svn commit: r43116 - head/ja_JP.eucJP/books/handbook/security

Ryusuke SUZUKI ryusuke at
Thu Nov 7 11:57:57 UTC 2013

Author: ryusuke
Date: Thu Nov  7 11:57:57 2013
New Revision: 43116

  - Merge the following from the English version:
  	r15267 -> r15428	head/ja_JP.eucJP/books/handbook/security/chapter.xml


Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml	Thu Nov  7 11:44:29 2013	(r43115)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml	Thu Nov  7 11:57:57 2013	(r43116)
@@ -3,9 +3,7 @@
      The FreeBSD Documentation Project
      The FreeBSD Japanese Documentation Project
-     Original revision: r15267
-     Waiting for:	1.123 or mac/chapter.xml
-			("mac" referenced from disks).
+     Original revision: r15428
      Translation note: "fs-acl" section added in rev.1.118 is moved to
 	handbook/basics in rev.1.134 and moved back to this file in
 	rev.1.150. The traslation is already done in handbook/basics, so we
@@ -81,11 +79,6 @@
 	<para>FreeBSD ¤Ç»È¤ï¤ì¤Æ¤¤¤ë SSH ¼ÂÁõ¤Ç¤¢¤ë
 	  OpenSSH ¤ÎÀßÄꤪ¤è¤Ó»ÈÍÑÊýË¡</para>
-      <listitem>
-	<para>³ÈÄ¥¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¥¢¥¯¥»¥¹À©¸æ¥ê¥¹¥È
-	  (ACL) ¤Î UFS ¤Ç¤ÎÀßÄꤪ¤è¤Ó»ÈÍÑÊýË¡</para>
-      </listitem>
 	<para>How to configure and load access control extension
@@ -3807,70 +3800,6 @@ user at's passwor
       <para>&man.sshd.8; &man.sftp-server.8;</para>
-<!-- XXX 2006/05/01 hiroo: Do not translate this section.
-     See the translation note in the header for the reason.
-  <sect1 id="fs-acl">
-    <sect1info>
-      <authorgroup>
-	<author>
-	  <firstname>Tom</firstname>
-	  <surname>Rhodes</surname>
-	  <contrib>Contributed by </contrib>
-	</author>
-      </authorgroup>
-    </sect1info>
-    <indexterm>
-      <primary>ACL</primary>
-    </indexterm>
-    <title>File System Access Control Lists</title>
-    <para>In conjunction with file system enhancements like snapshots, FreeBSD 5.0
-      and later offers the security of File System Access Control Lists
-      (<acronym>ACLs</acronym>).</para>
-    <para>Access Control Lists extend the standard UNIX
-      permission model in a highly compatible (POSIX.1e) way.  This feature
-      permits an administrator to make use of and take advantage of a
-      more sophisticated security model.</para>
-    <para>For <acronym>ACLs</acronym> to work:</para>
-    <programlisting>options UFS_ACL</programlisting>
-    <para>must be compiled into the kernel.  If this option has
-      not been compiled in, a warning message will be displayed
-      when attempting to mount a file system sporting <acronym>ACLs</acronym>.
-      <acronym>ACLs</acronym> rely on extended attributes being enabled on
-      the file system.  This is supported natively in the next generation of
-      the <acronym>UNIX</acronym> file system or <acronym>UFS2</acronym>.</para>
-    <note><para>The use of extended attributes on <acronym>UFS1</acronym> file
-      systems will lead to higher administration overhead and lower overall
-      file system performance.  <acronym>UFS2</acronym> does not have this
-      problem.</para></note>
-    <para>To enable <acronym>ACLs</acronym> on a file system, the <option>-a</option>
-      option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates
-      process:</para>
-    <screen>&prompt.root; <userinput>umount /usr</userinput>
-&prompt.root; <userinput>tunefs -a enable /dev/<replaceable>diskNsNx</replaceable></userinput>
-&prompt.root; <userinput>mount /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen>
-    <para>This assumes that <devicename>/dev/<replaceable>diskNsNx</replaceable></devicename> is the
-      <filename>/usr</filename> partition.</para>
-    <para><acronym>ACLs</acronym> can also be enabled by passing the
-      <option>-o acls</option> argument to &man.mount.8;:</para>
-    <screen>&prompt.root; <userinput>mount -o acls /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen>
-    <para>This flag can also be set  in <filename>/etc/fstab</filename>.
-      It is recommended to use the former over the latter to avoid remount
-      issues with the root file system.</para>
-  </sect1>
   <sect1 id="mac">
@@ -3956,7 +3885,7 @@ user at's passwor
       <para>The Biba Integrity Policy (&man.mac.biba.4;) provides
-	for hierarchal and non-hierarchal labeling of all system
+	for hierarchical and non-hierarchical labeling of all system
 	objects with integrity data, and the strict enforcement of
 	an information flow policy to prevent corruption of high
 	integrity subjects and data by low-integrity subjects.
@@ -4048,7 +3977,7 @@ user at's passwor
       <para>Module name: mac_mls.ko</para>
       <para>Kernel option: <literal>MAC_MLS</literal></para>
       <para>Multi-Level Security (<acronym>MLS</acronym>)
-        (&;) provides for hierarchal and non-hierarchal
+        (&;) provides for hierarchical and non-hierarchical
         labeling of all system objects with sensitivity data, and the
         strict enforcement of an information flow policy to prevent
         the leakage of confidential data to untrusted parties.  The
@@ -4057,7 +3986,7 @@ user at's passwor
         trusted operating systems to protect data secrecy in
         multi-user environments.  Hierarchal labels provide support
         for the notion of clearances and classifications in
-        traditional parlance; non-hierarchal labels provide support
+        traditional parlance; non-hierarchical labels provide support
         for <quote>need-to-know.</quote>  As with Biba, ubiquitous
         labeling of objects occurs, and it must therefore be compiled
         into the kernel or loaded at boot.  As with Biba, extensive

More information about the svn-doc-all mailing list