглагддаг. Хамгийн сүүлийн үеийн портын цуглуулгыг татаж авахын тулд дараах тушаалыг ажиллуулна: &prompt.root; portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 9 mirrors found. Fetching snapshot tag from geodns-1.portsnap.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Tue May 22 02:12:15 CEST 2012 to Wed May 23 16:28:31 CEST 2012. Fetching 3 metadata patches.. done. Applying metadata patches... done. Fetching 3 metadata files... done. Fetching 90 patches.....10....20....30....40....50....60....70....80....90. done. Applying patches... done. Fetching 133 new ports or files... done. Энэ жишээ нь юу үзүүлж байна вэ гэхээр &man.portsnap.8; одоо байгаа портын өгөгдөлд хэд хэдэн засварууд байгааг олж шалгаж байна. Энэ нь бас уг хэрэгсэл өмнө нь ажилласныг харуулж байгаа бөгөөд хэрэв эхний удаа ажилласан бол цуглуулга татагдан авагдах байсан юм. &man.portsnap.8; нь fetch үйлдлийг хийж дууссаны дараа локал систем дээр байгаа портын цуглуулга болон дараа дараагийн засваруудыг шалгалтад дамжуулна. portsnap-ийг эхний удаа ажиллуулахдаа extract-г ашиглан татан авсан файлуудыг суулгаж болно: &prompt.root; portsnap extract /usr/ports/.cvsignore /usr/ports/CHANGES /usr/ports/COPYRIGHT /usr/ports/GIDs /usr/ports/KNOBS /usr/ports/LEGAL /usr/ports/MOVED /usr/ports/Makefile /usr/ports/Mk/bsd.apache.mk /usr/ports/Mk/bsd.autotools.mk /usr/ports/Mk/bsd.cmake.mk ... Аль хэдийн суулгасан портын цуглуулгыг шинэчлэхдээ portsnap update тушаалыг ашиглах ёстой: &prompt.root; portsnap update Процесс одоо дууссан бөгөөд портын цуглуулыг ашиглан програмуудыг суулгаж эсвэл шинэчилж болно. fetch болон extract эсвэл update үйлдлүүдийг доор харуулсан шиг дараалуулан ажиллуулж болно: &prompt.root; portsnap fetch update Энэ тушаал нь портын цуглуулгын сүүлийн хувилбарыг татан авч таны машин дээр байгаа локал хувилбарыг /usr/ports санд шинэчилдэг. Баримтын цуглуулгыг шинэчлэх нь Updating and Upgrading Documentation Updating and Upgrading Үндсэн систем болон портын цуглуулгаас гадна баримтууд нь &os; үйлдлийн системийн салшгүй хэсэг юм. Хэдийгээр &os;-ийн хамгийн сүүлийн үеийн баримтын цуглуулга &os; вэб сайт дээр үргэлж байдаг боловч зарим хэрэглэгчид удаан сүлжээний холболттой эсвэл бүр тогтмол сүлжээний холболтгүй байж болох юм. Азаар &os;-ийн хамгийн сүүлийн үеийн баримтын цуглуулгын локал хуулбарыг арчлан хувилбар бүртэй цуг ирдэг баримтыг шинэчлэх хэд хэдэн арга байдаг. Баримтыг шинэчлэхийн тулд <application>Subversion</application>-г ашиглах нь &os;-ийн баримтуудын эхийг Subversion ашиглан авч болно. Энэ хэсэг дараах зүйлсийг тайлбарладаг: &os;-ийн баримтуудыг эхээс нь бүтээхэд шаардлагатай хэрэгслүүд, баримтын хэрэгслүүдийг хэрхэн суулгах талаар. Subversion ашиглан /usr/doc дахь баримтын эхийн хуулбарыг хэрхэн татаж авах талаар. &os;-ийн баримтыг эхээс нь хэрхэн бүтээж /usr/share/doc дотор суулгах талаар. Баримтыг бүтээх системийн дэмждэг бүтээлтийн зарим тохируулгууд, өөрөөр хэлбэл баримтын зарим нэг хэл дээрх орчуулгыг зөвхөн бүтээдэг тохируулгууд эсвэл тусгай гаралтын хэлбэржүүлэлтийг сонгодог тохируулгууд. <application>Subversion</application> болон баримтын хэрэгслүүдийг суулгах нь &os;-ийн баримтыг эхээс нь бүтээхэд нэлээн олон тооны хэрэгслүүдийг шаарддаг. Эдгээр хэрэгслүүд нь &os;-ийн үндсэн системийн хэсэг биш байдаг. Учир нь эдгээр нь ихээхэн хэмжээний дискийн зай шаарддаг бөгөөд &os;-ийн бүх хэрэглэгчдэд хэрэгтэй байдаггүй. Тэдгээр нь &os;-д зориулж шинэ баримтууд идэвхтэй бичдэг эсвэл өөрсдийн баримтыг эхээс нь байнга шинэчилдэг хэрэглэгчдэд зөвхөн хэрэгтэй байдаг. Бүх шаардлагатай хэрэгслүүд портын цуглуулгад байдаг. Эдгээр хэрэгслүүдийн эхний суулгалт болон хожмын шинэчлэлтүүдийг хялбаршуулах textproc/docproj порт нь &os;-ийг баримтжуулах төслөөс хөгжүүлсэн мастер порт юм. &postscript; эсвэл PDF баримт шаардлагагүй үед харин textproc/docproj-nojadetex портыг суулгаж болох юм. Баримтын хэрэгслийн энэ хувилбар нь teTeX тайпсет хөдөлгүүрээс бусад бүгдийг багтаасан байдаг. teTeX нь маш олон хэрэгслүүдийн цуглуулга учир PDF гаралт үнэхээр шаардлагагүй тохиолдолд суулгахгүй байх нь зохимжтой байдаг. Subversion нь textproc/docproj порттой цуг суудаг. Баримтын эхийг шинэчлэх нь Subversion нь баримтын эхийн цэвэр хуулбарыг татан авч чаддаг. &prompt.root; svn checkout svn://svn.FreeBSD.org/doc/head /usr/doc Баримтын эхийн эхний таталт хугацаа шаардаж болох юм. Дуустал нь хүлээх хэрэгтэй. Баримтын эхийн дараа дараагийн шинэчлэлтүүдийг доорх тушаалыг ашиглан татан авч болно. &prompt.root; svn update /usr/doc Эхийг татан авсныхаа дараа баримтыг шинэчлэх өөр нэг арга нь /usr/doc сангийн Makefile-аар дэмжигдсэн байдаг бөгөөд дараахийг ажиллуулна: &prompt.root; cd /usr/doc &prompt.root; make update Баримтын эхийн тааруулж болох тохируулгууд &os;-ийн баримтжуулалтыг бүтээж шинэчлэх систем нь баримтын зөвхөн тодорхой хэсгийг шинэчлэх эсвэл тусгай орчуулгыг бүтээх процессийг амарчлах хэдэн тохируулгыг дэмждэг. Эдгээр тохируулгуудыг /etc/make.conf файлд бүхэл системийн хувьд зааж өгөх юм уу эсвэл &man.make.1; хэрэгсэлд тушаалын мөрийн тохиргоо маягаар зааж өгч болно. Дараах тохируулгууд нь эдгээрийн зарим нь юм: DOC_LANG Бүтээж суулгах хэл ба кодчилолын жагсаалт, жишээ нь Англи баримтад зөвхөн зориулсан en_US.ISO8859-1 байна. FORMATS Бүтээх ганц хэлбэржүүлэлт эсвэл гаралтын хэлбэржүүлэлтийн жагсаалт. Одоогоор html, html-split, txt, ps, pdf, болон rtf дэмжигдсэн байгаа. DOCDIR Баримтыг суулгах газар. Анхдагчаар /usr/share/doc байдаг. &os; дээрх системийн тохируулга болон дэмжигдсэн бүтээлтийн хувьсагчуудын талаар дэлгэрэнгүйг &man.make.conf.5;-с үзнэ үү. &os;-ийн баримтжуулалт бүтээх системийн дэмждэг бүтээлтийн хувьсагчуудын талаар дэлгэрэнгүйг Шинэ хувь нэмэр оруулагчдад зориулсан &os; баримтжуулах төслийн гарын авлагаас үзнэ үү. &os;-ийн баримтуудыг эхээс суулгах нь Баримтын эхийн хамгийн сүүлийн хормын хувилбарыг /usr/doc санд татаж авснаар суулгагдсан баримтын шинэчлэлтийг хийхэд бүх юм бэлэн болно. DOC_LANG makefile-ийн тохиргоонд заагдсан бүх хэлний бүрэн шинэчлэлтийг дараахийг бичин хийж болно: &prompt.root; cd /usr/doc &prompt.root; make install clean Хэрэв зөвхөн тусгай хэлний шинэчлэлт хэрэгтэй бол /usr/doc-ийн тухайн хэлний тусгай дэд санд &man.make.1;-ийг ажиллуулж болно, жишээ нь: &prompt.root; cd /usr/doc/en_US.ISO8859-1 &prompt.root; make update install clean Суулгах гаралтын хэлбэржүүлэлтийг FORMATS бүтээлтийн хувьсагчийг зааж өгөн хийж өгч болно, жишээ нь: &prompt.root; cd /usr/doc &prompt.root; make FORMATS='html html-split' install clean Марк Фонвил Хувь нэмэр болгосон Баримтжуулах портуудыг ашиглах нь Updating and Upgrading documentation package Updating and Upgrading Өмнөх хэсэгт &os;-ийн баримтжуулалтыг эхээс нь шинэчлэх аргыг бид танилцуулсан. &os;-ийн бүх системүүдийн хувьд эх дээр тулгуурласан шинэчлэлтүүд нь боломжтой эсвэл практикийн биш байж болох юм. Баримтжуулалтын эхүүдийг бүтээх нь нэлээн их хэмжээний хэрэгслийн цуглуулга буюу баримтжуулалт бүтээх хэрэгслийн олонлог, Subversion-ийг тодорхой хэмжээгээр мэдэх, репозиториос эхийг татаж авах болон татаж авсан эхээ бүтээх хэд хэдэн шат дарааллуудыг шаарддаг. Энэ хэсэгт бид &os;-ийн баримтжуулалтын суулгагдсан хуулбаруудыг шинэчлэх өөр аргыг тайлбарлах болно. Энэ нь портын цуглуулгыг ашиглах бөгөөд дараах боломжийг бүрдүүлнэ: Бүгдийг бүтээлгүйгээр баримтжуулалтын урьдчилан бүтээсэн хормын хувилбарыг татан авч суулгах (ингэснээр баримтжуулалт бүтээх хэрэгслийн олонлогийг бүхэлд нь суулгах шаардлагагүй болно). Баримтжуулалтын эхийг татаж аван портын тогтолцоог ашиглан бүтээх (татаж аван бүтээх алхмуудыг арай хялбар болгодог). &os;-ийн баримтжуулалтыг шинэчлэх эдгээр хоёр арга нь &a.doceng;-ийн сар бүр шинэчилдэг баримтжуулалтын портуудын цуглуулгаар дэмжигддэг. Эдгээр нь &os;-ийн портын цуглуулгад docs виртуал төрөлд байдаг. Баримтжуулалтын портуудыг бүтээж суулгах нь Баримтжуулалтын портууд нь баримтжуулалтын бүтээлтийг хялбар болгохын тулд порт бүтээх тогтолцоог хэрэглэдэг. &man.make.1;-ийг тохирох орчны тохиргоонууд болон тушаалын мөрийн тохиргоонуудын хамтаар ажиллуулж баримтжуулалтын эхийг татаж авах процессыг тэд автоматжуулдаг бөгөөд баримтжуулалтын суулгалт болон устгалтыг &os;-ийн бусад порт эсвэл багцын суулгалтын нэгэн адил хялбар болгодог. Мөн баримтжуулалтын портуудыг бүтээсний дараа тэд хамааралтай баримтжуулалтыг бүтээх хэрэгслийн олонлогийн портуудыг бүртгэдэг бөгөөд тэдгээрийг автоматаар бас суулгадаг. Баримтжуулалтын портуудын зохион байгуулалт нь дараах хэлбэрийн байна: Баримтжуулалтын портын файлууд байдаг misc/freebsd-doc-en мастер порт байдаг. Энэ нь бүх баримтжуулалтын портуудын үндэс болдог. Анхдагчаар энэ нь Англи баримтжуулалтыг зөвхөн бүтээдэг. Нэг портод бүгд багтсан misc/freebsd-doc-all байдаг бөгөөд энэ нь байгаа бүх хэл дээр бүх баримтжуулалтыг бүтээж суулгадаг. Эцэст нь орчуулга бүрийн хувьд зарц порт байдаг, жишээ нь Унгар хэл дээрх баримтуудад зориулсан misc/freebsd-doc-hu-г дурдаж болно. Эдгээр нь бүгд мастер портоос хамаарах бөгөөд тухайн хэлний орчуулсан баримтжуулалтыг суулгадаг. Баримтжуулалтын портыг эхээс суулгахын тулд дараах тушаалуудыг ажиллуулна (root эрхээр): &prompt.root; cd /usr/ports/misc/freebsd-doc-en &prompt.root; make install clean Энэ нь Англи баримтжуулалтыг хуваагдсан HTML хэлбэрээр ( дээр ашигладагийн адилаар) бүтээж /usr/local/share/doc/freebsd санд суулгадаг. Нийтлэг Knob болон тохируулгууд Баримтжуулалтын портуудын анхдагч байдлыг өөрчлөх олон тохиргоо байдаг. Доор цөөхөн хэдэн жагсаалтыг дурдав: WITH_HTML HTML хэлбэрээр бүтээхийг зөвшөөрдөг: баримт бүрийн хувьд нэг HTML файл. Хэлбэршүүлсэн баримтжуулалт нь тохирох article.html юм уу эсвэл book.html гэсэн файлуудад зургийн хамтаар хадгалагддаг. WITH_PDF &adobe; &acrobat.reader;, Ghostscript эсвэл бусад PDF уншигчдыг ашиглах &adobe;-ийн хөрвөх баримтын хэлбэрээр бүтээхийг зөвшөөрдөг. Хэлбэршүүлсэн баримтжуулалт нь тохирох article.pdf юм уу эсвэл book.pdf гэсэн файлуудад хадгалагддаг. DOCBASE Баримтжуулалтын суулгах байрлал. Энэ нь анхдагчаар /usr/local/share/doc/freebsd байдаг. Анхдагч суулгах сан нь Subversion аргын ашигладаг сангаас ялгаатайг санаарай. Энэ нь яагаад гэвэл бид порт суулгаж байгаа бөгөөд портууд нь ихэвчлэн /usr/local санд суудаг. Үүнийг PREFIX хувьсагчийг нэмэн өөрчилж болдог. Энд Унгар баримтжуулалтыг Хөрвөх Баримтын Хэлбэрээр (PDF) суулгахын тулд дээр дурдсан хувьсагчуудыг хэрхэн ашиглахыг харуулсан жишээг үзүүлэв: &prompt.root; cd /usr/ports/misc/freebsd-doc-hu &prompt.root; make -DWITH_PDF DOCBASE=share/doc/freebsd/hu install clean Баримтжуулалтын багцуудыг ашиглах нь Өмнөх хэсэгт тайлбарласнаар баримтжуулалтын портуудыг эхээс бүтээх нь баримтжуулалтыг бүтээх хэрэгслийн олонлогийг суулгах болон портуудыг бүтээхэд тодорхой хэмжээний дискийн зай шаарддаг. Баримтжуулалтын хэрэгслүүдийг суулгахад эх үүсвэр хүрэлцэхгүй үед эсвэл эхээс бүтээх нь ихээхэн хэмжээний дискийн зай эзлэх бол баримтжуулалтын портуудын урьдчилан бүтээсэн хормын хувилбаруудыг суулгах боломж бас байдаг. &a.doceng; нь &os;-ийн баримтжуулалтын багцуудын сар бүрийн хормын хувилбаруудыг бэлддэг. Эдгээр хоёртын багцуудыг &man.pkg.add.1;, &man.pkg.delete.1; гэх зэрэг багцын хэрэгслүүдийн хамтаар ашиглаж болдог. Хоёртын багцуудыг ашиглаж байгаа үед &os;-ийн баримтжуулалт нь тухайн хэлний хувьд байгаа бүх хэлбэрээр суудаг. Жишээ нь дараах тушаал Унгар баримтжуулалтын хамгийн сүүлийн урьдчилан бүтээсэн багцыг суулгах болно: &prompt.root; pkg_add -r hu-freebsd-doc Багцууд нь харгалзах портын нэрнээсээ ялгаатай дараах нэрийн хэлбэртэй байдаг: lang-freebsd-doc. Энд lang нь хэлний кодын богино хэлбэр юм, жишээ нь hu нь Унгар, эсвэл zh_cn нь хялбаршуулсан Хятад хэл юм. Баримтжуулалтын портуудыг шинэчлэх нь Өмнө нь суулгасан баримтжуулалтын портыг шинэчлэхийн тулд портууд шинэчлэх аль ч хэрэгсэл байхад хангалттай. Жишээ нь дараах тушаал суулгасан Унгар баримтжуулалтыг ports-mgmt/portupgrade хэрэгслийн тусламжтайгаар зөвхөн багцуудыг ашиглан шинэчилнэ: &prompt.root; portupgrade -PP hu-freebsd-doc Хөгжүүлэлтийн салбарыг дагах нь -CURRENT -STABLE FreeBSD-ийн хоёр хөгжүүлэлтийн салбар байдаг: &os.current; болон &os.stable;. Энэ хэсэгт эдгээр тус бүрийг тайлбарлаж өөрийн системийг тус тусын модны хувьд хамгийн шинэ хэлбэрт байнга байлгах талаар тайлбарлах болно. &os.current; эхлээд хэлэлцэгдэх бөгөөд дараа нь &os.stable;-ийн тухай яригдах болно. &os;-ийн одоо үеийн хэлбэрт байх нь Та үүнийг уншихдаа &os.current; нь &os;-ийн хөгжүүлэлтийн bleeding edge салбар буюу амжилт ололтын хамгийн тэргүүний салбар гэдгийг санаарай. &os.current; хэрэглэгчдийг техникийн өндөр чадавхитай бөгөөд системийн хүнд хэцүү асуудлуудыг өөрсдөө шийдвэрлэх чадвартай байна гэж тооцдог. Хэрэв та &os;-д анхлан суралцагч бол үүнийг суулгахаасаа өмнө дахин сайн бодоорой. &os.current; гэж юу вэ? хормын агшны хувилбар &os.current; нь &os;-ийн хамгийн сүүлийн үеийн ажлын эх юм. Энэ нь хийгдэж байгаа ажлууд, туршилтын өөрчлөлтүүд болон програм хангамжийн дараагийн албан ёсны хувилбарт байхгүй ч байж болох эсвэл байж ч болох шилжилтийн аргуудыг багтаадаг. &os;-ийн олон хөгжүүлэгчид &os.current;-ийн эх кодыг өдөр болгон эмхэтгэн хөрвүүлж байдаг боловч эхийг бүтээх боломжгүй үе бас байдаг. Эдгээр асуудлууд нь боломжийн хэрээр хурдан шийдэгддэг боловч &os.current; нь сүйрэл авчрах эсвэл тун их хүссэн ажиллагааг авчрах эсэх нь та яг ямар агшинд эх кодыг татаж авснаас хамаарах юм! &os.current; хэнд хэрэгтэй вэ? &os.current; нь үндсэн 3 сонирхлын бүлэгт зориулагдан хийгдсэн: Эх модны зарим хэсэг дээр идэвхтэйгээр ажиллаж байгаа &os;-ийн хүрээний гишүүд болон current буюу одоо үеийн хэлбэрт байлгах нь туйлын шаардлага болсон хүмүүст. &os.current;-г аль болох ухаалаг байлгахыг хичээж асуудлуудыг шийдвэрлэхэд цагаа зарах хүсэлтэй байдаг идэвхтэй тест хийгч &os;-ийн хүрээний гишүүд. Эдгээр хүмүүс нь өөрчлөлтүүд болон &os;-ийн ерөнхий чиглэлд цаг үеийн саналуудыг тусгахыг хүсэж тэдгээрийг шийдэх засваруудыг илгээдэг бас хүмүүс юм.. Юу болж байгааг зөвхөн харж мэдэж байхыг хүссэн эсвэл одоо үеийн эхийг лавлагааны зорилгоор ашиглахыг зөвхөн хүссэн хүмүүс (өөрөөр хэлбэл ажиллуулах биш унших зорилгоор). Эдгээр хүмүүс нь хааяа бас санал гаргаж кодонд хувь нэмэр оруулдаг. &os.current; нь юу <emphasis>Биш</emphasis> вэ? Та зарим нэг дажгүй шинэ боломж байгааг сонссон учраас бусдаас түрүүлж урьдчилсан хувилбарын тэдгээр битүүдийг авах таны нэн тэргүүний арга зам. Шинэ боломжийг авч эхэнд байна гэдэг нь та шинэ алдаанууд, хорхойнуудыг бас авч эхэнд байна гэсэн үг юм. Алдааны засваруудыг хурдан авах арга зам. &os.current;-ийн өгөгдсөн дурын хувилбар нь илэрсэн алдаануудыг засахын хажуугаар бас магадгүй шинэ алдаанууд бас гаргаж байдаг. Аль ч үед албан ёсоор дэмжигдсэн. Бид өөрсдийн чадлын хирээр хууль ёсны 3 &os.current; бүлгийн аль нэгэнд хүмүүст бодитоор туслахыг хичээдэг, гэхдээ бидэнд ердөө л техникийн дэмжлэг үзүүлэх цаг байдаггүй. Энэ нь бид хүмүүст туслах дургүй өөдгүй муухай хүмүүс учраас гэсэн үг биш юм (хэрэв бид байгаагүй бол бид &os;-г хийж байхгүй байх байсан). Бид ердөө л өдрийн хэдэн зуун захидлуудад хариулахын хажуугаар FreeBSD дээр ажиллаж чаддаггүй! &os;-г сайжруулах болон туршилтын кодон дээр тавигдсан маш олон асуултуудад хариулах хоёр сонголтын эхнийхийг хөгжүүлэгчид сонгосон юм. &os.current; ашиглах нь - - -CURRENT - ашиглах нь - - - &a.current.name; болон &a.svn-src-head.name; жагсаалтуудад элсэн орно уу. + &a.current.name;-CURRENTашиглах нь болон &a.svn-src-head.name; жагсаалтуудад элсэн орно уу. Энэ нь зөвхөн сайн санаанаас гадна бас чухал юм. Хэрэв та &a.current.name; жагсаалтад ороогүй бол системийн одоогийн төлвийн талаар хүмүүсийн өгч байгаа санал хүсэлтүүдийг харахгүй учраас бусдын аль хэдийн олоод шийдсэн маш их асуудлууд дээр магадгүй та бүдрэн төөрөлдөж дуусах биз ээ. Бүр илүү чухал зүйл нь юу вэ гэвэл таны системийн эрүүл мэндэд эгзэгтэй байж болох чухал мэдээнүүдээс та хоцрох болно. &a.svn-src-head.name; жагсаалт нь кодонд оруулсан өөрчлөлт бүрийн бүртгэл оруулгыг болзошгүй сөрөг нөлөөнүүдийн талаар тохирсон мэдээллийн хамтаар танд харах боломжийг олгодог. Эдгээр жагсаалтууд эсвэл байгаа бусдын аль нэгэнд элсэхийн тулд &a.mailman.lists.link; хаяг уруу орж элсэхийг хүссэн жагсаалтаа сонгоорой. Дарааллын үлдсэн зааврууд тэнд байгаа болно. Хэрэв та бүх л эх модон дахь өөрчлөлтийг дагах сонирхолтой байгаа бол &a.svn-src-all.name; жагсаалтад бүртгүүлэхийг бид зөвлөж байна. &os;-ийн толин тусгалаас эхийг авна. Та үүнийг гурван аргаар хийж болно: - - svn - - - cvsup - - - cron - - - -CURRENT - CVSup ашиглан сүүлийн хэлбэрт аваачих - - Хүссэн хөгжүүлэлт эсвэл салбар хувилбарыг - татаж авахдаа svn програмыг + татаж авахдаа svnsvn програмыг ашиглах хэрэгтэй. Энэ аргыг &os;-н хөгжүүлэлтэд хандахад зөвлөдөг. -CURRENT суурь системийн - Subversion татаж авах үндсэн + Subversion-CURRENTSVN ашиглан сүүлийн хэлбэрт аваачих татаж авах үндсэн URL нь http://svn.freebsd.org/base/head/ бөгөөд репозиторын хэмжээ их тул зөвхөн хүссэн дэд модоо татаж авахыг зөвлөдөг. /usr/share/examples/cvsup санд байх standard-supfile гэж нэрлэгдсэн supfile-тай цуг cvsup програм ашигла. Та дээр дурдсан жишээ supfile-г өөрчлөн cvsup-г өөрийн орчны хувьд тохируулах хэрэгтэй. cvsup-г ашиглах нь хуучирсан бөгөөд төсөл ашиглахыг зөвлөдөггүй. Жишээ standard-supfile нь &os.current;-ийн биш &os;-ийн аюулгүй байдлын тусгай салбарыг дагахад хэрэглэгдэнэ. Танд энэ файлыг засварлаж дараах мөрийг өөрчлөх хэрэгтэй болно: *default release=cvs tag=RELENG_X_Y Дээрх мөрийг дараах мөрөөр сольно: *default release=cvs tag=. Хэрэгцээтэй хаяг/шошгонуудын дэлгэрэнгүй тайлбарыг гарын авлагын CVS хаяг/шошгонууд хэсгээс үзнэ үү. - - -CURRENT - CTM ашиглан сүүлийн хэлбэрт аваачих - - CTM хэрэгслийг ашигла. + linkend="ctm">CTM-CURRENTCTM ашиглан сүүлийн хэлбэрт аваачих хэрэгслийг ашигла. Хэрэв та маш муу холболттой (өндөр үнэтэй холболтууд эсвэл зөвхөн цахим захидлын хандалт) бол CTM нь сонголт болох юм. Гэхдээ энэ нь бөөн зовлон бөгөөд та эвдэрсэн файлуудтай үлдэж болох юм. Энэ нь үүнийг ховор ашиглахад хүргэдэг бөгөөд ингэснээр ажиллахгүй байх боломжийг нэлээн удаан хугацаагаар ихэсгэдэг. Бид Интернэт холболттой хүмүүст Subversion-г ашиглахыг зөвлөдөг. Хэрэв та эхийг зөвхөн харахаар биш ажиллуулахаар татаж авч байгаа бол зөвхөн сонгосон хэсгүүдийг биш &os.current;-ийн бүх эхийг татаж аваарай. Үүний шалтгаан нь эхийн төрөл бүрийн хэсгүүд нь бусад хаа нэгтээ байгаа шинэчлэлтүүдээс хамаардаг бөгөөд зөвхөн хэсэг бүлэг эхийг хөрвүүлэхийг оролдох нь таныг бараг л баталгаатайгаар асуудалтай учруулах болно. - - -CURRENT - хөрвүүлэх - - &os.current;-ийг хөрвүүлэхээсээ өмнө /usr/src + &os.current;-ийг-CURRENTхөрвүүлэх хөрвүүлэхээсээ өмнө /usr/src дахь Makefile-г анхааралтай уншина уу. Эхний удаа та хамгийн багаар бодоход шинэчлэлтийн процессийн хэсэг болох шинэ цөмийг суулгаж ертенцийг дахин бүтээх хэсгээр дамжих хэрэгтэй. &a.current; болон /usr/src/UPDATING файлыг унших нь биднийг дараагийн хувилбар уруу шилжихэд заримдаа шаардлагатай болдог бусад эхлүүлэх процедуруудын хувьд хамгийн сүүлийн мэдээлэлтэй байлгах боломжийг бидэнд олгодог. Идэвхтэй бай! Хэрэв та &os.current; ажиллуулж байгаа бол түүний талаар таныг юу хэлэхийг ялангуяа хэрэв танд өргөжүүлэлт эсвэл алдааны засваруудын талаар санал хүсэлт байвал түүнийг бид мэдэхийг хүсдэг юм. Хавсаргасан кодтой санал хүсэлтүүдийг хамгийн их урам зоригтойгоор хүлээн авдаг билээ! &os;-ийн тогтвортой хэлбэрт байх нь &os.stable; гэж юу вэ? -STABLE &os.stable; нь үндсэн хувилбарууд гардаг бидний хөгжүүлэлтийн салбар юм. Өөрчлөлтүүд нь эхлээд тест хийгдэх зорилгоор &os.current; уруу ордог гэсэн ерөнхий төсөөлөл/таамаглалтайгаар янз бүрийн зөвшөөрлөөр энэ салбар уруу ордог. Энэ нь одоо болтол хөгжүүлэлтийн салбар бөгөөд гэхдээ энэ нь ямар ч үед &os.stable;-д зориулагдсан эх нь ямар ч зорилгод тохирч эсвэл тохирохгүй байж болно гэсэн үг юм. Энэ нь эцсийн хэрэглэгчид зориулагдсан эх үүсвэр бус ердөө л өөр нэг инженерчлэлийн хөгжүүлэлтийн арга зам юм. &os.stable; хэнд хэрэгтэй вэ? Хэрэв та FreeBSD-ийн хөгжүүлэлтийн процессод хувь нэмэр оруулах сонирхолтой, энэ нь ялангуяа FreeBSD-ийн дараагийн гарах хувилбартай холбоотой байдаг, эсвэл юу болж байгааг мэдэж байх сонирхолтой байгаа бол та дараах &os.stable;-г бодолцох хэрэгтэй. Аюулгүй байдлын засварууд бас &os.stable; салбар уруу орж байдаг нь үнэн боловч та үүнийг хийхийн тулд &os.stable;-г заавал дагах хэрэггүй. FreeBSD-ийн аюулгүй байдлын зөвлөмжүүд нь тухайн хувилбарт хамааралтай асуудлыг хэрхэн засах тухай тайлбарладаг Энэ нь бүр яг үнэн биш юм. Бид FreeBSD-ийн хуучин хувилбаруудыг үргэлж дэмжиж чадахгүй, гэхдээ бид тэдгээрийг олон жилийн турш дэмжсээр ирсэн. FreeBSD-ийн хуучин хувилбаруудын одоогийн аюулгүй байдлын бодлогын бүрэн тайлбарыг http://www.FreeBSD.org/security/-с үзнэ үү. бөгөөд зөвхөн аюулгүй байдлын үүднээс бүхэл бүтэн хөгжүүлэлтийн салбарыг дагаж байна гэдэг бас зөндөө олон хүсээгүй өөрчлөлтүүдийг авчрах магадлалтай юм. Бид &os.stable; салбар үргэлж хөрвүүлэгдэн эмхэтгэгдэж дандаа ажилладаг байлгахаар чармайж байдаг боловч энэ нь баталгаатай биш юм. Нэмж хэлэхэд код нь &os.stable;-д орохоосоо өмнө &os.current;-д хөгжүүлэгдэж байдаг боловч &os.current;-г ашиглан ажиллуулдгаас илүү &os.stable;-г хүмүүс ажиллуулдаг болохоор &os.current;-ийн хувьд илэрхий биш байсан алдаанууд болон булангийн тохиолдлууд &os.stable;-д илрэх нь заримдаа зайлшгүй юм. Эдгээр шалтгаануудаас болоод бид &os.stable;-г сохроор дагахыг танд зөвлөдөггүй бөгөөд энэ нь өөрийн хөгжүүлэлтийн орчиндоо кодыг эхлээд сайтар тест хийлгүйгээр үйлдвэрлэлд (production) ашиглаж байгаа серверүүдээ &os.stable; уруу шинэчлэхгүй байхад танд ялангуяа чухал ач холбогдолтой юм. Хэрэв танд үүнийг хийх эх үүсвэрүүд байхгүй бол бид FreeBSD-ийн хамгийн сүүлийн үеийн хувилбарыг ажиллуулж хоёртын шинэчлэлт хийх аргыг хувилбараас хувилбар уруу шилжихдээ ашиглахыг танд зөвлөж байна. &os.stable; ашиглах нь - - -STABLE - ашиглах нь - - - &a.stable.name; жагсаалтад элсэн орно уу. Энэ нь + &a.stable.name;-STABLEашиглах нь жагсаалтад элсэн орно уу. Энэ нь &os.stable;-д илэрч болох бүтээлтийн хамаарлууд эсвэл тусгайлсан анхаарал шаардлагатай өөр бусад асуудлуудын талаар танд мэдээлж байх болно. Хөгжүүлэгчид нь зарим нэг маргаантай засвар эсвэл шинэчлэлийн талаар бодож байгаа талаараа бас энэ захидлын жагсаалтад мэдээлдэг бөгөөд ийнхүү санал болгож байгаа өөрчлөлтийн талаар хэрэглэгчдэд ямар нэг асуудал байвал тэдэнд эргээд хариу өгөх боломж олгодог юм. Өөрийн дагаж байгаа салбарын тохирох SVN жагсаалтад элсэн орох хэрэгтэй. Жишээ нь хэрэв та 9-STABLE салбарыг дагаж байгаа бол &a.svn-src-stable-9.name; жагсаалтад элсэн ороорой. Энэ нь кодонд оруулсан өөрчлөлт бүрийн бүртгэл оруулгыг болзошгүй сөрөг нөлөөнүүдийн талаар тохирсон мэдээллийн хамтаар танд харах боломжийг олгодог. Эдгээр жагсаалтууд эсвэл байгаа бусдын аль нэгэнд элсэхийн тулд &a.mailman.lists.link; хаяг уруу орж элсэхийг хүссэн жагсаалтаа сонгоорой. Дарааллын үлдсэн зааврууд тэнд байгаа болно. Хэрэв та бүх л эх модон дахь өөрчлөлтийг дагах сонирхолтой байгаа бол &a.svn-src-all.name; жагсаалтад бүртгүүлэхийг бид зөвлөж байна. Хэрэв та шинэ систем суулгаж &os.stable;-ээс бүтээсэн сар бүрийн хормын агшны хувилбарыг түүн дээр ажиллуулахыг хүсэж байгаа бол дэлгэрэнгүй мэдээллийн талаар Хормын агшны хувилбарууд вэб хуудаснаас шалгана уу. Үүнээс гадна хамгийн сүүлийн үеийн &os.stable; хувилбарыг толин тусгалын хаягуудаас татан авч суулгах боломжтой бөгөөд доор дурдсан заавруудыг дагаж өөрийн системийг хамгийн сүүлийн үеийн &os.stable; эх код уруу шинэчилж болох юм. Хэрэв та &os;-ийн урдны хувилбар аль хэдийн ажиллуулж байгаа бөгөөд эхээс шинэчлэхийг хүсэж байгаа бол &os;-ийн толин тусгал хуудасаас хялбараар хийж болно. Үүнийг гурван аргаар хийж болно: - - svn - - - cvsup - - - cron - - - -STABLE - Subversion ашиглан сүүлийн хэлбэрт аваачих - - Хүссэн хөгжүүлэлт эсвэл салбар хувилбарыг - татахдаа svn програмыг ашиглах хэрэгтэй. + татахдаа svnsvn програмыг ашиглах хэрэгтэй. Энэ аргыг &os;-н хөгжүүлэлтэд хандахад зөвлөдөг. Салбарын нэрсэд одоогийн хөгжүүлэлтийн толгой хувилбарын хувьд head, болон stable/9 эсвэл releng/9.0 гэх зэрэг хувилбар инженерчлэлийн хуудас дахь салбарууд ордог. Суурь системийн Subversion татаж авах үндсэн - URL нь http://svn.freebsd.org/base/ бөгөөд + URL нь http://svn.freebsd.org/base/-STABLESubversion ашиглан сүүлийн хэлбэрт аваачих бөгөөд репозиторын хэмжээ их тул зөвхөн хүссэн дэд модоо татаж авахыг зөвлөдөг. /usr/share/examples/cvsup санд байх standard-supfile гэж нэрлэгдсэн supfile-тай цуг cvsup програм ашигла. Та дээр дурдсан жишээ supfile-г өөрчлөн cvsup-г өөрийн орчны хувьд тохируулах хэрэгтэй. cvsup нь хуучирсан бөгөөд төсөл ашиглахыг зөвлөдөггүй. - - -STABLE - CTM ашиглан сүүлийн хэлбэрт аваачих - - CTM хэрэгслийг ашигла. + linkend="ctm">CTM-STABLECTM ашиглан сүүлийн хэлбэрт аваачих хэрэгслийг ашигла. Хэрэв танд Интернэт уруу холбогдсон хурдан хямд холболт байхгүй бол энэ аргыг та ашиглах хэрэгтэй. Гол нь хэрэв та эхэд хурдан, шаардлагын улмаас хандах хэрэгтэй болоод холболтуудын зурвасын өргөн ач холбогдолгүй бол cvsup эсвэл ftp ашиглаарай. Бусад тохиолдолд CTM-г ашигла. - - -STABLE - хөрвүүлэх нь - - - &os.current;-ийг хөрвүүлэхээсээ өмнө /usr/src + &os.current;-ийг-STABLEхөрвүүлэх нь хөрвүүлэхээсээ өмнө /usr/src дахь Makefile-г анхааралтай уншина уу. Эхний удаа та хамгийн багаар бодоход шинэчлэлтийн процессийн хэсэг болох шинэ цөмийг суулгаж ертенцийг дахин бүтээх хэсгээр дамжих хэрэгтэй. &a.current; болон /usr/src/UPDATING файлыг унших нь биднийг дараагийн хувилбар уруу шилжихэд заримдаа шаардлагатай болдог бусад эхлүүлэх процедуруудын хувьд хамгийн сүүлийн мэдээлэлтэй байлгах боломжийг бидэнд олгодог. Өөрийн эхийг хамгийн сүүлийн хэлбэрт аваачих нь Интернетийн (эсвэл цахим захидал) холболт ашиглан &os; төслийн эхүүдийн аль ч хэсгийн хувьд эсвэл таны юу сонирхож байгаагаас хамааран бүх хэсгүүдийг хамгийн шинэ байлгаж байх төрөл бүрийн аргууд байдаг. Бидний санал болгодог үндсэн үйлчилгээнүүд бол Subversion, Anonymous буюу нэргүй CVS, CVSup болон CTM юм. Өөрийн эх модны зөвхөн зарим хэсгийг шинэчлэх боломжтой боловч цорын ганц шинэчлэх арга бол модыг бүтнээр нь шинэчилж хэрэглэгчийн талбар (өөрөөр хэлбэл /bin болон /sbin гэх мэт дэх хэрэглэгчийн талбарт ажилладаг бүх програмууд) болон цөмийн эхүүдийг дахин эмхэтгэх явдал юм. Өөрийн эх модны зөвхөн нэг хэсэг зөвхөн цөм эсвэл зөвхөн хэрэглэгчийн талбарыг шинэчлэх нь асуудлууд гарахад ихэвчлэн хүргэдэг. Эдгээр асуудлууд нь эмхэтгэлтийн үеийн алдаануудаас авахуулаад цөмийн сүйрлүүд эсвэл өгөгдлийн эвдрэлийг хүртэл хамардаг. CVS anonymous буюу нэргүй Subversion, Нэргүй CVS болон CVSup нь эхийг шинэчлэхдээ татах загварыг хэрэглэдэг. Subversion-ийн хувьд хэрэглэгч (эсвэл cron скрипт) svn програмыг эхлүүлэн файлуудыг хамгийн шинэ хэлбэрт авчирдаг. Локал эх модыг шинэчлэхэд зөвлөдөг арга бол Subversion юм. cvsup ба cvs нь ижил зарчмаар ажиллах боловч хуучирсан бөгөөд Subversion-ийг ашиглахыг зөвлөдөг. Таны хүлээн авах шинэчлэлтүүд нь хамгийн сүүлийн минут хүртэлх үеийнх байх бөгөөд та тэдгээрийг зөвхөн өөрийн хүссэн тэр үедээ авдаг. Та өөрийн шинэчлэлтүүдийг таны сонирхож байгаа тусгайлсан файлууд эсвэл сангуудаар хялбараар хязгаарлаж болно. Шинэчлэлтүүд нь таны юуг авахыг хүссэн болон танд юу байгаагаас хамааран серверээр тухайн үед үүсгэгддэг. Үнэхээр шаардлагагүй л бол хуучирч ирээдүйд үргэлжүүлэн ашиглахаа болих бусад синхрон хийх аргуудаас илүүтэй Subversion-г ашиглах ёстой юм. CTM Нөгөө талаас CTM нь танд байгаа эхийг мастер архив дахь эхтэй лавлаж асуух зарчмаар харьцуулдаггүй бөгөөд өөрөөр хэлбэл тэдгээрийг татаж авдаггүй. Ингэхийн оронд харин өмнө нь ажиллуулснаас хойшх файл дахь өөрчлөлтүүдийг таньдаг скрипт өдөрт хэд хэдэн удаа мастер CTM машин дээр ажиллаж илэрсэн өөрчлөлтүүдийг шахаж дарааллын-дугаар тавин цахим захидлаар дамжуулахад зориулан кодчилдог (зөвхөн хэвлэгдэх боломжтой ASCII хэлбэрээр). Эдгээр CTM дельтануудыг авсаны дараа тэдгээрийг автоматаар декод хийж шалган хэрэгчид байгаа эхийн хуулбарт өөрчлөлтүүдийг хийх &man.ctm.rmail.1; хэрэгсэл уруу өгдөг. Энэ процесс нь CVSup-с хамаагүй илүү үр дүнтэй бөгөөд энэ нь татах биш харин түлхэх загвар учраас бидний серверийн эх үүсвэрт бага ачаалал учруулдаг юм. Мэдээж үүнээс гадна харилцан сул болон давуу талуудтай асуудлууд байдаг. Хэрэв та санамсаргүйгээр өөрийн архивын хэсгийг устгачих юм бол CVSup үүнийг илрүүлж эвдэрсэн хэсгүүдийг дахин бүтээж өгдөг. CTM ингэж хийдэггүй бөгөөд хэрэв та өөрийн эх модны зарим хэсгийг устгасан (бас нөөцлөн аваагүй) бол та дахин шинээр эхнээс нь (хамгийн сүүлийн үеийн CVS суурь дельтагаас) эхэлж CTM-ийн тусламжтайгаар бүгдийг дахин бүтээх буюу эсвэл Нэргүй CVS-ийн тусламжтайгаар муу битүүдийг ердөө л устгаж дахин сүүлийн хэлбэрт аваачих хэрэгтэй болно. <quote>Ертөнц</quote>ийг дахин бүтээх нь Ертөнцийг дахин бүтээх нь Та өөрийн локал эх модоо &os;-ийн тухайн хувилбарын (&os.stable;, &os.current;, гэх зэрэг) хамгийн сүүлийн үеийн хэлбэрт аваачсаныхаа дараа та эх модоо ашиглан системийг дахин бүтээж болно. Нөөц хий Та дээрхийг хийхээсээ өмнө өөрийн системийг нөөцлөн авах нь ямар чухал болохыг энэ нь хангалттай хэлж өгч чаддаггүй. Ертөнцийг дахин бүтээх нь (хэрэв та эдгээр заавруудыг дагасан тохиолдолд) хялбар боловч таныг алдаа гаргахад эсвэл бусдын эх модонд хийсэн алдаанууд нь таны системийг ачаалагдахгүй болгох нөхцөлд зайлшгүй хүргэдэг. Нөөц хийж авсан эсэхээ шалгаарай. Засварлах уян диск эсвэл ачаалагдах CD-г гарын дор байлгаарай. Магадгүй та үүнийг хэзээ ч хэрэглэхгүй байж болох юм, гэхдээ харамсахаасаа өмнө аюулгүй байж байх нь илүү дээр юм! Тохирох захидлын жагсаалтад бүртгүүл захидлын жагсаалт &os.stable; болон &os.current; салбарууд нь угаасаа хөгжүүлэлтэд байдаг. &os;-д хувь нэмэр оруулж байгаа хүмүүс нь хүн л учраас алдаанууд заримдаа гардаг. Заримдаа эдгээр алдаанууд нь нэг их хор хөнөөлгүй бөгөөд ердөө л таны системийг шинэ оношлогооны анхааруулга хэвлэхэд хүргэдэг. Эсвэл өөрчлөлт нь сүйрлийн байж болзошгүй байдаг бөгөөд таны системийг ачаалагдахгүй болгож эсвэл файлын системүүдийг чинь устгаж (эсвэл бүр муу юм болж) болох юм. Эдгээртэй адил асуудлууд гарвал асуудлын учир шалтгаан болон аль систем дээр энэ асуудал хамааралтайг тайлбарласан heads up буюу бүхний сонорт хандсан зарлал тохирох захидлын жагсаалтад илгээгддэг. Тэгээд all clear буюу бүгд цэвэр зарлал асуудал шийдэгдсэний дараа тавигддаг. Хэрэв та &os.stable; эсвэл &os.current;-ийг дагахыг оролдож &a.stable; эсвэл &a.current;-г харгалзуулан уншихгүй байгаа бол энэ нь та өөртөө гай төвөг асууж байна л гэсэн үг юм. <command>make world</command> тушаалыг бүү ашигла Ихэнх хуучин баримтууд үүнд зориулан make world тушаалыг ашиглахыг зөвлөдөг. Энэ тушаалыг ажиллуулснаар зарим нэг чухал алхмуудыг алгасах бөгөөд та юу хийж байгаагаа мэдэж байгаа тохиолдолд үүнийг зөвхөн ашиглах хэрэгтэй. Бараг ихэнх тохиолдолд make world хийх нь буруу зүйл бөгөөд энд тайлбарласан процедурыг түүний оронд ашиглах ёстой юм. Шалгагдсан аргаар өөрийн системийг шинэчлэх нь Өөрийн системийг шинэчлэхийн тулд өөрт чинь байгаа эхийн хувилбарт шаардлагатай байгаа бүтээхээс урьдах алхмууд та /usr/src/UPDATING файлд байгаа эсэхийг шалгах хэрэгтэй бөгөөд үүний дараа энд дурдсан процедурыг ашиглана. Эдгээр шинэчлэлтийн алхмууд нь таныг хуучин хөрвүүлэгч, хуучин цөм, хуучин ертөнц болон хуучин тохиргооны файлууд бүхий &os;-ийн хуучин хувилбар ашиглаж байгаа гэж тооцдог. Ертөнц гэдгийг бид энд системийн гол хоёртын файлууд, сангууд болон програмын файлууд гэж ойлгоно. Хөрвүүлэгч нь ертөнцийн хэсэг бөгөөд цөөн асуудлуудтай байдаг. Таныг шинэ системийн эхийг аль хэдийн авсан байгаа гэж бид бас энд тооцдог. Тухайн систем дээр байгаа эхүүд бас хуучин байвал шинэ хувилбар руу шилжүүлэх талаар бичсэн -с дэлгэрэнгүйг үзнэ үү. Системийг эхээс шинэчлэх нь эхлээд санагдсанаасаа илүү нарийн байдаг бөгөөд тойрон гарах боломжгүй, хамаарлууд бүхий шинэ асуудлууд гардгаас болоод &os;-ийн хөгжүүлэгчид зөвлөдөг чиг хандлагаа жил ирэх тутам нэлээнээр өөрчлөх шаардлагатай болсон. Энэ хэсгийн үлдсэн хэсэг нь одоогоор зөвлөж байгаа шинэчлэх дарааллын талаар тайлбарлах болно. Амжилттай болох шинэчлэх дараалал бүр дараах асуудлуудыг шийдэх ёстой: Хуучин хөрвүүлэгч шинэ цөмийг бүтээж чадахгүй байж болох юм. (Хуучин хөрвүүлэгчид заримдаа алдаатай байдаг.) Тиймээс шинэ цөмийг шинэ хөрвүүлэгчээр бүтээх ёстой. Ялангуяа шинэ цөм бүтээхээсээ өмнө шинэ хөрвүүлэгчийг бүтээх хэрэгтэй. Энэ нь шинэ хөрвүүлэгчийг заавал шинэ цөмөөс өмнө суулгасан байх ёстой гэсэн үг биш юм. Шинэ ертөнц шинэ цөмийн боломжууд дээр тулгуурлаж байж болох юм. Тиймээс шинэ цөмийг шинэ ертөнцийг суулгахаасаа өмнө суулгасан байх шаардлагатай. Эдгээр хоёр асуудал нь бидний дараагийн хэсгүүдэд тайлбарлах гол buildworld, buildkernel, installkernel, installworld дарааллын үндэс болдог. Энэ нь одоогоор зөвлөдөг шинэчлэлтийн просессийг та яагаад заавал сонгох ёстойг харуулсан бүх шалтгаануудын бүрэн дүүрэн жагсаалт биш юм. Зарим нэг тийм ч мэдээжийн биш зүйлсийг доор жагсаав: Хуучин ертөнц шинэ цөм дээр зөв ажиллахгүй байж болох учир та шинэ цөм суулгасныхаа дараа шинэ ертөнцийг даруйхан суулгах ёстой. Шинэ ертөнц суулгахаасаа өмнө зарим нэг тохиргооны өөрчлөлтүүдийг хийх ёстой боловч зарим нь хуучин ертөнцийг эвдэж магадгүй юм. Тийм болохоор хоёр өөр тохиргооны шинэчлэлтийн алхам ерөнхийдөө шаардлагатай байдаг. Ихэнх хэсгийн хувьд шинэчлэх процесс нь зөвхөн файлуудыг солих юм уу эсвэл нэмдэг бөгөөд байгаа хуучин файлуудыг устгадаггүй. Цөөн тохиолдолд энэ нь асуудал үүсгэж болох юм. Үүний дүнд шинэчлэх арга зам нь зарим нэг алхам дээр гараар устгах тодорхой файлуудыг заримдаа зааж өгдөг. Үүнийг ирээдүйд автоматчилах юм уу эсвэл үгүй ч байж болох юм. Эдгээр зүйлс нь дараах зөвлөсөн дараалалд хүргэдэг. Тухайн шинэчлэлтүүдэд зориулсан дэлгэрэнгүй дараалал нь нэмэлт алхмуудыг шаардаж болохыг санаарай. Гэхдээ эдгээр гол процессууд тодорхой хугацаагаар өөрчлөгдөхгүй байх ёстой юм: make buildworld Энэ нь эхлээд шинэ хөрвүүлэгч болон хамааралтай цөөн хэрэгслүүдийг бүтээж дараа нь шинэ ертөнцийн бусдыг хөрвүүлэхийн тулд шинэ хөрвүүлэгчийг ашигладаг. Үр дүн нь /usr/obj-д хадгалагддаг. make buildkernel &man.config.8; болон &man.make.1;-ийг ашигладаг хуучин аргаасаа ялгаатай нь энэ тушаал /usr/obj санд байрлаж байгаа шинэ хөрвүүлэгчийг ашигладаг. Энэ нь хөрвүүлэгч болон цөмийн хооронд тохиромжгүй байдал үүсэхээс таныг хамгаалдаг. make installkernel Шинэ цөм болон цөмийн модулиудыг дискэд байрлуулж шинээр шинэчилсэн цөмөөр ачаалах боломжийг бүрдүүлдэг. Ганц хэрэглэгчийн горим руу ачаалан орно. Ганц хэрэглэгчийн горим нь ажиллаж байгаа програм хангамжуудыг шинэчлэхэд гарах асуудлуудыг багасгадаг. Энэ нь бас шинэ цөм дээр хуучин ертөнцийг ажиллуулахад гарах асуудлыг багасгадаг. mergemaster Энэ нь шинэ ертөнцөд зориулж зарим нэг тохиргооны файлуудын эхний шинэчлэлтүүдийг хийдэг. Жишээ нь энэ нь шинэ хэрэглэгчийн бүлгийг системд нэмэх, эсвэл шинэ хэрэглэгчийн нэрсийг нууц үгийн мэдээллийн санд нэмж болох юм. Сүүлийн шинэчлэлтээс хойш шинэ бүлгүүд эсвэл системийн тусгай хэрэглэгчийн бүртгэлүүдийг нэмэх үед энэ нь ихэвчлэн шаардлагатай байдаг. Ингэснээр installworld алхам нь шинээр суулгагдсан системийн хэрэглэгч эсвэл системийн бүлгийн нэрсийг ямар ч асуудалгүйгээр ашиглах боломжтой болох юм. make installworld /usr/obj сангаас ертөнцийг хуулдаг. Та одоо диск дээрээ шинэ цөм болон шинэ ертөнцтэй боллоо. mergemaster Нэгэнт диск дээрээ шинэ ертөнцтэй болсон болохоор та одоо үлдсэн тохиргооны файлуудаа шинэчилж болно. Дахин ачаална. Шинэ цөм болон шинэ ертөнцийг шинэ тохиргооны файлуудтай дуудахын тулд машиныг бүрэн дахин ачаалах хэрэгтэй. Хэрэв та &os;-ийн нэг салбар дотор нэг хувилбараас илүү сүүлийн хувилбар руу шинэчилж байгаа бол, өөрөөр хэлбэл 7.0-с 7.1 рүү шинэчилж байгаа бол хөрвүүлэгч, цөм, хэрэглэгчийн талбар болон тохиргооны файлуудын хооронд айхтар таарамжгүй байдлууд тантай бараг л тохиолдохгүй учир энэ арга нь заавал шаардлагатай биш байж болох юм. Хуучин арга болох make world болон шинэ цөмийг бүтээж суулгах нь жижиг шинэчлэлтийн хувьд хангалттай сайн ажиллаж болох юм. Гэхдээ гол хувилбаруудын хооронд шинэчлэлт хийж байх үед энэ арга замыг дагахгүй байгаа хүмүүст зарим асуудлууд учирч болох юм. Олон шинэчлэлтүүд (өөрөөр хэлбэл 4.X-с 5.0 руу) тусгайлсан нэмэлт алхмуудыг (жишээ нь installworld хийхээс өмнө тусгай файлуудын нэрийг өөрчлөх эсвэл устгах гэх мэт) шаардаж болохыг энд тэмдэглэх нь зүйтэй юм. /usr/src/UPDATING файлыг анхааралтай уншина уу, ялангуяа одоогоор зөвлөсөн байгаа шинэчлэх дарааллыг тусгайлан тайлбарласан төгсгөл хэсгийг уншаарай. Зарим нэг тохиромжгүй байдалтай холбоотой асуудлуудаас бүрэн гүйцэд хамгаалах боломжгүйг хөгжүүлэгчид мэдсэнээр энэ арга нь цаг хугацааны туршид сайжруулагдсаар ирсэн юм. Одоогийн арга замууд нь удаан хугацааны туршид тогвортой байна гэдэгт найдаж байна. Дүгнэхэд &os;-г эхээс шинэчлэхэд одоогоор зөвлөдөг арга бол: &prompt.root; cd /usr/src &prompt.root; make buildworld &prompt.root; make buildkernel &prompt.root; make installkernel &prompt.root; shutdown -r now buildworld алхмаас өмнө mergemaster -p тушаалыг нэмж ажиллуулах цөөн ховор тохиолдлууд байдаг. Эдгээрийн талаар UPDATING файлд тайлбарласан байдаг. Хэрэв та &os;-ийн нэг буюу олон голлох хувилбаруудын дагуу шинэчлэл хийхгүй байгаа бол ерөнхийдөө энэ алхмыг эмээлгүйгээр орхиж болох юм. installkernel амжилттай дууссаны дараа та ганц хэрэглэгчийн горим уруу ачаалах хэрэгтэй (өөрөөр хэлбэл  boot -s тушаалыг дуудагч мөрөөс ашиглана). Дараа нь доор дурдсан тушаалуудыг ажиллуулна: &prompt.root; mount -u / &prompt.root; mount -a -t ufs &prompt.root; adjkerntz -i &prompt.root; mergemaster -p &prompt.root; cd /usr/src &prompt.root; make installworld &prompt.root; mergemaster &prompt.root; reboot Тайлбаруудыг цааш уншина уу Дээр тайлбарласан дараалал нь зөвхөн таныг эхлэхэд туслах богино сэргээлт болох юм. Гэхдээ хэрэв та ялангуяа өөрчлөн тохируулсан цөмийн тохиргоо ашиглахыг хүсэж байгаа бол дараах хэсгүүдийг уншиж алхам бүрийг сайтар ойлгох хэрэгтэй. <filename>/usr/src/UPDATING</filename> файлыг унш Өөр юм хийж эхлэхээсээ өмнө та /usr/src/UPDATING-г (эсвэл эх кодын хуулбар хаана байгаа тэндээс үүнтэй төстэй файлыг ) уншаарай. Энэ файл нь танд учирч болзошгүй асуудлуудын талаар чухал мэдээлэл агуулдаг бөгөөд эсвэл таны ажиллуулах зарим нэг тушаалуудын дарааллын талаар заасан байдаг. Хэрэв UPDATING файл таны энд уншсантай зөрчилдөж байвал UPDATING файлд заасныг дагах хэрэгтэй. UPDATING файлыг унших нь өмнө нь тайлбарласнаар зөв захидлын жагсаалтад бүртгүүлэхтэй харьцуулах юм бол хүлээн зөвшөөрч болохуйц орлогч байж чадахгүй юм. Энэ хоёр шаардлага нь нэмэлт бөгөөд заавал шаардлагатай биш юм. <filename>/etc/make.conf</filename> файлыг шалга make.conf /usr/share/examples/etc/make.conf болон /etc/make.conf файлыг шалгаарай. Эхнийх нь зарим нэг анхдагч тодорхойлолтуудыг агуулдаг – тэдгээрийн ихэнх нь тайлбар болон хаагдсан байдаг. Та системээ эхээс нь дахин бүтээх үедээ тэдгээрийг ашиглахын тулд /etc/make.conf файлд нэмэх хэрэгтэй. /etc/make.conf файлд нэмсэн болгон make тушаалыг ажиллуулах бүрд бас ашиглагддаг учир өөрийн системдээ зориулан тэдгээрийг боломжийн утгаар тохируулж өгөх нь зүйтэй юм. Ердийн хэрэглэгч /usr/share/examples/etc/make.conf файлд байдаг NO_PROFILE мөрийг /etc/make.conf уруу хуулж тайлбар болгосныг болиулж нээхийг магадгүй хүсэж болох юм. NOPORTDOCS гэх зэрэг бусад тодорхойлолтуудыг шалгаж танд хамаатай эсэхээс хамаарч оруулах эсэхээ шийдээрэй. <filename>/etc</filename> дэх файлуудыг шинэчил /etc сан нь таны системийн тохиргооны мэдээллийн ихэнх хэсгийг агуулдгаас гадна системийг эхлүүлэхэд ажилладаг скриптүүд энд байдаг. Эдгээр скриптүүдийн зарим нь FreeBSD-ийн хувилбараас хувилбарт өөрчлөгддөг. Тохиргооны файлуудын зарим нь бас системийг ажиллуулахад өдөр тутам хэрэглэгддэг. Ялангуяа /etc/group-г дурдаж болно. make installworld тушаалын суулгалт хийх хэсэг нь зарим нэг хэрэглэгчийн нэр эсвэл бүлгүүд байж байна гэж тооцдог тохиолдлууд байдаг. Шинэчлэл хийж байх үед эдгээр хэрэглэгчид эсвэл бүлгүүд ихэнхдээ байхгүй байдаг. Энэ нь шинэчлэл хийхэд асуудал учруулдаг. Зарим тохиолдолд make buildworld нь эдгээр хэрэглэгчид эсвэл бүлгүүд байгаа эсэхийг шалгана. Үүний нэг жишээ нь smmsp хэрэглэгч нэмэгдсэн тохиолдол юм. &man.mtree.8; нь /var/spool/clientmqueue-г үүсгэхийг оролдох үед хэрэглэгчийн суулгалтын процесс энэ асуудлаас болж амжилтгүй болж байсан. Үүний шийдэл нь &man.mergemaster.8;-г ертөнцийг бүтээхээс урд тохируулгатай ажиллуулах явдал юм. Энэ нь buildworld эсвэл installworld тушаалыг амжилттай болгоход зөвхөн шаардлагатай файлуудыг харьцуулдаг. Хэрэв та ялангуяа хэтэрхий санаа зовж байгаа бол тухайн бүлэгт харьяалагдаж байгаа нэрийг нь өөрчилж байгаа эсвэл устгаж байгаа ямар файлууд байгааг өөрийн системээс шалгаарай: &prompt.root; find / -group GID -print дээрх нь GID (энэ бүлгийн нэр байж болно эсвэл бүлгийн тоон ID байж болно) бүлгийн эзэмшдэг файлуудыг харуулна. Ганц хэрэглэгчийн горимд шилж ганц хэрэглэгчийн горим Та системийг ганц хэрэглэгчийн горимд эмхэтгэхийг хүсэж болох юм. Энэ нь шинэчлэлтийг арай илүү хурдасгах илэрхий ашиг тустайгаас гадна системийг дахин суулгах нь системийн стандарт хоёртын файлууд, libraries буюу туслах сангууд, оруулгын файлууд гэх зэрэг системийн маш олон чухал файлуудыг хөнддөг. Ажиллаж байгаа систем дээр эдгээрийг өөрчлөх нь (ялангуяа хэрэв тухайн үед таны систем дээр идэвхтэй хэрэглэгчид байвал) гай төвгийг өөрөө эрж байна гэсэн үг юм. олон хэрэглэгчийн горим Өөр нэг арга бол системийг олон хэрэглэгчийн горимд эмхэтгэж дараа нь суулгахдаа ганц хэрэглэгчийн горимд шилжин хийх явдал юм. Хэрэв та энэ замаар хийхийг хүсэж байвал бүтээлт дуустал дараах алхмууд дээр хүлээж байгаарай. Та installkernel эсвэл installworld хийх хүртлээ ганц хэрэглэгчийн горимд оролгүйгээр хүлээж байж болно. Супер хэрэглэгч болоод та доор дурдсаныг: &prompt.root; shutdown now ажиллаж байгаа системээс ганц хэрэглэгчийн горим уруу оруулахдаа ажиллуулж болно. Өөр нэг арга нь системийг дахин ачаалаад ачаалалтын тушаал хүлээх мөрөн дээр single user буюу ганц хэрэглэгч тохируулгыг сонгоорой. Ингэхэд систем ганц хэрэглэгчийг ачаална. Бүрхүүлийн тушаал хүлээх мөрөнд та доор дурдсан тушаалуудыг ажиллуулах шаардлагатай: &prompt.root; fsck -p &prompt.root; mount -u / &prompt.root; mount -a -t ufs &prompt.root; swapon -a Энэ нь файлын системүүдийг шалгаж /-г дахин унших/бичихээр дахин холбож бусад бүх UFS файлын системүүдийг /etc/fstab-д заасны дагуу холбон дараа нь swap-ийг идэмвхжүүлэх болно. Хэрэв таны CMOS цаг нь GMT биш локал хугацаагаар тохируулагдсан бол (хэрэв &man.date.1; тушаалын гаралт зөв цаг болон бүсийг харуулахгүй бол энэ нь үнэн) та дараах тушаалыг бас ажиллуулах хэрэгтэй болж болох юм: &prompt.root; adjkerntz -i Энэ нь таны локал цагийн бүсийн тохируулгуудыг зөвөөр тохируулж өгдөг — үүнийг хийхгүй бол та дараа нь зарим асуудлуудтай тулгарч магадгүй. <filename>/usr/obj</filename>-г устга Системийн хэсгүүд дахин бүтээгдсэнийхээ дараа (анхдагчаар) /usr/obj дахь сангуудад байршдаг. Эдгээр сангууд нь /usr/src дотор байгааг халхалдаг. Та make buildworld процессийг хурдасгаж болох бөгөөд энэ санг бас устгаснаар хамаарлын зовлонгуудаас өөрийгөө магадгүй аврах болно. /usr/obj доторх зарим файлуудад immutable буюу хувиршгүй туг тавигдсан (дэлгэрэнгүй мэдээллийг &man.chflags.1;-с үзнэ үү ) байж болох бөгөөд түүнийг эхлээд арилгах хэрэгтэй. &prompt.root; cd /usr/obj &prompt.root; chflags -R noschg * &prompt.root; rm -rf * Үндсэн системийг дахин эмхэтгэ Гаралтыг хадгалах нь &man.make.1;-г ажиллуулахдаа гарах үр дүнг өөр файл уруу хадгалах нь зүйтэй юм. Хэрэв ямар нэг юм болохоо боливол та алдааны мэдэгдлийн хуулбартай байх болно. Энэ нь танд юу буруутсаныг шинжлэхэд чинь тус болохгүй байж болох боловч та өөрийн энэ асуудлаа &os;-ийн аль нэг захидлын жагсаалт уруу илгээсэн тохиолдолд бусдад тус болж болох юм. Үүнийг хамгийн амраар хийхийн тулд &man.script.1; тушаалыг бүх гаралтыг хадгалах файлын нэрийг заасан параметрийн хамтаар ашиглана. Та үүнийг ертөнцийг дахин бүтээхээс өмнөхөн нэн даруй хийж дараа нь процесс дууссаны дараа exit гэж бичиж гарна. &prompt.root; script /var/tmp/mw.out Script started, output file is /var/tmp/mw.out &prompt.root; make TARGET … compile, compile, compile … &prompt.root; exit Script done, … Хэрэв та үүнийг хийх бол гаралтыг /tmp дотор битгий хадгалаарай. Энэ сан нь таныг дахин ачаалсны дараа цэвэрлэгдэж болох юм. Энэ файлыг хадгалах арай илүү боломжийн газар нь /var/tmp (өмнөх жишээн дээрх шиг) эсвэл root хэрэглэгчийн гэр сан байж болох юм. Үндсэн системийг эмхэтгэ Та /usr/src сан дотор байх шаардлагатай: &prompt.root; cd /usr/src (гэхдээ мэдээж таны код өөр газар байгаа тохиолдолд тэр сан уруугаа орох хэрэгтэй). make Ертөнцийг дахин бүтээхдээ та &man.make.1; тушаалыг ашиглана. Энэ тушаал нь &os;-ийн агуулсан програмууд ямар дарааллаар дахин хэрхэн бүтээгдэх зэргийг тайлбарласан Makefile файлаас заавруудыг уншдаг. Таны бичих тушаалын мөрийн ерөнхий хэлбэр нь дараах байдлаар байна: &prompt.root; make -x -DVARIABLE target Энэ жишээн дээр нь &man.make.1; уруу таны дамжуулах тохируулга юм. &man.make.1;-н гарын авлагын хуудаснаас та дамжуулж болох тохируулгуудын жишээг үзнэ үү. тохируулга нь Makefile уруу хувьсагч дамжуулж байна. Makefile-ийн ажиллагаа эдгээр хувьсагчуудаар хянагдана. Эдгээр нь /etc/make.conf дотор зааж өгсөн хувьсагчуудтай адил бөгөөд энэ нь тэдгээрийг тохируулах бас нэг өөр арга юм. &prompt.root; make -DNO_PROFILE target тушаал нь профиль хийгдсэн сангууд бүтээгдэх ёсгүйг заах өөр нэг арга бөгөөд энэ нь /etc/make.conf дахь дараах NO_PROFILE= true # Avoid compiling profiled libraries мөрд харгалзах юм. target нь &man.make.1;-д таны юу хийхийг хэлж өгдөг. Makefile болгон өөр өөр targets буюу даалгаврын төрлүүдийг тодорхойлдог бөгөөд таны сонгосон төрөл юу болохыг тодорхойлдог. Зарим төрлүүд Makefile-д жагсаагдсан байх бөгөөд гэхдээ эдгээр нь таныг ажиллуулахад зориулагдаагүй. Харин тэдгээр нь системийг дахин бүтээхэд шаардлагатай алхмуудыг хэд хэдэн дэд алхмуудад хуваахын тулд бүтээх процессод хэрэглэгддэг. Ихэнх тохиолдолд та &man.make.1; уруу ямар ч параметр дамжуулах хэрэггүй бөгөөд тэгэхээр таны тушаал дараахтай ижил байж болно: &prompt.root; make target дээрх target нь олон бүтээх тохируулгуудын нэг болно. Эхний төрөл нь үргэлж buildworld байх ёстой. Нэртэйгээ адилаар buildworld нь /usr/obj дотор бүрэн гүйцэд шинэ модыг бүтээх бөгөөд өөр нэг төрөл болох installworld нь энэ модыг тухайн машин дээр суулгадаг. Тусдаа тохируулгуудтай байх нь хоёр шалтгаанаар маш ач холбогдолтой юм. Нэгдүгээрт энэ нь бүтээлтийг таны ажиллаж байгаа системийн ямар ч хэсэгт нөлөөлөхгүйгээр аюулгүйгээр хийхийг танд зөвшөөрдөг. Бүтээлт нь өөр дээрээ хийгдэнэ (self hosted). Ийм болохоор та buildworld тушаалыг олон хэрэглэгчийн горимд ажиллаж байгаа машин дээр буруу нөлөөллөөс айлгүйгээр аюулгүйгээр хийж болно. Гэхдээ installworld хэсгийн хувьд ганц хэрэглэгчийн горимд хийхийг танд зөвлөдөг. Хоёрдугаарт энэ нь сүлжээн дэх олон машинуудыг шинэчлэхэд NFS холболтуудыг ашиглахыг танд зөвшөөрдөг. Хэрэв танд гурван машин байгаа бөгөөд A, B болон C машинуудыг шинэчлэхийг хүсвэл make buildworld болон make installworld тушаалыг A дээр ажиллуулна. Дараа нь B болон C машинууд A дээрх /usr/src болон /usr/obj сангуудыг NFS холболт хийн make installworld-г ажиллуулж бүтээлтийн үр дүнг B болон C дээр суулгаж болох юм. world төрөл байсаар байгаа хэдий ч танд түүнийг ашиглахгүй байхыг зөвлөж байна. Дараах тушаалыг ажиллуул &prompt.root; make buildworld Хэд хэдэн зэрэгцээ процессуудыг үүсгэх тохируулгыг make тушаалд зааж өгөх боломжтой. Энэ нь олон CPU-тэй машинууд дээр хамгийн их ашигтай. Гэхдээ эмхэтгэх процессийн ихэнх нь CPU дээр биш IO дээр ажилладаг болохоор энэ нь бас нэг CPU-тэй машинууд дээр ашигтай юм. Ердийн нэг CPU-тэй машин дээр та доор дурдсаныг ажиллуулж болох юм: &prompt.root; make -j4 buildworld &man.make.1; нь 4 хүртэлх процессийг нэгэн зэрэг ажиллуулах юм. Захидлын жагсаалтуудад илгээгдсэн туршлагаас харахад энэ нь ерөнхийдөө ажиллагааг хамгийн сайн хангаж хурдасгадаг байна. Хэрэв та олон CPU машинтай бөгөөд SMP тохируулагдсан цөм ашиглаж байвал утгыг 6-аас 10 хүртэл болгож хэр хурдсаж байгааг хараарай. Хугацаа ертөнцийг дахин бүтээх нь хугацаа Бүтээхэд шаардагдах хугацаанд олон хүчин зүйлс нөлөөлдөг, гэхдээ нэлээн сүүлийн үеийн машинуудын хувьд &os.stable; модыг процессийн явцад ямар нэгэн заль мэх эсвэл дөт зам ашиглалгүйгээр бүтээхэд зөвхөн нэг юм уу эсвэл хоёр цаг л шаардагдах болох юм. &os.current; модны хувьд арай удах болов уу. Шинэ цөмийг эмхэтгэж суулга цөм суулгах нь Та өөрийн шинэ системийн давуу талыг бүгдийг нь авахын тулд цөмөө дахин эмхэтгэх хэрэгтэй. Зарим нэг санах ойн бүтцүүд өөрчлөгдсөн байх талтай бөгөөд &man.ps.1; болон &man.top.1; зэрэг програмууд нь цөм болон эх кодын хувилбарууд адил болтол ажилладаггүй болохоор эмхэтгэх нь үнэндээ чухал хэрэгцээтэй юм. Үүнийг хамгийн хялбараар аюулгүйгээр хийхийн тулд GENERIC дээр тулгуурласан цөмийг бүтээж суулгах явдал юм. GENERIC нь таны системийн хувьд хэрэгцээтэй төхөөрөмжүүдийг агуулаагүй байж болох боловч таны системийг ядаж ганц хэрэглэгчийн горимд ачаалахад шаардлагатай бүгдийг агуулсан байх ёстой. Шинэ систем зөв ажиллуулахад энэ сайн тест болж өгдөг. GENERIC-с ачаалж таны систем ажиллаж байгааг шалгасны дараа та өөрийн ердийн цөмийн тохиргооны файл дээр тулгуурлан шинэ цөмөө бүтээж болох юм. &os; дээр шинэ цөм бүтээхээсээ өмнө ертөнцийг бүтээх нь чухал юм. Хэрэв та өөрчлөн тохируулсан цөмийг бүтээхийг хүсэж тохиргооны файлаа аль хэдийн үүсгэсэн бол доор дурдсантай адилаар KERNCONF=MYKERNEL гэж ашиглаарай: &prompt.root; cd /usr/src &prompt.root; make buildkernel KERNCONF=MYKERNEL &prompt.root; make installkernel KERNCONF=MYKERNEL Хэрэв та kern.securelevel хувьсагчийг 1-ээс дээш болгон ихэсгэсэн бөгөөд noschg эсвэл түүнтэй адил тугуудыг өөрийн цөмийн хоёртын файлд тавьсан бол installkernel хийхийн тулд та ганц хэрэглэгчийн горимд шилжин орох шаардлагатай байж болох юм. Үгүй бол та энэ хоёр тушаалыг олон хэрэглэгчийн горимоос ямар ч асуудалгүйгээр ажиллуулах ёстой. kern.securelevel-ийн талаар дэлгэрэнгүйг &man.init.8; болон төрөл бүрийн файлын тугуудын талаар дэлгэрэнгүйг &man.chflags.1; гарын авлагын хуудаснуудаас үзнэ үү. Ганц хэрэглэгчийн горим уруу дахин ачаалан ор ганц хэрэглэгчийн горим Та шинэ цөмийн ажиллагааг шалгахын тулд ганц хэрэглэгчийн горимд дахин ачаалан орох хэрэгтэй. Үүнийг дахь заавруудын дагуу хийнэ. Шинэ системийн хоёртын файлуудыг суулга Та шинэ системийн хоёртын файлуудыг суулгахын тулд installworld тушаалыг ашиглах шаардлагатай. Доор дурдсаныг ажиллуулна &prompt.root; cd /usr/src &prompt.root; make installworld Хэрэв та make buildworld тушаалын мөрөнд хувьсагчуудыг зааж өгсөн бол тэдгээр хувьсагчуудыг make installworld тушаалын мөрөнд бас адилаар зааж өгөх хэрэгтэй. Энэ бусад тохируулгуудын хувьд заавал шаардлагатай биш байж болох юм; жишээ нь тохируулга installworld-той цуг хэзээ ч хэрэглэгдэх ёсгүй. Жишээ нь хэрэв та доор дурдсаныг ажиллуулсан бол: &prompt.root; make -DNO_PROFILE buildworld хоёртын файлуудыг дараах тушаалаар суулгана: &prompt.root; make -DNO_PROFILE installworld ингэхгүй бол make buildworld тушаалын ажиллах явцад бүтээгдээгүй профиль хийгдсэн сангуудыг (libraries) суулгахыг оролдох болно. <command>make installworld</command> тушаалаар шинэчлэгдээгүй файлуудыг шинэчил Ертөнцийг дахин бүтээх нь зарим нэг сангуудыг (ялангуяа /etc, /var болон /usr) шинэ болон өөрчлөгдсөн тохиргооны файлуудаар шинэчилдэггүй. Эдгээр файлуудыг хамгийн амархнаар шинэчлэх арга нь &man.mergemaster.8;-г ашиглах явдал юм, гэхдээ та хэрэв хүсвэл үүнийг гараар ажиллуулах боломжтой юм. Аль ч аргыг сонголоо гэсэн ямар нэгэн зүйл буруутсан тохиолдолд сэргээх боломжтойгоор /etc-г нөөцөлж авах нь зүйтэй юм. Том Рөүдс Хувь нэмэр болгон оруулсан <command>mergemaster</command> mergemaster &man.mergemaster.8; хэрэгсэл нь /etc дэх таны тохиргооны файлууд болон /usr/src/etc эх модон дахь тохиргооны файлуудын ялгааг тодорхойлоход танд тусалдаг Bourne скрипт юм. Энэ нь системийн тохиргооны файлуудыг эх модон дахь тохиргооны файлуудаар шинэчлэх зориулалттай бидний зөвлөдөг шийдэл юм. Эхлэхийн тулд өөрийн тушаал оруулах мөрөнд ердөө л mergemaster-г бичиж түүний эхлэхийг нь хараарай. mergemaster нь түр зуурын root орчныг /-с доошлуулан бүтээж төрөл бүрийн системийн тохиргооны файлуудаар дамждаг. Тэдгээр файлууд нь таны системд суулгагдсан файлуудтай харьцуулагддаг. Энэ үед хоорондоо ялгаатай файлууд &man.diff.1; хэлбэрээр үзүүлэгддэг бөгөөд тэмдэгтээр нэмэгдсэн эсвэл өөрчлөгдсөн мөрүүдийг тэмдэгтээр устгагдсан эсвэл шинэ мөрөөр солигдсон мөрүүдийг харуулдаг. &man.diff.1;-н синтакс болон файлын өөрчлөлтүүдийг хэрхэн үзүүлдэг талаар дэлгэрэнгүй мэдээллийг &man.diff.1; гарын авлагын хуудаснаас үзнэ үү. &man.mergemaster.8; нь зөрчилдөөнүүдийг үзүүлсэн файл болгоныг харуулдаг бөгөөд энэ үед танд шинэ файлыг устгах (түр зуурын файл гэгддэг), түр зуурын файлыг өөрчлөлгүйгээр суулгах, суусан байгаа файлтай түр зуурын файлыг нийлүүлэх эсвэл &man.diff.1;-н гаралтыг дахин харах сонголтыг үзүүлэх болно. Түр зуурын файлыг устгахыг сонгосноор бид одоо байгаа файлаа хэвээр өөрчлөлгүй үлдээж шинэ хувилбарыг устгахыг хүсэж байгаагаа &man.mergemaster.8;-д хэлж байна гэсэн үг юм. Хэрэв та одоо байгаа файлаа өөрчлөх шалтгааныг олж харахгүй байгаагаас бусад тохиолдолд энэ сонголтыг хийхийг зөвлөдөггүй. Та ямар ч үед &man.mergemaster.8; тушаал хүлээх мөрөн дээр ? гэж бичин тусламж авч болох юм. Хэрэв хэрэглэгч файлыг орхихоор сонгосон бол энэ нь бусад бүх файлуудтай ажилсны дараа дахин үзүүлэгдэн хэрэглэгчээс тушаал хүлээх болно. Өөрчлөгдөөгүй түр зуурын файлыг суулгахыг сонгосноор одоо байгаа файлыг шинээр сольдог. Ихэнх өөрчлөгдөөгүй файлуудын хувьд энэ нь хамгийн шилдэг сонголт юм. Файлыг нийлүүлэхийг сонгосноор текст засварлагч болон хоёр файлын агуулгыг танд харуулах болно. Та дэлгэцийн хоёр талд байрласан тэдгээр хоёр файлыг хоёуланг нь шалган аль аль талаас нь хэрэгтэй хэсгүүдийг сонгон эцсийн бүтээгдэхүүн гаргаж аван нийлүүлж болно. Файлууд нь дэлгэцийн хоёр талд байрлан харьцуулагдах явцад l түлхүүр таны зүүн талын агуулгыг сонгодог бол r түлхүүр нь таны баруун тал дахь агуулгыг сонгох юм. Гарах эцсийн үр дүн нь хоёр файлын хоёулангийн хэсгүүдийг агуулсан файл болох бөгөөд түүнийг дараа нь суулгах боломжтой болох юм. Энэ сонголтыг хэрэглэгчийн тохиргоонуудад хийгдсэн өөрчлөлтүүдтэй файлуудын хувьд хэрэглэх нь зуршил болжээ. &man.diff.1;-ээс гарах үр дүнг дахин харахыг сонгосноор өмнө нь &man.mergemaster.8; файлын өөрчлөлтүүдийг харуулан таны сонголтыг хүлээсний нэгэн адилыг дахин харуулдаг. &man.mergemaster.8; системийн файлуудтай ажиллаж дууссаны дараа танаас бусад сонголтуудыг хийхийг хүлээдэг. &man.mergemaster.8; тушаал нууц үгийн файлыг дахин бүтээхийг хүсэж байгаа эсэхийг танаас асууж үлдсэн түр зуурын файлуудыг устгах сонголтыг үзүүлэн дуусдаг. Гараар шинэчлэх Хэрэв та гараар шинэчлэхийг хүсвэл гэхдээ та /usr/src/etc сангаас /etc сан уруу файлуудыг зүгээр л дарж хуулж ажиллуулж чадахгүй. Зарим файлуудыг эхлээд суулгах хэрэгтэй. Учир нь /usr/src/etc сан таны /etc сангийн хуулбар шиг байхаар харагддагүй. Мөн /usr/src/etc санд байдаггүй хэрнээ /etc сан дотор байх шаардлагатай зарим файлууд байдаг. Хэрэв та &man.mergemaster.8; (зөвлөсний дагуу) ашиглаж байвал та дагаагийн хэсэг уруу орж болно. Үүнийг гараар хамгийн хялбар аргаар хийхийн тулд файлуудыг шинэ сан уруу суулгаж нэг бүрчлэн өөрчлөлтүүдийг хайн ажиллах хэрэгтэй. Өөрт байгаа <filename>/etc</filename>-г нөөцөл Онолоор бол автоматаар энэ санд юу ч хүрдэггүй ч үүнд үргэлж итгэлтэй байх хэрэгтэй. Тэгэхээр өөрийн байгаа /etc санг хаа нэг аюулгүй газар хуулах хэрэгтэй. Доорхтой адилаар: &prompt.root; cp -Rp /etc /etc.old нь рекурсив хуулбар хийх бөгөөд нь файлуудын хугацаа, эзэмшигч гэх мэтийг хадгалдаг. Та шинэ /etc болон бусад файлуудыг суулгахын тулд хоосон сангууд бүтээх хэрэгтэй. /var/tmp/root нь боломжийн сонголт болох бөгөөд энэ сангийн доор хэд хэдэн дэд сангууд бас шаардлагатай болно. &prompt.root; mkdir /var/tmp/root &prompt.root; cd /usr/src/etc &prompt.root; make DESTDIR=/var/tmp/root distrib-dirs distribution Энэ нь шаардлагатай сангийн бүтцийг бүтээж файлуудыг суулгадаг. /var/tmp/root дотор үүсгэгдсэн олон дэд сангууд хоосон бөгөөд тэдгээрийг устгах шаардлагатай байдаг. Үүнийг хамгийн хялбараар хийхийн тулд: &prompt.root; cd /var/tmp/root &prompt.root; find -d . -type d | xargs rmdir 2>/dev/null Энэ нь бүх хоосон сангуудыг устгана. (Хоосон биш сангуудын тухай анхааруулгуудыг гаргахгүйн тулд стандарт алдаа нь /dev/null уруу илгээгддэг.) Одоо /var/tmp/root нь /-с доор байрлах тохирох байрлалуудад байршуулах ёстой бүх файлуудыг агуулсан байх болно. Та одоо эдгээр файл бүрийг шалгаж танд байгаа файлуудаас хэрхэн ялгаатай болохыг тогтоох хэрэгтэй. /var/tmp/root дотор суулгагдсан зарим файлуудын нэр урдаа . тэмдэгттэй байдгийг анхаарна уу. Энэ баримтыг бичиж байх үед ийм файлуудтай адил файлууд /var/tmp/root/ болон /var/tmp/root/root/ сан дахь бүрхүүлийн эхлүүлэх файлууд байсан, гэхдээ (таны хэзээ үүнийг уншиж байгаагаас хамаарч) өөр бусад файлууд байхыг үгүйсгэхгүй. Тэдгээрийг олж харахын тулд ls -a тушаалыг заавал ашиглаарай. Үүнийг хамгийн хялбар аргаар хийж хоёр файлыг харьцуулахын тулд &man.diff.1; тушаалыг ашиглах явдал юм: &prompt.root; diff /etc/shells /var/tmp/root/etc/shells Энэ нь таны /etc/shells файл болон шинэ /var/tmp/root/etc/shells файлын хоорондын ялгааг харуулна. Эдгээрийг ашиглаж өөрийн хийсэн өөрчлөлтүүдийг нийлүүлэх эсвэл өөрийн хуучин файл дээрээс хуулах эсэхээ шийдээрэй. Хувилбаруудын Хоорондох Ялгаануудыг Хялбараар Харьцуулахын Тулд Та Шинэ Root Сангаа Тухайн Үеийн Хугацаагаар Нэрлээрэй Ертөнцийг байнга дахин бүтээнэ гэдэг нь /etc-г та бас байнга шинэчилнэ гэсэн үг бөгөөд энэ нь ердөө л жижиг хэвшмэл ажил юм. Та энэ процессийг /etc уруу нийлүүлсэн өөрийн хамгийн сүүлийн өөрчлөгдсөн файлуудыг хадгалснаар хурдасгаж болох юм. Дараах процедур үүнийг хэрхэн хийж болох нэг санааг өгч байна. Ертөнцийг жирийнээр бүтээ. /etc болон бусад сангуудыг шинэчлэхийг хүсэхдээ тухайн цаг дээр тулгуурласан нэр бүхий санг өг. Хэрэв та үүнийг 1998 оны 2 сарын 14-нд хийж байгаа бол дараах байдлаар хийнэ: &prompt.root; mkdir /var/tmp/root-19980214 &prompt.root; cd /usr/src/etc &prompt.root; make DESTDIR=/var/tmp/root-19980214 \ distrib-dirs distribution Энэ сангийн өөрчлөлтүүдийг дээр дурдсаны дагуу нийлүүл. Та дууссаныхаа дараа /var/tmp/root-19980214 санг битгий устгаарай. Та эхийн хамгийн сүүлийн хувилбарыг татан авч дахин бүтээхдээ 1-р алхмыг дага. Энэ нь танд шинэ сан өгөх бөгөөд /var/tmp/root-19980221 гэж нэрлэгдсэн байж болох юм (хэрэв та шинэчлэлтүүдийг хийхдээ долоо хоног хүлээсэн бол). Та одоо &man.diff.1; ашиглан хоёр сангийн хооронд рекурсив diff үүсгэж долоо хоногийн хооронд хийгдсэн өөрчлөлтүүдийг харж болно: &prompt.root; cd /var/tmp &prompt.root; diff -r root-19980214 root-19980221 Ихэнхдээ энэ нь /var/tmp/root-19980221/etc болон /etc хоёрын хоорондох өөрчлөлтүүдийг бодох юм бол харьцангуй бага өөрчлөлтүүд байдаг. Өөрчлөлтүүд нь арай бага болохоор тэдгээр өөрчлөлтүүдийг өөрийн /etc сан уруу шилжүүлэх нь илүү хялбар байдаг. Та одоо хоёр /var/tmp/root-* сангуудын аль хуучныг устгаж болно: &prompt.root; rm -rf /var/tmp/root-19980214 /etc уруу өөрчлөлтүүдийг нийлүүлэх болгондоо энэ процессийг давтах хэрэгтэй. Та &man.date.1;-г ашиглан сангийн нэрсийг автоматаар үүсгэж болно: &prompt.root; mkdir /var/tmp/root-`date "+%Y%m%d"` Дахин ачаалах нь Та ерөнхийдөө ингээд хийгээд дуусч байна. Та бүх зүйл байх ёстой байрандаа байгаа эсэхийг шалгасныхаа дараа системийг дахин ачаалж болно. Энгийн &man.shutdown.8; үүнийг хийх болно: &prompt.root; shutdown -r now Дууслаа Одоо та өөрийн &os; системийг амжилттайгаар шинэчлээд дууссан байх ёстой. Баяр хүргэе. Хэрэв юмс шал буруугаар эргэвэл системийн тухайн хэсгийг дахин бүтээхэд амархан байдаг. Жишээ нь хэрэв та шинэчлэлтийн явцад эсвэл /etc-г нийлүүлэх явцад санамсаргүйгээр /etc/magic файлыг устгасан бол &man.file.1; тушаал ажиллахаа больно. Ийм тохиолдолд дараах засварыг ажиллуулж болох юм: &prompt.root; cd /usr/src/usr.bin/file &prompt.root; make all install Асуултууд Өөрчлөлт бүрт зориулан ертөнцийг дахин бүтээх хэрэгтэй юу? Үүнд хялбар хариулт байхгүй, учир нь өөрчлөлтийн цаад утга чанараас хамаарна. Жишээ нь хэрэв та CVSup-г дөнгөж ажиллуулахад дараах файлууд шинэчлэгдэж байгааг үзүүлж байгаа бол: src/games/cribbage/instr.c src/games/sail/pl_main.c src/release/sysinstall/config.c src/release/sysinstall/media.c src/share/mk/bsd.port.mk магадгүй бүхэл ертөнцийг дахин бүтээх хэрэггүй байж болох юм. Та тохирох дэд сангууд уруу орж make all install гэж тушаалыг өгөөд л болох юм. Хэрэв зарим нэг гол чухал зүйл жишээ нь src/lib/libc/stdlib өөрчлөгдсөн бол та ертөнцийг эсвэл хамгийн багаар бодоход статикаар холбогдсон (statically linked) түүний тэдгээр хэсгүүдийг дахин бүтээх шаардлагатай болно. Эцсийн эцэст энэ нь танаас л хамаарна. Та жишээ нь хоёр долоо хоног тутам ертөнцийг дахин бүтээж тэр хоёр долоо хоногийн хугацаанд өөрчлөлтүүдийг хуримтлуулж байгаадаа сэтгэл хангалуун байж болно. Эсвэл та зөвхөн өөрчлөгдсөн зүйлсүүдийг дахин бүтээхийг хүсэж магадгүй бөгөөд бүх хамаарлуудыг шийднэ гэдэгтээ итгэлтэй байх хэрэгтэй. Тэгээд мэдээж энэ бүхэн таны ямар давтамжтайгаар шинэчлэхийг хүсдэг болон &os.stable; эсвэл &os.current;-ийн алийг дагаж байгаагаас хамаарах болно. Миний эмхэтгэл маш олон дохио 11 дохио 11 (эсвэл бусад дохионы дугаар) алдаагаар амжилтгүй болсон. Юу болсон юм бол? Энэ нь ихэвчлэн тоног төхөөрөмжийн асуудлыг илэрхийлдэг. Ертөнцийг (дахин) бүтээх нь өөрийн тоног төхөөрөмжийг ачаалах тест хийх үр дүнтэй арга бөгөөд удаа дараа санах ойн асуудлууд байвал тэдгээрийг илрүүлдэг. Эмхэтгэгч нь сонин/хачин дохионуудыг хүлээн авч ид шидийн байдлаар амжилтгүй болсноор тэдгээр асуудлууд нь өөрсдийгөө зарлан тунхагладаг. Хэрэв та бүтээлтийг дахин эхлүүлээд тэр нь процессийн өөр өөр хэсэгт амжилтгүй болж байвал энэ нь үүнийг тодоор зааж байна гэсэн үг юм. Энэ тохиолдолд та өөрийн машин дахь бүрэлдэхүүн хэсгүүдээ өөрчлөн нэгээс нөгөөд сольж тавин аль нь ажиллахгүй байгааг олохоос өөр зүйл хийж чадахгүй л болов уу. Би дууссаныхаа дараа /usr/obj-г устгаж болох уу? Товчхондоо бол болно. /usr/obj нь эмхэтгэх үед бүтээгдсэн бүх обьект файлуудыг агуулдаг. Жирийн үед make buildworld процессийн эхний алхмуудын нэг нь энэ санг устгаад цоо шинээр эхлэх явдал юм. Энэ тохиолдолд /usr/obj-г дууссаныхаа дараа байлгаад байх нь ухаалаг биш бөгөөд үүнийг устгаснаар ихээхэн хэмжээний дискний зайг суллах болно (одоогоор 2 GB орчим). Гэхдээ хэрэв та юу хийж байгаагаа мэдэж байгаа бол make buildworld хийхдээ энэ алхмыг алгасаж болно. Энэ нь дараа дараагийн бүтээлтийг илүү хурдасгадаг бөгөөд учир нь ихэнх эхүүд дахин эмхэтгэх шаардлагагүй байдаг. Үүний сул тал нь баригдашгүй хамаарлын асуудлууд илэрч таны бүтээлтийг хачин байдлаар амжилтгүй болгодог. Хэн нэгэн илүү дөтлөх гэснээсээ болоод амжилтгүй болсныг мэдэлгүй өөрийн бүтээлтийг амжилтгүй болсныг гомдоллосноор &os;-ийн захидлын жагсаалтуудад хий дэмий шуугианыг удаа дараа үүсгэдэг билээ. Тасалдсан бүтээлтүүдийг үргэлжлүүлж болох уу? Энэ нь асуудлыг олох хүртлээ та хэр хол явснаас хамаарна. Ерөнхийдөө (энэ нь хэцүү бас хурдан дүрэм биш) make buildworld процесс нь үндсэн багажуудын (&man.gcc.1;, болон &man.make.1; зэрэг) болон системийн сангуудын шинэ хуулбаруудыг бүтээдэг. Тэдгээр багажууд болон сангууд нь дараа нь суулгагддаг. Шинэ багажууд болон сангууд дараа нь өөрсдийгөө дахин бүтээхэд ашиглагддаг бөгөөд дахин суулгагддаг. Бүхэл бүтэн систем (одоо &man.ls.1; эсвэл &man.grep.1; зэрэг ердийн хэрэглэгчийн програмууд) дараа нь шинэ системийн файлуудтайгаар дахин бүтээгддэг. Хэрэв та сүүлийн шатанд байгаа бөгөөд та үүнийг мэдэж байгаа бол (та хадгалж байгаа гаралтаас харсан болохоор) та дараах тушаалыг ажиллуулж (бараг л аюулгүйгээр) болно: … fix the problem … &prompt.root; cd /usr/src &prompt.root; make -DNO_CLEAN all Энэ нь өмнөх make buildworld тушаалын хийснийг буцаахгүй. Хэрэв та доорх мэдэгдлийг : -------------------------------------------------------------- Building everything.. -------------------------------------------------------------- make buildworld тушаалын гаралт дээр харсан бол магадгүй тэгж хийх нь аюулгүй байж болох юм. Хэрэв та тийм мэдэгдэл харахгүй байгаа бол эсвэл та итгэлтэй биш байгаа бол харамсахаасаа өмнө аюулгүй байдлыг бодож бүтээлтийг бүр эхнээс нь дахин эхлүүлсэн нь дээр юм. Би ертөнцийг бүтээхийг хэрхэн хурдасгах вэ? Ганц хэрэглэгчийн горимд ажиллуул. /usr/src болон /usr/obj сангуудыг тус тусдаа байх дискнүүд дээр тус тусдаа байх файлын системүүд дээр байрлуул. Хэрэв боломжтой бол эдгээр дискнүүдийг тус тусад нь дискний хянагчууд дээр байрлуул. &man.ccd.4; (нийлүүлсэн дискний драйвер) төхөөрөмж ашиглан эдгээр файлын системүүдийг олон дискнүүдийн дагуу байрлуулах нь бас арай илүү хурдасгах юм. Профиль хийгдэхийг (/etc/make.conf файлд NO_PROFILE=true гэж зааж өг) болиул. Танд энэ бараг гарцаагүй хэрэггүй. тохируулгыг &man.make.1;-д дамжуулж олон процессийг зэрэгцээгээр ажиллуул. Энэ нь танд ганц эсвэл олон процессортой машин аль нь ч байсан ялгаагүйгээр ихэвчлэн тусалдаг. /usr/src-г агуулж байгаа файлын систем тохируулгаар холболт хийгдэж (эсвэл салгагдаж) болно. Энэ нь файлын систем файл уруу хандах хандалтын хугацааг бүртгэхийг болиулдаг. Танд магадгүй энэ мэдээлэл бараг л хэрэггүй биз ээ. &prompt.root; mount -u -o noatime /usr/src Энэ жишээ /usr/src нь өөрийн файлын систем дээр байгаа гэж тооцож байгаа болно. Хэрэв энэ нь тийм биш бол (хэрэв энэ сан жишээ нь /usr-ийн хэсэг маягаар байгаа бол) та /usr/src-г биш харин тэр файлын системээ холболтын цэг болгон ашиглах хэрэгтэй. /usr/obj-г агуулж байгаа файлын систем тохируулгатай холболт хийгдэж (эсвэл салгагдаж) болно. Энэ нь диск уруу хийх бичилтийг асинхроноор буюу зэрэг биш хийлгэдэг. Өөрөөр хэлбэл бичилт нэн даруй хийгдээд өгөгдөл диск уруу цөөн секундын дараа бичигддэг. Энэ нь бичилтүүдийг бүлэглэхийг зөвшөөрч маш их үр дүнтэйгээр ажиллагааг хурдасгаж болох юм. Энэ тохируулга нь таны файлын системийг илүү эмзэг болгохыг санаарай. Тэжээл тасалдаж машин дахин ачаалах үед файлын систем сэргээж болшгүй төлөвт орох магадлал энэ тохируулгатай байхад илүү байдаг. Хэрэв /usr/obj нь энэ файлын систем дээрх цорын ганц зүйл бол энэ асуудал биш юм. Хэрэв танд уг файлын систем дээр өөр, үнэтэй өгөгдөл байгаа бол энэ тохируулгыг идэвхжүүлэхээсээ өмнө өөрийн нөөц чинь шинэ эсэхийг шалгаарай. &prompt.root; mount -u -o async /usr/obj Дээр дурдсан шиг хэрэв /usr/obj нь өөрийн файлын систем дээр биш байх юм бол жишээн дээрхийг тохирох холболт хийх цэгийн нэрээр солиорой. Хэрэв ямар нэг юм буруутвал би юу хийх вэ? Таны орчинд өмнөх бүтээлтүүдийн үеийн илүү үлдэгдлүүд байхгүйд үнэхээр итгэлтэй байх хэрэгтэй. Энэ нь их амархан юм. &prompt.root; chflags -R noschg /usr/obj/usr &prompt.root; rm -rf /usr/obj/usr &prompt.root; cd /usr/src &prompt.root; make cleandir &prompt.root; make cleandir Тиймээ, make cleandir тушаалыг үнэндээ хоёр удаа ажиллуулах шаардлагатай. Тэгээд make buildworld тушаалыг эхлүүлж бүх процессийг дахин эхлүүл. Хэрэв та асуудалтай хэвээр байгаа бол алдаа болон uname -a тушаалын дүнг &a.questions; уруу явуулаарай. Өөрийн тохиргооныхоо талаар бусад асуултанд хариулахад бэлэн байгаарай! Антон Штеренлихт Тэмдэглэгээ хийсэн Хуучин файлууд, хавтаснууд болон сангуудыг устгах Хуучин файлууд, хавтаснууд болон сангуудыг устгах &os; хөгжүүлэлтийн явцад файлууд болон тэдгээрийн агуулга үе үе хуучирдаг.Тэдгээрийн үүрэг болон боломжууд өөр хаа нэгтээ хийгдсэн юм уу эсвэл сангийн хувилбарын дугаар өөрчлөгдсөн юм уу эсвэл системээс бүрмөсөн хасагдсанаас болоод тийм байж болох юм. Эдгээрт хуучин файлууд, сангууд болон хавтаснууд ордог бөгөөд эдгээрийг системийг шинэчлэхдээ устгах ёстой. Энэ нь хэрэглэгчийн хувьд хадгалах (болон нөөц) төхөөрөмж дээр хэрэгцээгүй зай эзлээд байгаа хуучин файлуудаар систем дүүрэхгүй байх ашигтай юм. Үүнээс гадна хуучин сан аюулгүй байдлын болон найдвартай ажиллагааны хувьд асуудалтай байсан бол та өөрийн системийг аюулгүй болгож хуучин сангаас болоод ажиллахаа болиод байсан асуудлаас сэргийлэхийн тулд шинэ сан руу шинэчлэх хэрэгтэй. Хуучин гэгдсэн файлууд, хавтаснууд, сангуудын жагсаалт /usr/src/ObsoleteFiles.inc файлд байдаг. Дараах заавар нь системийг шинэчлэх явцад хуучин файлуудыг устгахад туслах болно. Таныг -д заасны дагуу явж байгаа гэж энд үзнэ. make installworld болон дараагийн mergemaster тушаал амжилттай хэрэгжсэний дараа дараах маягаар та хуучин файлууд болон сангуудыг шалгах ёстой: &prompt.root; cd /usr/src &prompt.root; make check-old Хэрэв ямар нэг хуучин файл олдвол дараах тушаал ашиглан тэдгээрийг устгаж болно: &prompt.root; make delete-old Түлхүүр үгсийн талаар дэлгэрэнгүйг сонирхож байгаа бол /usr/src/Makefile файлыг үзнэ үү. Хуучин файл бүрийг устгахын өмнө асууж хариулах дэлгэц гарна. Та энэ дэлгэцийг өнгөрөөж систем эдгээр файлуудыг автоматаар устгахаар тохируулахын тулд BATCH_DELETE_OLD_FILES хувьсагчийг дараах байдлаар ашиглана: &prompt.root; make -DBATCH_DELETE_OLD_FILES delete-old Мөн энэ зорилгод хүрэхийн тулд доорхитой адилаар эдгээр тушаалд yes өгч хүрч болно: &prompt.root; yes|make delete-old Анхааруулга Хуучин файлуудыг устгах нь тэдгээр хуучин файлуудаас хамааралтай програмуудыг ажиллахгүй болгоно. Энэ нь ялангуяа хуучин сангуудын хувьд үнэн байдаг. Ихэнх тохиолдолд та make delete-old-libs тушаалыг биелүүлэхээсээ өмнө хуучин сан ашиглаж байсан програмууд, портууд эсвэл сангуудыг дахин бүтээх хэрэгтэй. Хуваалцсан сангуудаас хамааралтай эсэхийг шалгадаг хэрэгслүүд sysutils/libchk эсвэл sysutils/bsdadminscripts зэрэг портын цуглуулгад байдаг. Хуучин хуваалцсан сангууд нь шинэ сангуудтай зөрчилдөж болох бөгөөд доорх шиг алдаа өгч болно: /usr/bin/ld: warning: libz.so.4, needed by /usr/local/lib/libtiff.so, may conflict with libz.so.5 /usr/bin/ld: warning: librpcsvc.so.4, needed by /usr/local/lib/libXext.so, may conflict with librpcsvc.so.5 Эдгээр асуудлуудыг шийдэхийн тулд уг санг аль порт суулгасныг олно: &prompt.root; pkg_info -W /usr/local/lib/libtiff.so /usr/local/lib/libtiff.so was installed by package tiff-3.9.4 &prompt.root; pkg_info -W /usr/local/lib/libXext.so /usr/local/lib/libXext.so was installed by package libXext-1.1.1,1 Дараа нь уг портыг deinstall хийгээд дахин бүтээж суулгах хэрэгтэй. Энэ явцыг автоматжуулахын тулд ports-mgmt/portmaster болон ports-mgmt/portupgrade хэрэгслийг ашиглаж болно. Бүх портуудыг дахин бүтээсэн гэдэгтээ итгэлтэй болсны дараа хуучин сангуудыг ашиглах хэрэггүй бөгөөд тэдгээрийг дараах тушаал ашиглан устгаж болно: &prompt.root; make delete-old-libs Майк Мэйэр Хувь нэмэр болгон оруулсан Олон машины хувьд дагах нь NFS олон машин суулгах нь Хэрэв та олон машинуудын хувьд ижил эх модыг дагахыг хүсэж бүгдийн хувьд эхийг татан авахуулж бүгдийг дахин бүтээхийг хүсэж байгаа бол энэ нь дискний зай, сүлжээний зурвасын өргөн болон CPU циклүүд зэрэг эх үүсвэрүүдийг үр ашиггүйгээр ашиглахад хүргэхээр санагдаж болох юм. Тиймээ, үүний шийдэл нь нэг машинаар ихэнх ажлыг хийлгэж бусад машинууд нь тэр ажлыг NFS-ээр дамжуулан холбох явдал юм. Энэ хэсэгт ингэж хийх аргыг тайлбарсан. Бэлтгэл ажлууд Эхлээд хоёртын адил файлуудыг ажиллуулах build set буюу бүтээх олонлог гэж бидний нэрлэх машинуудыг олох хэрэгтэй. Машин бүр өөрчлөн тохируулсан цөмтэй байж болох бөгөөд гэхдээ тэд ижил хэрэглэгчийн талбарын хоёртын файлуудыг ажиллуулж байх ёстой. Тэр олонлогоос бүтээх машиныг сонгох хэрэгтэй. Энэ нь ертөнц болон цөм бүтээгдэх машин байх юм. Туйлын хүслээр бол энэ нь make buildworld болон make buildkernel тушаалуудыг ажиллуулахад хангалттай нөөц CPU бүхий хурдан машин байх хэрэгтэй. Та мөн үйлдвэрлэлд ашиглахаас өмнө програм хангамжуудыг тест хийдэг тест машин сонгохыг бас хүсэж болох юм. Энэ нь удаан хугацаагаар унтраастай эсвэл зогссон байж болох машин байх ёстой. Энэ нь бүтээх машин байж болох юм, гэхдээ заавал биш юм. Энэ бүтээх олонлог дахь бүх машинууд нь өөр өөрийн машин дээрээсээ ижил цэг дээр /usr/obj болон /usr/src-г холболт хийх хэрэгтэй. Туйлын хүслээр бол энэ нь бүтээх машин дээрх хоёр өөр дискнүүд байж болох бөгөөд гэхдээ эдгээр нь уг машин дээр NFS холболт бас хийгдэж болохоор байж болох юм. Хэрэв танд олон бүтээх олонлогууд байгаа бол /usr/src сан нь нэг бүтээх машин дээр байрлаж бусад дээр нь NFS холболт хийгдсэн байх юм. Төгсгөлд нь бүтээх олонлогийн бүх машинууд дээрх /etc/make.conf болон /etc/src.conf файлууд бүтээх машиныхтай тохирч байгаа эсэхийг шалгаарай. Энэ нь бүтээх олонлогийн машин бүрийн суулгах үндсэн системийн бүх хэсгүүдийг бүтээх машин хийх ёстой гэсэн үг юм. Мөн бүтээх машин бүр өөрийн цөмийн нэрийг /etc/make.conf файлд KERNCONF хувьсагчид заан өгөх ёстой бөгөөд бүтээх машин бүр KERNCONF хувьсагчдаа өөрийн цөмийг эхэнд оруулан дараа нь тэдгээрийг жагсаах ёстой байдаг. Бүтээх машин нь машин бүрийн цөмийг бүтээхээр болох юм бол тэдгээрийн тохиргооны файлыг /usr/src/sys/arch/conf санд агуулсан байх шаардлагатай. Үндсэн систем Одоо бүх юм ингэж хийгдсэний дараа та бүгдийг бүтээхэд бэлэн боллоо. Бүтээх машин дээр -д тайлбарласны дагуу цөм болон ертөнцийг бүтээ, гэхдээ юуг ч битгий суулгаарай. Бүтээлт дууссаны дараа тест машин дээр дөнгөж саяхан бүтээсэн цөмөө суулга. Хэрэв энэ машин нь /usr/src болон /usr/obj сангуудыг NFS-ээр холболт хийх гэж байгаа бол та ганц хэрэглэгчийн горимд дахин ачаалахдаа сүлжээг нээж тэдгээрийг холбож өгөх хэрэгтэй. Үүнийг хамгийн хялбараар хийхийн тулд олон хэрэглэгчийн горимд ачаалан shutdown now тушаалыг ажиллуулж ганц хэрэглэгчийн горимд орох явдал юм. Тэгэж орсныхоо дараа та шинэ цөм болон ертөнцийг суулгаж жирийн үедээ хийдэг mergemaster тушаалыг ажиллуулж болно. Ингэж дууссаныхаа дараа энэ машины хувьд ердийн олон хэрэглэгчийн үйлдлүүдэд дахин ачаалж орно. Тест машин дээрх бүх зүйлс зөв ажиллаж байгааг мэдсэнийхээ дараа та бүтээх олонлогийн бусад машин бүр дээр шинэ програм хангамж суулгахдаа ижил процедурыг ашиглаарай. Портууд Үүнтэй адил санааг бас портуудын модонд ашиглаж болно. Эхний чухал алхам бол нөгөө машин дээрх /usr/ports санг бүтээх олонлогийн бусад машинууд дээр холбож өгөх явдал юм. Дараа нь та /etc/make.conf файлыг distfiles буюу түгээлтийн файлуудыг хуваалцахаар зөв тохируулж өгч болно. Та DISTDIR хувьсагчийг таны NFS холболтуудад заагдсан аль ч root хэрэглэгчийн хувьд бичигдэх боломжтой байх нийтлэг хуваалцсан сангаар тохируулах шаардлагатай. Машин бүр WRKDIRPREFIX хувьсагчийг локал бүтээх сангаар зааж өгөх хэрэгтэй. Эцэст нь хэрэв та багцуудыг бүтээж түгээх гэж байгаа бол PACKAGES хувьсагчийг DISTDIR хувьсагчийн нэгэн адил сангаар зааж өгөх хэрэгтэй. diff --git a/zh_CN.GB2312/articles/contributing/article.xml b/zh_CN.GB2312/articles/contributing/article.xml index 4309e0c9bc..ba80c2c4cd 100644 --- a/zh_CN.GB2312/articles/contributing/article.xml +++ b/zh_CN.GB2312/articles/contributing/article.xml @@ -1,510 +1,505 @@
Ϊ FreeBSD ṩ Ϊ˻֯ϣΪFreeBSDĿṩ ڱҵʵķ Jordan Hubbard ԭ &tm-attrib.freebsd; &tm-attrib.ieee; &tm-attrib.general; $FreeBSD$ $FreeBSD$ ϣ FreeBSD Ŀʲô ̫ˣ ǻӭ FreeBSD ûĹײŵԷչ׳ġ DzdzлĹףңЩ FreeBSD ijչҲҪ ҲIJͬ ȲһɫijԱ Ҳ FreeBSD ŶӳԱкܺõ˽ ǻһͬʵĶԴĹ FreeBSD ĿԱ鲼ȫ Ҽר죬 ֲҲdz㷺 ÿ죬 ǶԳĹû㹻֣ ʱӭİ FreeBSD ĿһIJϵͳ ֻһں˻һЩɢĹ߰ ˣ ǵ TODO бָĹ ĵûԡʾ ϵͳװ͸߶רҵں˿ ļˮƽΣ º ԰Ŀ ǹº FreeBSD عҵϵ ҪһЩչʹIJƷתô ᷢǺӦ رϡŹֵġ Ƿصֵҵ ɣ ҲеijЩ໥Э ŬƾеĹ ۺάĿ ϣܸһλᡣ ǵ гһЩҪɵĿ ǻϿԱͬ TODO(б) б ԼûҪ ڽеķǿ ܶμFreeBSDĿ˲dzԱ Ŀĵ׫дߡ ҳʦ Լ֧Ա Щ־Ը˵ ֻҪһЩʱ䣬 ҾѧϰԸ ԾͨFAQֲᣬ ˷Ľͣ ǹʱ֪ʶ ȫȷĵط ǡ ˳ְǸĹǾ͸ (SGMLʵѧ Ҳֱύ ASCII İ汾) ǰ FreeBSD ĵĸ ĸ汾Ѿˣ ҲԷһЩĵ߼ЩеĵǷ¸¹ġ ȼ򵥿 FreeBSD ĵƻй ij μӷ빤˵Ҫ¾սе FreeBSD ĵ Ϊһ־Ըߣ ٹȫȡԸ һij˿ʼˣ ˼һ뵽Щ ֻ޵ʱ߾ȥ벿ĵ ȥ밲װָϡ Ķ &a.questions; żһ &ng.misc; (йɵ) ˷רҵ֪ʶ ǽһõ飻 ЩʱѧһЩ¶ Щ̳ʱҲΪṩһЩмֵ⡣ ڽеĿ Ĵ󲿷ҪͶɹ۵ʱ䣬 Ҫ FreeBSD ں˷зḻ֪ʶ ߶Ҫ ȻҲкܶҪҲһ ĩԱ ͿԸꡣ FreeBSD-CURRENT 汾һٵ Internet· Է current.FreeBSD.org ÿһ°汾 — пգ ԸһݲҰװ ʲô⣬ǡ Ķ &a.bugs; ܻΪЩṩнۣ ߰æһЩ ⣬ ԳеһЩ⡣ ֪һЩѾ -CURRENT ϳɹؽУ ھһʱ֮Ȼûкϲ -STABLE (ͨ 2) ص committer һòʾš 뵽Դе src/contrib Ŀ¼ ȷ src/contrib еĴµ Ըߵľ漶𹹽Դ (һԴ) Щ档 Щ ports ʹùʱĶ gets() malloc.h ľ档 ports һЩ &os; ĸĶ IJظԭ (´ʱĹһЩ) ȡһʽı׼ &posix; ĸ FreeBSD C99 & POSIX ׼˳ӦĿ վϵõصӡ FreeBSD Ϊͬ׼бȽϡ ׼ͬ رЩϸڵط΢С죬 뷢һ PR (ⱨ) ܣ ָ PR ύ Ϊ׼⣬ ׼ҪµĿǡ Ϊбݣ 鿴 PR ݿ ⱨݿ FreeBSD PR б չʾеǰڻԾ״̬ⱨ棬 Լ FreeBSD ûύĸĽ顣 PR ݿͬʱ˿ԱͷǿԱ 鿴Щδ PR ǷȤ пһЩǷdz򵥵⣬ ֻҪһȷ PR ȷġ һЩܻdzӣ ȫûаκ ȿһЩû˽ֵ PR PR Ѿˣ ܹģ ԸǸ˷ţ ѯǷṩ — ǿѾ˿ɹԵIJ һЩɹ۵ <quote></quote> ҳĿ &os; ־ԸĿ͵嵥 ҲṩԸΪ &os; Ŀ׵ǵġ 嵥һֱڱڸţ ˶ԳԱͷdzԱõÿĿϢ ĽϵͳϿԷΪ 5 ࣺ 󱨸һע ͨ һϵ 뷨ͽӦ÷ &a.hackers; ͬأ ЩȤ (Ȼ ͬʱҪܹ ʼ) ԿǶ &a.hackers; μ FreeBSD ʹֲ ˽ʼб Լʼбϸ bug ҪύijЩ޸ģ ͨ &man.send-pr.1; ʹ WEB ύҳ ύ д bug ÿһ һ˵ ǽ bug ֱӸϲ 65KB ֱӦõԴϣ ڱ synopsis һд [PATCH] ڸʱ Ҫ ͨƺճУ Ϊ tab ɿո ܾܿͲˡ 20KB ܶ࣬ Ӧǽѹ (ʹ &man.gzip.1; &man.bzip2.1;) ֮ &man.uuencode.1; б֮ٷŽⱨС һ汻浵 յһȷʼԼһ¼׷ٱš 뱣ţ Ϊ֮ʹţ ʼ &a.bugfollowup; ṩڸ¼ĽһϢ ҪǽŷŵʼıУ "Re: kern/3377" ͬһһӦַͨʽύ һʱ֮Ȼûյȷ ( 3 1 ܣ ȡʼ) ijԭ޷ʹ &man.send-pr.1;  ԷŸ &a.bugs; Ҫ˴ μ ƪ ˽׫дõⱨ档 ĵ޶ ύĵ ĵ޸ &a.doc; 顣 μ FreeBSD ĵƻ ָ 밴 нܵķʹ &man.send-pr.1; µĵ߶ĵ (ǺСĸĽҲǻӭģ) Դ޸ FreeBSD-CURRENT дϽ޸Ļӹij̶ֳҪ༼ɵ飬 һĿǰ FreeBSD Ŀ״˽йء жַʽԵõ FreeBSD-CURRENT FreeBSD 汾 ͨ˽Ŀ μ FreeBSD ʹֲ ˽ʹ FreeBSD-CURRENT Ľһ顣 ھɵĴϽ޸ģ ͨڴѾʱ µĿ汾̫޷¼ɵ FreeBSD С &a.announce; Լ &a.current; ʼб ͨ˽ĿǰĿ״̬ ˵ܹھµĴ޸ģ һҪе޸ĵIJļ FreeBSD άԱ ͨ &man.diff.1; ɡ ύʱƼ &man.diff.1; ʽһ² (unified diff) ͨ diff -u ɡ ޸˴Ĵ룬 ʹ diff -c ɵĸʽ (context diff) IJܸĶ Ƽʹá diff &prompt.user; diff -c oldfile newfile &prompt.user; diff -c -r olddir newdir ֱɸļĿ¼ṹ context diff Ƶأ &prompt.user; diff -u oldfile newfile &prompt.user; diff -u -r olddir newdir ǰƣ õĸʽ unified diff μ &man.diff.1; ֲ˽ϸڡ һʹ &man.diff.1; ˲켯 (ʹ &man.patch.1; һ) Ϳύǣ Ա㱻 FreeBSD ¼ ͨʹ ܵ &man.send-pr.1; Ϳ Ҫ ֻǰѲ켯 &a.hackers; ǿܻᱻ ǻdzмύ޸ (һ־ԸĿ) ΪǶæ ʱһܹ⣬ PR ݿ⽫һֱЩ¼ ֻҪʱǾܱˡ ⱨа һҪڱ [PATCH] ǿһ¡ uuencode Ϊ (ӡ ɾļ) Կʹ tar ļ Ȼ &man.uuencode.1; 롣 Ҳӭ &man.shar.1; İ ޸ĿܴDZڵ飬 磬 ȷ֮صİȨ⣬ ߸оҪϸĸſԷǣ Ӧֱӷ &a.core; ͨ &man.send-pr.1; ͡ &a.core; һС飬 ԱĴ FreeBSD ճ Ҫעǣ СҲ æ ֻڷdzҪʱӦдš ο &man.intro.9; &man.style.9; ˽ڱϰߺԼ顣 ˽ЩԼ ˵Ǽİ ´Ҫֵ ṩģϴĴ룬 Ϊ FreeBSD Ҫ¹ܣ ܱ뽫ͨ uuencode б룬 򴫵ij Web FTP վ㣬 Աܹõ ûķ 뵽ص FreeBSD ʼб ǷԸǡ ڴĴԣ ڰȨ϶ᱻ FreeBSD ϵͳܹʹõİȨ - BSD Ȩ - BSD Ȩ ʹȨĴ룬 + BSDBSD Ȩ Ȩ ʹȨĴ룬 Ϊ Ӷ ܹҵҵʹá FreeBSD ҵ˾ʹĴ룬 ෴ ǻعҵ˾ʹǵĴ룬 Ȼ հһִ¾ FreeBSD ͸ˡ - GPLGNU General Public License - - GNU General Public License - - GNU General Public License GPL + GNU General Public LicenseGPLGNU General Public LicenseGNU General Public License GPL DzܻӭʹȨĴ룬 Ϊҵ˾ʹҪĹ ںܶʹ GPL ȨĴĿǰ޷ ( ıŰȵ) ܾʹвȨǺܲǵġ GPL ȨĴᱻŵԴһЩרŵλã /sys/gnu /usr/src/gnu ԷЩʹ GPL ܻǴʶ ʹȨĴڽ FreeBSD ֮ǰ뾭صĸͿǡ ðƵҵȨĴ룬 һ˵ᱻܾ ǹЩͨԼǡ Ҫijɹϼ BSDʽ İȨ ıŵÿһԴļʼ֣ ʵ滻 %% ֮֡ Copyright (c) %%proper_years_here%% %%your_name_here%%, %%your_state%% %%your_zip%%. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer as the first lines of this file unmodified. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY %%your_name_here%% ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL %%your_name_here%% BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. $Id$ Ϊ˷ʹã /usr/share/examples/etc/bsd-style-copyright ҲҵȨĸ ʽ Ӳ Internet ǷdzԸܸʽľ Խһչ FreeBSD Project ҵ Ϊ֧֣ ־ԸŬܹиijɾͣ ӲҲdzҪ Ϊܹӿֵ֧Ӳ࣬ еĺܶ˲û㹻ʽЩӲ <anchor id="donations"/> FreeBSD һӪġ п˰ȨĻᣬ ĿΪ FreeBSD Project ܹɸӳԶĿꡣ Ϊ 501(c)3 ʵ壬 һԻϽ˰ Լ˰ ͨڿ˰ʵо ۵Ӧ˰ֵĽ ԰֧Ʊ
The FreeBSD Foundation 7321 Brockway Dr. Boulder, CO 80303 USA
FreeBSD ڿͨ PayPal Ͻܾ  web վ FreeBSD ĸ飬 FreeBSD -- ҵ Ҫᣬ 뷢͵ʼ bod@FreeBSDFoundation.org
Ӳ FreeBSD ƻӭκ˾ʹõӲ ȤӲ ϵ ˰칫 Internet ǻӭµ FTP WWW cvsup ϣΪľ μ μ FreeBSD һģ ˽һ
diff --git a/zh_CN.GB2312/books/handbook/boot/chapter.xml b/zh_CN.GB2312/books/handbook/boot/chapter.xml index 67e51f1240..72edb0e0df 100644 --- a/zh_CN.GB2312/books/handbook/boot/chapter.xml +++ b/zh_CN.GB2312/books/handbook/boot/chapter.xml @@ -1,868 +1,864 @@ FreeBSD ԼزϵͳḺ́Ϊ ߼Ϊ FreeBSD ̸ûԶṩ˺ܴԣ ѡͬIJϵͳͬһϵͳIJͬ汾ںˡ ½ϸ FreeBSD õѡ ںˡ̽豸 &man.init.8; ȵ֮ǰ顣 Щһ㷢ıɰױʱ ֪ FreeBSD ϵͳĸ Լ֮Ľʽ. FreeBSD ʱѡԿ̡ &man.device.hints.5;Ļ֪ʶ ֻx86 ֻ Intel x86 ϵ֮ϵ FreeBSD ̡ ԼϵͳһȤѾء նڲϵͳ֮ǰ޷κģдϵij ûвϵͳ²ڴϵijϵͳǷڴϵģ Dzϵͳأ Munchausenоռ (The Adventures of Baron Munchausen) ⱾһƵĹ£ һ˵ˮܵ ȻԼѥ (bootstrap) ˷˳ У bootstrap ָϵͳļػƣ 𽥱дΪ booting BIOS /ϵͳBIOS x86 ӲϵУ/ϵͳ (BIOS) زϵͳ Ϊһ㣬BIOS ڴѰ¼ (MBR) MBR ڷõĴ̵ضλáBIOS 㹻 MBR ҼʹΪ MBR ɼزϵͳʣ MBRҪBIOSİ Master Boot Record (MBR) Boot Manager Boot Loader MBRеĴͨΪ ûࡣһͨиλڴ̵һ ڲϵͳļϵͳС (ʱҲΪboot loader FreeBSDԺ׶βʹ) еboot0(Boot Easy׼ &os; ) GrubGAGԼ LILOboot0װýMBR) ֻװһϵͳôһ׼ MBR 㹻ˡ MBR ڴ(ơġ) ȻзϵĴԼزϵͳ֡ MBR&man.fdisk.8;װһȱʡMBRļΪ /boot/mbr ڴϰװ˶ϵͳô԰װһͬ ʾһŲϵͳбܴѡĸ һСۡ ϵͳʣಿֱΪ׶Ρһ׶ MBR ִ,ֻʹض״̬Ȼִеڶ׶Ρ ڶ׶΢ɵöһЩ׶ɼزϵͳ Ϊ׶Ϊ PC ׼Եһڶ׶ִеijĴСơ Щһʹ FreeBSD ṩԵļ (loader) ں init Ȼںʼ̽豸ʼǡ һںں˽Ȩû &man.init.8; ȷϴǷڿ״̬&man.init.8; ȻʼûԴã ļϵͳԵ FreeBSD ϵͳʱеĽ̡ ͸׶ Boot Manager The Boot Manager ¼ (MBR) MBRеĴʱΪ̵ ׶0һСڱǰᵽе֣ boot0LILO <application>boot0</application> FreeBSD İװԼ boot0cfg(8) װ MBR Ĭϻ /boot/boot0 (boot0dz򵥣 MBRеijֻ446ֽڳ MBRĩ˵0x55AAʶҲҪռһЩռ䡣) Ѿװboot0 жϵͳӲϣ ôװ FreeBSD MBR Ұװ˶ϵͳ ϵͳʱʾ <filename>boot0</filename> F1 DOS F2 FreeBSD F3 Linux F4 ?? F5 Drive 1 Default: F2 ĿǰѾ֪һЩϵͳر &windows;  Լ MBR MBR 飬 FreeBSD MBR е MBRʹµ &prompt.root; fdisk -B -b /boot/boot0 device device Ҫд MBR 豸 ad0 һ IDE ̣ad2 ڶ IDE ϵĵһ IDE ̣ da0 һ SCSI ̣ȵȡ ֻҪһõMBRʹ&man.boot0cfg.8; The LILO Boot Manager: Ҫ밲װҲFreeBSD Linuxѡ뵽еļ /etc/lilo.conf other=/dev/hdXY table=/dev/hdX loader=/boot/chain.b label=FreeBSD ʹLinuxıʾָFreeBSD X滻ΪLinuxĸ Y滻ΪLinuxš ʹõ SCSI Ҫ /dev/hd ij /dev/sd ٴʹ XY ﷨ װϵͳͬһϣ ѡȥִ /sbin/lilo -v ʹ޸ЧӦĻϵϢȷ޸ġ һ׶Σ<filename>/boot/boot1</filename>͵ڶ׶Σ <filename>/boot/boot2</filename> ϣһڶ׶ͬһ򣬴ڴ̵ͬ򡣵ڿռƣ DZΪ֡ǻһװǡɰװ bsdlabel()Ա϶ɵ /boot/boot λļϵͳ⣬ĵһӵһʼboot0κ ҵһУ̡ ʹõ/boot/bootĴСȷ boot1 dz򵥣ΪٶҲֻ 512 ֽڣ ֻʶ𴢴ŷϢ bsdlabel Ѱִ boot2 boot2 ΢еǿܹ FreeBSD ļϵͳԱѰļ ṩѡں˺ͼļ򵥽档 Ϊ loader ŸǿĹܣ ṩһʹõãboot2 һ㶼ִ loader ǰֱںˡ <filename>boot2</filename> Ļ >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/boot/loader boot: ҪѰװ boot1 boot2ʹ &man.bsdlabel.8; &prompt.root; bsdlabel -B diskslice diskslice Ĵ̺ͷ ad0s1 һ IDE ϵĵһ dangerously dedicated &man.bsdlabel.8; ֻʹ˴ ad0ͻƻϵз ⵱Ȼϣģڰ س ֮ǰ һҪжȷϡ ׶Σ<filename>/boot/loader</filename> boot-loader (loader) ׶е׶Σ Ƿļϵͳ֮еģһļ /boot/loader loader ΪһѺõ÷ʽʹһڽõ ЩһǿĶĽֹ֧䱾иӵö Loader ʼʱloader ̨̽ʹ̣ʶǴĿġ ЩϢñ Խͨű򽻻ʽû loader loader loader Ȼȡ /boot/loader.rc Ĭϵضȡ /boot/defaults/loader.conf ÿɿĬϱȡ /boot/loader.conf Щ޸ġloader.rc Щжκαѡģںˡ Ĭϵأloader ͣ 10 ȴ ûзжϣͿʼںˡжϣûõһʾ ûøıжģ顢ģ顢 Loader ڽ Щõ loader .пĽμ &man.loader.8; autobootseconds ڸʱûжϷںˡʾһʱ Ĭϵʱ䷶Χ 10 롣 boot -options kernelname ָѡֵָں (ָĻ) ִֻй unload ָ֮ںֲŻЧ ĽǰѾصںˡ boot-conf ڱԸģԶ (ںʱһ) ֻסҪʹ unload  Ȼ޸һЩ kernel help topic ʾļ /boot/loader.help ȡİϢ index ôгпõ⡣ include filename ͨļļļ룬Ȼһһеؽ͡ κδ󶼻ֹ include  load type filename ںˡںģ飬Ǹ͵ļ (ͨļ) κļIJᱻļ ls path ʾ·ǸĿ¼ (·ûָ) ļб ָ ѡļСҲʾ lsdev гпԼģ豸 ָ ѡʾϸڡ lsmod ʾѱصģ顣ָ ѡ ʾϸڡ more filename ʾָļÿ LINES ͣһΡ reboot ϵͳ set variable set variable=value loader Ļ unload Ƴѱصģ顣 Loader ʾ һЩʵ loader ÷ʾ - single-user mode - ֻǼ򵥵Ĭںˣͬǽ뵥ûģʽ + ֻǼ򵥵Ĭںˣͬǽ뵥ûģʽsingle-user mode boot -s жĬں˺ģ飬Ȼؾɵ () ںˣ - - kernel.old - unload load kernel.old ʹñΪͨں˵ kernel.GENERIC - ǰװں kernel.old + ǰװں kernel.oldkernel.old (Լں˵ʱ) ʹسõģһںˣ unload set kernel="kernel.old" boot-conf ںýű load -t userconfig_script /boot/kernel.conf Joseph J. Barbish Contributed by ʱ Splash ͼ ʱֵ splash ͼԭϢӿӻ ͼ񽫱ʼʾĻֱֿ̨ĵ¼ʾ X ʾṩ˵¼档 &os; ϵͳĻ һĬϴͳĿ̨л ϵͳ֮ ڿ̨ϳһ¼ʾ ڶ X11 ͼλ ڰװ X11 һͼ GNOME KDE XFce X11 startx С ͳַĵ¼ʾЩûܸϲ X11 ͼλĵ¼档 ͼλĵ¼ &xorg; XDM GNOME gdm KDE kdm ( Port Collection е) ϶ṩһͼλĵ¼̨ϵĵ¼ʾ ڳɹ¼֮ չָûһͼλ档 л splash ͼʾ¼ʾ֮ǰʱļϢ X11 ûһӾϸˬ飬 ijЩ (µsoft; &windows; ߷ &unix; ͵ϵͳ) ûϣ鵽ġ Splash ͼ Ŀǰ splash ͼĹ֧ܽ 256 ɫλͼ (.bmp) ZSoft PCX (.pcx) ļ ⣬ splash ͼļķֱʱ 320x200 ػ߸٣ Źڱ׼ VGA ʹá Ҫʹóߴͼ ﵽֱ 1024x768 أ 迪 &os; VESA ֧֡ ͨϵͳʱ VESA ģɣ ںļм VESA ѡ ( ) VESA ָ֧ûʾʾ ʱ splash ͼͻᱻʾĻϣ κʱ򶼰رա Splash ͼͬҲ X11 ֮ĬϵĻ һʱúĻתΪԵı任ʾ splash ͼ ܶʼ Ĭϵ splash ͼ (Ļ) /etc/rc.conf е saver= ѡơ saver= ѡһЩõĻɹѡ б &man.splash.4; ֲҳҵ ĬϵĻΪ warp ע /etc/rc.conf ָ saver= ѡӦ̨ X11 ͼλĵ¼Ч һЩйϢ ѡ˵һʱʾʱʾ ǿ splash ͼܡ splash ͼļԴ http://artwork.freebsdgr.org ء װ sysutils/bsd-splash-changer port ֮ ÿʱܴӼѡ splash ͼ Splash ͼ Splash ͼ (.bmp) (.pcx) ļ root ϣ /boot Ŀ¼ Ĭϵʾֱ (256 ɫ320x200 ػ) ༭ /boot/lodaer.conf µã splash_bmp_load="YES" bitmap_load="YES" bitmap_name="/boot/splash.bmp" ڸߵķֱʣ 1024x768 أ ༭ /boot/lodaer.conf µã vesa_load="YES" splash_bmp_load="YES" bitmap_load="YES" bitmap_name="/boot/splash.bmp" Щü /boot/splash.bmp ΪҪʹõ splash ͼ Ҫʹ PCX ļʱ ã ݷֱʵĸߵ vesa_load="YES" splash_pcx_load="YES" bitmap_load="YES" bitmap_name="/boot/splash.pcx" ļе splash κƣֻҪ BMP PCX ͵ļ splash_640x400.bmp blue_wave.pcx. һЩȤ loader.conf ѡ beastie_disable="YES" ⽫رʾѡ˵ ǵʱȻ֡ ˵ѡõʱ ڵʱμӦѡȻЧ loader_logo="beastie" ⽫滻ѡ˵ҲĬʾ &os; ΪɫСħ־ ķа &man.splash.4; &man.loader.conf.5; &man.vga.4; ֲҳȡϸϢ ںʱĽ ں һں˱ loader (һ) boot2 (Խ loader) أ ־еĻͻбҪĶ ں־ ں ־ һЩõ־ ں˳ʼʱѯΪص豸 CDROM UserConfig (ʱں) 뵥ûģʽ ںʾеϢ и־Ķ &man.boot.8; ԻȡйǵϢ Tom Rhodes Contributed by Device Hints device.hints ڳʼϵͳʱ&man.loader.8; ȡ &man.device.hints.5; ļļԱʽںϢ ʱΪ device hintsdevice hints 豸á Device hints Ҳ ׶εboot loader ʾָ set ӣunset ɾ show 鿴ļ /boot/device.hints õıﱻǡ boot loader еıԵģ´ʱͻᱻǡ һϵͳɹ&man.kenv.1; еı ļ /boot/device.hints ﷨һһ ʹ#Ϊעͱǡ ÿǰ·ʽ֯ģ hint.driver.unit.keyword="value" ׶ boot loader ﷨ǣ set hint.driver.unit.keyword=value driverunit 豸λkeyword hint ؼ֡ ؼֿѡɣ atָ豸󶨵 portָʹ I/O ʼַ irqָʹõжš drqָ DMA channel š maddrָ豸ռõڴַ flags豸øֱ־λ disabled 1 豸á 豸ܹܸ hintsƼοǵֲᡣο &man.device.hints.5;&man.kenv.1;&man.loader.conf.5; &man.loader.8; ֲԻȡϢ Init̿Ƽʼ init һںͰѿȨû &man.init.8; /sbin/init init_path ָij·С loader õġ Զ Զ̻ȷϵͳпõļϵͳڽ״̬ ǣ ʹ &man.fsck.8; Ҳ޷޸Щ⣬ &man.init.8; ûģʽ ԱϵͳԱֱЩ⡣ ûģʽ ûģʽ ̨ ģʽͨ Զ ͨ ѡûͨ loader boot_single ȶַʽﵽ Ҳڶûģʽµ () ѡͣ () ѡ &man.shutdown.8; 뵥ûģʽ ϵͳ ̨ ļ /etc/ttys бΪ ȫ(insecure) ڳʼûģʽǰҪ root ʾ <filename>/etc/ttys</filename> ļеIJǫ̈̄ # name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off insecure ѿ̨ó ȫ (insecure) ʹֻ֪ root ˲ܽ뵥ûģʽ ΪΪ̨Dzȫġǵȫԣ ѡ ȫ (insecure) ȫ (secure) ûģʽ ûģʽ &man.init.8; ļϵͳһֻûûģʽ˹ ϵͳͻûģʽʼϵͳԴá Դ (rc) rc ļ Դ÷ֱļ /etc/defaults/rc.conf /etc/rc.conf жȡĬúϸã Ȼļ /etc/fstab ἰļϵͳ ϵͳػ̣ذװű &man.rc.8; ֲǹԴõĺܺõIJο ػ (shutdown) shutdown &man.shutdown.8; ķĹػУ &man.init.8; /etc/rc.shutdown ű н̷ TERM źţ ʱֹͣĽ̷ KILL źš ֵ֧Դƽ̨Ϲر FreeBSD ϵͳĵԴ ֻҪ򵥵ʹ shutdown -p now ɡ ⣬ shutdown -r now FreeBSD Ҫִ &man.shutdown.8; root û operator ijԱ Ҳʹ &man.halt.8; &man.reboot.8; رϵͳ οǵֲԻøϢ ԴҪ֧֣ Ҫں֧ &man.acpi.4; ģʽ diff --git a/zh_CN.GB2312/books/handbook/l10n/chapter.xml b/zh_CN.GB2312/books/handbook/l10n/chapter.xml index 2975100ce9..63be4917f6 100644 --- a/zh_CN.GB2312/books/handbook/l10n/chapter.xml +++ b/zh_CN.GB2312/books/handbook/l10n/chapter.xml @@ -1,846 +1,843 @@ Andrey Chernov Contributed by Michael C. Wu Rewritten by ػI18N/L10Nʹú FreeBSDһɷֲȫû͹ֵ֧Ŀ ½FreeBSDĹʻͱػ,ӢûҲʹFreeBSDܺõع ϵͳӦˮƽϣҪִͨi18N׼ʵֵģǽΪṩϸĽܡ һ£˽⣺ ͬԺ͵ִϵͳϽбġ Ϊĵshellñػ Ŀ̨ΪӢԡ languages. ʹòͬЧʹX Windows ҵйؿi18N׼ӦóϢ Ķ֮ǰӦ˽⣺ װĵ ֪ʶ I18N/L10N ʲô ʻ ػ ػ ԱinternationalizationдI18N,мǰĸĸ L10Nlocalization ʹͬ I18N/L10NЭӦýһûʹԼѡԡ I18NӦóʹI18N̡Աдһ򵥵ļ ͿԽʾIJ˵ıɱԡǷdzԱѭֹ ΪʲôҪʹI18N/L10N? I18N/L10N׼ܹܺõ֧鿴Ӣԡ I18N֧Щԣ I18NL10NFreeBSDеġǰ֧Ͼ󲿷ԣ ڣģģģģģģԽĵȵȡ ʹñػ I18NFreeBSDеģһǹFreeBSDһ locale ػҪ߱Դ (Language Code) Ҵ (Country Code) ͱ(Encoding) ֿЩ죺 Դ_Ҵ. Ժ͹Ҵ Դ Ҵ ΪFreeBSDϵͳбػ&unix;ϵͳ ûҪ֪ӦĹҺԴ루ҴӦóʹһԹ淶 ⣬WEBSMTP/POPwebȶΪġһҺԴ: en_US Ӣ ru_RU zh_CN ASCII һЩԲʹ ASCII 룬ʹ8-λ ֽڵַ Ϣο &man.multibyte.3; ȽϵӦóܻ޷ʶǣ Ϊǿַ ȽµӦóͨϳ 8-λַ ʵֵIJͬ ûܲòֱַֽ֧Ӧó һЩã ܹʹǡ Ҫʹַֽ FreeBSD Ports Collection ѾΪÿṩ˲ͬij ο FreeBSD Port е I18N ĵ رҪָǣ ûҪ鿴Ӧóĵ ȷȷ ҪΪ configure/Makefile/ ָʲôIJ סЩ: ضԵļCַ (μ &man.multibyte.3;) ISO8859-1, ISO8859-15, KOI8-R, CP437 ֽڻֽڱ룬EUC, Big5 IANA Registryһеַб ˲ͬǣ &os; ʹ X11-ݵıرģʽ I18NӦó FreeBSD PortsPackageϵͳ棬I18NӦóѾʹI18N ȻDz֧Ҫԡ ػ ֻͨҪڵshellLANGΪػ һͨû ~/.login_conf ûshellļ~/.profile~/.bashrc, ~/.cshrcûбҪ LC_CTYPELC_CTIME ϢοضԵFreeBSDĵ Ӧļ - POSIX - LANG Ϊ&posix;ñػԹܡ + LANG Ϊ&posix;ñػԹܡPOSIX - MIME - - MM_CHARSETӦóMIMEַ + MM_CHARSETӦóMIMEַMIME ûshellãضӦúX11á ñػķ ػ ַñػ һ (Ƽ) ָ ڶַǰѻӵshellļ档 ַѱػƺMIMEַĻܵshell Ǽӵÿضshellļ档 û Level Setup ͨûԼãԱҪûȨޡ û һûĿ¼ļ.login_confСӣ ΪLatin-1롣 me:\ :charset=ISO-8859-1:\ :lang=de_DE.ISO8859-1: BIG-5 һΪ.login_conf÷ĵBIG-5ӡӦĴ󲿷ֱ ΪܶûΪģĺͺȷıػ #Users who do not wish to use monetary units or time formats #of Taiwan can manually change each variable me:\ :lang=zh_TW.Big5:\ :setenv=LC_ALL=zh_TW.Big5:\ :setenv=LC_COLLATE=zh_TW.Big5:\ :setenv=LC_CTYPE=zh_TW.Big5:\ :setenv=LC_MESSAGES=zh_TW.Big5:\ :setenv=LC_MONETARY=zh_TW.Big5:\ :setenv=LC_NUMERIC=zh_TW.Big5:\ :setenv=LC_TIME=zh_TW.Big5:\ :charset=big5:\ :xmodifiers="@im=gcin": #Set gcin as the XIM Input Server ϢοԱ&man.login.conf.5; Ա ûĵ /etc/login.confǷȷԡҪȷļã language_name|Account Type Description:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: ٴʹǰLatin-1ӣ german|German Users Accounts:\ :charset=ISO-8859-1:\ :lang=de_DE.ISO8859-1:\ :tc=default: ޸ûĵ֮ǰ Ӧִ &prompt.root; cap_mkdb /etc/login.conf Աʹ /etc/login.conf Ч ʹ &man.vipw.8; ı͡ vipw ʹvipwû user:password:1111:11:language:0:0:User Name:/home/user:/bin/sh &man.adduser.8;ı͡ adduser adduserû /etc/adduser.confdefaultclass = ӦüסΪʹԵû ȱʡ ÿһʹ&man.adduser.8;ʱһضԵĿѡԻش Enter login class: default []: ÿһûʹһԣӦ &prompt.root; adduser -class language ʹ&man.pw.8;ı͡ pw ʹ&man.pw.8;ûӦʹã &prompt.root; pw useradd user_name -L language Shellļ ƼʹַΪҪÿһܵshellһͬļ Ӧ෽ַ MIME locale ΪñػƺMIMEַֻҪ/etc/profile /etc/csh.loginļʹõӣ /etc/profile LANG=de_DE.ISO8859-1; export LANG MM_CHARSET=ISO-8859-1; export MM_CHARSET /etc/csh.login setenv LANG de_DE.ISO8859-1 setenv MM_CHARSET ISO-8859-1 ⣬԰ӵ/usr/share/skel/dot.profile ǰ/etc/profileһ/usr/share/skel/dot.login ǰ/etc/csh.loginһ X11 $HOME/.xinitrc LANG=de_DE.ISO8859-1; export LANG ߣ setenv LANG de_DE.ISO8859-1 shell(棩 ̨ еļCַ/etc/rc.conf۵ȷĿַ̨ font8x16=font_name font8x14=font_name font8x8=font_name font_name/usr/share/syscons/fontsĿ¼ .fnt׺ sysinstall keymap screenmap ҪĻ Ӧͨ sysinstall 뵥ֽ C ַӦ keymap screenmap sysinstall У ѡ Configure ֮ѡ Console ɽá ֮⣬ Ҳ /etc/rc.conf мã scrnmap=screenmap_name keymap=keymap_name keychange="fkey_number sequence" screenmap_name/usr/share/syscons/scrnmapsĿ¼ .scm׺ һӰĻͨΪһ VGAչ8λ9λ Ļʹһ8λУҪƶЩĸ뿪Щ /etc/rc.confmoused daemon moused_enable="YES" ôҪһμָϢ moused Ĭ£ &man.syscons.4;ַָռ0xd0-0xd3ķΧ ʹΧָ뷶ΧƳΧ Ҫƹ⣬ Ҫ /etc/rc.conf м룺 mousechar_start=3 keymap_name /usr/share/syscons/keymaps Ŀ¼ ȥ .kbd ׺ ȷӦʹһ̲֣ ʹ &man.kbdmap.1; ԣ 跴 ͨ keychange 趨ܼʱ ƥѡն˵DZģ Ϊܼ޷ڼ̲ж塣 Ӧü鲢ȷ /etc/ttys ѾΪе ttyv* ȷն͡ Ŀǰ صĬ϶ǣ ַ ն ISO8859-1 or ISO8859-15 cons25l1 ISO8859-2 cons25l2 ISO8859-7 cons25l7 KOI8-R cons25r KOI8-U cons25u CP437 (VGA default) cons25 US-ASCII cons25w ڶַֽԣ /usr/ports/language Ŀ¼ʹȷFreeBSD portһЩportԿ̨֣ ϵͳΪvttyնˣˣ Ϊ X11 αп̨׼㹻vttyնˡ ڿ̨ʹԵӦóIJб ض Traditional Chinese (BIG-5) chinese/big5con Japanese japanese/kon2-16dot or japanese/mule-freewnn Korean korean/han X11 ȻX11FreeBSDƻһ֣ ѾΪFreeBSDûһЩϢ ϸڿԲο&xorg; Web վ ʹõ X11 Server վ ~/.Xresources棬ʵضӦóI18Nã壬˵ȣ ʾ X11 True Type װ &xorg; (x11-servers/xorg-server) ȻװӦԵ &truetype; 塣 ȷĵϢ ⽫ܹڲ˵طѡԡ Ӣַ X11뷽(XIM) X11뷽XIMЭX11ͻ˵һ±׼ нΪXIMͻдX11ӦóXIM롣 ͬмXIMá ӡ һЩ򵥵CַͨӲӡġλַҪضã ƼʹapsfilterҲʹضתĵתΪ &postscript;PDFʽ ں˺ļϵͳ FreeBSD Ŀļϵͳ (FFS) ȫ֧ 8-λ ַģ Աκμ򵥵 C ַ (μ &man.multibyte.3;) ļϵͳвᱣַ֣ Ҳ˵ ޸ĵر 8-λϢ ֪α롣 ʽ˵ FFS Ŀǰ֧κʽĿַֽ ijЩַṩ˶ FFS IJùǵ֧֡ ĿǰЩҪô޷ֲģ Ҫôڴֲڣ DzǼ뵽ԴС οԵ Web վ㣬 ˽ЩĽһ DOS Unicode FreeBSD &ms-dos;Ѿܹó&ms-dos;ϣUnicodeַͿѡFreeBSDļϵͳַĸϢ ο &man.mount.msdosfs.8; ֲᡣ I18N FreeBSD PortsѾ֧I18NˡеһЩ-I18Nǡ ЩܶѾڽI18N֧֣Ҫˡ MySQL ȻһЩMySQLӦóҪַ MakefileãֱӰѲݸconfigure ػFreeBSD Andrey Chernov Originally contributed by KOI8-R룩 ػ KOI8-RĸϢKOI8-RοRussian Net Character Set м뵽~/.login_confļ me:My Account:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R: οǰػӡ ̨ һмӵ /etc/rc.conf mousechar_start=3 /etc/rc.conf ã keymap="ru.koi8-r" scrnmap="koi8-r2cp866" font8x16="cp866b-8x16" font8x14="cp866-8x14" font8x8="cp866-8x8" /etc/ttysttyv*¼Ҫʹ cons25rΪն͡ οǰ̨ӡ ӡ ӡ ȻַĴӡѭCP866ı׼ ôҪһKOI8-RCP866תضһĬϵİװ /usr/libexec/lpr/ru/koi2alt һֶ֧Ĵӡ/etc/printcap¼ģ lp|Russian local line printer:\ :sh:of=/usr/libexec/lpr/ru/koi2alt:\ :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs: Ϣο&man.printcap.5;ֲҳ &ms-dos;ļϵͳͶļ ڹ&ms-dos; ļϵͳöԶļֵ֧&man.fstab.5;¼ /dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0 ѡ ѡƣ ַת Ҫʹ ѡ һҪȹҽ /usr Ȼٹҽ &ms-dos; ΪתǷ /usr/libdata/msdosfs ġ Ҫ˽һϸڣ ο &man.mount.msdosfs.8; ֲᡣ X11 ǰܵ -X ıػ ʹ &xorg; 밲װ x11-fonts/xorg-fonts-cyrillic package /etc/X11/xorg.conf ļе "Files" Сڡ У Ӧӵκ FontPath ֮ǰ FontPath "/usr/local/lib/X11/fonts/cyrillic" 鿴 ports е塣 Ҫ̣ Ҫ xorg.conf ļ "Keyboard" Смݣ Option "XkbLayout" "us,ru" Option "XkbOptions" "grp:toggle" ҪȷXkbDisable Ѿر (ע͵) ˡ RUS/LATлCapsLockϵCapsLockܿͨ ShiftCapsLock ģ⣨ֻLATģʽʱ򣩡 ʹ grp:toggle ʱ RUS/LAT л Alt ʹ grp:ctrl_shift_toggle ʾл CtrlShift ʹ grp:caps_toggle ʱ RUS/LAT л CapsLock ɵ CapsLock Կͨ ShiftCapsLock (ֻ LAT ģʽЧ) ڲԭ grp:caps_toggle &xorg; ޷ʹá ļ &windows; RUS ģʽ£ ijЩĸӳ䲻 Ӧ xorg.conf ļмУ Option "XkbVariant" ",winkeys" XKB ̿ܲΪijЩ߱ػܵӦó֧֡ ػ޶Ӧڳʱ XtSetLanguageProc (NULL, NULL, NULL); μ KOI8-R for X Window Իùڶ X11 Ӧýбػָ ÷ ػ FreeBSD-TaiwanƻһʹúܶportsĻָ Ŀǰ FreeBSD Ļָ άԱ statue@freebsd.sinica.edu.tw statue@freebsd.sinica.edu.tw FreeBSD-Taiwan zh-L10N-tut Chinese FreeBSD Collection (CFC) ص packages ͽűȿ ҵ ﱾػʺеISO 8859-1ԣ ػ Slaven Rezic eserte@cs.tu-berlin.de дһ FreeBSD ʹնԵĵָϡ ݵ̳̿ ҵ ϣﱾػ localization (ػ) Greek (ϣ) Nikos Kokkalis nickkokkalis@gmail.com ׫д˹ &os; ֧ϣ£ http://www.freebsd.org/doc/el_GR.ISO8859-7/articles/greek-language-support/index.html עƪ ֻ ϣİ汾 ͺﱾػ ػ ػ ﱾػοο ӢFreeBSDĵ һЩ FreeBSD ĹѾ FreeBSD ĵԡ վ Լ /usr/share/doc ҵ diff --git a/zh_CN.GB2312/books/handbook/network-servers/chapter.xml b/zh_CN.GB2312/books/handbook/network-servers/chapter.xml index ab71f2b27e..18435169f1 100644 --- a/zh_CN.GB2312/books/handbook/network-servers/chapter.xml +++ b/zh_CN.GB2312/books/handbook/network-servers/chapter.xml @@ -1,4843 +1,4829 @@ Murray Stokely Reorganized by Ҫ ½ijЩ &unix; ϵͳϳõ񡣻⽫漰 ΰװáԺάֲͬ͵񡣱½н ļܹ档 ڶ걾֪֮ ι inetd һļϵͳ һϢԹûʺš ͨDHCPԶ硣 һ Apache HTTP ļ䣨FTP ʹSambaΪ &windows; ͻļʹӡ ͬʱڣԼʹNTPЭʱ ñ׼־ػ̣ syslogd Զ־ ͽ֮ǰӦ й/etc/rcнűĻ֪ʶ Ϥ ΰװĵ Chern Lee Contributed by The &os; Documentation Project <application>inetd</application> <quote></quote> &man.inetd.8; ʱҲ Internet ΪΪַӡ inetd յʱ ܹȷij ӦḶ̌ socket ( socket Ϊı׼롢 ʹ) ʹ inetd Щزصķڽϵͳأ ΪҪΪÿķ һ˵ inetd Ҫ ҲֱӴijЩ򵥵ķ chargen auth Լ daytime һڽܹͨѡ Լļ /etc/inetd.conf inetd õһЩ֪ʶ inetd ͨ &man.rc.8; ϵͳġ inetd_enable ѡĬΪ NO ڰװϵͳʱ ûҪͨ sysinstall 򿪡 inetd_enable="YES" inetd_enable="NO" д /etc/rc.conf ûϵͳʱ inetd Զ  &prompt.root; /etc/rc.d/inetd rcvar ʾĿǰá ⣬ ͨ inetd_flags inetd ݶ ѡ ƣ inetd ҲṩΪڶԿΪIJ IJб£ inetd Щͨ /etc/rc.conf inetd_flags ѡ inetd Ĭ£ inetd_flags Ϊ -wW -C 60 ߱ʾϣΪ inetd ķ TCP wrapping ֹͬһ IP ÿӳ 60 ε ȻǻܹƵʵѡ ѧûܻܸ˵طЩͨҪ޸ġ յʱ Щѡпܻᷢá IJб &man.inetd.8; ֲҵ -c maximum ָ󲢷ĬΪޡ Ҳڴ˷ľͨĵ -C rate ָһܱIPַõ ĬϲޡҲڴ˷ľͨ ĵ -R rate ָһܱõĬΪ256 Ϊ0 ޴á -s maximum ָͬһ IP ͬʱͬһʱֵ ĬֵΪơ ͨ ԷΪλơ <filename>inetd.conf</filename> inetd ã ͨ /etc/inetd.conf ļɵġ ޸ /etc/inetd.conf ֮ ʹǿ inetd ¶ȡļ ¼ <application>inetd</application> ļ &prompt.root; /etc/rc.d/inetd reload ļеÿһжһķ ļУ ǰ # ݱΪע͡ /etc/inetd.conf ļĸʽ£ service-name socket-type protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] user[:group][/login-class] server-program server-program-arguments IPv4 &man.ftpd.8; ӣ ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l service-name ָķ/etc/servicesгһ¡ ⽫inetdĸport һµķҪӣ/etc/servicesӡ socket-type streamdgramraw seqpacket stream ڻӵ TCP 񣻶 dgram ʹ UDP Эķ protocol ֮һ Э ˵ tcp tcp4 TCP IPv4 udp udp4 UDP IPv4 tcp6 TCP IPv6 udp6 UDP IPv6 tcp46 Both TCP IPv4 and v6 udp46 Both UDP IPv4 and v6 {wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] ָinetd ͷõķǷԼsocket. socketͱʹ stream socket daemons ͨʹö̷߳ʽӦʹ . ͨѶ socket ̣ Ϊÿµ socket һӽ̡ ѡܹ inetd Ϊӽ ijضҪ޶10ʵ /10 ŵͷͿˡ ָ /0 ʾӽ̵ ֮⣬ ѡͬһλõض ض IP ַÿӵ 磬 κ IP ַÿʮΡ Ϊijһ IP ַκʱӽ ЩѡڷֹԷԴĽߺ;ܾ (DoS) ʮá ֶУ ָ ֮һ ǿѡ ʽ̷߳ Ҳκ ʱ Ϊ nowait ͬһ ϣΪʮʱ ǣ nowait/10 ͬã ÿ IP ַÿӶʮΣ ͬʱӽʮ Ӧд nowait/10/20 &man.fingerd.8; Ĭã finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s У ӽΪ 100 IP ͬʱ 5 ӣ nowait/100/0/5 user ÿָʲôûСһԣ rootڰȫĿģԿЩ daemonݣСȨ nobodyС server-program ӵʱִзȫ· inetdṩģ server-program-arguments õʱÿ ֵͨargv[0]ͨݸ Ϊmydaemon -d mydaemon -dΪ صֵͬģinetd ṩģﻹ Security 氲װʱѡģʽͬ inetd ķѾĬá ȷʵҪijضķ Ӧǽ /etc/inetd.conf У Ӧǰ # Ȼ ¼ inetd Ϳˡ ijЩ fingerd ȫҪģ ΪṩϢܶԹá ijЩʱȱٰȫʶģ йѹûijʱơ ʹùܹͨضЩӣ ľõԴ ƣ ԼΪǸð취 Ĭ£TCP wrapping Ǵ򿪵ġο &man.hosts.access.5; ֲᣬԻøڸ inetd õķTCPƵϢ daytime time echo discard chargen Լ auth inetd ṩڽ auth ṩݷ Ϊṩͬķ ֻܼͨ򵥵Ĵ򿪻رա ο &man.inetd.8; ֲøϢ Tom Rhodes Reorganized and enhanced by Bill Swingle Written by ļϵͳNFS NFS ļϵͳFreeBSDֵ֧ļϵͳеһ֣ ҲΪ NFS NFSһϵͳ˹Ŀ¼ļͨʹNFSûͳʱļ һԶϵͳϵļ NFSԶ׼ĺô عվʹøٵĴ̿ռ䣬ΪͨݿԴһ ̨϶ҿͨʵ ûÿϻͷһhomeĿ¼HomeĿ¼ ԱNFSϲϴá CDROM &iomegazip; ֮Ĵ洢豸汻Ļʹá ԼϵĿƶ豸 <acronym>NFS</acronym>ι NFS ٰҪIJ֣ һ̨ Լһ̨ͻ ͻԶ̵طʱڷϵݡ Ҫһת Ҫòм · NFS server () ļ UNIX ͻ rpcbind mountd nfsd nfsd NFSΪNFSͻ˵ mountd NFSط񣬴&man.nfsd.8;ݽ rpcbind ˷ NFS ͻѯڱ NFS ʹõĶ˿ڡ ͻͬһЩ̣ nfsiod nfsiodNFS ǿѡģҿܣͨȷIJ˵DZġ ο&man.nfsiod.8;ֲøϢ <acronym>NFS</acronym> NFS configuration NFSùԼ򵥡ֻҪ /etc/rc.confļһЩ޸ġ NFSˣȷ/etc/rc.conf ļͷ¿ض: rpcbind_enable="YES" nfs_server_enable="YES" mountd_flags="-r" ֻҪNFSΪenablemountd ԶС ڿͻһ࣬ȷس /etc/rc.confͷ: nfs_client_enable="YES" /etc/exportsļָĸļϵͳ NFSӦʱΪ /etc/exportsÿָһļϵͳ ЩԷʸļϵͳָȨ޵ͬʱѡ ҲԱָкܶ࿪ؿԱļͷ ϸ̸ͨĶ&man.exports.5; ֲЩء һЩ/etc/exportsӣ NFS export examples һļϵͳӣ 绷ء 磬 Ҫ /cdrom ̨ͬ (ֻл ûиЩ) /etc/hosts ļнá ־ʾļϵͳΪֻ ʹ־ ԶϵͳļϵͳϾͲдκα䶯ˡ /cdrom -ro host1 host2 host3 ӿ/homeIPַʽʾ ûDNS˽ͷá ⣬ /etc/hosts ļҲο &man.hosts.5; Ŀ¼Ϊص㡣 Ҳ˵ͻ˿ԸҪҪĿ¼ /home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4 /a ԱԲͬĿͻ˿Էļϵͳ ȨԶϵͳϵ root ûڱļϵͳrootݽжд ûرָ -maproot=root ǣ ʹûԶϵͳ root ݣ Ҳ޸ıļϵͳϵļ /a -maproot=root host.example.com box.example.org Ϊܹʵļϵͳͻ˱뱻Ȩ ȷϿͻ /etc/exports г /etc/exports ͷÿһ棬ϢļϵͳһһӦ һԶÿֻܶӦһļϵͳֻһĬڡ磬 /usr Ƕļϵͳ /etc/exports Чģ # Invalid when /usr is one file system /usr/src client /usr/ports client һļϵͳ/usr ָͬһ client. һȷĸʽǣ /usr/src /usr/ports client ͬһļϵͳУ ָͻĿ¼ дͬһϡ ûָͻлᱻΪǵһ ļϵͳ Ծ˵ⲻ⡣ һЧбӣ /usr /exports DZļϵͳ # Export src and ports to client01 and client02, but only # client01 has root privileges on it /usr/src /usr/ports -maproot=root client01 /usr/src /usr/ports client02 # The client machines have root and can mount anywhere # on /exports. Anyone in the world can mount /exports/obj read-only /exports -alldirs -maproot=root client01 client02 /exports/obj -ro ޸ /etc/exports ļ֮ ͱ mountd ¼ Աʹ޸Ч һַͨеķ HUP źɣ &prompt.root; kill -HUP `cat /var/run/mountd.pid` ָʵIJ mountd &man.rc.8; ű &prompt.root; /etc/rc.d/mountd onereload ʹ rc űϸڣ μ ⣬ ϵͳ FreeBSD һжŪá ˣ DZġ root ִԸ㶨һС NFS ˣ &prompt.root; rpcbind &prompt.root; nfsd -u -t -n 4 &prompt.root; mountd -r NFS ͻˣ &prompt.root; nfsiod -n 4 ÿ鶼ӦþԱһԶļϵͳ Щͷ ֽǣserver ͻ˵ֽǣ client ֻʱһԶļϵͳֻǴȷ ֻҪڿͻ root ִ NFS mounting &prompt.root; mount server:/home /mnt ѷ˵ /home Ŀ¼صͻ˵ /mnt ϡ ȷӦÿԽͻ˵ /mnt Ŀ¼ҿз˵ļ ϵͳÿʱԶԶ˵ļϵͳǸļϵͳӵ /etc/fstab ļͷȥӣ server:/home /mnt nfs rw 0 0 &man.fstab.5; ֲпõĿء ijЩӦó ( mutt) Ҫļֲ֧С ʹ NFS ʱ rpc.lockd ֧ļܡ Ҫ ҪڷͿͻ /etc/rc.conf м (ٶ˾ NFS) rpc_lockd_enable="YES" rpc_statd_enable="YES" Ȼʹó &prompt.root; /etc/rc.d/lockd start &prompt.root; /etc/rc.d/statd start Ҫ NFS ͻ NFS ȷ壬 NFS ͻڱ ʹ &man.mount.nfs.8; ʱָ μ &man.mount.nfs.8; ֲ˽ϸڡ ʵӦ NFS кܶʵӦáDZȽϳһЩ NFS uses һ̨CDROM豸ڶ̨аװ˵ӱ˸㡣 ڴУһ̨ NFS ûhomeĿ¼ܻ ЩĿ¼ܱԱų̂վϵ¼ܵõͬhomeĿ¼ ̨ͨõ/usr/ports/distfiles Ŀ¼ ĻҪڼ̨ϰװportʱÿ̨豸ضٷԴ롣 Wylie Stilwell Contributed by Chern Lee Rewritten by ͨ <application>amd</application> Զعҽ amd Զҽӷ &man.amd.8; (Զҽӷ) ܹԶڷʱҽԶ̵ļϵͳ ļϵͳһʱ֮ûл ᱻ amd Զж¡ ͨʹ amd ܹṩһ־ùҽѡ Ҫ /etc/fstab amd ͨԼ NFS ʽ ӵ /host /net Ŀ¼ ЩĿ¼еļʱ amd ӦԶ̹ҽӵ㣬 Զعҽӡ /net ڹҽԶ IP ַϵļϵͳ /host ڹҽԶϵļϵͳ /host/foobar/usr еļ ൱ڸ amd Թҽ foobar ϵ /usr ͨ <application>amd</application> ҽӵļϵͳ ͨʹ showmount 鿴Զϵļϵͳ 磬 Ҫ鿴 foobar ϵļϵͳ ã &prompt.user; showmount -e foobar Exports list on foobar: /usr 10.10.10.0 /a 10.10.10.0 &prompt.user; cd /host/foobar/usr ͬǰģ showmount ʾ˵ /usr /host/foobar/usr Ŀ¼ʱ amd Խ foobar ԶعҽҪļϵͳ amd ͨű /etc/rc.conf м룺 amd_enable="YES" ֮⣬ Ը amd ͨ amd_flags ѡݶIJ Ĭ£ amd_flags Ϊ amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" /etc/amd.map ļ˹ҽӵļϵͳʱʹõĬѡ /etc/amd.conf ļ ˸ amd ĸ߼ѡ ο &man.amd.8; &man.amd.conf.5; ֲᣬ ˽һ John Lind Contributed by ϵͳʱij ijЩض ISA PC ϵͳϵ̫һЩƣ Щƿܻᵼص⣬ ر NFS ʹʱ ЩⲢ FreeBSD еģ FreeBSD ϵͳܵЩӰ졣 ⣬ ڵ (FreeBSD) PC ϵͳܵĹվ Silicon Graphics, Inc., Sun Microsystems, Inc. Ĺվʱ NFS ҽܹ һЩҲܳɹ ܿöԿͻ̫ᣬ ȻͻȻܹ ͨڿͻˣ һ FreeBSD ϵͳնˡ ϵͳϣ һ⣬ ͨû취عرտͻ Ψһİ취ͨն˸λ Ϊһ NFS ״ûа취 ȷ 취 Ϊ FreeBSD ϵͳ䱸һܵġ õ̫ ȻҲа취ƹⲢõĽ FreeBSD ϵͳ ڿͻҽʱ Ӧָ FreeBSD ϵͳ ͻ Ӧ ЩѡͨڶӦ fstab ĵĸֶμ룬 ԱÿͻܹԶعҽӣ ͨ &man.mount.8; ֹҽʱָ Ҫעһ⣬ ʱᱻΪǺһ⡣ NFS Ϳͻڲͬʱ һҪ ȷ ·ȷʵѱ UDP Ϣ·ɵĿĵأ ʲôҲˡ У fastws (ӿ) ֣ һ̨ܵնˣ freebox һ̨ (ӿ) ֣ һʹýϵ̫ܵ FreeBSD ϵͳ ͬʱ /sharedfs Ϊ NFS ļϵͳ (μ &man.exports.5;) /project ǿͻϹҽһļϵͳĹҽӵ㡣 еӦóУ ע⸽ѡ Լ ӦҪġ FreeBSD ϵͳ (freebox) Ϊͻʾ /etc/fstab ļ freebox ֮ϣ fastws:/sharedfs /project nfs rw,-r=1024 0 0 freebox ֹҽӣ &prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /project FreeBSD ϵͳΪӣ fastws ϵ /etc/fstab freebox:/sharedfs /project nfs rw,-w=1024 0 0 fastws ֹҽӵǣ &prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /project е 16-λ ̫ ܹûдߴƵ Щĵʲôˣ ʧηĽͣ ͬʱҲ˵Ϊʲôһ޷ָ⡣ £ NFS ʹһ Ϊλв ߴ 8 K (ȻܻὫֳɸСߴķƬ) ̫ߴԼ 1500 ֽڣ NFS ֳɶ̫ Ȼڸ߲Ĵ뿴ȻһĵԪ ڽշװ Ϊһ ȷ ܵĹվ Խ NFS ԪİѸٷ 쵽׼޶ȡ СĿϣ İͬһԪڵĽİ Ԫ޷ؽȷϡ ǣ վʱԣ Ȼ 8 K Ԫ һֹ̽ظȥ Ԫߴ̫ߴ֮£ Ǿܹȷÿһ̫ܹؽպȷϣ ӶΡ ڸܹվݿͶ PC ϵͳʱԻᷢ ڸõϣ ܹ֤ÿһ NFS Ԫ ϶ ʱ ӰĵԪش ʱкܴĻȷա 飬 ȷϡ Bill Swingle Written by Eric Ogren Enhanced by Udo Erdelhoff Ϣ (NIS/YP) ʲô NIS Solaris HP-UX AIX Linux NetBSD OpenBSD NIS ʾϢ (Network Information Services) Sun Microsystems &unix; ( &sunos;) ϵͳļй Ŀǰ ѾΪҵ׼ &unix; ϵͳ (&solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, FreeBSD, ȵ) ֧ NIS ҳ (yellow pages)NIS NIS Ҳ֪Ļҳ(Yellow Pages) ̱⣬ Sun Ϊڵ֡ ɵ (Լ yp) ȻԿ 㷺ʹá NIS һ RPC Ŀͻ/ϵͳ һ NIS еһһϵļ ϵͳԱͿֻݵ NIS ͻϵͳ ڵӡ ɾ޸ݡ Windows NT ʵֵڲϸڽȻͬ &windowsnt; ϵͳdzƣ ڿԽߵĻ໥ȡ Ӧ֪ͽ һϵҪû̽ FreeBSD ʵ NIS ʱõ ڴ NIS Ϊ NIS ͻ rpcbind portmap ˵ NIS NIS ͻ (ӷ) ʹͬһ NIS &windowsnt; ƣ NIS DNS ޹ء rpcbind ܹ RPC (Զ̵̹ã NIS õһЭ) û rpcbind ûа취 NIS Ϊ NIS ͻ ypbind (bind) NIS ͻ NIS ϡ ϵͳлȡ NIS ʹ RPC ӵϡ ypbind NIS У ͻ-ͨѶĺģ ͻϵ ypbind Ļ ޷ NIS ypserv ֻӦ NIS NIS ķ̡ &man.ypserv.8; Ļ پӦ NIS (ʱ дӷĻ ӹܲ) һЩ NIS ʵ ( FreeBSD ) Ŀͻϣ ֮ǰùһ ̨Ļ ӵһ ͨ ʱ Ψһİ취 (ߣ ) ͻϵ ypbind ̡ rpc.yppasswdd һֻӦ NIS еḶ̌ һ NIS ͻıǵ NIS  û û¼ NIS ϣ ޸Ŀ ιģ NIS У ͵ ӷ Լͻ dz䵱Ϣݿ⡣ ϱЩϢȨ ӷDZЩϢั ͻڷṩЩϢ ļϢַͨʽ ͨ£ master.passwd group Լ hosts ͨ NIS ַġ ʲôʱ ͻϵijЩӦڱصļеϵʱ 󶨵 NIS ʹñصİ汾 - - NIS - - - һ̨ NIS + һ̨ NIS NIS ̨ &windowsnt; ƣ ά NIS ͻʹõļ passwd group Լ NIS ͻʹõļ ŵϡ Խһ̨ NIS ڶ NIS С Ȼ 鲻ýнܣ Ϊã ֻͨСģ NIS С - - NIS - ӷ - - - NIS ӷ һ + NIS ӷNISӷ һ &windowsnt; ıơ NIS ӷ ά NIS ļ NIS ӷṩһ࣬ ҪĻDZġ ⣬ Ҳĸɣ NIS ͻǹҽӵӦǵ NIS ϣ ҲԴӷӦ - - NIS - ͻ - - - NIS ͻ NIS ͻ + NIS ͻNISͻ NIS ͻ Ͷ &windowsnt; վƣ ͨ NIS ( &windowsnt; վ &windowsnt; ) ɵ¼ʱ̡֤ ʹ NIS/YP һڽͨʵ NIS ٶڹѧеһСʵҡ ʵУ 15 ̨ FreeBSD ĿǰûмеĹ㣻 ÿһ̨Լ /etc/passwd /etc/master.passwd Щļͨ˹Ԥķϰ汾ͬ Ŀǰ ʵһû ò 15 ִֹ̨ adduser  ӹɣ һ״ı䣬 ʵתΪʹ NIS ʹ̨Ϊ ˣ ʵҵӦģ IP ַ Ľɫ ellington 10.0.0.2 NIS coltrane 10.0.0.3 NIS ӷ basie 10.0.0.4 Ավ bird 10.0.0.5 ͻ cli[1-11] 10.0.0.[6-17] ͻ ״ NIS ϸ˼νй滮ʮҪ ĴСΣ мߡ ѡ NIS NIS ܲȥʹõ (domainname) Ĺ淶Ľз Ӧ NIS ͻ㲥ԴϢʱ Ὣ NIS Ϊһַ ͳһϵĶ ܹ֪˭ӦûӦ ԰ NIS ijַʽصһ֡ һЩѡʹǵ Internet Ϊ NIS Ƽ Ϊڵʱ ܻᵼ²Ҫš NIS ӦΨһģ ˽ĵһ Acme ˾ţ Կʹ acme-art NIS У ʹõ test-domain SunOS Ȼ ijЩϵͳ ( &sunos;) ʹ NIS Ϊ Internet ϴڰƵĻ ʹ Internet Ϊ NIS Ҫ ѡ NIS ʱ ҪʱμһЩ NIS һ̫õԾͻڷ̶ȡ ͻ޷ NIS ķϵ ̨ͨڲõ״̬ ȱûϢ ʹϵͳݵĶ״̬ Ŀǣ Ҫѡһ̨ ڿĻеΡ 粻̫æ ҲʹĻ NIS ֻҪע⣬ һ NIS ã NIS ͻܵӰ졣 NIS е NIS Ϣ汾 һ̨ij NIS Ļϡ ڱЩϢݿ⣬ Ϊ NIS ӳ(map) FreeBSD У Щӳ䱻 /var/yp/[domainname][domainname] ṩ NIS ֡ һ̨ NIS ͬʱֶ֧ ˿ԽܶĿ¼ ֧һӦһ ÿһ򶼻һӳ䡣 NIS ʹӷ ͨ ypserv е NIS ypserv ν NIS ͻ ӳΪصݿļ· Ȼݿݴؿͻ NIS NIS NIS Զʮֵļ򵥣 岽ȡҪ FreeBSD ṩһλ NIS ֧֡ Ҫȫ飬 ֻ /etc/rc.conf мһЩã FreeBSD ɡ nisdomainname="test-domain" һн () ʱ NIS Ϊ test-domain nis_server_enable="YES" ⽫Ҫ FreeBSD ϵͳ֮ NIS ̡ nis_yppasswdd_enable="YES"rpc.yppasswdd ǰᵽģ ûڿͻ޸Լ NIS  NIS õIJͬ ܻҪһЩĿ μ NIS ͬʱ䵱 NIS ͻ һڣ ˽һ úǰЩ֮ ҪԳû /etc/netstart/etc/rc.conf ϵͳе֡ ڳʼ NIS ӳ֮ǰ Ҫֹ ypserv &prompt.root; /etc/rc.d/ypserv start ʼ NIS ӳ NIS ӳ NIS ӳ һЩݿļ λ /var/yp Ŀ¼С Щļ϶Ǹ NIS /etc Ŀ¼Զɵģ Ψһǣ /etc/master.passwd ļ һ˵ зdzֵɲ root ԼʺŵĿ NIS ϵķϡ ˣ ڿʼʼ NIS ӳ֮ǰ Ӧã &prompt.root; cp /etc/master.passwd /var/yp/master.passwd &prompt.root; cd /var/yp &prompt.root; vi master.passwd  ɾϵͳйصʺŶӦ (bin tty kmem games ȵ) Լϣɢ NIS ͻʺ ( root κ UID 0 (û) ʺ) ȷ /var/yp/master.passwd ļͬû Լûɶ (ģʽ 600) ҪĻ chmod Tru64 UNIX Щ֮ ͿԳʼ NIS ӳˣ FreeBSD ṩһΪ ypinit Ľű (ϸϢ ֲ) ע⣬ űھ &unix; ϵͳ϶ҵ вϵͳĶṩ Digital UNIX/Compaq Tru64 UNIX ypsetup ɵ NIS ӳ䣬 Ӧʹ ypinit Ѿ裬 Ҫ NIS ӳ䣬 ִֻУ ellington&prompt.root; ypinit -m test-domain Server Type: MASTER Domain: test-domain Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] n Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. At this point, we have to construct a list of this domains YP servers. rod.darktech.org is already known as master server. Please continue to add any slave servers, one per line. When you are done with the list, type a <control D>. master server : ellington next host to add: coltrane next host to add: ^D The current list of NIS servers looks like this: ellington coltrane Is this correct? [y/n: y] y [..output from map generation..] NIS Map update completed. ellington has been setup as an YP master server without any errors. ypinit Ӧû /var/yp/Makefile.dist /var/yp/Makefile ļ ֮ ļٶڲֻ FreeBSD ĵ NIS test-domain һӷ ༭ /var/yp/Makefile ellington&prompt.root; vi /var/yp/Makefile ӦܹһУ NOPUSH = "True" (ûע͵Ļ) NIS ӷ NIS ӷ NIS ӷ Ҫ򵥡 ¼ӷϣ ǰķ ༭ /etc/rc.conf ļ Ψһǣ ypinit ʱҪʹ ѡ ͬʱҪṩ NIS ֣ ǵӦǣ coltrane&prompt.root; ypinit -s ellington test-domain Server Type: SLAVE Domain: test-domain Master: ellington Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] n Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. There will be no further questions. The remainder of the procedure should take a few minutes, to copy the databases from ellington. Transferring netgroup... ypxfr: Exiting: Map successfully transferred Transferring netgroup.byuser... ypxfr: Exiting: Map successfully transferred Transferring netgroup.byhost... ypxfr: Exiting: Map successfully transferred Transferring master.passwd.byuid... ypxfr: Exiting: Map successfully transferred Transferring passwd.byuid... ypxfr: Exiting: Map successfully transferred Transferring passwd.byname... ypxfr: Exiting: Map successfully transferred Transferring group.bygid... ypxfr: Exiting: Map successfully transferred Transferring group.byname... ypxfr: Exiting: Map successfully transferred Transferring services.byname... ypxfr: Exiting: Map successfully transferred Transferring rpc.bynumber... ypxfr: Exiting: Map successfully transferred Transferring rpc.byname... ypxfr: Exiting: Map successfully transferred Transferring protocols.byname... ypxfr: Exiting: Map successfully transferred Transferring master.passwd.byname... ypxfr: Exiting: Map successfully transferred Transferring networks.byname... ypxfr: Exiting: Map successfully transferred Transferring networks.byaddr... ypxfr: Exiting: Map successfully transferred Transferring netid.byname... ypxfr: Exiting: Map successfully transferred Transferring hosts.byaddr... ypxfr: Exiting: Map successfully transferred Transferring protocols.bynumber... ypxfr: Exiting: Map successfully transferred Transferring ypservers... ypxfr: Exiting: Map successfully transferred Transferring hosts.byname... ypxfr: Exiting: Map successfully transferred coltrane has been setup as an YP slave server without any errors. Don't forget to update map ypservers on ellington. Ӧûһ /var/yp/test-domain Ŀ¼ Ŀ¼У Ӧñ NIS ϵӳĸ ҪȷЩļʱͬˡ ڴӷϣ /etc/crontab ȷһ㣺 20 * * * * root /usr/libexec/ypxfr passwd.byname 21 * * * * root /usr/libexec/ypxfr passwd.byuid нǿƴӷӳͬ ᳢ȷ NIS ӳı䶯֪ӷ ЩǾԱġ ڱͻ˵ĿϢȷʮҪ ڴӷ ǿƼȷָϵͳʱǿƸ¿ӳ䡣 ڷæԣ һҪ Ϊʱܳӳ²ȫ ڣ ڴӷִ /etc/netstart Ϳ NIS ˡ NIS ͻ NIS ͻͨ ypbind ض NIS һֳ󶨵ϵ ypbind ϵͳĬ (ͨ domainname õ) ʼڱϹ㲥 RPC Щָ ypbind ԰󶨵 Ѿ˷ Щӵ˹㲥 Ӧ ypbind ¼ĵַ жõķ (һ ϶ӷ) ypbind ʹõһӦĵַ һʱ̿ʼ ͻе NIS ֱӷǸ ypbind ż ping ȷȻС ںʱûеõӦ ypbind Ϊδ󶨣 ٴη㲥 ҵһ̨ NIS ͻ NIS ͻ һ̨ FreeBSD Ϊ NIS ͻǷdz򵥵ġ /etc/rc.conf ļ м漸У NIS ʱ ypbind nisdomainname="test-domain" nis_client_enable="YES" Ҫ NIS еĿ Ҫ /etc/master.passwd ļɾû ʹ vipw ļһм룺 +::::::::: һн NFS Ŀӳеʺܹ¼ Ҳкܶ޸һ NIS ͻİ취 μԺ netgroups С ˽һ Ҫ˽Ϣ Բ O'Reilly Managing NFS and NIS Ȿ顣 Ҫٱһʺ (ҲDzͨ NIS ) /etc/master.passwd ļУ ʺӦ wheel ijԱ NIS ⣬ ʺſԶ̵¼ Ϊ root Ҫ NIS ϵϢ Ҫ /etc/group ļĩβ룺 +:*:: Ҫ NIS ͻˣ ҪԳûִ &prompt.root; /etc/netstart &prompt.root; /etc/rc.d/ypbind start Щ֮ Ӧÿͨ ypcat passwd NIS Ŀӳˡ NIS İȫ ϣ κԶûԷһ RPC &man.ypserv.8; NIS ӳݣ Զû˽Ļ ҪδȨķʣ &man.ypserv.8; ֧һΪ securenets ԣ ԽһضĻϡ У &man.ypserv.8; ᳢Դ /var/yp/securenets м securenet Ϣ · ı䡣 ļһЩ ÿһаһʶ룬 мÿոֿ # ͷлᱻΪע͡ ʾ securenets ļʾ # allow connections from local host -- mandatory 127.0.0.1 255.255.255.255 # allow connections from any host # on the 192.168.128.0 network 192.168.128.0 255.255.255.0 # allow connections from any host # between 10.0.0.0 to 10.0.15.255 # this includes the machines in the testlab 10.0.0.0 255.255.240.0 &man.ypserv.8; ӵƥһĵַ ֮ 󽫱ԣ ¼һϢ /var/yp/securenets ļڣ ypserv ypserv Ҳ֧ Wietse Venema TCP Wrapper Աܹʹ TCP Wrapper ļ /var/yp/securenets ɷʿơ ַʿƻƶܹṩij̶ֳȵİȫ ǣ Ȩ˿ڼһ ޷ IP α ķǽӦֹ NIS йصķʡ ʹ /var/yp/securenets ķ ܻ޷ΪijЩʹó¾ɵ TCP/IP ʵֵ NIS ͻ Щʵֿܻڹ㲥ʱ λΪ 0 ڼ㲥ַʱ롣 Щͨ޸Ŀͻ һЩҲܵ²ò̭Щͻϵͳ ߲ʹ /var/yp/securenets ʹó¾ɵ TCP/IP ʵֵϵͳϣ ʹ /var/yp/securenets һdz Ϊ⽫ϵ NIS ɥʧ󲿷ֹܡ TCP Wrappers ʹ TCP Wrapper ᵼ NIS Ӧӳӡ ӵӳ٣ ܻᵼ¿ͻ˳ʱ رڷæߺ NIS ϡ ijͻ˶һЩ쳣 ӦЩͻΪ NIS ӷ ǿԼ ijЩû¼ ǵʵУ basie ̨ һ̨ԱרõĹվ Dzϣ̨ó NIS NIS ϵ passwd ļ ͬʱ˽Աѧʺš ʱӦô һְ취ֹضû¼ ʹ NIS ݿ֮С Ҫһ ֻҪڿͻ /etc/master.passwd ļмһЩ -username  У username ϣֹ¼û һƼʹ vipw Ϊ vipw /etc/master.passwd ļ޸ĽкϷԼ飬 ڱ༭ʱ¹ݿ⡣ 磬 ϣֹû bill ¼ basie Ӧã basie&prompt.root; vipw [ĩβ -bill ˳] vipw: rebuilding the database... vipw: done basie&prompt.root; cat /etc/master.passwd root:[password]:0:0::0:0:The super-user:/root:/bin/csh toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +::::::::: -bill basie&prompt.root; Udo Erdelhoff Contributed by ʹ Netgroups netgroups ǰһڽܵķ ҪΪdzٵû/Ĺʱպϡ ڸϣ һ ǽֹijЩû¼еĻϣ ߣ 뵥޸ÿһ̨ã NIS ҪԽԣ ʽ NIS ԱΪṩĽ netgroups ǵú壬 ϿԵͬ &unix; ļϵͳʹõ顣 Ҫûֻ ID Լ netgroup ͬʱû netgroup Netgroups ġ ӵİûͻ硣 һ棬 òʱ һõĶ һ棬 ĸʹͨdz򵥵Ӻѽ netgroup ʲô һڵಿֵӽչʾ⡣ ʵгɹز NIS ˾Ȥ ǽ NIS չ ԸУ԰еһЩĻ аû» Ҫ˵ û ˵ alpha, beta IT ŵͨԱ charlie, delta IT ŵѧͽ echo, foxtrott, golf, ... ͨԱ able, baker, ... Ŀǰʵϰ ˵ war, death, famine, pollution Ҫķ ֻ IT ŵĹԱ¼Щ pride, greed, envy, wrath, lust, sloth ̫Ҫķ IT ŵijԱ Ե¼Щ one, two, three, four, ... ͨվ ֻ Ա¼Щ trashcan һ̨ؼݵľɻ ʹʵϰ Ҳ¼ ͨһһֹûʵЩƣ Ҫÿһϵͳ passwd ļУ Ϊÿһ¼ϵͳûӶӦ -user С κһ Ϳܻ⡣ ڽгʼʱ ȷҲʲô⣬ ոһյû һ ΪûijС Ͼ Murphy һֹ۵ˡ ʹ netgroups һ״Դô Ҫشÿһû Ըûһ netgroups ݣ ֹijһ netgroup гԱ¼ µĻ ֻҪ netgroup ĵ¼ơ û ҲֻҪûһ netgroup Щ仯໥ģ Ҫ ÿһûͻִ NIS þ˽Ĺ滮 ֻҪ޸һļ ֹܹij̨Ȩˡ һdzʼ NIS ӳ netgroup FreeBSD &man.ypinit.8; Ĭ²ӳ䣬 NIS ʵܹڴӳ֮ṩ֧֡ Ҫӳ䣬 򵥵 ellington&prompt.root; vi /var/yp/netgroup ʼݡ ǵУ Ҫĸ nergruop IT Ա IT ѧͽ ͨԱʵϰ IT_EMP (,alpha,test-domain) (,beta,test-domain) IT_APP (,charlie,test-domain) (,delta,test-domain) USERS (,echo,test-domain) (,foxtrott,test-domain) \ (,golf,test-domain) INTERNS (,able,test-domain) (,baker,test-domain) IT_EMP, IT_APP ȵȣ netgroup ֡ ÿһеУ һЩûʺš еֶǣ ЩܹʹЩ ָ л϶Ч ָ ɻ netgroup ʺš ʺŵ NIS Դ NIS аʺŵ뵽 netgroup У NIS Ļ ÿһֶζ԰ͨ μ &man.netgroup.5; ˽ϸڡ netgroups Netgroup һ˵Ӧ 8 ַ رǵ NIS лϵͳʱ ִСдģ ʹôдĸΪ netgroup ֣ ܹ׵û netgroup ֡ ijЩ NIS ͻ (FreeBSD Щ) ޷д netgroup 磬 ijЩڰ汾 &sunos; netgroup а 15 ʱ⡣ Ҫƹ⣬ Դ netgroupÿһа 15 û Լһ netgroup netgroup BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...] BIGGRP2 (,joe16,domain) (,joe17,domain) [...] BIGGRP3 (,joe31,domain) (,joe32,domain) BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3 Ҫ 225 û ԼظĹ̡ ַµ NIS ӳdz򵥣 ellington&prompt.root; cd /var/yp ellington&prompt.root; make NIS ӳ䣬 netgroup netgroup.byhost netgroup.byuser &man.ypcat.1; ԼЩ NIS ӳǷˣ ellington&prompt.user; ypcat -k netgroup ellington&prompt.user; ypcat -k netgroup.byhost ellington&prompt.user; ypcat -k netgroup.byuser һ Ӧ /var/yp/netgroup ڶ ûָרе netgroup Ӧû  ʾijûӦ netgroup б ͻҲܼ򵥡 Ҫ÷ war ֻ &man.vipw.8; +::::::::: Ϊ +@IT_EMP::::::::: ڣ ֻ netgroup IT_EMP жûᱻ뵽 war ĿݿУ ֻЩûܹ¼ Ҳ shell ~ Լûû ID ֮ʵʩתĺĹܡ ֮ cd ~user ls -l Ҳʾֵ ID û find . -user joe -print ʧܣ No such user ĴϢ Ҫ⣬ Ҫеû ǵ¼ ͨ /etc/master.passwd һɡ еǣ +:::::::::/sbin/nologin ˼ е shell 滻Ϊ /sbin/nologin ͨ /etc/master.passwd Ĭֵ 滻 passwd еֶΡ ȷ +:::::::::/sbin/nologin һг +@IT_EMP::::::::: ֮ д NIS ûʺŽ /sbin/nologin Ϊ¼ shell ޸֮ IT Աʱ ֻ޸һ NIS ӳ㹻ˡ ҲƵķ ڲ̫Ҫķϣ ǰذ汾 /etc/master.passwd е +::::::::: Ϊ +@IT_EMP::::::::: +@IT_APP::::::::: +:::::::::/sbin/nologin صͨվӦǣ +@IT_EMP::::::::: +@USERS::::::::: +:::::::::/sbin/nologin һƽ£ ֱܺ һԷ˱仯 IT Ҳʼʵϰˡ IT ʵϰʹͨնˣ Լ̫Ҫķ IT ѧͽ Ե¼ µ netgroup IT_INTERN Լµ IT ʵϰ netgroup ʼ޸ÿһ̨ϵá ϻ˵úãǣһ ȫ NIS ͨ netgroup netgroup ԱΡ һֿܵķǽڽɫ netgroup 磬 ԴΪ BIGSRV netgroup ڶҪķϵĵ¼ƣ ԼһΪ SMALLSRV netgroup ԶҪķ Լ ͨվ netgroup USERBOX netgroup еÿһ ¼Щϵ netgroup NIS ӳеʾ BIGSRV IT_EMP IT_APP SMALLSRV IT_EMP IT_APP ITINTERN USERBOX IT_EMP ITINTERN USERS ֶ¼Ƶķ ܹ鲢ƵʱԹ൱á ҵǣ ⣬ dz ʱ Ҫȥ¼ơ ص netgroup 壬 ǴԸĶһֿܵķ ʱ ÿ̨ /etc/master.passwd У + ͷС һ¼ netgroup ʺţ ڶʺţ shell Ϊ /sbin/nologin ʹ ȫд ĻΪ netgroup Ǹ⡣ ֮ ЩӦڣ +@BOXNAME::::::::: +:::::::::/sbin/nologin һл϶޸ģ ҲҪ޸ıص /etc/master.passwd ˡ δ޸Ķ NIS ӳнС һӣ չʾһӦ龰Ҫ netgroup ӳ䣬 ԼһЩõļɣ # Define groups of users first IT_EMP (,alpha,test-domain) (,beta,test-domain) IT_APP (,charlie,test-domain) (,delta,test-domain) DEPT1 (,echo,test-domain) (,foxtrott,test-domain) DEPT2 (,golf,test-domain) (,hotel,test-domain) DEPT3 (,india,test-domain) (,juliet,test-domain) ITINTERN (,kilo,test-domain) (,lima,test-domain) D_INTERNS (,able,test-domain) (,baker,test-domain) # # Now, define some groups based on roles USERS DEPT1 DEPT2 DEPT3 BIGSRV IT_EMP IT_APP SMALLSRV IT_EMP IT_APP ITINTERN USERBOX IT_EMP ITINTERN USERS # # And a groups for a special tasks # Allow echo and golf to access our anti-virus-machine SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain) # # machine-based netgroups # Our main servers WAR BIGSRV FAMINE BIGSRV # User india needs access to this server POLLUTION BIGSRV (,india,test-domain) # # This one is really important and needs more access restrictions DEATH IT_EMP # # The anti-virus-machine mentioned above ONE SECURITY # # Restrict a machine to a single user TWO (,hotel,test-domain) # [...more groups to follow] ʹijݿʺţ Ӧÿʹݿı湤ӳĵһ֡ ûԶؿԷЩˡ ѣ ʹûڻ netgroup õġ ΪѧʵҲʮ̨ϰ̨ͬĻ Ӧʹûڽɫ netgroup ǻڻ netgroup Ա NIS ӳijߴ籣һķΧڡ Ҫμǵ һЩʹ NIS ʱҪעĵط ÿҪʵûʱ ֻ NIS ϼû һҪǵؽ NIS ӳ û޷¼ NIS ֮κ 磬 Ҫʵû jsmith Ҫ &prompt.root; pw useradd jsmith &prompt.root; cd /var/yp &prompt.root; make test-domain Ҳ adduser jsmith pw useradd jsmith. õʺų NIS ӳ֮ һ˵ ϣЩʺźͿɢЩӦʹǵûĻϡ ȷ NIS ʹӷİȫ ܼͣʱ ˹򵥵عرЩ ʵҵҲ޷¼ˡ ǼʽϵͳĻڡ ûб NIS дŭûҪԸˣ NIS v1 FreeBSD ypserv ṩijЩΪ NIS v1 ͻṩ֧ FreeBSD NIS ʵ֣ ֻʹ NIS v2 Э飬 ʵֿܻ v1 Э飬 ṩԾϵͳ¼ Щϵͳṩ ypbind ȳ԰ NIS v1 ʹDzҪ (Щܻһֱ㲥 ʹѾij̨ v2 õ˻ӦҲ) ע⣬ ֧һĿͻã 汾 ypserv ܴ v1 ӳ䴫 Ͳ֧ v1 Э NIS ʹã ΪǴӷ ˵ǣ ֽӦѾûȻõķˡ ͬʱΪ NIS ͻ NIS ڶĻУ ͬʱΪ NIS ͻ ypserv ʱҪرСġ һ˵ ǿƷԼҪǹ㲥Ҫã Ϊǿܻ໥󶨡 ijЩĹϣ ܿijһ̨ͣ µġ գ еĿͻᳬʱ󶨵 ӳٿܻ൱ɹۣ һָ֮Ȼٴη ǿһ̨󶨵ضķ ͨ ypbind ɵġ ϣÿ NIS ʱֹ /etc/rc.conf м룺 nis_client_enable="YES" # run client stuff as well nis_client_flags="-S NIS domain,server" μ &man.ypbind.8; ˽ ʽ NIS ʽ ʵ NIS ʱ ʽļһΪ⡣ NIS ʹ DES ܿ ֻ֧ʹ DES Ŀͻ 磬 &solaris; NIS ͻ 򼸺϶Ҫʹ DES ܿ ҪķͿͻʹõĿʽ Ҫ鿴 /etc/login.conf Ϊʹ DES ܵĿ default class  default:\ :passwd_format=des:\ :copyright=/etc/COPYRIGHT:\ [Further entries elided] һЩܵ passwd_format blf md5 (ֱӦ Blowfish MD5 ܿ) ޸ /etc/login.conf ͱؽ¼ݿ⣬ ͨ root ijɵģ &prompt.root; cap_mkdb /etc/login.conf Ѿ /etc/master.passwd еĿĸʽᱻ£ ֱûڵ¼ݿؽ ֮ ״޸ĿΪֹ ΪȷеĿѡĸʽˣ Ҫ /etc/auth.conf crypt_default ѡĿʽ Ҫɴ˹ ѡĸʽŵбĵһ 磬 ʹ DES ܵĿʱ ӦӦΪ crypt_default = des blf md5 ÿһ̨ &os; NIS Ϳͻ֮ ͿԿ϶ǶʹͬĿʽˡ NIS ͻ֤ʱ⣬ Ҳǵһܳĵط ע⣺ ϣڻϵϲ NIS ܾҪϵͳ϶ʹ DES Ϊϵͳֵܹ֧޶ȵĹ׼ Greg Sutter Written by Զ (DHCP) ʲô DHCP ̬Э DHCP Internet Systems Consortium (ISC) DHCP ̬Э飬 һϵͳӵϣ ȡҪòֶΡ FreeBSD ʹ OpenBSD 3.7 OpenBSD dhclient ṩй dhclient Ϣ ISC OpenBSD DHCP ͻ˳Ϊ׼ġ DHCP ISC һ֡ һڶЩ һ ISC DHCP ϵͳеĿͻˣ Լ ISC DHCP ϵͳеķ˵ ͻ˳ dhclient FreeBSD Ϊһṩģ ֣ ͨ net/isc-dhcp31-server port õ &man.dhclient.8; &man.dhcp-options.5; Լ &man.dhclient.conf.5; ֲᣬ ܵIJοף ǷdzõԴ ι UDP DHCP ͻ dhclient ڿͻʱ Ὺʼ㲥ϢϢ Ĭ£ Щ UDP ˿ 68 ϡ ͨ UDP 67 Ӧ ͻṩһ IP ַ Լйصò 롢 · Լ DNS ЩϢ DHCP lease ʽ ֻһضʱЧ ( DHCP άõ) ЩѾϿĿͻʹõij¾ɵ IP ַܱԶػˡ DHCP ͻԴӷ˻ȡϢ ܻõϢϸб ο &man.dhcp-options.5; FreeBSD &os; ȫؼ OpenBSD DHCP ͻˣ dhclient DHCP ͻ֧ڰװͻϵͳоṩ ʹҪȥ˽ЩѾ DHCP ľò sysinstall sysinstall ܹ֧ DHCP sysinstall ӿʱ ѯʵĵڶǣ Do you want to try DHCP configuration of the interface? (Ƿϣڴ˽ӿϳ DHCP ?) ϶Ļش dhclient һɹ ԶдϢ Ҫϵͳʱʹ DHCP £ DHCP ںУ bpf 豸 Ҫ Ҫ device bpf ӵں˵ıļУ ±ںˡ Ҫ˽ڱں˵ĽһϢ μ bpf 豸Ѿ FreeBSD аĬϵ GENERIC ں˵һˣ ûжں˽жƣ ôһµںļ DHCP ܹˡ Щȫʶǿ˵ Ӧ֪ bpf Ҳǰܹȷ֮һ (Ȼ ǻҪ root в) bpf ʹ DHCP ģ ԰ȫdzУ ܻܿɲ bpf 뵽ںУ ֱҪʹ DHCP Ϊֹ /etc/rc.conf ã ifconfig_fxp0="DHCP" ؽ fxp0 滻ΪϣԶõӿڵ֣ ҵһĽܡ ϣʹһλõ dhclient Ҫ dhclient (Ҫ޸) dhclient_program="/sbin/dhclient" dhclient_flags="" DHCP DHCP dhcpd Ϊ net/isc-dhcp31-server port һṩġ port ISC DHCP ĵ ļ DHCP ļ /etc/dhclient.conf dhclient Ҫһļ /etc/dhclient.conf һ˵ ļֻעͣ Ĭֵ϶Ǻġ ļ &man.dhclient.conf.5; ֲн˽һIJ /sbin/dhclient dhclient һ̬ģ װ /sbin С &man.dhclient.8; ֲ˹ dhclient Ľһϸڡ /sbin/dhclient-script dhclient-script һ FreeBSD רõ DHCP ͻýű &man.dhclient-script.8; ж һ˵ ûҪκ޸ģ ܹһתˡ /var/db/dhclient.leases DHCP ͻάһݿЧ lease DZ־ʽ浽ļС &man.dhclient.leases.5; ˸ΪϸµĽܡ ׶ DHCP Э RFC 2131 ϢԴվ Ҳṩ꾡ϡ װ DHCP һ°Щ һṩ˹ FreeBSD ϵͳʹ ISC (Internet ϵͳЭ) DHCP ʵ׼ DHCP Ϣ DHCP ׼еķֲûΪ FreeBSD һṩ Ҫװ net/isc-dhcp31-server port ṩ μ ˽ʹ Ports Collection Ľһ顣 װ DHCP DHCP װ Ϊ FreeBSD ϵͳϽԱΪ DHCP ʹã Ҫ &man.bpf.4; 豸ںˡ Ҫ Ҫ device bpf 뵽ںļУ ںˡ Ҫõں˵ĽһϢ μ bpf 豸 FreeBSD GENERIC ںѾ ҪΪ DHCP رضںˡ нǿİȫʶ Ӧע bpf ͬʱҲܹȷ豸 (ȻҪȨû) bpf ʹ DHCP ģ ԰ȫdzУ ܻ᲻ϣ bpf Žںˣ ֱΪ DHCP DZΪֹ ҪDZ༭ʾ dhcpd.conf net/isc-dhcp31-server port װ Ĭ£ Ӧ /usr/local/etc/dhcpd.conf.sample ڿʼ޸֮ǰ ҪΪ /usr/local/etc/dhcpd.conf DHCP DHCP dhcpd.conf dhcpd.conf һϵйĶ壬 ӿ԰ option domain-name "example.com"; option domain-name-servers 192.168.4.100; option subnet-mask 255.255.255.0; default-lease-time 3600; max-lease-time 86400; ddns-update-style none; subnet 192.168.4.0 netmask 255.255.255.0 { range 192.168.4.129 192.168.4.254; option routers 192.168.4.1; } host mailhost { hardware ethernet 02:03:04:05:06:07; fixed-address mailhost.example.com; } ѡָṩͻΪĬ ο &man.resolv.conf.5; ˽һ顣 ѡָһͻʹõ DNS ֮Զŷָ ṩͻ롣 ͻԼЧڣ ûУ ָһԼЧڣ Ҳֵ (λ) Ƿַʱ ͻ˸ڣ õһַ ڽ max-lease-time ѡָ DHCP һַܻͷʱǷӦӦԸ DNS ISC ʵУ һѡ ָ ַָпͻ IP ַΧ Χ֮䣬 Լ߽ IP ַͻ ͻĬء Ӳ MAC ַ ( DHCP ܹڽӵʱ֪) ָǵõͬһ IP ַ עڴ˴ʹǶԵģ Ϊ DHCP ڷַϢ֮ǰн ƺ dhcpd.conf ֮ Ӧ /etc/rc.conf DHCP Ҳӣ dhcpd_enable="YES" dhcpd_ifaces="dc0" ˴ dc0 ӿӦΪ DHCP Ҫ DHCP ͻĽӿ (ж ÿոֿ) &prompt.root; /usr/local/etc/rc.d/isc-dhcpd start δҪ޸ķã μǷ SIGHUP źŸ dhcpd ļ¼أ DZȽձԼ Ҫ SIGTERM ẓֹ́ͣ Ȼʹ ļ DHCP ļ /usr/local/sbin/dhcpd dhcpd Ǿ̬ӵģ װ /usr/local/sbin С port װ &man.dhcpd.8; ֲṩ˹ dhcpd Ϊ꾡Ϣ /usr/local/etc/dhcpd.conf dhcpd Ҫļ /usr/local/etc/dhcpd.conf ܹͻṩ ļҪӦṩͻϢ ԼڷеϢ ļϸ port װ &man.dhcpd.conf.5; ֲҵ /var/db/dhcpd.leases DHCP άһǩõַݿ⣬ ļУ ļ־ʽġ port װ &man.dhcpd.leases.5; ֲṩ˸ϸ /usr/local/sbin/dhcrelay dhcrelay ڸΪӵĻУ ֧ʹ DHCP תһϵ DHCP Ҫܣ Ҫװ net/isc-dhcp31-relay port &man.dhcrelay.8; ֲṩ˸Ϊ꾡Ľܡ Chern Lee Contributed by Tom Rhodes Daniel Gerzo ϵͳ (<acronym>DNS</acronym>) BIND &os; Ĭʹһ汾 BIND (Berkeley Internet Name Domain) ĿǰΪе DNS Эʵ֡ DNS һЭ飬 ͨͬ IP ַ໥Ӧ 磬 ѯ www.FreeBSD.org õ &os; Project web IP ַ ѯ ftp.FreeBSD.org 򽫵õӦ FTP IP ַ Ƶأ Ҳ෴顣 ѯ IP ַԵõ Ȼ DNS ѯҪϵͳ Ŀǰ Ĭ&os; ʹõ BIND9 DNS ڽϵͳеİ汾ṩǿİȫԡ µļĿ¼ṹ ԼԶ &man.chroot.8; á DNS Internet ϵ DNS ͨһ׽ΪӵȨϵͳ (TLD) ԼһϵСģģ ṩ񲢶Ϣлɵġ Ŀǰ BIND Internet Systems Consortium ά Ҫĵ Ҫ˽һЩص DNS resolver () reverse DNS ( DNS) root zone () DNS ӳ䵽 IP ַ ԭ (Origin) ʾضļڵ named, BIND &os; BIND ijз (Resolver) ѯϢһϵͳ DNS IP ַӳΪ Internet ε㡣 еڸ֮£ ļϵͳУ ļڸĿ¼֮ (Zone) ͬһ DNS һ֡ ӣ . ڱĵָͨ org. Ǹ֮µһ (TLD) example.org. org. TLD ֮µһ 1.168.192.in-addr.arpa һʾ 192.168.1.* IP ַռ IP ַ ԽϸڵIJֻԽ֡ 磬 example.org. ͱ org. ΧС Ƶ org. ֱȸС ֵĸļϵͳʮƣ /dev Ŀ¼ڸĿ¼֮£ ȵȡ ͨʽ Ȩ Լ ҪȨ Ҫȫṩ DNS Ϣ ȨӦ ע example.org Ҫ IP ָµϡ ij IP ַҪ DNS (IP ) ݷ ˵Ĵ (slave) ޷ʱӦѯ Ҫл ص DNS ܹ棬 ֱصõӦ ˲ѯ www.FreeBSD.org ʱͨϼ ISP ûӦ бصĻ DNS ѯֻڵһα DNS ⲿ硣 IJѯᷢ⣬ ΪѾڱصĻˡ DNS &os; У BIND 򱻳Ϊ named ļ &man.named.8; BIND &man.rndc.8; Ƴ /etc/namedb BIND Ϣλá /etc/namedb/named.conf ļ ڷõʲͬ Ķļһŵ /etc/namedb Ŀ¼е master slave dynamic Ŀ¼С ЩļṩӦѯʱҪ DNS Ϣ BIND BIND starting () BIND Ĭϰװģ ԶԺܼ򵥡 Ĭϵ named ã &man.chroot.8; ṩ ֻڼ IPv4 ػַ (127.0.0.1) ϣһã ʹ &prompt.root; /etc/rc.d/named onestart ϣ named ÿʱܹ Ҫ /etc/rc.conf м룺 named_enable="YES" Ȼ ĵܵѡ֮⣬ /etc/namedb/named.conf лкܶѡ Ҫ˽ &os; named ЩѡĻ Բ鿴 /etc/defaults/rc.conf е named_* ο &man.rc.conf.5; ֲᡣ ֮⣬ Ҳһ㡣 ļ BIND configuration files (ļ) Ŀǰ named ļ /etc/namedb Ŀ¼ ʹǰӦҪ޸ģ ֻɼ򵥵 Ŀ¼ͬʱҲоõĵط <filename>/etc/namedb/named.conf</filename> // $FreeBSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ // If the 'forwarders' clause is not empty the default is to 'forward first' // which will fall back to sending a query from your local server if the name // servers in 'forwarders' do not have the answer. Alternatively you can // force your name server to never initiate queries of its own by enabling the // following line: // forward only; // If you wish to have forwarding configured automatically based on // the entries in /etc/resolv.conf, uncomment the following line and // set named_auto_forward=yes in /etc/rc.conf. You can also enable // named_auto_forward_only (the effect of which is described above). // include "/etc/namedb/auto_forward.conf"; עԣ ϣϼ棬 ڴ˴ forwarders £ 𼶵زѯ Internet ҵض ֱõΪֹ ѡȲѯϼ (ṩ) ӶǵĻеõ ϼһæĸ ڸƷƷʡ 127.0.0.1 һҪѵַΪϼ IP ַ /* Modern versions of BIND use a random UDP port for each outgoing query by default in order to dramatically reduce the possibility of cache poisoning. All users are strongly encouraged to utilize this feature, and to configure their firewalls to accommodate it. AS A LAST RESORT in order to get around a restrictive firewall policy you can try enabling the option below. Use of this option will significantly reduce your ability to withstand cache poisoning attacks, and should be avoided if at all possible. Replace NNNNN in the example with a number between 49160 and 65530. */ // query-source address * port NNNNN; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. // The traditional root hints mechanism. Use this, OR the slave zones below. zone "." { type hint; file "named.root"; }; /* Slaving the following zones from the root name servers has some significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS On the other hand, this method requires more monitoring than the hints file to be sure that an unexpected failure mode has not incapacitated your server. Name servers that are serving a lot of clients will benefit more from this approach than individual hosts. Use with caution. To use this mechanism, uncomment the entries below, and comment the hint zone above. */ /* zone "." { type slave; file "slave/root.slave"; masters { 192.5.5.241; // F.ROOT-SERVERS.NET. }; notify no; }; zone "arpa" { type slave; file "slave/arpa.slave"; masters { 192.5.5.241; // F.ROOT-SERVERS.NET. }; notify no; }; zone "in-addr.arpa" { type slave; file "slave/in-addr.arpa.slave"; masters { 192.5.5.241; // F.ROOT-SERVERS.NET. }; notify no; }; */ /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers. This has two significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots */ // RFC 1912 zone "localhost" { type master; file "master/localhost-forward.db"; }; zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; // RFC 1912-style zone for IPv6 localhost address zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; // "This" Network (RFCs 1912 and 3330) zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; // Private Use Networks (RFC 1918) zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; // Link-local/APIPA (RFCs 3330 and 3927) zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; // TEST-NET for Documentation (RFC 3330) zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; // Router Benchmark Testing (RFC 3330) zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; }; // IANA Reserved - Old Class E Space zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; // IPv6 Unassigned Addresses (RFC 4291) zone "1.ip6.arpa" { type master; file "master/empty.db"; }; zone "3.ip6.arpa" { type master; file "master/empty.db"; }; zone "4.ip6.arpa" { type master; file "master/empty.db"; }; zone "5.ip6.arpa" { type master; file "master/empty.db"; }; zone "6.ip6.arpa" { type master; file "master/empty.db"; }; zone "7.ip6.arpa" { type master; file "master/empty.db"; }; zone "8.ip6.arpa" { type master; file "master/empty.db"; }; zone "9.ip6.arpa" { type master; file "master/empty.db"; }; zone "a.ip6.arpa" { type master; file "master/empty.db"; }; zone "b.ip6.arpa" { type master; file "master/empty.db"; }; zone "c.ip6.arpa" { type master; file "master/empty.db"; }; zone "d.ip6.arpa" { type master; file "master/empty.db"; }; zone "e.ip6.arpa" { type master; file "master/empty.db"; }; zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; // IPv6 ULA (RFC 4193) zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; // IPv6 Link Local (RFC 4291) zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; // IPv6 Deprecated Site-Local Addresses (RFC 3879) zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; // IP6.INT is Deprecated (RFC 4159) zone "ip6.int" { type master; file "master/empty.db"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // master name server. // // Do not forget to include the reverse lookup zone! // This is named after the first bytes of the IP address, in reverse // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // // Before starting to set up a master zone, make sure you fully // understand how DNS and BIND work. There are sometimes // non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. /* An example dynamic zone key "exampleorgkey" { algorithm hmac-md5; secret "sf87HJqjkqh8ac87a02lla=="; }; zone "example.org" { type master; allow-update { key "exampleorgkey"; }; file "dynamic/example.org"; }; */ /* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "slave/1.168.192.in-addr.arpa"; masters { 192.168.1.1; }; }; */ named.conf У ˴תͷӡ ͱ named.conf мӦĿ example.org ļ zone "example.org" { type master; file "master/example.org"; }; ʾ һ Ϣ /etc/namedb/master/example.org У ʾ zone "example.org" { type slave; file "slave/example.org"; }; ڴУ ָϢݹ 浽ӦļС 򲻿ɴʱ һݿõϢ Ӷܹṩ ļ BIND zone files (ļ) չʾ example.org ļ ( /etc/namedb/master/example.org) $TTL 3600 ; 1 hour default TTL example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 300 ; Negative Reponse TTL ) ; DNS Servers IN NS ns1.example.org. IN NS ns2.example.org. ; MX Records IN MX 10 mx.example.org. IN MX 20 mail.example.org. IN A 192.168.1.1 ; Machine Names localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5 ; Aliases www IN CNAME example.org. ע . βȫ βû . ԭ 磬 ns1 תΪ ns1.example.org. Ϣļĸʽ£ ¼ IN ¼ ֵ DNS ¼ õ DNS ¼ SOA Ȩʼ NS Ȩ A ַ CNAME Ӧ MX ʼݷ PTR ָ (ڷ DNS) example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 300 ) ; Negative Reponse TTL example.org. ͬʱҲϢļԭ㡣 ns1.example.org. admin.example.org. ĸ˵ĵʼַ @ Ҫ (admin@example.org Ӧ admin.example.org) 2006051501 ļš ÿ޸ļʱ֡ ֽ Աῼʹ yyyymmddrr ĸʽʾš 2006051501 ͨʾϴ޸ 05/15/2006 01 ʾĵһ޸ġ ŷdzҪ ֪ͨݡ IN NS ns1.example.org. һ NS  ÿ׼ṩȨӦķһӦ localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5 A ¼ָ˻ ǰģ ns1.example.org Ϊ 192.168.1.2 IN A 192.168.1.1 һаѵǰԭ example.org ָΪʹ IP ַ 192.168.1.1 www IN CNAME @ (CNAME) ¼ͨΪijָ̨ У www ָ һ ߵ example.org (192.168.1.1) ͬ CNAME ֵ֮ͬͬκ¼档 MX ¼ IN MX 10 mail.example.org. MX ¼ʾĸʼշʼ mail.example.org ʼ 10 ȼ ж̨ʼ ȼֱ 10 20 ȵȡ example.org Ͷʼķ ȳȼߵ MX (ȼֵСļ¼) ųԴθߵģ ظһֱʼݴΪֹ in-addr.arpa Ϣļ ( DNS) õĸʽͬģ ֻ PTR A CNAME λá $TTL 3600 1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 300 ) ; Negative Reponse TTL IN NS ns1.example.org. IN NS ns2.example.org. 1 IN PTR example.org. 2 IN PTR ns1.example.org. 3 IN PTR ns2.example.org. 4 IN PTR mx.example.org. 5 IN PTR mail.example.org. ļ IP ַӳϵ Ҫ˵ǣ PTR ¼Ҳֱȫ (ҲDZ . ) BIND һҪеݹѯɫ 򵥵нвѯ ѯסԱʹá ȫ BIND Ϊõ DNS ʵ֣ һЩȫ⡣ ʱ˷һЩܵõİȫ© &os; Զ named ŵ &man.chroot.8; У һЩõİȫDZڵ DNS Ĺ Ķ CERT İȫ棬 the &a.security-notifications; һڰ˽ Internet &os; ȫĺϰߡ ⣬ ȷԴµģ һ named пܻ һĶ BIND/named ֲ᣺ &man.rndc.8; &man.named.8; &man.named.conf.5; ٷ ISC BIND ҳ Official ISC BIND Forum O'Reilly DNS BIND 5 RFC1034 - - ͹ RFC1035 - - ʵּ׼ Murray Stokely Contributed by Apache HTTP web Apache &os; ȫΪæ web վ㡣 Internet ϵ web ʹ Apache HTTP Apache FreeBSD װҵ û״ΰװʱװ Apache ͨ www/apache13 www/apache22 port װ һɹذװ Apache ͱá һڽ 1.3.X 汾 Apache HTTP ã Ϊ &os; һͬʹõİ汾 Apache 2.X ˺ܶ¼ ڴ˲ۡ Ҫ˽ Apache 2.X ĸϣ μ Apache ļ Ҫ Apache HTTP Server ļ &os; ϻᰲװΪ /usr/local/etc/apache/httpd.conf һ͵ &unix; ıļ ʹ # Ϊעͷ ȫѡ꾡ܳ˱ķΧ ォֻ޸ĵЩ ServerRoot "/usr/local" ָ Apache װĶĿ¼ ִļŵĿ¼ (server root) bin sbin Ŀ¼У ļλ etc/apache ServerAdmin you@your.address ַڷʱӦ͵ʼĵַ ڷɵҳϣ ҳ档 ServerName www.example.com ServerName ÷ͻؿͻ˵ ķûԱַ (磬 ʹ www ʵ) DocumentRoot "/usr/local/www/data" DocumentRoot Ŀ¼ĵڵĿ¼ Ĭ£ е󶼻λȥȡ ҲͨӺͱָλá ޸֮ǰ Apache ļԶһϰߡ һԳʼˣ ͿԿʼ Apache ˡ <application>Apache</application> Apache ֹͣ ͬ Apache inetd С һ»Ϊһķ ڿͻ web HTTP ʱ ܹøõܡ ṩһ shell űʹ ֹͣþܵؼ򵥡 ״ Apache ִֻУ &prompt.root; /usr/local/sbin/apachectl start κʱʹֹͣ &prompt.root; /usr/local/sbin/apachectl stop ijԭ޸ļ֮ Ҫ &prompt.root; /usr/local/sbin/apachectl restart Ҫ Apache ʱжϵǰӣ ӦУ &prompt.root; /usr/local/sbin/apachectl graceful Ϣ &man.apachectl.8; ֲҵ Ҫϵͳʱ Apache Ӧ /etc/rc.conf м룺 apache_enable="YES" ߶Apache 2.2 apache22_enable="YES" ϣϵͳʱ Apache httpd ָһЩѡ ԰мӵ rc.conf apache_flags="" web Ϳʼˣ ʹ web http://localhost/ Ĭʾ web ҳ /usr/local/www/data/index.html Apache ֲ֧ͬ͵ һַǻֵ ֵʹÿͻ HTTP/1.1 ͷ ʹòͬԹͬһ IP ַ Ҫ Apache ʹûֵ Ҫӵ httpd.conf У NameVirtualHost * web www.domain.tld ϣһ www.someotherdomain.tld Ӧ httpd.conf м룺 <VirtualHost *> ServerName www.domain.tld DocumentRoot /www/domain.tld </VirtualHost> <VirtualHost *> ServerName www.someotherdomain.tld DocumentRoot /www/someotherdomain.tld </VirtualHost> Ҫĵַĵ·ΪʹõЩ Ҫ˽ĸϢ οٷ Apache ĵ Щĵ ҵ Apache ģ Apache ģ ಻ͬ Apache ģ飬 ǿڻķṩ฽ӵĹܡ FreeBSD Ports Collection Ϊװ Apache ͳõĸģṩ˷dzķ mod_ssl web ȫ SSL ѧ mod_ssl ģʹ OpenSSL ⣬ ṩͨ ȫ׽ֲ (SSL v2/v3) 㰲ȫ (TLS v1) Эǿ ģṩ˴ijһŵ֤ǩǩ֤йߣ Խ &os; аȫ web δװ Apache ҲֱӰװһݰ mod_ssl İ汾 Apache 1.3.X ䷽ͨ www/apache13-modssl port С SSL ֧ѾΪ Apache 2.X һṩ ͨ www/apache22 port װߡ ԰ ApacheһЩҪĽűԶӦģ顣 Щģʹȫʹijֽűд Apache ģΪܡ ͨҲǶ뵽ΪһפڴĽ ԱһⲿһڽĶ̬վʱԴϵĿ ̬վ web servers dynamic ڹȥʮԽԽҵΪͱʶת˻ Ҳͬʱ˶ڻҳݵЩ˾ µsoft; Ƴ˻רвƷĽԴҲ˻ĻӦ Ƚʱеѡ DjangoRuby on Rails mod_perl, and mod_php. Django Python Django Django һ BSD ֤ framework ÿ߿дܸƷʵ web Ӧó ṩһϵӳͿԱ Python еĶ󣬺һḻĶ̬ݿ API ʹ߱д SQL 䡣ͬʱṩ˿չģϵͳ Ӧó߼ HTML ıֲ롣 Django mod_python Apache, һѡ SQL ݿ档 һЩǡı־FreeBSD Port ϵͳ㰲װЩ⡣ װ DjangoApache2 mod_python3 PostgreSQL &prompt.root; cd /usr/ports/www/py-django; make all install clean -DWITH_MOD_PYTHON3 -DWITH_POSTGRESQL ڰװ Django Щ֮ Ҫһ Django ĿĿ¼Ȼ ApacheжվӦóijЩָ URL ʱǶ Python Django/mod_python й Apache ֵ Ҫ Apache ļ httpd.conf ⼸У ѶijЩ URL 󴫸 web Ӧó <Location "/"> SetHandler python-program PythonPath "['/dir/to/your/django/packages/'] + sys.path" PythonHandler django.core.handlers.modpython SetEnv DJANGO_SETTINGS_MODULE mysite.settings PythonAutoReload On PythonDebug On </Location> Ruby on Rails Ruby on Rails Ruby on Rails һԴ web framework ṩһȫĿܣܰ web ߹гЧͿдǿӦá ܷdz׵Ĵ posts ϵͳװ &prompt.root; cd /usr/ports/www/rubygem-rails; make all install clean mod_perl mod_perl Perl Apache/Perl ɼƻ Perl Եǿܣ Apache HTTP ܵؽϵһ ͨ mod_perl ģ飬 ȫʹ Perl ׫д Apache ģ顣 ⣬ Ƕij־Խ ⲿĽΪ Perl űɵʧ mod_perl ַͨʽṩ Ҫʹ mod_perl Ӧע mod_perl 1.0 ֻ Apache 1.3 mod_perl 2.0 ֻ Apache 2.X ʹá mod_perl 1.0 ͨ www/mod_perl װ Ծ̬ʽİ汾 ͨ www/apache13-modperl װ mod_perl 2.0 ͨ www/mod_perl2 װ Tom Rhodes Written by mod_php mod_php PHP PHP ҲΪ PHP: Hypertext Preprocessor һرʺ Web ͨýűԡ ܹ׵Ƕ뵽 HTML ֮У ﷨ӽ C &java; Լ Perl web ԱһѸ׫д̬ɵҳ档 Ҫ Apache web PHP5 ֧֣ ԴӰװ lang/php5 port ʼ ״ΰװ lang/php5 port ʱ ϵͳԶʾõһϵ OPTIONS (ѡ) ûп˵ ڹȥװ lang/php5 port ȵȣ ٴʾò˵ port Ŀ¼ִУ &prompt.root; make config ѡԻУ ѡ APACHE һ Ϳ Apache web ʹõĿɶ̬ص mod_php5 ģˡ ڸʽԭ (磬 Ѿ web ӦõļԿ) վʹ PHP4 Ҫ mod_php4 mod_php5 ʹ lang/php4 port lang/php4 port Ҳ֧ lang/php5 port ṩúͱʱѡ ǰѾɹذװֶ֧̬ PHP Ӧģ顣 鲢ȷѽü뵽 /usr/local/etc/apache/httpd.conf У LoadModule php5_module libexec/apache/libphp5.so AddModule mod_php5.c <IfModule mod_php5.c> DirectoryIndex index.php index.html </IfModule> <IfModule mod_php5.c> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps </IfModule> Щ֮ Ҫʹ apachectl һ graceful restart Ա PHP ģ飺 &prompt.root; apachectl graceful δ PHP ʱ make config ⲽͲDZˣ ѡ OPTIONS &os; Ports Զ档 &os; е PHP ֧Ǹ߶ģ黯ģ ˻װĹʮޡ ַ֧ܵdz򵥣 ֻͨ lang/php5-extensions port ɡ port ṩһ˵Ľ PHP չİװ ⣬ ҲͨӦ port װչ 磬 Ҫ MySQL ݿּ֧ PHP5 ֻ򵥵ذװ databases/php5-mysql װչ֮ Apache Ӧµñ &prompt.root; apachectl graceful Murray Stokely Contributed by ļЭ (FTP) FTP ļЭ (FTP) Ϊûṩһ򵥵ģ FTP ļķ &os; ϵͳа FTP ftpd ʹ &os; Ͻ͹ FTP ÷dz򵥡 ҪòǾЩʺŷ FTP һ &os; ϵͳһϵϵͳʺŷֱִвͬķ δ֪ûӦ¼ʹЩʺš /etc/ftpusers ļУ г˲ͨ FTP ʵû Ĭ£ ǰϵͳʺţ ҲӦͨ FTP ʵû ܻϣͨ FTP ¼ijЩû ȫֹʹ FTP ͨ /etc/ftpchroot ļɡ һļгϣ FTP ʽƵûı &man.ftpchroot.5; ֲУ ѾԴ˽꾡Ľܣ ʶ׸ FTP Ҫڷ FTP ʣ 뽨һΪ ftp &os; û ûͿʹ ftp anonymous Ŀ (ϰϣ ӦǸûʼַΪ) ¼ͷ FTP FTP û¼ʱ &man.chroot.2; Ա㽫 ftp ûĿ¼С ıļָʾ FTP ͻеĻӭ֡ /etc/ftpwelcome ļеݽû֮ ڵ¼ʾ֮ǰʾ ڳɹĵ¼֮ ʾ /etc/ftpmotd ļеݡ עڵ¼ģ ˶ûԣ ʾ ~ftp/etc/ftpmotd һȷ FTP ͱ /etc/inetd.conf Ҫȫǽעͷ # е ftpd ֮ǰȥ ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l ܵ ޸ļ֮ inetd ¼ ʹµЧ Իȡйϵͳ inetd ϸϢ ftpd ҲΪһķ ĻҪ /etc/rc.conf µı ftpd_enable="YES" ֮󣬶ķ´ϵͳʱ ͨ root ִֶµ &prompt.root; /etc/rc.d/ftpd start ڿͨ¼ FTP ˣ &prompt.user; ftp localhost ά syslog ־ļ FTP ftpd ʹ &man.syslog.3; ¼Ϣ Ĭ£ ϵͳ־Ѻ FTP صϢ¼ /var/log/xferlog ļС FTP ־λã ͨ޸ /etc/syslog.conf ʾ޸ģ ftp.info /var/log/xferlog FTP һҪСĶԴ FTP пDZ⡣ һԣ ûϴļӦ˼ ܷԼ FTP վΪ˽δȨҵ̳ Ҫ FTP ϴ ļȨޣ ʹܹûܹЩļ֮ǰǡ Murray Stokely Contributed by Ϊ µsoft.windows; ͻṩļʹӡ (Samba) Samba Microsoft Windows ļ Windows ͻ ӡ Windows ͻ Samba һеĿԴ ṩ µsoft.windows; ͻļʹӡ ͻӲʹ FreeBSD ϵͳϵļռ䣬 ͬʹñصĴһ ʹñشӡһʹ FreeBSD ϵĴӡ Samba FreeBSD װҵ ûڳΰװ FreeBSD ʱװ Samba ͨ net/samba34 port package װ Ĭϵ Samba ļ /usr/local/share/examples/samba34/smb.conf.default ְװļ븴Ϊ /usr/local/etc/smb.conf жƣ ܿʼʹ Samba smb.conf ļа Samba ʱϢ ڴӡĶ壬 Լϣ &windows; ͻ ļϵͳ Samba һΪ swat web ߣ ṩ smb.conf ļļ򵥷 ʹ Samba Web (SWAT) Samba Web (SWAT) һͨ inetd еķ ˣ Ҫ /etc/inetd.conf 漸еעȥ ܹʹ swat Samba swat stream tcp nowait/400 root /usr/local/sbin/swat swat ܵ ޸ļ֮ inetd ¼ã ʹЧ һ inetd.conf swat Ϳ connect to ˡ ʹϵͳ root ʺŵ¼ ֻҪɹص¼ Samba ҳ棬 Ϳϵͳĵ Globals(ȫ) ѡʼˡ Globals СڶӦ [global] Сеı ǰλ /usr/local/etc/smb.conf С ȫ ʹ swat ֱӱ༭ /usr/local/etc/smb.conf ͨҪõ Samba ѡǣ workgroup NT ͨЩҵ netbios name NetBIOS ѡ Samba NetBIOS ֡ Ĭ£ DNS ֵĵһ֡ server string ѡͨ net view  ԼijЩ繤߿Բ鿴Ĺڷ˵֡ ȫ /usr/local/etc/smb.conf еҪã ѡİȫģͣ ԼͻûĿźˡ Щѡ security ѡʽ security = share security = user Ŀͻʹû Щû &os; һ£ һӦѡû (user) ȫ Ĭϵİȫԣ Ҫͻȵ¼ ȻܷʹԴ ù (share) ȫ ͻҪЧûͿ¼ ܹӹԴ ǽ汾 Samba еĬֵ passdb backend NIS+ LDAP SQL ݿ Samba ṩֲ֤ͬģ͡ ͨ LDAP NIS+ SQL ݿ⣬ 򾭹޸ĵĿļ ɿͻ˵֤ Ĭϵ֤ģʽ smbpasswd ҲDZ½ܵȫݡ ʹõĬϵ smbpasswd ˣ ȴһ /usr/local/etc/samba/smbpasswd ļ Samba Կͻ֤ &unix; ûʺܹ &windows; ͻϵ¼ ʹ &prompt.root; smbpasswd -a username ĿǰƼʹõĺ tdbsam Ӧʹûʺţ &prompt.root; pdbedit username ο ٷ Samba HOWTO ˽ѡĽһϢ ǰĻ ӦѾ Samba ˡ <application>Samba</application> net/samba34 port һµڿ Samba ű Ҫű Ա ֹͣ Samba Ҫ /etc/rc.conf ļм룺 samba_enable="YES" ⣬ ҲԽиϸȵĿƣ nmbd_enable="YES" smbd_enable="YES" Ҳͬʱϵͳʱ Samba ú֮ Ϳκʱͨ Samba ˣ &prompt.root; /usr/local/etc/rc.d/samba start Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd. μ ˽ʹ rc űĽһϢ Samba ʵϰ໥ķ Ӧܹ nmbd smbd ͨ samba űġ smb.conf winbind ֽ ӦÿԿ winbindd κʱֹͨͣ Samba &prompt.root; /usr/local/etc/rc.d/samba stop Samba һӵ ṩ µsoft.windows; мɵĸʽĹܡ Ҫ˽ܵĻװܣ Tom Hukins Contributed by ͨ NTP ʱͬ NTP ʱƣ ʱӻƯơ ʱЭ (NTP) һȷʱӱ׼ȷķ Internet 򼫴ڱؼʱӵ׼ȷԡ 磬 web ܻյһ Ҫļijһʱ֮޸Ĺŷ ھУ ļļ֮ʱǷͬҪ Ϊʹʱһ¡ &man.cron.8; ij Ҳȷϵͳʱӣ ܹ׼ȷִв NTP ntpd FreeBSD &man.ntpd.8; NTP ڲѯ NTP ñؼʱӣ Ϊṩ ѡʵ NTP NTP ѡ Ϊͬϵͳʱӣ Ҫҵһ NTP Թʹá Ա ISP ܻṩĿĵ NTP —鿴ǵĵ˽Ƿ ⣬ Ҳһߵ NTP б ԴѡһϽ NTP ȷѡķķʲԣ ҪĻ һɡ ѡ໥ӵ NTP һ⣬ ijɴ ʱӲɿʱͿбѡ Ϊ &man.ntpd.8; ܵѡյӦ—ʹÿɿķ Ļ NTP ntpdate ֻϵͳʱͬʱӣ ʹ &man.ntpdate.8; ھ ҲҪͬϵͳ˵Ƚʺϣ Ӧ &man.ntpd.8; ʱʹ &man.ntpdate.8; &man.ntpd.8; Ҳһ⡣ &man.ntpd.8; ʱӣ &man.ntpdate.8; ֱʱӣ ۻĵǰʱȷʱжƫ Ҫʱ &man.ntpdate.8; Ҫ ntpdate_enable="YES" ӵ /etc/rc.conf С ⣬ Ҫͨ ntpdate_flags ͬķѡ ǽݸ &man.ntpdate.8; һ NTP ntp.conf NTP ͨ /etc/ntp.conf ļõģ ʽ &man.ntp.conf.5; н һӣ server ntplocal.example.com prefer server timeserver.example.org server ntp2a.example.net driftfile /var/db/ntp.drift server ѡָʹһ ÿһһС ijһָ̨ prefer (ƫ) ntplocal.example.com ѡ ƫõķӦIJ Ӧ ʹӦ һ˵ prefer Ӧñעڷdzȷ NTP ʱԴ ЩʱӲķϡ driftfile ѡ ָϵͳʱƵƫļ &man.ntpd.8; ʹԶزʱӵȻƯƣ ӶʹʱӼʹжʱԴ£ ܱ൱׼ȷȡ driftfile ѡҲһӦʹõ NTP Ϣ ļ NTP ڲϢ Ӧκ޸ġ ķķ Ĭ£ NTP Ա Internet ϵʡ /etc/ntp.conf ָ restrict ԿЩķ ϣܾеĻ NTP ֻ /etc/ntp.conf м룺 restrict default ignore ֹķڱгķ Ҫ NTP NTP ͬʱ䣬 Ӧָ μֲ &man.ntp.conf.5; ˽һϸڡ ֻϣڵĻͨķͬʱӣ Ϊ ΪͬʱӵĽڵʱã restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap  Ҫ 192.168.1.0 Ϊϵ IP ַ 255.255.255.0 Ϊ롣 /etc/ntp.conf ܰ restrict ѡ Ҫ˽һϸڣ μ &man.ntp.conf.5; Access Control Support(ʿ֧) Сڡ NTP Ҫ NTP ϵͳʱ֮ Ҫ ntpd_enable="YES"/etc/rc.conf С ϣ &man.ntpd.8; ݸ Ҫ༭ /etc/rc.conf е ntpd_flags Ҫڲǰ Ҫֹ ntpd /etc/rc.conf е ntpd_flags ָIJ 磺 &prompt.root; ntpd -p /var/run/ntpd.pid ʱԵ Internet ʹ ntpd &man.ntpd.8; ҪԵ Internet ӡ Ȼ ʱΪ貦ŵģ ôֹ NTP ͨѶƵţ 򱣳ӾбҪˡ ʹû PPP ʹ filter/etc/ppp/ppp.conf нбҪá 磺 set filter dial 0 deny udp src eq 123 # Prevent NTP traffic from initiating dial out set filter dial 1 permit 0 0 set filter alive 0 deny udp src eq 123 # Prevent incoming NTP traffic from keeping the connection open set filter alive 1 deny udp dst eq 123 # Prevent outgoing NTP traffic from keeping the connection open set filter alive 2 permit 0/0 0/0 Ҫ˽һϢ ο &man.ppp.8; PACKET FILTERING() Сڣ Լ /usr/share/examples/ppp/ еӡ ijЩ Internet ṩֹ̻ͱŵĶ˿ڣ ᵼ NTP ޷ ΪӦ޷Ļ һϢ NTP ĵ /usr/share/doc/ntp/ ҵ HTML ʽİ汾 Tom Rhodes Contributed by ʹ <command>syslogd</command> ¼Զ־ ϵͳ־ϵͳȫ͹һҪ档 жֲ̨ͻĻٻǴڸֲͬ͵У ־ļԵ÷dzԲ £ Զ־¼ʹ̱øɡ м¼־һָ̨ĻܹһЩ־ļĸ ־ļռ ϲѭһã ʹ &os; ԭĹߣ &man.syslogd.8; &man.newsyslog.8; µʾУ A Ϊ logserv.example.com ռ־Ϣ B Ϊ logclient.example.com ־Ϣ͸ ʵУ Ҫȷͷ DNS /etc/hosts м¼ ݽա ־ ־óԶ־ϢĻ ڴΪ˷ã Ϊ˸õĹ Ǻԭ ڼ֮ǰҪһЩ һȷõ־¼ Ϳͻ˵ķǽ 514 ˿ϵ UDP ͨ syslogd óɽܴԶ̿ͻϢ syslogd еĿͻ˶ȷͷ DNS /etc/hosts Ӧá ־ ͻ˱ /etc/syslog.conf г, ָ־ facility +logclient.example.com *.* /var/log/logclient.log ڸֱֲ֧õ facility &man.syslog.conf.5; ֲҳҵ һԺ д facility Ϣᱻ¼ǰָļ /var/log/logclient.log ṩĻҪ /etc/rc.conf ã syslogd_enable="YES" syslogd_flags="-a logclient.example.com -v -v" һѡʾϵͳʱ syslogd ڶѡʾָ־Դͻ˵ݡ ڶIJ֣ ʹ ʾ־Ϣϸ̶ȡ ڵ facility õʱ ÷dzã ΪԱܹЩϢΪĸ facility ¼ ͬʱָ ѡͻ ⣬ ָ IP ַΣ &man.syslog.3; ֲ˽õб ־ļӦñ úַ &man.touch.1; ܺܺõɴ &prompt.root; touch /var/log/logclient.log ʱ Ӧȷһ syslogd ػ̣ &prompt.root; /etc/rc.d/syslogd restart &prompt.root; pgrep syslog һ PIC Ļ Ӧñɹ, ʼÿͻˡ ûĻ /var/log/messages ־в ־ͻ ־ͻһ̨־Ϣ־Ļ ڱر濽 ־ƣ ͻҲҪһЩ &man.syslogd.8; 뱻óɷָ͵Ϣܽǵ־ ǽ 514 ˿ϵ UDP ͨ DNS /etc/hosts ȷļ¼ ȷ˵ÿͻ˸һЩ ͻ˵Ļ /etc/rc.conf µã syslogd_enable="YES" syslogd_flags="-s -v -v" ǰƣ Щѡϵͳ syslogd ־Ϣϸ̶ȡ ѡʾֹ־ Facility ijϢϵͳIJɵġ ˵ ftp ipfw facility ־Ϣʱ ͨ־Ϣаֹߡ Facility ͨһȼȼ һ־ϢҪ̶ȡ ͨΪ warning info &man.syslog.3; ֲҳԻһõ facility ȼб ־ڿͻ˵ /etc/syslog.conf ָ ڴУ @ űʾ־ݵԶ̵ķ ȥ *.* @logserv.example.com Ӻ syslogd ʹ޸Ч &prompt.root; /etc/rc.d/syslogd restart ־ϢǷͨ緢ͣ ׼ϢĿͻ &man.logger.1; syslogd Ϣ &prompt.root; logger "Test message from logclient" ϢӦͬʱڿͻ /var/log/messages Լ־ /var/log/logclient.log С ־ ijЩ£ ־ûյϢĻҪһˡ мܵԭ ӵ DNS ⡣ Ϊ˲Щ⣬ ȷߵĻʹ /etc/rc.conf 趨ʵԷ Ļ ôҪ /etc/rc.conf е syslogd_flags ѡЩ޸ˡ µʾУ /var/log/logclient.log ǿյģ /var/log/message Ҳûбκʧܵԭ ΪӵԵ ޸ ayalogd_flags ѡµʾ syslogd_flags="-d -a logclien.example.com -v -v" &prompt.root; /etc/rc.d/syslogd restart ֮ ĻϽĵݣ logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel Logging to FILE /var/log/messages syslogd: kernel boot file is /boot/kernel/kernel cvthname(192.168.1.10) validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com; rejected in rule 0 due to name mismatch. ԣϢƥյġ һһļļ֮ /etc/rc.conf syslogd_flags="-d -a logclien.example.com -v -v" Ӧð logclient logclien ȷ޸IJܼ֮ԤڵЧˣ &prompt.root; /etc/rc.d/syslogd restart logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel syslogd: kernel boot file is /boot/kernel/kernel logmsg: pri 166, flags 17, from logserv.example.com, msg Dec 10 20:55:02 <syslog.err> logserv.example.com syslogd: exiting on signal 2 cvthname(192.168.1.10) validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com; accepted in rule 0. logmsg: pri 15, flags 0, from logclient.example.com, msg Dec 11 02:01:28 trhodes: Test message 2 Logging to FILE /var/log/logclient.log Logging to FILE /var/log/messages ˿̣ Ϣܹȷղļˡ ȫԷ˼ һ ʵ֮ǰҪǰȫԡ ʱ־ļҲϢ 籾õķ ûʺźݡ ӿͻ˷ݾ絽 ڼûмҲû뱣 мҪĻ ʹ security/stunnel һܵдݡ ذȫҲͬǸ⡣ ־ļʹлѭתûбܡ ûܶȡЩļԻöϵͳ˽⡣ ЩļȷȨǷdzбҪġ &man.newsyslog.8; ָ֧´ѭ־Ȩޡ ־ļȨΪ 600 ֹûҪĿ̽ diff --git a/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml b/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml index 55bf7c23b6..2d14e538cd 100644 --- a/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml +++ b/zh_CN.GB2312/books/handbook/ppp-and-slip/chapter.xml @@ -1,2883 +1,2837 @@ Jim Mock Restructured, reorganized, and updated by PPP SLIP - - PPP - - - SLIP - FreeBSD кܶ෽Խ ͨʹò modem Internet ӣ ͨĻ磬 - ЩҪʹ PPP SLIP + ЩҪʹ PPPPPP SLIPSLIP ½ϸЩ modem ͨŷķ һ£ ˽⣺ û PPP ں˼ PPP ( &os; 7.X) PPPoE (PPP over Ethernet) PPPoA (PPP over ATM) úͰװ SLIP ͻ˺ͷ ( &os; 7.X) PPP û PPP PPP ں˼ PPP PPP PPPoE Ķ֮ǰ Ӧ Ϥ ⲦӺ PPP SLIP Ļ֪ʶ ֪û PPP ں˼ PPP ֮IJ֮ͬ شܼ򵥣 û PPP ûݣ ں˼ ںû֮临ݵĻҪһЩ ṩиԵPPPʵ֡ ûPPPʹ tun 豸ͨŶں˼ PPP ʹ ppp У û˵ ppp ָû̬ PPP Ҫ PPP pppd ( &os; 7.X) ֡ ⣬ ûжע ܵҪ root Ȩޡ Tom Rhodes Updated and enhanced by Brian Somers Originally contributed by Nik Clayton With input from Dirk Frömberg Peter Childs ʹû PPP &os; 8.0 ʼ &man.uart.4; ȡ &man.sio.4; Աʾڵ豸ڵɷֱ /dev/cuadN Ϊ /dev/cuauN /dev/ttydN Ϊ /dev/ttyuN &os; 7.X ûʱҪӦ֮ļбҪĸġ û PPP ǰ ¼ٶ߱ - - ISP - - - PPP - - һ ISP ṩʹ PPP ʺš + һ ISPISP ṩʹ PPPPPP ʺš Ҫϵͳϣ ȷõ modem ܹ ISP 豸 ISP IJź롣 - - PAP - - - CHAP - - - UNIX - - - login name - - - password - - ĵ¼ƺ (һ UNIX ĵ¼ԣ - Ҳ PAP CHAP ¼) + ĵ¼ƺ (һ UNIXUNIX ĵ¼ԣlogin namepassword + Ҳ PAPPAP CHAPCHAP ¼) - - nameserver - - һ IP ַ ͨ ISPõIPַ ٵõһ Ϳļ ppp.conf м enable dns ʹ ppp - ȡ ISP ֧ DNS Э̵ľʵ֡ + ȡ ISP ֧ DNS Э̵ľʵ֡nameserver Ϣ ISP ṩ DZģ ISPIPַ ׼ӣ Ϊ Ĭ· ûϢ 鹹һ ʱ ISP PPP Զȷֵ 鹹 IP ַ ppp м HISADDR ׼ʹõ롣 ISPûṩ һʹ 255.255.255.255 ûġ - - static IP address (̬ IP ַ) - - ISP ṩ˾̬IPַ ǡ - ֮ ӦöԷָΪʵ IP ַ + ֮ ӦöԷָΪʵ IP ַstatic IP address (̬ IP ַ) ֪ЩϢ ISP ϵ У Ϊչʾļжкš ЩкֻΪʹͺ۱÷㣬 ʵļвڡ ⣬ ڱҪʱӦʹ Tab Ϳո <application>PPP</application>Զ PPP configuration () ppppppd(PPPں˼ʵ֣ &os; 7.X) ʹ /etc/ppp Ŀ¼еļ û PPP ӿ /usr/share/examples/ppp/ ҵ pppҪҪ༭ļ ༭ļļȡ IP Ǿ̬ (ÿζʹͬһַ) Ƕ̬ (ÿӵ ISP òͬ IP ַ) PPP;̬IPַ PPP with static IP addresses Ҫ༭ļ/etc/ppp/ppp.conf ʾ ð:βдӵһ ()ʼ ежҪʹÿոƱ (Tab) 1 default: 2 set log Phase Chat LCP IPCP CCP tun command 3 ident user-ppp VERSION (built COMPILATIONDATE) 4 set device /dev/cuau0 5 set speed 115200 6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ 7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 8 set timeout 180 9 enable dns 10 11 provider: 12 set phone "(123) 456 7890" 13 set authname foo 14 set authkey bar 15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp" 16 set timeout 300 17 set ifaddr x.x.x.x y.y.y.y 255.255.255.255 0.0.0.0 18 add default HISADDR 1 ָĬϵ PPPʱеԶִС 2 õ¼ Ϊ־ļ ӦüΪ set log phase tun 3 PPP ԷʶԼ ڽʹʱκ鷳 PPPͻԷұʶ ԷԱڴʱ ЩϢá 4 modemҪӵĶ˿ںš COM1 Ӧ豸 /dev/cuau0 COM2 Ӧ /dev/cuau1 5 ӵٶȡ 115200 ⣬ 38400 6 & 7 - - PPP - user PPP - - - ַ û PPP ʹһ &man.chat.8;Ƶ﷨ + ַ û PPPPPPuser PPP ʹһ &man.chat.8;Ƶ﷨ οֲ˽ԵϢ ע⣬ Ϊ˱Ķ˻С κ ppp.conf  ǰеһַ \ 8 ӵʱ Ĭ 180 룬 һǶġ 9 PPPԷȷϱá ˱ص ҪעͻɾһС 10 Ϊ˿ɶԵҪһС лᱻPPPԡ 11 Ϊ providerָһ Ըij ISP֣ ԺͿʹ ӡ 12 ṩ̵ĵ绰롣 绰ʹð (:) ܵ (|) ַ&man.ppp.8;ֲнܡ ܵ ҪѭʹЩ룬 ʹðš ʹõһ룬 һʧõڶ룬 ʹùܵš ʾ Ҫ绰(") 绰пո (") ɼȴԲĴ 13 & 14 ָû롣 ʹ &unix; ʾ¼ʱ Щֵô \U \P set login ޸ġ ʹPAPCHAPʱ Щֵ֤ʹá 15 - PAP - CHAP ʹõPAPCHAP Ͳе¼ ҪעͻɾһС - ο PAP CHAP֤ + ο PAPPAP CHAP֤CHAP ˽ϸڡ ¼ǵ﷨chat͵ġ ģ J. Random Provider login: foo password: bar protocol: ppp ҪıűʺԼҪ һдűʱ ӦȷѾ chat ڵ¼״̬ ȷͨǷڰƻС 16 - timeout - Ĭϵijʱʱ䡣  300 ӦϿóɳʱ - ֵó0 ʹ ѡ + ֵó0 ʹ ѡtimeout 17 - ISP - - ýӿڵַ Ҫ ISP ṩ IP ַ滻ַ + ýӿڵַ Ҫ ISPISP ṩ IP ַ滻ַ x.x.x.x ISP IP ַ (Ҫӵ) 滻ַ y.y.y.y ISPûиṩصַ ʹ 10.0.0.2/0 Ҫʹһ µĵַ ȷ /etc/ppp/ppp.linkup Ϊÿ PPPͶ̬IPַ ָһ ûһУ ppp ޷ ģʽС 18У һISPصĬ·ɡ HISADDRؼֻᱻ17ָصַ滻 бڵ17֮ HISADDR ʼ֮ǰʹֵ ʹ PPPӦŲ ppp.linkup ļС һ̬IPַ ʹ ģʽppp(Ϊ֮ǰѾȷ·ɱ) ǾͲҪppp.linkup  ϣԺ󴴽һó Ժsendmailл͡ ʾļĿ¼ /usr/share/examples/ppp/ ҵ PPPͶ̬IPַ PPP with dynamic IP addresses IPCP ISPûָ̬IPַ pppҪóܹԷЭȷغԶ̵ַ Ҫ ҪһIPַ Ȼ pppӺʹIPЭ(IPCP)ȷá ppp.conf PPP;̬IPַһģ µĸı䣺 17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0 ٴǿ Ҫкţ ֻһñǡ һոDZġ 17 / ַ PPP Ҫĵַ롣 ԸҪʹòͬ IP ַ ϵԶǿеġ IJ(0.0.0.0) PPP0.0.0.0 10.0.0.1 ʼЭ̵ַ ЩISP DZġ Ҫ 0.0.0.0 Ϊ set ifaddr ĵһ Ϊʹ PPP ģʽʱóʼ·ɡ ģʽ Ҫ/etc/ppp/ppp.linkupдһ ӽ֮ ppp.linkupá ʱ pppָɽӿڵַ ·ɱ 1 provider: 2 add default HISADDR 1 Ϊ˽ӣ ppp ᰴ¹ ppp.linkupѰ:ȣ ͼѰͬıǩ (ͬppp.confһ ʧˣ ѰΪ IP ַ ĸλֽڵķ ûҵ Ѱ MYADDR 2 и pppָ HISADDRĬ·ɡ HISADDRͨIPCPЭ̵õIP滻 ο/usr/share/examples/ppp/ppp.conf.sample /usr/share/examples/ppp/ppp.linkup.sample еpmdemandԻȡϸڻӡ ղ PPP receiving incoming calls Ҫ pppLANϵ ʱ ҪǷ񽫰תLAN ǵĻ ͱ LAN иԷһIP Ҫļ /etc/ppp/ppp.conf ʹ enable proxy Ӧȷļ /etc/rc.conf аݣ gateway_enable="YES" ʹĸgetty FreeBSD IJŷ &man.getty.8; ŷ getty ֮⻹ mgettycomms/mgetty+sendfax port װ) getty ܰ汾 ǰղߵ˼Ƶġ ʹ mgetty ĺôܻ modem ζ/etc/ttysеĶ˿ڱرգ modermͲӦ롣 °汾 mgetty ( 0.99beta ) Ҳ֧Զ PPP ͻ˲ʹýűҲܷʷˡ οMgetty AutoPPPֲ˽Ϣ <application>PPP</application> Ȩ ppp ͨ root ûС ϣͨû ppp () ͱѴû network 飬 ʹ ppp Ȩޡ Ҫʹallowʹûܷ һ֣ allow users fred mary default У ָûκζ ̬IPûPPP Shell PPP shells һΪ/etc/ppp/ppp-shellļ ݣ #!/bin/sh IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'` CALLEDAS="$IDENT" TTY=`tty` if [ x$IDENT = xdialup ]; then IDENT=`basename $TTY` fi echo "PPP for $CALLEDAS on $TTY" echo "Starting PPP for $IDENT" exec /usr/sbin/ppp -direct $IDENT űҪпִԡ Ȼͨһָ˽űΪ ppp-dialupķӣ &prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialup ӦýűΪвû shell ļ /etc/passwd й PPP û pchilds (мǣ Ҫֱ޸ļ &man.vipw.8; ޸) pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup һΪ /home/ppp Ŀ¼ΪûĿ¼ аЩļ -r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin -r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts ͿԷֹ/etc/motdʾ ̬IPûShell PPP shells ppp-shellļ Ϊÿ̬IPûһ ppp-shell ӡ 磬 ϣΪû fred sam mary · /24 CIDR 磬 Ҫݣ &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary ÿûShell뱻һ(û maryShellӦ/etc/ppp/ppp-mary) Ϊ̬IPû<filename>ppp.conf</filename> /etc/ppp/ppp.confļӦð ЩУ default: set debug phase lcp chat set timeout 0 ttyu0: set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255 enable proxy ttyu1: set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255 enable proxy ñġ default:ÿλỰʱء ÿ /etc/ttys õжΪ䴴һ ttyu0:  ÿһӦôӶ̬ IP ַȡΨһIPַ Ϊ̬ IP û <filename>ppp.conf</filename> /usr/share/examples/ppp/ppp.conf ļݣ Ϊÿ̬ûһ Ǽ fred sam Լ maryΪ fred: set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255 sam: set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255 mary: set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255 Ҫ /etc/ppp/ppp.linkup ҲӦðÿ̬IPûĵ·Ϣ һΪͻ˵ 203.14.101.0/24 ·ɡ fred: add 203.14.101.0 netmask 255.255.255.0 HISADDR sam: add 203.14.102.0 netmask 255.255.255.0 HISADDR mary: add 203.14.103.0 netmask 255.255.255.0 HISADDR <command>mgetty</command>AutoPPP mgetty AutoPPP LCP Ĭ£ comms/mgetty+sendfax port ڱʱ AUTO_PPP ѡ ʹ mgetty ܹ PPP ӵ LCP ״̬ Զ PPP shell Ĭе login/password в֣ ˣ ͱʹ PAP CHAP ûݡ ڼٶûѾϵͳгɹر벢װ comms/mgetty+sendfax ȷ /usr/local/etc/mgetty+sendfax/login.config ļаݣ /AutoPPP/ - - /etc/ppp/ppp-pap-dialup иmgetty ppp-pap-dialupűPPPӡ /etc/ppp/ppp-pap-dialupļд (ļӦǿִе) #!/bin/sh exec /usr/sbin/ppp -direct pap$IDENT Ӧÿ/etc/ttysУ Ҫ/etc/ppp/ppp.conf дӦ Ķͬġ pap: enable pap set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 enable proxy ÿַʽ¼û /etc/ppp/ppp.secret ļиû/ ʹѡ ͨ PAP ʽ /etc/passwd ļṩϢ֤ enable passwdauth ΪijЩû侲̬IP /etc/ppp/ppp.secret нIPΪָ μ /usr/share/examples/ppp/ppp.secret.sample еӡ MS Extensions DNS NetBIOS PPPMicrosoft extensions PPPṩDNSNetBIOSַ Ҫ PPP 1.x 汾Щչ Ҫ /etc/ppp/ppp.conf ĶӦмã enable msext set ns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 PPP汾2ϣ accept dns set dns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 ⽫߿ͻѡͱ ڰ汾2ϰ汾У ʡ set dns PPPʹ /etc/resolv.confеֵ PAP CHAP ֤ PAP CHAP һЩ ISP ϵͳΪʹ PAP CHAP ֤ ʱ ISP Ͳῴ login: ʾ ʼ PPP Ի PAP ȫҪ CHAP һЩ ﰲȫԲ⣬ Ϊ (ʹĴ) ֻͨߴͣ ߲û̫ȥ ο PPP 뾲̬ IP ַ PPP 붯̬ IP ַ Сڣ иĶ 13 set authname MyUserName 14 set authkey MyPassword 15 set login 13 У һָPAP/CHAPû ҪΪMyUserNameȷֵ 14 У password һָ PAP/CHAP password롣 ҪΪ MyPassword ȷֵ ⣬ϣһЩѡ磺 16 accept PAP 16 accept CHAP ȷͼ Ĭ PAP CHAP ᱻܡ 15 ʹõ PAP CHAP һ˵ ISP ͲҪ¼ˡ ʱ ͱ set login á ʱı<command>ppp</command> ̨еpppжԻǿܵģ ǰһʵ϶˿ڡ һ㣬 Ҫм뵽У set server /var/run/ppp-tun%d DiagnosticPassword 0177 и PPPָ&unix;socket ûʱҪָ롣 %dtun豸滻 һsocket Ϳڽűеó&man.pppctl.8;е PPP ʹPPPַ PPP NAT PPP ʹڽ NAT ں֧֡ /etc/ppp/ppp.conf м nat enable yes PPP NATҲʹѡ -nat /etc/rc.conf ļҲ ppp_nat  Ĭá ʹԣ ᷢ /etc/ppp/ppp.conf ѡincoming connections forwardingõģ nat port tcp 10.0.0.2:ftp ftp nat port tcp 10.0.0.2:http http ȫ nat deny_incoming yes ϵͳ PPPconfiguration ppp ֮ǰһЩҪ ޸ /etc/rc.conf ¿ ȷѾȷ hostname= hostname="foo.example.com" ISPṩһ̬IP֣ Ϊhostnameʵġ Ѱ network_interfaces ҪϵͳͨISP һҪtun0豸б ɾ network_interfaces="lo0 tun0" ifconfig_tun0= ifconfig_tun0Ӧǿյģ ҪһΪ /etc/start_if.tun0ļ ļӦðһУ ppp -auto mysystem ˽űʱִУ PPPػ̽Զģʽ ̨ӳ䵱һLANأ ϣʹ οֲ˽ϸڡ /etc/rc.conf У ·ɳΪ NO router_enable="NO" routed routed dzҪ Ϊ routed ܻɾ ppp Ĭ·ɡ ⣬ ǽȷһ sendmail_flags һûָ sendmail ᲻ϵسԲ磬 ᵼ»ϵؽвš Կǣ sendmail_flags="-bd" sendmail ǵÿ PPP ӽʱͨǿ sendmail ¼ʼУ &prompt.root; /usr/sbin/sendmail -q Ҳppp.linkupʹ!bgԶЩ 1 provider: 2 delete ALL 3 add 0 0 HISADDR 4 !bg sendmail -bd -q30m SMTP ϲ һ dfilter ֹ SMTP 䡣 οļ˽ϸڡ ΨһҪ ֮󣬿룺 &prompt.root; ppp Ȼdial providerԿ PPPỰ pppԶỰ Ϊһ (ûд start_if.tun0 ű) 룺 &prompt.root; ppp -auto provider ܽ һPPPʱ 漸DZģ ͻˣ ȷ tun˽ˡ ȷ /dev Ŀ¼Ϊ tunN 豸ļǿõġ /etc/ppp/ppp.confдһ pmdemandʾӦʺھISP ʹö̬IPַ /etc/ppp/ppp.linkupһ /etc/rc.conf ļ Ҫ貦ţ һstart_if.tun0ű ˣ ȷtun豸ѱںˡ ȷ /dev Ŀ¼Ϊ tunN 豸ļǿõġ /etc/passwdдһ (ʹ&man.vipw.8;) ûhomeĿ¼һ ppp -direct direct-serverprofile /etc/ppp/ppp.confдһ direct-serverʾӦҪ /etc/ppp/ppp.linkupдһ /etc/rc.conf ļ Gennady B. Sorokopud Parts originally contributed by Robert Huff ʹں˼PPP ֻ &os; 7.X Ͽá ں˼PPP PPP kernel PPP ڿʼ PPP ֮ǰ ȷ pppd Ѿ /usr/sbin У /etc/ppp Ŀ¼Ǵڵġ pppdģʽ¹ Ϊһ ͻ — ҪͨPPP߻modem߰Ļӵϡ PPP server Ϊ —Ѿλϣ ұͨPPPӡ Ҫһѡļ (/etc/ppp/options ~/.ppprc ļжûʹPPP) ҪһЩmodem/serial(comms/kermitͺʺ) ʹܹŲԶӡ Trev Roydhouse Based on information provided by ʹ<command>pppd</command>Ϊͻ PPP client Cisco /etc/ppp/optionsѡļܹCISCOն˷ PPPӡ crtscts # enable hardware flow control modem # modem control line noipdefault # remote PPP server must supply your IP address # if the remote host does not send your IP during IPCP # negotiation, remove this option passive # wait for LCP packets domain ppp.foo.com # put your domain name here :remote_ip # put the IP of remote PPP host here # it will be used to route packets via PPP link # if you didn't specified the noipdefault option # change this line to local_ip:remote_ip defaultroute # put this if you want that PPP server will be your # default router ӣ Kermit modem ʹ Kermit ( modem ) ȻûͿ (Զ PPP Ϣ) ˳ Kermit (Ҷ) У &prompt.root; /usr/sbin/pppd /dev/tty01 19200 һҪʹȷٶȺ豸 ļѾPPPӡ ʧܣ ļ /etc/ppp/options ѡ 鿴̨ϢԸ⡣ /etc/ppp/pppupűԶ裺 #!/bin/sh pgrep -l pppd pid=`pgrep pppd` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi pgrep -l kermit pid=`pgrep kermit` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi ifconfig ppp0 down ifconfig ppp0 delete kermit -y /etc/ppp/kermit.dial pppd /dev/tty01 19200 Kermit /etc/ppp/kermit.dial һ Kermit ű ɲţ ԶҪ֤ (ĵһűʵ) ʹű/etc/ppp/pppdownϿPPPߣ #!/bin/sh pid=`pgrep pppd` if [ X${pid} != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill -TERM ${pid} fi pgrep -l kermit pid=`pgrep kermit` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi /sbin/ifconfig ppp0 down /sbin/ifconfig ppp0 delete kermit -y /etc/ppp/kermit.hup /etc/ppp/ppptest ִͨ/usr/etc/ppp/ppptest pppd ǷУ #!/bin/sh pid=`pgrep pppd` if [ X${pid} != "X" ] ; then echo 'pppd running: PID=' ${pid-NONE} else echo 'No pppd running.' fi set -x netstat -n -I ppp0 ifconfig ppp0 ִнű /etc/ppp/kermit.hupԹmoderm ļ set line /dev/tty01 ; put your modem device here set speed 19200 set file type binary set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none pau 1 out +++ inp 5 OK out ATH0\13 echo \13 exit Ҳchat kermit ļԽpppdӡ /etc/ppp/options /dev/cuad1 115200 crtscts # enable hardware flow control modem # modem control line connect "/usr/bin/chat -f /etc/ppp/login.chat.script" noipdefault # remote PPP serve must supply your IP address # if the remote host doesn't send your IP during # IPCP negotiation, remove this option passive # wait for LCP packets domain your.domain # put your domain name here : # put the IP of remote PPP host here # it will be used to route packets via PPP link # if you didn't specified the noipdefault option # change this line to local_ip:remote_ip defaultroute # put this if you want that PPP server will be # your default router /etc/ppp/login.chat.script µӦ÷һڡ ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDTphone.number CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: login-id TIMEOUT 5 sword: password һЩװ޸ȷ Ҫľpppd &prompt.root; pppd ʹ<command>pppd</command>Ϊ /etc/ppp/optionsҪЩݣ crtscts # Hardware flow control netmask 255.255.255.0 # netmask (not required) 192.114.208.20:192.114.208.165 # IP's of local and remote hosts # local ip must be different from one # you assigned to the Ethernet (or other) # interface on your machine. # remote IP is IP address that will be # assigned to the remote machine domain ppp.foo.com # your domain passive # wait for LCP modem # modem line ű/etc/ppp/pppserv ʹpppdԷʽ #!/bin/sh pgrep -l pppd pid=`pgrep pppd` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi pgrep -l kermit pid=`pgrep kermit` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi # reset ppp interface ifconfig ppp0 down ifconfig ppp0 delete # enable autoanswer mode kermit -y /etc/ppp/kermit.ans # run ppp pppd /dev/tty01 19200 ʹýű/etc/ppp/pppservdownֹͣ #!/bin/sh pgrep -l pppd pid=`pgrep pppd` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi pgrep -l kermit pid=`pgrep kermit` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi ifconfig ppp0 down ifconfig ppp0 delete kermit -y /etc/ppp/kermit.noans Kermit ű (/etc/ppp/kermit.ans) ܹ/ modem ԶӦģʽ set line /dev/tty01 set speed 19200 set file type binary set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none pau 1 out +++ inp 5 OK out ATH0\13 inp 5 OK echo \13 out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable ; autoanswer mode inp 5 OK echo \13 exit һΪ/etc/ppp/kermit.dialĽűԶ вź֤ ҪҪ ҪĵѰ룬 Ҫ modem ԶķӦ޸䡣 ; ; put the com line attached to the modem here: ; set line /dev/tty01 ; ; put the modem speed here: ; set speed 19200 set file type binary ; full 8 bit file xfer set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none set modem hayes set dial hangup off set carrier auto ; Then SET CARRIER if necessary, set dial display on ; Then SET DIAL if necessary, set input echo on set input timeout proceed set input case ignore def \%x 0 ; login prompt counter goto slhup :slcmd ; put the modem in command mode echo Put the modem in command mode. clear ; Clear unread characters from input buffer pause 1 output +++ ; hayes escape sequence input 1 OK\13\10 ; wait for OK if success goto slhup output \13 pause 1 output at\13 input 1 OK\13\10 if fail goto slcmd ; if modem doesn't answer OK, try again :slhup ; hang up the phone clear ; Clear unread characters from input buffer pause 1 echo Hanging up the phone. output ath0\13 ; hayes command for on hook input 2 OK\13\10 if fail goto slcmd ; if no OK answer, put modem in command mode :sldial ; dial the number pause 1 echo Dialing. output atdt9,550311\13\10 ; put phone number here assign \%x 0 ; zero the time counter :look clear ; Clear unread characters from input buffer increment \%x ; Count the seconds input 1 {CONNECT } if success goto sllogin reinput 1 {NO CARRIER\13\10} if success goto sldial reinput 1 {NO DIALTONE\13\10} if success goto slnodial reinput 1 {\255} if success goto slhup reinput 1 {\127} if success goto slhup if < \%x 60 goto look else goto slhup :sllogin ; login assign \%x 0 ; zero the time counter pause 1 echo Looking for login prompt. :slloop increment \%x ; Count the seconds clear ; Clear unread characters from input buffer output \13 ; ; put your expected login prompt here: ; input 1 {Username: } if success goto sluid reinput 1 {\255} if success goto slhup reinput 1 {\127} if success goto slhup if < \%x 10 goto slloop ; try 10 times to get a login prompt else goto slhup ; hang up and start again if 10 failures :sluid ; ; put your userid here: ; output ppp-login\13 input 1 {Password: } ; ; put your password here: ; output ppp-password\13 input 1 {Entering SLIP mode.} echo quit :slnodial echo \7No dialtone. Check the telephone line!\7 exit 1 ; local variables: ; mode: csh ; comment-start: "; " ; comment-start-skip: "; " ; end: Tom Rhodes Contributed by <acronym>PPP</acronym> ӹų PPP troubleshooting &os; 8.0 ʼ &man.uart.4; ȡ &man.sio.4; Աʾڵ豸ڵɷֱ /dev/cuadN Ϊ /dev/cuauN /dev/ttydN Ϊ /dev/ttyuN &os; 7.X ûʱҪӦ֮ļбҪĸġ ڽͨmodemʹPPPʱֵܳ⡣ 磬 Ҫȷе֪ϵͳһʾ Щ ISPsswordʾ Ŀܻ password ûиIJͬӦرд ppp ű ¼ͻʧܡ ppp õķֶӡ µϢһһشֶӡ 豸ڵ ʹõǶںˣ ȷаã device uart Ĭϵ GENERIC ںа uart 豸 ʹõĻ ͲҪˡ ֻҪ鿴 dmesg Ƿ modem 豸 &prompt.root; dmesg | grep uart Ӧҵ uart 豸йص ЩҪ COM ˿ڡ modem ձ׼ж˿ڹ ͻ uart1 COM2 ҵ modem 豸 uart1 ӿ ( DOS гΪCOM2) ô modem /dev/cuau1 ֶ ֶͨpppInternet Ӽ֪ISPPPPͻ˷ʽһ٣ 򵥵ķ ǴPPP пʼ еʹ example ʾ PPP ppp ppp &prompt.root; ppp Ѿppp ppp ON example> set device /dev/cuau1 modem豸 ڱ cuau1 ppp ON example> set speed 115200 ٶȣ ڱʹ15,200 kbps ppp ON example> enable dns ʹppp ļ/etc/resolv.confС pppȷǵ Ժá ppp ON example> term л նǾֶؿ̨ modem ģʽ deflink: Entering terminal mode on /dev/cuau1 type '~h' for help at OK atdt123456789 ʹatʼmodem ȻʹatdtISPĺвš CONNECT ã Ӳ޹ص⣬ ﳢԽ ISP Login:myusername ʾû ISPṩûȻ󰴻س ISP Pass:mypassword ʱʾ룬 ISPṩ롣 ͬ¼&os; 벻ʾ Shell or PPP:ppp ISPIJͬ ʾܲ֡ Ҫǣ ʹṩ̶˵ Shell ppp ⱾУ ѡʹ ppp Ϊϣõ Internet ӡ Ppp ON example> עУ һ Ѿд ʾѾɹ ISP PPp ON example> Ѿɹͨ ISP֤ ڵȴIPַ PPP ON example> ǵõһ IP ַ ɹӡ PPP ON example>add default HISADDR Ĭ·á ͨġ Ϊ֮ǰֻ˽ӡ Ѵڵ·ɶ²ʧܣ ǰ !š ֮⣬ Ҳ֮ǰЩ (ָ add default HISADDR) ppp 趨Эȡµ·ɡ һ˳ Ӧܵõһ Internet ӣ ʹ CTRL z ʹת̨ PPP±Ϊ ppp ʾӱϿ д P ˵ ISP ӣ Сд p ʾijԭ򱻶Ͽ ڰ˽ӵ״̬ ppp ֻ״̬ Ŵ һֱƺܽӣ ҪʹԹرֽCTS/RTS һ㷢Ӽ PPP ն˷ʱ ͨдʱ PPPͻ һֱȴһCTS һֵܳ Clear to Send źš ʹѡ Ӧʹ ѡ ijЩȱݵӲɶ˶Զ˷ضַ ر XON/XOFF ʱܻѡ μ &man.ppp.8; ֲ˽ڿѡĸϸڣ Լʹǡ modem ȽϾɣ Ҫʹ ˡ żУĬ none ھʽ (ʱ) ƽijЩ ISP Ҫʹѡʹ Compuserve ISP PPP ܲģʽ ͨ ISP ȴһ˷Эʱ˴ ʱ ʹ ~p ǿ ppp ʼϢ ûп¼ʾ ܿҪʹ PAP CHAP ֤ǰе &unix; ֤ Ҫʹ PAP CHAP ֻڽնģʽ֮ǰѡ PPP ppp ON example> set authname myusername ˴ myusername ӦΪ ISP û ppp ON example> set authkey mypassword ˴ mypassword ӦΪ ISP Ŀ ޷ 볢 &man.ping.8; ij IP ַǷ񷵻Ϣ ְٷ֮ (100%) ôܿûзĬ·ɡ ϸѡ Ƿʱˡ ӵԶ̵ IP ַпĵַûб뵽 /etc/resolv.conf ļӦӣ domain example.com nameserver x.x.x.x nameserver y.y.y.y ˴ x.x.x.x y.y.y.y ӦøΪ ISP DNS IP ַ һϢעʱܻṩ ֻͨ ISP 绰֪ˡ &man.syslog.3; Ϊ PPP ṩ־ ֻӣ !ppp *.* /var/log/ppp.log /etc/syslog.conf С £ ĬѾˡ Jim Mock Contributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by ʹû̫PPP(PPPoE) PPP over Ethernet PPPoE PPP, over Ethernet (̫ϵ PPP) ڽν̫PPP (PPPoE) ں PPPOE ûбںá netgraph ֧ûбںˣ ppp ̬ء <filename>ppp.conf</filename> һppp.confӣ default: set log Phase tun command # you can add more detailed logging if you wish set ifaddr 10.0.0.1/0 10.0.0.2/0 name_of_service_provider: set device PPPoE:xl1 # replace xl1 with your Ethernet device set authname YOURLOGINNAME set authkey YOURPASSWORD set dial set login add default HISADDR <application>ppp</application> root ִУ &prompt.root; ppp -ddial name_of_service_provider ʱ<application>ppp</application> /etc/rc.conf мݣ ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO ppp_profile="name_of_service_provider" ʹ PPPoE ǩ ijЩʱ бҪʹһǩӡ ǩͬһеIJͬ ISPṩĵҵҪķǩϢ ҵ Ӧ ISP Ѱ֧֡ Ϊķ Roaring Penguin PPPoE Ports Collection ҵ ȻҪעǣ ܻ modem Ĺ̼ ʹ޷ һҪϸ֮ 򵥵ذװɷṩ modem ṩij ѡ System ˵ ļӦûг һ˵Ӧ ISP ļ (service tag ǩ) PPPoE ppp.conf е Ϊ set device һ (μ &man.ppp.8; ֲ˽ϸ) Ӧӣ set device PPPoE:xl1:ISP סxl1ʵʵ̫豸 ס ISP ոҵprofile øϢ ο Cheaper Broadband with FreeBSD on DSL by Renaud Waldura. Nutzung von T-DSL und T-Online mit FreeBSD by Udo Erdelhoff (in German). һ&tm.3com; <trademark class="registered">HomeConnect</trademark> ADSL ModemPPPOE˫ modem ѭ RFC 2516 (A Method for transmitting PPP over Ethernet (PPPoE) Ϊ L. Mamakos K. Lidl J. Evarts D. Carrel D. Simone Լ R. Wheeler) ʹòͬݰʽΪ̫Ŀܡ 3Com Թ ΪӦ PPPoE Ĺ淶 ΪFreeBSDܹ豸ͨţ sysctl ͨ/etc/sysctl.conf һʱԶɣ net.graph.nonstandard_pppoe=1 ߣ Ҳֱִ &prompt.root; sysctl net.graph.nonstandard_pppoe=1 ܲңϵͳȫã ޷ͬʱPPPͻ() &tm.3com;HomeConnect ADSL Modemͨš ʹ ATM ϵ <application>PPP</application> (PPPoA) PPP over ATM PPPoA ATMPPP ½ûATMPPP(PPPoA) PPPoAŷDSLṩ̵ձѡ ʹ Alcatel &speedtouch;USB PPPoA һ豸 PPPoA ֧֣ FreeBSD Ϊ port ṩģ Ϊ̼ʹ Э FreeBSD Ļϵͳһѵٷ ʹ Ports ׼ Էdzذװ net/pppoa port ֮ṩָʾͿˡ USB 豸ƣ ص &speedtouch; USB Ҫع̼ܹ &os; Խ˲Զ 豸嵽ij USB ڵʱԶع̼ /etc/usbd.conf ļмϢԶɹ̼Ĵ͡ ע⣬ root ûݱ༭ device "Alcatel SpeedTouch USB" devname "ugen[0-9]+" vendor 0x06b9 product 0x4061 attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o" ҪUSBػusbd /etc/rc.confУ usbd_enable="YES" ҲԽpppóʱš /etc/rc.conf⼸С ͬҪrootû¼ ppp_enable="YES" ppp_mode="ddial" ppp_profile="adsl" Ϊʹ Ҫʹnet/pppoa portṩppp.conf ʹmpd ʹ mpd Ӷ͵ķ ر PPTP Ports Collection ҵ mpd λ net/mpd ADSL modem Ҫ modem ͼ֮佨һ PPTP &speedtouch; Home еһ֡ Ҫ port ɰװ Ȼ mpd Ҫ ɷ̵á port һϵаϸעļʵŵ PREFIX/etc/mpd/ ע⣬ PREFIX ʾ ports װĿ¼ Ĭ£ Ӧ /usr/local/ mpd ˵ HTML ʽ port һװ Щļ PREFIX/share/doc/mpd/ ͨ mpd ADSL һӡ ñֱŵļУ һ mpd.conf default: load adsl adsl: new -i ng0 adsl adsl set bundle authname username set bundle password password set bundle disable multilink set link no pap acfcomp protocomp set link disable chap set link accept chap set link keep-alive 30 10 set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface route default set iface disable on-demand set iface enable proxy-arp set iface idle 0 open usernameISP֤ passwordISP֤ mpd.linksӵϢ adsl: set link type pptp set pptp mode active set pptp enable originate outcall set pptp self 10.0.0.1 set pptp peer 10.0.0.138 mpdIPַ ADSL modemIPַ Alcatel &speedtouch; Home Ĭϵ 10.0.0.138 ʼӣ &prompt.root; mpd -b adsl ͨ鿴״̬ &prompt.user; ifconfig ng0 ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500 inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff ʹmpdADSLƼķʽ ʹpptpclient Ҳʹnet/pptpclient PPPoA Ҫʹ net/pptpclient DSL Ҫװ port package ༭ /etc/ppp/ppp.conf Ҫ root Ȩ޲ ppp.conf еһʾ ο ppp ֲ &man.ppp.8; ˽й ppp.conf ѡϢ adsl: set log phase chat lcp ipcp ccp tun command set timeout 0 enable dns set authname username set authkey password set ifaddr 0 0 add default HISADDR DSL ṩû ʻĿ 뽫ʺĵķʽppp.conf Ӧȷûκܿļݡ һϵȷļֻ rootûɶ μ &man.chmod.1; &man.chown.8; ֲ˽йβĽһϢ &prompt.root; chown root:wheel /etc/ppp/ppp.conf &prompt.root; chmod 600 /etc/ppp/ppp.conf ½Ϊ DSL ·ĻỰһ tunnel ̫DSL modemһõľIPַ Alcatel &speedtouch; Home Ϊ ַ 10.0.0.138 ·ĵӦûʹõĵַ ִԴ tunnel ʼỰ &prompt.root; pptp address adsl Ӧ(&pptp ޷صʾ Ҫһ tun豸ڽpptp ppp ֮Ľ һصУ pptp ȷһӣ tunnel豸 &prompt.user; ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00 Opened by PID 918 ޷ӣ һͨtelnetweb·(modem)á ޷ӣ Ӧüpptpppp־ļ /var/log/ppp.log Ի Satoshi Asami Originally contributed by Guy Helmer With input from Piero Serini ʹSLIP SLIP ֻ &os; 7.X Ͽá SLIP ͻ SLIP client (ͻ) ھ̬ FreeBSD ʹ SLIP ķ ڶ̬ (ĵַÿβŶͬ) ҪԸһЩá ȣ ҪȷϵƽӵĴڡ ˻һӣ /dev/modem ָʵʵ豸 /dev/cuadN ͿԶʵʵ豸г Աƽʱ֮á Ȼ ޸ /etc ͱ鲼ϵͳе .kermrc ļһ鷳飡 /dev/cuad0 Ӧ COM1 /dev/cuad1 Ӧ COM2 ȵȡ ȷںļݣ device sl GENERICںˣ ӦòǸ⣬ Ѿɾ ֻһε ϵĻ Լ 뵽 /etc/hosts ļС ǵӣ 127.0.0.1 localhost loghost 136.152.64.181 water.CS.Example.EDU water.CS water 136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway 128.32.136.9 ns1.Example.EDU ns1 128.32.136.12 ns2.Example.EDU ns2 ȷ /etc/nsswitch.conf е hosts: С棬 files dns ֡ Ļ ܻһЩϣ /etc/rc.conf ༭(hostname) hostname="myname.my.domain" ӦInternetȫ档 default route ıһָĬϵ·ɣ defaultrouter="NO" Ϊ defaultrouter="slip-gateway" ļ/etc/resolv.conf дݣ domain CS.Example.EDU nameserver 128.32.136.9 nameserver 128.32.136.12 nameserver domain name ģ Щ Ȼ ʵʵIPַȡĻ root toor(κûʺ) Ȼȷʹȷ һSLIP SLIP connecting with ʾ֮ slip вţ ĻͿ Ҫʲô Ļء ʹ Kermit ʹĽű # kermit setup set modem hayes set line /dev/modem set speed 115200 set parity none set flow rts/cts set terminal bytesize 8 set file type binary # The next macro will dial up and login define slip dial 643-9600, input 10 =>, if failure stop, - output slip\x0d, input 10 Username:, if failure stop, - output silvia\x0d, input 10 Password:, if failure stop, - output ***\x0d, echo \x0aCONNECTED\x0a Ȼ Ҫ޸ûͿʵҪ Щ֮ ֻ Kermit ʾ֮ slip Ϳˡ ԴıʽļϵͳζǸ ⡣ 뿼ķա ˳ Kermit Ctrl z ) root û룺 &prompt.root; slattach -h -c -s 115200 /dev/modem pingͨ·һ˵ Ӻ! У ʹѡ ΪslattachIJ ر IJ &prompt.root; kill -INT `cat /var/run/slattach.modem.pid` ɱ slattach мֻ root ݲɡ ص kermit (֮ǰǽˣ ʹ fg) ˳ (q) &man.slattach.8; ֲᵽ ʹ ifconfig sl0 down ܽӿڱΪرգ ƺûʲô (ifconfig sl0 ȻͬĶ) ʱ modem ܻܾҶϡ £ ֻ kermit ٴ˳Ϳˡ һ˵ԶξͿˡ У ܷʼ &a.net.name; ʼбʡ ִ slattach ʱʹ ѡ (Ӧòǹؼģ Щû) ʹ (һЩºѿͬ) ifconfig sl0鿴Ľӿ״̬ 磬 &prompt.root; ifconfig sl0 sl0: flags=10<POINTOPOINT> inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00 ʹ &man.ping.8; ʱõ no route to host ʾ ˵·ɱ⡣ netstat -r ʾǰ·ɣ &prompt.root; netstat -r Routing tables Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks: (root node) (root node) Route Tree for Protocol Family inet: (root node) => default inr-3.Example.EDU UG 8 224515 sl0 - - localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438 inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - - water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438 (root node) ǰһdzæϵͳ ϵͳϵЩֻIJͬı䡣 SLIP SLIP server ṩ FreeBSD SLIP Ҳϵͳ ʹԶ SLIP ͻ˵¼ʱԶؿӵĽ顣 ǰ TCP/IP networking һڼԺǿ Ҫһı֪ʶ ڼٶϤ TCP/IP Э飬 رͽڵѰַ 롢 ֡ ·ɡ ·Э (RIP) ֪ʶ ڲŷ SLIP ҪЩԵ֪ʶ Ϥǣ Ķ Craig Hunt TCP/IP O'Reilly & Associates, Inc. (ISBN 0-937175-82-X) Douglas Comer й TCP/IP Э鼮 modem ⻹ٶѾúĵƽԼӦϵͳļ ͨƽе¼ ûΪúϵͳ μ ˽νвŷá Ҳ뿴һ &man.sio.4; ֲᣬ ˽ڴ豸ĽһϢ Լ &man.ttys.5; &man.gettytab.5; &man.getty.8; & &man.init.8; ϹϵͳԵƽĵ¼ľ &man.stty.1; ˽ôڲ ( clocal ʾֱ) ȡ ʹFreeBSDΪSLIP ڵʱ ģ һSLIPͻŲרõlogin ID¼FreeBSD SLIPϵͳ ûʹ /usr/sbin/sliplogin Ϊ shell sliplogin ļ /etc/sliphome/slip.hosts вû ҵƥ ͽӵһõ SLIP ӿڣ Ȼ shell ű /etc/sliphome/slip.login SLIP ӿڡ һSLIP¼ 磬 һSLIPûIDShelmerg /etc/master.passwdShelmergµʾ Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin Shelmerg¼ʱ sliploginļ /etc/sliphome/slip.hostsûIDƥ;ʾ Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp sliploginҵУ һõSLIPӿ Ȼִ/etc/sliphome/slip.loginű /etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp һ˳ /etc/sliphome/slip.login sliplogin 󶨵 SLIP ӿϷ ifconfig (ǰ SLIP ӿ 0 slip.login ĵһ) ñ IP ַ (dc-slip) Զ IP ַ (sl-helmer) һ SLIP ӿڵ (0xfffffc00) Լκ־ (autocomp) sliplogin ͨͨ syslogd daemon facility õϢ ǰ߻ЩϢ浽 /var/log/messages (μ &man.syslogd.8; &man.syslog.conf.5; Լ /etc/syslog.conf ֲᣬ ˽ syslogd ڼ¼ʲô ԼЩݽ) ں kernel configuration SLIP &os; Ĭں (GENERIC) ṩ SLIP (&man.sl.4;) ֧֣ ʹöƵںʱ ü뵽ļ device sl Ĭ£ &os; ת ϣ FreeBSD SLIP Ϊ·ʹã Ҫ޸ /etc/rc.conf ļ gateway_enable Ϊ ´ϵͳʱܹһˡ ҪӦЩã root У &prompt.root; /etc/rc.d/routing start ˽ FreeBSD ںˣ ں˷ָ Sliplogin ǰᵽģ /etc/sliphome Ŀ¼ļ ǹͬ /usr/sbin/sliplogin (ο sliplogin ֲ &man.sliplogin.8;) ڶ SLIP ûص IP ַ slip.hosts ͨ SLIP ӿڵ slip.login Լ (ѡ) slip.logout Գ slip.login ִеĶ <filename>slip.hosts</filename> /etc/sliphome/slip.hostsÿаĸԪأ Ԫ֮ɿո SLIPûĵ¼ID SLIPӵıصַ(ָSLIP) SLIPӵԶ̵ַ غԶ̵ַ (ͨļ/etc/hostsΪIPַ ȡļ/etc/nsswitch.conf е) һ ͨļ/etc/networks֡ һϵͳУ /etc/sliphome/slip.hostsģ # # login local-addr remote-addr mask opt1 opt2 # (normal,compress,noicmp) # Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp ĩβһѡ —ѹͷ — ѹͷ —Զ̶ ѹͷ —ICMPݰ (ͻᶪеpingݰ ռĴ) SLIP TCP/IP networking SLIPӵıؼԶ̵ַѡȡ׼SLIPʹ TCP/IP ʹARP (ARP ڱڽܵ) ȷѡַʽηַ ο"ǰ"()гTCP/IP鼮 IPԱ̡ Ϊ SLIP ͻʹһ Ҫȴӷõȡһţ Ȼÿ SLIP ͻ IP ַ Ҫͨ SLIP IP ·һָ SLIP ľ̬·ɡ Ethernet Ҫʹ ARP ķʽ Ҫ SLIP ̫Ϊÿ SLIP ͻIPַ ޸/etc/sliphome/slip.login /etc/sliphome/slip.logoutűʹ &man.arp.8; SLIP ARP е ARP <filename>slip.login</filename> Configuration ͵/etc/sliphome/slip.login ʾ #!/bin/sh - # # @(#)slip.login 5.1 (Berkeley) 7/1/90 # # generic login file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 inet $4 $5 netmask $6 slip.loginűΪӦؼԶ̵ַSLIPӿִ ifconfig ʹARP ʽ(ΪSLIPͻʹö) /etc/sliphome/slip.login Ӧ #!/bin/sh - # # @(#)slip.login 5.1 (Berkeley) 7/1/90 # # generic login file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 inet $4 $5 netmask $6 # Answer ARP requests for the SLIP client with our Ethernet addr /usr/sbin/arp -s $5 00:11:22:33:44:55 pub slip.login¼ӵarp -s $5 00:11:22:33:44:55 pub SLIP ARP мһ ARPʹÿ̫ϵ IP ڵ SLIP ͻ IP ַ ARP ʱ SLIP ѵ̫MACַΪӦ Ethernet (̫) MAC address (MAC ַ) ʹϵʱ һҪ ̫MACַ 00:11:22:33:44:55 滻ϵͳMACַ ARP ȫ޷ Բ鿴 netstat -i ȡ̫ MAC ַ; ĵڶӦ ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116 бϵͳ̫MACַ00:02:c1:28:5f:4anetstat -i̫MACַijðŸ Ҫʮǰϡ &man.arp.8;Ҫĸʽ; ο&man.arp.8; ֲԻȡʹ÷ ڱд /etc/sliphome/slip.login /etc/sliphome/slip.logout ʱ һҪ ִ (execute) λ (֮ chmod 755 /etc/sliphome/slip.login /etc/sliphome/slip.logout) sliplogin޷ִ <filename>slip.logout</filename> /etc/sliphome/slip.logoutDZ (ʹARP) ׼ һ slip.logout űӣ #!/bin/sh - # # slip.logout # # logout file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 down ʹ ARP ϣ /etc/sliphome/slip.logout ûעʱԶΪ SLIP ͻɾ ARP  #!/bin/sh - # # @(#)slip.logout # # logout file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 down # Quit answering ARP requests for the SLIP client /usr/sbin/arp -d $5 arp -d $5 ɾ ARP slip.login SLIP ͻ¼ʱɵ ARP  ٴǿ /etc/sliphome/slip.logout ֮ һҪÿִλ (Ҳ˵ chmod 755 /etc/sliphome/slip.logout) ·ɿ SLIP routing ûʹ ARP ķ SLIP ͻಿ (Ҳ Internet) ֮·ݰ ҪĬ·ľ̬·ɣ Աͨ SLIP SLIP ͻϽ·ɡ ̬· static routes Ĭ·һ̬·ɿ˵Ǻ鷳 (˵Dzܣ ûȨô) ֯ʹö·磬 Щ· ( Cisco Proteon ) Ҫָ SLIP ·ɣ һҪýЩ̬·ɴ· һЩרʹھ̬·ɱ·бҪ diff --git a/zh_TW.Big5/articles/contributing/article.xml b/zh_TW.Big5/articles/contributing/article.xml index d372acf288..f888dfdf8b 100644 --- a/zh_TW.Big5/articles/contributing/article.xml +++ b/zh_TW.Big5/articles/contributing/article.xml @@ -1,488 +1,483 @@
U FreeBSD L׬OӤHάOUز´ApGƱ欰 FreeBSD UAiHb夤XAkC Jordan Hubbard ۡG &tm-attrib.freebsd; &tm-attrib.ieee; &tm-attrib.general; $FreeBSD$ $FreeBSD$ ^m AƱ FreeBSD IܡHӦnFAڭwACFreeBSD OsjϥΪ̪^m~oHoijCڭ̤ȫD`P±zҰ^mAӥBAoǤu@ FreeBSD oi]nC ]\PzQPAzJoO@WX⪺ ProgrammerA]LM FreeBSD core team ܦnpAڭ̷|@Pݱzu@C FreeBSD }oHMyAja޳NMUA~֤]D`sxC MӡACѧڭ̳bW[u@AӭWSHA]ڭHwzUC FreeBSD pҳBzO@ӧ㪺@~tҡAӤuO@ kernel άO@ǹsu]C ]Aڭ̪ TODO ݿȦC̥]tUU˪u@G qBϥΪ̴աBdemoAtΦw˵{MM~ kernel }oC ]Lױz޳NǦpAqƦػAiHUoӭpC ڭ̹yqƩM FreeBSD u@~MڭpôC zݭn@ǯSXiӨϱz~B_ӶܡH z|o{ڭַ̫ܼNzШDADOSO}_jǪC zO_qƬWȷ~ȡH ڭ̨UzaA ڭ̤]\iHbYǤ譱ۤX@C ۥѳnɥbVO}¦خ(On}oBPM@)A ڭ̧Ʊбzܤ֯൹@|C ڭ̪ݨD UCXF@ǻݭnȩMlpA ̥N TODO(ݿȦC) CNAHΨϥΪ̪nDC bi椤(D{}oH) ܦhѥ[ FreeBSD pHO ProgrammerC oӭp̦󼶼g̡B]pvBHΧ޳N䴩HC oǸquӻAL̥uݭn^m@ǮɶAåB㦳DzߪN@C ziHɱ`½\ FAQ MU(Handbook) ApGo{MaAάOXɩyAƦܧTaA ЧiDڭ̡CMAYබḼץAçɻ~Hڭ̡ANnFC:) (SGML äǡAڭ̤]Ϲz@ ASCII ¤r)C Uڭ̧ FreeBSD ½ĶAyC pGAywgsbFA ]iH½Ķ@B~AΪˬdǤwO_̷sC ziH²ݬ FreeBSD p ½Ķɪ`DC ѥ[½Ķu@AäOzntxľ½ĶҦ FreeBSD C quAnh֤u@MzN@C@YӤH}l½ĶFA XG@w|LHѻPoǤu@ӡC pGɶAΪ̺Oh½ĶAiHh½Ķw˫nC \Ū &a.questions; ð½\(ƦܦWߦao˰) &ng.misc; CPOHɱzM~ѡA UL̸ѨMDAOOHrƱF ɭԡAzƦܥiHboӹL{Ǩ@ǷsFI oǽ׾¦ɤ]|zEoX@ǤQkC bi椤({}oH) Cbo̪jȳݭnzJi[ɶAΪ̻ݭnzb FreeBSD kernel 譱״IѡAΪ̨̳nCMo̤]ܦhnȡAAXO weekend hackers ouζgNiHdw HackerC pGzb]O FreeBSD -CURRENT AåBt٤A iH current.FreeBSD.orgA oxCѷ|@ӷs — pGzšA ziHTɤUæwˡA 䶡pGXFDAЧiDڭ̡C \Ū &a.bugs;CoǰDAγ\zണѦس]ʷNqNA Ϊդ@ patch C~AƦܥiHխץ䤤@ǰDC pGzD@ǭץwgb -CURRENT W\aϥΡA bgL@qɶ(q`O 2 gk)AX֨ -STABLE (oBJNO MFC -- Merged From Current)AiH committer Ho§HC NĤT(3rd party)n[JlX src/contrib ؿC TO src/contrib lXO̷sC sĶlX(άOlX)ɡAЧΧ󰪪ĵi(warning level) HK(debug)ΡAæbաBT{`AMoǽsĶĵišC sǦb ports ϥιLɪFA Ҧp gets() Υ]t malloc.h ҲͪĵiC pG ports @FץA аOoNz patch o@ (oˤUɯŮɡAzu@|ܱoP@)C oзǡAp &posix; ƥC b FreeBSD C99 & POSIX зǬۮep WAiHo챵C бN FreeBSD 欰PWzзǶiAYұoGP C99 & POSIX зǤPܡA SOODzӸ`a誺LptAеo@󥦪 PR (Di)C pGiAЫXpץAH PR patch C pGz{зǦDAЦVodzWзǪAШDi歫sҼ{C oCѧhijI d\ PR Ʈw DiƮw FreeBSD PR C o̷|ܥثeҦ PR DAAHΥ FreeBSD ϥΪ̴檺iijC PR ƮwPɥ]AF}oHMD}oHȡC dݨǩ|ѨM PRAìݬݬO_zP쪺ȡC o䤤i঳@ǬOD`²檺DAuݭnݤ@ݨýT{ PR OTC t~@ǥi|D`AΪ̧ץC ݤ@ݨ٨SH⪺ PRC pG PR wgtF䥦HAݰ_ӬOzBzA ziHHHӤHAø߰ݱzO_iHU — L̥iwgiѴժ patch AΦ@ǥiѰQתNC <quote>Ideas</quote> @ &os; list of projects and ideas for volunteers P˦a}񵹦N@ѻP &os; pHC oMNasAPɴѦUӶتTҦH ]׬O_{]pH^C p󴣨U 򥻤WiHHU 5 ؤ覡G ~iMNo q`A@ ޳NQkMijӵo &a.hackers;C P˦aAoǪF観쪺H (MA L̦P٭ne jq lI) iHҼ{q\ &a.hackers;C аѾ\ FreeBSD ϥΤU HFoӶl׾¡A HΨ䥦l׾ªԲӱpC pGzo{F bug Ϊ̷QnYǭקA гzL &man.send-pr.1; {Ψϥ ^ ӴCиյ۶g PR CӶءC @ӻAD patch ɶWL 65 KBAڭ̫ijb PR W patch NiHFC YiM patch lXܡAijb PR Synopsis [PATCH]C FAbW patch ɡA n zLƹyƻsBKWzӶiA]o˰| Tab ܦŮA |ɭP patch NΤFCpG patch WL 20KBA ЦҼ{Yèϥ &man.uuencode.1; ӶisXC bg PR Az|@ʽT{lHΨƥlܽsC ЫOdoӽsA]ƫiHγosoH &a.bugfollowup; Ӧ^СBӨƥ󪺫ơCzݭnONsl󪺼DA Ҧp "Re: kern/3377"C YOP@D^Ф譱AӳzLoؤ覡ӶiC pGzb@qɶ (WL 3 ѬƦ 1 gAoMzlA)ᤴMST{H Ϊ̥ѩ@ǭ]Lkϥ &man.send-pr.1; {A hiHoH &a.bugs; ӽЧOHANHC аѾ\ og峹 FѦp󼶼gnDiC 󪺭׭q 󪺭ק譱AO &a.doc; ӼfdC аѾ\ FreeBSD Documentation Project Primer o㪺оDzӸ`C Ы Ъkϥ &man.send-pr.1; ӴsAΪ̧ﵽ{ (ȬOܤpi]Ow諸I)C {lXק FreeBSD-CURRENT b{lXWiקμW[\AbYص{פWOݭnhޥơA åBٸzثe FreeBSD }o{Fѵ{צC hؤ覡iHoQ٧@ FreeBSD-CURRENT FreeBSD }oC аѾ\ FreeBSD ϥΤU AӤFѨϥ FreeBSD-CURRENT ԱC bªlXWiקAhq`ilXwLɡA λPstӤjӵLkQsX FreeBSD C pGzq &a.announce; H &a.current; ܡA hiHzL̨ӤjPFѥثe}oAC YzqH̷slXӶizקA hU@BnƱNOͱzҭק諸 diff ɡA ñNo FreeBSD @HCou@iHzL &man.diff.1; ROӧC patch ɡAij &man.diff.1; 榡ĥ unified diff (iH diff -u Ӳ)CLApGzקFjqlXA hϥ diff -c ӥͦ context diff diff ie\ŪA]ӱ˨ϥΡC@ӨAjOĥ diff -ruN YiC diff ҦpG &prompt.user; diff -c oldfile newfile &prompt.user; diff -c -r olddir newdir N|SwؿA context diff ɡC Ϊ̹O... &prompt.user; diff -u oldfile newfile &prompt.user; diff -u -r olddir newdir Nͤ@˪ diff AO榡 unified C hӸ`AаѾ\ &man.diff.1;C @zϥ &man.diff.1; Ӳ diff (iHϥ &man.patch.1; ROӴդ@U)ANiH楦̡AHKQ FreeBSD C zLϥ ҤЪ &man.send-pr.1; {NiHou@C Ъ`NGnu diff ɵo &a.hackers;A _h̥i|QѡI ڭ̷|D`PEz檺ק (oO@ӸqupI)F ]ڭ̳ܦA ]ɤ@wߧYץDA PR ƮwN@O۳oǰOA ]unHFɶ̴NQ勵FC pGzDi]A patch AnѤFbD[W [PATCH] ӱjդ@UC uuencode pGz{XA (ҦpWBRɮשΧɦW)A ٥iHҼ{ϥ tar ӱNɮץ]AM &man.uuencode.1; ӽsXC~A]iH &man.shar.1; ͪ覡C pGzקisbbijAҦpA zTwvDAΪ̷PıݭngLY檺_f~iHoG̡A ho &a.core;AӤOzL &man.send-pr.1; ӵoeC &a.core; opզjhq FreeBSD `u@C ݭn`NOAoӤpդ]]QLA ]ubD`nɭԡA~gHL̡C аѦ &man.intro.9; M &man.style.9; HF󼶼g{X氾nC YbeX{XeAFѳoǡAjaӻNOjUC slXέn[ȳn] pGzⴣѳWҸjlXAΪ̬ FreeBSD W[ns\A hiॲN̳zL uuencode isXAζǨY Web FTP IAHKhHo쥦CpGzSo˪DA Ш FreeBSD l׾´XAݬݬO_H@Nzm̡C jqlXӨAvD֩w|QXC FreeBSD 򥻨tΤϥΪvn]AG - BSD vn - BSD vCڭ̶ɦVϥγovlXA + BSDBSD vn vCڭ̶ɦVϥγovlXA ]y[hlzA]ӧlްӷ~~ϥΡC FreeBSD äϹӷ~qϥΥlXAۤϡA ڭ̿nayӷ~qϥΧڭ̪lXA MApG̭Y̲ׯⳡlXAsص FreeBSD NnFC - GPLGNU General Public License - - GNU General Public License - - GNU General Public LicenseA² GPLC + GNU General Public LicenseA² GPLCGPLGNU General Public LicenseGNU General Public License ڭ̨äwϥγo˱vlXA ]ӷ~qϥΥݭnhu@CLAѩܦhϥ GPL vlXثeOLkקK (compiler, assembler, text formatter) AڵϥΩҦĥγo˱vnOܤC ĥ GPL vlX|QlX@ǯSwmAҦp /sys/gnu /usr/src/gnuAHKǻ{ GPL i|y·ЪH@XAP_C ϥΨ䥦vlXbiJ FreeBSD egLV_fMҼ{C ĥΥ]tYFӷ~vlXA@ӻ|QڵA ڭ̹yoǭlX@̡AzLۤv޹Dӵo̡C YnbzGW[J BSD-based vܡA ЧUCrClX̶}lA åξAr %% rC Copyright (c) %%proper_years_here%% %%your_name_here%%, %%your_state%% %%your_zip%%. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer as the first lines of this file unmodified. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY %%your_name_here%% ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL %%your_name_here%% BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. $Id$ FKzϥΡAb /usr/share/examples/etc/bsd-style-copyright ]iH즹vƥC ٧UBw Internet mirror ڭ̫D`@NUاΦءAHi@Bݮi FreeBSD p A]zAڭ̳o˪quVO~jNI صw]D`nA]o˯Uڭ̼W[i䴩wA ӧڭ̤ܦhHèSʸmoǵwC <anchor id="donations"/> FreeBSD |O@ӫDQBҵ|ŧKv|A ҥH|إ߳oӰ|AOF FreeBSD pii[C ]Ӱ| 501(c)3 A@Өڵ|ܡAiHKúpJ|A HάùԦh{J|Cq`󦳽ҵ|ŧKvi殽تܡA iHpJҵ|BC ziH䲼HG
The FreeBSD Foundation 7321 Brockway Dr. Boulder, CO 80303 USA
FreeBSD |{biHzL PayPal qWڡC pGzQV|ڡAаѾ\ FreeBSD | C FreeBSD |hԱAiHb FreeBSD | -- Cnp|A еoeqll bod@FreeBSDFoundation.orgC
صw FreeBSD pwHإiHϥΪwC pGz쮽صwApô pH줽C FreeBSD mirror ڭws FTPBWWW cvsup mirror CpGzƱ榨o˪ mirror A аѾ\ p[] FreeBSD mirror @AHFѶi@BpC
diff --git a/zh_TW.Big5/books/handbook/boot/chapter.xml b/zh_TW.Big5/books/handbook/boot/chapter.xml index 5400fc8b2c..55e11f129a 100644 --- a/zh_TW.Big5/books/handbook/boot/chapter.xml +++ b/zh_TW.Big5/books/handbook/boot/chapter.xml @@ -1,816 +1,812 @@ FreeBSD }y{g z booting bootstrap The process of starting a computer and loading the operating system is referred to as the bootstrap process, or simply booting. FreeBSD's boot process provides a great deal of flexibility in customizing what happens when you start the system, allowing you to select from different operating systems installed on the same computer, or even different versions of the same operating system or installed kernel. This chapter details the configuration options you can set and how to customize the FreeBSD boot process. This includes everything that happens until the FreeBSD kernel has started, probed for devices, and started &man.init.8;. If you are not quite sure when this happens, it occurs when the text color changes from bright white to grey. ŪoAzNFѡG What the components of the FreeBSD bootstrap system are, and how they interact. The options you can give to the components in the FreeBSD bootstrap to control the boot process. &man.device.hints.5; 򥻷C x86 Only This chapter only describes the boot process for FreeBSD running on Intel x86 systems. Booting D Turning on a computer and starting the operating system poses an interesting dilemma. By definition, the computer does not know how to do anything until the operating system is started. This includes running programs from the disk. So if the computer can not run a program from the disk without the operating system, and the operating system programs are on the disk, how is the operating system started? This problem parallels one in the book The Adventures of Baron Munchausen. A character had fallen part way down a manhole, and pulled himself out by grabbing his bootstraps, and lifting. In the early days of computing the term bootstrap was applied to the mechanism used to load the operating system, which has become shortened to booting. BIOS Basic Input/Output SystemBIOS On x86 hardware the Basic Input/Output System (BIOS) is responsible for loading the operating system. To do this, the BIOS looks on the hard disk for the Master Boot Record (MBR), which must be located on a specific place on the disk. The BIOS has enough knowledge to load and run the MBR, and assumes that the MBR can then carry out the rest of the tasks involved in loading the operating system, possibly with the help of the BIOS. Master Boot Record (MBR) Boot Manager Boot Loader The code within the MBR is usually referred to as a boot manager, especially when it interacts with the user. In this case the boot manager usually has more code in the first track of the disk or within some OS's file system. (A boot manager is sometimes also called a boot loader, but FreeBSD uses that term for a later stage of booting.) Popular boot managers include boot0 (a.k.a. Boot Easy, the standard &os; boot manager), Grub, GAG, and LILO. (Only boot0 fits within the MBR.) If you have only one operating system installed on your disks then a standard PC MBR will suffice. This MBR searches for the first bootable (a.k.a. active) slice on the disk, and then runs the code on that slice to load the remainder of the operating system. The MBR installed by &man.fdisk.8;, by default, is such an MBR. It is based on /boot/mbr. If you have installed multiple operating systems on your disks then you can install a different boot manager, one that can display a list of different operating systems, and allows you to choose the one to boot from. Two of these are discussed in the next subsection. The remainder of the FreeBSD bootstrap system is divided into three stages. The first stage is run by the MBR, which knows just enough to get the computer into a specific state and run the second stage. The second stage can do a little bit more, before running the third stage. The third stage finishes the task of loading the operating system. The work is split into these three stages because the PC standards put limits on the size of the programs that can be run at stages one and two. Chaining the tasks together allows FreeBSD to provide a more flexible loader. kernel init The kernel is then started and it begins to probe for devices and initialize them for use. Once the kernel boot process is finished, the kernel passes control to the user process &man.init.8;, which then makes sure the disks are in a usable state. &man.init.8; then starts the user-level resource configuration which mounts file systems, sets up network cards to communicate on the network, and generally starts all the processes that usually are run on a FreeBSD system at startup. The Boot Manager and Boot Stages Boot Manager The Boot Manager Master Boot Record (MBR) The code in the MBR or boot manager is sometimes referred to as stage zero of the boot process. This subsection discusses two of the boot managers previously mentioned: boot0 and LILO. The <application>boot0</application> Boot Manager: The MBR installed by FreeBSD's installer or &man.boot0cfg.8;, by default, is based on /boot/boot0. (The boot0 program is very simple, since the program in the MBR can only be 446 bytes long because of the slice table and 0x55AA identifier at the end of the MBR.) If you have installed boot0 and multiple operating systems on your hard disks, then you will see a display similar to this one at boot time: <filename>boot0</filename> Screenshot F1 DOS F2 FreeBSD F3 Linux F4 ?? F5 Drive 1 Default: F2 Other operating systems, in particular &windows;, have been known to overwrite an existing MBR with their own. If this happens to you, or you want to replace your existing MBR with the FreeBSD MBR then use the following command: &prompt.root; fdisk -B -b /boot/boot0 device where device is the device that you boot from, such as ad0 for the first IDE disk, ad2 for the first IDE disk on a second IDE controller, da0 for the first SCSI disk, and so on. Or, if you want a custom configuration of the MBR, use &man.boot0cfg.8;. The LILO Boot Manager: To install this boot manager so it will also boot FreeBSD, first start Linux and add the following to your existing /etc/lilo.conf configuration file: other=/dev/hdXY table=/dev/hdX loader=/boot/chain.b label=FreeBSD In the above, specify FreeBSD's primary partition and drive using Linux specifiers, replacing X with the Linux drive letter and Y with the Linux primary partition number. If you are using a SCSI drive, you will need to change /dev/hd to read something similar to /dev/sd. The line can be omitted if you have both operating systems on the same drive. Now run /sbin/lilo -v to commit your new changes to the system; this should be verified by checking its screen messages. Stage One, <filename>/boot/boot1</filename>, and Stage Two, <filename>/boot/boot2</filename> Conceptually the first and second stages are part of the same program, on the same area of the disk. Because of space constraints they have been split into two, but you would always install them together. They are copied from the combined file /boot/boot by the installer or disklabel (see below). They are located outside file systems, in the first track of the boot slice, starting with the first sector. This is where boot0, or any other boot manager, expects to find a program to run which will continue the boot process. The number of sectors used is easily determined from the size of /boot/boot. boot1 is very simple, since it can only be 512 bytes in size, and knows just enough about the FreeBSD disklabel, which stores information about the slice, to find and execute boot2. boot2 is slightly more sophisticated, and understands the FreeBSD file system enough to find files on it, and can provide a simple interface to choose the kernel or loader to run. Since the loader is much more sophisticated, and provides a nice easy-to-use boot configuration, boot2 usually runs it, but previously it was tasked to run the kernel directly. <filename>boot2</filename> Screenshot >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/kernel boot: If you ever need to replace the installed boot1 and boot2 use &man.disklabel.8;: &prompt.root; disklabel -B diskslice where diskslice is the disk and slice you boot from, such as ad0s1 for the first slice on the first IDE disk. Dangerously Dedicated Mode If you use just the disk name, such as ad0, in the &man.disklabel.8; command you will create a dangerously dedicated disk, without slices. This is almost certainly not what you want to do, so make sure you double check the &man.disklabel.8; command before you press Return. Stage Three, <filename>/boot/loader</filename> boot-loader The loader is the final stage of the three-stage bootstrap, and is located on the file system, usually as /boot/loader. The loader is intended as a user-friendly method for configuration, using an easy-to-use built-in command set, backed up by a more powerful interpreter, with a more complex command set. Loader Program Flow During initialization, the loader will probe for a console and for disks, and figure out what disk it is booting from. It will set variables accordingly, and an interpreter is started where user commands can be passed from a script or interactively. loader loader configuration The loader will then read /boot/loader.rc, which by default reads in /boot/defaults/loader.conf which sets reasonable defaults for variables and reads /boot/loader.conf for local changes to those variables. loader.rc then acts on these variables, loading whichever modules and kernel are selected. Finally, by default, the loader issues a 10 second wait for key presses, and boots the kernel if it is not interrupted. If interrupted, the user is presented with a prompt which understands the easy-to-use command set, where the user may adjust variables, unload all modules, load modules, and then finally boot or reboot. Loader Built-In Commands These are the most commonly used loader commands. For a complete discussion of all available commands, please see &man.loader.8;. autoboot seconds Proceeds to boot the kernel if not interrupted within the time span given, in seconds. It displays a countdown, and the default time span is 10 seconds. boot -options kernelname Immediately proceeds to boot the kernel, with the given options, if any, and with the kernel name given, if it is. boot-conf Goes through the same automatic configuration of modules based on variables as what happens at boot. This only makes sense if you use unload first, and change some variables, most commonly kernel. help topic Shows help messages read from /boot/loader.help. If the topic given is index, then the list of available topics is given. include filename Processes the file with the given filename. The file is read in, and interpreted line by line. An error immediately stops the include command. load type filename Loads the kernel, kernel module, or file of the type given, with the filename given. Any arguments after filename are passed to the file. ls path Displays a listing of files in the given path, or the root directory, if the path is not specified. If is specified, file sizes will be shown too. lsdev Lists all of the devices from which it may be possible to load modules. If is specified, more details are printed. lsmod Displays loaded modules. If is specified, more details are shown. more filename Displays the files specified, with a pause at each LINES displayed. reboot Immediately reboots the system. set variable set variable=value Sets the loader's environment variables. unload Removes all loaded modules. Loader Examples Here are some practical examples of loader usage: - single-user mode To simply boot your usual kernel, but in single-user - mode: + mode:single-user mode boot -s To unload your usual kernel and modules, and then load just your old (or another) kernel: - - kernel.old - unload load kernel.old You can use kernel.GENERIC to refer to the generic kernel that comes on the install - disk, or kernel.old to refer to + disk, or kernel.oldkernel.old to refer to your previously installed kernel (when you have upgraded or configured your own kernel, for example). Use the following to load your usual modules with another kernel: unload set kernel="kernel.old" boot-conf To load a kernel configuration script (an automated script which does the things you would normally do in the kernel boot-time configurator): load -t userconfig_script /boot/kernel.conf Kernel Interaction During Boot kernel boot interaction Once the kernel is loaded by either loader (as usual) or boot2 (bypassing the loader), it examines its boot flags, if any, and adjusts its behavior as necessary. Kernel Boot Flags kernel bootflags Here are the more common boot flags: during kernel initialization, ask for the device to mount as the root file system. boot from CDROM. run UserConfig, the boot-time kernel configurator boot into single-user mode be more verbose during kernel startup There are other boot flags, read &man.boot.8; for more information on them. Tom Rhodes Contributed by Device Hints device.hints This is a FreeBSD 5.0 and later feature which does not exist in earlier versions. During initial system startup, the boot &man.loader.8; will read the &man.device.hints.5; file. This file stores kernel boot information known as variables, sometimes referred to as device hints. These device hints are used by device drivers for device configuration. Device hints may also be specified at the Stage 3 boot loader prompt. Variables can be added using set, removed with unset, and viewed with the show commands. Variables set in the /boot/device.hints file can be overridden here also. Device hints entered at the boot loader are not permanent and will be forgotten on the next reboot. Once the system is booted, the &man.kenv.1; command can be used to dump all of the variables. The syntax for the /boot/device.hints file is one variable per line, using the standard hash # as comment markers. Lines are constructed as follows: hint.driver.unit.keyword="value" The syntax for the Stage 3 boot loader is: set hint.driver.unit.keyword=value driver is the device driver name, unit is the device driver unit number, and keyword is the hint keyword. The keyword may consist of the following options: at: specifies the bus which the device is attached to. port: specifies the start address of the I/O to be used. irq: specifies the interrupt request number to be used. drq: specifies the DMA channel number. maddr: specifies the physical memory address occupied by the device. flags: sets various flag bits for the device. disabled: if set to 1 the device is disabled. Device drivers may accept (or require) more hints not listed here, viewing their manual page is recommended. For more information, consult the &man.device.hints.5;, &man.kenv.1;, &man.loader.conf.5;, and &man.loader.8; manual pages. Init: Process Control Initialization init Once the kernel has finished booting, it passes control to the user process &man.init.8;, which is located at /sbin/init, or the program path specified in the init_path variable in loader. Automatic Reboot Sequence The automatic reboot sequence makes sure that the file systems available on the system are consistent. If they are not, and &man.fsck.8; cannot fix the inconsistencies, &man.init.8; drops the system into single-user mode for the system administrator to take care of the problems directly. Single-User Mode single-user mode console This mode can be reached through the automatic reboot sequence, or by the user booting with the option or setting the boot_single variable in loader. It can also be reached by calling &man.shutdown.8; without the reboot () or halt () options, from multi-user mode. If the system console is set to insecure in /etc/ttys, then the system prompts for the root password before initiating single-user mode. An Insecure Console in <filename>/etc/ttys</filename> # name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off insecure An insecure console means that you consider your physical security to the console to be insecure, and want to make sure only someone who knows the root password may use single-user mode, and it does not mean that you want to run your console insecurely. Thus, if you want security, choose insecure, not secure. Multi-User Mode multi-user mode If &man.init.8; finds your file systems to be in order, or once the user has finished in single-user mode, the system enters multi-user mode, in which it starts the resource configuration of the system. Resource Configuration (rc) rc files The resource configuration system reads in configuration defaults from /etc/defaults/rc.conf, and system-specific details from /etc/rc.conf, and then proceeds to mount the system file systems mentioned in /etc/fstab, start up networking services, start up miscellaneous system daemons, and finally runs the startup scripts of locally installed packages. The &man.rc.8; manual page is a good reference to the resource configuration system, as is examining the scripts themselves. Shutdown Sequence shutdown Upon controlled shutdown, via &man.shutdown.8;, &man.init.8; will attempt to run the script /etc/rc.shutdown, and then proceed to send all processes the TERM signal, and subsequently the KILL signal to any that do not terminate timely. To power down a FreeBSD machine on architectures and systems that support power management, simply use the command shutdown -p now to turn the power off immediately. To just reboot a FreeBSD system, just use shutdown -r now. You need to be root or a member of operator group to run &man.shutdown.8;. The &man.halt.8; and &man.reboot.8; commands can also be used, please refer to their manual pages and to &man.shutdown.8;'s one for more information. Power management requires &man.acpi.4; support in the kernel or loaded as module for FreeBSD 5.X and &man.apm.4; support for FreeBSD 4.X. diff --git a/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml b/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml index d595f24567..08ea2f4dd1 100644 --- a/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml +++ b/zh_TW.Big5/books/handbook/cutting-edge/chapter.xml @@ -1,1619 +1,1570 @@ Jim Mock Restructured, reorganized, and parts updated by Jordan Hubbard Original work by Poul-Henning Kamp John Polstra Nik Clayton sBɯ FreeBSD z &os; Oӫoi@~tΡCwlDsABEϥΪ̦ӨA ܦhkiHϱztλPs̷sC `NGëDCӤHAXo򰵡I@DnOUzMw쩳n}oA άOnϥθíwXC ŪoAzNFѡJ &os.stable; P &os.current;@o䪺PBF pH CSup, CVSup, CVS CTM ӧsAt pH make buildworld OӭssĶBw˾ base systemC b}l\ŪoeAzݭnJ ]nA()C DpzL port/package w˳n()C &os.current; vs. &os.stable; -CURRENT -STABLE FreeBSD ӵoiG&os.current; &os.stable;C`N|򤶲СAäХ̤OSOpsC A &os.current;AۦA &os.stable;C ϥγ̷s &os; CURRENT o̦AjաA&os.current; O &os; }o ̫euC &os.current; ϥΪ̶j޳NOA ӥBӭnOۤvѨMxtΰDC YzO &os; sA Цbw˫e̦nTC O &os.current;H snapshot &os.current; O &os; ̷sC]tG boqBʽ誺קBLɴA oǪFbU@ relase i|A]iण|C ަ\h &os; }ǫCѳ|sĶ &os.current; source codeA ɳoǭlXOLksĶ\C MAoǰDq`|ָѨMA &os.current; 쩳OaӯETάOhFQnΪs\BﵽA oIDnMzslXɾөwI ֻݭn &os.current;H &os.current; AXUCoTHG &os; sGnM` source tree Y@A Hλ{O current(̷sA) ݨDHC &os; sGFTO &os.current; iabíwAA ӥDʪɶѨMDժ̡C ~A٦ &os; ണXijHΧﵽVAôX patch ץɪHC uOߩΪ̷QѦ(pAuOA ӫD)HC oǤHɤ]|ǵѡAΰ^mlXC &os.current; <emphasis>äO</emphasis> H lD̷s\C ṱ̌ǫܻŪs\A çƱ榨zP򪺤HĤ@ӹժHA ]N &os.current; omA|C ޡAz]AѨ̷s\A o]NۭYX{s bug ɡAz]OġC ״_ bug tkC ] &os.current; 󪩥b״_w bug PɡASi|ͷs bugC LҤb officially supportedC ڭ̷|ɤOUWz &os.current; TO legitimate ϥΪ̡A ڭL̴ѧ޳N䴩C oNڭ̫ܴcHAάOQUH(YOܡA ڭ̤]| &os; VOF) AbO]ڭ̤FNALkCѦ^ƦʭӰDA ӦP~}o &os;C iHTw@INOA bﵽ &os; άO^jqXDA YnӿܪܡA}o̷|ܫe̡C ϥ &os.current; - - -CURRENT - using - - [J &a.current.name; &a.cvsall.name; ׾¡C + [J &a.current.name;-CURRENTusing &a.cvsall.name; ׾¡C ouOӫijA]O @C YzSq\ &a.current.name; AN|LOHثetΪAAӬ\ӦbOHwѪDC 󭫭nOAi|@ǹvҺިtΦwM۷niC b &a.cvsall.name; WhiHݨC commit A ]oǰO|savTLTC nq\oǽ׾©ΨL׾¡AаѦ &a.mailman.lists.link; IQq\YiC ܩLBJpiA b̷|C q &os; mirror olXC ؤ覡iHFG - - cvsup - - - cron - - - -CURRENT - Syncing with CVSup - - - H csup + H csupcvsup cvsup {ft /usr/share/examples/cvsup ɦW standard-supfile supfileC oOja̱`˪覡A]iHz tree ^ӡA NusYiC ~A\hH| csup cvsup - cron Hw۰ʧsC + croncron Hw۰ʧsC znۭqez supfile dɡA ðwۨҥHվ csup - cvsup ]wC + cvsup-CURRENTSyncing with CVSup ]wC - - -CURRENT - Syncing with CTM - - ϥ CTM uC YҤ + linkend="ctm">CTM-CURRENTSyncing with CTM uC YҤ (WOζQAΥu email Ӥw) CTM |AXzݨDC MӡAo]@ǪijåB`@ǦDɮסC ]A ܤ֤H|ΥC o]wF̿oӧs覡C YOϥ 9600 bps modem WejW̡Aijϥ CVSup C Y source code OnΨӶ]AӤȥuOݬݦӤwA N &os.current;AӤnu쳡C ]j source code |̨ۨL source code `A YOzusĶ䤤@AOҷ|ܳ·СC - - -CURRENT - compiling - - bsĶ &os.current; eAХJӾ\Ū + bsĶ &os.current;-CURRENTcompiling eAХJӾ\Ū /usr/src MakefileC ޥuOɯųFӤwAzܤ֤]n ˷s kernel HέssĶ worldC ~Ahh\Ū &a.current; H /usr/src/UPDATING ]OA ~ાDثei׬O˥HΤU@|sFC IYzb] &os.current;A ڭ̫ܷQDz󥦪QkOAרO[jǥ\A θӭץǿ~ijC pGzbijɯW{XܡA uOӴΤFI ϥγ̷s &os; STABLE O &os.stable;H -STABLE &os.stable; Oڭ̪}oADno檩NѦӨӡC oӤ|HPtק@קܤơAåB]oǬOĤ@iJ &os.current; iաC MӡAo M ݩ}oA ]NObYǮɭԡA&os.stable; i|B]iण|ŦX@ǯSݨDC uLOt@Ӷ}oӤwAiणӾAX@ϥΪ̡C ֻݭn &os.stable;H YzhlܡB^m FreeBSD }oL{Χ@ǰ^mA רO| FreeBSD UӪ o榳A ӦҼ{ĥ &os.stable;C Mw|}׸ɤ]|iJ &os.stable; A ȶȦ] ݭn h &os.stable;C FreeBSD C security advisory(wi) |ѻph״_vT MӡAo]@wOTAڭ̤iû䴩 FreeBSD 骺Uصo檩AިCӵo檩oGA|䴩Ʀ~[C YA FreeBSD ثeª䴩FӸ`AаѾ\ http://www.FreeBSD.org/security/ C AYȦ]w]ӥhĥζ}oAM|ѨM{wDA ]iaӤ@ǼêDC ާڭ̺ɤOTO &os.stable; bɭԧॿTsĶBB@A SHOHɳiHŦXWzتC ~AMlXbiJ &os.stable; eA|b &os.current; }oAϥ &os.current; H &os.stable; ϥΪ̨Ӫ֡AҥHq`ǰDAib &os.current; SH`NAH &os.stable; ϥΪ̪sxϥΤ~|B{C ѩWzoDzzѡAڭä ذlH &os.stable;AӥB󭫭nOAOblX|gդeA Nİʧ production server ಾ &os.stable; ҡC YzSoǦhɶB믫ܡA˱zϥγ̷s FreeBSD o檩YiAñĥΨҴѪ binary sӧɯಾC ϥ &os.stable; - - -STABLE - using - - - q\ &a.stable.name; listC iHzHA &os.stable; + q\ &a.stable.name;-STABLEusing listC iHzHA &os.stable; nsĶɪۨYAHΨLݯSO`NDC }o̦bҼ{@ǦijץΧsɡAN|bo̵oHA ϥΪ̦|iHA ݥL̹ҴO_ijΰDC &a.cvsall.name; list oiHݨC commit logA 䤤]AF\h֪TAҦp@ǥioͪڮC Qn[JodzqH׾ªܡAun &a.mailman.lists.link; IUQq\ list YiC lBJbW|C Ynwˤ@ӥstΡAåBƱ &os.stable; Cw snapshotAаѾ\ Snapshots HAѬӸ`C ~A]iq mirror Ӧw˳̷s &os.stable; o檩AózLUCӧs̷s &os.stable; lXC Yw˪O &os; HeAӷQzLlX覡ӤɯšA ]OiHQ &os; mirror ӧC HUШؤ覡G - - cvsup - - - cron - - - -STABLE - syncing with CVSup - - H csup + H csupcvsup cvsup {ft /usr/share/examples/cvsup ɦW stable-supfile supfileC oOja̱`˪覡A ]iHA tree ^ӡA NusYiC ~A\hH| csup - cvsup cron + cvsup croncron Hw۰ʧsC znۭqez supfile dɡAðwۨҥHվ csup - cvsup ]wC + cvsup-STABLEsyncing with CVSup ]wC - - -STABLE - syncing with CTM - - ϥ CTM suC + linkend="ctm">CTM-STABLEsyncing with CTM suC Y֩κOζQAiHҼ{ĥΡC @ӨAY`ݦs̷slXAӤpWeܡA iHϥ csup cvsup ftpC _hANҼ{ CTMC - - -STABLE - compiling - - - bsĶ &os.stable; eAХJӾ\Ū + bsĶ &os.stable;-STABLEcompiling eAХJӾ\Ū /usr/src Makefile ɡC ޥuOɯųFӤwAzܤ֤]n ˷s kernel HέssĶ worldC ~Ahh\Ū &a.stable; H /usr/src/UPDATING ]OƪA oˤ~ાDثei׬OˡAHΤU@|ǷsFC sA Source &os; plX\hzL( email)覡ӧsA L׬Os@AoǥѱzۦMwC ڭ̥DnѪO Anonymous CVSBCVSup BCTMC MiHuslXAߤ@䴩sy{Os treeA åBs userland(pGѨϥΪ̥h檺Ҧ{AO /binB/sbin {)H kernel lXC Yus source treeBΥu kernel BΥu userland Aq`|y@ǿ~AOGsĶ~Bkernel panicBƷl C CVS anonymous Anonymous CVS CVSup O pull ҦӧslXC H CVSup ҡA ϥΪ( cron script)| cvsup {A̷|PY@x cvsupd A@ǤʡA HslXɮסC zҦs|Oɳ̷sA ӥBu|ݧsC ~A]iHܻPh]wnsdC s|ѦA򥻾蠟AXɱzһݭnsɮ׵AC Anonymous CVS ۹ CVSup ӱo²ǡA]uO CVS ӤwA@Aiqݪ CVS repository X̷slXC M CVSup bo譱|󦳮IJvAL Anonymous CVS sӨAOΰ_Ӥ²C CTM t@ؤ覡hO CTMC äOHͦӤzҾ֦ sources MAW sources άOzosC ۤϪA|@ script ɱMΨӿܧLɮסAoӵ{O CTM AӰA Cѷ|ƦAç⦸ܧLɮץ[HYA õ̤@ӧǸAMN[HsX(u printable ASCII r)A åH email 覡HXC z쥦ɭԡAo CTM deltas NiH &man.ctm.rmail.1; {ӳBzAӵ{|۰ʸѽXBT{B MγoܧC o{Ǥ CVSup ӻOֱohFA ӥBAoӼҦڭ̪AӻOPA]oO@ push ҦAӫD pull ҦC MAo˰]|aӤ@ǤKC Ypߧz{MFA CVSup |XӡAæ۰ʬz⤣ɻC CTM ä|zoǰʧ@C YMFz source (ӥBSƥ)AziHqY}l(q̷s CVS base deltaCTM ӭإ AάO Anonymous CVS ӧA un⤣Ta屼AAsPBʧ@YiC ssĶ <quote>world</quote> Rebuilding world bs &os; source tree ̷s(L׬O &os.stable;B &os.current; )AUӴNiHγo source tree ӭssĶt C b@jʧ@ e nOotΧ@ƥnʵLjաC ޭssĶ world O (unӤܥh@)@²檺ƱAX]ObKC t~AOHb source tree VdV~A]i|ytεLk} C нT{ۤvw@ƥAåB䦳 fixit Ϥζ}СC ziû]ΤoǪFA wĤ@`ƫỡpӱonaI q\ Mailing List mailing list &os.stable; H &os.current; AWNOݩ }oqC &os; @^m]OHA]|ǿ~C ɭԳoǿ~õLjêAuO|tβͷs~ĵiӤwC ɫhOaAi|ɭP}ɮרtΪl(ΧV)C YJDAKʼD heads up(`N) }YH mailing listAMDIHη|vTǨtΡC bDѨMAAKD all clear(wѨM) }YnHC YΪO &os.stable; &os.current;AoS\Ū &a.stable; &a.current; QסA|Oۧ·ЦӤwC n <command>make world</command> @玲¤󳣷|ijϥ make worldC o˰|L@ǭnBJAijubADۤvb@AAo򰵡C bjhƪpUAФnå make worldA ӸӧΤUЪ覡C stΪзǤ覡 nɯŨtΫeA@wnd\ /usr/src/UPDATING AHA buildworld eݭn@ǨƱΪ`NƶA M~ΤUCBJG &prompt.root; make buildworld &prompt.root; make buildkernel &prompt.root; make installkernel &prompt.root; reboot bּƪpAiݭnb buildworld BJe@ mergemaster -p ~৹C ܩɻݭnΤݭnAаѾ\ UPDATING C @ӻAunOi󪩸(major) &os; ɯšA NiLoBJC installkernel Aݭn}ä single user Ҧ(|ҡG]iHb loader ܲŸ᭱[W boot -s)C UӰG &prompt.root; mergemaster -p &prompt.root; make installworld &prompt.root; mergemaster &prompt.root; reboot Read Further Explanations WzBJuOUzɯŪ²满ӤwAYnMAѨC@BJA רOYۦ楴y kernel ]wANӾ\ŪUeC \Ū <filename>/usr/src/UPDATING</filename> b@ƱeAаȥ\Ū /usr/src/UPDATING (Φb source code ) C o|giDJDAΫwǷ|檺OǬC pGA{b UPDATING Po䪺yzĬB٬ޤBAХHW UPDATING ǡC MӡApPeҭzAua\Ū UPDATING ä৹N mailing listC o̳OɪAӤ۱ƥC ˬd <filename>/etc/make.conf</filename> make.conf ˬd /usr/share/examples/etc/make.conf H /etc/make.confC Ĥ@DO@Ǩtιw] – LAjQѰ_ӡC FbssĶɯϥγoǡA Чodz]w[ /etc/make.confC Ъ`Nb /etc/make.conf ]w]|vTCϥ make GA ]]w@ǾAXۤvtΪﶵ|O@kC @ϥΪ̳q`|q /usr/share/examples/etc/make.conf ƻs CFLAGS H NO_PROFILE ]w /etc/make.confAøѰѦLO C ~A]iHոլݨL]w (COPTFLAGSB NOPORTDOCS )AO_ŦXۤvһݡC s <filename>/etc</filename> ]w b /etc ؿ|tΪ]wɡA Hζ}ɪUAȱҰ scriptC script H FreeBSD PӦǮtC 䤤dz]wɷ|bCB@tθ̤]|ΨC רO /etc/groupC ɭԦb make installworld w˹L{A |ݭnإ߬YǯSwbθsաC biɯŤeḀiäsbA ]ɯŮɴN|yDC ɭ make buildworld |ˬdoǩһݪbθsլO_wsbC |ӳo˪ҤlAOYɯŤᥲsW smmsp bC YϥΪ̩|sWӱbNnɯžާ@ܡA |b &man.mtree.8; իإ /var/spool/clientmqueue ɵoͥѡC ѪkOb buildworld qeA &man.mergemaster.8; ÷ft ﶵC |墨ǰ buildworld installworld һݤ]wɡC YAҥΪO䴩 mergemaster A򪽱ϥ source tree sYiG &prompt.root; cd /usr/src/usr.sbin/mergemaster &prompt.root; ./mergemaster.sh -p YzOg(paranoid)A iHUo˥hյˬdtΤWɮݩwWγQRs G &prompt.root; find / -group GID -print o|ܩҦŦXn䪺 GID s (iHOsզW١AΪ̬OsժƦrN)ҦɮסC Single User Ҧ single-user mode zi|Qb single user ҦUsĶtΡC FiH֧~Aw˹L{N|oA\hntɮסA ]AҦt binariesBlibrariesBinclude ɮ׵C YbB@t(ר䦳\hϥΪ̦bΪɭ)oɮסA ²Oۧ·Ъ@kC multi-user mode t@ؼҦOb multi-user ҦUsĶntΡAMA single user ҦhwˡC Yzwoؤ覡Auݦb build(sĶL{) A AhUBJYiC @i single user ҦɡAAh installkernel installworld YiC root G &prompt.root; shutdown now o˴N|q쥻 multi-user Ҧ single user ҦC ~]iH}Aۦb}B single user ﶵC p@ӴN|iJ single user ҦA Mb shell ܲŸBJG &prompt.root; fsck -p &prompt.root; mount -u / &prompt.root; mount -a -t ufs &prompt.root; swapon -a o˷|ˬdɮרtΡAísN / HiŪgҦAH /etc/fstab ҳ]wL UFS ɮרtΡA̫ҥ swap ϰϡC Y CMOS O]aɶAӫD GMT ɰ(Y &man.date.1; OSܥTɶBɰ)AiݭnAJUCOG &prompt.root; adjkerntz -i oBJiHT{zaɰϳ]wO_T — _h|y@ǰDC <filename>/usr/obj</filename> bssĶtΪL{AsĶG|(w]p) /usr/obj C o̭ؿ| /usr/src ؿcC 屼oؿAiHH᪺ make buildworld L{֤@ǡAӥBiקKHesĶF{bVcb@_ۨ̿ C Ӧ /usr/obj ɮץi|]wiʪ flag(Ӹ`аѾ\ &man.chflags.1;)Aӥo flag ]w~ C &prompt.root; cd /usr/obj &prompt.root; chflags -R noschg * &prompt.root; rm -rf * ssĶ Base System OdsĶ ijinߺDA &man.make.1; ɲͪs_ӡC o˭YXAN|~TC MoˡA AiणDpROXFáAYADOK &os; mailing list NiHHiHݬO@^ƱC ²檺ONO &man.script.1; OAå[WѼ (AQsOɮצmBɦW)YiC oBJӦbssĶtήɴNn@AMbsĶJ exit Yi}C &prompt.root; script /var/tmp/mw.out Script started, output file is /var/tmp/mw.out &prompt.root; make TARGET … compile, compile, compile … &prompt.root; exit Script done, … FA٦@IqOɮצs /tmp ؿC ]}A oؿF賣|QMšC aO /var/tmp (pWҩҥ) Ϊ̬O root aؿC sĶ Base System Х /usr/src ؿG &prompt.root; cd /usr/src (MADA source code LaAYuOoˡA N쨺ӥؿYi)C make ϥ &man.make.1; OӭssĶ worldC oO|q Makefile (oɷ|g &os; {Ӧp󭫷ssĶBHǶǨӽsĶ)hŪOC @UO榡pUG &prompt.root; make -x -DVARIABLE target boӨҤlA OAQǵ &man.make.1; ﶵAӸ`аѾ\ &man.make.1; A ̭dһC hOܼƳ]wǵ MakefileC oܼƷ| Makefile 欰C odz]wP /etc/make.conf ܼƳ]wO@ˡA uOt@س]w覡ӤwC &prompt.root; make -DNO_PROFILE target WҤlhOt@س]w覡A]NOǤnC oӨҤlNOhsĶ profiled librariesAĪGNpP]wb /etc/make.conf NO_PROFILE= true # Avoid compiling profiled libraries target hOiD &man.make.1; ӥhǡC C Makefile |wqP targetsAM̱zҵ target N|Mw|ǰʧ@ C Some targets are listed in the Makefile, but are not meant for you to run. Instead, they are used by the build process to break out the steps necessary to rebuild the system into a number of sub-steps. Most of the time you will not need to pass any parameters to &man.make.1;, and so your command like will look like this: &prompt.root; make target Where target will be one of many build options. The first target should always be buildworld. As the names imply, buildworld builds a complete new tree under /usr/obj, and installworld, another target, installs this tree on the current machine. Having separate options is very useful for two reasons. First, it allows you to do the build safe in the knowledge that no components of your running system will be affected. The build is self hosted. Because of this, you can safely run buildworld on a machine running in multi-user mode with no fear of ill-effects. It is still recommended that you run the installworld part in single user mode, though. Secondly, it allows you to use NFS mounts to upgrade multiple machines on your network. If you have three machines, A, B and C that you want to upgrade, run make buildworld and make installworld on A. B and C should then NFS mount /usr/src and /usr/obj from A, and you can then run make installworld to install the results of the build on B and C. Although the world target still exists, you are strongly encouraged not to use it. Run &prompt.root; make buildworld It is possible to specify a option to make which will cause it to spawn several simultaneous processes. This is most useful on multi-CPU machines. However, since much of the compiling process is IO bound rather than CPU bound it is also useful on single CPU machines. On a typical single-CPU machine you would run: &prompt.root; make -j4 buildworld &man.make.1; will then have up to 4 processes running at any one time. Empirical evidence posted to the mailing lists shows this generally gives the best performance benefit. If you have a multi-CPU machine and you are using an SMP configured kernel try values between 6 and 10 and see how they speed things up. Timings rebuilding world timings Many factors influence the build time, but fairly recent machines may only take a one or two hours to build the &os.stable; tree, with no tricks or shortcuts used during the process. A &os.current; tree will take somewhat longer. Compile and Install a New Kernel kernel compiling To take full advantage of your new system you should recompile the kernel. This is practically a necessity, as certain memory structures may have changed, and programs like &man.ps.1; and &man.top.1; will fail to work until the kernel and source code versions are the same. The simplest, safest way to do this is to build and install a kernel based on GENERIC. While GENERIC may not have all the necessary devices for your system, it should contain everything necessary to boot your system back to single user mode. This is a good test that the new system works properly. After booting from GENERIC and verifying that your system works you can then build a new kernel based on your normal kernel configuration file. On &os; it is important to build world before building a new kernel. If you want to build a custom kernel, and already have a configuration file, just use KERNCONF=MYKERNEL like this: &prompt.root; cd /usr/src &prompt.root; make buildkernel KERNCONF=MYKERNEL &prompt.root; make installkernel KERNCONF=MYKERNEL Note that if you have raised kern.securelevel above 1 and you have set either the noschg or similar flags to your kernel binary, you might find it necessary to drop into single user mode to use installkernel. Otherwise you should be able to run both these commands from multi user mode without problems. See &man.init.8; for details about kern.securelevel and &man.chflags.1; for details about the various file flags. Reboot into Single User Mode single-user mode You should reboot into single user mode to test the new kernel works. Do this by following the instructions in . Install the New System Binaries If you were building a version of &os; recent enough to have used make buildworld then you should now use installworld to install the new system binaries. Run &prompt.root; cd /usr/src &prompt.root; make installworld If you specified variables on the make buildworld command line, you must specify the same variables in the make installworld command line. This does not necessarily hold true for other options; for example, must never be used with installworld. For example, if you ran: &prompt.root; make -DNO_PROFILE buildworld you must install the results with: &prompt.root; make -DNO_PROFILE installworld otherwise it would try to install profiled libraries that had not been built during the make buildworld phase. Update Files Not Updated by <command>make installworld</command> Remaking the world will not update certain directories (in particular, /etc, /var and /usr) with new or changed configuration files. The simplest way to update these files is to use &man.mergemaster.8;, though it is possible to do it manually if you would prefer to do that. Regardless of which way you choose, be sure to make a backup of /etc in case anything goes wrong. Tom Rhodes Contributed by <command>mergemaster</command> mergemaster The &man.mergemaster.8; utility is a Bourne script that will aid you in determining the differences between your configuration files in /etc, and the configuration files in the source tree /usr/src/etc. This is the recommended solution for keeping the system configuration files up to date with those located in the source tree. To begin simply type mergemaster at your prompt, and watch it start going. mergemaster will then build a temporary root environment, from / down, and populate it with various system configuration files. Those files are then compared to the ones currently installed in your system. At this point, files that differ will be shown in &man.diff.1; format, with the sign representing added or modified lines, and representing lines that will be either removed completely, or replaced with a new line. See the &man.diff.1; manual page for more information about the &man.diff.1; syntax and how file differences are shown. &man.mergemaster.8; will then show you each file that displays variances, and at this point you will have the option of either deleting the new file (referred to as the temporary file), installing the temporary file in its unmodified state, merging the temporary file with the currently installed file, or viewing the &man.diff.1; results again. Choosing to delete the temporary file will tell &man.mergemaster.8; that we wish to keep our current file unchanged, and to delete the new version. This option is not recommended, unless you see no reason to change the current file. You can get help at any time by typing ? at the &man.mergemaster.8; prompt. If the user chooses to skip a file, it will be presented again after all other files have been dealt with. Choosing to install the unmodified temporary file will replace the current file with the new one. For most unmodified files, this is the best option. Choosing to merge the file will present you with a text editor, and the contents of both files. You can now merge them by reviewing both files side by side on the screen, and choosing parts from both to create a finished product. When the files are compared side by side, the l key will select the left contents and the r key will select contents from your right. The final output will be a file consisting of both parts, which can then be installed. This option is customarily used for files where settings have been modified by the user. Choosing to view the &man.diff.1; results again will show you the file differences just like &man.mergemaster.8; did before prompting you for an option. After &man.mergemaster.8; is done with the system files you will be prompted for other options. &man.mergemaster.8; may ask if you want to rebuild the password file and will finish up with an option to remove left-over temporary files. Manual Update If you wish to do the update manually, however, you cannot just copy over the files from /usr/src/etc to /etc and have it work. Some of these files must be installed first. This is because the /usr/src/etc directory is not a copy of what your /etc directory should look like. In addition, there are files that should be in /etc that are not in /usr/src/etc. If you are using &man.mergemaster.8; (as recommended), you can skip forward to the next section. The simplest way to do this by hand is to install the files into a new directory, and then work through them looking for differences. Backup Your Existing <filename>/etc</filename> Although, in theory, nothing is going to touch this directory automatically, it is always better to be sure. So copy your existing /etc directory somewhere safe. Something like: &prompt.root; cp -Rp /etc /etc.old does a recursive copy, preserves times, ownerships on files and suchlike. You need to build a dummy set of directories to install the new /etc and other files into. /var/tmp/root is a reasonable choice, and there are a number of subdirectories required under this as well. &prompt.root; mkdir /var/tmp/root &prompt.root; cd /usr/src/etc &prompt.root; make DESTDIR=/var/tmp/root distrib-dirs distribution This will build the necessary directory structure and install the files. A lot of the subdirectories that have been created under /var/tmp/root are empty and should be deleted. The simplest way to do this is to: &prompt.root; cd /var/tmp/root &prompt.root; find -d . -type d | xargs rmdir 2>/dev/null This will remove all empty directories. (Standard error is redirected to /dev/null to prevent the warnings about the directories that are not empty.) /var/tmp/root now contains all the files that should be placed in appropriate locations below /. You now have to go through each of these files, determining how they differ with your existing files. Note that some of the files that will have been installed in /var/tmp/root have a leading .. At the time of writing the only files like this are shell startup files in /var/tmp/root/ and /var/tmp/root/root/, although there may be others (depending on when you are reading this). Make sure you use ls -a to catch them. The simplest way to do this is to use &man.diff.1; to compare the two files: &prompt.root; diff /etc/shells /var/tmp/root/etc/shells This will show you the differences between your /etc/shells file and the new /var/tmp/root/etc/shells file. Use these to decide whether to merge in changes that you have made or whether to copy over your old file. Name the New Root Directory (<filename>/var/tmp/root</filename>) with a Time Stamp, so You Can Easily Compare Differences Between Versions Frequently rebuilding the world means that you have to update /etc frequently as well, which can be a bit of a chore. You can speed this process up by keeping a copy of the last set of changed files that you merged into /etc. The following procedure gives one idea of how to do this. Make the world as normal. When you want to update /etc and the other directories, give the target directory a name based on the current date. If you were doing this on the 14th of February 1998 you could do the following: &prompt.root; mkdir /var/tmp/root-19980214 &prompt.root; cd /usr/src/etc &prompt.root; make DESTDIR=/var/tmp/root-19980214 \ distrib-dirs distribution Merge in the changes from this directory as outlined above. Do not remove the /var/tmp/root-19980214 directory when you have finished. When you have downloaded the latest version of the source and remade it, follow step 1. This will give you a new directory, which might be called /var/tmp/root-19980221 (if you wait a week between doing updates). You can now see the differences that have been made in the intervening week using &man.diff.1; to create a recursive diff between the two directories: &prompt.root; cd /var/tmp &prompt.root; diff -r root-19980214 root-19980221 Typically, this will be a much smaller set of differences than those between /var/tmp/root-19980221/etc and /etc. Because the set of differences is smaller, it is easier to migrate those changes across into your /etc directory. You can now remove the older of the two /var/tmp/root-* directories: &prompt.root; rm -rf /var/tmp/root-19980214 Repeat this process every time you need to merge in changes to /etc. You can use &man.date.1; to automate the generation of the directory names: &prompt.root; mkdir /var/tmp/root-`date "+%Y%m%d"` Rebooting You are now done. After you have verified that everything appears to be in the right place you can reboot the system. A simple &man.shutdown.8; should do it: &prompt.root; shutdown -r now Finished You should now have successfully upgraded your &os; system. Congratulations. If things went slightly wrong, it is easy to rebuild a particular piece of the system. For example, if you accidentally deleted /etc/magic as part of the upgrade or merge of /etc, the &man.file.1; command will stop working. In this case, the fix would be to run: &prompt.root; cd /usr/src/usr.bin/file &prompt.root; make all install Questions Do I need to re-make the world for every change? There is no easy answer to this one, as it depends on the nature of the change. For example, if you just ran CVSup, and it has shown the following files as being updated: src/games/cribbage/instr.c src/games/sail/pl_main.c src/release/sysinstall/config.c src/release/sysinstall/media.c src/share/mk/bsd.port.mk it probably is not worth rebuilding the entire world. You could just go to the appropriate sub-directories and make all install, and that's about it. But if something major changed, for example src/lib/libc/stdlib then you should either re-make the world, or at least those parts of it that are statically linked (as well as anything else you might have added that is statically linked). At the end of the day, it is your call. You might be happy re-making the world every fortnight say, and let changes accumulate over that fortnight. Or you might want to re-make just those things that have changed, and be confident you can spot all the dependencies. And, of course, this all depends on how often you want to upgrade, and whether you are tracking &os.stable; or &os.current;. My compile failed with lots of signal 11 signal 11 (or other signal number) errors. What has happened? This is normally indicative of hardware problems. (Re)making the world is an effective way to stress test your hardware, and will frequently throw up memory problems. These normally manifest themselves as the compiler mysteriously dying on receipt of strange signals. A sure indicator of this is if you can restart the make and it dies at a different point in the process. In this instance there is little you can do except start swapping around the components in your machine to determine which one is failing. Can I remove /usr/obj when I have finished? The short answer is yes. /usr/obj contains all the object files that were produced during the compilation phase. Normally, one of the first steps in the make buildworld process is to remove this directory and start afresh. In this case, keeping /usr/obj around after you have finished makes little sense, and will free up a large chunk of disk space (currently about 340 MB). However, if you know what you are doing you can have make buildworld skip this step. This will make subsequent builds run much faster, since most of sources will not need to be recompiled. The flip side of this is that subtle dependency problems can creep in, causing your build to fail in odd ways. This frequently generates noise on the &os; mailing lists, when one person complains that their build has failed, not realizing that it is because they have tried to cut corners. Can interrupted builds be resumed? This depends on how far through the process you got before you found a problem. In general (and this is not a hard and fast rule) the make buildworld process builds new copies of essential tools (such as &man.gcc.1;, and &man.make.1;) and the system libraries. These tools and libraries are then installed. The new tools and libraries are then used to rebuild themselves, and are installed again. The entire system (now including regular user programs, such as &man.ls.1; or &man.grep.1;) is then rebuilt with the new system files. If you are at the last stage, and you know it (because you have looked through the output that you were storing) then you can (fairly safely) do: … fix the problem … &prompt.root; cd /usr/src &prompt.root; make -DNO_CLEAN all This will not undo the work of the previous make buildworld. If you see the message: -------------------------------------------------------------- Building everything.. -------------------------------------------------------------- in the make buildworld output then it is probably fairly safe to do so. If you do not see that message, or you are not sure, then it is always better to be safe than sorry, and restart the build from scratch. How can I speed up making the world? Run in single user mode. Put the /usr/src and /usr/obj directories on separate file systems held on separate disks. If possible, put these disks on separate disk controllers. Better still, put these file systems across multiple disks using the &man.ccd.4; (concatenated disk driver) device. Turn off profiling (set NO_PROFILE=true in /etc/make.conf). You almost certainly do not need it. Also in /etc/make.conf, set CFLAGS to something like . The optimization is much slower, and the optimization difference between and is normally negligible. lets the compiler use pipes rather than temporary files for communication, which saves disk access (at the expense of memory). Pass the option to &man.make.1; to run multiple processes in parallel. This usually helps regardless of whether you have a single or a multi processor machine. The file system holding /usr/src can be mounted (or remounted) with the option. This prevents the file system from recording the file access time. You probably do not need this information anyway. &prompt.root; mount -u -o noatime /usr/src The example assumes /usr/src is on its own file system. If it is not (if it is a part of /usr for example) then you will need to use that file system mount point, and not /usr/src. The file system holding /usr/obj can be mounted (or remounted) with the option. This causes disk writes to happen asynchronously. In other words, the write completes immediately, and the data is written to the disk a few seconds later. This allows writes to be clustered together, and can be a dramatic performance boost. Keep in mind that this option makes your file system more fragile. With this option there is an increased chance that, should power fail, the file system will be in an unrecoverable state when the machine restarts. If /usr/obj is the only thing on this file system then it is not a problem. If you have other, valuable data on the same file system then ensure your backups are fresh before you enable this option. &prompt.root; mount -u -o async /usr/obj As above, if /usr/obj is not on its own file system, replace it in the example with the name of the appropriate mount point. What do I do if something goes wrong? Make absolutely sure your environment has no extraneous cruft from earlier builds. This is simple enough. &prompt.root; chflags -R noschg /usr/obj/usr &prompt.root; rm -rf /usr/obj/usr &prompt.root; cd /usr/src &prompt.root; make cleandir &prompt.root; make cleandir Yes, make cleandir really should be run twice. Then restart the whole process, starting with make buildworld. If you still have problems, send the error and the output of uname -a to &a.questions;. Be prepared to answer other questions about your setup! Mike Meyer Contributed by Tracking for Multiple Machines NFS installing multiple machines If you have multiple machines that you want to track the same source tree, then having all of them download sources and rebuild everything seems like a waste of resources: disk space, network bandwidth, and CPU cycles. It is, and the solution is to have one machine do most of the work, while the rest of the machines mount that work via NFS. This section outlines a method of doing so. Preliminaries First, identify a set of machines that is going to run the same set of binaries, which we will call a build set. Each machine can have a custom kernel, but they will be running the same userland binaries. From that set, choose a machine to be the build machine. It is going to be the machine that the world and kernel are built on. Ideally, it should be a fast machine that has sufficient spare CPU to run make buildworld and make buildkernel. You will also want to choose a machine to be the test machine, which will test software updates before they are put into production. This must be a machine that you can afford to have down for an extended period of time. It can be the build machine, but need not be. All the machines in this build set need to mount /usr/obj and /usr/src from the same machine, and at the same point. Ideally, those are on two different drives on the build machine, but they can be NFS mounted on that machine as well. If you have multiple build sets, /usr/src should be on one build machine, and NFS mounted on the rest. Finally make sure that /etc/make.conf on all the machines in the build set agrees with the build machine. That means that the build machine must build all the parts of the base system that any machine in the build set is going to install. Also, each build machine should have its kernel name set with KERNCONF in /etc/make.conf, and the build machine should list them all in KERNCONF, listing its own kernel first. The build machine must have the kernel configuration files for each machine in /usr/src/sys/arch/conf if it is going to build their kernels. The Base System Now that all that is done, you are ready to build everything. Build the kernel and world as described in on the build machine, but do not install anything. After the build has finished, go to the test machine, and install the kernel you just built. If this machine mounts /usr/src and /usr/obj via NFS, when you reboot to single user you will need to enable the network and mount them. The easiest way to do this is to boot to multi-user, then run shutdown now to go to single user mode. Once there, you can install the new kernel and world and run mergemaster just as you normally would. When done, reboot to return to normal multi-user operations for this machine. After you are certain that everything on the test machine is working properly, use the same procedure to install the new software on each of the other machines in the build set. Ports The same ideas can be used for the ports tree. The first critical step is mounting /usr/ports from the same machine to all the machines in the build set. You can then set up /etc/make.conf properly to share distfiles. You should set DISTDIR to a common shared directory that is writable by whichever user root is mapped to by your NFS mounts. Each machine should set WRKDIRPREFIX to a local build directory. Finally, if you are going to be building and distributing packages, you should set PACKAGES to a directory similar to DISTDIR. diff --git a/zh_TW.Big5/books/handbook/l10n/chapter.xml b/zh_TW.Big5/books/handbook/l10n/chapter.xml index 4029f6e690..ec34ee2791 100644 --- a/zh_TW.Big5/books/handbook/l10n/chapter.xml +++ b/zh_TW.Big5/books/handbook/l10n/chapter.xml @@ -1,908 +1,905 @@ Andrey Chernov Contributed by Michael C. Wu Rewritten by yt]w - I18N/L10N ΪkP]w z ѩ FreeBSD OG@ɪϥΪ̤ΧӤuҤpeADnQO FreeBSD ڤơBgijDAHKyO^ytH]බQUu@C b@~tΡBε{ؼhADnOzL i18n зǨӹ@AҥHA o̧ڭ̱N|ФjPB@覡C ŪoAzNFѡJ UؤPyPaϳ]wpb@~tΤWisXC p]wnJΪ shell ytҡC pNA console ]^yH~yt]wC pϥΤPyt]wA X Window B@ˤC iHhP i18n Wۮeε{WơC b}l\ŪoeAzݭnJ DpH ports/packages Ӧwε{()C L10N ¦ O I18N/L10N? internationalization localization localization {}oHߺD internationalization Yg I18NAƦr 18 DO̫eP̫᭱rrӼ`MA L10N ]OH@˪覡AO localization YgC unŦX I18N/L10N WBwε{ANiHϥΪ̨̦Uۻytӧ@]wC I18N ε{OH I18N }ouӶi}oA iH{}oHzLg²檺rɡANiHeWBT½ĶUytC ڭ̱jPij{}oH`oӹCWhC Өϥ I18N/L10NH unŦX I18N/L10N зǡANiHPaݡBJBBzD^媺ơC I18N 䴩ǻytH I18N M L10N ëD FreeBSD үSAثeo@ɤWXG@Dnyt䴩A OGBwBBBkBXBVn嵥C ϥλyt]w(Localization) I18N M L10N ëD FreeBSD үSAӬO@qCWhC ڭ̹yAb FreeBSD @ɤP˿uoCWhC locale Locale ]wѤTӳҲզGyNX(Language Code)BX(Country Code)BsX(Encoding)C ҥHALocale ]wWٴNOѳoTӤ@_զG yNX_X.sX yBX language codes country codes ϥΪ̥nDoǯSwXByNX(X|iDε{Өϥέ@ػy)A ~ FreeBSD ΨL䴩 I18N &unix; tΧ@ locale ]wC ~As(borwser)BSMTP/POP DBWeb D]Ho[cDC UOpϥΡyyNXBXzҤlG yNX/X ² en_US ^() ru_RU X(X) zh_TW 餤(xW) sX encodings ASCII ǻyëDĥ ASCII sXAiOG 8-bitBwide multibyte rAԱаѾ\ &man.multibyte.3;C j{iLkTPOBλ~PSrCӸs{iH{ 8-bit rC ѩU{@k@AϥΪ̥iݭnbsĶ{ɡA[W wide multibyte r䴩]wAάOTվ~C nJBBz wide multibyte rܡAihhQ FreeBSD Ports Collection Uy{C ԱаѾ\ FreeBSD U port I18N C Specifically, the user needs to look at the application documentation to decide on how to configure it correctly or to pass correct values into the configure/Makefile/compiler. Some things to keep in mind are: Language specific single C chars character sets (see &man.multibyte.3;), e.g. ISO8859-1, ISO8859-15, KOI8-R, CP437. Wide or multibyte encodings, e.g. EUC, Big5. You can check the active list of character sets at the IANA Registry. &os; use X11-compatible locale encodings instead. I18N Applications In the FreeBSD Ports and Package system, I18N applications have been named with I18N in their names for easy identification. However, they do not always support the language needed. Setting Locale Usually it is sufficient to export the value of the locale name as LANG in the login shell. This could be done in the user's ~/.login_conf file or in the startup file of the user's shell (~/.profile, ~/.bashrc, ~/.cshrc). There is no need to set the locale subsets such as LC_CTYPE, LC_CTIME. Please refer to language-specific FreeBSD documentation for more information. You should set the following two environment variables in your configuration files: - POSIX - LANG for &posix; &man.setlocale.3; family + LANG for &posix;POSIX &man.setlocale.3; family functions - MIME - - MM_CHARSET for applications' MIME character + MM_CHARSET for applications' MIMEMIME character set This includes the user shell configuration, the specific application configuration, and the X11 configuration. Setting Locale Methods locale login class There are two methods for setting locale, and both are described below. The first (recommended one) is by assigning the environment variables in login class, and the second is by adding the environment variable assignments to the system's shell startup file. Login Classes Method This method allows environment variables needed for locale name and MIME character sets to be assigned once for every possible shell instead of adding specific shell assignments to each shell's startup file. User Level Setup can be done by an user himself and Administrator Level Setup require superuser privileges. User Level Setup Here is a minimal example of a .login_conf file in user's home directory which has both variables set for Latin-1 encoding: me:\ :charset=ISO-8859-1:\ :lang=de_DE.ISO8859-1: Traditional ChineseBIG-5 encoding Here is an example of a .login_conf that sets the variables for Traditional Chinese in BIG-5 encoding. Notice the many more variables set because some software does not respect locale variables correctly for Chinese, Japanese, and Korean. #Users who do not wish to use monetary units or time formats #of Taiwan can manually change each variable me:\ :lang=zh_TW.Big5:\ :lc_all=zh_TW.Big:\ :lc_collate=zh_TW.Big5:\ :lc_ctype=zh_TW.Big5:\ :lc_messages=zh_TW.Big5:\ :lc_monetary=zh_TW.Big5:\ :lc_numeric=zh_TW.Big5:\ :lc_time=zh_TW.Big5:\ :charset=big5:\ :xmodifiers="@im=xcin": #Setting the XIM Input Server See Administrator Level Setup and &man.login.conf.5; for more details. Administrator Level Setup Verify that the user's login class in /etc/login.conf sets the correct language. Make sure these settings appear in /etc/login.conf: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: So sticking with our previous example using Latin-1, it would look like this: german:German Users Accounts:\ :charset=ISO-8859-1:\ :lang=de_DE.ISO8859-1:\ :tc=default: Before changing users Login Classes execute the following command &prompt.root; cap_mkdb /etc/login.conf to make new configuration in /etc/login.conf visible to the system. Changing Login Classes with &man.vipw.8; vipw Use vipw to add new users, and make the entry look like this: user:password:1111:11:language:0:0:User Name:/home/user:/bin/sh Changing Login Classes with &man.adduser.8; adduser login class Use adduser to add new users, and do the following: Set defaultclass = language in /etc/adduser.conf. Keep in mind you must enter a default class for all users of other languages in this case. An alternative variant is answering the specified language each time that Enter login class: default []: appears from &man.adduser.8;. Another alternative is to use the following for each user of a different language that you wish to add: &prompt.root; adduser -class language Changing Login Classes with &man.pw.8; pw If you use &man.pw.8; for adding new users, call it in this form: &prompt.root; pw useradd user_name -L language Shell Startup File Method This method is not recommended because it requires a different setup for each possible shell program chosen. Use the Login Class Method instead. MIME locale To add the locale name and MIME character set, just set the two environment variables shown below in the /etc/profile and/or /etc/csh.login shell startup files. We will use the German language as an example below: In /etc/profile: LANG=de_DE.ISO8859-1; export LANG MM_CHARSET=ISO-8859-1; export MM_CHARSET Or in /etc/csh.login: setenv LANG de_DE.ISO8859-1 setenv MM_CHARSET ISO-8859-1 Alternatively, you can add the above instructions to /usr/share/skel/dot.profile (similar to what was used in /etc/profile above), or /usr/share/skel/dot.login (similar to what was used in /etc/csh.login above). For X11: In $HOME/.xinitrc: LANG=de_DE.ISO8859-1; export LANG Or: setenv LANG de_DE.ISO8859-1 Depending on your shell (see above). Console Setup For all single C chars character sets, set the correct console fonts in /etc/rc.conf for the language in question with: font8x16=font_name font8x14=font_name font8x8=font_name The font_name here is taken from the /usr/share/syscons/fonts directory, without the .fnt suffix. sysinstall keymap screenmap Also be sure to set the correct keymap and screenmap for your single C chars character set through sysinstall (/stand/sysinstall in &os; versions older than 5.2). Once inside sysinstall, choose Configure, then Console. Alternatively, you can add the following to /etc/rc.conf: scrnmap=screenmap_name keymap=keymap_name keychange="fkey_number sequence" The screenmap_name here is taken from the /usr/share/syscons/scrnmaps directory, without the .scm suffix. A screenmap with a corresponding mapped font is usually needed as a workaround for expanding bit 8 to bit 9 on a VGA adapter's font character matrix in pseudographics area, i.e., to move letters out of that area if screen font uses a bit 8 column. If you have the moused daemon enabled by setting the following in your /etc/rc.conf: moused_enable="YES" then examine the mouse cursor information in the next paragraph. moused By default the mouse cursor of the &man.syscons.4; driver occupies the 0xd0-0xd3 range in the character set. If your language uses this range, you need to move the cursor's range outside of it. To enable the workaround for &os;, add the following line to /etc/rc.conf: mousechar_start=3 The keymap_name here is taken from the /usr/share/syscons/keymaps directory, without the .kbd suffix. If you are uncertain which keymap to use, you use can &man.kbdmap.1; to test keymaps without rebooting. The keychange is usually needed to program function keys to match the selected terminal type because function key sequences cannot be defined in the key map. Also be sure to set the correct console terminal type in /etc/ttys for all ttyv* entries. Current pre-defined correspondences are: Character Set Terminal Type ISO8859-1 or ISO8859-15 cons25l1 ISO8859-2 cons25l2 ISO8859-7 cons25l7 KOI8-R cons25r KOI8-U cons25u CP437 (VGA default) cons25 US-ASCII cons25w For wide or multibyte characters languages, use the correct FreeBSD port in your /usr/ports/language directory. Some ports appear as console while the system sees it as serial vtty's, hence you must reserve enough vtty's for both X11 and the pseudo-serial console. Here is a partial list of applications for using other languages in console: Language Location Traditional Chinese (BIG-5) chinese/big5con Japanese japanese/kon2-16dot or japanese/mule-freewnn Korean korean/han X11 Setup Although X11 is not part of the FreeBSD Project, we have included some information here for FreeBSD users. For more details, refer to the &xorg; web site or whichever X11 Server you use. In ~/.Xresources, you can additionally tune application specific I18N settings (e.g., fonts, menus, etc.). Displaying Fonts X11 True Type font server Install &xorg; server (x11-servers/xorg-server) or &xfree86; server (x11-servers/XFree86-4-Server), then install the language &truetype; fonts. Setting the correct locale should allow you to view your selected language in menus and such. Inputting Non-English Characters X11 Input Method (XIM) The X11 Input Method (XIM) Protocol is a new standard for all X11 clients. All X11 applications should be written as XIM clients that take input from XIM Input servers. There are several XIM servers available for different languages. Printer Setup Some single C chars character sets are usually hardware coded into printers. Wide or multibyte character sets require special setup and we recommend using apsfilter. You may also convert the document to &postscript; or PDF formats using language specific converters. Kernel and File Systems The FreeBSD fast filesystem (FFS) is 8-bit clean, so it can be used with any single C chars character set (see &man.multibyte.3;), but there is no character set name stored in the filesystem; i.e., it is raw 8-bit and does not know anything about encoding order. Officially, FFS does not support any form of wide or multibyte character sets yet. However, some wide or multibyte character sets have independent patches for FFS enabling such support. They are only temporary unportable solutions or hacks and we have decided to not include them in the source tree. Refer to respective languages' web sites for more information and the patch files. DOS Unicode The FreeBSD &ms-dos; filesystem has the configurable ability to convert between &ms-dos;, Unicode character sets and chosen FreeBSD filesystem character sets. See &man.mount.msdos.8; for details. Compiling I18N Programs Many FreeBSD Ports have been ported with I18N support. Some of them are marked with -I18N in the port name. These and many other programs have built in support for I18N and need no special consideration. MySQL However, some applications such as MySQL need to be have the Makefile configured with the specific charset. This is usually done in the Makefile or done by passing a value to configure in the source. Localizing FreeBSD to Specific Languages Andrey Chernov Originally contributed by Russian Language (KOI8-R Encoding) localization Russian For more information about KOI8-R encoding, see the KOI8-R References (Russian Net Character Set). Locale Setup Put the following lines into your ~/.login_conf file: me:My Account:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R: See earlier in this chapter for examples of setting up the locale. Console Setup Add the following line to your /etc/rc.conf file: mousechar_start=3 Also, use following settings in /etc/rc.conf: keymap="ru.koi8-r" scrnmap="koi8-r2cp866" font8x16="cp866b-8x16" font8x14="cp866-8x14" font8x8="cp866-8x8" For each ttyv* entry in /etc/ttys, use cons25r as the terminal type. See earlier in this chapter for examples of setting up the console. Printer Setup printers Since most printers with Russian characters come with hardware code page CP866, a special output filter is needed to convert from KOI8-R to CP866. Such a filter is installed by default as /usr/libexec/lpr/ru/koi2alt. A Russian printer /etc/printcap entry should look like: lp|Russian local line printer:\ :sh:of=/usr/libexec/lpr/ru/koi2alt:\ :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs: See &man.printcap.5; for a detailed description. &ms-dos; FS and Russian Filenames The following example &man.fstab.5; entry enables support for Russian filenames in mounted &ms-dos; filesystems: /dev/ad0s2 /dos/c msdos rw,-Wkoi2dos,-Lru_RU.KOI8-R 0 0 The option selects the locale name used, and sets the character conversion table. To use the option, be sure to mount /usr before the &ms-dos; partition because the conversion tables are located in /usr/libdata/msdosfs. For more information, see the &man.mount.msdos.8; manual page. X11 Setup Do non-X locale setup first as described. If you use &xorg;, install x11-fonts/xorg-fonts-cyrillic package. Check the "Files" section in your /etc/X11/xorg.conf file. The following lines must be added before any other FontPath entries: FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/misc" FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/75dpi" FontPath "/usr/X11R6/lib/X11/fonts/cyrillic/100dpi" If you use a high resolution video mode, swap the 75 dpi and 100 dpi lines. To activate a Russian keyboard, add the following to the "Keyboard" section of your xorg.conf file. Option "XkbLayout" "us,ru" Option "XkbOptions" "grp:toggle" Also make sure that XkbDisable is turned off (commented out) there. For grp:caps_toggle the RUS/LAT switch will be CapsLock. The old CapsLock function is still available via ShiftCapsLock (in LAT mode only). For grp:toggle the RUS/LAT switch will be Right Alt. grp:caps_toggle does not work in &xorg; for unknown reason. If you have &windows; keys on your keyboard, and notice that some non-alphabetical keys are mapped incorrectly in RUS mode, add the following line in your xorg.conf file. Option "XkbVariant" ",winkeys" The Russian XKB keyboard may not work with non-localized applications. Minimally localized applications should call a XtSetLanguageProc (NULL, NULL, NULL); function early in the program. See KOI8-R for X Window for more instructions on localizing X11 applications. Traditional Chinese Localization for Taiwan localization Traditional Chinese The FreeBSD-Taiwan Project has an Chinese HOWTO for FreeBSD at using many Chinese ports. Current editor for the FreeBSD Chinese HOWTO is Shen Chuan-Hsing statue@freebsd.sinica.edu.tw. Chuan-Hsing Shen statue@freebsd.sinica.edu.tw has created the Chinese FreeBSD Collection (CFC) using FreeBSD-Taiwan's zh-L10N-tut. The packages and the script files are available at . German Language Localization (for All ISO 8859-1 Languages) localization German Slaven Rezic eserte@cs.tu-berlin.de wrote a tutorial how to use umlauts on a FreeBSD machine. The tutorial is written in German and available at . Japanese and Korean Language Localization localization Japanese localization Korean For Japanese, refer to , and for Korean, refer to . Non-English FreeBSD Documentation Some FreeBSD contributors have translated parts of FreeBSD to other languages. They are available through links on the main site or in /usr/share/doc. diff --git a/zh_TW.Big5/books/handbook/mail/chapter.xml b/zh_TW.Big5/books/handbook/mail/chapter.xml index 5d93615541..37966654b2 100644 --- a/zh_TW.Big5/books/handbook/mail/chapter.xml +++ b/zh_TW.Big5/books/handbook/mail/chapter.xml @@ -1,2300 +1,2299 @@ Bill Lloyd Original work by Jim Mock Rewritten by qll z email qllΪ̫U٪ emailA DO{ϥγ̼sxq覡@C DnЦpb &os; WwˡB ]w email AȡAHΦpb &os; oHF MӳoäO㪺ѦҤUA ڤW\hݦҶqnƶåΡAYAѲӸ`аѾ\ ѦҮyC ŪoAzNFѡJ dzn餸PoqllC FreeBSD sendmail 򥻳]wɦbC ݫHcPHcϧOC p spammer(Ulsy)DkBαzlA@ relay(o~I)C pwˡB]wL Mail Transfer Agent(MTA) ӨN sendmailC pBz`lADC pϥ UUCP Ӷi SMTPC p]wtΡAϨuoelC pbWҤAolC p]w SMTP ҡAH[jwʡC pwˡBϥ Mail User Agent(MUA) {Ap mutt ӦolC pq POP IMAP DhUlC pbH譱A۰ʮMζlLoC b}l\ŪoeAzݭnJ ]nA ()C ॿTlA]w DNS ()C DpzL port/package w˳n ()C ϥιqll POP IMAP DNS b email 洫L{ 5 ӥDnAOOGMUABMTAB DNSB ݩΥHcAM٦ lD C MUA { ]A@Ǥr{AO muttB pineBelmB and mailAH GUI {A O balsaB xfmail C ~A٦ O WWW sC oǵ{|lBz浹 lDAΪ̳zLIs MTA(Y)Ϊ̬OzL TCP ӶǻlC Mailhost Server Daemon mail server daemons sendmail mail server daemons postfix mail server daemons qmail mail server daemons exim &os; ships with sendmail by default, but also support numerous other mail server daemons, just some of which include: exim; postfix; qmail. The server daemon usually has two functions—it is responsible for receiving incoming mail as well as delivering outgoing mail. It is not responsible for the collection of mail using protocols such as POP or IMAP to read your email, nor does it allow connecting to local mbox or Maildir mailboxes. You may require an additional daemon for that. Older versions of sendmail have some serious security issues which may result in an attacker gaining local and/or remote access to your machine. Make sure that you are running a current version to avoid these problems. Optionally, install an alternative MTA from the &os; Ports Collection. Email and DNS The Domain Name System (DNS) and its daemon named play a large role in the delivery of email. In order to deliver mail from your site to another, the server daemon will look up the remote site in the DNS to determine the host that will receive mail for the destination. This process also occurs when mail is sent from a remote host to your mail server. MX record DNS is responsible for mapping hostnames to IP addresses, as well as for storing information specific to mail delivery, known as MX records. The MX (Mail eXchanger) record specifies which host, or hosts, will receive mail for a particular domain. If you do not have an MX record for your hostname or domain, the mail will be delivered directly to your host provided you have an A record pointing your hostname to your IP address. You may view the MX records for any domain by using the &man.host.1; command, as seen in the example below: &prompt.user; host -t mx FreeBSD.org FreeBSD.org mail is handled (pri=10) by mx1.FreeBSD.org Receiving Mail email receiving Receiving mail for your domain is done by the mail host. It will collect all mail sent to your domain and store it either in mbox (the default method for storing mail) or Maildir format, depending on your configuration. Once mail has been stored, it may either be read locally using applications such as &man.mail.1; or mutt, or remotely accessed and collected using protocols such as POP or IMAP. This means that should you only wish to read mail locally, you are not required to install a POP or IMAP server. Accessing remote mailboxes using <acronym>POP</acronym> and <acronym>IMAP</acronym> POP IMAP In order to access mailboxes remotely, you are required to have access to a POP or IMAP server. These protocols allow users to connect to their mailboxes from remote locations with ease. Though both POP and IMAP allow users to remotely access mailboxes, IMAP offers many advantages, some of which are: IMAP can store messages on a remote server as well as fetch them. IMAP supports concurrent updates. IMAP can be extremely useful over low-speed links as it allows users to fetch the structure of messages without downloading them; it can also perform tasks such as searching on the server in order to minimize data transfer between clients and servers. In order to install a POP or IMAP server, the following steps should be performed: Choose an IMAP or POP server that best suits your needs. The following POP and IMAP servers are well known and serve as some good examples: qpopper; teapop; imap-uw; courier-imap; Install the POP or IMAP daemon of your choosing from the ports collection. Where required, modify /etc/inetd.conf to load the POP or IMAP server. It should be noted that both POP and IMAP transmit information, including username and password credentials in clear-text. This means that if you wish to secure the transmission of information across these protocols, you should consider tunneling sessions over &man.ssh.1;. Tunneling sessions is described in . Accessing local mailboxes Mailboxes may be accessed locally by directly utilizing MUAs on the server on which the mailbox resides. This can be done using applications such as mutt or &man.mail.1;. The Mail Host mail host The mail host is the name given to a server that is responsible for delivering and receiving mail for your host, and possibly your network. Christopher Shumway Contributed by <application>sendmail</application> Configuration sendmail &man.sendmail.8; is the default Mail Transfer Agent (MTA) in FreeBSD. sendmail's job is to accept mail from Mail User Agents (MUA) and deliver it to the appropriate mailer as defined by its configuration file. sendmail can also accept network connections and deliver mail to local mailboxes or deliver it to another program. sendmail uses the following configuration files: /etc/mail/access /etc/mail/aliases /etc/mail/local-host-names /etc/mail/mailer.conf /etc/mail/mailertable /etc/mail/sendmail.cf /etc/mail/virtusertable Filename Function /etc/mail/access sendmail access database file /etc/mail/aliases Mailbox aliases /etc/mail/local-host-names Lists of hosts sendmail accepts mail for /etc/mail/mailer.conf Mailer program configuration /etc/mail/mailertable Mailer delivery table /etc/mail/sendmail.cf sendmail master configuration file /etc/mail/virtusertable Virtual users and domain tables <filename>/etc/mail/access</filename> The access database defines what host(s) or IP addresses have access to the local mail server and what kind of access they have. Hosts can be listed as , , or simply passed to sendmail's error handling routine with a given mailer error. Hosts that are listed as , which is the default, are allowed to send mail to this host as long as the mail's final destination is the local machine. Hosts that are listed as are rejected for all mail connections. Hosts that have the option for their hostname are allowed to send mail for any destination through this mail server. Configuring the <application>sendmail</application> Access Database cyberspammer.com 550 We do not accept mail from spammers FREE.STEALTH.MAILER@ 550 We do not accept mail from spammers another.source.of.spam REJECT okay.cyberspammer.com OK 128.32 RELAY In this example we have five entries. Mail senders that match the left hand side of the table are affected by the action on the right side of the table. The first two examples give an error code to sendmail's error handling routine. The message is printed to the remote host when a mail matches the left hand side of the table. The next entry rejects mail from a specific host on the Internet, another.source.of.spam. The next entry accepts mail connections from a host okay.cyberspammer.com, which is more exact than the cyberspammer.com line above. More specific matches override less exact matches. The last entry allows relaying of electronic mail from hosts with an IP address that begins with 128.32. These hosts would be able to send mail through this mail server that are destined for other mail servers. When this file is updated, you need to run make in /etc/mail/ to update the database. <filename>/etc/mail/aliases</filename> The aliases database contains a list of virtual mailboxes that are expanded to other user(s), files, programs or other aliases. Here are a few examples that can be used in /etc/mail/aliases: Mail Aliases root: localuser ftp-bugs: joe,eric,paul bit.bucket: /dev/null procmail: "|/usr/local/bin/procmail" The file format is simple; the mailbox name on the left side of the colon is expanded to the target(s) on the right. The first example simply expands the mailbox root to the mailbox localuser, which is then looked up again in the aliases database. If no match is found, then the message is delivered to the local user localuser. The next example shows a mail list. Mail to the mailbox ftp-bugs is expanded to the three local mailboxes joe, eric, and paul. Note that a remote mailbox could be specified as user@example.com. The next example shows writing mail to a file, in this case /dev/null. The last example shows sending mail to a program, in this case the mail message is written to the standard input of /usr/local/bin/procmail through a &unix; pipe. When this file is updated, you need to run make in /etc/mail/ to update the database. <filename>/etc/mail/local-host-names</filename> This is a list of hostnames &man.sendmail.8; is to accept as the local host name. Place any domains or hosts that sendmail is to be receiving mail for. For example, if this mail server was to accept mail for the domain example.com and the host mail.example.com, its local-host-names might look something like this: example.com mail.example.com When this file is updated, &man.sendmail.8; needs to be restarted to read the changes. <filename>/etc/mail/sendmail.cf</filename> sendmail's master configuration file, sendmail.cf controls the overall behavior of sendmail, including everything from rewriting e-mail addresses to printing rejection messages to remote mail servers. Naturally, with such a diverse role, this configuration file is quite complex and its details are a bit out of the scope of this section. Fortunately, this file rarely needs to be changed for standard mail servers. The master sendmail configuration file can be built from &man.m4.1; macros that define the features and behavior of sendmail. Please see /usr/src/contrib/sendmail/cf/README for some of the details. When changes to this file are made, sendmail needs to be restarted for the changes to take effect. <filename>/etc/mail/virtusertable</filename> The virtusertable maps mail addresses for virtual domains and mailboxes to real mailboxes. These mailboxes can be local, remote, aliases defined in /etc/mail/aliases or files. Example Virtual Domain Mail Map root@example.com root postmaster@example.com postmaster@noc.example.net @example.com joe In the above example, we have a mapping for a domain example.com. This file is processed in a first match order down the file. The first item maps root@example.com to the local mailbox root. The next entry maps postmaster@example.com to the mailbox postmaster on the host noc.example.net. Finally, if nothing from example.com has matched so far, it will match the last mapping, which matches every other mail message addressed to someone at example.com. This will be mapped to the local mailbox joe. Andrew Boothman Written by Gregory Neil Shapiro Information taken from e-mails written by Changing Your Mail Transfer Agent email change mta As already mentioned, FreeBSD comes with sendmail already installed as your MTA (Mail Transfer Agent). Therefore by default it is in charge of your outgoing and incoming mail. However, for a variety of reasons, some system administrators want to change their system's MTA. These reasons range from simply wanting to try out another MTA to needing a specific feature or package which relies on another mailer. Fortunately, whatever the reason, FreeBSD makes it easy to make the change. Install a New MTA You have a wide choice of MTAs available. A good starting point is the FreeBSD Ports Collection where you will be able to find many. Of course you are free to use any MTA you want from any location, as long as you can make it run under FreeBSD. Start by installing your new MTA. Once it is installed it gives you a chance to decide if it really fulfills your needs, and also gives you the opportunity to configure your new software before getting it to take over from sendmail. When doing this, you should be sure that installing the new software will not attempt to overwrite system binaries such as /usr/bin/sendmail. Otherwise, your new mail software has essentially been put into service before you have configured it. Please refer to your chosen MTA's documentation for information on how to configure the software you have chosen. Disable <application>sendmail</application> The procedure used to start sendmail changed significantly between 4.5-RELEASE, 4.6-RELEASE, and later releases. Therefore, the procedure used to disable it is subtly different. If you disable sendmail's outgoing mail service, it is important that you replace it with an alternative mail delivery system. If you choose not to, system functions such as &man.periodic.8; will be unable to deliver their results by e-mail as they would normally expect to. Many parts of your system may expect to have a functional sendmail-compatible system. If applications continue to use sendmail's binaries to try to send e-mail after you have disabled them, mail could go into an inactive sendmail queue, and never be delivered. FreeBSD 4.5-STABLE before 2002/4/4 and Earlier (Including 4.5-RELEASE and Earlier) Enter: sendmail_enable="NO" into /etc/rc.conf. This will disable sendmail's incoming mail service, but if /etc/mail/mailer.conf (see below) is not changed, sendmail will still be used to send e-mail. FreeBSD 4.5-STABLE after 2002/4/4 (Including 4.6-RELEASE and Later) In order to completely disable sendmail, including the outgoing mail service, you must use sendmail_enable="NONE" in /etc/rc.conf. If you only want to disable sendmail's incoming mail service, you should set sendmail_enable="NO" in /etc/rc.conf. However, if incoming mail is disabled, local delivery will still function. More information on sendmail's startup options is available from the &man.rc.sendmail.8; manual page. FreeBSD 5.0-STABLE and Later In order to completely disable sendmail, including the outgoing mail service, you must use sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" in /etc/rc.conf. If you only want to disable sendmail's incoming mail service, you should set sendmail_enable="NO" in /etc/rc.conf. More information on sendmail's startup options is available from the &man.rc.sendmail.8; manual page. Running Your New MTA on Boot You may have a choice of two methods for running your new MTA on boot, again depending on what version of FreeBSD you are running. FreeBSD 4.5-STABLE before 2002/4/11 (Including 4.5-RELEASE and Earlier) Add a script to /usr/local/etc/rc.d/ that ends in .sh and is executable by root. The script should accept start and stop parameters. At startup time the system scripts will execute the command /usr/local/etc/rc.d/supermailer.sh start which you can also use to manually start the server. At shutdown time, the system scripts will use the stop option, running the command /usr/local/etc/rc.d/supermailer.sh stop which you can also use to manually stop the server while the system is running. FreeBSD 4.5-STABLE after 2002/4/11 (Including 4.6-RELEASE and Later) With later versions of FreeBSD, you can use the above method or you can set mta_start_script="filename" in /etc/rc.conf, where filename is the name of some script that you want executed at boot to start your MTA. Replacing <application>sendmail</application> as the System's Default Mailer The program sendmail is so ubiquitous as standard software on &unix; systems that some software just assumes it is already installed and configured. For this reason, many alternative MTA's provide their own compatible implementations of the sendmail command-line interface; this facilitates using them as drop-in replacements for sendmail. Therefore, if you are using an alternative mailer, you will need to make sure that software trying to execute standard sendmail binaries such as /usr/bin/sendmail actually executes your chosen mailer instead. Fortunately, FreeBSD provides a system called &man.mailwrapper.8; that does this job for you. When sendmail is operating as installed, you will find something like the following in /etc/mail/mailer.conf: sendmail /usr/libexec/sendmail/sendmail send-mail /usr/libexec/sendmail/sendmail mailq /usr/libexec/sendmail/sendmail newaliases /usr/libexec/sendmail/sendmail hoststat /usr/libexec/sendmail/sendmail purgestat /usr/libexec/sendmail/sendmail This means that when any of these common commands (such as sendmail itself) are run, the system actually invokes a copy of mailwrapper named sendmail, which checks mailer.conf and executes /usr/libexec/sendmail/sendmail instead. This system makes it easy to change what binaries are actually executed when these default sendmail functions are invoked. Therefore if you wanted /usr/local/supermailer/bin/sendmail-compat to be run instead of sendmail, you could change /etc/mail/mailer.conf to read: sendmail /usr/local/supermailer/bin/sendmail-compat send-mail /usr/local/supermailer/bin/sendmail-compat mailq /usr/local/supermailer/bin/mailq-compat newaliases /usr/local/supermailer/bin/newaliases-compat hoststat /usr/local/supermailer/bin/hoststat-compat purgestat /usr/local/supermailer/bin/purgestat-compat Finishing Once you have everything configured the way you want it, you should either kill the sendmail processes that you no longer need and start the processes belonging to your new software, or simply reboot. Rebooting will also give you the opportunity to ensure that you have correctly configured your system to start your new MTA automatically on boot. Troubleshooting email troubleshooting Why do I have to use the FQDN for hosts on my site? You will probably find that the host is actually in a different domain; for example, if you are in foo.bar.edu and you wish to reach a host called mumble in the bar.edu domain, you will have to refer to it by the fully-qualified domain name, mumble.bar.edu, instead of just mumble. Traditionally, this was allowed by BSD BIND BIND resolvers. However the current version of BIND that ships with FreeBSD no longer provides default abbreviations for non-fully qualified domain names other than the domain you are in. So an unqualified host mumble must either be found as mumble.foo.bar.edu, or it will be searched for in the root domain. This is different from the previous behavior, where the search continued across mumble.bar.edu, and mumble.edu. Have a look at RFC 1535 for why this was considered bad practice, or even a security hole. As a good workaround, you can place the line: search foo.bar.edu bar.edu instead of the previous: domain foo.bar.edu into your /etc/resolv.conf. However, make sure that the search order does not go beyond the boundary between local and public administration, as RFC 1535 calls it. sendmail says mail loops back to myself This is answered in the sendmail FAQ as follows: I'm getting these error messages: 553 MX list for domain.net points back to relay.domain.net 554 <user@domain.net>... Local configuration error How can I solve this problem? You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific host (in this case, relay.domain.net) by using an MXMX record record, but the relay machine does not recognize itself as domain.net. Add domain.net to /etc/mail/local-host-names [known as /etc/sendmail.cw prior to version 8.10] (if you are using FEATURE(use_cw_file)) or add Cw domain.net to /etc/mail/sendmail.cf. The sendmail FAQ can be found at and is recommended reading if you want to do any tweaking of your mail setup. How can I run a mail server on a dial-up PPP PPP host? You want to connect a FreeBSD box on a LAN to the Internet. The FreeBSD box will be a mail gateway for the LAN. The PPP connection is non-dedicated. There are at least two ways to do this. One way is to use UUCPUUCP. Another way is to get a full-time Internet server to provide secondary MXMX record services for your domain. For example, if your company's domain is example.com and your Internet service provider has set example.net up to provide secondary MX services to your domain: example.com. MX 10 example.com. MX 20 example.net. Only one host should be specified as the final recipient (add Cw example.com in /etc/mail/sendmail.cf on example.com). When the sending sendmail is trying to deliver the mail it will try to connect to you (example.com) over the modem link. It will most likely time out because you are not online. The program sendmail will automatically deliver it to the secondary MX site, i.e. your Internet provider (example.net). The secondary MX site will then periodically try to connect to your host and deliver the mail to the primary MX host (example.com). You might want to use something like this as a login script: #!/bin/sh # Put me in /usr/local/bin/pppmyisp ( sleep 60 ; /usr/sbin/sendmail -q ) & /usr/sbin/ppp -direct pppmyisp If you are going to create a separate login script for a user you could use sendmail -qRexample.com instead in the script above. This will force all mail in your queue for example.com to be processed immediately. A further refinement of the situation is as follows: Message stolen from the &a.isp;. > we provide the secondary MX for a customer. The customer connects to > our services several times a day automatically to get the mails to > his primary MX (We do not call his site when a mail for his domains > arrived). Our sendmail sends the mailqueue every 30 minutes. At the > moment he has to stay 30 minutes online to be sure that all mail is > gone to the primary MX. > > Is there a command that would initiate sendmail to send all the mails > now? The user has not root-privileges on our machine of course. In the privacy flags section of sendmail.cf, there is a definition Opgoaway,restrictqrun Remove restrictqrun to allow non-root users to start the queue processing. You might also like to rearrange the MXs. We are the 1st MX for our customers like this, and we have defined: # If we are the best MX for a host, try directly instead of generating # local config error. OwTrue That way a remote site will deliver straight to you, without trying the customer connection. You then send to your customer. Only works for hosts, so you need to get your customer to name their mail machine customer.com as well as hostname.customer.com in the DNS. Just put an A record in the DNS for customer.com. Why do I keep getting Relaying Denied errors when sending mail from other hosts? In default FreeBSD installations, sendmail is configured to only send mail from the host it is running on. For example, if a POP server is available, then users will be able to check mail from school, work, or other remote locations but they still will not be able to send outgoing emails from outside locations. Typically, a few moments after the attempt, an email will be sent from MAILER-DAEMON with a 5.7 Relaying Denied error message. There are several ways to get around this. The most straightforward solution is to put your ISP's address in a relay-domains file at /etc/mail/relay-domains. A quick way to do this would be: &prompt.root; echo "your.isp.example.com" > /etc/mail/relay-domains After creating or editing this file you must restart sendmail. This works great if you are a server administrator and do not wish to send mail locally, or would like to use a point and click client/system on another machine or even another ISP. It is also very useful if you only have one or two email accounts set up. If there is a large number of addresses to add, you can simply open this file in your favorite text editor and then add the domains, one per line: your.isp.example.com other.isp.example.net users-isp.example.org www.example.org Now any mail sent through your system, by any host in this list (provided the user has an account on your system), will succeed. This is a very nice way to allow users to send mail from your system remotely without allowing people to send SPAM through your system. Advanced Topics The following section covers more involved topics such as mail configuration and setting up mail for your entire domain. Basic Configuration email configuration Out of the box, you should be able to send email to external hosts as long as you have set up /etc/resolv.conf or are running your own name server. If you would like to have mail for your host delivered to the MTA (e.g., sendmail) on your own FreeBSD host, there are two methods: Run your own name server and have your own domain. For example, FreeBSD.org Get mail delivered directly to your host. This is done by delivering mail directly to the current DNS name for your machine. For example, example.FreeBSD.org. SMTP Regardless of which of the above you choose, in order to have mail delivered directly to your host, it must have a permanent static IP address (not a dynamic address, as with most PPP dial-up configurations). If you are behind a firewall, it must pass SMTP traffic on to you. If you want to receive mail directly at your host, you need to be sure of either of two things: - MX record - Make sure that the (lowest-numbered) MX record in your DNS points to your + Make sure that the (lowest-numbered) MX recordMX record in your DNS points to your host's IP address. Make sure there is no MX entry in your DNS for your host. Either of the above will allow you to receive mail directly at your host. Try this: &prompt.root; hostname example.FreeBSD.org &prompt.root; host example.FreeBSD.org example.FreeBSD.org has address 204.216.27.XX If that is what you see, mail directly to yourlogin@example.FreeBSD.org should work without problems (assuming sendmail is running correctly on example.FreeBSD.org). If instead you see something like this: &prompt.root; host example.FreeBSD.org example.FreeBSD.org has address 204.216.27.XX example.FreeBSD.org mail is handled (pri=10) by hub.FreeBSD.org All mail sent to your host (example.FreeBSD.org) will end up being collected on hub under the same username instead of being sent directly to your host. The above information is handled by your DNS server. The DNS record that carries mail routing information is the Mail eXchange entry. If no MX record exists, mail will be delivered directly to the host by way of its IP address. The MX entry for freefall.FreeBSD.org at one time looked like this: freefall MX 30 mail.crl.net freefall MX 40 agora.rdrop.com freefall MX 10 freefall.FreeBSD.org freefall MX 20 who.cdrom.com As you can see, freefall had many MX entries. The lowest MX number is the host that receives mail directly if available; if it is not accessible for some reason, the others (sometimes called backup MXes) accept messages temporarily, and pass it along when a lower-numbered host becomes available, eventually to the lowest-numbered host. Alternate MX sites should have separate Internet connections from your own in order to be most useful. Your ISP or another friendly site should have no problem providing this service for you. Mail for Your Domain In order to set up a mailhost (a.k.a. mail server) you need to have any mail sent to various workstations directed to it. Basically, you want to claim any mail for any hostname in your domain (in this case *.FreeBSD.org) and divert it to your mail server so your users can receive their mail on the master mail server. DNS To make life easiest, a user account with the same username should exist on both machines. Use &man.adduser.8; to do this. The mailhost you will be using must be the designated mail exchanger for each workstation on the network. This is done in your DNS configuration like so: example.FreeBSD.org A 204.216.27.XX ; Workstation MX 10 hub.FreeBSD.org ; Mailhost This will redirect mail for the workstation to the mailhost no matter where the A record points. The mail is sent to the MX host. You cannot do this yourself unless you are running a DNS server. If you are not, or cannot run your own DNS server, talk to your ISP or whoever provides your DNS. If you are doing virtual email hosting, the following information will come in handy. For this example, we will assume you have a customer with his own domain, in this case customer1.org, and you want all the mail for customer1.org sent to your mailhost, mail.myhost.com. The entry in your DNS should look like this: customer1.org MX 10 mail.myhost.com You do not need an A record for customer1.org if you only want to handle email for that domain. Be aware that pinging customer1.org will not work unless an A record exists for it. The last thing that you must do is tell sendmail on your mailhost what domains and/or hostnames it should be accepting mail for. There are a few different ways this can be done. Either of the following will work: Add the hosts to your /etc/mail/local-host-names file if you are using the FEATURE(use_cw_file). If you are using a version of sendmail earlier than 8.10, the file is /etc/sendmail.cw. Add a Cwyour.host.com line to your /etc/sendmail.cf or /etc/mail/sendmail.cf if you are using sendmail 8.10 or higher. SMTP with UUCP The sendmail configuration that ships with FreeBSD is designed for sites that connect directly to the Internet. Sites that wish to exchange their mail via UUCP must install another sendmail configuration file. Tweaking /etc/mail/sendmail.cf manually is an advanced topic. sendmail version 8 generates config files via &man.m4.1; preprocessing, where the actual configuration occurs on a higher abstraction level. The &man.m4.1; configuration files can be found under /usr/share/sendmail/cf. The file README in the cf directory can serve as a basic introduction to &man.m4.1; configuration. The best way to support UUCP delivery is to use the mailertable feature. This creates a database that sendmail can use to make routing decisions. First, you have to create your .mc file. The directory /usr/share/sendmail/cf/cf contains a few examples. Assuming you have named your file foo.mc, all you need to do in order to convert it into a valid sendmail.cf is: &prompt.root; cd /etc/mail &prompt.root; make foo.cf &prompt.root; cp foo.cf /etc/mail/sendmail.cf A typical .mc file might look like: VERSIONID(`Your version number') OSTYPE(bsd4.4) FEATURE(accept_unresolvable_domains) FEATURE(nocanonify) FEATURE(mailertable, `hash -o /etc/mail/mailertable') define(`UUCP_RELAY', your.uucp.relay) define(`UUCP_MAX_SIZE', 200000) define(`confDONT_PROBE_INTERFACES') MAILER(local) MAILER(smtp) MAILER(uucp) Cw your.alias.host.name Cw youruucpnodename.UUCP The lines containing accept_unresolvable_domains, nocanonify, and confDONT_PROBE_INTERFACES features will prevent any usage of the DNS during mail delivery. The UUCP_RELAY clause is needed to support UUCP delivery. Simply put an Internet hostname there that is able to handle .UUCP pseudo-domain addresses; most likely, you will enter the mail relay of your ISP there. Once you have this, you need an /etc/mail/mailertable file. If you have only one link to the outside that is used for all your mails, the following file will suffice: # # makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable . uucp-dom:your.uucp.relay A more complex example might look like this: # # makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable # horus.interface-business.de uucp-dom:horus .interface-business.de uucp-dom:if-bus interface-business.de uucp-dom:if-bus .heep.sax.de smtp8:%1 horus.UUCP uucp-dom:horus if-bus.UUCP uucp-dom:if-bus . uucp-dom: The first three lines handle special cases where domain-addressed mail should not be sent out to the default route, but instead to some UUCP neighbor in order to shortcut the delivery path. The next line handles mail to the local Ethernet domain that can be delivered using SMTP. Finally, the UUCP neighbors are mentioned in the .UUCP pseudo-domain notation, to allow for a uucp-neighbor !recipient override of the default rules. The last line is always a single dot, matching everything else, with UUCP delivery to a UUCP neighbor that serves as your universal mail gateway to the world. All of the node names behind the uucp-dom: keyword must be valid UUCP neighbors, as you can verify using the command uuname. As a reminder that this file needs to be converted into a DBM database file before use. The command line to accomplish this is best placed as a comment at the top of the mailertable file. You always have to execute this command each time you change your mailertable file. Final hint: if you are uncertain whether some particular mail routing would work, remember the option to sendmail. It starts sendmail in address test mode; simply enter 3,0, followed by the address you wish to test for the mail routing. The last line tells you the used internal mail agent, the destination host this agent will be called with, and the (possibly translated) address. Leave this mode by typing CtrlD. &prompt.user; sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > 3,0 foo@example.com canonify input: foo @ example . com ... parse returns: $# uucp-dom $@ your.uucp.relay $: foo < @ example . com . > > ^D Bill Moran Contributed by Setting Up to Send Only There are many instances where you may only want to send mail through a relay. Some examples are: Your computer is a desktop machine, but you want to use programs such as &man.send-pr.1;. To do so, you should use your ISP's mail relay. The computer is a server that does not handle mail locally, but needs to pass off all mail to a relay for processing. Just about any MTA is capable of filling this particular niche. Unfortunately, it can be very difficult to properly configure a full-featured MTA just to handle offloading mail. Programs such as sendmail and postfix are largely overkill for this use. Additionally, if you are using a typical Internet access service, your agreement may forbid you from running a mail server. The easiest way to fulfill those needs is to install the mail/ssmtp port. Execute the following commands as root: &prompt.root; cd /usr/ports/mail/ssmtp &prompt.root; make install replace clean Once installed, mail/ssmtp can be configured with a four-line file located at /usr/local/etc/ssmtp/ssmtp.conf: root=yourrealemail@example.com mailhub=mail.example.com rewriteDomain=example.com hostname=_HOSTNAME_ Make sure you use your real email address for root. Enter your ISP's outgoing mail relay in place of mail.example.com (some ISPs call this the outgoing mail server or SMTP server). Make sure you disable sendmail, including the outgoing mail service. See for details. mail/ssmtp has some other options available. See the example configuration file in /usr/local/etc/ssmtp or the manual page of ssmtp for some examples and more information. Setting up ssmtp in this manner will allow any software on your computer that needs to send mail to function properly, while not violating your ISP's usage policy or allowing your computer to be hijacked for spamming. Using Mail with a Dialup Connection If you have a static IP address, you should not need to adjust anything from the defaults. Set your host name to your assigned Internet name and sendmail will do the rest. If you have a dynamically assigned IP number and use a dialup PPP connection to the Internet, you will probably have a mailbox on your ISPs mail server. Let's assume your ISP's domain is example.net, and that your user name is user, you have called your machine bsd.home, and your ISP has told you that you may use relay.example.net as a mail relay. In order to retrieve mail from your mailbox, you must install a retrieval agent. The fetchmail utility is a good choice as it supports many different protocols. This program is available as a package or from the Ports Collection (mail/fetchmail). Usually, your ISP will provide POP. If you are using user PPP, you can automatically fetch your mail when an Internet connection is established with the following entry in /etc/ppp/ppp.linkup: MYADDR: !bg su user -c fetchmail If you are using sendmail (as shown below) to deliver mail to non-local accounts, you probably want to have sendmail process your mailqueue as soon as your Internet connection is established. To do this, put this command after the fetchmail command in /etc/ppp/ppp.linkup: !bg su user -c "sendmail -q" Assume that you have an account for user on bsd.home. In the home directory of user on bsd.home, create a .fetchmailrc file: poll example.net protocol pop3 fetchall pass MySecret This file should not be readable by anyone except user as it contains the password MySecret. In order to send mail with the correct from: header, you must tell sendmail to use user@example.net rather than user@bsd.home. You may also wish to tell sendmail to send all mail via relay.example.net, allowing quicker mail transmission. The following .mc file should suffice: VERSIONID(`bsd.home.mc version 1.0') OSTYPE(bsd4.4)dnl FEATURE(nouucp)dnl MAILER(local)dnl MAILER(smtp)dnl Cwlocalhost Cwbsd.home MASQUERADE_AS(`example.net')dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_envelope)dnl FEATURE(nocanonify)dnl FEATURE(nodns)dnl define(`SMART_HOST', `relay.example.net') Dmbsd.home define(`confDOMAIN_NAME',`bsd.home')dnl define(`confDELIVERY_MODE',`deferred')dnl Refer to the previous section for details of how to turn this .mc file into a sendmail.cf file. Also, do not forget to restart sendmail after updating sendmail.cf. James Gorham Written by SMTP Authentication Having SMTP Authentication in place on your mail server has a number of benefits. SMTP Authentication can add another layer of security to sendmail, and has the benefit of giving mobile users who switch hosts the ability to use the same mail server without the need to reconfigure their mail client settings each time. Install security/cyrus-sasl2 from the ports. You can find this port in security/cyrus-sasl2. The security/cyrus-sasl2 port supports a number of compile-time options. For the SMTP Authentication method we will be using here, make sure that the option is not disabled. After installing security/cyrus-sasl2, edit /usr/local/lib/sasl2/Sendmail.conf (or create it if it does not exist) and add the following line: pwcheck_method: saslauthd Next, install security/cyrus-sasl2-saslauthd, edit /etc/rc.conf to add the following line: saslauthd_enable="YES" and finally start the saslauthd daemon: &prompt.root; /usr/local/etc/rc.d/saslauthd start This daemon serves as a broker for sendmail to authenticate against your FreeBSD passwd database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same. Now edit /etc/make.conf and add the following lines: SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 These lines will give sendmail the proper configuration options for linking to cyrus-sasl2 at compile time. Make sure that cyrus-sasl2 has been installed before recompiling sendmail. Recompile sendmail by executing the following commands: &prompt.root; cd /usr/src/lib/libsmutil &prompt.root; make cleandir && make obj && make &prompt.root; cd /usr/src/lib/libsm &prompt.root; make cleandir && make obj && make &prompt.root; cd /usr/src/usr.sbin/sendmail &prompt.root; make cleandir && make obj && make && make install The compile of sendmail should not have any problems if /usr/src has not been changed extensively and the shared libraries it needs are available. After sendmail has been compiled and reinstalled, edit your /etc/mail/freebsd.mc file (or whichever file you use as your .mc file. Many administrators choose to use the output from &man.hostname.1; as the .mc file for uniqueness). Add these lines to it: dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl These options configure the different methods available to sendmail for authenticating users. If you would like to use a method other than pwcheck, please see the included documentation. Finally, run &man.make.1; while in /etc/mail. That will run your new .mc file and create a .cf file named freebsd.cf (or whatever name you have used for your .mc file). Then use the command make install restart, which will copy the file to sendmail.cf, and will properly restart sendmail. For more information about this process, you should refer to /etc/mail/Makefile. If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the of sendmail to 13 and watch /var/log/maillog for any errors. For more information, please see the sendmail page regarding SMTP authentication. Marc Silver Contributed by Mail User Agents Mail User Agents A Mail User Agent (MUA) is an application that is used to send and receive email. Furthermore, as email evolves and becomes more complex, MUA's are becoming increasingly powerful in the way they interact with email; this gives users increased functionality and flexibility. &os; contains support for numerous mail user agents, all of which can be easily installed using the FreeBSD Ports Collection. Users may choose between graphical email clients such as evolution or balsa, console based clients such as mutt, pine or mail, or the web interfaces used by some large organizations. mail &man.mail.1; is the default Mail User Agent (MUA) in &os;. It is a console based MUA that offers all the basic functionality required to send and receive text-based email, though it is limited in interaction abilities with attachments and can only support local mailboxes. Although mail does not natively support interaction with POP or IMAP servers, these mailboxes may be downloaded to a local mbox file using an application such as fetchmail, which will be discussed later in this chapter (). In order to send and receive email, simply invoke the mail command as per the following example: &prompt.user; mail The contents of the user mailbox in /var/mail are automatically read by the mail utility. Should the mailbox be empty, the utility exits with a message indicating that no mails could be found. Once the mailbox has been read, the application interface is started, and a list of messages will be displayed. Messages are automatically numbered, as can be seen in the following example: Mail version 8.1 6/6/93. Type ? for help. "/var/mail/marcs": 3 messages 3 new >N 1 root@localhost Mon Mar 8 14:05 14/510 "test" N 2 root@localhost Mon Mar 8 14:05 14/509 "user account" N 3 root@localhost Mon Mar 8 14:05 14/509 "sample" Messages can now be read by using the t mail command, suffixed by the message number that should be displayed. In this example, we will read the first email: & t 1 Message 1: From root@localhost Mon Mar 8 14:05:52 2004 X-Original-To: marcs@localhost Delivered-To: marcs@localhost To: marcs@localhost Subject: test Date: Mon, 8 Mar 2004 14:05:52 +0200 (SAST) From: root@localhost (Charlie Root) This is a test message, please reply if you receive it. As can be seen in the example above, the t key will cause the message to be displayed with full headers. To display the list of messages again, the h key should be used. If the email requires a response, you may use mail to reply, by using either the R or r mail keys. The R key instructs mail to reply only to the sender of the email, while r replies not only to the sender, but also to other recipients of the message. You may also suffix these commands with the mail number which you would like make a reply to. Once this has been done, the response should be entered, and the end of the message should be marked by a single . on a new line. An example can be seen below: & R 1 To: root@localhost Subject: Re: test Thank you, I did get your email. . EOT In order to send new email, the m key should be used, followed by the recipient email address. Multiple recipients may also be specified by separating each address with the , delimiter. The subject of the message may then be entered, followed by the message contents. The end of the message should be specified by putting a single . on a new line. & mail root@localhost Subject: I mastered mail Now I can send and receive email using mail ... :) . EOT While inside the mail utility, the ? command may be used to display help at any time, the &man.mail.1; manual page should also be consulted for more help with mail. As previously mentioned, the &man.mail.1; command was not originally designed to handle attachments, and thus deals with them very poorly. Newer MUAs such as mutt handle attachments in a much more intelligent way. But should you still wish to use the mail command, the converters/mpack port may be of considerable use. mutt mutt is a small yet very powerful Mail User Agent, with excellent features, just some of which include: The ability to thread messages; PGP support for digital signing and encryption of email; MIME Support; Maildir Support; Highly customizable. All of these features help to make mutt one of the most advanced mail user agents available. See for more information on mutt. The stable version of mutt may be installed using the mail/mutt port, while the current development version may be installed via the mail/mutt-devel port. After the port has been installed, mutt can be started by issuing the following command: &prompt.user; mutt mutt will automatically read the contents of the user mailbox in /var/mail and display the contents if applicable. If no mails are found in the user mailbox, then mutt will wait for commands from the user. The example below shows mutt displaying a list of messages: In order to read an email, simply select it using the cursor keys, and press the Enter key. An example of mutt displaying email can be seen below: As with the &man.mail.1; command, mutt allows users to reply only to the sender of the message as well as to all recipients. To reply only to the sender of the email, use the r keyboard shortcut. To send a group reply, which will be sent to the original sender as well as all the message recipients, use the g shortcut. mutt makes use of the &man.vi.1; command as an editor for creating and replying to emails. This may be customized by the user by creating or editing their own .muttrc file in their home directory and setting the editor variable or by setting the EDITOR environment variable. See for more information about configuring mutt. In order to compose a new mail message, press m. After a valid subject has been given, mutt will start &man.vi.1; and the mail can be written. Once the contents of the mail are complete, save and quit from vi and mutt will resume, displaying a summary screen of the mail that is to be delivered. In order to send the mail, press y. An example of the summary screen can be seen below: mutt also contains extensive help, which can be accessed from most of the menus by pressing the ? key. The top line also displays the keyboard shortcuts where appropriate. pine pine is aimed at a beginner user, but also includes some advanced features. The pine software has had several remote vulnerabilities discovered in the past, which allowed remote attackers to execute arbitrary code as users on the local system, by the action of sending a specially-prepared email. All such known problems have been fixed, but the pine code is written in a very insecure style and the &os; Security Officer believes there are likely to be other undiscovered vulnerabilities. You install pine at your own risk. The current version of pine may be installed using the mail/pine4 port. Once the port has installed, pine can be started by issuing the following command: &prompt.user; pine The first time that pine is run it displays a greeting page with a brief introduction, as well as a request from the pine development team to send an anonymous email message allowing them to judge how many users are using their client. To send this anonymous message, press Enter, or alternatively press E to exit the greeting without sending an anonymous message. An example of the greeting page can be seen below: Users are then presented with the main menu, which can be easily navigated using the cursor keys. This main menu provides shortcuts for the composing new mails, browsing of mail directories, and even the administration of address book entries. Below the main menu, relevant keyboard shortcuts to perform functions specific to the task at hand are shown. The default directory opened by pine is the inbox. To view the message index, press I, or select the MESSAGE INDEX option as seen below: The message index shows messages in the current directory, and can be navigated by using the cursor keys. Highlighted messages can be read by pressing the Enter key. In the screenshot below, a sample message is displayed by pine. Keyboard shortcuts are displayed as a reference at the bottom of the screen. An example of one of these shortcuts is the r key, which tells the MUA to reply to the current message being displayed. Replying to an email in pine is done using the pico editor, which is installed by default with pine. The pico utility makes it easy to navigate around the message and is slightly more forgiving on novice users than &man.vi.1; or &man.mail.1;. Once the reply is complete, the message can be sent by pressing CtrlX . The pine application will ask for confirmation. The pine application can be customized using the SETUP option from the main menu. Consult for more information. Marc Silver Contributed by Using fetchmail fetchmail fetchmail is a full-featured IMAP and POP client which allows users to automatically download mail from remote IMAP and POP servers and save it into local mailboxes; there it can be accessed more easily. fetchmail can be installed using the mail/fetchmail port, and offers various features, some of which include: Support of POP3, APOP, KPOP, IMAP, ETRN and ODMR protocols. Ability to forward mail using SMTP, which allows filtering, forwarding, and aliasing to function normally. May be run in daemon mode to check periodically for new messages. Can retrieve multiple mailboxes and forward them based on configuration, to different local users. While it is outside the scope of this document to explain all of fetchmail's features, some basic features will be explained. The fetchmail utility requires a configuration file known as .fetchmailrc, in order to run correctly. This file includes server information as well as login credentials. Due to the sensitive nature of the contents of this file, it is advisable to make it readable only by the owner, with the following command: &prompt.user; chmod 600 .fetchmailrc The following .fetchmailrc serves as an example for downloading a single user mailbox using POP. It tells fetchmail to connect to example.com using a username of joesoap and a password of XXX. This example assumes that the user joesoap is also a user on the local system. poll example.com protocol pop3 username "joesoap" password "XXX" The next example connects to multiple POP and IMAP servers and redirects to different local usernames where applicable: poll example.com proto pop3: user "joesoap", with password "XXX", is "jsoap" here; user "andrea", with password "XXXX"; poll example2.net proto imap: user "john", with password "XXXXX", is "myth" here; The fetchmail utility can be run in daemon mode by running it with the flag, followed by the interval (in seconds) that fetchmail should poll servers listed in the .fetchmailrc file. The following example would cause fetchmail to poll every 600 seconds: &prompt.user; fetchmail -d 600 More information on fetchmail can be found at . Marc Silver Contributed by Using procmail procmail The procmail utility is an incredibly powerful application used to filter incoming mail. It allows users to define rules which can be matched to incoming mails to perform specific functions or to reroute mail to alternative mailboxes and/or email addresses. procmail can be installed using the mail/procmail port. Once installed, it can be directly integrated into most MTAs; consult your MTA documentation for more information. Alternatively, procmail can be integrated by adding the following line to a .forward in the home directory of the user utilizing procmail features: "|exec /usr/local/bin/procmail || exit 75" The following section will display some basic procmail rules, as well as brief descriptions on what they do. These rules, and others must be inserted into a .procmailrc file, which must reside in the user's home directory. The majority of these rules can also be found in the &man.procmailex.5; manual page. Forward all mail from user@example.com to an external address of goodmail@example2.com: :0 * ^From.*user@example.com ! goodmail@example2.com Forward all mails shorter than 1000 bytes to an external address of goodmail@example2.com: :0 * < 1000 ! goodmail@example2.com Send all mail sent to alternate@example.com into a mailbox called alternate: :0 * ^TOalternate@example.com alternate Send all mail with a subject of Spam to /dev/null: :0 ^Subject:.*Spam /dev/null A useful recipe that parses incoming &os;.org mailing lists and places each list in its own mailbox: :0 * ^Sender:.owner-freebsd-\/[^@]+@FreeBSD.ORG { LISTNAME=${MATCH} :0 * LISTNAME??^\/[^@]+ FreeBSD-${MATCH} } diff --git a/zh_TW.Big5/books/handbook/network-servers/chapter.xml b/zh_TW.Big5/books/handbook/network-servers/chapter.xml index 92a98f24de..5588e07fc1 100644 --- a/zh_TW.Big5/books/handbook/network-servers/chapter.xml +++ b/zh_TW.Big5/books/handbook/network-servers/chapter.xml @@ -1,5202 +1,5185 @@ Murray Stokely Reorganized by Network Servers z This chapter will cover some of the more frequently used network services on &unix; systems. We will cover how to install, configure, test, and maintain many different types of network services. Example configuration files are included throughout this chapter for you to benefit from. After reading this chapter, you will know: How to manage the inetd daemon. How to set up a network file system. How to set up a network information server for sharing user accounts. How to set up automatic network settings using DHCP. How to set up a domain name server. How to set up the Apache HTTP Server. How to set up a File Transfer Protocol (FTP) Server. How to set up a file and print server for &windows; clients using Samba. How to synchronize the time and date, and set up a time server, with the NTP protocol. Before reading this chapter, you should: Understand the basics of the /etc/rc scripts. Be familiar with basic network terminology. Know how to install additional third-party software (). Chern Lee Contributed by The <application>inetd</application> <quote>Super-Server</quote> Overview &man.inetd.8; is referred to as the Internet Super-Server because it manages connections for several services. When a connection is received by inetd, it determines which program the connection is destined for, spawns the particular process and delegates the socket to it (the program is invoked with the service socket as its standard input, output and error descriptors). Running one instance of inetd reduces the overall system load as compared to running each daemon individually in stand-alone mode. Primarily, inetd is used to spawn other daemons, but several trivial protocols are handled directly, such as chargen, auth, and daytime. This section will cover the basics in configuring inetd through its command-line options and its configuration file, /etc/inetd.conf. Settings inetd is initialized through the /etc/rc.conf system. The inetd_enable option is set to NO by default, but is often times turned on by sysinstall with the medium security profile. Placing: inetd_enable="YES" or inetd_enable="NO" into /etc/rc.conf can enable or disable inetd starting at boot time. Additionally, different command-line options can be passed to inetd via the inetd_flags option. Command-Line Options inetd synopsis: -d Turn on debugging. -l Turn on logging of successful connections. -w Turn on TCP Wrapping for external services (on by default). -W Turn on TCP Wrapping for internal services which are built into inetd (on by default). -c maximum Specify the default maximum number of simultaneous invocations of each service; the default is unlimited. May be overridden on a per-service basis with the parameter. -C rate Specify the default maximum number of times a service can be invoked from a single IP address in one minute; the default is unlimited. May be overridden on a per-service basis with the parameter. -R rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. A rate of 0 allows an unlimited number of invocations. -a Specify one specific IP address to bind to. Alternatively, a hostname can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when inetd is run inside a &man.jail.8;, in which case the hostname corresponds to the &man.jail.8; environment. When hostname specification is used and both IPv4 and IPv6 bindings are desired, one entry with the appropriate protocol type for each binding is required for each service in /etc/inetd.conf. For example, a TCP-based service would need two entries, one using tcp4 for the protocol and the other using tcp6. -p Specify an alternate file in which to store the process ID. These options can be passed to inetd using the inetd_flags option in /etc/rc.conf. By default, inetd_flags is set to -wW, which turns on TCP wrapping for inetd's internal and external services. For novice users, these parameters usually do not need to be modified or even entered in /etc/rc.conf. An external service is a daemon outside of inetd, which is invoked when a connection is received for it. On the other hand, an internal service is one that inetd has the facility of offering within itself. <filename>inetd.conf</filename> Configuration of inetd is controlled through the /etc/inetd.conf file. When a modification is made to /etc/inetd.conf, inetd can be forced to re-read its configuration file by sending a HangUP signal to the inetd process as shown: Sending <application>inetd</application> a HangUP Signal &prompt.root; kill -HUP `cat /var/run/inetd.pid` Each line of the configuration file specifies an individual daemon. Comments in the file are preceded by a #. The format of /etc/inetd.conf is as follows: service-name socket-type protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] user[:group][/login-class] server-program server-program-arguments An example entry for the ftpd daemon using IPv4: ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l service-name This is the service name of the particular daemon. It must correspond to a service listed in /etc/services. This determines which port inetd must listen to. If a new service is being created, it must be placed in /etc/services first. socket-type Either stream, dgram, raw, or seqpacket. stream must be used for connection-based, TCP daemons, while dgram is used for daemons utilizing the UDP transport protocol. protocol One of the following: Protocol Explanation tcp, tcp4 TCP IPv4 udp, udp4 UDP IPv4 tcp6 TCP IPv6 udp6 UDP IPv6 tcp46 Both TCP IPv4 and v6 udp46 Both UDP IPv4 and v6 {wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] indicates whether the daemon invoked from inetd is able to handle its own socket or not. socket types must use the option, while stream socket daemons, which are usually multi-threaded, should use . usually hands off multiple sockets to a single daemon, while spawns a child daemon for each new socket. The maximum number of child daemons inetd may spawn can be set using the option. If a limit of ten instances of a particular daemon is needed, a /10 would be placed after . In addition to , another option limiting the maximum connections from a single place to a particular daemon can be enabled. does just this. A value of ten here would limit any particular IP address connecting to a particular service to ten attempts per minute. This is useful to prevent intentional or unintentional resource consumption and Denial of Service (DoS) attacks to a machine. In this field, or is mandatory. and are optional. A stream-type multi-threaded daemon without any or limits would simply be: nowait. The same daemon with a maximum limit of ten daemons would read: nowait/10. Additionally, the same setup with a limit of twenty connections per IP address per minute and a maximum total limit of ten child daemons would read: nowait/10/20. These options are all utilized by the default settings of the fingerd daemon, as seen here: finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s user This is the username that the particular daemon should run as. Most commonly, daemons run as the root user. For security purposes, it is common to find some servers running as the daemon user, or the least privileged nobody user. server-program The full path of the daemon to be executed when a connection is received. If the daemon is a service provided by inetd internally, then should be used. server-program-arguments This works in conjunction with by specifying the arguments, starting with argv[0], passed to the daemon on invocation. If mydaemon -d is the command line, mydaemon -d would be the value of . Again, if the daemon is an internal service, use here. Security Depending on the security profile chosen at install, many of inetd's daemons may be enabled by default. If there is no apparent need for a particular daemon, disable it! Place a # in front of the daemon in question in /etc/inetd.conf, and then send a hangup signal to inetd. Some daemons, such as fingerd, may not be desired at all because they provide an attacker with too much information. Some daemons are not security-conscious and have long, or non-existent timeouts for connection attempts. This allows an attacker to slowly send connections to a particular daemon, thus saturating available resources. It may be a good idea to place and limitations on certain daemons. By default, TCP wrapping is turned on. Consult the &man.hosts.access.5; manual page for more information on placing TCP restrictions on various inetd invoked daemons. Miscellaneous daytime, time, echo, discard, chargen, and auth are all internally provided services of inetd. The auth service provides identity (ident, identd) network services, and is configurable to a certain degree. Consult the &man.inetd.8; manual page for more in-depth information. Tom Rhodes Reorganized and enhanced by Bill Swingle Written by Network File System (NFS) NFS Among the many different file systems that FreeBSD supports is the Network File System, also known as NFS. NFS allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files. Some of the most notable benefits that NFS can provide are: Local workstations use less disk space because commonly used data can be stored on a single machine and still remain accessible to others over the network. There is no need for users to have separate home directories on every network machine. Home directories could be set up on the NFS server and made available throughout the network. Storage devices such as floppy disks, CDROM drives, and &iomegazip; drives can be used by other machines on the network. This may reduce the number of removable media drives throughout the network. How <acronym>NFS</acronym> Works NFS consists of at least two main parts: a server and one or more clients. The client remotely accesses the data that is stored on the server machine. In order for this to function properly a few processes have to be configured and running. Under &os; 4.X, the portmap utility is used in place of the rpcbind utility. Thus, in &os; 4.X the user is required to replace every instance of rpcbind with portmap in the forthcoming examples. The server has to be running the following daemons: NFS server file server UNIX clients rpcbind portmap mountd nfsd Daemon Description nfsd The NFS daemon which services requests from the NFS clients. mountd The NFS mount daemon which carries out the requests that &man.nfsd.8; passes on to it. rpcbind This daemon allows NFS clients to discover which port the NFS server is using. The client can also run a daemon, known as nfsiod. The nfsiod daemon services the requests from the NFS server. This is optional, and improves performance, but is not required for normal and correct operation. See the &man.nfsiod.8; manual page for more information. Configuring <acronym>NFS</acronym> NFS configuration NFS configuration is a relatively straightforward process. The processes that need to be running can all start at boot time with a few modifications to your /etc/rc.conf file. On the NFS server, make sure that the following options are configured in the /etc/rc.conf file: rpcbind_enable="YES" nfs_server_enable="YES" mountd_flags="-r" mountd runs automatically whenever the NFS server is enabled. On the client, make sure this option is present in /etc/rc.conf: nfs_client_enable="YES" The /etc/exports file specifies which file systems NFS should export (sometimes referred to as share). Each line in /etc/exports specifies a file system to be exported and which machines have access to that file system. Along with what machines have access to that file system, access options may also be specified. There are many such options that can be used in this file but only a few will be mentioned here. You can easily discover other options by reading over the &man.exports.5; manual page. Here are a few example /etc/exports entries: NFS export examples The following examples give an idea of how to export file systems, although the settings may be different depending on your environment and network configuration. For instance, to export the /cdrom directory to three example machines that have the same domain name as the server (hence the lack of a domain name for each) or have entries in your /etc/hosts file. The flag makes the exported file system read-only. With this flag, the remote system will not be able to write any changes to the exported file system. /cdrom -ro host1 host2 host3 The following line exports /home to three hosts by IP address. This is a useful setup if you have a private network without a DNS server configured. Optionally the /etc/hosts file could be configured for internal hostnames; please review &man.hosts.5; for more information. The flag allows the subdirectories to be mount points. In other words, it will not mount the subdirectories but permit the client to mount only the directories that are required or needed. /home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4 The following line exports /a so that two clients from different domains may access the file system. The flag allows the root user on the remote system to write data on the exported file system as root. If the -maproot=root flag is not specified, then even if a user has root access on the remote system, he will not be able to modify files on the exported file system. /a -maproot=root host.example.com box.example.org In order for a client to access an exported file system, the client must have permission to do so. Make sure the client is listed in your /etc/exports file. In /etc/exports, each line represents the export information for one file system to one host. A remote host can only be specified once per file system, and may only have one default entry. For example, assume that /usr is a single file system. The following /etc/exports would be invalid: # Invalid when /usr is one file system /usr/src client /usr/ports client One file system, /usr, has two lines specifying exports to the same host, client. The correct format for this situation is: /usr/src /usr/ports client The properties of one file system exported to a given host must all occur on one line. Lines without a client specified are treated as a single host. This limits how you can export file systems, but for most people this is not an issue. The following is an example of a valid export list, where /usr and /exports are local file systems: # Export src and ports to client01 and client02, but only # client01 has root privileges on it /usr/src /usr/ports -maproot=root client01 /usr/src /usr/ports client02 # The client machines have root and can mount anywhere # on /exports. Anyone in the world can mount /exports/obj read-only /exports -alldirs -maproot=root client01 client02 /exports/obj -ro You must restart mountd whenever you modify /etc/exports so the changes can take effect. This can be accomplished by sending the HUP signal to the mountd process: &prompt.root; kill -HUP `cat /var/run/mountd.pid` Alternatively, a reboot will make FreeBSD set everything up properly. A reboot is not necessary though. Executing the following commands as root should start everything up. On the NFS server: &prompt.root; rpcbind &prompt.root; nfsd -u -t -n 4 &prompt.root; mountd -r On the NFS client: &prompt.root; nfsiod -n 4 Now everything should be ready to actually mount a remote file system. In these examples the server's name will be server and the client's name will be client. If you only want to temporarily mount a remote file system or would rather test the configuration, just execute a command like this as root on the client: NFS mounting &prompt.root; mount server:/home /mnt This will mount the /home directory on the server at /mnt on the client. If everything is set up correctly you should be able to enter /mnt on the client and see all the files that are on the server. If you want to automatically mount a remote file system each time the computer boots, add the file system to the /etc/fstab file. Here is an example: server:/home /mnt nfs rw 0 0 The &man.fstab.5; manual page lists all the available options. Practical Uses NFS has many practical uses. Some of the more common ones are listed below: NFS uses Set several machines to share a CDROM or other media among them. This is cheaper and often a more convenient method to install software on multiple machines. On large networks, it might be more convenient to configure a central NFS server in which to store all the user home directories. These home directories can then be exported to the network so that users would always have the same home directory, regardless of which workstation they log in to. Several machines could have a common /usr/ports/distfiles directory. That way, when you need to install a port on several machines, you can quickly access the source without downloading it on each machine. Wylie Stilwell Contributed by Chern Lee Rewritten by Automatic Mounts with <application>amd</application> amd automatic mounter daemon &man.amd.8; (the automatic mounter daemon) automatically mounts a remote file system whenever a file or directory within that file system is accessed. Filesystems that are inactive for a period of time will also be automatically unmounted by amd. Using amd provides a simple alternative to permanent mounts, as permanent mounts are usually listed in /etc/fstab. amd operates by attaching itself as an NFS server to the /host and /net directories. When a file is accessed within one of these directories, amd looks up the corresponding remote mount and automatically mounts it. /net is used to mount an exported file system from an IP address, while /host is used to mount an export from a remote hostname. An access to a file within /host/foobar/usr would tell amd to attempt to mount the /usr export on the host foobar. Mounting an Export with <application>amd</application> You can view the available mounts of a remote host with the showmount command. For example, to view the mounts of a host named foobar, you can use: &prompt.user; showmount -e foobar Exports list on foobar: /usr 10.10.10.0 /a 10.10.10.0 &prompt.user; cd /host/foobar/usr As seen in the example, the showmount shows /usr as an export. When changing directories to /host/foobar/usr, amd attempts to resolve the hostname foobar and automatically mount the desired export. amd can be started by the startup scripts by placing the following lines in /etc/rc.conf: amd_enable="YES" Additionally, custom flags can be passed to amd from the amd_flags option. By default, amd_flags is set to: amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" The /etc/amd.map file defines the default options that exports are mounted with. The /etc/amd.conf file defines some of the more advanced features of amd. Consult the &man.amd.8; and &man.amd.conf.5; manual pages for more information. John Lind Contributed by Problems Integrating with Other Systems Certain Ethernet adapters for ISA PC systems have limitations which can lead to serious network problems, particularly with NFS. This difficulty is not specific to FreeBSD, but FreeBSD systems are affected by it. The problem nearly always occurs when (FreeBSD) PC systems are networked with high-performance workstations, such as those made by Silicon Graphics, Inc., and Sun Microsystems, Inc. The NFS mount will work fine, and some operations may succeed, but suddenly the server will seem to become unresponsive to the client, even though requests to and from other systems continue to be processed. This happens to the client system, whether the client is the FreeBSD system or the workstation. On many systems, there is no way to shut down the client gracefully once this problem has manifested itself. The only solution is often to reset the client, because the NFS situation cannot be resolved. Though the correct solution is to get a higher performance and capacity Ethernet adapter for the FreeBSD system, there is a simple workaround that will allow satisfactory operation. If the FreeBSD system is the server, include the option on the mount from the client. If the FreeBSD system is the client, then mount the NFS file system with the option . These options may be specified using the fourth field of the fstab entry on the client for automatic mounts, or by using the parameter of the &man.mount.8; command for manual mounts. It should be noted that there is a different problem, sometimes mistaken for this one, when the NFS servers and clients are on different networks. If that is the case, make certain that your routers are routing the necessary UDP information, or you will not get anywhere, no matter what else you are doing. In the following examples, fastws is the host (interface) name of a high-performance workstation, and freebox is the host (interface) name of a FreeBSD system with a lower-performance Ethernet adapter. Also, /sharedfs will be the exported NFS file system (see &man.exports.5;), and /project will be the mount point on the client for the exported file system. In all cases, note that additional options, such as or and may be desirable in your application. Examples for the FreeBSD system (freebox) as the client in /etc/fstab on freebox: fastws:/sharedfs /project nfs rw,-r=1024 0 0 As a manual mount command on freebox: &prompt.root; mount -t nfs -o -r=1024 fastws:/sharedfs /project Examples for the FreeBSD system as the server in /etc/fstab on fastws: freebox:/sharedfs /project nfs rw,-w=1024 0 0 As a manual mount command on fastws: &prompt.root; mount -t nfs -o -w=1024 freebox:/sharedfs /project Nearly any 16-bit Ethernet adapter will allow operation without the above restrictions on the read or write size. For anyone who cares, here is what happens when the failure occurs, which also explains why it is unrecoverable. NFS typically works with a block size of 8 K (though it may do fragments of smaller sizes). Since the maximum Ethernet packet is around 1500 bytes, the NFS block gets split into multiple Ethernet packets, even though it is still a single unit to the upper-level code, and must be received, assembled, and acknowledged as a unit. The high-performance workstations can pump out the packets which comprise the NFS unit one right after the other, just as close together as the standard allows. On the smaller, lower capacity cards, the later packets overrun the earlier packets of the same unit before they can be transferred to the host and the unit as a whole cannot be reconstructed or acknowledged. As a result, the workstation will time out and try again, but it will try again with the entire 8 K unit, and the process will be repeated, ad infinitum. By keeping the unit size below the Ethernet packet size limitation, we ensure that any complete Ethernet packet received can be acknowledged individually, avoiding the deadlock situation. Overruns may still occur when a high-performance workstations is slamming data out to a PC system, but with the better cards, such overruns are not guaranteed on NFS units. When an overrun occurs, the units affected will be retransmitted, and there will be a fair chance that they will be received, assembled, and acknowledged. Bill Swingle Written by Eric Ogren Enhanced by Udo Erdelhoff Network Information System (NIS/YP) What Is It? NIS Solaris HP-UX AIX Linux NetBSD OpenBSD NIS, which stands for Network Information Services, was developed by Sun Microsystems to centralize administration of &unix; (originally &sunos;) systems. It has now essentially become an industry standard; all major &unix; like systems (&solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, FreeBSD, etc) support NIS. yellow pagesNIS NIS was formerly known as Yellow Pages, but because of trademark issues, Sun changed the name. The old term (and yp) is still often seen and used. NIS domains It is a RPC-based client/server system that allows a group of machines within an NIS domain to share a common set of configuration files. This permits a system administrator to set up NIS client systems with only minimal configuration data and add, remove or modify configuration data from a single location. Windows NT It is similar to the &windowsnt; domain system; although the internal implementation of the two are not at all similar, the basic functionality can be compared. Terms/Processes You Should Know There are several terms and several important user processes that you will come across when attempting to implement NIS on FreeBSD, whether you are trying to create an NIS server or act as an NIS client: rpcbind portmap Term Description NIS domainname An NIS master server and all of its clients (including its slave servers) have a NIS domainname. Similar to an &windowsnt; domain name, the NIS domainname does not have anything to do with DNS. rpcbind Must be running in order to enable RPC (Remote Procedure Call, a network protocol used by NIS). If rpcbind is not running, it will be impossible to run an NIS server, or to act as an NIS client (Under &os; 4.X portmap is used in place of rpcbind). ypbind Binds an NIS client to its NIS server. It will take the NIS domainname from the system, and using RPC, connect to the server. ypbind is the core of client-server communication in an NIS environment; if ypbind dies on a client machine, it will not be able to access the NIS server. ypserv Should only be running on NIS servers; this is the NIS server process itself. If &man.ypserv.8; dies, then the server will no longer be able to respond to NIS requests (hopefully, there is a slave server to take over for it). There are some implementations of NIS (but not the FreeBSD one), that do not try to reconnect to another server if the server it used before dies. Often, the only thing that helps in this case is to restart the server process (or even the whole server) or the ypbind process on the client. rpc.yppasswdd Another process that should only be running on NIS master servers; this is a daemon that will allow NIS clients to change their NIS passwords. If this daemon is not running, users will have to login to the NIS master server and change their passwords there. How Does It Work? There are three types of hosts in an NIS environment: master servers, slave servers, and clients. Servers act as a central repository for host configuration information. Master servers hold the authoritative copy of this information, while slave servers mirror this information for redundancy. Clients rely on the servers to provide this information to them. Information in many files can be shared in this manner. The master.passwd, group, and hosts files are commonly shared via NIS. Whenever a process on a client needs information that would normally be found in these files locally, it makes a query to the NIS server that it is bound to instead. Machine Types - - NIS - master server - - A NIS master server. This + A NIS master serverNISmaster server. This server, analogous to a &windowsnt; primary domain controller, maintains the files used by all of the NIS clients. The passwd, group, and other various files used by the NIS clients live on the master server. It is possible for one machine to be an NIS master server for more than one NIS domain. However, this will not be covered in this introduction, which assumes a relatively small-scale NIS environment. - - NIS - slave server - - - NIS slave servers. Similar to + NIS slave serversNISslave server. Similar to the &windowsnt; backup domain controllers, NIS slave servers maintain copies of the NIS master's data files. NIS slave servers provide the redundancy, which is needed in important environments. They also help to balance the load of the master server: NIS Clients always attach to the NIS server whose response they get first, and this includes slave-server-replies. - - NIS - client - - - NIS clients. NIS clients, like + NIS clientsNISclient. NIS clients, like most &windowsnt; workstations, authenticate against the NIS server (or the &windowsnt; domain controller in the &windowsnt; workstations case) to log on. Using NIS/YP This section will deal with setting up a sample NIS environment. This section assumes that you are running FreeBSD 3.3 or later. The instructions given here will probably work for any version of FreeBSD greater than 3.0, but there are no guarantees that this is true. Planning Let us assume that you are the administrator of a small university lab. This lab, which consists of 15 FreeBSD machines, currently has no centralized point of administration; each machine has its own /etc/passwd and /etc/master.passwd. These files are kept in sync with each other only through manual intervention; currently, when you add a user to the lab, you must run adduser on all 15 machines. Clearly, this has to change, so you have decided to convert the lab to use NIS, using two of the machines as servers. Therefore, the configuration of the lab now looks something like: Machine name IP address Machine role ellington 10.0.0.2 NIS master coltrane 10.0.0.3 NIS slave basie 10.0.0.4 Faculty workstation bird 10.0.0.5 Client machine cli[1-11] 10.0.0.[6-17] Other client machines If you are setting up a NIS scheme for the first time, it is a good idea to think through how you want to go about it. No matter what the size of your network, there are a few decisions that need to be made. Choosing a NIS Domain Name NIS domainname This might not be the domainname that you are used to. It is more accurately called the NIS domainname. When a client broadcasts its requests for info, it includes the name of the NIS domain that it is part of. This is how multiple servers on one network can tell which server should answer which request. Think of the NIS domainname as the name for a group of hosts that are related in some way. Some organizations choose to use their Internet domainname for their NIS domainname. This is not recommended as it can cause confusion when trying to debug network problems. The NIS domainname should be unique within your network and it is helpful if it describes the group of machines it represents. For example, the Art department at Acme Inc. might be in the acme-art NIS domain. For this example, assume you have chosen the name test-domain. SunOS However, some operating systems (notably &sunos;) use their NIS domain name as their Internet domain name. If one or more machines on your network have this restriction, you must use the Internet domain name as your NIS domain name. Physical Server Requirements There are several things to keep in mind when choosing a machine to use as a NIS server. One of the unfortunate things about NIS is the level of dependency the clients have on the server. If a client cannot contact the server for its NIS domain, very often the machine becomes unusable. The lack of user and group information causes most systems to temporarily freeze up. With this in mind you should make sure to choose a machine that will not be prone to being rebooted regularly, or one that might be used for development. The NIS server should ideally be a stand alone machine whose sole purpose in life is to be an NIS server. If you have a network that is not very heavily used, it is acceptable to put the NIS server on a machine running other services, just keep in mind that if the NIS server becomes unavailable, it will affect all of your NIS clients adversely. NIS Servers The canonical copies of all NIS information are stored on a single machine called the NIS master server. The databases used to store the information are called NIS maps. In FreeBSD, these maps are stored in /var/yp/[domainname] where [domainname] is the name of the NIS domain being served. A single NIS server can support several domains at once, therefore it is possible to have several such directories, one for each supported domain. Each domain will have its own independent set of maps. NIS master and slave servers handle all NIS requests with the ypserv daemon. ypserv is responsible for receiving incoming requests from NIS clients, translating the requested domain and map name to a path to the corresponding database file and transmitting data from the database back to the client. Setting Up a NIS Master Server NIS server configuration Setting up a master NIS server can be relatively straight forward, depending on your needs. FreeBSD comes with support for NIS out-of-the-box. All you need is to add the following lines to /etc/rc.conf, and FreeBSD will do the rest for you. nisdomainname="test-domain" This line will set the NIS domainname to test-domain upon network setup (e.g. after reboot). nis_server_enable="YES" This will tell FreeBSD to start up the NIS server processes when the networking is next brought up. nis_yppasswdd_enable="YES" This will enable the rpc.yppasswdd daemon which, as mentioned above, will allow users to change their NIS password from a client machine. Depending on your NIS setup, you may need to add further entries. See the section about NIS servers that are also NIS clients, below, for details. Now, all you have to do is to run the command /etc/netstart as superuser. It will set up everything for you, using the values you defined in /etc/rc.conf. Initializing the NIS Maps NIS maps The NIS maps are database files, that are kept in the /var/yp directory. They are generated from configuration files in the /etc directory of the NIS master, with one exception: the /etc/master.passwd file. This is for a good reason, you do not want to propagate passwords to your root and other administrative accounts to all the servers in the NIS domain. Therefore, before we initialize the NIS maps, you should: &prompt.root; cp /etc/master.passwd /var/yp/master.passwd &prompt.root; cd /var/yp &prompt.root; vi master.passwd You should remove all entries regarding system accounts (bin, tty, kmem, games, etc), as well as any accounts that you do not want to be propagated to the NIS clients (for example root and any other UID 0 (superuser) accounts). Make sure the /var/yp/master.passwd is neither group nor world readable (mode 600)! Use the chmod command, if appropriate. Tru64 UNIX When you have finished, it is time to initialize the NIS maps! FreeBSD includes a script named ypinit to do this for you (see its manual page for more information). Note that this script is available on most &unix; Operating Systems, but not on all. On Digital UNIX/Compaq Tru64 UNIX it is called ypsetup. Because we are generating maps for an NIS master, we are going to pass the option to ypinit. To generate the NIS maps, assuming you already performed the steps above, run: ellington&prompt.root; ypinit -m test-domain Server Type: MASTER Domain: test-domain Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] n Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. At this point, we have to construct a list of this domains YP servers. rod.darktech.org is already known as master server. Please continue to add any slave servers, one per line. When you are done with the list, type a <control D>. master server : ellington next host to add: coltrane next host to add: ^D The current list of NIS servers looks like this: ellington coltrane Is this correct? [y/n: y] y [..output from map generation..] NIS Map update completed. ellington has been setup as an YP master server without any errors. ypinit should have created /var/yp/Makefile from /var/yp/Makefile.dist. When created, this file assumes that you are operating in a single server NIS environment with only FreeBSD machines. Since test-domain has a slave server as well, you must edit /var/yp/Makefile: ellington&prompt.root; vi /var/yp/Makefile You should comment out the line that says NOPUSH = "True" (if it is not commented out already). Setting up a NIS Slave Server NIS slave server Setting up an NIS slave server is even more simple than setting up the master. Log on to the slave server and edit the file /etc/rc.conf as you did before. The only difference is that we now must use the option when running ypinit. The option requires the name of the NIS master be passed to it as well, so our command line looks like: coltrane&prompt.root; ypinit -s ellington test-domain Server Type: SLAVE Domain: test-domain Master: ellington Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. Do you want this procedure to quit on non-fatal errors? [y/n: n] n Ok, please remember to go back and redo manually whatever fails. If you don't, something might not work. There will be no further questions. The remainder of the procedure should take a few minutes, to copy the databases from ellington. Transferring netgroup... ypxfr: Exiting: Map successfully transferred Transferring netgroup.byuser... ypxfr: Exiting: Map successfully transferred Transferring netgroup.byhost... ypxfr: Exiting: Map successfully transferred Transferring master.passwd.byuid... ypxfr: Exiting: Map successfully transferred Transferring passwd.byuid... ypxfr: Exiting: Map successfully transferred Transferring passwd.byname... ypxfr: Exiting: Map successfully transferred Transferring group.bygid... ypxfr: Exiting: Map successfully transferred Transferring group.byname... ypxfr: Exiting: Map successfully transferred Transferring services.byname... ypxfr: Exiting: Map successfully transferred Transferring rpc.bynumber... ypxfr: Exiting: Map successfully transferred Transferring rpc.byname... ypxfr: Exiting: Map successfully transferred Transferring protocols.byname... ypxfr: Exiting: Map successfully transferred Transferring master.passwd.byname... ypxfr: Exiting: Map successfully transferred Transferring networks.byname... ypxfr: Exiting: Map successfully transferred Transferring networks.byaddr... ypxfr: Exiting: Map successfully transferred Transferring netid.byname... ypxfr: Exiting: Map successfully transferred Transferring hosts.byaddr... ypxfr: Exiting: Map successfully transferred Transferring protocols.bynumber... ypxfr: Exiting: Map successfully transferred Transferring ypservers... ypxfr: Exiting: Map successfully transferred Transferring hosts.byname... ypxfr: Exiting: Map successfully transferred coltrane has been setup as an YP slave server without any errors. Don't forget to update map ypservers on ellington. You should now have a directory called /var/yp/test-domain. Copies of the NIS master server's maps should be in this directory. You will need to make sure that these stay updated. The following /etc/crontab entries on your slave servers should do the job: 20 * * * * root /usr/libexec/ypxfr passwd.byname 21 * * * * root /usr/libexec/ypxfr passwd.byuid These two lines force the slave to sync its maps with the maps on the master server. Although these entries are not mandatory, since the master server attempts to ensure any changes to its NIS maps are communicated to its slaves and because password information is vital to systems depending on the server, it is a good idea to force the updates. This is more important on busy networks where map updates might not always complete. Now, run the command /etc/netstart on the slave server as well, which again starts the NIS server. NIS Clients An NIS client establishes what is called a binding to a particular NIS server using the ypbind daemon. ypbind checks the system's default domain (as set by the domainname command), and begins broadcasting RPC requests on the local network. These requests specify the name of the domain for which ypbind is attempting to establish a binding. If a server that has been configured to serve the requested domain receives one of the broadcasts, it will respond to ypbind, which will record the server's address. If there are several servers available (a master and several slaves, for example), ypbind will use the address of the first one to respond. From that point on, the client system will direct all of its NIS requests to that server. ypbind will occasionally ping the server to make sure it is still up and running. If it fails to receive a reply to one of its pings within a reasonable amount of time, ypbind will mark the domain as unbound and begin broadcasting again in the hopes of locating another server. Setting Up a NIS Client NIS client configuration Setting up a FreeBSD machine to be a NIS client is fairly straightforward. Edit the file /etc/rc.conf and add the following lines in order to set the NIS domainname and start ypbind upon network startup: nisdomainname="test-domain" nis_client_enable="YES" To import all possible password entries from the NIS server, remove all user accounts from your /etc/master.passwd file and use vipw to add the following line to the end of the file: +::::::::: This line will afford anyone with a valid account in the NIS server's password maps an account. There are many ways to configure your NIS client by changing this line. See the netgroups section below for more information. For more detailed reading see O'Reilly's book on Managing NFS and NIS. You should keep at least one local account (i.e. not imported via NIS) in your /etc/master.passwd and this account should also be a member of the group wheel. If there is something wrong with NIS, this account can be used to log in remotely, become root, and fix things. To import all possible group entries from the NIS server, add this line to your /etc/group file: +:*:: After completing these steps, you should be able to run ypcat passwd and see the NIS server's passwd map. NIS Security In general, any remote user can issue an RPC to &man.ypserv.8; and retrieve the contents of your NIS maps, provided the remote user knows your domainname. To prevent such unauthorized transactions, &man.ypserv.8; supports a feature called securenets which can be used to restrict access to a given set of hosts. At startup, &man.ypserv.8; will attempt to load the securenets information from a file called /var/yp/securenets. This path varies depending on the path specified with the option. This file contains entries that consist of a network specification and a network mask separated by white space. Lines starting with # are considered to be comments. A sample securenets file might look like this: # allow connections from local host -- mandatory 127.0.0.1 255.255.255.255 # allow connections from any host # on the 192.168.128.0 network 192.168.128.0 255.255.255.0 # allow connections from any host # between 10.0.0.0 to 10.0.15.255 # this includes the machines in the testlab 10.0.0.0 255.255.240.0 If &man.ypserv.8; receives a request from an address that matches one of these rules, it will process the request normally. If the address fails to match a rule, the request will be ignored and a warning message will be logged. If the /var/yp/securenets file does not exist, ypserv will allow connections from any host. The ypserv program also has support for Wietse Venema's TCP Wrapper package. This allows the administrator to use the TCP Wrapper configuration files for access control instead of /var/yp/securenets. While both of these access control mechanisms provide some security, they, like the privileged port test, are vulnerable to IP spoofing attacks. All NIS-related traffic should be blocked at your firewall. Servers using /var/yp/securenets may fail to serve legitimate NIS clients with archaic TCP/IP implementations. Some of these implementations set all host bits to zero when doing broadcasts and/or fail to observe the subnet mask when calculating the broadcast address. While some of these problems can be fixed by changing the client configuration, other problems may force the retirement of the client systems in question or the abandonment of /var/yp/securenets. Using /var/yp/securenets on a server with such an archaic implementation of TCP/IP is a really bad idea and will lead to loss of NIS functionality for large parts of your network. TCP Wrappers The use of the TCP Wrapper package increases the latency of your NIS server. The additional delay may be long enough to cause timeouts in client programs, especially in busy networks or with slow NIS servers. If one or more of your client systems suffers from these symptoms, you should convert the client systems in question into NIS slave servers and force them to bind to themselves. Barring Some Users from Logging On In our lab, there is a machine basie that is supposed to be a faculty only workstation. We do not want to take this machine out of the NIS domain, yet the passwd file on the master NIS server contains accounts for both faculty and students. What can we do? There is a way to bar specific users from logging on to a machine, even if they are present in the NIS database. To do this, all you must do is add -username to the end of the /etc/master.passwd file on the client machine, where username is the username of the user you wish to bar from logging in. This should preferably be done using vipw, since vipw will sanity check your changes to /etc/master.passwd, as well as automatically rebuild the password database when you finish editing. For example, if we wanted to bar user bill from logging on to basie we would: basie&prompt.root; vipw [add -bill to the end, exit] vipw: rebuilding the database... vipw: done basie&prompt.root; cat /etc/master.passwd root:[password]:0:0::0:0:The super-user:/root:/bin/csh toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8::0:0:News Subsystem:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin +::::::::: -bill basie&prompt.root; Udo Erdelhoff Contributed by Using Netgroups netgroups The method shown in the previous section works reasonably well if you need special rules for a very small number of users and/or machines. On larger networks, you will forget to bar some users from logging onto sensitive machines, or you may even have to modify each machine separately, thus losing the main benefit of NIS: centralized administration. The NIS developers' solution for this problem is called netgroups. Their purpose and semantics can be compared to the normal groups used by &unix; file systems. The main differences are the lack of a numeric ID and the ability to define a netgroup by including both user accounts and other netgroups. Netgroups were developed to handle large, complex networks with hundreds of users and machines. On one hand, this is a Good Thing if you are forced to deal with such a situation. On the other hand, this complexity makes it almost impossible to explain netgroups with really simple examples. The example used in the remainder of this section demonstrates this problem. Let us assume that your successful introduction of NIS in your laboratory caught your superiors' interest. Your next job is to extend your NIS domain to cover some of the other machines on campus. The two tables contain the names of the new users and new machines as well as brief descriptions of them. User Name(s) Description alpha, beta Normal employees of the IT department charlie, delta The new apprentices of the IT department echo, foxtrott, golf, ... Ordinary employees able, baker, ... The current interns Machine Name(s) Description war, death, famine, pollution Your most important servers. Only the IT employees are allowed to log onto these machines. pride, greed, envy, wrath, lust, sloth Less important servers. All members of the IT department are allowed to login onto these machines. one, two, three, four, ... Ordinary workstations. Only the real employees are allowed to use these machines. trashcan A very old machine without any critical data. Even the intern is allowed to use this box. If you tried to implement these restrictions by separately blocking each user, you would have to add one -user line to each system's passwd for each user who is not allowed to login onto that system. If you forget just one entry, you could be in trouble. It may be feasible to do this correctly during the initial setup, however you will eventually forget to add the lines for new users during day-to-day operations. After all, Murphy was an optimist. Handling this situation with netgroups offers several advantages. Each user need not be handled separately; you assign a user to one or more netgroups and allow or forbid logins for all members of the netgroup. If you add a new machine, you will only have to define login restrictions for netgroups. If a new user is added, you will only have to add the user to one or more netgroups. Those changes are independent of each other: no more for each combination of user and machine do... If your NIS setup is planned carefully, you will only have to modify exactly one central configuration file to grant or deny access to machines. The first step is the initialization of the NIS map netgroup. FreeBSD's &man.ypinit.8; does not create this map by default, but its NIS implementation will support it once it has been created. To create an empty map, simply type ellington&prompt.root; vi /var/yp/netgroup and start adding content. For our example, we need at least four netgroups: IT employees, IT apprentices, normal employees and interns. IT_EMP (,alpha,test-domain) (,beta,test-domain) IT_APP (,charlie,test-domain) (,delta,test-domain) USERS (,echo,test-domain) (,foxtrott,test-domain) \ (,golf,test-domain) INTERNS (,able,test-domain) (,baker,test-domain) IT_EMP, IT_APP etc. are the names of the netgroups. Each bracketed group adds one or more user accounts to it. The three fields inside a group are: The name of the host(s) where the following items are valid. If you do not specify a hostname, the entry is valid on all hosts. If you do specify a hostname, you will enter a realm of darkness, horror and utter confusion. The name of the account that belongs to this netgroup. The NIS domain for the account. You can import accounts from other NIS domains into your netgroup if you are one of the unlucky fellows with more than one NIS domain. Each of these fields can contain wildcards. See &man.netgroup.5; for details. netgroups Netgroup names longer than 8 characters should not be used, especially if you have machines running other operating systems within your NIS domain. The names are case sensitive; using capital letters for your netgroup names is an easy way to distinguish between user, machine and netgroup names. Some NIS clients (other than FreeBSD) cannot handle netgroups with a large number of entries. For example, some older versions of &sunos; start to cause trouble if a netgroup contains more than 15 entries. You can circumvent this limit by creating several sub-netgroups with 15 users or less and a real netgroup that consists of the sub-netgroups: BIGGRP1 (,joe1,domain) (,joe2,domain) (,joe3,domain) [...] BIGGRP2 (,joe16,domain) (,joe17,domain) [...] BIGGRP3 (,joe31,domain) (,joe32,domain) BIGGROUP BIGGRP1 BIGGRP2 BIGGRP3 You can repeat this process if you need more than 225 users within a single netgroup. Activating and distributing your new NIS map is easy: ellington&prompt.root; cd /var/yp ellington&prompt.root; make This will generate the three NIS maps netgroup, netgroup.byhost and netgroup.byuser. Use &man.ypcat.1; to check if your new NIS maps are available: ellington&prompt.user; ypcat -k netgroup ellington&prompt.user; ypcat -k netgroup.byhost ellington&prompt.user; ypcat -k netgroup.byuser The output of the first command should resemble the contents of /var/yp/netgroup. The second command will not produce output if you have not specified host-specific netgroups. The third command can be used to get the list of netgroups for a user. The client setup is quite simple. To configure the server war, you only have to start &man.vipw.8; and replace the line +::::::::: with +@IT_EMP::::::::: Now, only the data for the users defined in the netgroup IT_EMP is imported into war's password database and only these users are allowed to login. Unfortunately, this limitation also applies to the ~ function of the shell and all routines converting between user names and numerical user IDs. In other words, cd ~user will not work, ls -l will show the numerical ID instead of the username and find . -user joe -print will fail with No such user. To fix this, you will have to import all user entries without allowing them to login onto your servers. This can be achieved by adding another line to /etc/master.passwd. This line should contain: +:::::::::/sbin/nologin, meaning Import all entries but replace the shell with /sbin/nologin in the imported entries. You can replace any field in the passwd entry by placing a default value in your /etc/master.passwd. Make sure that the line +:::::::::/sbin/nologin is placed after +@IT_EMP:::::::::. Otherwise, all user accounts imported from NIS will have /sbin/nologin as their login shell. After this change, you will only have to change one NIS map if a new employee joins the IT department. You could use a similar approach for the less important servers by replacing the old +::::::::: in their local version of /etc/master.passwd with something like this: +@IT_EMP::::::::: +@IT_APP::::::::: +:::::::::/sbin/nologin The corresponding lines for the normal workstations could be: +@IT_EMP::::::::: +@USERS::::::::: +:::::::::/sbin/nologin And everything would be fine until there is a policy change a few weeks later: The IT department starts hiring interns. The IT interns are allowed to use the normal workstations and the less important servers; and the IT apprentices are allowed to login onto the main servers. You add a new netgroup IT_INTERN, add the new IT interns to this netgroup and start to change the configuration on each and every machine... As the old saying goes: Errors in centralized planning lead to global mess. NIS' ability to create netgroups from other netgroups can be used to prevent situations like these. One possibility is the creation of role-based netgroups. For example, you could create a netgroup called BIGSRV to define the login restrictions for the important servers, another netgroup called SMALLSRV for the less important servers and a third netgroup called USERBOX for the normal workstations. Each of these netgroups contains the netgroups that are allowed to login onto these machines. The new entries for your NIS map netgroup should look like this: BIGSRV IT_EMP IT_APP SMALLSRV IT_EMP IT_APP ITINTERN USERBOX IT_EMP ITINTERN USERS This method of defining login restrictions works reasonably well if you can define groups of machines with identical restrictions. Unfortunately, this is the exception and not the rule. Most of the time, you will need the ability to define login restrictions on a per-machine basis. Machine-specific netgroup definitions are the other possibility to deal with the policy change outlined above. In this scenario, the /etc/master.passwd of each box contains two lines starting with +. The first of them adds a netgroup with the accounts allowed to login onto this machine, the second one adds all other accounts with /sbin/nologin as shell. It is a good idea to use the ALL-CAPS version of the machine name as the name of the netgroup. In other words, the lines should look like this: +@BOXNAME::::::::: +:::::::::/sbin/nologin Once you have completed this task for all your machines, you will not have to modify the local versions of /etc/master.passwd ever again. All further changes can be handled by modifying the NIS map. Here is an example of a possible netgroup map for this scenario with some additional goodies: # Define groups of users first IT_EMP (,alpha,test-domain) (,beta,test-domain) IT_APP (,charlie,test-domain) (,delta,test-domain) DEPT1 (,echo,test-domain) (,foxtrott,test-domain) DEPT2 (,golf,test-domain) (,hotel,test-domain) DEPT3 (,india,test-domain) (,juliet,test-domain) ITINTERN (,kilo,test-domain) (,lima,test-domain) D_INTERNS (,able,test-domain) (,baker,test-domain) # # Now, define some groups based on roles USERS DEPT1 DEPT2 DEPT3 BIGSRV IT_EMP IT_APP SMALLSRV IT_EMP IT_APP ITINTERN USERBOX IT_EMP ITINTERN USERS # # And a groups for a special tasks # Allow echo and golf to access our anti-virus-machine SECURITY IT_EMP (,echo,test-domain) (,golf,test-domain) # # machine-based netgroups # Our main servers WAR BIGSRV FAMINE BIGSRV # User india needs access to this server POLLUTION BIGSRV (,india,test-domain) # # This one is really important and needs more access restrictions DEATH IT_EMP # # The anti-virus-machine mentioned above ONE SECURITY # # Restrict a machine to a single user TWO (,hotel,test-domain) # [...more groups to follow] If you are using some kind of database to manage your user accounts, you should be able to create the first part of the map with your database's report tools. This way, new users will automatically have access to the boxes. One last word of caution: It may not always be advisable to use machine-based netgroups. If you are deploying a couple of dozen or even hundreds of identical machines for student labs, you should use role-based netgroups instead of machine-based netgroups to keep the size of the NIS map within reasonable limits. Important Things to Remember There are still a couple of things that you will need to do differently now that you are in an NIS environment. Every time you wish to add a user to the lab, you must add it to the master NIS server only, and you must remember to rebuild the NIS maps. If you forget to do this, the new user will not be able to login anywhere except on the NIS master. For example, if we needed to add a new user jsmith to the lab, we would: &prompt.root; pw useradd jsmith &prompt.root; cd /var/yp &prompt.root; make test-domain You could also run adduser jsmith instead of pw useradd jsmith. Keep the administration accounts out of the NIS maps. You do not want to be propagating administrative accounts and passwords to machines that will have users that should not have access to those accounts. Keep the NIS master and slave secure, and minimize their downtime. If somebody either hacks or simply turns off these machines, they have effectively rendered many people without the ability to login to the lab. This is the chief weakness of any centralized administration system. If you do not protect your NIS servers, you will have a lot of angry users! NIS v1 Compatibility FreeBSD's ypserv has some support for serving NIS v1 clients. FreeBSD's NIS implementation only uses the NIS v2 protocol, however other implementations include support for the v1 protocol for backwards compatibility with older systems. The ypbind daemons supplied with these systems will try to establish a binding to an NIS v1 server even though they may never actually need it (and they may persist in broadcasting in search of one even after they receive a response from a v2 server). Note that while support for normal client calls is provided, this version of ypserv does not handle v1 map transfer requests; consequently, it cannot be used as a master or slave in conjunction with older NIS servers that only support the v1 protocol. Fortunately, there probably are not any such servers still in use today. NIS Servers That Are Also NIS Clients Care must be taken when running ypserv in a multi-server domain where the server machines are also NIS clients. It is generally a good idea to force the servers to bind to themselves rather than allowing them to broadcast bind requests and possibly become bound to each other. Strange failure modes can result if one server goes down and others are dependent upon it. Eventually all the clients will time out and attempt to bind to other servers, but the delay involved can be considerable and the failure mode is still present since the servers might bind to each other all over again. You can force a host to bind to a particular server by running ypbind with the flag. If you do not want to do this manually each time you reboot your NIS server, you can add the following lines to your /etc/rc.conf: nis_client_enable="YES" # run client stuff as well nis_client_flags="-S NIS domain,server" See &man.ypbind.8; for further information. Password Formats NIS password formats One of the most common issues that people run into when trying to implement NIS is password format compatibility. If your NIS server is using DES encrypted passwords, it will only support clients that are also using DES. For example, if you have &solaris; NIS clients in your network, then you will almost certainly need to use DES encrypted passwords. To check which format your servers and clients are using, look at /etc/login.conf. If the host is configured to use DES encrypted passwords, then the default class will contain an entry like this: default:\ :passwd_format=des:\ :copyright=/etc/COPYRIGHT:\ [Further entries elided] Other possible values for the passwd_format capability include blf and md5 (for Blowfish and MD5 encrypted passwords, respectively). If you have made changes to /etc/login.conf, you will also need to rebuild the login capability database, which is achieved by running the following command as root: &prompt.root; cap_mkdb /etc/login.conf The format of passwords already in /etc/master.passwd will not be updated until a user changes his password for the first time after the login capability database is rebuilt. Next, in order to ensure that passwords are encrypted with the format that you have chosen, you should also check that the crypt_default in /etc/auth.conf gives precedence to your chosen password format. To do this, place the format that you have chosen first in the list. For example, when using DES encrypted passwords, the entry would be: crypt_default = des blf md5 Having followed the above steps on each of the &os; based NIS servers and clients, you can be sure that they all agree on which password format is used within your network. If you have trouble authenticating on an NIS client, this is a pretty good place to start looking for possible problems. Remember: if you want to deploy an NIS server for a heterogenous network, you will probably have to use DES on all systems because it is the lowest common standard. Greg Sutter Written by Automatic Network Configuration (DHCP) What Is DHCP? Dynamic Host Configuration Protocol DHCP Internet Software Consortium (ISC) DHCP, the Dynamic Host Configuration Protocol, describes the means by which a system can connect to a network and obtain the necessary information for communication upon that network. FreeBSD versions prior to 6.0 use the ISC (Internet Software Consortium) DHCP client (&man.dhclient.8;) implementation. Later versions use the OpenBSD dhclient taken from OpenBSD 3.7. All information here regarding dhclient is for use with either of the ISC or OpenBSD DHCP clients. The DHCP server is the one included in the ISC distribution. What This Section Covers This section describes both the client-side components of the ISC and OpenBSD DHCP client and server-side components of the ISC DHCP system. The client-side program, dhclient, comes integrated within FreeBSD, and the server-side portion is available from the net/isc-dhcp3-server port. The &man.dhclient.8;, &man.dhcp-options.5;, and &man.dhclient.conf.5; manual pages, in addition to the references below, are useful resources. How It Works UDP When dhclient, the DHCP client, is executed on the client machine, it begins broadcasting requests for configuration information. By default, these requests are on UDP port 68. The server replies on UDP 67, giving the client an IP address and other relevant network information such as netmask, router, and DNS servers. All of this information comes in the form of a DHCP lease and is only valid for a certain time (configured by the DHCP server maintainer). In this manner, stale IP addresses for clients no longer connected to the network can be automatically reclaimed. DHCP clients can obtain a great deal of information from the server. An exhaustive list may be found in &man.dhcp-options.5;. FreeBSD Integration &os; fully integrates the ISC or OpenBSD DHCP client, dhclient (according to the &os; version you run). DHCP client support is provided within both the installer and the base system, obviating the need for detailed knowledge of network configurations on any network that runs a DHCP server. dhclient has been included in all FreeBSD distributions since 3.2. sysinstall DHCP is supported by sysinstall. When configuring a network interface within sysinstall, the second question asked is: Do you want to try DHCP configuration of the interface?. Answering affirmatively will execute dhclient, and if successful, will fill in the network configuration information automatically. There are two things you must do to have your system use DHCP upon startup: DHCP requirements Make sure that the bpf device is compiled into your kernel. To do this, add device bpf (pseudo-device bpf under &os; 4.X) to your kernel configuration file, and rebuild the kernel. For more information about building kernels, see . The bpf device is already part of the GENERIC kernel that is supplied with FreeBSD, so if you do not have a custom kernel, you should not need to create one in order to get DHCP working. For those who are particularly security conscious, you should be warned that bpf is also the device that allows packet sniffers to work correctly (although they still have to be run as root). bpf is required to use DHCP, but if you are very sensitive about security, you probably should not add bpf to your kernel in the expectation that at some point in the future you will be using DHCP. Edit your /etc/rc.conf to include the following: ifconfig_fxp0="DHCP" Be sure to replace fxp0 with the designation for the interface that you wish to dynamically configure, as described in . If you are using a different location for dhclient, or if you wish to pass additional flags to dhclient, also include the following (editing as necessary): dhcp_program="/sbin/dhclient" dhcp_flags="" DHCP server The DHCP server, dhcpd, is included as part of the net/isc-dhcp3-server port in the ports collection. This port contains the ISC DHCP server and documentation. Files DHCP configuration files /etc/dhclient.conf dhclient requires a configuration file, /etc/dhclient.conf. Typically the file contains only comments, the defaults being reasonably sane. This configuration file is described by the &man.dhclient.conf.5; manual page. /sbin/dhclient dhclient is statically linked and resides in /sbin. The &man.dhclient.8; manual page gives more information about dhclient. /sbin/dhclient-script dhclient-script is the FreeBSD-specific DHCP client configuration script. It is described in &man.dhclient-script.8;, but should not need any user modification to function properly. /var/db/dhclient.leases The DHCP client keeps a database of valid leases in this file, which is written as a log. &man.dhclient.leases.5; gives a slightly longer description. Further Reading The DHCP protocol is fully described in RFC 2131. An informational resource has also been set up at . Installing and Configuring a DHCP Server What This Section Covers This section provides information on how to configure a FreeBSD system to act as a DHCP server using the ISC (Internet Software Consortium) implementation of the DHCP suite. The server portion of the suite is not provided as part of FreeBSD, and so you will need to install the net/isc-dhcp3-server port to provide this service. See for more information on using the Ports Collection. DHCP Server Installation DHCP installation In order to configure your FreeBSD system as a DHCP server, you will need to ensure that the &man.bpf.4; device is compiled into your kernel. To do this, add device bpf (pseudo-device bpf under &os; 4.X) to your kernel configuration file, and rebuild the kernel. For more information about building kernels, see . The bpf device is already part of the GENERIC kernel that is supplied with FreeBSD, so you do not need to create a custom kernel in order to get DHCP working. Those who are particularly security conscious should note that bpf is also the device that allows packet sniffers to work correctly (although such programs still need privileged access). bpf is required to use DHCP, but if you are very sensitive about security, you probably should not include bpf in your kernel purely because you expect to use DHCP at some point in the future. The next thing that you will need to do is edit the sample dhcpd.conf which was installed by the net/isc-dhcp3-server port. By default, this will be /usr/local/etc/dhcpd.conf.sample, and you should copy this to /usr/local/etc/dhcpd.conf before proceeding to make changes. Configuring the DHCP Server DHCP dhcpd.conf dhcpd.conf is comprised of declarations regarding subnets and hosts, and is perhaps most easily explained using an example : option domain-name "example.com"; option domain-name-servers 192.168.4.100; option subnet-mask 255.255.255.0; default-lease-time 3600; max-lease-time 86400; ddns-update-style none; subnet 192.168.4.0 netmask 255.255.255.0 { range 192.168.4.129 192.168.4.254; option routers 192.168.4.1; } host mailhost { hardware ethernet 02:03:04:05:06:07; fixed-address mailhost.example.com; } This option specifies the domain that will be provided to clients as the default search domain. See &man.resolv.conf.5; for more information on what this means. This option specifies a comma separated list of DNS servers that the client should use. The netmask that will be provided to clients. A client may request a specific length of time that a lease will be valid. Otherwise the server will assign a lease with this expiry value (in seconds). This is the maximum length of time that the server will lease for. Should a client request a longer lease, a lease will be issued, although it will only be valid for max-lease-time seconds. This option specifies whether the DHCP server should attempt to update DNS when a lease is accepted or released. In the ISC implementation, this option is required. This denotes which IP addresses should be used in the pool reserved for allocating to clients. IP addresses between, and including, the ones stated are handed out to clients. Declares the default gateway that will be provided to clients. The hardware MAC address of a host (so that the DHCP server can recognize a host when it makes a request). Specifies that the host should always be given the same IP address. Note that using a hostname is correct here, since the DHCP server will resolve the hostname itself before returning the lease information. Once you have finished writing your dhcpd.conf, you can proceed to start the server by issuing the following command: &prompt.root; /usr/local/etc/rc.d/isc-dhcpd.sh start Should you need to make changes to the configuration of your server in the future, it is important to note that sending a SIGHUP signal to dhcpd does not result in the configuration being reloaded, as it does with most daemons. You will need to send a SIGTERM signal to stop the process, and then restart it using the command above. Files DHCP configuration files /usr/local/sbin/dhcpd dhcpd is statically linked and resides in /usr/local/sbin. The &man.dhcpd.8; manual page installed with the port gives more information about dhcpd. /usr/local/etc/dhcpd.conf dhcpd requires a configuration file, /usr/local/etc/dhcpd.conf before it will start providing service to clients. This file needs to contain all the information that should be provided to clients that are being serviced, along with information regarding the operation of the server. This configuration file is described by the &man.dhcpd.conf.5; manual page installed by the port. /var/db/dhcpd.leases The DHCP server keeps a database of leases it has issued in this file, which is written as a log. The manual page &man.dhcpd.leases.5;, installed by the port gives a slightly longer description. /usr/local/sbin/dhcrelay dhcrelay is used in advanced environments where one DHCP server forwards a request from a client to another DHCP server on a separate network. If you require this functionality, then install the net/isc-dhcp3-relay port. The &man.dhcrelay.8; manual page provided with the port contains more detail. Chern Lee Contributed by Domain Name System (DNS) Overview BIND FreeBSD utilizes, by default, a version of BIND (Berkeley Internet Name Domain), which is the most common implementation of the DNS protocol. DNS is the protocol through which names are mapped to IP addresses, and vice versa. For example, a query for www.FreeBSD.org will receive a reply with the IP address of The FreeBSD Project's web server, whereas, a query for ftp.FreeBSD.org will return the IP address of the corresponding FTP machine. Likewise, the opposite can happen. A query for an IP address can resolve its hostname. It is not necessary to run a name server to perform DNS lookups on a system. DNS DNS is coordinated across the Internet through a somewhat complex system of authoritative root name servers, and other smaller-scale name servers who host and cache individual domain information. This document refers to BIND 8.x, as it is the stable version used in &os;. Versions of &os; 5.3 and beyond include BIND9 and the configuration instructions may be found later in this chapter. Users of &os; 5.2 and other previous versions may install BIND9 from the net/bind9 port. RFC1034 and RFC1035 dictate the DNS protocol. Currently, BIND is maintained by the Internet Software Consortium . Terminology To understand this document, some terms related to DNS must be understood. resolver reverse DNS root zone Term Definition Forward DNS Mapping of hostnames to IP addresses Origin Refers to the domain covered in a particular zone file named, BIND, name server Common names for the BIND name server package within FreeBSD Resolver A system process through which a machine queries a name server for zone information Reverse DNS The opposite of forward DNS; mapping of IP addresses to hostnames Root zone The beginning of the Internet zone hierarchy. All zones fall under the root zone, similar to how all files in a file system fall under the root directory. Zone An individual domain, subdomain, or portion of the DNS administered by the same authority zones examples Examples of zones: . is the root zone org. is a zone under the root zone example.org. is a zone under the org. zone foo.example.org. is a subdomain, a zone under the example.org. zone 1.2.3.in-addr.arpa is a zone referencing all IP addresses which fall under the 3.2.1.* IP space. As one can see, the more specific part of a hostname appears to its left. For example, example.org. is more specific than org., as org. is more specific than the root zone. The layout of each part of a hostname is much like a file system: the /dev directory falls within the root, and so on. Reasons to Run a Name Server Name servers usually come in two forms: an authoritative name server, and a caching name server. An authoritative name server is needed when: one wants to serve DNS information to the world, replying authoritatively to queries. a domain, such as example.org, is registered and IP addresses need to be assigned to hostnames under it. an IP address block requires reverse DNS entries (IP to hostname). a backup name server, called a slave, must reply to queries when the primary is down or inaccessible. A caching name server is needed when: a local DNS server may cache and respond more quickly than querying an outside name server. a reduction in overall network traffic is desired (DNS traffic has been measured to account for 5% or more of total Internet traffic). When one queries for www.FreeBSD.org, the resolver usually queries the uplink ISP's name server, and retrieves the reply. With a local, caching DNS server, the query only has to be made once to the outside world by the caching DNS server. Every additional query will not have to look to the outside of the local network, since the information is cached locally. How It Works In FreeBSD, the BIND daemon is called named for obvious reasons. File Description named the BIND daemon ndc name daemon control program /etc/namedb directory where BIND zone information resides /etc/namedb/named.conf daemon configuration file Zone files are usually contained within the /etc/namedb directory, and contain the DNS zone information served by the name server. Starting BIND BIND starting Since BIND is installed by default, configuring it all is relatively simple. To ensure the named daemon is started at boot, put the following line in /etc/rc.conf: named_enable="YES" To start the daemon manually (after configuring it): &prompt.root; ndc start Configuration Files BIND configuration files Using <command>make-localhost</command> Be sure to: &prompt.root; cd /etc/namedb &prompt.root; sh make-localhost to properly create the local reverse DNS zone file in /etc/namedb/master/localhost.rev. <filename>/etc/namedb/named.conf</filename> // $FreeBSD$ // // Refer to the named(8) manual page for details. If you are ever going // to setup a primary server, make sure you've understood the hairy // details of how DNS is working. Even with simple mistakes, you can // break connectivity for affected parties, or cause huge amount of // useless Internet traffic. options { directory "/etc/namedb"; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ Just as the comment says, to benefit from an uplink's cache, forwarders can be enabled here. Under normal circumstances, a name server will recursively query the Internet looking at certain name servers until it finds the answer it is looking for. Having this enabled will have it query the uplink's name server (or name server provided) first, taking advantage of its cache. If the uplink name server in question is a heavily trafficked, fast name server, enabling this may be worthwhile. 127.0.0.1 will not work here. Change this IP address to a name server at your uplink. /* * If there is a firewall between you and name servers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; /* * If running in a sandbox, you may have to specify a different * location for the dumpfile. */ // dump-file "s/named_dump.db"; }; // Note: the following will be supported in a future release. /* host { any; } { topology { 127.0.0.0/8; }; }; */ // Setting up secondaries is way easier and the rough picture for this // is explained below. // // If you enable a local name server, don't forget to enter 127.0.0.1 // into your /etc/resolv.conf so this server will be queried first. // Also, make sure to enable it in /etc/rc.conf. zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example secondary config entries. It can be convenient to become // a secondary at least for the zone where your own domain is in. Ask // your network administrator for the IP address of the responsible // primary. // // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! // (This is the first bytes of the respective IP address, in reverse // order, with ".IN-ADDR.ARPA" appended.) // // Before starting to setup a primary zone, better make sure you fully // understand how DNS and BIND works, however. There are sometimes // unobvious pitfalls. Setting up a secondary is comparably simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. // // NOTE!!! FreeBSD runs BIND in a sandbox (see named_flags in rc.conf). // The directory containing the secondary zones must be write accessible // to BIND. The following sequence is suggested: // // mkdir /etc/namedb/s // chown bind:bind /etc/namedb/s // chmod 750 /etc/namedb/s For more information on running BIND in a sandbox, see Running named in a sandbox. /* zone "example.com" { type slave; file "s/example.com.bak"; masters { 192.168.1.1; }; }; zone "0.168.192.in-addr.arpa" { type slave; file "s/0.168.192.in-addr.arpa.bak"; masters { 192.168.1.1; }; }; */ In named.conf, these are examples of slave entries for a forward and reverse zone. For each new zone served, a new zone entry must be added to named.conf. For example, the simplest zone entry for example.org can look like: zone "example.org" { type master; file "example.org"; }; The zone is a master, as indicated by the statement, holding its zone information in /etc/namedb/example.org indicated by the statement. zone "example.org" { type slave; file "example.org"; }; In the slave case, the zone information is transferred from the master name server for the particular zone, and saved in the file specified. If and when the master server dies or is unreachable, the slave name server will have the transferred zone information and will be able to serve it. Zone Files An example master zone file for example.org (existing within /etc/namedb/example.org) is as follows: $TTL 3600 example.org. IN SOA ns1.example.org. admin.example.org. ( 5 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 86400 ) ; Minimum TTL ; DNS Servers @ IN NS ns1.example.org. @ IN NS ns2.example.org. ; Machine Names localhost IN A 127.0.0.1 ns1 IN A 3.2.1.2 ns2 IN A 3.2.1.3 mail IN A 3.2.1.10 @ IN A 3.2.1.30 ; Aliases www IN CNAME @ ; MX Record @ IN MX 10 mail.example.org. Note that every hostname ending in a . is an exact hostname, whereas everything without a trailing . is referenced to the origin. For example, www is translated into www.origin. In our fictitious zone file, our origin is example.org., so www would translate to www.example.org. The format of a zone file follows: recordname IN recordtype value DNS records The most commonly used DNS records: SOA start of zone authority NS an authoritative name server A a host address CNAME the canonical name for an alias MX mail exchanger PTR a domain name pointer (used in reverse DNS) example.org. IN SOA ns1.example.org. admin.example.org. ( 5 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day example.org. the domain name, also the origin for this zone file. ns1.example.org. the primary/authoritative name server for this zone. admin.example.org. the responsible person for this zone, email address with @ replaced. (admin@example.org becomes admin.example.org) 5 the serial number of the file. This must be incremented each time the zone file is modified. Nowadays, many admins prefer a yyyymmddrr format for the serial number. 2001041002 would mean last modified 04/10/2001, the latter 02 being the second time the zone file has been modified this day. The serial number is important as it alerts slave name servers for a zone when it is updated. @ IN NS ns1.example.org. This is an NS entry. Every name server that is going to reply authoritatively for the zone must have one of these entries. The @ as seen here could have been example.org. The @ translates to the origin. localhost IN A 127.0.0.1 ns1 IN A 3.2.1.2 ns2 IN A 3.2.1.3 mail IN A 3.2.1.10 @ IN A 3.2.1.30 The A record indicates machine names. As seen above, ns1.example.org would resolve to 3.2.1.2. Again, the origin symbol, @, is used here, thus meaning example.org would resolve to 3.2.1.30. www IN CNAME @ The canonical name record is usually used for giving aliases to a machine. In the example, www is aliased to the machine addressed to the origin, or example.org (3.2.1.30). CNAMEs can be used to provide alias hostnames, or round robin one hostname among multiple machines. MX record @ IN MX 10 mail.example.org. The MX record indicates which mail servers are responsible for handling incoming mail for the zone. mail.example.org is the hostname of the mail server, and 10 being the priority of that mail server. One can have several mail servers, with priorities of 3, 2, 1. A mail server attempting to deliver to example.org would first try the highest priority MX, then the second highest, etc, until the mail can be properly delivered. For in-addr.arpa zone files (reverse DNS), the same format is used, except with PTR entries instead of A or CNAME. $TTL 3600 1.2.3.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. ( 5 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 3600 ) ; Minimum @ IN NS ns1.example.org. @ IN NS ns2.example.org. 2 IN PTR ns1.example.org. 3 IN PTR ns2.example.org. 10 IN PTR mail.example.org. 30 IN PTR example.org. This file gives the proper IP address to hostname mappings of our above fictitious domain. Caching Name Server BIND caching name server A caching name server is a name server that is not authoritative for any zones. It simply asks queries of its own, and remembers them for later use. To set one up, just configure the name server as usual, omitting any inclusions of zones. Running <application>named</application> in a Sandbox BIND running in a sandbox chroot For added security you may want to run &man.named.8; as an unprivileged user, and configure it to &man.chroot.8; into a sandbox directory. This makes everything outside of the sandbox inaccessible to the named daemon. Should named be compromised, this will help to reduce the damage that can be caused. By default, FreeBSD has a user and a group called bind, intended for this use. Various people would recommend that instead of configuring named to chroot, you should run named inside a &man.jail.8;. This section does not attempt to cover this situation. Since named will not be able to access anything outside of the sandbox (such as shared libraries, log sockets, and so on), there are a number of steps that need to be followed in order to allow named to function correctly. In the following checklist, it is assumed that the path to the sandbox is /etc/namedb and that you have made no prior modifications to the contents of this directory. Perform the following steps as root: Create all directories that named expects to see: &prompt.root; cd /etc/namedb &prompt.root; mkdir -p bin dev etc var/tmp var/run master slave &prompt.root; chown bind:bind slave var/* named only needs write access to these directories, so that is all we give it. Rearrange and create basic zone and configuration files: &prompt.root; cp /etc/localtime etc &prompt.root; mv named.conf etc && ln -sf etc/named.conf &prompt.root; mv named.root master &prompt.root; sh make-localhost &prompt.root; cat > master/named.localhost $ORIGIN localhost. $TTL 6h @ IN SOA localhost. postmaster.localhost. ( 1 ; serial 3600 ; refresh 1800 ; retry 604800 ; expiration 3600 ) ; minimum IN NS localhost. IN A 127.0.0.1 ^D This allows named to log the correct time to &man.syslogd.8;. syslog log files named If you are running a version of &os; prior to 4.9-RELEASE, build a statically linked copy of named-xfer, and copy it into the sandbox: &prompt.root; cd /usr/src/lib/libisc &prompt.root; make cleandir && make cleandir && make depend && make all &prompt.root; cd /usr/src/lib/libbind &prompt.root; make cleandir && make cleandir && make depend && make all &prompt.root; cd /usr/src/libexec/named-xfer &prompt.root; make cleandir && make cleandir && make depend && make NOSHARED=yes all &prompt.root; cp named-xfer /etc/namedb/bin && chmod 555 /etc/namedb/bin/named-xfer After your statically linked named-xfer is installed some cleaning up is required, to avoid leaving stale copies of libraries or programs in your source tree: &prompt.root; cd /usr/src/lib/libisc &prompt.root; make cleandir &prompt.root; cd /usr/src/lib/libbind &prompt.root; make cleandir &prompt.root; cd /usr/src/libexec/named-xfer &prompt.root; make cleandir This step has been reported to fail occasionally. If this happens to you, then issue the command: &prompt.root; cd /usr/src && make cleandir && make cleandir and delete your /usr/obj tree: &prompt.root; rm -fr /usr/obj && mkdir /usr/obj This will clean out any cruft from your source tree, and retrying the steps above should then work. If you are running &os; version 4.9-RELEASE or later, then the copy of named-xfer in /usr/libexec is statically linked by default, and you can simply use &man.cp.1; to copy it into your sandbox. Make a dev/null that named can see and write to: &prompt.root; cd /etc/namedb/dev && mknod null c 2 2 &prompt.root; chmod 666 null Symlink /var/run/ndc to /etc/namedb/var/run/ndc: &prompt.root; ln -sf /etc/namedb/var/run/ndc /var/run/ndc This simply avoids having to specify the option to &man.ndc.8; every time you run it. Since the contents of /var/run are deleted on boot, it may be useful to add this command to root's &man.crontab.5;, using the option. syslog log files named Configure &man.syslogd.8; to create an extra log socket that named can write to. To do this, add -l /etc/namedb/dev/log to the syslogd_flags variable in /etc/rc.conf. chroot Arrange to have named start and chroot itself to the sandbox by adding the following to /etc/rc.conf: named_enable="YES" named_flags="-u bind -g bind -t /etc/namedb /etc/named.conf" Note that the configuration file /etc/named.conf is denoted by a full pathname relative to the sandbox, i.e. in the line above, the file referred to is actually /etc/namedb/etc/named.conf. The next step is to edit /etc/namedb/etc/named.conf so that named knows which zones to load and where to find them on the disk. There follows a commented example (anything not specifically commented here is no different from the setup for a DNS server not running in a sandbox): options { directory "/"; named-xfer "/bin/named-xfer"; version ""; // Don't reveal BIND version query-source address * port 53; }; // ndc control socket controls { unix "/var/run/ndc" perm 0600 owner 0 group 0; }; // Zones follow: zone "localhost" IN { type master; file "master/named.localhost"; allow-transfer { localhost; }; notify no; }; zone "0.0.127.in-addr.arpa" IN { type master; file "master/localhost.rev"; allow-transfer { localhost; }; notify no; }; zone "." IN { type hint; file "master/named.root"; }; zone "private.example.net" in { type master; file "master/private.example.net.db"; allow-transfer { 192.168.10.0/24; }; }; zone "10.168.192.in-addr.arpa" in { type slave; masters { 192.168.10.2; }; file "slave/192.168.10.db"; }; The directory statement is specified as /, since all files that named needs are within this directory (recall that this is equivalent to a normal user's /etc/namedb). Specifies the full path to the named-xfer binary (from named's frame of reference). This is necessary since named is compiled to look for named-xfer in /usr/libexec by default. Specifies the filename (relative to the directory statement above) where named can find the zone file for this zone. Specifies the filename (relative to the directory statement above) where named should write a copy of the zone file for this zone after successfully transferring it from the master server. This is why we needed to change the ownership of the directory slave to bind in the setup stages above. After completing the steps above, either reboot your server or restart &man.syslogd.8; and start &man.named.8;, making sure to use the new options specified in syslogd_flags and named_flags. You should now be running a sandboxed copy of named! Security Although BIND is the most common implementation of DNS, there is always the issue of security. Possible and exploitable security holes are sometimes found. It is a good idea to read CERT's security advisories and to subscribe to the &a.security-notifications; to stay up to date with the current Internet and FreeBSD security issues. If a problem arises, keeping sources up to date and having a fresh build of named would not hurt. Further Reading BIND/named manual pages: &man.ndc.8; &man.named.8; &man.named.conf.5; Official ISC BIND Page BIND FAQ O'Reilly DNS and BIND 4th Edition RFC1034 - Domain Names - Concepts and Facilities RFC1035 - Domain Names - Implementation and Specification Tom Rhodes Written by <acronym>BIND</acronym>9 and &os; bind9 setting up The release of &os; 5.3 brought the BIND9 DNS server software into the distribution. New security features, a new file system layout and automated &man.chroot.8; configuration came with the import. This section has been written in two parts, the first will discuss new features and their configuration; the latter will cover upgrades to aid in move to &os; 5.3. From this moment on, the server will be referred to simply as &man.named.8; in place of BIND. This section skips over the terminology described in the previous section as well as some of the theoretical discussions; thus, it is recommended that the previous section be consulted before reading any further here. Configuration files for named currently reside in /var/named/etc/namedb/ and will need modification before use. This is where most of the configuration will be performed. Configuration of a Master Zone To configure a master zone visit /var/named/etc/namedb/ and run the following command: &prompt.root; sh make-localhost If all went well a new file should exist in the master directory. The filenames should be localhost.rev for the local domain name and localhost-v6.rev for IPv6 configurations. As the default configuration file, configuration for its use will already be present in the named.conf file. Configuration of a Slave Zone Configuration for extra domains or sub domains may be done properly by setting them as a slave zone. In most cases, the master/localhost.rev file could just be copied over into the slave directory and modified. Once completed, the files need to be properly added in named.conf such as in the following configuration for example.com: zone "example.com" { type slave; file "slave/example.com"; masters { 10.0.0.1; }; }; zone "0.168.192.in-addr.arpa" { type slave; file "slave/0.168.192.in-addr.arpa"; masters { 10.0.0.1; }; }; Note well that in this example, the master IP address is the primary domain server from which the zones are transferred; it does not necessary serve as DNS server itself. System Initialization Configuration In order for the named daemon to start when the system is booted, the following option must be present in the rc.conf file: named_enable="YES" While other options exist, this is the bare minimal requirement. Consult the &man.rc.conf.5; manual page for a list of the other options. If nothing is entered in the rc.conf file then named may be started on the command line by invoking: &prompt.root; /etc/rc.d/named start <acronym>BIND</acronym>9 Security While &os; automatically drops named into a &man.chroot.8; environment; there are several other security mechanisms in place which could help to lure off possible DNS service attacks. Query Access Control Lists A query access control list can be used to restrict queries against the zones. The configuration works by defining the network inside of the acl token and then listing IP addresses in the zone configuration. To permit domains to query the example host, just define it like this: acl "example.com" { 192.168.0.0/24; }; zone "example.com" { type slave; file "slave/example.com"; masters { 10.0.0.1; }; allow-query { example.com; }; }; zone "0.168.192.in-addr.arpa" { type slave; file "slave/0.168.192.in-addr.arpa"; masters { 10.0.0.1; }; allow-query { example.com; }; }; Restrict Version Permitting version lookups on the DNS server could be opening the doors for an attacker. A malicious user may use this information to hunt up known exploits or bugs to utilize against the host. Setting a false version will not protect the server from exploits. Only upgrading to a version that is not vulnerable will protect your server. A false version string can be placed the options section of named.conf: options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; version "None of your business"; }; Murray Stokely Contributed by Apache HTTP Server web servers setting up Apache Overview &os; is used to run some of the busiest web sites in the world. The majority of web servers on the Internet are using the Apache HTTP Server. Apache software packages should be included on your FreeBSD installation media. If you did not install Apache when you first installed FreeBSD, then you can install it from the www/apache13 or www/apache20 port. Once Apache has been installed successfully, it must be configured. This section covers version 1.3.X of the Apache HTTP Server as that is the most widely used version for &os;. Apache 2.X introduces many new technologies but they are not discussed here. For more information about Apache 2.X, please see . Configuration Apache configuration file The main Apache HTTP Server configuration file is installed as /usr/local/etc/apache/httpd.conf on &os;. This file is a typical &unix; text configuration file with comment lines beginning with the # character. A comprehensive description of all possible configuration options is outside the scope of this book, so only the most frequently modified directives will be described here. ServerRoot "/usr/local" This specifies the default directory hierarchy for the Apache installation. Binaries are stored in the bin and sbin subdirectories of the server root, and configuration files are stored in etc/apache. ServerAdmin you@your.address The address to which problems with the server should be emailed. This address appears on some server-generated pages, such as error documents. ServerName www.example.com ServerName allows you to set a host name which is sent back to clients for your server if it is different to the one that the host is configured with (i.e., use www instead of the host's real name). DocumentRoot "/usr/local/www/data" DocumentRoot: The directory out of which you will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations. It is always a good idea to make backup copies of your Apache configuration file before making changes. Once you are satisfied with your initial configuration you are ready to start running Apache. Running <application>Apache</application> Apache starting or stopping Apache does not run from the inetd super server as many other network servers do. It is configured to run standalone for better performance for incoming HTTP requests from client web browsers. A shell script wrapper is included to make starting, stopping, and restarting the server as simple as possible. To start up Apache for the first time, just run: &prompt.root; /usr/local/sbin/apachectl start You can stop the server at any time by typing: &prompt.root; /usr/local/sbin/apachectl stop After making changes to the configuration file for any reason, you will need to restart the server: &prompt.root; /usr/local/sbin/apachectl restart To restart Apache without aborting current connections, run: &prompt.root; /usr/local/sbin/apachectl graceful Additional information available at &man.apachectl.8; manual page. To launch Apache at system startup, add the following line to /etc/rc.conf: apache_enable="YES" If you would like to supply additional command line options for the Apache httpd program started at system boot, you may specify them with an additional line in rc.conf: apache_flags="" Now that the web server is running, you can view your web site by pointing a web browser to http://localhost/. The default web page that is displayed is /usr/local/www/data/index.html. Virtual Hosting Apache supports two different types of Virtual Hosting. The first method is Name-based Virtual Hosting. Name-based virtual hosting uses the clients HTTP/1.1 headers to figure out the hostname. This allows many different domains to share the same IP address. To setup Apache to use Name-based Virtual Hosting add an entry like the following to your httpd.conf: NameVirtualHost * If your webserver was named www.domain.tld and you wanted to setup a virtual domain for www.someotherdomain.tld then you would add the following entries to httpd.conf: <VirtualHost *> ServerName www.domain.tld DocumentRoot /www/domain.tld </VirtualHost> <VirtualHost *> ServerName www.someotherdomain.tld DocumentRoot /www/someotherdomain.tld </VirtualHost> Replace the addresses with the addresses you want to use and the path to the documents with what you are using. For more information about setting up virtual hosts, please consult the official Apache documentation at: . Apache Modules Apache modules There are many different Apache modules available to add functionality to the basic server. The FreeBSD Ports Collection provides an easy way to install Apache together with some of the more popular add-on modules. mod_ssl web servers secure SSL cryptography The mod_ssl module uses the OpenSSL library to provide strong cryptography via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. This module provides everything necessary to request a signed certificate from a trusted certificate signing authority so that you can run a secure web server on &os;. If you have not yet installed Apache, then a version of Apache 1.3.X that includes mod_ssl may be installed with the www/apache13-modssl port. SSL support is also available for Apache 2.X in the www/apache20 port, where it is enabled by default. Dynamic Websites with Perl & PHP In the past few years, more businesses have turned to the Internet in order to enhance their revenue and increase exposure. This has also increased the need for interactive web content. While some companies, such as µsoft;, have introduced solutions into their proprietary products, the open source community answered the call. Two options for dynamic web content include mod_perl & mod_php. mod_perl mod_perl Perl The Apache/Perl integration project brings together the full power of the Perl programming language and the Apache HTTP Server. With the mod_perl module it is possible to write Apache modules entirely in Perl. In addition, the persistent interpreter embedded in the server avoids the overhead of starting an external interpreter and the penalty of Perl start-up time. mod_perl is available a few different ways. To use mod_perl remember that mod_perl 1.0 only works with Apache 1.3 and mod_perl 2.0 only works with Apache 2. mod_perl 1.0 is available in www/mod_perl and a statically compiled version is available in www/apache13-modperl. mod_perl 2.0 is avaliable in www/mod_perl2. Tom Rhodes Written by mod_php mod_php PHP PHP, also known as PHP: Hypertext Preprocessor is a general-purpose scripting language that is especially suited for Web development. Capable of being embedded into HTML its syntax draws upon C, &java;, and Perl with the intention of allowing web developers to write dynamically generated webpages quickly. To gain support for PHP5 for the Apache web server, begin by installing the www/mod_php5 port. This will install and configure the modules required to support dynamic PHP applications. Check to ensure the following lines have been added to /usr/local/etc/apache/httpd.conf: LoadModule php5_module libexec/apache/libphp5.so AddModule mod_php5.c <IfModule mod_php5.c> DirectoryIndex index.php index.html </IfModule> <IfModule mod_php5.c> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps </IfModule> Once completed, a simple call to the apachectl command for a graceful restart is needed to load the PHP module: &prompt.root; apachectl graceful The PHP support in &os; is extremely modular so the base install is very limited. It is very easy to add support using the lang/php5-extensions port. This port provides a menu driven interface to PHP extension installation. Alternatively, individual extensions can be installed using the appropriate port. For instance, to add support for the MySQL database server to PHP5, simply install the databases/php5-mysql port. After installing an extension, the Apache server must be reloaded to pick up the new configuration changes. &prompt.root; apachectl graceful Murray Stokely Contributed by File Transfer Protocol (FTP) FTP servers Overview The File Transfer Protocol (FTP) provides users with a simple way to transfer files to and from an FTP server. &os; includes FTP server software, ftpd, in the base system. This makes setting up and administering an FTP server on FreeBSD very straightforward. Configuration The most important configuration step is deciding which accounts will be allowed access to the FTP server. A normal FreeBSD system has a number of system accounts used for various daemons, but unknown users should not be allowed to log in with these accounts. The /etc/ftpusers file is a list of users disallowed any FTP access. By default, it includes the aforementioned system accounts, but it is possible to add specific users here that should not be allowed access to FTP. You may want to restrict the access of some users without preventing them completely from using FTP. This can be accomplished with the /etc/ftpchroot file. This file lists users and groups subject to FTP access restrictions. The &man.ftpchroot.5; manual page has all of the details so it will not be described in detail here. FTP anonymous If you would like to enable anonymous FTP access to your server, then you must create a user named ftp on your &os; system. Users will then be able to log on to your FTP server with a username of ftp or anonymous and with any password (by convention an email address for the user should be used as the password). The FTP server will call &man.chroot.2; when an anonymous user logs in, to restrict access to only the home directory of the ftp user. There are two text files that specify welcome messages to be displayed to FTP clients. The contents of the file /etc/ftpwelcome will be displayed to users before they reach the login prompt. After a successful login, the contents of the file /etc/ftpmotd will be displayed. Note that the path to this file is relative to the login environment, so the file ~ftp/etc/ftpmotd would be displayed for anonymous users. Once the FTP server has been configured properly, it must be enabled in /etc/inetd.conf. All that is required here is to remove the comment symbol # from in front of the existing ftpd line : ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l As explained in , a HangUP Signal must be sent to inetd after this configuration file is changed. You can now log on to your FTP server by typing: &prompt.user; ftp localhost Maintaining syslog log files FTP The ftpd daemon uses &man.syslog.3; to log messages. By default, the system log daemon will put messages related to FTP in the /var/log/xferlog file. The location of the FTP log can be modified by changing the following line in /etc/syslog.conf: ftp.info /var/log/xferlog FTP anonymous Be aware of the potential problems involved with running an anonymous FTP server. In particular, you should think twice about allowing anonymous users to upload files. You may find that your FTP site becomes a forum for the trade of unlicensed commercial software or worse. If you do need to allow anonymous FTP uploads, then you should set up the permissions so that these files can not be read by other anonymous users until they have been reviewed. Murray Stokely Contributed by File and Print Services for µsoft.windows; clients (Samba) Samba server Microsoft Windows file server Windows clients print server Windows clients Overview Samba is a popular open source software package that provides file and print services for µsoft.windows; clients. Such clients can connect to and use FreeBSD filespace as if it was a local disk drive, or FreeBSD printers as if they were local printers. Samba software packages should be included on your FreeBSD installation media. If you did not install Samba when you first installed FreeBSD, then you can install it from the net/samba3 port or package. Configuration A default Samba configuration file is installed as /usr/local/etc/smb.conf.default. This file must be copied to /usr/local/etc/smb.conf and customized before Samba can be used. The smb.conf file contains runtime configuration information for Samba, such as definitions of the printers and file system shares that you would like to share with &windows; clients. The Samba package includes a web based tool called swat which provides a simple way of configuring the smb.conf file. Using the Samba Web Administration Tool (SWAT) The Samba Web Administration Tool (SWAT) runs as a daemon from inetd. Therefore, the following line in /etc/inetd.conf should be uncommented before swat can be used to configure Samba: swat stream tcp nowait/400 root /usr/local/sbin/swat As explained in , a HangUP Signal must be sent to inetd after this configuration file is changed. Once swat has been enabled in inetd.conf, you can use a browser to connect to . You will first have to log on with the system root account. Once you have successfully logged on to the main Samba configuration page, you can browse the system documentation, or begin by clicking on the Globals tab. The Globals section corresponds to the variables that are set in the [global] section of /usr/local/etc/smb.conf. Global Settings Whether you are using swat or editing /usr/local/etc/smb.conf directly, the first directives you are likely to encounter when configuring Samba are: workgroup NT Domain-Name or Workgroup-Name for the computers that will be accessing this server. netbios name NetBIOS This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. server string This sets the string that will be displayed with the net view command and some other networking tools that seek to display descriptive text about the server. Security Settings Two of the most important settings in /usr/local/etc/smb.conf are the security model chosen, and the backend password format for client users. The following directives control these options: security The two most common options here are security = share and security = user. If your clients use usernames that are the same as their usernames on your &os; machine then you will want to use user level security. This is the default security policy and it requires clients to first log on before they can access shared resources. In share level security, client do not need to log onto the server with a valid username and password before attempting to connect to a shared resource. This was the default security model for older versions of Samba. passdb backend - NIS+ - LDAP - SQL database - Samba has several different backend authentication models. You can - authenticate clients with LDAP, NIS+, a SQL database, + authenticate clients with LDAPLDAP, + NIS+NIS+, a SQL databaseSQL database, or a modified password file. The default authentication method is smbpasswd, and that is all that will be covered here. Assuming that the default smbpasswd backend is used, the /usr/local/private/smbpasswd file must be created to allow Samba to authenticate clients. If you would like to give all of your &unix; user accounts access from &windows; clients, use the following command: &prompt.root; grep -v "^#" /etc/passwd | make_smbpasswd > /usr/local/private/smbpasswd &prompt.root; chmod 600 /usr/local/private/smbpasswd Please see the Samba documentation for additional information about configuration options. With the basics outlined here, you should have everything you need to start running Samba. Starting <application>Samba</application> To enable Samba when your system boots, add the following line to /etc/rc.conf: samba_enable="YES" You can then start Samba at any time by typing: &prompt.root; /usr/local/etc/rc.d/samba.sh start Starting SAMBA: removing stale tdbs : Starting nmbd. Starting smbd. Samba actually consists of three separate daemons. You should see that both the nmbd and smbd daemons are started by the samba.sh script. If you enabled winbind name resolution services in smb.conf, then you will also see that the winbindd daemon is started. You can stop Samba at any time by typing : &prompt.root; /usr/local/etc/rc.d/samba.sh stop Samba is a complex software suite with functionality that allows broad integration with µsoft.windows; networks. For more information about functionality beyond the basic installation described here, please see . Tom Hukins Contributed by Clock Synchronization with NTP NTP Overview Over time, a computer's clock is prone to drift. The Network Time Protocol (NTP) is one way to ensure your clock stays accurate. Many Internet services rely on, or greatly benefit from, computers' clocks being accurate. For example, a web server may receive requests to send a file if it has been modified since a certain time. In a local area network environment, it is essential that computers sharing files from the same file server have synchronized clocks so that file timestamps stay consistent. Services such as &man.cron.8; also rely on an accurate system clock to run commands at the specified times. NTP ntpd FreeBSD ships with the &man.ntpd.8; NTP server which can be used to query other NTP servers to set the clock on your machine or provide time services to others. Choosing Appropriate NTP Servers NTP choosing servers In order to synchronize your clock, you will need to find one or more NTP servers to use. Your network administrator or ISP may have set up an NTP server for this purpose—check their documentation to see if this is the case. There is an online list of publicly accessible NTP servers which you can use to find an NTP server near to you. Make sure you are aware of the policy for any servers you choose, and ask for permission if required. Choosing several unconnected NTP servers is a good idea in case one of the servers you are using becomes unreachable or its clock is unreliable. &man.ntpd.8; uses the responses it receives from other servers intelligently—it will favor unreliable servers less than reliable ones. Configuring Your Machine NTP configuration Basic Configuration ntpdate If you only wish to synchronize your clock when the machine boots up, you can use &man.ntpdate.8;. This may be appropriate for some desktop machines which are frequently rebooted and only require infrequent synchronization, but most machines should run &man.ntpd.8;. Using &man.ntpdate.8; at boot time is also a good idea for machines that run &man.ntpd.8;. The &man.ntpd.8; program changes the clock gradually, whereas &man.ntpdate.8; sets the clock, no matter how great the difference between a machine's current clock setting and the correct time. To enable &man.ntpdate.8; at boot time, add ntpdate_enable="YES" to /etc/rc.conf. You will also need to specify all servers you wish to synchronize with and any flags to be passed to &man.ntpdate.8; in ntpdate_flags. General Configuration NTP ntp.conf NTP is configured by the /etc/ntp.conf file in the format described in &man.ntp.conf.5;. Here is a simple example: server ntplocal.example.com prefer server timeserver.example.org server ntp2a.example.net driftfile /var/db/ntp.drift The server option specifies which servers are to be used, with one server listed on each line. If a server is specified with the prefer argument, as with ntplocal.example.com, that server is preferred over other servers. A response from a preferred server will be discarded if it differs significantly from other servers' responses, otherwise it will be used without any consideration to other responses. The prefer argument is normally used for NTP servers that are known to be highly accurate, such as those with special time monitoring hardware. The driftfile option specifies which file is used to store the system clock's frequency offset. The &man.ntpd.8; program uses this to automatically compensate for the clock's natural drift, allowing it to maintain a reasonably correct setting even if it is cut off from all external time sources for a period of time. The driftfile option specifies which file is used to store information about previous responses from the NTP servers you are using. This file contains internal information for NTP. It should not be modified by any other process. Controlling Access to Your Server By default, your NTP server will be accessible to all hosts on the Internet. The restrict option in /etc/ntp.conf allows you to control which machines can access your server. If you want to deny all machines from accessing your NTP server, add the following line to /etc/ntp.conf: restrict default ignore If you only want to allow machines within your own network to synchronize their clocks with your server, but ensure they are not allowed to configure the server or used as peers to synchronize against, add restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap instead, where 192.168.1.0 is an IP address on your network and 255.255.255.0 is your network's netmask. /etc/ntp.conf can contain multiple restrict options. For more details, see the Access Control Support subsection of &man.ntp.conf.5;. Running the NTP Server To ensure the NTP server is started at boot time, add the line ntpd_enable="YES" to /etc/rc.conf. If you wish to pass additional flags to &man.ntpd.8;, edit the ntpd_flags parameter in /etc/rc.conf. To start the server without rebooting your machine, run ntpd being sure to specify any additional parameters from ntpd_flags in /etc/rc.conf. For example: &prompt.root; ntpd -p /var/run/ntpd.pid Under &os; 4.X, you have to replace every instance of ntpd with xntpd in the options above. Using ntpd with a Temporary Internet Connection The &man.ntpd.8; program does not need a permanent connection to the Internet to function properly. However, if you have a temporary connection that is configured to dial out on demand, it is a good idea to prevent NTP traffic from triggering a dial out or keeping the connection alive. If you are using user PPP, you can use filter directives in /etc/ppp/ppp.conf. For example: set filter dial 0 deny udp src eq 123 # Prevent NTP traffic from initiating dial out set filter dial 1 permit 0 0 set filter alive 0 deny udp src eq 123 # Prevent incoming NTP traffic from keeping the connection open set filter alive 1 deny udp dst eq 123 # Prevent outgoing NTP traffic from keeping the connection open set filter alive 2 permit 0/0 0/0 For more details see the PACKET FILTERING section in &man.ppp.8; and the examples in /usr/share/examples/ppp/. Some Internet access providers block low-numbered ports, preventing NTP from functioning since replies never reach your machine. Further Information Documentation for the NTP server can be found in /usr/share/doc/ntp/ in HTML format. diff --git a/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml index 234cd31fd2..d7d20829a5 100644 --- a/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml +++ b/zh_TW.Big5/books/handbook/ppp-and-slip/chapter.xml @@ -1,3233 +1,3193 @@ Jim Mock Restructured, reorganized, and updated by PPP and SLIP Synopsis PPP SLIP FreeBSD has a number of ways to link one computer to another. To establish a network or Internet connection through a dial-up modem, or to allow others to do so through you, requires the use of PPP or SLIP. This chapter describes setting up these modem-based communication services in detail. After reading this chapter, you will know: How to set up user PPP. How to set up kernel PPP. How to set up PPPoE (PPP over Ethernet). How to set up PPPoA (PPP over ATM). How to configure and set up a SLIP client and server. PPP user PPP PPP kernel PPP PPP over Ethernet Before reading this chapter, you should: Be familiar with basic network terminology. Understand the basics and purpose of a dialup connection and PPP and/or SLIP. You may be wondering what the main difference is between user PPP and kernel PPP. The answer is simple: user PPP processes the inbound and outbound data in userland rather than in the kernel. This is expensive in terms of copying the data between the kernel and userland, but allows a far more feature-rich PPP implementation. User PPP uses the tun device to communicate with the outside world whereas kernel PPP uses the ppp device. Throughout in this chapter, user PPP will simply be referred to as ppp unless a distinction needs to be made between it and any other PPP software such as pppd. Unless otherwise stated, all of the commands explained in this chapter should be executed as root. Tom Rhodes Updated and enhanced by Brian Somers Originally contributed by Nik Clayton With input from Dirk Frömberg Peter Childs Using User PPP User PPP Assumptions This document assumes you have the following: - - ISP - - - PPP - - An account with an Internet Service Provider (ISP) which - you connect to using PPP. + An account with an Internet Service Provider (ISP)ISP which + you connect to using PPPPPP. You have a modem or other device connected to your system and configured correctly which allows you to connect to your ISP. The dial-up number(s) of your ISP. - - PAP - - - CHAP - - - UNIX - - - login name - - - password - - Your login name and password. (Either a - regular &unix; style login and password pair, or a PAP or CHAP + Your login namelogin name and passwordpassword. (Either a + regular &unix;UNIX style login and password pair, or a + PAPPAP or CHAPCHAP login and password pair.) - - nameserver - - - The IP address of one or more name servers. + The IP address of one or more name serversnameserver. Normally, you will be given two IP addresses by your ISP to use for this. If they have not given you at least one, then you can use the enable dns command in ppp.conf and ppp will set the name servers for you. This feature depends on your ISPs PPP implementation supporting DNS negotiation. The following information may be supplied by your ISP, but is not completely necessary: The IP address of your ISP's gateway. The gateway is the machine to which you will connect and will be set up as your default route. If you do not have this information, we can make one up and your ISP's PPP server will tell us the correct value when we connect. This IP number is referred to as HISADDR by ppp. The netmask you should use. If your ISP has not provided you with one, you can safely use 255.255.255.255. - - static IP address - - - If your ISP provides you with a static IP address and + If your ISP provides you with a static IP addressstatic IP address and hostname, you can enter it. Otherwise, we simply let the peer assign whatever IP address it sees fit. If you do not have any of the required information, contact your ISP. Throughout this section, many of the examples showing the contents of configuration files are numbered by line. These numbers serve to aid in the presentation and discussion only and are not meant to be placed in the actual file. Proper indentation with tab and space characters is also important. Creating PPP Device Nodes PPPcreating device nodes Under normal circumstances, most users will only need one tun device (/dev/tun0). References to tun0 below may be changed to tunN where N is any unit number corresponding to your system. For FreeBSD installations that do not have &man.devfs.5; enabled (FreeBSD 4.X and earlier), the existence of the tun0 device should be verified (this is not necessary if &man.devfs.5; is enabled as device nodes will be created on demand). The easiest way to make sure that the tun0 device is configured correctly is to remake the device. To remake the device, do the following: &prompt.root; cd /dev &prompt.root; sh MAKEDEV tun0 If you need 16 tunnel devices in your kernel, you will need to create them. This can be done by executing the following commands: &prompt.root; cd /dev &prompt.root; sh MAKEDEV tun15 Automatic <application>PPP</application> Configuration PPPconfiguration Both ppp and pppd (the kernel level implementation of PPP) use the configuration files located in the /etc/ppp directory. Examples for user ppp can be found in /usr/share/examples/ppp/. Configuring ppp requires that you edit a number of files, depending on your requirements. What you put in them depends to some extent on whether your ISP allocates IP addresses statically (i.e., you get given one IP address, and always use that one) or dynamically (i.e., your IP address changes each time you connect to your ISP). PPP and Static IP Addresses PPPwith static IP addresses You will need to edit the /etc/ppp/ppp.conf configuration file. It should look similar to the example below. Lines that end in a : start in the first column (beginning of the line)— all other lines should be indented as shown using spaces or tabs. 1 default: 2 set log Phase Chat LCP IPCP CCP tun command 3 ident user-ppp VERSION (built COMPILATIONDATE) 4 set device /dev/cuaa0 5 set speed 115200 6 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ 7 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" 8 set timeout 180 9 enable dns 10 11 provider: 12 set phone "(123) 456 7890" 13 set authname foo 14 set authkey bar 15 set login "TIMEOUT 10 \"\" \"\" gin:--gin: \\U word: \\P col: ppp" 16 set timeout 300 17 set ifaddr x.x.x.x y.y.y.y 255.255.255.255 0.0.0.0 18 add default HISADDR Line 1: Identifies the default entry. Commands in this entry are executed automatically when ppp is run. Line 2: Enables logging parameters. When the configuration is working satisfactorily, this line should be reduced to saying set log phase tun in order to avoid excessive log file sizes. Line 3: Tells PPP how to identify itself to the peer. PPP identifies itself to the peer if it has any trouble negotiating and setting up the link, providing information that the peers administrator may find useful when investigating such problems. Line 4: Identifies the device to which the modem is connected. COM1 is /dev/cuaa0 and COM2 is /dev/cuaa1. Line 5: Sets the speed you want to connect at. If 115200 does not work (it should with any reasonably new modem), try 38400 instead. Line 6 & 7: - PPPuser PPP - - The dial string. User PPP uses an expect-send + The dial string. User PPPPPPuser PPP uses an expect-send syntax similar to the &man.chat.8; program. Refer to the manual page for information on the features of this language. Note that this command continues onto the next line for readability. Any command in ppp.conf may do this if the last character on the line is a ``\'' character. Line 8: Sets the idle timeout for the link. 180 seconds is the default, so this line is purely cosmetic. Line 9: Tells PPP to ask the peer to confirm the local resolver settings. If you run a local name server, this line should be commented out or removed. Line 10: A blank line for readability. Blank lines are ignored by PPP. Line 11: Identifies an entry for a provider called provider. This could be changed to the name of your ISP so that later you can use the to start the connection. Line 12: Sets the phone number for this provider. Multiple phone numbers may be specified using the colon (:) or pipe character (|)as a separator. The difference between the two separators is described in &man.ppp.8;. To summarize, if you want to rotate through the numbers, use a colon. If you want to always attempt to dial the first number first and only use the other numbers if the first number fails, use the pipe character. Always quote the entire set of phone numbers as shown. You must enclose the phone number in quotation marks (") if there is any intention on using spaces in the phone number. This can cause a simple, yet subtle error. Line 13 & 14: Identifies the user name and password. When connecting using a &unix; style login prompt, these values are referred to by the set login command using the \U and \P variables. When connecting using PAP or CHAP, these values are used at authentication time. Line 15: - PAP - CHAP If you are using PAP or CHAP, there will be no login at this point, and this line should be commented out or - removed. See PAP and CHAP + removed. See PAPPAP and CHAPCHAP authentication for further details. The login string is of the same chat-like syntax as the dial string. In this example, the string works for a service whose login session looks like this: J. Random Provider login: foo password: bar protocol: ppp You will need to alter this script to suit your own needs. When you write this script for the first time, you should ensure that you have enabled chat logging so you can determine if the conversation is going as expected. Line 16: - timeout - - Sets the default idle timeout (in seconds) for the + Sets the default idle timeouttimeout (in seconds) for the connection. Here, the connection will be closed automatically after 300 seconds of inactivity. If you never want to timeout, set this value to zero or use the command line switch. Line 17: - ISP - Sets the interface addresses. The string x.x.x.x should be replaced by the IP address that your provider has allocated to you. The string y.y.y.y should be replaced by the IP address that your ISP indicated for their gateway (the machine to which you - connect). If your ISP has not given you a gateway + connect). If your ISPISP has not given you a gateway address, use 10.0.0.2/0. If you need to use a guessed address, make sure that you create an entry in /etc/ppp/ppp.linkup as per the instructions for PPP and Dynamic IP addresses. If this line is omitted, ppp cannot run in mode. Line 18: Adds a default route to your ISP's gateway. The special word HISADDR is replaced with the gateway address specified on line 17. It is important that this line appears after line 17, otherwise HISADDR will not yet be initialized. If you do not wish to run ppp in , this line should be moved to the ppp.linkup file. It is not necessary to add an entry to ppp.linkup when you have a static IP address and are running ppp in mode as your routing table entries are already correct before you connect. You may however wish to create an entry to invoke programs after connection. This is explained later with the sendmail example. Example configuration files can be found in the /usr/share/examples/ppp/ directory. PPP and Dynamic IP Addresses PPPwith dynamic IP addresses IPCP If your service provider does not assign static IP addresses, ppp can be configured to negotiate the local and remote addresses. This is done by guessing an IP address and allowing ppp to set it up correctly using the IP Configuration Protocol (IPCP) after connecting. The ppp.conf configuration is the same as PPP and Static IP Addresses, with the following change: 17 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 Again, do not include the line number, it is just for reference. Indentation of at least one space is required. Line 17: The number after the / character is the number of bits of the address that ppp will insist on. You may wish to use IP numbers more appropriate to your circumstances, but the above example will always work. The last argument (0.0.0.0) tells PPP to start negotiations using address 0.0.0.0 rather than 10.0.0.1 and is necessary for some ISPs. Do not use 0.0.0.0 as the first argument to set ifaddr as it prevents PPP from setting up an initial route in mode. If you are not running in mode, you will need to create an entry in /etc/ppp/ppp.linkup. ppp.linkup is used after a connection has been established. At this point, ppp will have assigned the interface addresses and it will now be possible to add the routing table entries: 1 provider: 2 add default HISADDR Line 1: On establishing a connection, ppp will look for an entry in ppp.linkup according to the following rules: First, try to match the same label as we used in ppp.conf. If that fails, look for an entry for the IP address of our gateway. This entry is a four-octet IP style label. If we still have not found an entry, look for the MYADDR entry. Line 2: This line tells ppp to add a default route that points to HISADDR. HISADDR will be replaced with the IP number of the gateway as negotiated by the IPCP. See the pmdemand entry in the files /usr/share/examples/ppp/ppp.conf.sample and /usr/share/examples/ppp/ppp.linkup.sample for a detailed example. Receiving Incoming Calls PPPreceiving incoming calls When you configure ppp to receive incoming calls on a machine connected to a LAN, you must decide if you wish to forward packets to the LAN. If you do, you should allocate the peer an IP number from your LAN's subnet, and use the command enable proxy in your /etc/ppp/ppp.conf file. You should also confirm that the /etc/rc.conf file contains the following: gateway_enable="YES" Which getty? Configuring FreeBSD for Dial-up Services provides a good description on enabling dial-up services using &man.getty.8;. An alternative to getty is mgetty, a smarter version of getty designed with dial-up lines in mind. The advantages of using mgetty is that it actively talks to modems, meaning if port is turned off in /etc/ttys then your modem will not answer the phone. Later versions of mgetty (from 0.99beta onwards) also support the automatic detection of PPP streams, allowing your clients script-less access to your server. Refer to Mgetty and AutoPPP for more information on mgetty. <application>PPP</application> Permissions The ppp command must normally be run as the root user. If however, you wish to allow ppp to run in server mode as a normal user by executing ppp as described below, that user must be given permission to run ppp by adding them to the network group in /etc/group. You will also need to give them access to one or more sections of the configuration file using the allow command: allow users fred mary If this command is used in the default section, it gives the specified users access to everything. PPP Shells for Dynamic-IP Users PPP shells Create a file called /etc/ppp/ppp-shell containing the following: #!/bin/sh IDENT=`echo $0 | sed -e 's/^.*-\(.*\)$/\1/'` CALLEDAS="$IDENT" TTY=`tty` if [ x$IDENT = xdialup ]; then IDENT=`basename $TTY` fi echo "PPP for $CALLEDAS on $TTY" echo "Starting PPP for $IDENT" exec /usr/sbin/ppp -direct $IDENT This script should be executable. Now make a symbolic link called ppp-dialup to this script using the following commands: &prompt.root; ln -s ppp-shell /etc/ppp/ppp-dialup You should use this script as the shell for all of your dialup users. This is an example from /etc/passwd for a dialup PPP user with username pchilds (remember do not directly edit the password file, use &man.vipw.8;). pchilds:*:1011:300:Peter Childs PPP:/home/ppp:/etc/ppp/ppp-dialup Create a /home/ppp directory that is world readable containing the following 0 byte files: -r--r--r-- 1 root wheel 0 May 27 02:23 .hushlogin -r--r--r-- 1 root wheel 0 May 27 02:22 .rhosts which prevents /etc/motd from being displayed. PPP Shells for Static-IP Users PPP shells Create the ppp-shell file as above, and for each account with statically assigned IPs create a symbolic link to ppp-shell. For example, if you have three dialup customers, fred, sam, and mary, that you route class C networks for, you would type the following: &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-fred &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-sam &prompt.root; ln -s /etc/ppp/ppp-shell /etc/ppp/ppp-mary Each of these users dialup accounts should have their shell set to the symbolic link created above (for example, mary's shell should be /etc/ppp/ppp-mary). Setting Up <filename>ppp.conf</filename> for Dynamic-IP Users The /etc/ppp/ppp.conf file should contain something along the lines of: default: set debug phase lcp chat set timeout 0 ttyd0: set ifaddr 203.14.100.1 203.14.100.20 255.255.255.255 enable proxy ttyd1: set ifaddr 203.14.100.1 203.14.100.21 255.255.255.255 enable proxy The indenting is important. The default: section is loaded for each session. For each dialup line enabled in /etc/ttys create an entry similar to the one for ttyd0: above. Each line should get a unique IP address from your pool of IP addresses for dynamic users. Setting Up <filename>ppp.conf</filename> for Static-IP Users Along with the contents of the sample /usr/share/examples/ppp/ppp.conf above you should add a section for each of the statically assigned dialup users. We will continue with our fred, sam, and mary example. fred: set ifaddr 203.14.100.1 203.14.101.1 255.255.255.255 sam: set ifaddr 203.14.100.1 203.14.102.1 255.255.255.255 mary: set ifaddr 203.14.100.1 203.14.103.1 255.255.255.255 The file /etc/ppp/ppp.linkup should also contain routing information for each static IP user if required. The line below would add a route for the 203.14.101.0 class C via the client's ppp link. fred: add 203.14.101.0 netmask 255.255.255.0 HISADDR sam: add 203.14.102.0 netmask 255.255.255.0 HISADDR mary: add 203.14.103.0 netmask 255.255.255.0 HISADDR <command>mgetty</command> and AutoPPP mgetty AutoPPP LCP Configuring and compiling mgetty with the AUTO_PPP option enabled allows mgetty to detect the LCP phase of PPP connections and automatically spawn off a ppp shell. However, since the default login/password sequence does not occur it is necessary to authenticate users using either PAP or CHAP. This section assumes the user has successfully configured, compiled, and installed a version of mgetty with the AUTO_PPP option (v0.99beta or later). Make sure your /usr/local/etc/mgetty+sendfax/login.config file has the following in it: /AutoPPP/ - - /etc/ppp/ppp-pap-dialup This will tell mgetty to run the ppp-pap-dialup script for detected PPP connections. Create a file called /etc/ppp/ppp-pap-dialup containing the following (the file should be executable): #!/bin/sh exec /usr/sbin/ppp -direct pap$IDENT For each dialup line enabled in /etc/ttys, create a corresponding entry in /etc/ppp/ppp.conf. This will happily co-exist with the definitions we created above. pap: enable pap set ifaddr 203.14.100.1 203.14.100.20-203.14.100.40 enable proxy Each user logging in with this method will need to have a username/password in /etc/ppp/ppp.secret file, or alternatively add the following option to authenticate users via PAP from the /etc/passwd file. enable passwdauth If you wish to assign some users a static IP number, you can specify the number as the third argument in /etc/ppp/ppp.secret. See /usr/share/examples/ppp/ppp.secret.sample for examples. MS Extensions DNS NetBIOS PPPMicrosoft extensions It is possible to configure PPP to supply DNS and NetBIOS nameserver addresses on demand. To enable these extensions with PPP version 1.x, the following lines might be added to the relevant section of /etc/ppp/ppp.conf. enable msext set ns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 And for PPP version 2 and above: accept dns set dns 203.14.100.1 203.14.100.2 set nbns 203.14.100.5 This will tell the clients the primary and secondary name server addresses, and a NetBIOS nameserver host. In version 2 and above, if the set dns line is omitted, PPP will use the values found in /etc/resolv.conf. PAP and CHAP Authentication PAP CHAP Some ISPs set their system up so that the authentication part of your connection is done using either of the PAP or CHAP authentication mechanisms. If this is the case, your ISP will not give a login: prompt when you connect, but will start talking PPP immediately. PAP is less secure than CHAP, but security is not normally an issue here as passwords, although being sent as plain text with PAP, are being transmitted down a serial line only. There is not much room for crackers to eavesdrop. Referring back to the PPP and Static IP addresses or PPP and Dynamic IP addresses sections, the following alterations must be made: 13 set authname MyUserName 14 set authkey MyPassword 15 set login Line 13: This line specifies your PAP/CHAP user name. You will need to insert the correct value for MyUserName. Line 14: - password - - This line specifies your PAP/CHAP password. You + This line specifies your PAP/CHAP passwordpassword. You will need to insert the correct value for MyPassword. You may want to add an additional line, such as: 16 accept PAP or 16 accept CHAP to make it obvious that this is the intention, but PAP and CHAP are both accepted by default. Line 15: Your ISP will not normally require that you log into the server if you are using PAP or CHAP. You must therefore disable your set login string. Changing Your <command>ppp</command> Configuration on the Fly It is possible to talk to the ppp program while it is running in the background, but only if a suitable diagnostic port has been set up. To do this, add the following line to your configuration: set server /var/run/ppp-tun%d DiagnosticPassword 0177 This will tell PPP to listen to the specified &unix; domain socket, asking clients for the specified password before allowing access. The %d in the name is replaced with the tun device number that is in use. Once a socket has been set up, the &man.pppctl.8; program may be used in scripts that wish to manipulate the running program. Using PPP Network Address Translation Capability PPPNAT PPP has ability to use internal NAT without kernel diverting capabilities. This functionality may be enabled by the following line in /etc/ppp/ppp.conf: nat enable yes Alternatively, PPP NAT may be enabled by command-line option -nat. There is also /etc/rc.conf knob named ppp_nat, which is enabled by default. If you use this feature, you may also find useful the following /etc/ppp/ppp.conf options to enable incoming connections forwarding: nat port tcp 10.0.0.2:ftp ftp nat port tcp 10.0.0.2:http http or do not trust the outside at all nat deny_incoming yes Final System Configuration PPPconfiguration You now have ppp configured, but there are a few more things to do before it is ready to work. They all involve editing the /etc/rc.conf file. Working from the top down in this file, make sure the hostname= line is set, e.g.: hostname="foo.example.com" If your ISP has supplied you with a static IP address and name, it is probably best that you use this name as your host name. Look for the network_interfaces variable. If you want to configure your system to dial your ISP on demand, make sure the tun0 device is added to the list, otherwise remove it. network_interfaces="lo0 tun0" ifconfig_tun0= The ifconfig_tun0 variable should be empty, and a file called /etc/start_if.tun0 should be created. This file should contain the line: ppp -auto mysystem This script is executed at network configuration time, starting your ppp daemon in automatic mode. If you have a LAN for which this machine is a gateway, you may also wish to use the switch. Refer to the manual page for further details. Make sure that the router program is set to NO with the following line in your /etc/rc.conf: router_enable="NO" routed It is important that the routed daemon is not started, as routed tends to delete the default routing table entries created by ppp. It is probably worth your while ensuring that the sendmail_flags line does not include the option, otherwise sendmail will attempt to do a network lookup every now and then, possibly causing your machine to dial out. You may try: sendmail_flags="-bd" sendmail The downside of this is that you must force sendmail to re-examine the mail queue whenever the ppp link is up by typing: &prompt.root; /usr/sbin/sendmail -q You may wish to use the !bg command in ppp.linkup to do this automatically: 1 provider: 2 delete ALL 3 add 0 0 HISADDR 4 !bg sendmail -bd -q30m SMTP If you do not like this, it is possible to set up a dfilter to block SMTP traffic. Refer to the sample files for further details. All that is left is to reboot the machine. After rebooting, you can now either type: &prompt.root; ppp and then dial provider to start the PPP session, or, if you want ppp to establish sessions automatically when there is outbound traffic (and you have not created the start_if.tun0 script), type: &prompt.root; ppp -auto provider Summary To recap, the following steps are necessary when setting up ppp for the first time: Client side: Ensure that the tun device is built into your kernel. Ensure that the tunN device file is available in the /dev directory. Create an entry in /etc/ppp/ppp.conf. The pmdemand example should suffice for most ISPs. If you have a dynamic IP address, create an entry in /etc/ppp/ppp.linkup. Update your /etc/rc.conf file. Create a start_if.tun0 script if you require demand dialing. Server side: Ensure that the tun device is built into your kernel. Ensure that the tunN device file is available in the /dev directory. Create an entry in /etc/passwd (using the &man.vipw.8; program). Create a profile in this users home directory that runs ppp -direct direct-server or similar. Create an entry in /etc/ppp/ppp.conf. The direct-server example should suffice. Create an entry in /etc/ppp/ppp.linkup. Update your /etc/rc.conf file. Gennady B. Sorokopud Parts originally contributed by Robert Huff Using Kernel PPP Setting Up Kernel PPP PPPkernel PPP Before you start setting up PPP on your machine, make sure that pppd is located in /usr/sbin and the directory /etc/ppp exists. pppd can work in two modes: As a client — you want to connect your machine to the outside world via a PPP serial connection or modem line. - PPPserver - - As a server — your machine is located on + As a serverPPPserver — your machine is located on the network, and is used to connect other computers using PPP. In both cases you will need to set up an options file (/etc/ppp/options or ~/.ppprc if you have more than one user on your machine that uses PPP). You will also need some modem/serial software (preferably comms/kermit), so you can dial and establish a connection with the remote host. Trev Roydhouse Based on information provided by Using <command>pppd</command> as a Client PPPclient Cisco The following /etc/ppp/options might be used to connect to a Cisco terminal server PPP line. crtscts # enable hardware flow control modem # modem control line noipdefault # remote PPP server must supply your IP address # if the remote host does not send your IP during IPCP # negotiation, remove this option passive # wait for LCP packets domain ppp.foo.com # put your domain name here :<remote_ip> # put the IP of remote PPP host here # it will be used to route packets via PPP link # if you didn't specified the noipdefault option # change this line to <local_ip>:<remote_ip> defaultroute # put this if you want that PPP server will be your # default router To connect: Kermit modem Dial to the remote host using Kermit (or some other modem program), and enter your user name and password (or whatever is needed to enable PPP on the remote host). Exit Kermit (without hanging up the line). Enter the following: &prompt.root; /usr/src/usr.sbin/pppd.new/pppd /dev/tty01 19200 Be sure to use the appropriate speed and device name. Now your computer is connected with PPP. If the connection fails, you can add the option to the /etc/ppp/options file, and check console messages to track the problem. Following /etc/ppp/pppup script will make all 3 stages automatic: #!/bin/sh ps ax |grep pppd |grep -v grep pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi ps ax |grep kermit |grep -v grep pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi ifconfig ppp0 down ifconfig ppp0 delete kermit -y /etc/ppp/kermit.dial pppd /dev/tty01 19200 Kermit /etc/ppp/kermit.dial is a Kermit script that dials and makes all necessary authorization on the remote host (an example of such a script is attached to the end of this document). Use the following /etc/ppp/pppdown script to disconnect the PPP line: #!/bin/sh pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` if [ X${pid} != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill -TERM ${pid} fi ps ax |grep kermit |grep -v grep pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi /sbin/ifconfig ppp0 down /sbin/ifconfig ppp0 delete kermit -y /etc/ppp/kermit.hup /etc/ppp/ppptest Check to see if pppd is still running by executing /usr/etc/ppp/ppptest, which should look like this: #!/bin/sh pid=`ps ax| grep pppd |grep -v grep|awk '{print $1;}'` if [ X${pid} != "X" ] ; then echo 'pppd running: PID=' ${pid-NONE} else echo 'No pppd running.' fi set -x netstat -n -I ppp0 ifconfig ppp0 To hang up the modem, execute /etc/ppp/kermit.hup, which should contain: set line /dev/tty01 ; put your modem device here set speed 19200 set file type binary set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none pau 1 out +++ inp 5 OK out ATH0\13 echo \13 exit Here is an alternate method using chat instead of kermit: The following two files are sufficient to accomplish a pppd connection. /etc/ppp/options: /dev/cuaa1 115200 crtscts # enable hardware flow control modem # modem control line connect "/usr/bin/chat -f /etc/ppp/login.chat.script" noipdefault # remote PPP serve must supply your IP address # if the remote host doesn't send your IP during # IPCP negotiation, remove this option passive # wait for LCP packets domain <your.domain> # put your domain name here : # put the IP of remote PPP host here # it will be used to route packets via PPP link # if you didn't specified the noipdefault option # change this line to <local_ip>:<remote_ip> defaultroute # put this if you want that PPP server will be # your default router /etc/ppp/login.chat.script: The following should go on a single line. ABORT BUSY ABORT 'NO CARRIER' "" AT OK ATDT<phone.number> CONNECT "" TIMEOUT 10 ogin:-\\r-ogin: <login-id> TIMEOUT 5 sword: <password> Once these are installed and modified correctly, all you need to do is run pppd, like so: &prompt.root; pppd Using <command>pppd</command> as a Server /etc/ppp/options should contain something similar to the following: crtscts # Hardware flow control netmask 255.255.255.0 # netmask (not required) 192.114.208.20:192.114.208.165 # IP's of local and remote hosts # local ip must be different from one # you assigned to the Ethernet (or other) # interface on your machine. # remote IP is IP address that will be # assigned to the remote machine domain ppp.foo.com # your domain passive # wait for LCP modem # modem line The following /etc/ppp/pppserv script will tell pppd to behave as a server: #!/bin/sh ps ax |grep pppd |grep -v grep pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi ps ax |grep kermit |grep -v grep pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi # reset ppp interface ifconfig ppp0 down ifconfig ppp0 delete # enable autoanswer mode kermit -y /etc/ppp/kermit.ans # run ppp pppd /dev/tty01 19200 Use this /etc/ppp/pppservdown script to stop the server: #!/bin/sh ps ax |grep pppd |grep -v grep pid=`ps ax |grep pppd |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing pppd, PID=' ${pid} kill ${pid} fi ps ax |grep kermit |grep -v grep pid=`ps ax |grep kermit |grep -v grep|awk '{print $1;}'` if [ "X${pid}" != "X" ] ; then echo 'killing kermit, PID=' ${pid} kill -9 ${pid} fi ifconfig ppp0 down ifconfig ppp0 delete kermit -y /etc/ppp/kermit.noans The following Kermit script (/etc/ppp/kermit.ans) will enable/disable autoanswer mode on your modem. It should look like this: set line /dev/tty01 set speed 19200 set file type binary set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none pau 1 out +++ inp 5 OK out ATH0\13 inp 5 OK echo \13 out ATS0=1\13 ; change this to out ATS0=0\13 if you want to disable ; autoanswer mode inp 5 OK echo \13 exit A script named /etc/ppp/kermit.dial is used for dialing and authenticating on the remote host. You will need to customize it for your needs. Put your login and password in this script; you will also need to change the input statement depending on responses from your modem and remote host. ; ; put the com line attached to the modem here: ; set line /dev/tty01 ; ; put the modem speed here: ; set speed 19200 set file type binary ; full 8 bit file xfer set file names literal set win 8 set rec pack 1024 set send pack 1024 set block 3 set term bytesize 8 set command bytesize 8 set flow none set modem hayes set dial hangup off set carrier auto ; Then SET CARRIER if necessary, set dial display on ; Then SET DIAL if necessary, set input echo on set input timeout proceed set input case ignore def \%x 0 ; login prompt counter goto slhup :slcmd ; put the modem in command mode echo Put the modem in command mode. clear ; Clear unread characters from input buffer pause 1 output +++ ; hayes escape sequence input 1 OK\13\10 ; wait for OK if success goto slhup output \13 pause 1 output at\13 input 1 OK\13\10 if fail goto slcmd ; if modem doesn't answer OK, try again :slhup ; hang up the phone clear ; Clear unread characters from input buffer pause 1 echo Hanging up the phone. output ath0\13 ; hayes command for on hook input 2 OK\13\10 if fail goto slcmd ; if no OK answer, put modem in command mode :sldial ; dial the number pause 1 echo Dialing. output atdt9,550311\13\10 ; put phone number here assign \%x 0 ; zero the time counter :look clear ; Clear unread characters from input buffer increment \%x ; Count the seconds input 1 {CONNECT } if success goto sllogin reinput 1 {NO CARRIER\13\10} if success goto sldial reinput 1 {NO DIALTONE\13\10} if success goto slnodial reinput 1 {\255} if success goto slhup reinput 1 {\127} if success goto slhup if < \%x 60 goto look else goto slhup :sllogin ; login assign \%x 0 ; zero the time counter pause 1 echo Looking for login prompt. :slloop increment \%x ; Count the seconds clear ; Clear unread characters from input buffer output \13 ; ; put your expected login prompt here: ; input 1 {Username: } if success goto sluid reinput 1 {\255} if success goto slhup reinput 1 {\127} if success goto slhup if < \%x 10 goto slloop ; try 10 times to get a login prompt else goto slhup ; hang up and start again if 10 failures :sluid ; ; put your userid here: ; output ppp-login\13 input 1 {Password: } ; ; put your password here: ; output ppp-password\13 input 1 {Entering SLIP mode.} echo quit :slnodial echo \7No dialtone. Check the telephone line!\7 exit 1 ; local variables: ; mode: csh ; comment-start: "; " ; comment-start-skip: "; " ; end: Tom Rhodes Contributed by Troubleshooting <acronym>PPP</acronym> Connections PPPtroubleshooting This section covers a few issues which may arise when using PPP over a modem connection. For instance, perhaps you need to know exactly what prompts the system you are dialing into will present. Some ISPs present the ssword prompt, and others will present password; if the ppp script is not written accordingly, the login attempt will fail. The most common way to debug ppp connections is by connecting manually. The following information will walk you through a manual connection step by step. Check the Device Nodes If you reconfigured your kernel then you recall the sio device. If you did not configure your kernel, there is no reason to worry. Just check the dmesg output for the modem device with: &prompt.root; dmesg | grep sio You should get some pertinent output about the sio devices. These are the COM ports we need. If your modem acts like a standard serial port then you should see it listed on sio1, or COM2. If so, you are not required to rebuild the kernel, you just need to make the serial device. You can do this by changing your directory to /dev and running the MAKEDEV script like above. Now make the serial devices with: &prompt.root; sh MAKEDEV cuaa0 cuaa1 cuaa2 cuaa3 which will create the serial devices for your system. When matching up sio modem is on sio1 or COM2 if you are in DOS, then your modem device would be /dev/cuaa1. Connecting Manually Connecting to the Internet by manually controlling ppp is quick, easy, and a great way to debug a connection or just get information on how your ISP treats ppp client connections. Lets start PPP from the command line. Note that in all of our examples we will use example as the hostname of the machine running PPP. You start ppp by just typing ppp: &prompt.root; ppp We have now started ppp. ppp ON example> set device /dev/cuaa1 We set our modem device, in this case it is cuaa1. ppp ON example> set speed 115200 Set the connection speed, in this case we are using 115,200 kbps. ppp ON example> enable dns Tell ppp to configure our resolver and add the nameserver lines to /etc/resolv.conf. If ppp cannot determine our hostname, we can set one manually later. ppp ON example> term Switch to terminal mode so that we can manually control the modem. deflink: Entering terminal mode on /dev/cuaa1 type '~h' for help at OK atdt123456789 Use at to initialize the modem, then use atdt and the number for your ISP to begin the dial in process. CONNECT Confirmation of the connection, if we are going to have any connection problems, unrelated to hardware, here is where we will attempt to resolve them. ISP Login:myusername Here you are prompted for a username, return the prompt with the username that was provided by the ISP. ISP Pass:mypassword This time we are prompted for a password, just reply with the password that was provided by the ISP. Just like logging into &os;, the password will not echo. Shell or PPP:ppp Depending on your ISP this prompt may never appear. Here we are being asked if we wish to use a shell on the provider, or to start ppp. In this example, we have chosen to use ppp as we want an Internet connection. Ppp ON example> Notice that in this example the first has been capitalized. This shows that we have successfully connected to the ISP. PPp ON example> We have successfully authenticated with our ISP and are waiting for the assigned IP address. PPP ON example> We have made an agreement on an IP address and successfully completed our connection. PPP ON example>add default HISADDR Here we add our default route, we need to do this before we can talk to the outside world as currently the only established connection is with the peer. If this fails due to existing routes you can put a bang character ! in front of the . Alternatively, you can set this before making the actual connection and it will negotiate a new route accordingly. If everything went good we should now have an active connection to the Internet, which could be thrown into the background using CTRL z If you notice the PPP return to ppp then we have lost our connection. This is good to know because it shows our connection status. Capital P's show that we have a connection to the ISP and lowercase p's show that the connection has been lost for whatever reason. ppp only has these 2 states. Debugging If you have a direct line and cannot seem to make a connection, then turn hardware flow CTS/RTS to off with the . This is mainly the case if you are connected to some PPP capable terminal servers, where PPP hangs when it tries to write data to your communication link, so it would be waiting for a CTS, or Clear To Send signal which may never come. If you use this option however, you should also use the option, which may be required to defeat hardware dependent on passing certain characters from end to end, most of the time XON/XOFF. See the &man.ppp.8; manual page for more information on this option, and how it is used. If you have an older modem, you may need to use the . Parity is set at none be default, but is used for error checking (with a large increase in traffic) on older modems and some ISPs. You may need this option for the Compuserve ISP. PPP may not return to the command mode, which is usually a negotiation error where the ISP is waiting for your side to start negotiating. At this point, using the ~p command will force ppp to start sending the configuration information. If you never obtain a login prompt, then most likely you need to use PAP or CHAP authentication instead of the &unix; style in the example above. To use PAP or CHAP just add the following options to PPP before going into terminal mode: ppp ON example> set authname myusername Where myusername should be replaced with the username that was assigned by the ISP. ppp ON example> set authkey mypassword Where mypassword should be replaced with the password that was assigned by the ISP. If you connect fine, but cannot seem to find any domain name, try to use &man.ping.8; with an IP address and see if you can get any return information. If you experience 100 percent (100%) packet loss, then it is most likely that you were not assigned a default route. Double check that the option was set during the connection. If you can connect to a remote IP address then it is possible that a resolver address has not been added to the /etc/resolv.conf. This file should look like: domain example.com nameserver x.x.x.x nameserver y.y.y.y Where x.x.x.x and y.y.y.y should be replaced with the IP address of your ISP's DNS servers. This information may or may not have been provided when you signed up, but a quick call to your ISP should remedy that. You could also have &man.syslog.3; provide a logging function for your PPP connection. Just add: !ppp *.* /var/log/ppp.log to /etc/syslog.conf. In most cases, this functionality already exists. Jim Mock Contributed (from http://node.to/freebsd/how-tos/how-to-freebsd-pppoe.html) by Using PPP over Ethernet (PPPoE) PPPover Ethernet PPPoE PPP, over Ethernet This section describes how to set up PPP over Ethernet (PPPoE). Configuring the Kernel No kernel configuration is necessary for PPPoE any longer. If the necessary netgraph support is not built into the kernel, it will be dynamically loaded by ppp. Setting Up <filename>ppp.conf</filename> Here is an example of a working ppp.conf: default: set log Phase tun command # you can add more detailed logging if you wish set ifaddr 10.0.0.1/0 10.0.0.2/0 name_of_service_provider: set device PPPoE:xl1 # replace xl1 with your Ethernet device set authname YOURLOGINNAME set authkey YOURPASSWORD set dial set login add default HISADDR Running <application>ppp</application> As root, you can run: &prompt.root; ppp -ddial name_of_service_provider Starting <application>ppp</application> at Boot Add the following to your /etc/rc.conf file: ppp_enable="YES" ppp_mode="ddial" ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO ppp_profile="name_of_service_provider" Using a PPPoE Service Tag Sometimes it will be necessary to use a service tag to establish your connection. Service tags are used to distinguish between different PPPoE servers attached to a given network. You should have been given any required service tag information in the documentation provided by your ISP. If you cannot locate it there, ask your ISP's tech support personnel. As a last resort, you could try the method suggested by the Roaring Penguin PPPoE program which can be found in the Ports Collection. Bear in mind however, this may de-program your modem and render it useless, so think twice before doing it. Simply install the program shipped with the modem by your provider. Then, access the System menu from the program. The name of your profile should be listed there. It is usually ISP. The profile name (service tag) will be used in the PPPoE configuration entry in ppp.conf as the provider part of the set device command (see the &man.ppp.8; manual page for full details). It should look like this: set device PPPoE:xl1:ISP Do not forget to change xl1 to the proper device for your Ethernet card. Do not forget to change ISP to the profile you have just found above. For additional information, see: Cheaper Broadband with FreeBSD on DSL by Renaud Waldura. Nutzung von T-DSL und T-Online mit FreeBSD by Udo Erdelhoff (in German). PPPoE with a &tm.3com; <trademark class="registered">HomeConnect</trademark> ADSL Modem Dual Link This modem does not follow RFC 2516 (A Method for transmitting PPP over Ethernet (PPPoE), written by L. Mamakos, K. Lidl, J. Evarts, D. Carrel, D. Simone, and R. Wheeler). Instead, different packet type codes have been used for the Ethernet frames. Please complain to 3Com if you think it should comply with the PPPoE specification. In order to make FreeBSD capable of communicating with this device, a sysctl must be set. This can be done automatically at boot time by updating /etc/sysctl.conf: net.graph.nonstandard_pppoe=1 or can be done immediately with the command: &prompt.root; sysctl net.graph.nonstandard_pppoe=1 Unfortunately, because this is a system-wide setting, it is not possible to talk to a normal PPPoE client or server and a &tm.3com; HomeConnect ADSL Modem at the same time. Using <application>PPP</application> over ATM (PPPoA) PPPover ATM PPPoA PPP, over ATM The following describes how to set up PPP over ATM (PPPoA). PPPoA is a popular choice among European DSL providers. Using PPPoA with the Alcatel &speedtouch; USB PPPoA support for this device is supplied as a port in FreeBSD because the firmware is distributed under Alcatel's license agreement and can not be redistributed freely with the base system of FreeBSD. To install the software, simply use the Ports Collection. Install the net/pppoa port and follow the instructions provided with it. Like many USB devices, the Alcatel &speedtouch; USB needs to download firmware from the host computer to operate properly. It is possible to automate this process in &os; so that this transfer takes place whenever the device is plugged into a USB port. The following information can be added to the /etc/usbd.conf file to enable this automatic firmware transfer. This file must be edited as the root user. device "Alcatel SpeedTouch USB" devname "ugen[0-9]+" vendor 0x06b9 product 0x4061 attach "/usr/local/sbin/modem_run -f /usr/local/libdata/mgmt.o" To enable the USB daemon, usbd, put the following the line into /etc/rc.conf: usbd_enable="YES" It is also possible to set up ppp to dial up at startup. To do this add the following lines to /etc/rc.conf. Again, for this procedure you will need to be logged in as the root user. ppp_enable="YES" ppp_mode="ddial" ppp_profile="adsl" For this to work correctly you will need to have used the sample ppp.conf which is supplied with the net/pppoa port. Using mpd You can use mpd to connect to a variety of services, in particular PPTP services. You can find mpd in the Ports Collection, net/mpd. Many ADSL modems require that a PPTP tunnel is created between the modem and computer, one such modem is the Alcatel &speedtouch; Home. First you must install the port, and then you can configure mpd to suit your requirements and provider settings. The port places a set of sample configuration files which are well documented in PREFIX/etc/mpd/. Note here that PREFIX means the directory into which your ports are installed, this defaults to /usr/local/. A complete guide to configure mpd is available in HTML format once the port has been installed. It is placed in PREFIX/share/doc/mpd/. Here is a sample configuration for connecting to an ADSL service with mpd. The configuration is spread over two files, first the mpd.conf: default: load adsl adsl: new -i ng0 adsl adsl set bundle authname username set bundle password password set bundle disable multilink set link no pap acfcomp protocomp set link disable chap set link accept chap set link keep-alive 30 10 set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface route default set iface disable on-demand set iface enable proxy-arp set iface idle 0 open The username used to authenticate with your ISP. The password used to authenticate with your ISP. The mpd.links file contains information about the link, or links, you wish to establish. An example mpd.links to accompany the above example is given beneath: adsl: set link type pptp set pptp mode active set pptp enable originate outcall set pptp self 10.0.0.1 set pptp peer 10.0.0.138 The IP address of your &os; computer which you will be using mpd from. The IP address of your ADSL modem. For the Alcatel &speedtouch; Home this address defaults to 10.0.0.138. It is possible to initialize the connection easily by issuing the following command as root: &prompt.root; mpd -b adsl You can see the status of the connection with the following command: &prompt.user; ifconfig ng0 ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1500 inet 216.136.204.117 --> 204.152.186.171 netmask 0xffffffff Using mpd is the recommended way to connect to an ADSL service with &os;. Using pptpclient It is also possible to use FreeBSD to connect to other PPPoA services using net/pptpclient. To use net/pptpclient to connect to a DSL service, install the port or package and edit your /etc/ppp/ppp.conf. You will need to be root to perform both of these operations. An example section of ppp.conf is given below. For further information on ppp.conf options consult the ppp manual page, &man.ppp.8;. adsl: set log phase chat lcp ipcp ccp tun command set timeout 0 enable dns set authname username set authkey password set ifaddr 0 0 add default HISADDR The username of your account with the DSL provider. The password for your account. Because you must put your account's password in the ppp.conf file in plain text form you should make sure than nobody can read the contents of this file. The following series of commands will make sure the file is only readable by the root account. Refer to the manual pages for &man.chmod.1; and &man.chown.8; for further information. &prompt.root; chown root:wheel /etc/ppp/ppp.conf &prompt.root; chmod 600 /etc/ppp/ppp.conf This will open a tunnel for a PPP session to your DSL router. Ethernet DSL modems have a preconfigured LAN IP address which you connect to. In the case of the Alcatel &speedtouch; Home this address is 10.0.0.138. Your router documentation should tell you which address your device uses. To open the tunnel and start a PPP session execute the following command: &prompt.root; pptp address adsl You may wish to add an ampersand (&) to the end of the previous command because pptp will not return your prompt to you otherwise. A tun virtual tunnel device will be created for interaction between the pptp and ppp processes. Once you have been returned to your prompt, or the pptp process has confirmed a connection you can examine the tunnel like so: &prompt.user; ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 216.136.204.21 --> 204.152.186.171 netmask 0xffffff00 Opened by PID 918 If you are unable to connect, check the configuration of your router, which is usually accessible via telnet or with a web browser. If you still cannot connect you should examine the output of the pptp command and the contents of the ppp log file, /var/log/ppp.log for clues. Satoshi Asami Originally contributed by Guy Helmer With input from Piero Serini Using SLIP SLIP Setting Up a SLIP Client SLIPclient The following is one way to set up a FreeBSD machine for SLIP on a static host network. For dynamic hostname assignments (your address changes each time you dial up), you probably need to have a more complex setup. First, determine which serial port your modem is connected to. Many people set up a symbolic link, such as /dev/modem, to point to the real device name, /dev/cuaaN (or /dev/cuadN under &os; 6.X). This allows you to abstract the actual device name should you ever need to move the modem to a different port. It can become quite cumbersome when you need to fix a bunch of files in /etc and .kermrc files all over the system! /dev/cuaa0 (or /dev/cuad0 under &os; 6.X) is COM1, cuaa1 (or /dev/cuad1) is COM2, etc. Make sure you have the following in your kernel configuration file: device sl Under &os; 4.X, use instead the following line: pseudo-device sl 1 It is included in the GENERIC kernel, so this should not be a problem unless you have deleted it. Things You Have to Do Only Once Add your home machine, the gateway and nameservers to your /etc/hosts file. Ours looks like this: 127.0.0.1 localhost loghost 136.152.64.181 water.CS.Example.EDU water.CS water 136.152.64.1 inr-3.CS.Example.EDU inr-3 slip-gateway 128.32.136.9 ns1.Example.EDU ns1 128.32.136.12 ns2.Example.EDU ns2 Make sure you have hosts before bind in your /etc/host.conf on FreeBSD versions prior to 5.0. Since FreeBSD 5.0, the system uses the file /etc/nsswitch.conf instead, make sure you have files before dns in the line of this file. Without these parameters funny things may happen. Edit the /etc/rc.conf file. Set your hostname by editing the line that says: hostname="myname.my.domain" Your machine's full Internet hostname should be placed here. default route - Designate the default router by changing the + Designate the default routerdefault route by changing the line: defaultrouter="NO" to: defaultrouter="slip-gateway" Make a file /etc/resolv.conf which contains: domain CS.Example.EDU nameserver 128.32.136.9 nameserver 128.32.136.12 nameserver domain name As you can see, these set up the nameserver hosts. Of course, the actual domain names and addresses depend on your environment. Set the password for root and toor (and any other accounts that do not have a password). Reboot your machine and make sure it comes up with the correct hostname. Making a SLIP Connection SLIPconnecting with Dial up, type slip at the prompt, enter your machine name and password. What is required to be entered depends on your environment. If you use Kermit, you can try a script like this: # kermit setup set modem hayes set line /dev/modem set speed 115200 set parity none set flow rts/cts set terminal bytesize 8 set file type binary # The next macro will dial up and login define slip dial 643-9600, input 10 =>, if failure stop, - output slip\x0d, input 10 Username:, if failure stop, - output silvia\x0d, input 10 Password:, if failure stop, - output ***\x0d, echo \x0aCONNECTED\x0a Of course, you have to change the username and password to fit yours. After doing so, you can just type slip from the Kermit prompt to connect. Leaving your password in plain text anywhere in the filesystem is generally a bad idea. Do it at your own risk. Leave the Kermit there (you can suspend it by Ctrl z ) and as root, type: &prompt.root; slattach -h -c -s 115200 /dev/modem If you are able to ping hosts on the other side of the router, you are connected! If it does not work, you might want to try instead of as an argument to slattach. How to Shutdown the Connection Do the following: &prompt.root; kill -INT `cat /var/run/slattach.modem.pid` to kill slattach. Keep in mind you must be root to do the above. Then go back to kermit (by running fg if you suspended it) and exit from it (q). The &man.slattach.8; manual page says you have to use ifconfig sl0 down to mark the interface down, but this does not seem to make any difference. (ifconfig sl0 reports the same thing.) Some times, your modem might refuse to drop the carrier. In that case, simply start kermit and quit it again. It usually goes out on the second try. Troubleshooting If it does not work, feel free to ask on &a.net.name; mailing list. The things that people tripped over so far: Not using or in slattach (This should not be fatal, but some users have reported that this solves their problems.) Using instead of (might be hard to see the difference on some fonts). Try ifconfig sl0 to see your interface status. For example, you might get: &prompt.root; ifconfig sl0 sl0: flags=10<POINTOPOINT> inet 136.152.64.181 --> 136.152.64.1 netmask ffffff00 If you get no route to host messages from &man.ping.8;, there may be a problem with your routing table. You can use the netstat -r command to display the current routes : &prompt.root; netstat -r Routing tables Destination Gateway Flags Refs Use IfaceMTU Rtt Netmasks: (root node) (root node) Route Tree for Protocol Family inet: (root node) => default inr-3.Example.EDU UG 8 224515 sl0 - - localhost.Exampl localhost.Example. UH 5 42127 lo0 - 0.438 inr-3.Example.ED water.CS.Example.E UH 1 0 sl0 - - water.CS.Example localhost.Example. UGH 34 47641234 lo0 - 0.438 (root node) The preceding examples are from a relatively busy system. The numbers on your system will vary depending on network activity. Setting Up a SLIP Server SLIPserver This document provides suggestions for setting up SLIP Server services on a FreeBSD system, which typically means configuring your system to automatically startup connections upon login for remote SLIP clients. Prerequisites TCP/IP networking This section is very technical in nature, so background knowledge is required. It is assumed that you are familiar with the TCP/IP network protocol, and in particular, network and node addressing, network address masks, subnetting, routing, and routing protocols, such as RIP. Configuring SLIP services on a dial-up server requires a knowledge of these concepts, and if you are not familiar with them, please read a copy of either Craig Hunt's TCP/IP Network Administration published by O'Reilly & Associates, Inc. (ISBN Number 0-937175-82-X), or Douglas Comer's books on the TCP/IP protocol. modem It is further assumed that you have already set up your modem(s) and configured the appropriate system files to allow logins through your modems. If you have not prepared your system for this yet, please see for details on dialup services configuration. You may also want to check the manual pages for &man.sio.4; for information on the serial port device driver and &man.ttys.5;, &man.gettytab.5;, &man.getty.8;, & &man.init.8; for information relevant to configuring the system to accept logins on modems, and perhaps &man.stty.1; for information on setting serial port parameters (such as clocal for directly-connected serial interfaces). Quick Overview In its typical configuration, using FreeBSD as a SLIP server works as follows: a SLIP user dials up your FreeBSD SLIP Server system and logs in with a special SLIP login ID that uses /usr/sbin/sliplogin as the special user's shell. The sliplogin program browses the file /etc/sliphome/slip.hosts to find a matching line for the special user, and if it finds a match, connects the serial line to an available SLIP interface and then runs the shell script /etc/sliphome/slip.login to configure the SLIP interface. An Example of a SLIP Server Login For example, if a SLIP user ID were Shelmerg, Shelmerg's entry in /etc/master.passwd would look something like this: Shelmerg:password:1964:89::0:0:Guy Helmer - SLIP:/usr/users/Shelmerg:/usr/sbin/sliplogin When Shelmerg logs in, sliplogin will search /etc/sliphome/slip.hosts for a line that had a matching user ID; for example, there may be a line in /etc/sliphome/slip.hosts that reads: Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp sliplogin will find that matching line, hook the serial line into the next available SLIP interface, and then execute /etc/sliphome/slip.login like this: /etc/sliphome/slip.login 0 19200 Shelmerg dc-slip sl-helmer 0xfffffc00 autocomp If all goes well, /etc/sliphome/slip.login will issue an ifconfig for the SLIP interface to which sliplogin attached itself (SLIP interface 0, in the above example, which was the first parameter in the list given to slip.login) to set the local IP address (dc-slip), remote IP address (sl-helmer), network mask for the SLIP interface (0xfffffc00), and any additional flags (autocomp). If something goes wrong, sliplogin usually logs good informational messages via the syslogd daemon facility, which usually logs to /var/log/messages (see the manual pages for &man.syslogd.8; and &man.syslog.conf.5; and perhaps check /etc/syslog.conf to see to what syslogd is logging and where it is logging to). Kernel Configuration kernelconfiguration SLIP &os;'s default kernel (GENERIC) comes with SLIP (&man.sl.4;) support; in case of a custom kernel, you have to add the following line to your kernel configuration file: device sl Under &os; 4.X, use instead the following line: pseudo-device sl 2 The number at the end of the line is the maximum number of SLIP connections that may be operating simultaneously. Since &os; 5.0, the &man.sl.4; driver is auto-cloning. By default, your &os; machine will not forward packets. If you want your FreeBSD SLIP Server to act as a router, you will have to edit the /etc/rc.conf file and change the setting of the gateway_enable variable to . You will then need to reboot for the new settings to take effect. Please refer to on Configuring the FreeBSD Kernel for help in reconfiguring your kernel. Sliplogin Configuration As mentioned earlier, there are three files in the /etc/sliphome directory that are part of the configuration for /usr/sbin/sliplogin (see &man.sliplogin.8; for the actual manual page for sliplogin): slip.hosts, which defines the SLIP users and their associated IP addresses; slip.login, which usually just configures the SLIP interface; and (optionally) slip.logout, which undoes slip.login's effects when the serial connection is terminated. <filename>slip.hosts</filename> Configuration /etc/sliphome/slip.hosts contains lines which have at least four items separated by whitespace: SLIP user's login ID Local address (local to the SLIP server) of the SLIP link Remote address of the SLIP link Network mask The local and remote addresses may be host names (resolved to IP addresses by /etc/hosts or by the domain name service, depending on your specifications in the file /etc/nsswitch.conf, or in /etc/host.conf if you use FreeBSD 4.X), and the network mask may be a name that can be resolved by a lookup into /etc/networks. On a sample system, /etc/sliphome/slip.hosts looks like this: # # login local-addr remote-addr mask opt1 opt2 # (normal,compress,noicmp) # Shelmerg dc-slip sl-helmerg 0xfffffc00 autocomp At the end of the line is one or more of the options: — no header compression — compress headers — compress headers if the remote end allows it — disable ICMP packets (so any ping packets will be dropped instead of using up your bandwidth) SLIP TCP/IP networking Your choice of local and remote addresses for your SLIP links depends on whether you are going to dedicate a TCP/IP subnet or if you are going to use proxy ARP on your SLIP server (it is not true proxy ARP, but that is the terminology used in this section to describe it). If you are not sure which method to select or how to assign IP addresses, please refer to the TCP/IP books referenced in the SLIP Prerequisites () and/or consult your IP network manager. If you are going to use a separate subnet for your SLIP clients, you will need to allocate the subnet number out of your assigned IP network number and assign each of your SLIP client's IP numbers out of that subnet. Then, you will probably need to configure a static route to the SLIP subnet via your SLIP server on your nearest IP router. Ethernet Otherwise, if you will use the proxy ARP method, you will need to assign your SLIP client's IP addresses out of your SLIP server's Ethernet subnet, and you will also need to adjust your /etc/sliphome/slip.login and /etc/sliphome/slip.logout scripts to use &man.arp.8; to manage the proxy-ARP entries in the SLIP server's ARP table. <filename>slip.login</filename> Configuration The typical /etc/sliphome/slip.login file looks like this: #!/bin/sh - # # @(#)slip.login 5.1 (Berkeley) 7/1/90 # # generic login file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 inet $4 $5 netmask $6 This slip.login file merely runs ifconfig for the appropriate SLIP interface with the local and remote addresses and network mask of the SLIP interface. If you have decided to use the proxy ARP method (instead of using a separate subnet for your SLIP clients), your /etc/sliphome/slip.login file will need to look something like this: #!/bin/sh - # # @(#)slip.login 5.1 (Berkeley) 7/1/90 # # generic login file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 inet $4 $5 netmask $6 # Answer ARP requests for the SLIP client with our Ethernet addr /usr/sbin/arp -s $5 00:11:22:33:44:55 pub The additional line in this slip.login, arp -s $5 00:11:22:33:44:55 pub, creates an ARP entry in the SLIP server's ARP table. This ARP entry causes the SLIP server to respond with the SLIP server's Ethernet MAC address whenever another IP node on the Ethernet asks to speak to the SLIP client's IP address. EthernetMAC address When using the example above, be sure to replace the Ethernet MAC address (00:11:22:33:44:55) with the MAC address of your system's Ethernet card, or your proxy ARP will definitely not work! You can discover your SLIP server's Ethernet MAC address by looking at the results of running netstat -i; the second line of the output should look something like: ed0 1500 <Link>0.2.c1.28.5f.4a 191923 0 129457 0 116 This indicates that this particular system's Ethernet MAC address is 00:02:c1:28:5f:4a — the periods in the Ethernet MAC address given by netstat -i must be changed to colons and leading zeros should be added to each single-digit hexadecimal number to convert the address into the form that &man.arp.8; desires; see the manual page on &man.arp.8; for complete information on usage. When you create /etc/sliphome/slip.login and /etc/sliphome/slip.logout, the execute bit (i.e., chmod 755 /etc/sliphome/slip.login /etc/sliphome/slip.logout) must be set, or sliplogin will be unable to execute it. <filename>slip.logout</filename> Configuration /etc/sliphome/slip.logout is not strictly needed (unless you are implementing proxy ARP), but if you decide to create it, this is an example of a basic slip.logout script: #!/bin/sh - # # slip.logout # # logout file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 down If you are using proxy ARP, you will want to have /etc/sliphome/slip.logout remove the ARP entry for the SLIP client: #!/bin/sh - # # @(#)slip.logout # # logout file for a slip line. sliplogin invokes this with # the parameters: # 1 2 3 4 5 6 7-n # slipunit ttyspeed loginname local-addr remote-addr mask opt-args # /sbin/ifconfig sl$1 down # Quit answering ARP requests for the SLIP client /usr/sbin/arp -d $5 The arp -d $5 removes the ARP entry that the proxy ARP slip.login added when the SLIP client logged in. It bears repeating: make sure /etc/sliphome/slip.logout has the execute bit set after you create it (i.e., chmod 755 /etc/sliphome/slip.logout). Routing Considerations SLIP routing If you are not using the proxy ARP method for routing packets between your SLIP clients and the rest of your network (and perhaps the Internet), you will probably have to add static routes to your closest default router(s) to route your SLIP clients subnet via your SLIP server. Static Routes static routes Adding static routes to your nearest default routers can be troublesome (or impossible if you do not have authority to do so...). If you have a multiple-router network in your organization, some routers, such as those made by Cisco and Proteon, may not only need to be configured with the static route to the SLIP subnet, but also need to be told which static routes to tell other routers about, so some expertise and troubleshooting/tweaking may be necessary to get static-route-based routing to work. Running <application>&gated;</application> &gated; &gated; is proprietary software now and will not be available as source code to the public anymore (more info on the &gated; website). This section only exists to ensure backwards compatibility for those that are still using an older version. An alternative to the headaches of static routes is to install &gated; on your FreeBSD SLIP server and configure it to use the appropriate routing protocols (RIP/OSPF/BGP/EGP) to tell other routers about your SLIP subnet. You will need to write a /etc/gated.conf file to configure your &gated;; here is a sample, similar to what the author used on a FreeBSD SLIP server: # # gated configuration file for dc.dsu.edu; for gated version 3.5alpha5 # Only broadcast RIP information for xxx.xxx.yy out the ed Ethernet interface # # # tracing options # traceoptions "/var/tmp/gated.output" replace size 100k files 2 general ; rip yes { interface sl noripout noripin ; interface ed ripin ripout version 1 ; traceoptions route ; } ; # # Turn on a bunch of tracing info for the interface to the kernel: kernel { traceoptions remnants request routes info interface ; } ; # # Propagate the route to xxx.xxx.yy out the Ethernet interface via RIP # export proto rip interface ed { proto direct { xxx.xxx.yy mask 255.255.252.0 metric 1; # SLIP connections } ; } ; # # Accept routes from RIP via ed Ethernet interfaces import proto rip interface ed { all ; } ; RIP The above sample gated.conf file broadcasts routing information regarding the SLIP subnet xxx.xxx.yy via RIP onto the Ethernet; if you are using a different Ethernet driver than the ed driver, you will need to change the references to the ed interface appropriately. This sample file also sets up tracing to /var/tmp/gated.output for debugging &gated;'s activity; you can certainly turn off the tracing options if &gated; works correctly for you. You will need to change the xxx.xxx.yy's into the network address of your own SLIP subnet (be sure to change the net mask in the proto direct clause as well). Once you have installed and configured &gated; on your system, you will need to tell the FreeBSD startup scripts to run &gated; in place of routed. The easiest way to accomplish this is to set the router and router_flags variables in /etc/rc.conf. Please see the manual page for &gated; for information on command-line parameters. diff --git a/zh_TW.Big5/books/handbook/printing/chapter.xml b/zh_TW.Big5/books/handbook/printing/chapter.xml index acec03c739..4e07ddb9f0 100644 --- a/zh_TW.Big5/books/handbook/printing/chapter.xml +++ b/zh_TW.Big5/books/handbook/printing/chapter.xml @@ -1,4834 +1,4803 @@ Sean Kelly Contributed by Jim Mock Restructured and updated by CL z LPD spooling system LPD wĨt printing CL FreeBSD iHMUU˪LftCLA q̦ѪwL̷spgLSDA zε{iHͥX~誺CLXC ]iH FreeBSD ]w@xCLAFoɭԪ FreeBSD ౵LqeӪCLu@A]AL FreeBSD qB&windows; qH &macos; qC FreeBSD |TOPɥu@󥿦bCLAӥBiHέpӨϥΪ̤ξLo̦hA ٦NOLXUӬO֪oDC ŪoAzNFѡG p]w FreeBSD CLhuwijBzC pw˦CLLoHOBzSCLu@A ]A⦬쪺ഫzLݱoCL榡C FѦpbzCLɶKLXμDC pQΧOxqWLCLC pQΪbWLCLC p󱱨LvA]ACLu@ɮפjpA HΤ\SwϥΪ̦CLC pOULέpơAHΦUbLϥζqC pѨMCLɹJ쪺DC b}l\ŪoeAzݭnJ n]wBsĶ kernel ¦ ()C nb FreeBSD WϥΦLAzݭn]wn Berkeley CLCLwĨtΡAS٬ LPD CLwĨtΡAΪ̴NsL LPD aC oO FreeBSD зǪLtΡA|Шñбzp]w LPDC pGzwg LPD άOLCLwĨtΫܼxFA ziH򥻳]wC LPD ۥDWL@C tdoǤu@G κLϥΡC - print jobs - - ϥΪ̥iHCLAeX٬u@C + ϥΪ̥iHCLAeX٬u@Cprint jobs CxLdzƤ@CA קKhӨϥΪ̦PɨϥΦP@xLC CL header pages (S٬ banner or burst pages)AKϥΪ̦bXȹhۤwCLC ⱵbCWLqTѼƳ]wnC QκǰeCLu@OxDW LPDC SOLo{NCLu@榡ƥHtXPCLyΦLC έpLϥαpC ǥѳ]w (/etc/printcap) HιLo{UA ziHjhƪLtX LPD FWzγ\C ݭnϥΦhuwijBz pGztάOӤHϥΡA ݭnsvBCLDΪ̲έpϥαp\ɡA zi|ıoܩ_Ǭٻݭnh޳oӦhuwijBzC MnLi檺A LLצpz٬OݭnhuwijBzA]G LPD iHbI (background) CLAzݭnb䵥eLC - &tex; - LPD iHܻPaιLoW[ / - ɶ󭶭άOSOɮ׮榡 (O &tex; DVI ) + ɶ󭶭άOSOɮ׮榡 (O &tex;&tex; DVI ) ഫLݱo榡AzݭnʥhoǨBJC \hKOΰӷ~n鴣ѪCL\q`OMhuwijBzqC zL]wwĨtΡA䴩z{άOYNnw˪LnNܱoeC ¦]w nΦLft LPD huwĨtΡAzݭnLoӵwH LPD oMnC UѤFⶥq]wG ²L]w ӾDzߦpsLBLM LPD qHΦCL¤rC iL]w ӾDzߦpCLUدS榡BCLBCLB LvHβέpϥΪpC ²L]w `|iDzp]wL]ƩM LPD nHϥΦLA 򥻱оǤeG w]w |ܦpNLWqsC n]w |ܽdpg LPD wľ]w (/etc/printcap)C pGznL]wCLƦӤOݪܡAаѦ Lκƶǿ餶C oӳ`Ms²L]wA ڤW٬OIC ̧xOALMqW LPD wľ`B@C @LiH`u@A OLάOCLέpoǶi\NFC w]w `QצUسsL PC 覡C o̷|줣PsMsuA HάF FreeBSD MLqzi|ݭn}Ҫ֤߰ѼƵC pGzwgLWqA ӥBbL@~tΤW\CLLܡAiH n]wC sMƽu ӤHqL@ӻXoTجɭG - - printers - serial - - ǦC (Serial) + ǦC (Serial)printersserial ɭAS٬ RS-232 COM A αzqWǦCǰeƨLC ǦCɭsxq~ɩұĥΡA ҥHƽueoAn]wsuäxC MӧǦCɭԷ|ݭnϥθSOƽuA oɭԴNiݭn]w@ǸqTѼƤFC j PC ǦC𪺶ǿt׳̰u 115200 bpsA ]QnΧǦCӦCLjϬOڪC - - printers - parallel - - - æC (Parallel) + æC (Parallel)printersparallel ɭQιqæCNưeLC æC RS-232 ǦC٧֡A]O@عq~ɱ`ΪɭC oجɭƽuD`eoAOΤuyC q`ӻæCɭèSqTѼƻݭnwA ҥH]w_ӶWŮeC - - centronics - parallel printers - - æCɭɭԤ]|Q٬ Centronics + æCɭɭԤ]|Q٬ Centronicscentronicsparallel printers ɭAoOLYW١C - - printers - USB - - - USB ɭA]NOqΧǦC׬yơAǿtvæCɭάO + USBprintersUSB ɭA]NOqΧǦC׬yơAǿtvæCɭάO RS-232 ǦCɭӱo֡AӥB USB ƽu¤SKyC CLu@ӨAUSB RS-232 ǦCάOæC𳣨ӱonAOb &unix; tΤW䴩׸tC ʶRPɨ㦳 USB ΨæCجɭLiHקKoذDC @ӨAæCɭuണѳVǿ (qܦL)Aӭn USB ~ണVC MӦb FreeBSD UAϥθsæC (EPP M ECP) HΦLAAtXϥ IEEE-1284 ۮeƽu]iHVqC PostScript qMLǥѨæCiVq覡ءC Ĥ@جOϥίSsBMSwLq FreeBSD LXʵ{C oؤ覡bQLWܱ`AΨӦ^sqHΨLATC ĤGؤkO &postscript;ApGL䴩ܡC &postscript; jobs are actually programs sent to the printer; they need not produce paper at all and may return results directly to the computer. &postscript; also uses two-way communication to tell the computer about problems, such as errors in the &postscript; program or paper jams. Your users may be appreciative of such information. Furthermore, the best way to do effective accounting with a &postscript; printer requires two-way communication: you ask the printer for its page count (how many pages it has printed in its lifetime), then send the user's job, then ask again for its page count. Subtract the two values and you know how much paper to charge to the user. Parallel Ports To hook up a printer using a parallel interface, connect the Centronics cable between the printer and the computer. The instructions that came with the printer, the computer, or both should give you complete guidance. Remember which parallel port you used on the computer. The first parallel port is ppc0 to FreeBSD; the second is ppc1, and so on. The printer device name uses the same scheme: /dev/lpt0 for the printer on the first parallel ports etc. Serial Ports To hook up a printer using a serial interface, connect the proper serial cable between the printer and the computer. The instructions that came with the printer, the computer, or both should give you complete guidance. If you are unsure what the proper serial cable is, you may wish to try one of the following alternatives: A modem cable connects each pin of the connector on one end of the cable straight through to its corresponding pin of the connector on the other end. This type of cable is also known as a DTE-to-DCE cable. - null-modem cable - - A null-modem cable connects some + A null-modemnull-modem cable cable connects some pins straight through, swaps others (send data to receive data, for example), and shorts some internally in each connector hood. This type of cable is also known as a DTE-to-DTE cable. A serial printer cable, required for some unusual printers, is like the null-modem cable, but sends some signals to their counterparts instead of being internally shorted. baud rate parity flow control protocol You should also set up the communications parameters for the printer, usually through front-panel controls or DIP switches on the printer. Choose the highest bps (bits per second, sometimes baud rate) that both your computer and the printer can support. Choose 7 or 8 data bits; none, even, or odd parity; and 1 or 2 stop bits. Also choose a flow control protocol: either none, or XON/XOFF (also known as in-band or software) flow control. Remember these settings for the software configuration that follows. Software Setup This section describes the software setup necessary to print with the LPD spooling system in FreeBSD. Here is an outline of the steps involved: Configure your kernel, if necessary, for the port you are using for the printer; section Kernel Configuration tells you what you need to do. Set the communications mode for the parallel port, if you are using a parallel port; section Setting the Communication Mode for the Parallel Port gives details. Test if the operating system can send data to the printer. Section Checking Printer Communications gives some suggestions on how to do this. Set up LPD for the printer by modifying the file /etc/printcap. You will find out how to do this later in this chapter. Kernel Configuration The operating system kernel is compiled to work with a specific set of devices. The serial or parallel interface for your printer is a part of that set. Therefore, it might be necessary to add support for an additional serial or parallel port if your kernel is not already configured for one. To find out if the kernel you are currently using supports a serial interface, type: &prompt.root; grep sioN /var/run/dmesg.boot Where N is the number of the serial port, starting from zero. If you see output similar to the following: sio2 at port 0x3e8-0x3ef irq 5 on isa sio2: type 16550A then the kernel supports the port. To find out if the kernel supports a parallel interface, type: &prompt.root; grep ppcN /var/run/dmesg.boot Where N is the number of the parallel port, starting from zero. If you see output similar to the following: ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold then the kernel supports the port. You might have to reconfigure your kernel in order for the operating system to recognize and use the parallel or serial port you are using for the printer. To add support for a serial port, see the section on kernel configuration. To add support for a parallel port, see that section and the section that follows. Setting the Communication Mode for the Parallel Port When you are using the parallel interface, you can choose whether FreeBSD should use interrupt-driven or polled communication with the printer. The generic printer device driver (&man.lpt.4;) on FreeBSD uses the &man.ppbus.4; system, which controls the port chipset with the &man.ppc.4; driver. The interrupt-driven method is the default with the GENERIC kernel. With this method, the operating system uses an IRQ line to determine when the printer is ready for data. The polled method directs the operating system to repeatedly ask the printer if it is ready for more data. When it responds ready, the kernel sends more data. The interrupt-driven method is usually somewhat faster but uses up a precious IRQ line. Some newer HP printers are claimed not to work correctly in interrupt mode, apparently due to some (not yet exactly understood) timing problem. These printers need polled mode. You should use whichever one works. Some printers will work in both modes, but are painfully slow in interrupt mode. You can set the communications mode in two ways: by configuring the kernel or by using the &man.lptcontrol.8; program. To set the communications mode by configuring the kernel: Edit your kernel configuration file. Look for an ppc0 entry. If you are setting up the second parallel port, use ppc1 instead. Use ppc2 for the third port, and so on. If you want interrupt-driven mode, edit the following line: hint.ppc.0.irq="N" in the /boot/device.hints file and replace N with the right IRQ number. The kernel configuration file must also contain the &man.ppc.4; driver: device ppc If you want polled mode, remove in your /boot/device.hints file, the following line: hint.ppc.0.irq="N" In some cases, this is not enough to put the port in polled mode under FreeBSD. Most of time it comes from &man.acpi.4; driver, this latter is able to probe and attach devices, and therefore, control the access mode to the printer port. You should check your &man.acpi.4; configuration to correct this problem. Save the file. Then configure, build, and install the kernel, then reboot. See kernel configuration for more details. To set the communications mode with &man.lptcontrol.8;: Type: &prompt.root; lptcontrol -i -d /dev/lptN to set interrupt-driven mode for lptN. Type: &prompt.root; lptcontrol -p -d /dev/lptN to set polled-mode for lptN. You could put these commands in your /etc/rc.local file to set the mode each time your system boots. See &man.lptcontrol.8; for more information. Checking Printer Communications Before proceeding to configure the spooling system, you should make sure the operating system can successfully send data to your printer. It is a lot easier to debug printer communication and the spooling system separately. To test the printer, we will send some text to it. For printers that can immediately print characters sent to them, the program &man.lptest.1; is perfect: it generates all 96 printable ASCII characters in 96 lines. PostScript For a &postscript; (or other language-based) printer, we will need a more sophisticated test. A small &postscript; program, such as the following, will suffice: %!PS 100 100 moveto 300 300 lineto stroke 310 310 moveto /Helvetica findfont 12 scalefont setfont (Is this thing working?) show showpage The above &postscript; code can be placed into a file and used as shown in the examples appearing in the following sections. PCL When this document refers to a printer language, it is assuming a language like &postscript;, and not Hewlett Packard's PCL. Although PCL has great functionality, you can intermingle plain text with its escape sequences. &postscript; cannot directly print plain text, and that is the kind of printer language for which we must make special accommodations. Checking a Parallel Printer printers parallel This section tells you how to check if FreeBSD can communicate with a printer connected to a parallel port. To test a printer on a parallel port: Become root with &man.su.1;. Send data to the printer. If the printer can print plain text, then use &man.lptest.1;. Type: &prompt.root; lptest > /dev/lptN Where N is the number of the parallel port, starting from zero. If the printer understands &postscript; or other printer language, then send a small program to the printer. Type: &prompt.root; cat > /dev/lptN Then, line by line, type the program carefully as you cannot edit a line once you have pressed RETURN or ENTER. When you have finished entering the program, press CONTROL+D, or whatever your end of file key is. Alternatively, you can put the program in a file and type: &prompt.root; cat file > /dev/lptN Where file is the name of the file containing the program you want to send to the printer. You should see something print. Do not worry if the text does not look right; we will fix such things later. Checking a Serial Printer printers serial This section tells you how to check if FreeBSD can communicate with a printer on a serial port. To test a printer on a serial port: Become root with &man.su.1;. Edit the file /etc/remote. Add the following entry: printer:dv=/dev/port:br#bps-rate:pa=parity bits-per-second serial port parity Where port is the device entry for the serial port (ttyd0, ttyd1, etc.), bps-rate is the bits-per-second rate at which the printer communicates, and parity is the parity required by the printer (either even, odd, none, or zero). Here is a sample entry for a printer connected via a serial line to the third serial port at 19200 bps with no parity: printer:dv=/dev/ttyd2:br#19200:pa=none Connect to the printer with &man.tip.1;. Type: &prompt.root; tip printer If this step does not work, edit the file /etc/remote again and try using /dev/cuaaN instead of /dev/ttydN. Send data to the printer. If the printer can print plain text, then use &man.lptest.1;. Type: &prompt.user; $lptest If the printer understands &postscript; or other printer language, then send a small program to the printer. Type the program, line by line, very carefully as backspacing or other editing keys may be significant to the printer. You may also need to type a special end-of-file key for the printer so it knows it received the whole program. For &postscript; printers, press CONTROL+D. Alternatively, you can put the program in a file and type: &prompt.user; >file Where file is the name of the file containing the program. After &man.tip.1; sends the file, press any required end-of-file key. You should see something print. Do not worry if the text does not look right; we will fix that later. Enabling the Spooler: the <filename>/etc/printcap</filename> File At this point, your printer should be hooked up, your kernel configured to communicate with it (if necessary), and you have been able to send some simple data to the printer. Now, we are ready to configure LPD to control access to your printer. You configure LPD by editing the file /etc/printcap. The LPD spooling system reads this file each time the spooler is used, so updates to the file take immediate effect. printers capabilities The format of the &man.printcap.5; file is straightforward. Use your favorite text editor to make changes to /etc/printcap. The format is identical to other capability files like /usr/share/misc/termcap and /etc/remote. For complete information about the format, see the &man.cgetent.3;. The simple spooler configuration consists of the following steps: Pick a name (and a few convenient aliases) for the printer, and put them in the /etc/printcap file; see the Naming the Printer section for more information on naming. - header pages - - Turn off header pages (which are on by default) by + Turn off header pagesheader pages (which are on by default) by inserting the sh capability; see the Suppressing Header Pages section for more information. Make a spooling directory, and specify its location with the sd capability; see the Making the Spooling Directory section for more information. Set the /dev entry to use for the printer, and note it in /etc/printcap with the lp capability; see the Identifying the Printer Device for more information. Also, if the printer is on a serial port, set up the communication parameters with the ms# capability which is discussed in the Configuring Spooler Communications Parameters section. Install a plain text input filter; see the Installing the Text Filter section for details. Test the setup by printing something with the &man.lpr.1; command. More details are available in the Trying It Out and Troubleshooting sections. Language-based printers, such as &postscript; printers, cannot directly print plain text. The simple setup outlined above and described in the following sections assumes that if you are installing such a printer you will print only files that the printer can understand. Users often expect that they can print plain text to any of the printers installed on your system. Programs that interface to LPD to do their printing usually make the same assumption. If you are installing such a printer and want to be able to print jobs in the printer language and print plain text jobs, you are strongly urged to add an additional step to the simple setup outlined above: install an automatic plain-text-to-&postscript; (or other printer language) conversion program. The section entitled Accommodating Plain Text Jobs on &postscript; Printers tells how to do this. Naming the Printer The first (easy) step is to pick a name for your printer. It really does not matter whether you choose functional or whimsical names since you can also provide a number of aliases for the printer. At least one of the printers specified in the /etc/printcap should have the alias lp. This is the default printer's name. If users do not have the PRINTER environment variable nor specify a printer name on the command line of any of the LPD commands, then lp will be the default printer they get to use. Also, it is common practice to make the last alias for a printer be a full description of the printer, including make and model. Once you have picked a name and some common aliases, put them in the /etc/printcap file. The name of the printer should start in the leftmost column. Separate each alias with a vertical bar and put a colon after the last alias. In the following example, we start with a skeletal /etc/printcap that defines two printers (a Diablo 630 line printer and a Panasonic KX-P4455 &postscript; laser printer): # # /etc/printcap for host rose # rattan|line|diablo|lp|Diablo 630 Line Printer: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4: In this example, the first printer is named rattan and has as aliases line, diablo, lp, and Diablo 630 Line Printer. Since it has the alias lp, it is also the default printer. The second is named bamboo, and has as aliases ps, PS, S, panasonic, and Panasonic KX-P4455 PostScript v51.4. Suppressing Header Pages printing header pages The LPD spooling system will by default print a header page for each job. The header page contains the user name who requested the job, the host from which the job came, and the name of the job, in nice large letters. Unfortunately, all this extra text gets in the way of debugging the simple printer setup, so we will suppress header pages. To suppress header pages, add the sh capability to the entry for the printer in /etc/printcap. Here is an example /etc/printcap with sh added: # # /etc/printcap for host rose - no header pages anywhere # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh: Note how we used the correct format: the first line starts in the leftmost column, and subsequent lines are indented. Every line in an entry except the last ends in a backslash character. Making the Spooling Directory printer spool print jobs The next step in the simple spooler setup is to make a spooling directory, a directory where print jobs reside until they are printed, and where a number of other spooler support files live. Because of the variable nature of spooling directories, it is customary to put these directories under /var/spool. It is not necessary to backup the contents of spooling directories, either. Recreating them is as simple as running &man.mkdir.1;. It is also customary to make the directory with a name that is identical to the name of the printer, as shown below: &prompt.root; mkdir /var/spool/printer-name However, if you have a lot of printers on your network, you might want to put the spooling directories under a single directory that you reserve just for printing with LPD. We will do this for our two example printers rattan and bamboo: &prompt.root; mkdir /var/spool/lpd &prompt.root; mkdir /var/spool/lpd/rattan &prompt.root; mkdir /var/spool/lpd/bamboo If you are concerned about the privacy of jobs that users print, you might want to protect the spooling directory so it is not publicly accessible. Spooling directories should be owned and be readable, writable, and searchable by user daemon and group daemon, and no one else. We will do this for our example printers: &prompt.root; chown daemon:daemon /var/spool/lpd/rattan &prompt.root; chown daemon:daemon /var/spool/lpd/bamboo &prompt.root; chmod 770 /var/spool/lpd/rattan &prompt.root; chmod 770 /var/spool/lpd/bamboo Finally, you need to tell LPD about these directories using the /etc/printcap file. You specify the pathname of the spooling directory with the sd capability: # # /etc/printcap for host rose - added spooling directories # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo: Note that the name of the printer starts in the first column but all other entries describing the printer should be indented and each line end escaped with a backslash. If you do not specify a spooling directory with sd, the spooling system will use /var/spool/lpd as a default. Identifying the Printer Device In the Entries for the Ports section, we identified which entry in the /dev directory FreeBSD will use to communicate with the printer. Now, we tell LPD that information. When the spooling system has a job to print, it will open the specified device on behalf of the filter program (which is responsible for passing data to the printer). List the /dev entry pathname in the /etc/printcap file using the lp capability. In our running example, let us assume that rattan is on the first parallel port, and bamboo is on a sixth serial port; here are the additions to /etc/printcap: # # /etc/printcap for host rose - identified what devices to use # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:\ :lp=/dev/ttyd5: If you do not specify the lp capability for a printer in your /etc/printcap file, LPD uses /dev/lp as a default. /dev/lp currently does not exist in FreeBSD. If the printer you are installing is connected to a parallel port, skip to the section entitled, Installing the Text Filter. Otherwise, be sure to follow the instructions in the next section. Configuring Spooler Communication Parameters printers serial For printers on serial ports, LPD can set up the bps rate, parity, and other serial communication parameters on behalf of the filter program that sends data to the printer. This is advantageous since: It lets you try different communication parameters by simply editing the /etc/printcap file; you do not have to recompile the filter program. It enables the spooling system to use the same filter program for multiple printers which may have different serial communication settings. The following /etc/printcap capabilities control serial communication parameters of the device listed in the lp capability: br#bps-rate Sets the communications speed of the device to bps-rate, where bps-rate can be 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800, 9600, 19200, 38400, 57600, or 115200 bits-per-second. ms#stty-mode Sets the options for the terminal device after opening the device. &man.stty.1; explains the available options. When LPD opens the device specified by the lp capability, it sets the characteristics of the device to those specified with the ms# capability. Of particular interest will be the parenb, parodd, cs5, cs6, cs7, cs8, cstopb, crtscts, and ixon modes, which are explained in the &man.stty.1; manual page. Let us add to our example printer on the sixth serial port. We will set the bps rate to 38400. For the mode, we will set no parity with -parenb, 8-bit characters with cs8, no modem control with clocal and hardware flow control with crtscts: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts: Installing the Text Filter printing filters We are now ready to tell LPD what text filter to use to send jobs to the printer. A text filter, also known as an input filter, is a program that LPD runs when it has a job to print. When LPD runs the text filter for a printer, it sets the filter's standard input to the job to print, and its standard output to the printer device specified with the lp capability. The filter is expected to read the job from standard input, perform any necessary translation for the printer, and write the results to standard output, which will get printed. For more information on the text filter, see the Filters section. For our simple printer setup, the text filter can be a small shell script that just executes /bin/cat to send the job to the printer. FreeBSD comes with another filter called lpf that handles backspacing and underlining for printers that might not deal with such character streams well. And, of course, you can use any other filter program you want. The filter lpf is described in detail in section entitled lpf: a Text Filter. First, let us make the shell script /usr/local/libexec/if-simple be a simple text filter. Put the following text into that file with your favorite text editor: #!/bin/sh # # if-simple - Simple text input filter for lpd # Installed in /usr/local/libexec/if-simple # # Simply copies stdin to stdout. Ignores all filter arguments. /bin/cat && exit 0 exit 2 Make the file executable: &prompt.root; chmod 555 /usr/local/libexec/if-simple And then tell LPD to use it by specifying it with the if capability in /etc/printcap. We will add it to the two printers we have so far in the example /etc/printcap: # # /etc/printcap for host rose - added text filter # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:\ :if=/usr/local/libexec/if-simple: A copy of the if-simple script can be found in the /usr/share/examples/printing directory. Turn on <application>LPD</application> &man.lpd.8; is run from /etc/rc, controlled by the lpd_enable variable. This variable defaults to NO. If you have not done so already, add the line: lpd_enable="YES" to /etc/rc.conf, and then either restart your machine, or just run &man.lpd.8;. &prompt.root; lpd Trying It Out You have reached the end of the simple LPD setup. Unfortunately, congratulations are not quite yet in order, since we still have to test the setup and correct any problems. To test the setup, try printing something. To print with the LPD system, you use the command &man.lpr.1;, which submits a job for printing. You can combine &man.lpr.1; with the &man.lptest.1; program, introduced in section Checking Printer Communications to generate some test text. To test the simple LPD setup: Type: &prompt.root; lptest 20 5 | lpr -Pprinter-name Where printer-name is a the name of a printer (or an alias) specified in /etc/printcap. To test the default printer, type &man.lpr.1; without any argument. Again, if you are testing a printer that expects &postscript;, send a &postscript; program in that language instead of using &man.lptest.1;. You can do so by putting the program in a file and typing lpr file. For a &postscript; printer, you should get the results of the program. If you are using &man.lptest.1;, then your results should look like the following: !"#$%&'()*+,-./01234 "#$%&'()*+,-./012345 #$%&'()*+,-./0123456 $%&'()*+,-./01234567 %&'()*+,-./012345678 To further test the printer, try downloading larger programs (for language-based printers) or running &man.lptest.1; with different arguments. For example, lptest 80 60 will produce 60 lines of 80 characters each. If the printer did not work, see the Troubleshooting section. Advanced Printer Setup This section describes filters for printing specially formatted files, header pages, printing across networks, and restricting and accounting for printer usage. Filters printing filters Although LPD handles network protocols, queuing, access control, and other aspects of printing, most of the real work happens in the filters. Filters are programs that communicate with the printer and handle its device dependencies and special requirements. In the simple printer setup, we installed a plain text filter—an extremely simple one that should work with most printers (section Installing the Text Filter). However, in order to take advantage of format conversion, printer accounting, specific printer quirks, and so on, you should understand how filters work. It will ultimately be the filter's responsibility to handle these aspects. And the bad news is that most of the time you have to provide filters yourself. The good news is that many are generally available; when they are not, they are usually easy to write. Also, FreeBSD comes with one, /usr/libexec/lpr/lpf, that works with many printers that can print plain text. (It handles backspacing and tabs in the file, and does accounting, but that is about all it does.) There are also several filters and filter components in the FreeBSD Ports Collection. Here is what you will find in this section: Section How Filters Work, tries to give an overview of a filter's role in the printing process. You should read this section to get an understanding of what is happening under the hood when LPD uses filters. This knowledge could help you anticipate and debug problems you might encounter as you install more and more filters on each of your printers. LPD expects every printer to be able to print plain text by default. This presents a problem for &postscript; (or other language-based printers) which cannot directly print plain text. Section Accommodating Plain Text Jobs on &postscript; Printers tells you what you should do to overcome this problem. You should read this section if you have a &postscript; printer. &postscript; is a popular output format for many programs. Some people even write &postscript; code directly. Unfortunately, &postscript; printers are expensive. Section Simulating &postscript; on Non &postscript; Printers tells how you can further modify a printer's text filter to accept and print &postscript; data on a non &postscript; printer. You should read this section if you do not have a &postscript; printer. Section Conversion Filters tells about a way you can automate the conversion of specific file formats, such as graphic or typesetting data, into formats your printer can understand. After reading this section, you should be able to set up your printers such that users can type lpr -t to print troff data, or lpr -d to print &tex; DVI data, or lpr -v to print raster image data, and so forth. I recommend reading this section. Section Output Filters tells all about a not often used feature of LPD: output filters. Unless you are printing header pages (see Header Pages), you can probably skip that section altogether. Section lpf: a Text Filter describes lpf, a fairly complete if simple text filter for line printers (and laser printers that act like line printers) that comes with FreeBSD. If you need a quick way to get printer accounting working for plain text, or if you have a printer which emits smoke when it sees backspace characters, you should definitely consider lpf. A copy of the various scripts described below can be found in the /usr/share/examples/printing directory. How Filters Work As mentioned before, a filter is an executable program started by LPD to handle the device-dependent part of communicating with the printer. When LPD wants to print a file in a job, it starts a filter program. It sets the filter's standard input to the file to print, its standard output to the printer, and its standard error to the error logging file (specified in the lf capability in /etc/printcap, or /dev/console by default). troff Which filter LPD starts and the filter's arguments depend on what is listed in the /etc/printcap file and what arguments the user specified for the job on the &man.lpr.1; command line. For example, if the user typed lpr -t, LPD would start the troff filter, listed in the tf capability for the destination printer. If the user wanted to print plain text, it would start the if filter (this is mostly true: see Output Filters for details). There are three kinds of filters you can specify in /etc/printcap: The text filter, confusingly called the input filter in LPD documentation, handles regular text printing. Think of it as the default filter. LPD expects every printer to be able to print plain text by default, and it is the text filter's job to make sure backspaces, tabs, or other special characters do not confuse the printer. If you are in an environment where you have to account for printer usage, the text filter must also account for pages printed, usually by counting the number of lines printed and comparing that to the number of lines per page the printer supports. The text filter is started with the following argument list: filter-name -c -wwidth -llength -iindent -n login -h host acct-file where appears if the job is submitted with lpr -l width is the value from the pw (page width) capability specified in /etc/printcap, default 132 length is the value from the pl (page length) capability, default 66 indent is the amount of the indentation from lpr -i, default 0 login is the account name of the user printing the file host is the host name from which the job was submitted acct-file is the name of the accounting file from the af capability. - - printing - filters - - - A conversion filter converts a specific + A conversion filterprintingfilters converts a specific file format into one the printer can render onto paper. For example, ditroff typesetting data cannot be directly printed, but you can install a conversion filter for ditroff files to convert the ditroff data into a form the printer can digest and print. Section Conversion Filters tells all about them. Conversion filters also need to do accounting, if you need printer accounting. Conversion filters are started with the following arguments: filter-name -xpixel-width -ypixel-height -n login -h host acct-file where pixel-width is the value from the px capability (default 0) and pixel-height is the value from the py capability (default 0). The output filter is used only if there is no text filter, or if header pages are enabled. In my experience, output filters are rarely used. Section Output Filters describe them. There are only two arguments to an output filter: filter-name -wwidth -llength which are identical to the text filters and arguments. Filters should also exit with the following exit status: exit 0 If the filter printed the file successfully. exit 1 If the filter failed to print the file but wants LPD to try to print the file again. LPD will restart a filter if it exits with this status. exit 2 If the filter failed to print the file and does not want LPD to try again. LPD will throw out the file. The text filter that comes with the FreeBSD release, /usr/libexec/lpr/lpf, takes advantage of the page width and length arguments to determine when to send a form feed and how to account for printer usage. It uses the login, host, and accounting file arguments to make the accounting entries. If you are shopping for filters, see if they are LPD-compatible. If they are, they must support the argument lists described above. If you plan on writing filters for general use, then have them support the same argument lists and exit codes. Accommodating Plain Text Jobs on &postscript; Printers print jobs If you are the only user of your computer and &postscript; (or other language-based) printer, and you promise to never send plain text to your printer and to never use features of various programs that will want to send plain text to your printer, then you do not need to worry about this section at all. But, if you would like to send both &postscript; and plain text jobs to the printer, then you are urged to augment your printer setup. To do so, we have the text filter detect if the arriving job is plain text or &postscript;. All &postscript; jobs must start with %! (for other printer languages, see your printer documentation). If those are the first two characters in the job, we have &postscript;, and can pass the rest of the job directly. If those are not the first two characters in the file, then the filter will convert the text into &postscript; and print the result. How do we do this? printers serial If you have got a serial printer, a great way to do it is to install lprps. lprps is a &postscript; printer filter which performs two-way communication with the printer. It updates the printer's status file with verbose information from the printer, so users and administrators can see exactly what the state of the printer is (such as toner low or paper jam). But more importantly, it includes a program called psif which detects whether the incoming job is plain text and calls textps (another program that comes with lprps) to convert it to &postscript;. It then uses lprps to send the job to the printer. lprps is part of the FreeBSD Ports Collection (see The Ports Collection). You can fetch, build and install it yourself, of course. After installing lprps, just specify the pathname to the psif program that is part of lprps. If you installed lprps from the Ports Collection, use the following in the serial &postscript; printer's entry in /etc/printcap: :if=/usr/local/libexec/psif: You should also specify the rw capability; that tells LPD to open the printer in read-write mode. If you have a parallel &postscript; printer (and therefore cannot use two-way communication with the printer, which lprps needs), you can use the following shell script as the text filter: #!/bin/sh # # psif - Print PostScript or plain text on a PostScript printer # Script version; NOT the version that comes with lprps # Installed in /usr/local/libexec/psif # IFS="" read -r first_line first_two_chars=`expr "$first_line" : '\(..\)'` if [ "$first_two_chars" = "%!" ]; then # # PostScript job, print it. # echo "$first_line" && cat && printf "\004" && exit 0 exit 2 else # # Plain text, convert it, then print it. # ( echo "$first_line"; cat ) | /usr/local/bin/textps && printf "\004" && exit 0 exit 2 fi In the above script, textps is a program we installed separately to convert plain text to &postscript;. You can use any text-to-&postscript; program you wish. The FreeBSD Ports Collection (see The Ports Collection) includes a full featured text-to-&postscript; program called a2ps that you might want to investigate. Simulating &postscript; on Non &postscript; Printers PostScript emulating Ghostscript &postscript; is the de facto standard for high quality typesetting and printing. &postscript; is, however, an expensive standard. Thankfully, Aladdin Enterprises has a free &postscript; work-alike called Ghostscript that runs with FreeBSD. Ghostscript can read most &postscript; files and can render their pages onto a variety of devices, including many brands of non-PostScript printers. By installing Ghostscript and using a special text filter for your printer, you can make your non &postscript; printer act like a real &postscript; printer. Ghostscript is in the FreeBSD Ports Collection, if you would like to install it from there. You can fetch, build, and install it quite easily yourself, as well. To simulate &postscript;, we have the text filter detect if it is printing a &postscript; file. If it is not, then the filter will pass the file directly to the printer; otherwise, it will use Ghostscript to first convert the file into a format the printer will understand. Here is an example: the following script is a text filter for Hewlett Packard DeskJet 500 printers. For other printers, substitute the argument to the gs (Ghostscript) command. (Type gs -h to get a list of devices the current installation of Ghostscript supports.) #!/bin/sh # # ifhp - Print Ghostscript-simulated PostScript on a DeskJet 500 # Installed in /usr/local/libexec/ifhp # # Treat LF as CR+LF (to avoid the "staircase effect" on HP/PCL # printers): # printf "\033&k2G" || exit 2 # # Read first two characters of the file # IFS="" read -r first_line first_two_chars=`expr "$first_line" : '\(..\)'` if [ "$first_two_chars" = "%!" ]; then # # It is PostScript; use Ghostscript to scan-convert and print it. # /usr/local/bin/gs -dSAFER -dNOPAUSE -q -sDEVICE=djet500 \ -sOutputFile=- - && exit 0 else # # Plain text or HP/PCL, so just print it directly; print a form feed # at the end to eject the last page. # echo "$first_line" && cat && printf "\033&l0H" && exit 0 fi exit 2 Finally, you need to notify LPD of the filter via the if capability: :if=/usr/local/libexec/ifhp: That is it. You can type lpr plain.text and lpr whatever.ps and both should print successfully. Conversion Filters After completing the simple setup described in Simple Printer Setup, the first thing you will probably want to do is install conversion filters for your favorite file formats (besides plain ASCII text). Why Install Conversion Filters? &tex; printing DVI files Conversion filters make printing various kinds of files easy. As an example, suppose we do a lot of work with the &tex; typesetting system, and we have a &postscript; printer. Every time we generate a DVI file from &tex;, we cannot print it directly until we convert the DVI file into &postscript;. The command sequence goes like this: &prompt.user; dvips seaweed-analysis.dvi &prompt.user; lpr seaweed-analysis.ps By installing a conversion filter for DVI files, we can skip the hand conversion step each time by having LPD do it for us. Now, each time we get a DVI file, we are just one step away from printing it: &prompt.user; lpr -d seaweed-analysis.dvi We got LPD to do the DVI file conversion for us by specifying the option. Section Formatting and Conversion Options lists the conversion options. For each of the conversion options you want a printer to support, install a conversion filter and specify its pathname in /etc/printcap. A conversion filter is like the text filter for the simple printer setup (see section Installing the Text Filter) except that instead of printing plain text, the filter converts the file into a format the printer can understand. Which Conversion Filters Should I Install? You should install the conversion filters you expect to use. If you print a lot of DVI data, then a DVI conversion filter is in order. If you have got plenty of troff to print out, then you probably want a troff filter. The following table summarizes the filters that LPD works with, their capability entries for the /etc/printcap file, and how to invoke them with the lpr command: File type /etc/printcap capability lpr option cifplot cf DVI df plot gf ditroff nf FORTRAN text rf troff tf raster vf plain text if none, , or In our example, using lpr -d means the printer needs a df capability in its entry in /etc/printcap. FORTRAN Despite what others might contend, formats like FORTRAN text and plot are probably obsolete. At your site, you can give new meanings to these or any of the formatting options just by installing custom filters. For example, suppose you would like to directly print Printerleaf files (files from the Interleaf desktop publishing program), but will never print plot files. You could install a Printerleaf conversion filter under the gf capability and then educate your users that lpr -g mean print Printerleaf files. Installing Conversion Filters Since conversion filters are programs you install outside of the base FreeBSD installation, they should probably go under /usr/local. The directory /usr/local/libexec is a popular location, since they are specialized programs that only LPD will run; regular users should not ever need to run them. To enable a conversion filter, specify its pathname under the appropriate capability for the destination printer in /etc/printcap. In our example, we will add the DVI conversion filter to the entry for the printer named bamboo. Here is the example /etc/printcap file again, with the new df capability for the printer bamboo. # # /etc/printcap for host rose - added df filter for bamboo # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\ :if=/usr/local/libexec/psif:\ :df=/usr/local/libexec/psdf: The DVI filter is a shell script named /usr/local/libexec/psdf. Here is that script: #!/bin/sh # # psdf - DVI to PostScript printer filter # Installed in /usr/local/libexec/psdf # # Invoked by lpd when user runs lpr -d # exec /usr/local/bin/dvips -f | /usr/local/libexec/lprps "$@" This script runs dvips in filter mode (the argument) on standard input, which is the job to print. It then starts the &postscript; printer filter lprps (see section Accommodating Plain Text Jobs on &postscript; Printers) with the arguments LPD passed to this script. lprps will use those arguments to account for the pages printed. More Conversion Filter Examples Since there is no fixed set of steps to install conversion filters, let me instead provide more examples. Use these as guidance to making your own filters. Use them directly, if appropriate. This example script is a raster (well, GIF file, actually) conversion filter for a Hewlett Packard LaserJet III-Si printer: #!/bin/sh # # hpvf - Convert GIF files into HP/PCL, then print # Installed in /usr/local/libexec/hpvf PATH=/usr/X11R6/bin:$PATH; export PATH giftopnm | ppmtopgm | pgmtopbm | pbmtolj -resolution 300 \ && exit 0 \ || exit 2 It works by converting the GIF file into a portable anymap, converting that into a portable graymap, converting that into a portable bitmap, and converting that into LaserJet/PCL-compatible data. Here is the /etc/printcap file with an entry for a printer using the above filter: # # /etc/printcap for host orchid # teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\ :lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\ :if=/usr/local/libexec/hpif:\ :vf=/usr/local/libexec/hpvf: The following script is a conversion filter for troff data from the groff typesetting system for the &postscript; printer named bamboo: #!/bin/sh # # pstf - Convert groff's troff data into PS, then print. # Installed in /usr/local/libexec/pstf # exec grops | /usr/local/libexec/lprps "$@" The above script makes use of lprps again to handle the communication with the printer. If the printer were on a parallel port, we would use this script instead: #!/bin/sh # # pstf - Convert groff's troff data into PS, then print. # Installed in /usr/local/libexec/pstf # exec grops That is it. Here is the entry we need to add to /etc/printcap to enable the filter: :tf=/usr/local/libexec/pstf: Here is an example that might make old hands at FORTRAN blush. It is a FORTRAN-text filter for any printer that can directly print plain text. We will install it for the printer teak: #!/bin/sh # # hprf - FORTRAN text filter for LaserJet 3si: # Installed in /usr/local/libexec/hprf # printf "\033&k2G" && fpr && printf "\033&l0H" && exit 0 exit 2 And we will add this line to the /etc/printcap for the printer teak to enable this filter: :rf=/usr/local/libexec/hprf: Here is one final, somewhat complex example. We will add a DVI filter to the LaserJet printer teak introduced earlier. First, the easy part: updating /etc/printcap with the location of the DVI filter: :df=/usr/local/libexec/hpdf: Now, for the hard part: making the filter. For that, we need a DVI-to-LaserJet/PCL conversion program. The FreeBSD Ports Collection (see The Ports Collection) has one: dvi2xx is the name of the package. Installing this package gives us the program we need, dvilj2p, which converts DVI into LaserJet IIp, LaserJet III, and LaserJet 2000 compatible codes. dvilj2p makes the filter hpdf quite complex since dvilj2p cannot read from standard input. It wants to work with a filename. What is worse, the filename has to end in .dvi so using /dev/fd/0 for standard input is problematic. We can get around that problem by linking (symbolically) a temporary file name (one that ends in .dvi) to /dev/fd/0, thereby forcing dvilj2p to read from standard input. The only other fly in the ointment is the fact that we cannot use /tmp for the temporary link. Symbolic links are owned by user and group bin. The filter runs as user daemon. And the /tmp directory has the sticky bit set. The filter can create the link, but it will not be able clean up when done and remove it since the link will belong to a different user. Instead, the filter will make the symbolic link in the current working directory, which is the spooling directory (specified by the sd capability in /etc/printcap). This is a perfect place for filters to do their work, especially since there is (sometimes) more free disk space in the spooling directory than under /tmp. Here, finally, is the filter: #!/bin/sh # # hpdf - Print DVI data on HP/PCL printer # Installed in /usr/local/libexec/hpdf PATH=/usr/local/bin:$PATH; export PATH # # Define a function to clean up our temporary files. These exist # in the current directory, which will be the spooling directory # for the printer. # cleanup() { rm -f hpdf$$.dvi } # # Define a function to handle fatal errors: print the given message # and exit 2. Exiting with 2 tells LPD to do not try to reprint the # job. # fatal() { echo "$@" 1>&2 cleanup exit 2 } # # If user removes the job, LPD will send SIGINT, so trap SIGINT # (and a few other signals) to clean up after ourselves. # trap cleanup 1 2 15 # # Make sure we are not colliding with any existing files. # cleanup # # Link the DVI input file to standard input (the file to print). # ln -s /dev/fd/0 hpdf$$.dvi || fatal "Cannot symlink /dev/fd/0" # # Make LF = CR+LF # printf "\033&k2G" || fatal "Cannot initialize printer" # # Convert and print. Return value from dvilj2p does not seem to be # reliable, so we ignore it. # dvilj2p -M1 -q -e- dfhp$$.dvi # # Clean up and exit # cleanup exit 0 Automated Conversion: an Alternative to Conversion Filters All these conversion filters accomplish a lot for your printing environment, but at the cost forcing the user to specify (on the &man.lpr.1; command line) which one to use. If your users are not particularly computer literate, having to specify a filter option will become annoying. What is worse, though, is that an incorrectly specified filter option may run a filter on the wrong type of file and cause your printer to spew out hundreds of sheets of paper. Rather than install conversion filters at all, you might want to try having the text filter (since it is the default filter) detect the type of file it has been asked to print and then automatically run the right conversion filter. Tools such as file can be of help here. Of course, it will be hard to determine the differences between some file types—and, of course, you can still provide conversion filters just for them. apsfilter printing filters apsfilter The FreeBSD Ports Collection has a text filter that performs automatic conversion called apsfilter. It can detect plain text, &postscript;, and DVI files, run the proper conversions, and print. Output Filters The LPD spooling system supports one other type of filter that we have not yet explored: an output filter. An output filter is intended for printing plain text only, like the text filter, but with many simplifications. If you are using an output filter but no text filter, then: LPD starts an output filter once for the entire job instead of once for each file in the job. LPD does not make any provision to identify the start or the end of files within the job for the output filter. LPD does not pass the user's login or host to the filter, so it is not intended to do accounting. In fact, it gets only two arguments: filter-name -wwidth -llength Where width is from the pw capability and length is from the pl capability for the printer in question. Do not be seduced by an output filter's simplicity. If you would like each file in a job to start on a different page an output filter will not work. Use a text filter (also known as an input filter); see section Installing the Text Filter. Furthermore, an output filter is actually more complex in that it has to examine the byte stream being sent to it for special flag characters and must send signals to itself on behalf of LPD. However, an output filter is necessary if you want header pages and need to send escape sequences or other initialization strings to be able to print the header page. (But it is also futile if you want to charge header pages to the requesting user's account, since LPD does not give any user or host information to the output filter.) On a single printer, LPD allows both an output filter and text or other filters. In such cases, LPD will start the output filter to print the header page (see section Header Pages) only. LPD then expects the output filter to stop itself by sending two bytes to the filter: ASCII 031 followed by ASCII 001. When an output filter sees these two bytes (031, 001), it should stop by sending SIGSTOP to itself. When LPD's done running other filters, it will restart the output filter by sending SIGCONT to it. If there is an output filter but no text filter and LPD is working on a plain text job, LPD uses the output filter to do the job. As stated before, the output filter will print each file of the job in sequence with no intervening form feeds or other paper advancement, and this is probably not what you want. In almost all cases, you need a text filter. The program lpf, which we introduced earlier as a text filter, can also run as an output filter. If you need a quick-and-dirty output filter but do not want to write the byte detection and signal sending code, try lpf. You can also wrap lpf in a shell script to handle any initialization codes the printer might require. <command>lpf</command>: a Text Filter The program /usr/libexec/lpr/lpf that comes with FreeBSD binary distribution is a text filter (input filter) that can indent output (job submitted with lpr -i), allow literal characters to pass (job submitted with lpr -l), adjust the printing position for backspaces and tabs in the job, and account for pages printed. It can also act like an output filter. lpf is suitable for many printing environments. And although it has no capability to send initialization sequences to a printer, it is easy to write a shell script to do the needed initialization and then execute lpf. page accounting accounting printer In order for lpf to do page accounting correctly, it needs correct values filled in for the pw and pl capabilities in the /etc/printcap file. It uses these values to determine how much text can fit on a page and how many pages were in a user's job. For more information on printer accounting, see Accounting for Printer Usage. Header Pages If you have lots of users, all of them using various printers, then you probably want to consider header pages as a necessary evil. banner pages header pages header pages Header pages, also known as banner or burst pages identify to whom jobs belong after they are printed. They are usually printed in large, bold letters, perhaps with decorative borders, so that in a stack of printouts they stand out from the real documents that comprise users' jobs. They enable users to locate their jobs quickly. The obvious drawback to a header page is that it is yet one more sheet that has to be printed for every job, their ephemeral usefulness lasting not more than a few minutes, ultimately finding themselves in a recycling bin or rubbish heap. (Note that header pages go with each job, not each file in a job, so the paper waste might not be that bad.) The LPD system can provide header pages automatically for your printouts if your printer can directly print plain text. If you have a &postscript; printer, you will need an external program to generate the header page; see Header Pages on &postscript; Printers. Enabling Header Pages In the Simple Printer Setup section, we turned off header pages by specifying sh (meaning suppress header) in the /etc/printcap file. To enable header pages for a printer, just remove the sh capability. Sounds too easy, right? You are right. You might have to provide an output filter to send initialization strings to the printer. Here is an example output filter for Hewlett Packard PCL-compatible printers: #!/bin/sh # # hpof - Output filter for Hewlett Packard PCL-compatible printers # Installed in /usr/local/libexec/hpof printf "\033&k2G" || exit 2 exec /usr/libexec/lpr/lpf Specify the path to the output filter in the of capability. See the Output Filters section for more information. Here is an example /etc/printcap file for the printer teak that we introduced earlier; we enabled header pages and added the above output filter: # # /etc/printcap for host orchid # teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\ :if=/usr/local/libexec/hpif:\ :vf=/usr/local/libexec/hpvf:\ :of=/usr/local/libexec/hpof: Now, when users print jobs to teak, they get a header page with each job. If users want to spend time searching for their printouts, they can suppress header pages by submitting the job with lpr -h; see the Header Page Options section for more &man.lpr.1; options. LPD prints a form feed character after the header page. If your printer uses a different character or sequence of characters to eject a page, specify them with the ff capability in /etc/printcap. Controlling Header Pages By enabling header pages, LPD will produce a long header, a full page of large letters identifying the user, host, and job. Here is an example (kelly printed the job named outline from host rose): k ll ll k l l k l l k k eeee l l y y k k e e l l y y k k eeeeee l l y y kk k e l l y y k k e e l l y yy k k eeee lll lll yyy y y y y yyyy ll t l i t l oooo u u ttttt l ii n nnn eeee o o u u t l i nn n e e o o u u t l i n n eeeeee o o u u t l i n n e o o u uu t t l i n n e e oooo uuu u tt lll iii n n eeee r rrr oooo ssss eeee rr r o o s s e e r o o ss eeeeee r o o ss e r o o s s e e r oooo ssss eeee Job: outline Date: Sun Sep 17 11:04:58 1995 LPD appends a form feed after this text so the job starts on a new page (unless you have sf (suppress form feeds) in the destination printer's entry in /etc/printcap). If you prefer, LPD can make a short header; specify sb (short banner) in the /etc/printcap file. The header page will look like this: rose:kelly Job: outline Date: Sun Sep 17 11:07:51 1995 Also by default, LPD prints the header page first, then the job. To reverse that, specify hl (header last) in /etc/printcap. Accounting for Header Pages Using LPD's built-in header pages enforces a particular paradigm when it comes to printer accounting: header pages must be free of charge. Why? Because the output filter is the only external program that will have control when the header page is printed that could do accounting, and it is not provided with any user or host information or an accounting file, so it has no idea whom to charge for printer use. It is also not enough to just add one page to the text filter or any of the conversion filters (which do have user and host information) since users can suppress header pages with lpr -h. They could still be charged for header pages they did not print. Basically, lpr -h will be the preferred option of environmentally-minded users, but you cannot offer any incentive to use it. It is still not enough to have each of the filters generate their own header pages (thereby being able to charge for them). If users wanted the option of suppressing the header pages with lpr -h, they will still get them and be charged for them since LPD does not pass any knowledge of the option to any of the filters. So, what are your options? You can: Accept LPD's paradigm and make header pages free. Install an alternative to LPD, such as LPRng. Section Alternatives to the Standard Spooler tells more about other spooling software you can substitute for LPD. Write a smart output filter. Normally, an output filter is not meant to do anything more than initialize a printer or do some simple character conversion. It is suited for header pages and plain text jobs (when there is no text (input) filter). But, if there is a text filter for the plain text jobs, then LPD will start the output filter only for the header pages. And the output filter can parse the header page text that LPD generates to determine what user and host to charge for the header page. The only other problem with this method is that the output filter still does not know what accounting file to use (it is not passed the name of the file from the af capability), but if you have a well-known accounting file, you can hard-code that into the output filter. To facilitate the parsing step, use the sh (short header) capability in /etc/printcap. Then again, all that might be too much trouble, and users will certainly appreciate the more generous system administrator who makes header pages free. Header Pages on &postscript; Printers As described above, LPD can generate a plain text header page suitable for many printers. Of course, &postscript; cannot directly print plain text, so the header page feature of LPD is useless—or mostly so. One obvious way to get header pages is to have every conversion filter and the text filter generate the header page. The filters should use the user and host arguments to generate a suitable header page. The drawback of this method is that users will always get a header page, even if they submit jobs with lpr -h. Let us explore this method. The following script takes three arguments (user login name, host name, and job name) and makes a simple &postscript; header page: #!/bin/sh # # make-ps-header - make a PostScript header page on stdout # Installed in /usr/local/libexec/make-ps-header # # # These are PostScript units (72 to the inch). Modify for A4 or # whatever size paper you are using: # page_width=612 page_height=792 border=72 # # Check arguments # if [ $# -ne 3 ]; then echo "Usage: `basename $0` <user> <host> <job>" 1>&2 exit 1 fi # # Save these, mostly for readability in the PostScript, below. # user=$1 host=$2 job=$3 date=`date` # # Send the PostScript code to stdout. # exec cat <<EOF %!PS % % Make sure we do not interfere with user's job that will follow % save % % Make a thick, unpleasant border around the edge of the paper. % $border $border moveto $page_width $border 2 mul sub 0 rlineto 0 $page_height $border 2 mul sub rlineto currentscreen 3 -1 roll pop 100 3 1 roll setscreen $border 2 mul $page_width sub 0 rlineto closepath 0.8 setgray 10 setlinewidth stroke 0 setgray % % Display user's login name, nice and large and prominent % /Helvetica-Bold findfont 64 scalefont setfont $page_width ($user) stringwidth pop sub 2 div $page_height 200 sub moveto ($user) show % % Now show the boring particulars % /Helvetica findfont 14 scalefont setfont /y 200 def [ (Job:) (Host:) (Date:) ] { 200 y moveto show /y y 18 sub def } forall /Helvetica-Bold findfont 14 scalefont setfont /y 200 def [ ($job) ($host) ($date) ] { 270 y moveto show /y y 18 sub def } forall % % That is it % restore showpage EOF Now, each of the conversion filters and the text filter can call this script to first generate the header page, and then print the user's job. Here is the DVI conversion filter from earlier in this document, modified to make a header page: #!/bin/sh # # psdf - DVI to PostScript printer filter # Installed in /usr/local/libexec/psdf # # Invoked by lpd when user runs lpr -d # orig_args="$@" fail() { echo "$@" 1>&2 exit 2 } while getopts "x:y:n:h:" option; do case $option in x|y) ;; # Ignore n) login=$OPTARG ;; h) host=$OPTARG ;; *) echo "LPD started `basename $0` wrong." 1>&2 exit 2 ;; esac done [ "$login" ] || fail "No login name" [ "$host" ] || fail "No host name" ( /usr/local/libexec/make-ps-header $login $host "DVI File" /usr/local/bin/dvips -f ) | eval /usr/local/libexec/lprps $orig_args Notice how the filter has to parse the argument list in order to determine the user and host name. The parsing for the other conversion filters is identical. The text filter takes a slightly different set of arguments, though (see section How Filters Work). As we have mentioned before, the above scheme, though fairly simple, disables the suppress header page option (the option) to lpr. If users wanted to save a tree (or a few pennies, if you charge for header pages), they would not be able to do so, since every filter's going to print a header page with every job. To allow users to shut off header pages on a per-job basis, you will need to use the trick introduced in section Accounting for Header Pages: write an output filter that parses the LPD-generated header page and produces a &postscript; version. If the user submits the job with lpr -h, then LPD will not generate a header page, and neither will your output filter. Otherwise, your output filter will read the text from LPD and send the appropriate header page &postscript; code to the printer. If you have a &postscript; printer on a serial line, you can make use of lprps, which comes with an output filter, psof, which does the above. Note that psof does not charge for header pages. Networked Printing printers network network printing FreeBSD supports networked printing: sending jobs to remote printers. Networked printing generally refers to two different things: Accessing a printer attached to a remote host. You install a printer that has a conventional serial or parallel interface on one host. Then, you set up LPD to enable access to the printer from other hosts on the network. Section Printers Installed on Remote Hosts tells how to do this. Accessing a printer attached directly to a network. The printer has a network interface in addition (or in place of) a more conventional serial or parallel interface. Such a printer might work as follows: It might understand the LPD protocol and can even queue jobs from remote hosts. In this case, it acts just like a regular host running LPD. Follow the same procedure in section Printers Installed on Remote Hosts to set up such a printer. It might support a data stream network connection. In this case, you attach the printer to one host on the network by making that host responsible for spooling jobs and sending them to the printer. Section Printers with Networked Data Stream Interfaces gives some suggestions on installing such printers. Printers Installed on Remote Hosts The LPD spooling system has built-in support for sending jobs to other hosts also running LPD (or are compatible with LPD). This feature enables you to install a printer on one host and make it accessible from other hosts. It also works with printers that have network interfaces that understand the LPD protocol. To enable this kind of remote printing, first install a printer on one host, the printer host, using the simple printer setup described in the Simple Printer Setup section. Do any advanced setup in Advanced Printer Setup that you need. Make sure to test the printer and see if it works with the features of LPD you have enabled. Also ensure that the local host has authorization to use the LPD service in the remote host (see Restricting Jobs from Remote Printers). printers network network printing If you are using a printer with a network interface that is compatible with LPD, then the printer host in the discussion below is the printer itself, and the printer name is the name you configured for the printer. See the documentation that accompanied your printer and/or printer-network interface. If you are using a Hewlett Packard Laserjet then the printer name text will automatically perform the LF to CRLF conversion for you, so you will not require the hpif script. Then, on the other hosts you want to have access to the printer, make an entry in their /etc/printcap files with the following: Name the entry anything you want. For simplicity, though, you probably want to use the same name and aliases as on the printer host. Leave the lp capability blank, explicitly (:lp=:). Make a spooling directory and specify its location in the sd capability. LPD will store jobs here before they get sent to the printer host. Place the name of the printer host in the rm capability. Place the printer name on the printer host in the rp capability. That is it. You do not need to list conversion filters, page dimensions, or anything else in the /etc/printcap file. Here is an example. The host rose has two printers, bamboo and rattan. We will enable users on the host orchid to print to those printers. Here is the /etc/printcap file for orchid (back from section Enabling Header Pages). It already had the entry for the printer teak; we have added entries for the two printers on the host rose: # # /etc/printcap for host orchid - added (remote) printers on rose # # # teak is local; it is connected directly to orchid: # teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:\ :if=/usr/local/libexec/ifhp:\ :vf=/usr/local/libexec/vfhp:\ :of=/usr/local/libexec/ofhp: # # rattan is connected to rose; send jobs for rattan to rose: # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan: # # bamboo is connected to rose as well: # bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo: Then, we just need to make spooling directories on orchid: &prompt.root; mkdir -p /var/spool/lpd/rattan /var/spool/lpd/bamboo &prompt.root; chmod 770 /var/spool/lpd/rattan /var/spool/lpd/bamboo &prompt.root; chown daemon:daemon /var/spool/lpd/rattan /var/spool/lpd/bamboo Now, users on orchid can print to rattan and bamboo. If, for example, a user on orchid typed &prompt.user; lpr -P bamboo -d sushi-review.dvi the LPD system on orchid would copy the job to the spooling directory /var/spool/lpd/bamboo and note that it was a DVI job. As soon as the host rose has room in its bamboo spooling directory, the two LPDs would transfer the file to rose. The file would wait in rose's queue until it was finally printed. It would be converted from DVI to &postscript; (since bamboo is a &postscript; printer) on rose. Printers with Networked Data Stream Interfaces Often, when you buy a network interface card for a printer, you can get two versions: one which emulates a spooler (the more expensive version), or one which just lets you send data to it as if you were using a serial or parallel port (the cheaper version). This section tells how to use the cheaper version. For the more expensive one, see the previous section Printers Installed on Remote Hosts. The format of the /etc/printcap file lets you specify what serial or parallel interface to use, and (if you are using a serial interface), what baud rate, whether to use flow control, delays for tabs, conversion of newlines, and more. But there is no way to specify a connection to a printer that is listening on a TCP/IP or other network port. To send data to a networked printer, you need to develop a communications program that can be called by the text and conversion filters. Here is one such example: the script netprint takes all data on standard input and sends it to a network-attached printer. We specify the hostname of the printer as the first argument and the port number to which to connect as the second argument to netprint. Note that this supports one-way communication only (FreeBSD to printer); many network printers support two-way communication, and you might want to take advantage of that (to get printer status, perform accounting, etc.). #!/usr/bin/perl # # netprint - Text filter for printer attached to network # Installed in /usr/local/libexec/netprint # $#ARGV eq 1 || die "Usage: $0 <printer-hostname> <port-number>"; $printer_host = $ARGV[0]; $printer_port = $ARGV[1]; require 'sys/socket.ph'; ($ignore, $ignore, $protocol) = getprotobyname('tcp'); ($ignore, $ignore, $ignore, $ignore, $address) = gethostbyname($printer_host); $sockaddr = pack('S n a4 x8', &AF_INET, $printer_port, $address); socket(PRINTER, &PF_INET, &SOCK_STREAM, $protocol) || die "Can't create TCP/IP stream socket: $!"; connect(PRINTER, $sockaddr) || die "Can't contact $printer_host: $!"; while (<STDIN>) { print PRINTER; } exit 0; We can then use this script in various filters. Suppose we had a Diablo 750-N line printer connected to the network. The printer accepts data to print on port number 5100. The host name of the printer is scrivener. Here is the text filter for the printer: #!/bin/sh # # diablo-if-net - Text filter for Diablo printer `scrivener' listening # on port 5100. Installed in /usr/local/libexec/diablo-if-net # exec /usr/libexec/lpr/lpf "$@" | /usr/local/libexec/netprint scrivener 5100 Restricting Printer Usage printers restricting access to This section gives information on restricting printer usage. The LPD system lets you control who can access a printer, both locally or remotely, whether they can print multiple copies, how large their jobs can be, and how large the printer queues can get. Restricting Multiple Copies The LPD system makes it easy for users to print multiple copies of a file. Users can print jobs with lpr -#5 (for example) and get five copies of each file in the job. Whether this is a good thing is up to you. If you feel multiple copies cause unnecessary wear and tear on your printers, you can disable the option to &man.lpr.1; by adding the sc capability to the /etc/printcap file. When users submit jobs with the option, they will see: lpr: multiple copies are not allowed Note that if you have set up access to a printer remotely (see section Printers Installed on Remote Hosts), you need the sc capability on the remote /etc/printcap files as well, or else users will still be able to submit multiple-copy jobs by using another host. Here is an example. This is the /etc/printcap file for the host rose. The printer rattan is quite hearty, so we will allow multiple copies, but the laser printer bamboo is a bit more delicate, so we will disable multiple copies by adding the sc capability: # # /etc/printcap for host rose - restrict multiple copies on bamboo # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:sc:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\ :if=/usr/local/libexec/psif:\ :df=/usr/local/libexec/psdf: Now, we also need to add the sc capability on the host orchid's /etc/printcap (and while we are at it, let us disable multiple copies for the printer teak): # # /etc/printcap for host orchid - no multiple copies for local # printer teak or remote printer bamboo teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\ :lp=/dev/lpt0:sd=/var/spool/lpd/teak:mx#0:sc:\ :if=/usr/local/libexec/ifhp:\ :vf=/usr/local/libexec/vfhp:\ :of=/usr/local/libexec/ofhp: rattan|line|diablo|lp|Diablo 630 Line Printer:\ :lp=:rm=rose:rp=rattan:sd=/var/spool/lpd/rattan: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :lp=:rm=rose:rp=bamboo:sd=/var/spool/lpd/bamboo:sc: By using the sc capability, we prevent the use of lpr -#, but that still does not prevent users from running &man.lpr.1; multiple times, or from submitting the same file multiple times in one job like this: &prompt.user; lpr forsale.sign forsale.sign forsale.sign forsale.sign forsale.sign There are many ways to prevent this abuse (including ignoring it) which you are free to explore. Restricting Access to Printers You can control who can print to what printers by using the &unix; group mechanism and the rg capability in /etc/printcap. Just place the users you want to have access to a printer in a certain group, and then name that group in the rg capability. Users outside the group (including root) will be greeted with lpr: Not a member of the restricted group if they try to print to the controlled printer. As with the sc (suppress multiple copies) capability, you need to specify rg on remote hosts that also have access to your printers, if you feel it is appropriate (see section Printers Installed on Remote Hosts). For example, we will let anyone access the printer rattan, but only those in group artists can use bamboo. Here is the familiar /etc/printcap for host rose: # # /etc/printcap for host rose - restricted group for bamboo # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\ :if=/usr/local/libexec/psif:\ :df=/usr/local/libexec/psdf: Let us leave the other example /etc/printcap file (for the host orchid) alone. Of course, anyone on orchid can print to bamboo. It might be the case that we only allow certain logins on orchid anyway, and want them to have access to the printer. Or not. There can be only one restricted group per printer. Controlling Sizes of Jobs Submitted print jobs If you have many users accessing the printers, you probably need to put an upper limit on the sizes of the files users can submit to print. After all, there is only so much free space on the filesystem that houses the spooling directories, and you also need to make sure there is room for the jobs of other users. print jobs controlling LPD enables you to limit the maximum byte size a file in a job can be with the mx capability. The units are in BUFSIZ blocks, which are 1024 bytes. If you put a zero for this capability, there will be no limit on file size; however, if no mx capability is specified, then a default limit of 1000 blocks will be used. The limit applies to files in a job, and not the total job size. LPD will not refuse a file that is larger than the limit you place on a printer. Instead, it will queue as much of the file up to the limit, which will then get printed. The rest will be discarded. Whether this is correct behavior is up for debate. Let us add limits to our example printers rattan and bamboo. Since those artists' &postscript; files tend to be large, we will limit them to five megabytes. We will put no limit on the plain text line printer: # # /etc/printcap for host rose # # # No limit on job size: # rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:mx#0:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple: # # Limit of five megabytes: # bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:\ :if=/usr/local/libexec/psif:\ :df=/usr/local/libexec/psdf: Again, the limits apply to the local users only. If you have set up access to your printers remotely, remote users will not get those limits. You will need to specify the mx capability in the remote /etc/printcap files as well. See section Printers Installed on Remote Hosts for more information on remote printing. There is another specialized way to limit job sizes from remote printers; see section Restricting Jobs from Remote Printers. Restricting Jobs from Remote Printers The LPD spooling system provides several ways to restrict print jobs submitted from remote hosts: Host restrictions You can control from which remote hosts a local LPD accepts requests with the files /etc/hosts.equiv and /etc/hosts.lpd. LPD checks to see if an incoming request is from a host listed in either one of these files. If not, LPD refuses the request. The format of these files is simple: one host name per line. Note that the file /etc/hosts.equiv is also used by the &man.ruserok.3; protocol, and affects programs like &man.rsh.1; and &man.rcp.1;, so be careful. For example, here is the /etc/hosts.lpd file on the host rose: orchid violet madrigal.fishbaum.de This means rose will accept requests from the hosts orchid, violet, and madrigal.fishbaum.de. If any other host tries to access rose's LPD, the job will be refused. Size restrictions You can control how much free space there needs to remain on the filesystem where a spooling directory resides. Make a file called minfree in the spooling directory for the local printer. Insert in that file a number representing how many disk blocks (512 bytes) of free space there has to be for a remote job to be accepted. This lets you insure that remote users will not fill your filesystem. You can also use it to give a certain priority to local users: they will be able to queue jobs long after the free disk space has fallen below the amount specified in the minfree file. For example, let us add a minfree file for the printer bamboo. We examine /etc/printcap to find the spooling directory for this printer; here is bamboo's entry: bamboo|ps|PS|S|panasonic|Panasonic KX-P4455 PostScript v51.4:\ :sh:sd=/var/spool/lpd/bamboo:sc:rg=artists:mx#5000:\ :lp=/dev/ttyd5:ms#-parenb cs8 clocal crtscts:rw:mx#5000:\ :if=/usr/local/libexec/psif:\ :df=/usr/local/libexec/psdf: The spooling directory is given in the sd capability. We will make three megabytes (which is 6144 disk blocks) the amount of free disk space that must exist on the filesystem for LPD to accept remote jobs: &prompt.root; echo 6144 > /var/spool/lpd/bamboo/minfree User restrictions You can control which remote users can print to local printers by specifying the rs capability in /etc/printcap. When rs appears in the entry for a locally-attached printer, LPD will accept jobs from remote hosts if the user submitting the job also has an account of the same login name on the local host. Otherwise, LPD refuses the job. This capability is particularly useful in an environment where there are (for example) different departments sharing a network, and some users transcend departmental boundaries. By giving them accounts on your systems, they can use your printers from their own departmental systems. If you would rather allow them to use only your printers and not your computer resources, you can give them token accounts, with no home directory and a useless shell like /usr/bin/false. Accounting for Printer Usage accounting printer So, you need to charge for printouts. And why not? Paper and ink cost money. And then there are maintenance costs—printers are loaded with moving parts and tend to break down. You have examined your printers, usage patterns, and maintenance fees and have come up with a per-page (or per-foot, per-meter, or per-whatever) cost. Now, how do you actually start accounting for printouts? Well, the bad news is the LPD spooling system does not provide much help in this department. Accounting is highly dependent on the kind of printer in use, the formats being printed, and your requirements in charging for printer usage. To implement accounting, you have to modify a printer's text filter (to charge for plain text jobs) and the conversion filters (to charge for other file formats), to count pages or query the printer for pages printed. You cannot get away with using the simple output filter, since it cannot do accounting. See section Filters. Generally, there are two ways to do accounting: Periodic accounting is the more common way, possibly because it is easier. Whenever someone prints a job, the filter logs the user, host, and number of pages to an accounting file. Every month, semester, year, or whatever time period you prefer, you collect the accounting files for the various printers, tally up the pages printed by users, and charge for usage. Then you truncate all the logging files, starting with a clean slate for the next period. Timely accounting is less common, probably because it is more difficult. This method has the filters charge users for printouts as soon as they use the printers. Like disk quotas, the accounting is immediate. You can prevent users from printing when their account goes in the red, and might provide a way for users to check and adjust their print quotas. But this method requires some database code to track users and their quotas. The LPD spooling system supports both methods easily: since you have to provide the filters (well, most of the time), you also have to provide the accounting code. But there is a bright side: you have enormous flexibility in your accounting methods. For example, you choose whether to use periodic or timely accounting. You choose what information to log: user names, host names, job types, pages printed, square footage of paper used, how long the job took to print, and so forth. And you do so by modifying the filters to save this information. Quick and Dirty Printer Accounting FreeBSD comes with two programs that can get you set up with simple periodic accounting right away. They are the text filter lpf, described in section lpf: a Text Filter, and &man.pac.8;, a program to gather and total entries from printer accounting files. As mentioned in the section on filters (Filters), LPD starts the text and the conversion filters with the name of the accounting file to use on the filter command line. The filters can use this argument to know where to write an accounting file entry. The name of this file comes from the af capability in /etc/printcap, and if not specified as an absolute path, is relative to the spooling directory. LPD starts lpf with page width and length arguments (from the pw and pl capabilities). lpf uses these arguments to determine how much paper will be used. After sending the file to the printer, it then writes an accounting entry in the accounting file. The entries look like this: 2.00 rose:andy 3.00 rose:kelly 3.00 orchid:mary 5.00 orchid:mary 2.00 orchid:zhang You should use a separate accounting file for each printer, as lpf has no file locking logic built into it, and two lpfs might corrupt each other's entries if they were to write to the same file at the same time. An easy way to insure a separate accounting file for each printer is to use af=acct in /etc/printcap. Then, each accounting file will be in the spooling directory for a printer, in a file named acct. When you are ready to charge users for printouts, run the &man.pac.8; program. Just change to the spooling directory for the printer you want to collect on and type pac. You will get a dollar-centric summary like the following: Login pages/feet runs price orchid:kelly 5.00 1 $ 0.10 orchid:mary 31.00 3 $ 0.62 orchid:zhang 9.00 1 $ 0.18 rose:andy 2.00 1 $ 0.04 rose:kelly 177.00 104 $ 3.54 rose:mary 87.00 32 $ 1.74 rose:root 26.00 12 $ 0.52 total 337.00 154 $ 6.74 These are the arguments &man.pac.8; expects: Which printer to summarize. This option works only if there is an absolute path in the af capability in /etc/printcap. Sort the output by cost instead of alphabetically by user name. Ignore host name in the accounting files. With this option, user smith on host alpha is the same user smith on host gamma. Without, they are different users. Compute charges with price dollars per page or per foot instead of the price from the pc capability in /etc/printcap, or two cents (the default). You can specify price as a floating point number. Reverse the sort order. Make an accounting summary file and truncate the accounting file. name Print accounting information for the given user names only. In the default summary that &man.pac.8; produces, you see the number of pages printed by each user from various hosts. If, at your site, host does not matter (because users can use any host), run pac -m, to produce the following summary: Login pages/feet runs price andy 2.00 1 $ 0.04 kelly 182.00 105 $ 3.64 mary 118.00 35 $ 2.36 root 26.00 12 $ 0.52 zhang 9.00 1 $ 0.18 total 337.00 154 $ 6.74 To compute the dollar amount due, &man.pac.8; uses the pc capability in the /etc/printcap file (default of 200, or 2 cents per page). Specify, in hundredths of cents, the price per page or per foot you want to charge for printouts in this capability. You can override this value when you run &man.pac.8; with the option. The units for the option are in dollars, though, not hundredths of cents. For example, &prompt.root; pac -p1.50 makes each page cost one dollar and fifty cents. You can really rake in the profits by using this option. Finally, running pac -s will save the summary information in a summary accounting file, which is named the same as the printer's accounting file, but with _sum appended to the name. It then truncates the accounting file. When you run &man.pac.8; again, it rereads the summary file to get starting totals, then adds information from the regular accounting file. How Can You Count Pages Printed? In order to perform even remotely accurate accounting, you need to be able to determine how much paper a job uses. This is the essential problem of printer accounting. For plain text jobs, the problem is not that hard to solve: you count how many lines are in a job and compare it to how many lines per page your printer supports. Do not forget to take into account backspaces in the file which overprint lines, or long logical lines that wrap onto one or more additional physical lines. The text filter lpf (introduced in lpf: a Text Filter) takes into account these things when it does accounting. If you are writing a text filter which needs to do accounting, you might want to examine lpf's source code. How do you handle other file formats, though? Well, for DVI-to-LaserJet or DVI-to-&postscript; conversion, you can have your filter parse the diagnostic output of dvilj or dvips and look to see how many pages were converted. You might be able to do similar things with other file formats and conversion programs. But these methods suffer from the fact that the printer may not actually print all those pages. For example, it could jam, run out of toner, or explode—and the user would still get charged. So, what can you do? There is only one sure way to do accurate accounting. Get a printer that can tell you how much paper it uses, and attach it via a serial line or a network connection. Nearly all &postscript; printers support this notion. Other makes and models do as well (networked Imagen laser printers, for example). Modify the filters for these printers to get the page usage after they print each job and have them log accounting information based on that value only. There is no line counting nor error-prone file examination required. Of course, you can always be generous and make all printouts free. Using Printers printers usage This section tells you how to use printers you have set up with FreeBSD. Here is an overview of the user-level commands: &man.lpr.1; Print jobs &man.lpq.1; Check printer queues &man.lprm.1; Remove jobs from a printer's queue There is also an administrative command, &man.lpc.8;, described in the section Administering Printers, used to control printers and their queues. All three of the commands &man.lpr.1;, &man.lprm.1;, and &man.lpq.1; accept an option to specify on which printer/queue to operate, as listed in the /etc/printcap file. This enables you to submit, remove, and check on jobs for various printers. If you do not use the option, then these commands use the printer specified in the PRINTER environment variable. Finally, if you do not have a PRINTER environment variable, these commands default to the printer named lp. Hereafter, the terminology default printer means the printer named in the PRINTER environment variable, or the printer named lp when there is no PRINTER environment variable. Printing Jobs To print files, type: &prompt.user; lpr filename ... printing This prints each of the listed files to the default printer. If you list no files, &man.lpr.1; reads data to print from standard input. For example, this command prints some important system files: &prompt.user; lpr /etc/host.conf /etc/hosts.equiv To select a specific printer, type: &prompt.user; lpr -P printer-name filename ... This example prints a long listing of the current directory to the printer named rattan: &prompt.user; ls -l | lpr -P rattan Because no files were listed for the &man.lpr.1; command, lpr read the data to print from standard input, which was the output of the ls -l command. The &man.lpr.1; command can also accept a wide variety of options to control formatting, apply file conversions, generate multiple copies, and so forth. For more information, see the section Printing Options. Checking Jobs print jobs When you print with &man.lpr.1;, the data you wish to print is put together in a package called a print job, which is sent to the LPD spooling system. Each printer has a queue of jobs, and your job waits in that queue along with other jobs from yourself and from other users. The printer prints those jobs in a first-come, first-served order. To display the queue for the default printer, type &man.lpq.1;. For a specific printer, use the option. For example, the command &prompt.user; lpq -P bamboo shows the queue for the printer named bamboo. Here is an example of the output of the lpq command: bamboo is ready and printing Rank Owner Job Files Total Size active kelly 9 /etc/host.conf, /etc/hosts.equiv 88 bytes 2nd kelly 10 (standard input) 1635 bytes 3rd mary 11 ... 78519 bytes This shows three jobs in the queue for bamboo. The first job, submitted by user kelly, got assigned job number 9. Every job for a printer gets a unique job number. Most of the time you can ignore the job number, but you will need it if you want to cancel the job; see section Removing Jobs for details. Job number nine consists of two files; multiple files given on the &man.lpr.1; command line are treated as part of a single job. It is the currently active job (note the word active under the Rank column), which means the printer should be currently printing that job. The second job consists of data passed as the standard input to the &man.lpr.1; command. The third job came from user mary; it is a much larger job. The pathname of the file she is trying to print is too long to fit, so the &man.lpq.1; command just shows three dots. The very first line of the output from &man.lpq.1; is also useful: it tells what the printer is currently doing (or at least what LPD thinks the printer is doing). The &man.lpq.1; command also support a option to generate a detailed long listing. Here is an example of lpq -l: waiting for bamboo to become ready (offline ?) kelly: 1st [job 009rose] /etc/host.conf 73 bytes /etc/hosts.equiv 15 bytes kelly: 2nd [job 010rose] (standard input) 1635 bytes mary: 3rd [job 011rose] /home/orchid/mary/research/venus/alpha-regio/mapping 78519 bytes Removing Jobs If you change your mind about printing a job, you can remove the job from the queue with the &man.lprm.1; command. Often, you can even use &man.lprm.1; to remove an active job, but some or all of the job might still get printed. To remove a job from the default printer, first use &man.lpq.1; to find the job number. Then type: &prompt.user; lprm job-number To remove the job from a specific printer, add the option. The following command removes job number 10 from the queue for the printer bamboo: &prompt.user; lprm -P bamboo 10 The &man.lprm.1; command has a few shortcuts: lprm - Removes all jobs (for the default printer) belonging to you. lprm user Removes all jobs (for the default printer) belonging to user. The superuser can remove other users' jobs; you can remove only your own jobs. lprm With no job number, user name, or appearing on the command line, &man.lprm.1; removes the currently active job on the default printer, if it belongs to you. The superuser can remove any active job. Just use the option with the above shortcuts to operate on a specific printer instead of the default. For example, the following command removes all jobs for the current user in the queue for the printer named rattan: &prompt.user; lprm -P rattan - If you are working in a networked environment, &man.lprm.1; will let you remove jobs only from the host from which the jobs were submitted, even if the same printer is available from other hosts. The following command sequence demonstrates this: &prompt.user; lpr -P rattan myfile &prompt.user; rlogin orchid &prompt.user; lpq -P rattan Rank Owner Job Files Total Size active seeyan 12 ... 49123 bytes 2nd kelly 13 myfile 12 bytes &prompt.user; lprm -P rattan 13 rose: Permission denied &prompt.user; logout &prompt.user; lprm -P rattan 13 dfA013rose dequeued cfA013rose dequeued Beyond Plain Text: Printing Options The &man.lpr.1; command supports a number of options that control formatting text, converting graphic and other file formats, producing multiple copies, handling of the job, and more. This section describes the options. Formatting and Conversion Options The following &man.lpr.1; options control formatting of the files in the job. Use these options if the job does not contain plain text or if you want plain text formatted through the &man.pr.1; utility. &tex; For example, the following command prints a DVI file (from the &tex; typesetting system) named fish-report.dvi to the printer named bamboo: &prompt.user; lpr -P bamboo -d fish-report.dvi These options apply to every file in the job, so you cannot mix (say) DVI and ditroff files together in a job. Instead, submit the files as separate jobs, using a different conversion option for each job. All of these options except and require conversion filters installed for the destination printer. For example, the option requires the DVI conversion filter. Section Conversion Filters gives details. Print cifplot files. Print DVI files. Print FORTRAN text files. Print plot data. Indent the output by number columns; if you omit number, indent by 8 columns. This option works only with certain conversion filters. Do not put any space between the and the number. Print literal text data, including control characters. Print ditroff (device independent troff) data. -p Format plain text with &man.pr.1; before printing. See &man.pr.1; for more information. Use title on the &man.pr.1; header instead of the file name. This option has effect only when used with the option. Print troff data. Print raster data. Here is an example: this command prints a nicely formatted version of the &man.ls.1; manual page on the default printer: &prompt.user; zcat /usr/share/man/man1/ls.1.gz | troff -t -man | lpr -t The &man.zcat.1; command uncompresses the source of the &man.ls.1; manual page and passes it to the &man.troff.1; command, which formats that source and makes GNU troff output and passes it to &man.lpr.1;, which submits the job to the LPD spooler. Because we used the option to &man.lpr.1;, the spooler will convert the GNU troff output into a format the default printer can understand when it prints the job. Job Handling Options The following options to &man.lpr.1; tell LPD to handle the job specially: -# copies Produce a number of copies of each file in the job instead of just one copy. An administrator may disable this option to reduce printer wear-and-tear and encourage photocopier usage. See section Restricting Multiple Copies. This example prints three copies of parser.c followed by three copies of parser.h to the default printer: &prompt.user; lpr -#3 parser.c parser.h -m Send mail after completing the print job. With this option, the LPD system will send mail to your account when it finishes handling your job. In its message, it will tell you if the job completed successfully or if there was an error, and (often) what the error was. -s Do not copy the files to the spooling directory, but make symbolic links to them instead. If you are printing a large job, you probably want to use this option. It saves space in the spooling directory (your job might overflow the free space on the filesystem where the spooling directory resides). It saves time as well since LPD will not have to copy each and every byte of your job to the spooling directory. There is a drawback, though: since LPD will refer to the original files directly, you cannot modify or remove them until they have been printed. If you are printing to a remote printer, LPD will eventually have to copy files from the local host to the remote host, so the option will save space only on the local spooling directory, not the remote. It is still useful, though. -r Remove the files in the job after copying them to the spooling directory, or after printing them with the option. Be careful with this option! Header Page Options These options to &man.lpr.1; adjust the text that normally appears on a job's header page. If header pages are suppressed for the destination printer, these options have no effect. See section Header Pages for information about setting up header pages. -C text Replace the hostname on the header page with text. The hostname is normally the name of the host from which the job was submitted. -J text Replace the job name on the header page with text. The job name is normally the name of the first file of the job, or stdin if you are printing standard input. -h Do not print any header page. At some sites, this option may have no effect due to the way header pages are generated. See Header Pages for details. Administering Printers As an administrator for your printers, you have had to install, set up, and test them. Using the &man.lpc.8; command, you can interact with your printers in yet more ways. With &man.lpc.8;, you can Start and stop the printers Enable and disable their queues Rearrange the order of the jobs in each queue. First, a note about terminology: if a printer is stopped, it will not print anything in its queue. Users can still submit jobs, which will wait in the queue until the printer is started or the queue is cleared. If a queue is disabled, no user (except root) can submit jobs for the printer. An enabled queue allows jobs to be submitted. A printer can be started for a disabled queue, in which case it will continue to print jobs in the queue until the queue is empty. In general, you have to have root privileges to use the &man.lpc.8; command. Ordinary users can use the &man.lpc.8; command to get printer status and to restart a hung printer only. Here is a summary of the &man.lpc.8; commands. Most of the commands take a printer-name argument to tell on which printer to operate. You can use all for the printer-name to mean all printers listed in /etc/printcap. abort printer-name Cancel the current job and stop the printer. Users can still submit jobs if the queue is enabled. clean printer-name Remove old files from the printer's spooling directory. Occasionally, the files that make up a job are not properly removed by LPD, particularly if there have been errors during printing or a lot of administrative activity. This command finds files that do not belong in the spooling directory and removes them. disable printer-name Disable queuing of new jobs. If the printer is running, it will continue to print any jobs remaining in the queue. The superuser (root) can always submit jobs, even to a disabled queue. This command is useful while you are testing a new printer or filter installation: disable the queue and submit jobs as root. Other users will not be able to submit jobs until you complete your testing and re-enable the queue with the enable command. down printer-name message Take a printer down. Equivalent to disable followed by stop. The message appears as the printer's status whenever a user checks the printer's queue with &man.lpq.1; or status with lpc status. enable printer-name Enable the queue for a printer. Users can submit jobs but the printer will not print anything until it is started. help command-name Print help on the command command-name. With no command-name, print a summary of the commands available. restart printer-name Start the printer. Ordinary users can use this command if some extraordinary circumstance hangs LPD, but they cannot start a printer stopped with either the stop or down commands. The restart command is equivalent to abort followed by start. start printer-name Start the printer. The printer will print jobs in its queue. stop printer-name Stop the printer. The printer will finish the current job and will not print anything else in its queue. Even though the printer is stopped, users can still submit jobs to an enabled queue. topq printer-name job-or-username Rearrange the queue for printer-name by placing the jobs with the listed job numbers or the jobs belonging to username at the top of the queue. For this command, you cannot use all as the printer-name. up printer-name Bring a printer up; the opposite of the down command. Equivalent to start followed by enable. &man.lpc.8; accepts the above commands on the command line. If you do not enter any commands, &man.lpc.8; enters an interactive mode, where you can enter commands until you type exit, quit, or end-of-file. Alternatives to the Standard Spooler If you have been reading straight through this manual, by now you have learned just about everything there is to know about the LPD spooling system that comes with FreeBSD. You can probably appreciate many of its shortcomings, which naturally leads to the question: What other spooling systems are out there (and work with FreeBSD)? LPRng LPRng LPRng, which purportedly means LPR: the Next Generation is a complete rewrite of PLP. Patrick Powell and Justin Mason (the principal maintainer of PLP) collaborated to make LPRng. The main site for LPRng is . CUPS CUPS CUPS, the Common UNIX Printing System, provides a portable printing layer for &unix;-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all &unix; vendors and users. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues. The Line Printer Daemon (LPD), Server Message Block (SMB), and AppSocket (a.k.a. JetDirect) protocols are also supported with reduced functionality. CUPS adds network printer browsing and PostScript Printer Description (PPD) based printing options to support real-world printing under &unix;. The main site for CUPS is . Troubleshooting After performing the simple test with &man.lptest.1;, you might have gotten one of the following results instead of the correct printout: It worked, after awhile; or, it did not eject a full sheet. The printer printed the above, but it sat for awhile and did nothing. In fact, you might have needed to press a PRINT REMAINING or FORM FEED button on the printer to get any results to appear. If this is the case, the printer was probably waiting to see if there was any more data for your job before it printed anything. To fix this problem, you can have the text filter send a FORM FEED character (or whatever is necessary) to the printer. This is usually sufficient to have the printer immediately print any text remaining in its internal buffer. It is also useful to make sure each print job ends on a full sheet, so the next job does not start somewhere on the middle of the last page of the previous job. The following replacement for the shell script /usr/local/libexec/if-simple prints a form feed after it sends the job to the printer: #!/bin/sh # # if-simple - Simple text input filter for lpd # Installed in /usr/local/libexec/if-simple # # Simply copies stdin to stdout. Ignores all filter arguments. # Writes a form feed character (\f) after printing job. /bin/cat && printf "\f" && exit 0 exit 2 It produced the staircase effect. You got the following on paper: !"#$%&'()*+,-./01234 "#$%&'()*+,-./012345 #$%&'()*+,-./0123456 MS-DOS OS/2 ASCII You have become another victim of the staircase effect, caused by conflicting interpretations of what characters should indicate a new line. &unix; style operating systems use a single character: ASCII code 10, the line feed (LF). &ms-dos;, &os2;, and others uses a pair of characters, ASCII code 10 and ASCII code 13 (the carriage return or CR). Many printers use the &ms-dos; convention for representing new-lines. When you print with FreeBSD, your text used just the line feed character. The printer, upon seeing a line feed character, advanced the paper one line, but maintained the same horizontal position on the page for the next character to print. That is what the carriage return is for: to move the location of the next character to print to the left edge of the paper. Here is what FreeBSD wants your printer to do: Printer received CR Printer prints CR Printer received LF Printer prints CR + LF Here are some ways to achieve this: Use the printer's configuration switches or control panel to alter its interpretation of these characters. Check your printer's manual to find out how to do this. If you boot your system into other operating systems besides FreeBSD, you may have to reconfigure the printer to use a an interpretation for CR and LF characters that those other operating systems use. You might prefer one of the other solutions, below. Have FreeBSD's serial line driver automatically convert LF to CR+LF. Of course, this works with printers on serial ports only. To enable this feature, use the ms# capability and set the onlcr mode in the /etc/printcap file for the printer. Send an escape code to the printer to have it temporarily treat LF characters differently. Consult your printer's manual for escape codes that your printer might support. When you find the proper escape code, modify the text filter to send the code first, then send the print job. PCL Here is an example text filter for printers that understand the Hewlett-Packard PCL escape codes. This filter makes the printer treat LF characters as a LF and CR; then it sends the job; then it sends a form feed to eject the last page of the job. It should work with nearly all Hewlett Packard printers. #!/bin/sh # # hpif - Simple text input filter for lpd for HP-PCL based printers # Installed in /usr/local/libexec/hpif # # Simply copies stdin to stdout. Ignores all filter arguments. # Tells printer to treat LF as CR+LF. Ejects the page when done. printf "\033&k2G" && cat && printf "\033&l0H" && exit 0 exit 2 Here is an example /etc/printcap from a host called orchid. It has a single printer attached to its first parallel port, a Hewlett Packard LaserJet 3Si named teak. It is using the above script as its text filter: # # /etc/printcap for host orchid # teak|hp|laserjet|Hewlett Packard LaserJet 3Si:\ :lp=/dev/lpt0:sh:sd=/var/spool/lpd/teak:mx#0:\ :if=/usr/local/libexec/hpif: It overprinted each line. The printer never advanced a line. All of the lines of text were printed on top of each other on one line. This problem is the opposite of the staircase effect, described above, and is much rarer. Somewhere, the LF characters that FreeBSD uses to end a line are being treated as CR characters to return the print location to the left edge of the paper, but not also down a line. Use the printer's configuration switches or control panel to enforce the following interpretation of LF and CR characters: Printer receives Printer prints CR CR LF CR + LF The printer lost characters. While printing, the printer did not print a few characters in each line. The problem might have gotten worse as the printer ran, losing more and more characters. The problem is that the printer cannot keep up with the speed at which the computer sends data over a serial line (this problem should not occur with printers on parallel ports). There are two ways to overcome the problem: If the printer supports XON/XOFF flow control, have FreeBSD use it by specifying the ixon mode in the ms# capability. If the printer supports carrier flow control, specify the crtscts mode in the ms# capability. Make sure the cable connecting the printer to the computer is correctly wired for carrier flow control. It printed garbage. The printer printed what appeared to be random garbage, but not the desired text. This is usually another symptom of incorrect communications parameters with a serial printer. Double-check the bps rate in the br capability, and the parity setting in the ms# capability; make sure the printer is using the same settings as specified in the /etc/printcap file. Nothing happened. If nothing happened, the problem is probably within FreeBSD and not the hardware. Add the log file (lf) capability to the entry for the printer you are debugging in the /etc/printcap file. For example, here is the entry for rattan, with the lf capability: rattan|line|diablo|lp|Diablo 630 Line Printer:\ :sh:sd=/var/spool/lpd/rattan:\ :lp=/dev/lpt0:\ :if=/usr/local/libexec/if-simple:\ :lf=/var/log/rattan.log Then, try printing again. Check the log file (in our example, /var/log/rattan.log) to see any error messages that might appear. Based on the messages you see, try to correct the problem. If you do not specify a lf capability, LPD uses /dev/console as a default.