svn commit: r41024 - head/en_US.ISO8859-1/books/handbook/users

Dru Lavigne dru at FreeBSD.org
Thu Feb 21 14:06:06 UTC 2013


Author: dru
Date: Thu Feb 21 14:06:06 2013
New Revision: 41024
URL: http://svnweb.freebsd.org/changeset/doc/41024

Log:
  Initial content fix. This patch addresses the following:
  
  - &os;
  
  - rewording "you" with some tightening and clarifying
  
  - fix xref, acronym, and directory tags
  
  - changed 14.3-14.5 from sect2 to sect3--this may benefit from a beginning section 2 (e.g. Type of Accounts) to take it out of the intro
  
  Approved by:  bcr (mentor)

Modified:
  head/en_US.ISO8859-1/books/handbook/users/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/users/chapter.xml	Wed Feb 20 19:00:52 2013	(r41023)
+++ head/en_US.ISO8859-1/books/handbook/users/chapter.xml	Thu Feb 21 14:06:06 2013	(r41024)
@@ -22,39 +22,32 @@
   <sect1 id="users-synopsis">
     <title>Synopsis</title>
 
-    <para>FreeBSD allows multiple users to use the computer at the
-      same time.  Obviously, only one of those users can be sitting in
-      front of the screen and keyboard at any one time
-      <footnote><para>Well, unless you hook up multiple terminals, but
-	  we will save that for <xref linkend="serialcomms"/>.</para>
-	</footnote>, but any number of users can log in through the
-	network to get their work done.  To use the system every user
-	must have an account.</para>
+    <para>&os; allows multiple users to use the computer at the same
+      time.  While only one user can sit in front of the screen and
+      use the keyboard at any one time, any number of users can log
+      in to the system through the network.  To use the system, every
+      user must have a user account.</para>
 
     <para>After reading this chapter, you will know:</para>
 
     <itemizedlist>
       <listitem>
 	<para>The differences between the various user accounts on a
-	  FreeBSD system.</para>
+	  &os; system.</para>
       </listitem>
 
       <listitem>
-	<para>How to add user accounts.</para>
-      </listitem>
-
-      <listitem>
-	<para>How to remove user accounts.</para>
+	<para>How to add and remove user accounts.</para>
       </listitem>
 
       <listitem>
 	<para>How to change account details, such as the user's full
-	  name, or preferred shell.</para>
+	  name or preferred shell.</para>
       </listitem>
 
       <listitem>
-	<para>How to set limits on a per-account basis, to control the
-	  resources such as memory and CPU time that accounts and
+	<para>How to set limits on a per-account basis to control the
+	  resources, such as memory and CPU time, that accounts and
 	  groups of accounts are allowed to access.</para>
       </listitem>
 
@@ -68,8 +61,8 @@
 
     <itemizedlist>
       <listitem>
-	<para>Understand the basics of &unix; and FreeBSD (<xref
-	    linkend="basics"/>).</para>
+	<para>Understand the <link linkend="basics">basics of &unix;
+	    and &os;</link>.</para>
       </listitem>
     </itemizedlist>
   </sect1>
@@ -77,11 +70,11 @@
   <sect1 id="users-introduction">
     <title>Introduction</title>
 
-    <para>All access to the system is achieved via accounts, and all
-      processes are run by users, so user and account management are
-      of integral importance on FreeBSD systems.</para>
+    <para>Since all access to the &os; system is achieved via accounts
+      and all processes are run by users, user and account management
+      is important.</para>
 
-    <para>Every account on a FreeBSD system has certain information
+    <para>Every account on a &os; system has certain information
       associated with it to identify the account.</para>
 
     <variablelist>
@@ -89,13 +82,13 @@
 	<term>User name</term>
 
 	<listitem>
-	  <para>The user name as it would be typed at the
-	    <prompt>login:</prompt> prompt.  User names must be unique
-	    across the computer; you may not have two users with the
-	    same user name.  There are a number of rules for creating
-	    valid user names, documented in &man.passwd.5;; you would
-	    typically use user names that consist of eight or fewer
-	    all lower case characters.</para>
+	  <para>The user name is typed at the <prompt>login:</prompt>
+	    prompt.  User names must be unique on the system as no two
+	    users can have the same user name.  There are a number of
+	    rules for creating valid user names, documented in
+	    &man.passwd.5;.  Typically user names consist of eight or
+	    fewer all lower case characters in order to maintain
+	    backwards compatibility with applications.</para>
 	</listitem>
       </varlistentry>
 
@@ -103,47 +96,48 @@
 	<term>Password</term>
 
 	<listitem>
-	  <para>Each account has a password associated with it.  The
-	    password may be blank, in which case no password will be
-	    required to access the system.  This is normally a very
-	    bad idea; every account should have a password.</para>
+	  <para>Each account has an associated password.  While the
+	    password can be blank, this is highly discouraged and
+	    every account should have a password.</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>User ID (UID)</term>
+	<term>User ID (<acronym>UID</acronym>)</term>
 
 	<listitem>
-	  <para>The UID is a number, traditionally from 0 to
-	    65535<footnote id="users-largeuidgid">
-	      <para>It is possible to use UID/GIDs as large as
-		4294967295, but such IDs can cause serious problems
-		with software that makes assumptions about the values
-		of IDs.</para>
+	  <para>The User ID (<acronym>UID</acronym>) is a number,
+	    traditionally from 0 to 65535<footnote
+	      id="users-largeuidgid">
+	      <para>It is possible to use
+		<acronym>UID</acronym>s/<acronym>GID</acronym>s as
+		large as 4294967295, but such IDs can cause serious
+		problems with software that makes assumptions about
+		the values of IDs.</para>
 	      </footnote>, used to uniquely identify the user to the
-		system.  Internally, FreeBSD uses the UID to
-		identify users—any FreeBSD commands that allow
-		you to specify a user name will convert it to the UID
-		before working with it.  This means that you can have
-		several accounts with different user names but the
-		same UID.  As far as FreeBSD is concerned these
-		accounts are one user.  It is unlikely you will ever
-		need to do this.</para>
+	    system.  Internally, &os; uses the
+	    <acronym>UID</acronym> to identify users.  Commands that
+	    allow a user name to be specified will first convert it to
+	    the <acronym>UID</acronym>.  Though unlikely, it is
+	    possible for several accounts with different user names to
+	    share the same <acronym>UID</acronym>.  As far as &os; is
+	    concerned, these accounts are one user.</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>Group ID (GID)</term>
+	<term>Group ID (<acronym>GID</acronym>)</term>
 
 	<listitem>
-	  <para>The GID is a number, traditionally from 0 to
-	    65535<footnoteref linkend="users-largeuidgid"/>, used to
-	    uniquely identify the primary group that the user belongs
-	    to.  Groups are a mechanism for controlling access to
-	    resources based on a user's GID rather than their UID.
-	    This can significantly reduce the size of some
-	    configuration files.  A user may also be in more than one
-	    group.</para>
+	  <para>The Group ID (<acronym>GID</acronym>) is a number,
+	    traditionally from 0 to 65535<footnoteref
+	      linkend="users-largeuidgid"/>, used to uniquely identify
+	    the primary group that the user belongs to.  Groups are a
+	    mechanism for controlling access to resources based on a
+	    user's <acronym>GID</acronym> rather than their
+	    <acronym>UID</acronym>.  This can significantly reduce the
+	    size of some configuration files.  A user may also be a
+	    member of more than one group.</para>
 	</listitem>
       </varlistentry>
 
@@ -161,10 +155,10 @@
 	<term>Password change time</term>
 
 	<listitem>
-	  <para>By default FreeBSD does not force users to change
-	    their passwords periodically.  You can enforce this on a
-	    per-user basis, forcing some or all of your users to
-	    change their passwords after a certain amount of time has
+	  <para>By default &os; does not force users to change their
+	    passwords periodically.  This can be enforced on a
+	    per-user basis, forcing some or all users to change their
+	    passwords after a certain amount of time has
 	    elapsed.</para>
 	</listitem>
       </varlistentry>
@@ -173,11 +167,10 @@
 	<term>Account expiry time</term>
 
 	<listitem>
-	  <para>By default FreeBSD does not expire accounts.  If you
-	    are creating accounts that you know have a limited
-	    lifespan, for example, in a school where you have accounts
-	    for the students, then you can specify when the account
-	    expires.  After the expiry time has elapsed the account
+	  <para>By default &os; does not expire accounts.  When
+	    creating accounts that need a limited lifespan, such as
+	    student accounts in a school, specify the account expiry
+	    date.  After the expiry time has elapsed, the account
 	    cannot be used to log in to the system, although the
 	    account's directories and files will remain.</para>
 	</listitem>
@@ -187,9 +180,9 @@
 	<term>User's full name</term>
 
 	<listitem>
-	  <para>The user name uniquely identifies the account to
-	    FreeBSD, but does not necessarily reflect the user's real
-	    name.  This information can be associated with the
+	  <para>The user name uniquely identifies the account to &os;,
+	    but does not necessarily reflect the user's real name.
+	    This information can be associated with the
 	    account.</para>
 	</listitem>
       </varlistentry>
@@ -199,15 +192,14 @@
 
 	<listitem>
 	  <para>The home directory is the full path to a directory on
-	    the system in which the user will start when logging on to
-	    the system.  A common convention is to put all user home
-	    directories under
-	    <filename>/home/<replaceable>username</replaceable></filename>
-	    or
-	    <filename>/usr/home/<replaceable>username</replaceable></filename>.
-	    The user would store their personal files in their home
-	    directory, and any directories they may create in
-	    there.</para>
+	    the system.  This is the user's starting directory when
+	    the user logs in.  A common convention is to put all user
+	    home directories under <filename
+	      class="directory">/home/<replaceable>username</replaceable></filename>
+	    or <filename
+	      class="directory">/usr/home/<replaceable>username</replaceable></filename>.
+	    Each user stores their personal files and subdirectories
+	    in their own home directory.</para>
 	</listitem>
       </varlistentry>
 
@@ -225,105 +217,105 @@
     </variablelist>
 
     <para>There are three main types of accounts: the <link
-	linkend="users-superuser">Superuser</link>, <link
-	linkend="users-system">system users</link>, and <link
-	linkend="users-user">user accounts</link>.  The Superuser
+	linkend="users-superuser">superuser</link>, <link
+	linkend="users-system">system accounts</link>, and <link
+	linkend="users-user">user accounts</link>.  The superuser
       account, usually called <username>root</username>, is used to
       manage the system with no limitations on privileges.  System
-      users run services.  Finally, user accounts are used by real
-      people, who log on, read mail, and so forth.</para>
-  </sect1>
+      accounts are used to run services.  User accounts are
+      assigned to real people and are used to log in and use the
+      system.</para>
 
-  <sect1 id="users-superuser">
-    <title>The Superuser Account</title>
+    <sect2 id="users-superuser">
+      <title>The Superuser Account</title>
 
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary>superuser (root)</secondary>
-    </indexterm>
-    <para>The superuser account, usually called
-      <username>root</username>, comes preconfigured to facilitate
-      system administration, and should not be used for day-to-day
-      tasks like sending and receiving mail, general exploration of
-      the system, or programming.</para>
-
-    <para>This is because the superuser, unlike normal user accounts,
-      can operate without limits, and misuse of the superuser account
-      may result in spectacular disasters.  User accounts are unable
-      to destroy the system by mistake, so it is generally best to use
-      normal user accounts whenever possible, unless you especially
-      need the extra privilege.</para>
-
-    <para>You should always double and triple-check commands you issue
-      as the superuser, since an extra space or missing character can
-      mean irreparable data loss.</para>
-
-    <para>So, the first thing you should do after reading this
-      chapter is to create an unprivileged user account for yourself
-      for general usage if you have not already.  This applies equally
-      whether you are running a multi-user or single-user machine.
-      Later in this chapter, we discuss how to create additional
-      accounts, and how to change between the normal user and
-      superuser.</para>
-  </sect1>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary>superuser (root)</secondary>
+      </indexterm>
+      <para>The superuser account, usually called
+	<username>root</username>, is used to perform system
+	administration tasks and should not be used for day-to-day
+	tasks like sending and receiving mail, general exploration of
+	the system, or programming.</para>
+
+      <para>This is because the superuser, unlike normal user
+	accounts, can operate without limits, and misuse of the
+	superuser account may result in spectacular disasters.  User
+	accounts are unable to destroy the system by mistake, so it is
+	generally best to use normal user accounts whenever possible,
+	unless extra privilege is required.</para>
+
+      <para>Always double and triple-check any commands issued as the
+	superuser, since an extra space or missing character can mean
+	irreparable data loss.</para>
+
+      <para>Always create a user account for the system administrator
+	and use this account to log in to the system for general
+	usage.  This applies equally to multi-user or single-user
+	systems.  Later sections will discuss how to create additional
+	accounts and how to change between the normal user and
+	superuser.</para>
+    </sect2>
 
-  <sect1 id="users-system">
-    <title>System Accounts</title>
+    <sect2 id="users-system">
+      <title>System Accounts</title>
 
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary>system</secondary>
-    </indexterm>
-    <para>System users are those used to run services such as DNS,
-      mail, web servers, and so forth.  The reason for this is
-      security; if all services ran as the superuser, they could
-      act without restriction.</para>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary>system</secondary>
+      </indexterm>
+      <para>System accounts are used to run services such as DNS,
+	mail, and web servers.  The reason for this is security; if
+	all services ran as the superuser, they could act without
+	restriction.</para>
 
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary><username>daemon</username></secondary>
-    </indexterm>
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary><username>operator</username></secondary>
-    </indexterm>
-    <para>Examples of system users are <username>daemon</username>,
-      <username>operator</username>, <username>bind</username> (for
-      the Domain Name Service), <username>news</username>, and
-      <username>www</username>.</para>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary><username>daemon</username></secondary>
+      </indexterm>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary><username>operator</username></secondary>
+      </indexterm>
+      <para>Examples of system accounts are
+	<username>daemon</username>, <username>operator</username>,
+	<username>bind</username>, <username>news</username>, and
+	<username>www</username>.</para>
 
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary><username>nobody</username></secondary>
-    </indexterm>
-    <para><username>nobody</username> is the generic unprivileged
-      system user.  However, it is important to keep in mind that the
-      more services that use <username>nobody</username>, the more
-      files and processes that user will become associated with, and
-      hence the more privileged that user becomes.</para>
-  </sect1>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary><username>nobody</username></secondary>
+      </indexterm>
+      <para><username>nobody</username> is the generic unprivileged
+	system account.  However, the more services that use
+	<username>nobody</username>, the more files and processes that
+	user will become associated with, and hence the more
+	privileged that user becomes.</para>
+    </sect2>
 
-  <sect1 id="users-user">
-    <title>User Accounts</title>
+    <sect2 id="users-user">
+      <title>User Accounts</title>
 
-    <indexterm>
-      <primary>accounts</primary>
-      <secondary>user</secondary>
-    </indexterm>
-    <para>User accounts are the primary means of access for real
-      people to the system, and these accounts insulate the user and
-      the environment, preventing the users from damaging the system
-      or other users, and allowing users to customize their
-      environment without affecting others.</para>
-
-    <para>Every person accessing your system should have a unique user
-      account.  This allows you to find out who is doing what, prevent
-      people from clobbering each others' settings or reading each
-      others' mail, and so forth.</para>
-
-    <para>Each user can set up their own environment to accommodate
-      their use of the system, by using alternate shells, editors, key
-      bindings, and language.</para>
+      <indexterm>
+	<primary>accounts</primary>
+	<secondary>user</secondary>
+      </indexterm>
+      <para>User accounts are the primary means of access for real
+	people to the system.  User accounts insulate the user and
+	the environment, preventing users from damaging the system
+	or other users, and allowing users to customize their
+	environment without affecting others.</para>
+
+      <para>Every person accessing the system should have a unique
+	user account.  This allows the administrator to find out who
+	is doing what, prevents users from clobbering each others'
+	settings or reading each others' mail, and so forth.</para>
+
+      <para>Each user can set up their own environment to accommodate
+	their use of the system, by using alternate shells, editors,
+	key bindings, and language.</para>
+    </sect2>
   </sect1>
 
   <sect1 id="users-modifying">
@@ -334,10 +326,9 @@
       <secondary>modifying</secondary>
     </indexterm>
 
-    <para>There are a variety of different commands available in the
-      &unix; environment to manipulate user accounts.  The most common
-      commands are summarized below, followed by more detailed
-      examples of their usage.</para>
+    <para>&os; provides a variety of different commands to manage
+      user accounts.  The most common commands are summarized below,
+      followed by more detailed examples of their usage.</para>
 
     <informaltable frame="none" pgwide="1">
       <tgroup cols="2">
@@ -365,7 +356,7 @@
 
 	  <row>
 	    <entry>&man.chpass.1;</entry>
-	    <entry>A flexible tool to change user database
+	    <entry>A flexible tool for changing user database
 	      information.</entry>
 	  </row>
 
@@ -377,8 +368,8 @@
 
 	  <row>
 	    <entry>&man.pw.8;</entry>
-	    <entry>A powerful and flexible tool to modify all aspects
-	      of user accounts.</entry>
+	    <entry>A powerful and flexible tool for modifying all
+	      aspects of user accounts.</entry>
 	  </row>
 	</tbody>
       </tgroup>
@@ -399,14 +390,14 @@
 	  class="directory">/usr/share/skel</filename></primary>
       </indexterm>
       <indexterm><primary>skeleton directory</primary></indexterm>
-      <para>&man.adduser.8; is a simple program for
-	adding new users.  It creates entries in the system
-	<filename>passwd</filename> and <filename>group</filename>
-	files.  It will also create a home directory for the new user,
-	copy in the default configuration files
-	(<quote>dotfiles</quote>) from
-	<filename>/usr/share/skel</filename>, and can optionally mail
-	the new user a welcome message.</para>
+      <para>&man.adduser.8; is a simple program for adding new users
+	When a new user is added, this program automatically updates
+	<filename>/etc/passwd</filename> and
+	<filename>/etc/group</filename>.  It also creates a home
+	directory for the new user, copies in the default
+	configuration files from <filename
+	  class="directory">/usr/share/skel</filename>, and can
+	optionally mail the new user a welcome message.</para>
 
       <example>
 	<title>Adding a User on &os;</title>
@@ -444,9 +435,9 @@ Goodbye!
       </example>
 
       <note>
-	<para>The password you type in is not echoed, nor are
-	  asterisks displayed.  Make sure that you do not mistype the
-	  password.</para>
+	<para>Since the password is not echoed when typed, be careful
+	  to not mistype the password when creating the user
+	  account.</para>
       </note>
     </sect2>
 
@@ -459,14 +450,14 @@ Goodbye!
 	<secondary>removing</secondary>
       </indexterm>
 
-      <para>You can use &man.rmuser.8; to completely remove a user
-	from the system.  &man.rmuser.8; performs the following
+      <para>To completely remove a user from the system use
+	&man.rmuser.8;.  This command performs the following
 	steps:</para>
 
       <procedure>
 	<step>
-	  <para>Removes the user's &man.crontab.1; entry (if
-	    any).</para>
+	  <para>Removes the user's &man.crontab.1; entry if one
+	    exists.</para>
 	</step>
 
 	<step>
@@ -484,19 +475,20 @@ Goodbye!
 	</step>
 
 	<step>
-	  <para>Removes the user's home directory (if it is owned by
-	    the user).</para>
+	  <para>Removes the user's home directory, if it is owned by
+	    the user.</para>
 	</step>
 
 	<step>
 	  <para>Removes the incoming mail files belonging to the user
-	    from <filename>/var/mail</filename>.</para>
+	    from <filename
+	      class="directory">/var/mail</filename>.</para>
 	</step>
 
 	<step>
 	  <para>Removes all files owned by the user from temporary
-	    file storage areas such as
-	    <filename>/tmp</filename>.</para>
+	    file storage areas such as <filename
+	      class="directory">/tmp</filename>.</para>
 	</step>
 
 	<step>
@@ -505,7 +497,7 @@ Goodbye!
 
 	  <note>
 	    <para>If a group becomes empty and the group name is the
-	      same as the username, the group is removed; this
+	      same as the username, the group is removed.  This
 	      complements the per-user unique groups created by
 	      &man.adduser.8;.</para>
 	  </note>
@@ -513,11 +505,11 @@ Goodbye!
       </procedure>
 
       <para>&man.rmuser.8; cannot be used to remove superuser
-	accounts, since that is almost always an indication of massive
+	accounts since that is almost always an indication of massive
 	destruction.</para>
 
-      <para>By default, an interactive mode is used, which attempts to
-	make sure you know what you are doing.</para>
+      <para>By default, an interactive mode is used, as shown
+	in the following example.</para>
 
       <example>
 	<title><command>rmuser</command> Interactive Account
@@ -542,24 +534,21 @@ Removing files belonging to jru from /va
       <title><command>chpass</command></title>
 
       <indexterm><primary><command>chpass</command></primary></indexterm>
-      <para>&man.chpass.1; changes user database
+      <para>&man.chpass.1; can be used to change user database
 	information such as passwords, shells, and personal
 	information.</para>
 
-      <para>Only system administrators, as the superuser, may change
-	other users' information and passwords with
-	&man.chpass.1;.</para>
+      <para>Only the superuser can change other users' information and
+	passwords with &man.chpass.1;.</para>
 
       <para>When passed no options, aside from an optional username,
-	&man.chpass.1; displays an editor
-	containing user information.  When the user exists from the
-	editor, the user database is updated with the new
-	information.</para>
+	&man.chpass.1; displays an editor containing user information.
+	When the user exists from the editor, the user database is
+	updated with the new information.</para>
 
       <note>
-	<para>You will be asked for your password
-	  after exiting the editor if you are not the
-	  superuser.</para>
+	<para>You will be asked for your password after exiting the
+	  editor if you are not the superuser.</para>
       </note>
 
       <example>
@@ -583,8 +572,8 @@ Home Phone:
 Other information:</screen>
       </example>
 
-      <para>The normal user can change only a small subset of this
-	information, and only for themselves.</para>
+      <para>A user can change only a small subset of this
+	information, and only for their own user account.</para>
 
       <example>
 	<title>Interactive <command>chpass</command> by Normal
@@ -600,15 +589,12 @@ Other information:</screen>
       </example>
 
       <note>
-	<para>&man.chfn.1; and &man.chsh.1; are
-	  just links to &man.chpass.1;, as
-	  are &man.ypchpass.1;,
-	  &man.ypchfn.1;, and
-	  &man.ypchsh.1;.  NIS support is automatic, so
-	  specifying the <literal>yp</literal> before the command is
-	  not necessary.  If this is confusing to you, do not worry,
-	  NIS will be covered in <xref
-	    linkend="network-servers"/>.</para>
+	<para>&man.chfn.1; and &man.chsh.1; are links to
+	  &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and
+	  &man.ypchsh.1;.  <acronym>NIS</acronym> support is
+	  automatic, so specifying the <literal>yp</literal> before
+	  the command is not necessary.  How to configure NIS is
+	  covered in <link linkend="network-servers"></link>.</para>
       </note>
     </sect2>
     <sect2 id="users-passwd">
@@ -619,14 +605,15 @@ Other information:</screen>
 	<primary>accounts</primary>
 	<secondary>changing password</secondary>
       </indexterm>
-      <para>&man.passwd.1; is the usual way to
-	change your own password as a user, or another user's password
-	as the superuser.</para>
+      <para>&man.passwd.1; is the usual way to change your own
+	password as a user, or another user's password as the
+	superuser.</para>
 
       <note>
-	<para>To prevent accidental or unauthorized changes, the
-	  original password must be entered before a new password can
-	  be set.</para>
+	<para>To prevent accidental or unauthorized changes, the user
+	  must enter their original password before a new password can
+	  be set.  This is not the case when the superuser changes a
+	  user's password.</para>
       </note>
 
       <example>
@@ -654,10 +641,8 @@ passwd: done</screen>
       </example>
 
       <note>
-	<para>As with &man.chpass.1;,
-	  &man.yppasswd.1; is just a link to
-	  &man.passwd.1;, so NIS works with either
-	  command.</para>
+	<para>As with &man.chpass.1;, &man.yppasswd.1; is a link to
+	  &man.passwd.1;, so NIS works with either command.</para>
       </note>
     </sect2>
 
@@ -669,11 +654,11 @@ passwd: done</screen>
 
       <para>&man.pw.8; is a command line utility to create, remove,
 	modify, and display users and groups.  It functions as a front
-	end to the system user and group files.  &man.pw.8;
-	has a very powerful set of command line options that make it
-	suitable for use in shell scripts, but new users may find it
-	more complicated than the other commands presented
-	here.</para>
+	end to the system user and group files.  &man.pw.8; has a very
+	powerful set of command line options that make it suitable for
+	use in shell scripts, but new users may find it more
+	complicated than the other commands presented in this
+	section.</para>
     </sect2>
 
 
@@ -687,12 +672,10 @@ passwd: done</screen>
       <primary>accounts</primary>
       <secondary>limiting</secondary>
     </indexterm>
-    <para>If you have users, the ability to limit their system use may
-      have come to mind.  FreeBSD provides
-      several ways an administrator can limit the amount of system
-      resources an individual may use.  These limits are
-      divided into two sections: disk quotas, and other resource
-      limits.</para>
+    <para>&os; provides several methods for an administrator to limit
+      the amount of system resources an individual may use.  These
+      limits are discussed in two sections: disk quotas and other
+      resource limits.</para>
 
     <indexterm><primary>quotas</primary></indexterm>
     <indexterm>
@@ -700,11 +683,9 @@ passwd: done</screen>
       <secondary>quotas</secondary>
     </indexterm>
     <indexterm><primary>disk quotas</primary></indexterm>
-    <para>Disk quotas limit disk usage to users, and
-      they
-      provide a way to quickly check that usage without
-      calculating it every time.  Quotas are discussed in <xref
-	linkend="quotas"/>.</para>
+    <para>Disk quotas limit disk usage to users and provide a way to
+      quickly check that usage without calculating it every time.
+      Quotas are discussed in <link linkend="quotas"></link>.</para>
 
     <para>The other resource limits include ways to limit the amount
       of CPU, memory, and other resources a user may consume.  These
@@ -714,47 +695,45 @@ passwd: done</screen>
       <primary><filename>/etc/login.conf</filename></primary>
     </indexterm>
     <para>Login classes are defined in
-      <filename>/etc/login.conf</filename>.  The precise semantics are
-      beyond the scope of this section, but are described in detail in
-      the &man.login.conf.5; manual page.  It is sufficient to say
-      that each user is assigned to a login class
-      (<literal>default</literal> by default), and that each login
+      <filename>/etc/login.conf</filename> and are described in detail
+      in &man.login.conf.5;.  Each user account is assigned to a login
+      class, <literal>default</literal> by default, and each login
       class has a set of login capabilities associated with it.  A
       login capability is a
       <literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
       pair, where <replaceable>name</replaceable> is a well-known
       identifier and <replaceable>value</replaceable> is an arbitrary
-      string processed accordingly depending on the name.  Setting up
-      login classes and capabilities is rather straight-forward and is
-      also described in &man.login.conf.5;.</para>
+      string which is processed accordingly depending on the
+      <replaceable>name</replaceable>.  Setting up login classes and
+      capabilities is rather straight-forward and is also described in
+      &man.login.conf.5;.</para>
 
     <note>
-      <para>The system does not normally read the configuration in
-	<filename>/etc/login.conf</filename> directly, but reads the
-	database file <filename>/etc/login.conf.db</filename> which
-	provides faster lookups.  To generate
-	<filename>/etc/login.conf.db</filename> from
-	<filename>/etc/login.conf</filename>, execute the following
-	command:</para>
+      <para>&os; does not normally read the configuration in
+	<filename>/etc/login.conf</filename> directly, but instead
+	reads the <filename>/etc/login.conf.db</filename> database
+	which provides faster lookups.  Whenever
+	<filename>/etc/login.conf</filename> is edited, the
+	<filename>/etc/login.conf.db</filename> must be updated by
+	executing the following command:</para>
 
       <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
     </note>
 
-    <para>Resource limits are different from plain vanilla login
-      capabilities in two ways.  First, for every limit, there is a
-      soft (current) and hard limit.  A soft limit may be adjusted by
-      the user or application, but may be no higher than the hard
-      limit.  The latter may be lowered by the user, but never raised.
-      Second, most resource limits apply per process to a specific
-      user, not the user as a whole.  Note, however, that these
+    <para>Resource limits differ from the default login capabilities
+      in two ways.  First, for every limit, there is a soft (current)
+      and hard limit.  A soft limit may be adjusted by the user or
+      application, but may not be set higher than the hard limit.  The
+      hard limit may be lowered by the user, but can only be raised
+      by the superuser.  Second, most resource limits apply per
+      process to a specific user, not to the user as a whole.  These
       differences are mandated by the specific handling of the limits,
-      not by the implementation of the login capability framework
-      (i.e., they are not <emphasis>really</emphasis> a special case
-      of login capabilities).</para>
-
-    <para>And so, without further ado, below are the most commonly
-      used resource limits (the rest, along with all the other login
-      capabilities, may be found in &man.login.conf.5;).</para>
+      not by the implementation of the login capability
+      framework.</para>
+
+    <para>Below are the most commonly used resource limits.  The rest
+      of the limits, along with all the other login capabilities, can
+      be found in &man.login.conf.5;.</para>
 
     <variablelist>
       <varlistentry>
@@ -766,14 +745,13 @@ passwd: done</screen>
 	    <secondary>coredumpsize</secondary>
 	  </indexterm>
 	  <para>The limit on the size of a core file generated by a
-	    program is, for obvious reasons, subordinate to other
-	    limits on disk usage (e.g., <literal>filesize</literal>,
-	    or disk quotas).  Nevertheless, it is often used as a
-	    less-severe method of controlling disk space consumption:
-	    since users do not generate core files themselves, and
-	    often do not delete them, setting this may save them from
-	    running out of disk space should a large program (e.g.,
-	    <application>emacs</application>) crash.</para>
+	    program is subordinate to other limits on disk usage, such
+	    as <literal>filesize</literal>, or disk quotas.
+	    This limit is often used as a less-severe method of
+	    controlling disk space consumption.  Since users do not
+	    generate core files themselves, and often do not delete
+	    them, setting this may save them from running out of disk
+	    space should a large program crash.</para>
 	</listitem>
       </varlistentry>
 
@@ -786,18 +764,14 @@ passwd: done</screen>
 	    <primary>limiting users</primary>
 	    <secondary>cputime</secondary>
 	  </indexterm>
-	  <para>This is the maximum amount of CPU time a user's
-	    process may consume.  Offending processes will be killed
-	    by the kernel.</para>
+	  <para>The maximum amount of CPU time a user's process may
+	    consume.  Offending processes will be killed by the
+	    kernel.</para>
 
 	  <note>
 	    <para>This is a limit on CPU <emphasis>time</emphasis>
 	      consumed, not percentage of the CPU as displayed in
-	      some fields by &man.top.1; and &man.ps.1;.  A limit on
-	      the latter is, at the time of this writing, not
-	      possible, and would be rather useless: a
-	      compiler—probably a legitimate task—can
-	      easily use almost 100% of a CPU for some time.</para>
+	      some fields by &man.top.1; and &man.ps.1;.</para>
 	  </note>
 	</listitem>
       </varlistentry>
@@ -811,10 +785,10 @@ passwd: done</screen>
 	    <primary>limiting users</primary>
 	    <secondary>filesize</secondary>
 	  </indexterm>
-	  <para>This is the maximum size of a file the user may
-	    possess.  Unlike <link linkend="quotas">disk
-	      quotas</link>, this limit is enforced on individual
-	    files, not the set of all files a user owns.</para>
+	  <para>The maximum size of a file the user may own.  Unlike
+	    <link linkend="quotas">disk quotas</link>, this limit is
+	    enforced on individual files, not the set of all files a
+	    user owns.</para>
 	</listitem>
       </varlistentry>
 
@@ -827,17 +801,15 @@ passwd: done</screen>
 	    <primary>limiting users</primary>
 	    <secondary>maxproc</secondary>
 	  </indexterm>
-	  <para>This is the maximum number of processes a user may be
-	    running.  This includes foreground and background
-	    processes alike.  For obvious reasons, this may not be
-	    larger than the system limit specified by the
-	    <varname>kern.maxproc</varname> &man.sysctl.8;.  Also note
-	    that setting this too small may hinder a user's
-	    productivity: it is often useful to be logged in multiple
-	    times or execute pipelines.  Some tasks, such as
-	    compiling a large program, also spawn multiple processes
-	    (e.g., &man.make.1;, &man.cc.1;, and other intermediate
-	    preprocessors).</para>
+	  <para>The maximum number of processes a user can run.  This
+	    includes foreground and background processes.  This limit
+	    may not be larger than the system limit specified by the
+	    <varname>kern.maxproc</varname> &man.sysctl.8;.  Setting
+	    this limit too small may hinder a user's productivity as
+	    it is often useful to be logged in multiple times or to
+	    execute pipelines.  Some tasks, such as compiling a large
+	    program, spawn multiple processes and other intermediate
+	    preprocessors.</para>
 	</listitem>
       </varlistentry>
 
@@ -850,12 +822,11 @@ passwd: done</screen>
 	    <primary>limiting users</primary>
 	    <secondary>memorylocked</secondary>
 	  </indexterm>
-	  <para>This is the maximum amount a memory a process may have
-	    requested to be locked into main memory (e.g., see
-	    &man.mlock.2;).  Some system-critical programs, such as
-	    &man.amd.8;, lock into main memory such that in the event
-	    of being swapped out, they do not contribute to
-	    a system's thrashing in time of trouble.</para>
+	  <para>The maximum amount of memory a process may request
+	    to be locked into main memory using &man.mlock.2;.  Some
+	    system-critical programs, such as &man.amd.8;, lock into
+	    main memory so that in the event of being swapped out,
+	    they do not contribute to disk thrashing.</para>
 	</listitem>
       </varlistentry>
 
@@ -865,12 +836,11 @@ passwd: done</screen>
 	<listitem>
 	  <indexterm><primary>memoryuse</primary></indexterm>
 	  <indexterm><primary>limiting users</primary>
-	    <secondary>memoryuse</secondary>
-	</indexterm>
-	<para>This is the maximum amount of memory a process may
-	  consume at any given time.  It includes both core memory and
-	  swap usage.  This is not a catch-all limit for restricting
-	  memory consumption, but it is a good start.</para>
+	    <secondary>memoryuse</secondary></indexterm>
+	  <para>The maximum amount of memory a process may consume at
+	    any given time.  It includes both core memory and swap
+	    usage.  This is not a catch-all limit for restricting
+	    memory consumption, but is a good start.</para>
 	</listitem>
       </varlistentry>
 
@@ -882,10 +852,10 @@ passwd: done</screen>
 	  <indexterm><primary>limiting users</primary>
 	    <secondary>openfiles</secondary>
 	  </indexterm>
-	  <para>This is the maximum amount of files a process may have
-	    open.  In FreeBSD, files are also used to represent
-	    sockets and IPC channels; thus, be careful not to set this
-	    too low.  The system-wide limit for this is defined by the
+	  <para>The maximum amount of files a process may have open.
+	    In &os;, files are used to represent sockets and IPC
+	    channels, so be careful not to set this too low.  The
+	    system-wide limit for this is defined by the
 	    <varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
 	</listitem>
       </varlistentry>
@@ -898,10 +868,8 @@ passwd: done</screen>
 	  <indexterm><primary>limiting users</primary>
 	    <secondary>sbsize</secondary>
 	  </indexterm>
-	  <para>This is the limit on the amount of network memory, and
-	    thus mbufs, a user may consume.  This originated as a
-	    response to an old DoS attack by creating a lot of
-	    sockets, but can be generally used to limit network
+	  <para>The limit on the amount of network memory, and
+	    thus mbufs, a user may consume in order to limit network
 	    communications.</para>
 	</listitem>
       </varlistentry>
@@ -914,10 +882,10 @@ passwd: done</screen>
 	  <indexterm><primary>limiting users</primary>
 	    <secondary>stacksize</secondary>
 	  </indexterm>
-	  <para>This is the maximum size a process' stack may grow to.
-	    This alone is not sufficient to limit the amount of memory
-	    a program may use; consequently, it should be used in
-	    conjunction with other limits.</para>
+	  <para>The maximum size of a process stack.  This alone is
+	    not sufficient to limit the amount of memory a program
+	    may use so it should be used in conjunction with other
+	    limits.</para>
 	</listitem>
       </varlistentry>
     </variablelist>
@@ -936,25 +904,26 @@ passwd: done</screen>
       <listitem>
 	<para>Although the <filename>/etc/login.conf</filename> that
 	  comes with the system is a good source of reasonable values
-	  for most limits, only you, the administrator, can know what
-	  is appropriate for your system.  Setting a limit too high
-	  may open your system up to abuse, while setting it too low
-	  may put a strain on productivity.</para>
+	  for most limits, they may not be appropriate for every
+	  system.  Setting a limit too high may open the system up to
+	  abuse, while setting it too low may put a strain on
+	  productivity.</para>
       </listitem>
 
       <listitem>
-	<para>Users of the X Window System (X11) should probably be
-	  granted more resources than other users.  X11 by itself
-	  takes a lot of resources, but it also encourages users to
-	  run more programs simultaneously.</para>
+	<para>Users of <application>&xorg;</application> should
+	  probably be granted more resources than other users.
+	  <application>&xorg;</application> by itself takes a lot of
+	  resources, but it also encourages users to run more programs
+	  simultaneously.</para>
       </listitem>
 
       <listitem>
-	<para>Remember that many limits apply to individual processes,
-	  not the user as a whole.  For example, setting
+	<para>Many limits apply to individual processes, not the user

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-doc-all mailing list