svn commit: r40856 - head/en_US.ISO8859-1/books/handbook/basics
Dru Lavigne
dru at FreeBSD.org
Fri Feb 1 17:03:42 UTC 2013
Author: dru
Date: Fri Feb 1 17:03:41 2013
New Revision: 40856
URL: http://svnweb.freebsd.org/changeset/doc/40856
Log:
This patch addresses the following:
- replaces FreeBSD with &os;
- rewording to address "you", redundancy, poor grammar, and verbosity
- the console/login prompt was updated to amd64
Approved by: bcr (mentor)
Modified:
head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Feb 1 15:57:20 2013 (r40855)
+++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Feb 1 17:03:41 2013 (r40856)
@@ -22,24 +22,22 @@
<sect1 id="basics-synopsis">
<title>Synopsis</title>
- <para>The following chapter will cover the basic commands and
- functionality of the FreeBSD operating system. Much of this
- material is relevant for any &unix;-like operating system. Feel
- free to skim over this chapter if you are familiar with the
- material. If you are new to FreeBSD, then you will definitely
- want to read through this chapter carefully.</para>
+ <para>This chapter covers the basic commands and functionality of
+ the &os; operating system. Much of this material is relevant
+ for any &unix;-like operating system. New &os; users are
+ encouraged to read through this chapter carefully.</para>
<para>After reading this chapter, you will know:</para>
<itemizedlist>
<listitem>
<para>How to use the <quote>virtual consoles</quote> of
- FreeBSD.</para>
+ &os;.</para>
</listitem>
<listitem>
- <para>How &unix; file permissions work along with
- understanding file flags in &os;.</para>
+ <para>How &unix; file permissions and &os; file flags
+ work.</para>
</listitem>
<listitem>
@@ -87,186 +85,128 @@
<indexterm><primary>virtual consoles</primary></indexterm>
<indexterm><primary>terminals</primary></indexterm>
- <para>FreeBSD can be used in various ways. One of them is typing
+ <para>&os; can be used in various ways. One of them is typing
commands to a text terminal. A lot of the flexibility and power
of a &unix; operating system is readily available at your hands
- when using FreeBSD this way. This section describes what
+ when using &os; this way. This section describes what
<quote>terminals</quote> and <quote>consoles</quote> are, and
- how you can use them in FreeBSD.</para>
+ how you can use them in &os;.</para>
<sect2 id="consoles-intro">
<title>The Console</title>
<indexterm><primary>console</primary></indexterm>
- <para>If you have not configured FreeBSD to automatically start
- a graphical environment during startup, the system will
- present you with a login prompt after it boots, right after
- the startup scripts finish running. You will see something
- similar to:</para>
-
- <screen>Additional ABI support:.
-Local package initialization:.
-Additional TCP options:.
-
-Fri Sep 20 13:01:06 EEST 2002
+ <para>Unless &os; has been configured to automatically start
+ a graphical environment during startup, the system will boot
+ into a command line login prompt, as seen in this
+ example:</para>
-FreeBSD/i386 (pc3.example.org) (ttyv0)
+ <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0)
login:</screen>
- <para>The messages might be a bit different on your system, but
- you will see something similar. The last two lines are what
- we are interested in right now. The second last line
- reads:</para>
-
- <programlisting>FreeBSD/i386 (pc3.example.org) (ttyv0)</programlisting>
-
- <para>This line contains some bits of information about the
- system you have just booted. You are looking at a
- <quote>FreeBSD</quote> console, running on an Intel or
- compatible processor of the x86 architecture<footnote>
- <para>This is what <literal>i386</literal> means. Note that
- even if you are not running FreeBSD on an Intel 386 CPU,
- this is going to be <literal>i386</literal>. It is not
- the type of your processor, but the processor
- <quote>architecture</quote> that is shown here.</para>
- </footnote>. The name of this machine (every &unix; machine
- has a name) is <hostid>pc3.example.org</hostid>, and you are
- now looking at its system console—the
- <devicename>ttyv0</devicename> terminal.</para>
-
- <para>Finally, the last line is always:</para>
-
- <programlisting>login:</programlisting>
-
- <para>This is the part where you are supposed to type in your
- <quote>username</quote> to log into FreeBSD. The next section
- describes how you can do this.</para>
+ <para>The first line contains some information about the
+ system. The <literal>amd64</literal> indicates that the
+ system in this example is running a 64-bit version of &os;.
+ The hostname is <hostid>pc3.example.org</hostid>, and
+ <devicename>ttyv0</devicename> indicates that this is the
+ system console.</para>
+
+ <para>The second line is the login prompt. The next section
+ describes how to log into &os; at this prompt.</para>
</sect2>
<sect2 id="consoles-login">
- <title>Logging into FreeBSD</title>
+ <title>Logging into &os;</title>
- <para>FreeBSD is a multiuser, multiprocessing system. This is
+ <para>&os; is a multiuser, multiprocessing system. This is
the formal description that is usually given to a system that
can be used by many different people, who simultaneously run a
lot of programs on a single machine.</para>
<para>Every multiuser system needs some way to distinguish one
- <quote>user</quote> from the rest. In FreeBSD (and all the
+ <quote>user</quote> from the rest. In &os; (and all the
&unix;-like operating systems), this is accomplished by
requiring that every user must <quote>log into</quote> the
system before being able to run programs. Every user has a
unique name (the <quote>username</quote>) and a personal,
- secret key (the <quote>password</quote>). FreeBSD will ask
+ secret key (the <quote>password</quote>). &os; will ask
for these two before allowing a user to run any
programs.</para>
<indexterm><primary>startup scripts</primary></indexterm>
- <para>Right after FreeBSD boots and finishes running its startup
- scripts<footnote>
- <para>Startup scripts are programs that are run
- automatically by FreeBSD when booting. Their main
- function is to set things up for everything else to run,
- and start any services that you have configured to run in
- the background doing useful things.</para>
- </footnote>, it will present you with a prompt and ask for a
- valid username:</para>
+ <para>When a &os; system boots, startup scripts are
+ automatically executed in order to prepare the system and to
+ start any services which have been configured to start at
+ system boot. Once the system finishes running its startup
+ scripts, it will present a login prompt:</para>
<screen>login:</screen>
- <para>For the sake of this example, let us assume that your
- username is <username>john</username>. Type
- <literal>john</literal> at this prompt and press
- <keycap>Enter</keycap>. You should then be presented with a
- prompt to enter a <quote>password</quote>:</para>
-
- <screen>login: <userinput>john</userinput>
-Password:</screen>
-
- <para>Type in <username>john</username>'s password now, and
- press <keycap>Enter</keycap>. The password is
- <emphasis>not echoed!</emphasis> You need not worry about this
- right now. Suffice it to say that it is done for security
+ <para>Type the username that was configured during <link
+ linkend="bsdinstall-addusers">system installation</link> and
+ press <keycap>Enter</keycap>. Then enter the password
+ associated with the username and press <keycap>Enter</keycap>.
+ The password is <emphasis>not echoed</emphasis> for security
reasons.</para>
- <para>If you have typed your password correctly, you should by
- now be logged into FreeBSD and ready to try out all the
+ <para>Once the correct password is input, the message of
+ the day (<acronym>MOTD</acronym>) will be displayed followed
+ by a command prompt (a <literal>#</literal>,
+ <literal>$</literal>, or <literal>%</literal> character). You
+ are now logged into the &os; console and ready to try the
available commands.</para>
-
- <para>You should see the <acronym>MOTD</acronym> or message of
- the day followed by a command prompt (a <literal>#</literal>,
- <literal>$</literal>, or <literal>%</literal> character).
- This indicates you have successfully logged into
- FreeBSD.</para>
</sect2>
<sect2 id="consoles-virtual">
- <title>Multiple Consoles</title>
+ <title>Virtual Consoles</title>
- <para>Running &unix; commands in one console is fine, but
- FreeBSD can run many programs at once. Having one console
- where commands can be typed would be a bit of a waste when an
- operating system like FreeBSD can run dozens of programs at
- the same time. This is where <quote>virtual consoles</quote>
- can be very helpful.</para>
-
- <para>FreeBSD can be configured to present you with many
- different virtual consoles. You can switch from one of them
- to any other virtual console by pressing a couple of keys on
- your keyboard. Each console has its own different output
- channel, and FreeBSD takes care of properly redirecting
- keyboard input and monitor output as you switch from one
- virtual console to the next.</para>
-
- <para>Special key combinations have been reserved by FreeBSD for
- switching consoles<footnote>
- <para>A fairly technical and accurate description of all the
- details of the FreeBSD console and keyboard drivers can be
- found in the manual pages of &man.syscons.4;,
- &man.atkbd.4;, &man.vidcontrol.1; and &man.kbdcontrol.1;.
- We will not expand on the details here, but the interested
- reader can always consult the manual pages for a more
- detailed and thorough explanation of how things
- work.</para>
- </footnote>. You can use
+ <para>&os; can be configured to provide many virtual consoles
+ for inputting commands. Each virtual console has its own
+ login prompt and output channel, and &os; takes care of
+ properly redirecting keyboard input and monitor output as you
+ switch between virtual consoles.</para>
+
+ <para>Special key combinations have been reserved by &os; for
+ switching consoles.<footnote>
+ <para>Refer to &man.syscons.4;, &man.atkbd.4;,
+ &man.vidcontrol.1; and &man.kbdcontrol.1; for a more
+ technical description of the &os; console and its keyboard
+ drivers.</para></footnote>. Use
<keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>,
<keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>,
through
<keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo>
- to switch to a different virtual console in FreeBSD.</para>
+ to switch to a different virtual console in &os;.</para>
- <para>As you are switching from one console to the next, FreeBSD
- takes care of saving and restoring the screen output. The
- result is an <quote>illusion</quote> of having multiple
- <quote>virtual</quote> screens and keyboards that you can use
- to type commands for FreeBSD to run. The programs that you
- launch on one virtual console do not stop running when that
- console is not visible. They continue running when you have
- switched to a different virtual console.</para>
+ <para>When switching from one console to the next, &os; takes
+ care of saving and restoring the screen output. The result is
+ an <quote>illusion</quote> of having multiple
+ <quote>virtual</quote> screens and keyboards that can be used
+ to type commands for &os; to run. The programs that are
+ launched in one virtual console do not stop running when that
+ console is not visible because the user has switched to a
+ different virtual console.</para>
</sect2>
<sect2 id="consoles-ttys">
<title>The <filename>/etc/ttys</filename> File</title>
- <para>The default configuration of FreeBSD will start up with
- eight virtual consoles. This is not a hardwired setting
- though, and you can easily customize your installation to boot
- with more or fewer virtual consoles. The number and settings
- of the virtual consoles are configured in the
- <filename>/etc/ttys</filename> file.</para>
-
- <para>You can use the <filename>/etc/ttys</filename> file to
- configure the virtual consoles of FreeBSD. Each uncommented
- line in this file (lines that do not start with a
- <literal>#</literal> character) contains settings for a single
- terminal or virtual console. The default version of this file
- that ships with FreeBSD configures nine virtual consoles, and
- enables eight of them. They are the lines that start with
- <literal>ttyv</literal>:</para>
+ <para>By default, &os; is configured to start eight virtual
+ consoles. The configuration can be customized to start
+ more or fewer virtual consoles. To change the number of and
+ the settings of the virtual consoles, edit
+ <filename>/etc/ttys</filename>.</para>
+
+ <para>Each uncommented line in <filename>/etc/ttys</filename>
+ (lines that do not start with a <literal>#</literal>
+ character) contains settings for a single terminal or virtual
+ console. The default version configures nine virtual
+ consoles, and enables eight of them. They are the lines that
+ start with <literal>ttyv</literal>:</para>
- <programlisting># name getty type status comments
+ <programlisting># name getty type status comments
#
ttyv0 "/usr/libexec/getty Pc" cons25 on secure
# Virtual terminals
@@ -280,73 +220,69 @@ ttyv7 "/usr/libexec/getty Pc"
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
<para>For a detailed description of every column in this file
- and all the options you can use to set things up for the
- virtual consoles, consult the &man.ttys.5; manual page.</para>
+ and the available options for the virtual consoles, refer to
+ &man.ttys.5;.</para>
</sect2>
<sect2 id="consoles-singleuser">
<title>Single User Mode Console</title>
- <para>A detailed description of what
- <quote>single user mode</quote> is can be found in
- <xref linkend="boot-singleuser"/>. It is worth noting that
- there is only one console when you are running FreeBSD in
- single user mode. There are no virtual consoles available.
- The settings of the single user mode console can also be found
- in the <filename>/etc/ttys</filename> file. Look for the line
- that starts with <literal>console</literal>:</para>
+ <para>A detailed description of <quote>single user mode</quote>
+ can be found <link linkend="boot-singleuser">here</link>.
+ There is only one console when &os; is in single user mode as
+ no other virtual consoles are available in this mode. The
+ settings for single user mode are found in this section of
+ <filename>/etc/ttys</filename>:</para>
- <programlisting># name getty type status comments
+ <programlisting># name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
-console none unknown off secure</programlisting>
+console none unknown off secure</programlisting>
<note>
<para>As the comments above the <literal>console</literal>
- line indicate, you can edit this line and change
- <literal>secure</literal> to <literal>insecure</literal>.
- If you do that, when FreeBSD boots into single user mode, it
- will still ask for the <username>root</username>
- password.</para>
+ line indicate, editing <literal>secure</literal> to
+ <literal>insecure</literal> will prompt for the
+ <username>root</username> password when booting into single
+ user mode. The default setting enters single user mode
+ without prompting for a password.</para>
- <para><emphasis>Be careful when changing this to
+ <para><emphasis>Be careful when changing this setting to
<literal>insecure</literal></emphasis>. If you ever
forget the <username>root</username> password, booting into
- single user mode is a bit involved. It is still possible,
- but it might be a bit hard for someone who is not very
- comfortable with the FreeBSD booting process and the
- programs involved.</para>
+ single user mode is still possible, but may be difficult for
+ someone who is not comfortable with the &os; booting
+ process.</para>
</note>
</sect2>
<sect2 id="consoles-vidcontrol">
<title>Changing Console Video Modes</title>
- <para>The FreeBSD console default video mode may be adjusted to
- 1024x768, 1280x1024, or any other size supported by your
+ <para>The &os; console default video mode may be adjusted to
+ 1024x768, 1280x1024, or any other size supported by the
graphics chip and monitor. To use a different video mode
load the <literal>VESA</literal> module:</para>
<screen>&prompt.root; <userinput>kldload vesa</userinput></screen>
- <para>Then determine what video modes are supported
- by your hardware by using &man.vidcontrol.1;. To
- get a list of supported video modes issue the
- following:</para>
+ <para>To determine which video modes are supported by the
+ hardware, use &man.vidcontrol.1;. To get a list of supported
+ video modes issue the following:</para>
<screen>&prompt.root; <userinput>vidcontrol -i mode</userinput></screen>
- <para>The output of this command is a list of video modes that
- are supported by your hardware. You can then choose to use a
- new video mode by passing it to &man.vidcontrol.1; in a
- <username>root</username> console:</para>
+ <para>The output of this command lists the video modes that
+ are supported by the hardware. To select a new video mode,
+ specify the mode using &man.vidcontrol.1; as the
+ <username>root</username> user:</para>
<screen>&prompt.root; <userinput>vidcontrol MODE_279</userinput></screen>
<para>If the new video mode is acceptable, it can be permanently
- set on boot by setting it in the
- <filename>/etc/rc.conf</filename> file:</para>
+ set on boot by adding it to
+ <filename>/etc/rc.conf</filename>:</para>
<programlisting>allscreens_flags="MODE_279"</programlisting>
</sect2>
@@ -357,13 +293,13 @@ console none
<indexterm><primary>UNIX</primary></indexterm>
- <para>FreeBSD, being a direct descendant of BSD &unix;, is based
+ <para>&os;, being a direct descendant of BSD &unix;, is based
on several key &unix; concepts. The first and most pronounced
- is that FreeBSD is a multi-user operating system. The system
- can handle several users all working simultaneously on
- completely unrelated tasks. The system is responsible for
- properly sharing and managing requests for hardware devices,
- peripherals, memory, and CPU time fairly to each user.</para>
+ is that &os; is a multi-user operating system that can handle
+ several users working simultaneously on completely unrelated
+ tasks. The system is responsible for properly sharing and
+ managing requests for hardware devices, peripherals, memory, and
+ CPU time fairly to each user.</para>
<para>Because the system is capable of supporting multiple users,
everything the system manages has a set of permissions governing
@@ -443,69 +379,59 @@ console none
</indexterm>
<indexterm><primary>directories</primary></indexterm>
- <para>You can use the <option>-l</option> command line
- argument to &man.ls.1; to view a long directory listing that
- includes a column with information about a file's permissions
- for the owner, group, and everyone else. For example, a
- <command>ls -l</command> in an arbitrary directory may
- show:</para>
+ <para>Use the <option>-l</option> argument to &man.ls.1; to view a
+ long directory listing that includes a column of information
+ about a file's permissions for the owner, group, and everyone
+ else. For example, a <command>ls -l</command> in an arbitrary
+ directory may show:</para>
<screen>&prompt.user; <userinput>ls -l</userinput>
total 530
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile
--rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt
-...</screen>
+-rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt</screen>
- <para>Here is how the first column of <command>ls -l</command> is
- broken up:</para>
-
- <screen>-rw-r--r--</screen>
-
- <para>The first (leftmost) character tells if this file is a
- regular file, a directory, a special character device, a socket,
- or any other special pseudo-file device. In this case, the
- <literal>-</literal> indicates a regular file. The next three
- characters, <literal>rw-</literal> in this example, give the
- permissions for the owner of the file. The next three
- characters, <literal>r--</literal>, give the permissions for the
- group that the file belongs to. The final three characters,
- <literal>r--</literal>, give the permissions for the rest of the
- world. A dash means that the permission is turned off. In the
- case of this file, the permissions are set so the owner can read
- and write to the file, the group can read the file, and the rest
- of the world can only read the file. According to the table
- above, the permissions for this file would be
- <literal>644</literal>, where each digit represents the three
- parts of the file's permission.</para>
-
- <para>This is all well and good, but how does the system control
- permissions on devices? FreeBSD actually treats most hardware
- devices as a file that programs can open, read, and write data
- to just like any other file. These special device files are
- stored on the <filename>/dev</filename> directory.</para>
+ <para>The first (leftmost) character in the first column indicates
+ whether this file is a regular file, a directory, a special
+ character device, a socket, or any other special pseudo-file
+ device. In this example, the <literal>-</literal> indicates a
+ regular file. The next three characters, <literal>rw-</literal>
+ in this example, give the permissions for the owner of the file.
+ The next three characters, <literal>r--</literal>, give the
+ permissions for the group that the file belongs to. The final
+ three characters, <literal>r--</literal>, give the permissions
+ for the rest of the world. A dash means that the permission is
+ turned off. In this example, the permissions are set so the
+ owner can read and write to the file, the group can read the
+ file, and the rest of the world can only read the file.
+ According to the table above, the permissions for this file
+ would be <literal>644</literal>, where each digit represents the
+ three parts of the file's permission.</para>
+
+ <para>How does the system control permissions on devices? &os;
+ treats most hardware devices as a file that programs can open,
+ read, and write data to. These special device files are
+ stored in <filename class="directory">/dev/</filename>.</para>
<para>Directories are also treated as files. They have read,
write, and execute permissions. The executable bit for a
directory has a slightly different meaning than that of files.
- When a directory is marked executable, it means it can be
- traversed into, that is, it is possible to <quote>cd</quote>
- (change directory) into it. This also means that within the
- directory it is possible to access files whose names are known
- (subject, of course, to the permissions on the files
- themselves).</para>
-
- <para>In particular, in order to perform a directory listing, read
- permission must be set on the directory, whilst to delete a file
- that one knows the name of, it is necessary to have write
+ When a directory is marked executable, it means it is possible
+ to change into that directory using
+ <application>cd</application>. This also means that it is
+ possible to access the files within that directory, subject to
+ the permissions on the files themselves.</para>
+
+ <para>In order to perform a directory listing, the read permission
+ must be set on the directory. In order to delete a file that
+ one knows the name of, it is necessary to have write
<emphasis>and</emphasis> execute permissions to the directory
containing the file.</para>
<para>There are more permission bits, but they are primarily used
in special circumstances such as setuid binaries and sticky
- directories. If you want more information on file permissions
- and how to set them, be sure to look at the &man.chmod.1; manual
- page.</para>
+ directories. For more information on file permissions and how
+ to set them, refer to &man.chmod.1;.</para>
<sect2>
<sect2info>
@@ -525,11 +451,11 @@ total 530
<secondary>symbolic</secondary>
</indexterm>
- <para>Symbolic permissions, sometimes referred to as symbolic
- expressions, use characters in place of octal values to assign
- permissions to files or directories. Symbolic expressions use
- the syntax of (who) (action) (permissions), where the
- following values are available:</para>
+ <para>Symbolic permissions use characters instead of octal
+ values to assign permissions to files or directories.
+ Symbolic permissions use the syntax of (who) (action)
+ (permissions), where the following values are
+ available:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="3">
@@ -617,18 +543,18 @@ total 530
</tgroup>
</informaltable>
- <para>These values are used with the &man.chmod.1; command
- just like before, but with letters. For an example, you could
- use the following command to block other users from accessing
+ <para>These values are used with &man.chmod.1;, but with
+ letters instead of numbers. For example, the following
+ command would block other users from accessing
<replaceable>FILE</replaceable>:</para>
<screen>&prompt.user; <userinput>chmod go= FILE</userinput></screen>
<para>A comma separated list can be provided when more than one
- set of changes to a file must be made. For example the
- following command will remove the group and
+ set of changes to a file must be made. For example, the
+ following command removes the group and
<quote>world</quote> write permission on
- <replaceable>FILE</replaceable>, then it adds the execute
+ <replaceable>FILE</replaceable>, and adds the execute
permissions for everyone:</para>
<screen>&prompt.user; <userinput>chmod go-w,a+x <replaceable>FILE</replaceable></userinput></screen>
@@ -653,43 +579,37 @@ total 530
<title>&os; File Flags</title>
- <para>In addition to file permissions discussed previously, &os;
- supports the use of <quote>file flags.</quote> These flags add
- an additional level of security and control over files, but
- not directories.</para>
-
- <para>These file flags add an additional level of control over
- files, helping to ensure that in some cases not even the
- <username>root</username> can remove or alter files.</para>
-
- <para>File flags are altered by using the &man.chflags.1;
- utility, using a simple interface. For example, to enable the
- system undeletable flag on the file
+ <para>In addition to file permissions, &os; supports the use of
+ <quote>file flags</quote>. These flags add an additional
+ level of security and control over files, but not
+ directories. With file flags, even
+ <username>root</username> can be prevented from removing or
+ altering files.</para>
+
+ <para>File flags are modified using &man.chflags.1;. For
+ example, to enable the system undeletable flag on the file
<filename>file1</filename>, issue the following
command:</para>
<screen>&prompt.root; <userinput>chflags sunlink <filename>file1</filename></userinput></screen>
- <para>And to disable the system undeletable flag,
- issue the previous command with <quote>no</quote> in
- front of the <option>sunlink</option>. Observe:</para>
+ <para>To disable the system undeletable flag, put a
+ <quote>no</quote> in front of the
+ <option>sunlink</option>:</para>
<screen>&prompt.root; <userinput>chflags nosunlink <filename>file1</filename></userinput></screen>
- <para>To view the flags of this file, use the &man.ls.1; command
- with the <option>-lo</option> flags:</para>
+ <para>To view the flags of a file, use <option>-lo</option> with
+ &man.ls.1;:</para>
<screen>&prompt.root; <userinput>ls -lo <filename>file1</filename></userinput></screen>
- <para>The output should look like the following:</para>
-
<programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting>
- <para>Several flags may only added or removed to files by the
+ <para>Several file flags may only added or removed by the
<username>root</username> user. In other cases, the file
- owner may set these flags. It is recommended that
- administrators read over the &man.chflags.1; and
- &man.chflags.2; manual pages for more information.</para>
+ owner may set its file flags. Refer to &man.chflags.1; and
+ &man.chflags.2; for more information.</para>
</sect2>
<sect2>
@@ -709,56 +629,54 @@ total 530
<para>Other than the permissions already discussed, there are
three other specific settings that all administrators should
know about. They are the <literal>setuid</literal>,
- <literal>setgid</literal> and <literal>sticky</literal>
+ <literal>setgid</literal>, and <literal>sticky</literal>
permissions.</para>
<para>These settings are important for some &unix; operations
as they provide functionality not normally granted to normal
users. To understand them, the difference between the real
- user ID and effective user ID must also be noted.</para>
+ user ID and effective user ID must be noted.</para>
<para>The real user ID is the <acronym>UID</acronym> who owns
or starts the process. The effective <acronym>UID</acronym>
- is the user ID the process runs as. As an example, the
- &man.passwd.1; utility runs with the real user ID as the
- user changing their password; however, to manipulate the
- password database, it runs as the effective ID of the
- <username>root</username> user. This is what allows normal
- users to change their passwords without seeing a
+ is the user ID the process runs as. As an example,
+ &man.passwd.1; runs with the real user ID when a user changes
+ their password. However, in order to update the password
+ database, the command runs as the effective ID of the
+ <username>root</username> user. This allows users to change
+ their passwords without seeing a
<errorname>Permission Denied</errorname> error.</para>
- <note>
- <para>The <literal>nosuid</literal> &man.mount.8; option will
- cause these binaries to silently fail. That is, they will
- fail to execute without ever alerting the user. That option
- is also not completely reliable as a
- <literal>nosuid</literal> wrapper may be able to circumvent
- it; according to the &man.mount.8; manual page.</para>
- </note>
-
<para>The setuid permission may be set by prefixing a permission
set with the number four (4) as shown in the following
example:</para>
<screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen>
- <para>The permissions on the
+ <para>The permissions on
<filename><replaceable>suidexample.sh</replaceable></filename>
- file should now look like the following:</para>
+ now look like the following:</para>
<programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting>
- <para>It should be noticeable from this example that an
- <literal>s</literal> is now part of the permission set
- designated for the file owner, replacing the executable
- bit. This allows utilities which need elevated permissions,
- such as <command>passwd</command>.</para>
+ <para>Note that a <literal>s</literal> is now part of the
+ permission set designated for the file owner, replacing the
+ executable bit. This allows utilities which need elevated
+ permissions, such as <command>passwd</command>.</para>
+
+ <note>
+ <para>The <literal>nosuid</literal> &man.mount.8; option will
+ cause such binaries to silently fail without alerting
+ the user. That option is not completely reliable as a
+ <literal>nosuid</literal> wrapper may be able to circumvent
+ it.</para>
+ </note>
<para>To view this in real time, open two terminals. On
one, start the <command>passwd</command> process as a normal
user. While it waits for a new password, check the process
- table and look at the user information of the
- <command>passwd</command> command.</para>
+ table and look at the user information for
+ <command>passwd</command>:</para>
<para>In terminal A:</para>
@@ -779,17 +697,17 @@ root 5211 0.0 0.2 3620 1724 2
<para>The <literal>setgid</literal> permission performs the
same function as the <literal>setuid</literal> permission;
except that it alters the group settings. When an application
- or utility is ran with this setting, it will be granted the
- permissions based on the group that owns the file, not
- the user who started the process.</para>
+ or utility executes with this setting, it will be granted the
+ permissions based on the group that owns the file, not the
+ user who started the process.</para>
<para>To set the <literal>setgid</literal> permission on a
- file, provide the <command>chmod</command> command with a
- leading two (2) as in the following example:</para>
+ file, provide <command>chmod</command> with a leading two
+ (2):</para>
<screen>&prompt.root; <userinput>chmod 2755 sgidexample.sh</userinput></screen>
- <para>The new setting may be viewed as before, notice the
+ <para>In the following listing, notice that the
<literal>s</literal> is now in the field designated for the
group permission settings:</para>
@@ -803,33 +721,29 @@ root 5211 0.0 0.2 3620 1724 2
&man.setuid.2; system calls.</para>
</note>
- <para>The first two special permission bits we discussed
- (the <literal>setuid</literal> and <literal>setgid</literal>
- permission bits) may lower system security, by allowing for
- elevated permissions. There is a third special permission bit
- that can strengthen the security of a system: the
- <literal>sticky bit</literal>.</para>
-
- <para>The <literal>sticky bit</literal>, when set on a
- directory, allows file deletion only by the file owner. This
- permission set is useful to prevent file deletion in public
- directories, such as
- <filename class="directory">/tmp</filename>, by users who do
- not own the file. To utilize this permission, prefix the
- permission with a one (1). For example:</para>
+ <para>The <literal>setuid</literal> and
+ <literal>setgid</literal> permission bits may lower system
+ security, by allowing for elevated permissions. The third
+ special permission, the <literal>sticky bit</literal>, can
+ strengthen the security of a system.</para>
+
+ <para>When the <literal>sticky bit</literal> is set on a
+ directory, it allows file deletion only by the file owner.
+ This is useful to prevent file deletion in public directories,
+ such as <filename class="directory">/tmp</filename>, by users
+ who do not own the file. To utilize this permission, prefix
+ the permission set with a one (1):</para>
<screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen>
- <para>Now, it is possible to see the effect by using the
- <command>ls</command> command:</para>
+ <para>The <literal>sticky bit</literal> permission will display
+ as a <literal>t</literal> at the very end of the permission
+ set:</para>
<screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen>
<screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen>
- <para>The <literal>sticky bit</literal> permission is
- distinguishable from the <literal>t</literal> at the very
- end of the set.</para>
</sect2>
</sect1>
@@ -838,35 +752,35 @@ root 5211 0.0 0.2 3620 1724 2
<indexterm><primary>directory hierarchy</primary></indexterm>
- <para>The FreeBSD directory hierarchy is fundamental to obtaining
+ <para>The &os; directory hierarchy is fundamental to obtaining
an overall understanding of the system. The most important
- concept to grasp is that of the root directory,
- <quote>/</quote>. This directory is the first one mounted at
- boot time and it contains the base system necessary to prepare
- the operating system for multi-user operation. The root
- directory also contains mount points for other file systems that
- are mounted during the transition to multi-user
- operation.</para>
+ directory is root or, <quote>/</quote>. This directory is the
+ first one mounted at boot time and it contains the base system
+ necessary to prepare the operating system for multi-user
+ operation. The root directory also contains mount points for
+ other file systems that are mounted during the transition to
+ multi-user operation.</para>
<para>A mount point is a directory where additional file systems
can be grafted onto a parent file system (usually the root file
- system). This is further described in
- <xref linkend="disk-organization"/>. Standard mount points
- include <filename>/usr</filename>, <filename>/var</filename>,
- <filename>/tmp</filename>, <filename>/mnt</filename>, and
- <filename>/cdrom</filename>. These directories are usually
- referenced to entries in the file
- <filename>/etc/fstab</filename>.
- <filename>/etc/fstab</filename> is a table of various file
- systems and mount points for reference by the system. Most of
- the file systems in <filename>/etc/fstab</filename> are mounted
- automatically at boot time from the script &man.rc.8; unless
- they contain the <option>noauto</option> option. Details can be
- found in <xref linkend="disks-fstab"/>.</para>
+ system). This is further described in <xref
+ linkend="disk-organization"/>. Standard mount points
+ include <filename class="directory">/usr/</filename>,
+ <filename class="directory">/var/</filename>,
+ <filename class="directory">/tmp/</filename>,
+ <filename class="directory">/mnt/</filename>, and
+ <filename class="directory">/cdrom/</filename>. These
+ directories are usually referenced to entries in
+ <filename>/etc/fstab</filename>. This file is a table of
+ various file systems and mount points and is read by the system.
+ Most of the file systems in <filename>/etc/fstab</filename> are
+ mounted automatically at boot time from the script &man.rc.8;
+ unless their entry includes <option>noauto</option>. Details
+ can be found in <xref linkend="disks-fstab"/>.</para>
<para>A complete description of the file system hierarchy is
- available in &man.hier.7;. For now, a brief overview of the
- most common directories will suffice.</para>
+ available in &man.hier.7;. The following table provides a brief
+ overview of the most common directories.</para>
<para>
<informaltable frame="none" pgwide="1">
@@ -900,14 +814,15 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/boot/defaults/</filename></entry>
- <entry>Default bootstrapping configuration files; see
- &man.loader.conf.5;.</entry>
+ <entry>Default boot configuration files. Refer to
+ &man.loader.conf.5; for details.</entry>
</row>
<row>
<entry><filename
class="directory">/dev/</filename></entry>
- <entry>Device nodes; see &man.intro.4;.</entry>
+ <entry>Device nodes. Refer to &man.intro.4; for
+ details.</entry>
</row>
<row>
@@ -919,8 +834,8 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/etc/defaults/</filename></entry>
- <entry>Default system configuration files; see
- &man.rc.8;.</entry>
+ <entry>Default system configuration files. Refer to
+ &man.rc.8; for details.</entry>
</row>
<row>
@@ -933,22 +848,23 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/etc/namedb/</filename></entry>
- <entry><command>named</command> configuration files; see
- &man.named.8;.</entry>
+ <entry><command>named</command> configuration files.
+ Refer to &man.named.8; for details.</entry>
</row>
<row>
<entry><filename
class="directory">/etc/periodic/</filename></entry>
- <entry>Scripts that are run daily, weekly, and monthly,
- via &man.cron.8;; see &man.periodic.8;.</entry>
+ <entry>Scripts that run daily, weekly, and monthly,
+ via &man.cron.8;. Refer to &man.periodic.8; for
+ details.</entry>
</row>
<row>
<entry><filename
class="directory">/etc/ppp/</filename></entry>
- <entry><command>ppp</command> configuration files; see
- &man.ppp.8;.</entry>
+ <entry><command>ppp</command> configuration files as
+ described in &man.ppp.8;.</entry>
</row>
<row>
@@ -961,15 +877,15 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/proc/</filename></entry>
- <entry>Process file system; see &man.procfs.5;,
- &man.mount.procfs.8;.</entry>
+ <entry>Process file system. Refer to &man.procfs.5;,
+ &man.mount.procfs.8; for details.</entry>
</row>
<row>
<entry><filename
class="directory">/rescue/</filename></entry>
<entry>Statically linked programs for emergency
- recovery; see &man.rescue.8;.</entry>
+ recovery as described in &man.rescue.8;.</entry>
</row>
<row>
@@ -990,15 +906,14 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/tmp/</filename></entry>
- <entry>Temporary files. The contents of
- <filename class="directory">/tmp</filename> are
- usually NOT preserved across a system reboot. A
- memory-based file system is often mounted at
- <filename class="directory">/tmp</filename>. This can
- be automated using the tmpmfs-related variables of
- &man.rc.conf.5; (or with an entry in
- <filename>/etc/fstab</filename>; see
- &man.mdmfs.8;).</entry>
+ <entry>Temporary files which are usually
+ <emphasis>not</emphasis> preserved across a system
+ reboot. A memory-based file system is often mounted
+ at <filename class="directory">/tmp</filename>. This
+ can be automated using the tmpmfs-related variables of
+ &man.rc.conf.5; or with an entry in
+ <filename>/etc/fstab</filename>; refer to
+ &man.mdmfs.8; for details.</entry>
</row>
<row>
@@ -1037,15 +952,15 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/usr/libexec/</filename></entry>
- <entry>System daemons & system utilities (executed
- by other programs).</entry>
+ <entry>System daemons and system utilities executed
+ by other programs.</entry>
</row>
<row>
<entry><filename
class="directory">/usr/local/</filename></entry>
- <entry>Local executables, libraries, etc. Also used as
- the default destination for the FreeBSD ports
+ <entry>Local executables and libraries. Also used as
+ the default destination for the &os; ports
framework. Within <filename>/usr/local</filename>,
the general layout sketched out by &man.hier.7; for
<filename>/usr</filename> should be used. Exceptions
@@ -1067,14 +982,14 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
class="directory">/usr/ports/</filename></entry>
- <entry>The FreeBSD Ports Collection (optional).</entry>
+ <entry>The &os; Ports Collection (optional).</entry>
</row>
<row>
<entry><filename
class="directory">/usr/sbin/</filename></entry>
- <entry>System daemons & system utilities (executed
- by users).</entry>
+ <entry>System daemons and system utilities executed
+ by users.</entry>
</row>
<row>
@@ -1091,22 +1006,15 @@ root 5211 0.0 0.2 3620 1724 2
<row>
<entry><filename
- class="directory">/usr/X11R6/</filename></entry>
- <entry>X11R6 distribution executables, libraries, etc
- (optional).</entry>
- </row>
-
- <row>
- <entry><filename
class="directory">/var/</filename></entry>
<entry>Multi-purpose log, temporary, transient, and
spool files. A memory-based file system is sometimes
- mounted at
- <filename class="directory">/var</filename>. This can
- be automated using the varmfs-related variables of
- &man.rc.conf.5; (or with an entry in
- <filename>/etc/fstab</filename>; see
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list