svn commit: r42938 - head/en_US.ISO8859-1/books/handbook/basics
Dru Lavigne
dru at FreeBSD.org
Fri Oct 11 12:21:58 UTC 2013
Author: dru
Date: Fri Oct 11 12:21:57 2013
New Revision: 42938
URL: http://svnweb.freebsd.org/changeset/doc/42938
Log:
This patch does the following:
- makes 4.2 clearer and tightens some of the headings
- removed reference to learn more about single-user mode as it didn't say anything more; instead, summarized single-user mode here
- made intro to permissions clearer, the next patch will work on the rest of this section
Approved by: bcr (mentor)
Modified:
head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:18:18 2013 (r42937)
+++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:21:57 2013 (r42938)
@@ -6,16 +6,17 @@
-->
<chapter id="basics">
+ <!--
<chapterinfo>
<authorgroup>
<author>
<firstname>Chris</firstname>
<surname>Shumway</surname>
- <contrib>Rewritten by </contrib>
+ <contrib>Rewritten by in Mar 2000</contrib>
</author>
</authorgroup>
- <!-- 10 Mar 2000 -->
</chapterinfo>
+ -->
<title>UNIX Basics</title>
@@ -31,8 +32,7 @@
<itemizedlist>
<listitem>
- <para>How to use the <quote>virtual consoles</quote> of
- &os;.</para>
+ <para>How to use and configure virtual consoles.</para>
</listitem>
<listitem>
@@ -80,17 +80,6 @@
<indexterm><primary>virtual consoles</primary></indexterm>
<indexterm><primary>terminals</primary></indexterm>
-
- <para>&os; can be used in various ways. One of them is typing
- commands to a text terminal. A lot of the flexibility and power
- of a &unix; operating system is readily available when using
- &os; this way. This section describes what
- <quote>terminals</quote> and <quote>consoles</quote> are, and
- how to use them in &os;.</para>
-
- <sect2 id="consoles-intro">
- <title>The Console</title>
-
<indexterm><primary>console</primary></indexterm>
<para>Unless &os; has been configured to automatically start a
@@ -107,39 +96,16 @@ login:</screen>
example is running a 64-bit version of &os;. The hostname is
<hostid>pc3.example.org</hostid>, and
<devicename>ttyv0</devicename> indicates that this is the
- system console.</para>
-
- <para>The second line is the login prompt. The next section
- describes how to log into &os; at this prompt.</para>
- </sect2>
-
- <sect2 id="consoles-login">
- <title>Logging into &os;</title>
+ <quote>system console</quote>. The second line is the login prompt.</para>
- <para>&os; is a multiuser, multiprocessing system. This is the
- formal description that is usually given to a system that can
- be used by many different people, who simultaneously run a lot
- of programs on a single machine.</para>
-
- <para>Every multiuser system needs some way to distinguish one
- <quote>user</quote> from the rest. In &os; (and all the
- &unix;-like operating systems), this is accomplished by
- requiring that every user must <quote>log into</quote> the
- system before being able to run programs. Every user has a
- unique name (the <quote>username</quote>) and a personal,
- secret key (the <quote>password</quote>). &os; will ask for
- these two before allowing a user to run any programs.</para>
-
- <indexterm><primary>startup scripts</primary></indexterm>
- <para>When a &os; system boots, startup scripts are
- automatically executed in order to prepare the system and to
- start any services which have been configured to start at
- system boot. Once the system finishes running its startup
- scripts, it will present a login prompt:</para>
+ <para>Since &os; is a multiuser system, it needs some way to distinguish
+ between different users. This is accomplished by
+ requiring every user to log into the
+ system before gaining access to the programs on the system. Every user has a
+ unique name <quote>username</quote> and a personal
+ <quote>password</quote>.</para>
- <screen>login:</screen>
-
- <para>Type the username that was configured during system
+ <para>To log into the system console, type the username that was configured during system
installation, as described in
<xref linkend="bsdinstall-addusers"/>, and press
<keycap>Enter</keycap>. Then enter the password associated
@@ -149,58 +115,62 @@ login:</screen>
<para>Once the correct password is input, the message of the
day (<acronym>MOTD</acronym>) will be displayed followed
- by a command prompt (a <literal>#</literal>,
- <literal>$</literal>, or <literal>%</literal> character). You
- are now logged into the &os; console and ready to try the
+ by a command prompt. Depending upon the shell that was selected
+ when the user was created, this prompt will be a <literal>#</literal>,
+ <literal>$</literal>, or <literal>%</literal> character. The
+ prompt indicates that the user is now logged into the &os; system console and ready to try the
available commands.</para>
- </sect2>
<sect2 id="consoles-virtual">
<title>Virtual Consoles</title>
- <para>&os; can be configured to provide many virtual consoles
+ <para>While the system console can be used to interact with
+ the system, a user working from the command line at the
+ keyboard of a &os; system will typically instead log into a
+ virtual console. This is because system messages are
+ configured by default to display on the system console.
+ These messages will appear over the command or file that the
+ user is working on, making it difficult to concentrate on
+ the work at hand.</para>
+
+ <para>By default, &os; is configured to provide several virtual consoles
for inputting commands. Each virtual console has its own
- login prompt and output channel, and &os; takes care of
- properly redirecting keyboard input and monitor output as
- switching occurs between virtual consoles.</para>
-
- <para>Special key combinations have been reserved by &os; for
- switching consoles.<footnote>
- <para>Refer to &man.syscons.4;, &man.atkbd.4;,
- &man.vidcontrol.1; and &man.kbdcontrol.1; for a more
- technical description of the &os; console and its keyboard
- drivers.</para></footnote>. Use
- <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>,
- <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>,
+ login prompt and shell and it is easy to switch between
+ virtual consoles. This essentially provides the command line
+ equivalent of having several windows open at the same time
+ in a graphical environment.</para>
+
+ <para>The key combinations <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
through
- <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo>
- to switch to a different virtual console in &os;.</para>
+ <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> have been reserved by &os; for
+ switching between virtual consoles. Use
+ <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
+ to switch to the system console (<devicename>ttyv0</devicename>),
+ <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>
+ to access the first virtual console
+ (<devicename>ttyv1</devicename>),
+ <keycombo><keycap>Alt</keycap><keycap>F3</keycap></keycombo>
+ to access the second virtual console
+ (<devicename>ttyv2</devicename>), and so on.</para>
<para>When switching from one console to the next, &os; takes
- care of saving and restoring the screen output. The result is
- an <quote>illusion</quote> of having multiple
- <quote>virtual</quote> screens and keyboards that can be used
+ manages the screen output. The result is
+ an illusion of having multiple
+ virtual screens and keyboards that can be used
to type commands for &os; to run. The programs that are
- launched in one virtual console do not stop running when that
- console is not visible because the user has switched to a
+ launched in one virtual console do not stop running when
+ the user switches to a
different virtual console.</para>
- </sect2>
- <sect2 id="consoles-ttys">
- <title>The <filename>/etc/ttys</filename> File</title>
-
- <para>By default, &os; is configured to start eight virtual
- consoles. The configuration can be customized to start
- more or fewer virtual consoles. To change the number of and
- the settings of the virtual consoles, edit
- <filename>/etc/ttys</filename>.</para>
-
- <para>Each uncommented line in <filename>/etc/ttys</filename>
- (lines that do not start with a <literal>#</literal>
- character) contains settings for a single terminal or virtual
- console. The default version configures nine virtual
- consoles, and enables eight of them. They are the lines that
- start with <literal>ttyv</literal>:</para>
+ <para>Refer to &man.syscons.4;, &man.atkbd.4;,
+ &man.vidcontrol.1; and &man.kbdcontrol.1; for a more
+ technical description of the &os; console and its keyboard
+ drivers.</para>
+
+ <para>In &os;, the number of available virtual
+ consoles is configured in this
+ section of
+ <filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
#
@@ -215,19 +185,46 @@ ttyv6 "/usr/libexec/getty Pc"
ttyv7 "/usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
+
+ <para>To disable a virtual console, put a comment symbol (<literal>#</literal>)
+ at the beginning of the line representing that virtual console.
+ For example, to reduce the number of available virtual consoles
+ from eight to four, put a <literal>#</literal> in front of
+ the last four lines representing virtual consoles
+ <devicename>ttyv5</devicename> through
+ <devicename>ttyv8</devicename>. <emphasis>Do not</emphasis>
+ comment out the line for the system console
+ <devicename>ttyv0</devicename>. Note that the last virtual
+ console (<devicename>ttyv8</devicename>) is used to access
+ the graphical environment if <application>&xorg;</application>
+ has been installed and configured as described in <xref
+ linkend="x11"/>.</para>
+
<para>For a detailed description of every column in this file
and the available options for the virtual consoles, refer to
&man.ttys.5;.</para>
</sect2>
<sect2 id="consoles-singleuser">
- <title>Single User Mode Console</title>
+ <title>Single User Mode</title>
- <para>A detailed description of <quote>single user mode</quote>
- can be found in <xref linkend="boot-singleuser"/>. There is
- only one console when &os; is in single user mode as no other
- virtual consoles are available in this mode. The settings
- for single user mode are found in this section of
+ <para>The &os; boot menu provides an option labelled as
+ <quote>Boot Single User</quote>. If this option is selected,
+ the system will boot into a special mode known as
+ <quote>single user mode</quote>. This mode is typically used to
+ repair a system that will not boot or to reset the
+ <username>root</username> password when it is not known.
+ While in single user mode, networking and other
+ virtual consoles are not available. However, full
+ <username>root</username> access to the system is available,
+ and by default, the <username>root</username> password is not
+ needed. For these reasons, physical access to the keyboard
+ is needed to boot into this mode and determining who has physical
+ access to the keyboard is something to consider when securing
+ a &os; system.</para>
+
+ <para>The settings which control
+ single user mode are found in this section of
<filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
@@ -235,20 +232,25 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon"
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure</programlisting>
-
+
+ <para>By default, the status is set to <literal>secure</literal>.
+ This assumes that who has physical access to the keyboard
+ is either not important or it is controlled by a physical
+ security policy. If this setting is changed to
+ <literal>insecure</literal>, the assumption is that the
+ environment itself is insecure because anyone can access
+ the keyboard. When this line is changed to
+ <literal>insecure</literal>, &os; will prompt for the
+ <username>root</username> password when a user selects to boot into single
+ user mode.
+ </para>
+
<note>
- <para>As the comments above the <literal>console</literal>
- line indicate, editing <literal>secure</literal> to
- <literal>insecure</literal> will prompt for the
- <username>root</username> password when booting into single
- user mode. The default setting enters single user mode
- without prompting for a password.</para>
-
<para><emphasis>Be careful when changing this setting to
- <literal>insecure</literal></emphasis>. If the
+ <literal>insecure</literal></emphasis>! If the
<username>root</username> password is forgotten, booting
into single user mode is still possible, but may be
- difficult for someone who is not comfortable with the &os;
+ difficult for someone who is not familiar with the &os;
booting process.</para>
</note>
</sect2>
@@ -289,44 +291,46 @@ console none
<indexterm><primary>UNIX</primary></indexterm>
- <para>&os;, being a direct descendant of BSD &unix;, is based on
- several key &unix; concepts. The first and most pronounced is
- that &os; is a multi-user operating system that can handle
- several users working simultaneously on completely unrelated
- tasks. The system is responsible for properly sharing and
- managing requests for hardware devices, peripherals, memory, and
- CPU time fairly to each user.</para>
-
- <para>Much more information about user accounts is in the chapter
- about <link linkend="users">accounts</link>. It is important to
- understand that each person (user) who uses the computer should
- be given their own username and password. The system keeps
- track of the people using the computer based on this username.
- Since it is often the case that several people are working on
- the same project &unix; also provides groups. Several users can
- be placed in the same group.</para>
-
- <para>Because the system is capable of supporting multiple users,
- everything the system manages has a set of permissions governing
- who can read, write, and execute the resource. These
- permissions are stored as three octets broken into three pieces,
- one for the owner of the file, one for the group that the file
- belongs to, and one for everyone else. This numerical
- representation works like this:</para>
-
- <note>
- <para>This section will discuss the traditional &unix;
- permissions. For finer grained file system access control,
- see the
- <link linkend="fs-acl">File System Access Control Lists</link>
- section.</para>
- </note>
-
+ <para>In &os;, every file and directory has an associated set of
+ permissions and several utilities are available for viewing
+ and modifying these permissions. Understanding how permissions
+ work is necessary to make sure that users are able to access
+ the files that they need and are unable to improperly access
+ the files used by the operating system or owned by other
+ users.</para>
+
+ <para>This section discusses the traditional &unix;
+ permissions used in &os;. For finer grained file system access control,
+ refer to
+ <xref linkend="fs-acl"/>.</para>
+
+ <para>In &unix;, basic permissions are assigned using
+ three types of access: read, write, and execute. These access
+ types are used to determine file access to the file's owner,
+ group, and others (everyone else). The read, write, and execute
+ permissions can be represented as the letters
+ <literal>r</literal>, <literal>w</literal>, and
+ <literal>x</literal>. They can also be represented as binary
+ numbers as each permission is either on or off
+ (<literal>0</literal>). When represented as a number, the
+ order is always read as <literal>rwx</literal>, where
+ <literal>r</literal> has an on value of <literal>4</literal>,
+ <literal>w</literal> has an on value of <literal>2</literal>
+ and <literal>x</literal> has an on value of
+ <literal>1</literal>.</para>
+
+ <para>Table 4.1 summarizes the possible numeric and alphabetic
+ possibilities. When reading the <quote>Directory Listing</quote>
+ column, a <literal>-</literal> is used to represent a permission
+ that is set to off.</para>
+
<indexterm><primary>permissions</primary></indexterm>
<indexterm>
<primary>file permissions</primary>
</indexterm>
- <informaltable frame="none" pgwide="1">
+ <table frame="none" pgwide="1">
+ <title>&unix; Permissions</title>
+
<tgroup cols="3">
<thead>
<row>
@@ -386,7 +390,7 @@ console none
</row>
</tbody>
</tgroup>
- </informaltable>
+ </table>
<indexterm>
<primary>&man.ls.1;</primary>
More information about the svn-doc-all
mailing list