svn commit: r42956 - head/en_US.ISO8859-1/books/handbook/basics
Dru Lavigne
dru at FreeBSD.org
Mon Oct 14 17:45:56 UTC 2013
Author: dru
Date: Mon Oct 14 17:45:55 2013
New Revision: 42956
URL: http://svnweb.freebsd.org/changeset/doc/42956
Log:
White space fix only. Translators can ignore.
Modified:
head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Mon Oct 14 17:26:03 2013 (r42955)
+++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Mon Oct 14 17:45:55 2013 (r42956)
@@ -85,46 +85,48 @@
<indexterm><primary>virtual consoles</primary></indexterm>
<indexterm><primary>terminals</primary></indexterm>
- <indexterm><primary>console</primary></indexterm>
+ <indexterm><primary>console</primary></indexterm>
- <para>Unless &os; has been configured to automatically start a
- graphical environment during startup, the system will boot
- into a command line login prompt, as seen in this
- example:</para>
+ <para>Unless &os; has been configured to automatically start a
+ graphical environment during startup, the system will boot
+ into a command line login prompt, as seen in this
+ example:</para>
- <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0)
+ <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0)
login:</screen>
- <para>The first line contains some information about the system.
- The <literal>amd64</literal> indicates that the system in this
- example is running a 64-bit version of &os;. The hostname is
- <hostid>pc3.example.org</hostid>, and
- <devicename>ttyv0</devicename> indicates that this is the
- <quote>system console</quote>. The second line is the login prompt.</para>
-
- <para>Since &os; is a multiuser system, it needs some way to distinguish
- between different users. This is accomplished by
- requiring every user to log into the
- system before gaining access to the programs on the system. Every user has a
- unique name <quote>username</quote> and a personal
- <quote>password</quote>.</para>
-
- <para>To log into the system console, type the username that was configured during system
- installation, as described in
- <xref linkend="bsdinstall-addusers"/>, and press
- <keycap>Enter</keycap>. Then enter the password associated
- with the username and press <keycap>Enter</keycap>. The
- password is <emphasis>not echoed</emphasis> for security
- reasons.</para>
-
- <para>Once the correct password is input, the message of the
- day (<acronym>MOTD</acronym>) will be displayed followed
- by a command prompt. Depending upon the shell that was selected
- when the user was created, this prompt will be a <literal>#</literal>,
- <literal>$</literal>, or <literal>%</literal> character. The
- prompt indicates that the user is now logged into the &os; system console and ready to try the
- available commands.</para>
+ <para>The first line contains some information about the system.
+ The <literal>amd64</literal> indicates that the system in this
+ example is running a 64-bit version of &os;. The hostname is
+ <hostid>pc3.example.org</hostid>, and
+ <devicename>ttyv0</devicename> indicates that this is the
+ <quote>system console</quote>. The second line is the login
+ prompt.</para>
+
+ <para>Since &os; is a multiuser system, it needs some way to
+ distinguish between different users. This is accomplished by
+ requiring every user to log into the system before gaining
+ access to the programs on the system. Every user has a
+ unique name <quote>username</quote> and a personal
+ <quote>password</quote>.</para>
+
+ <para>To log into the system console, type the username that
+ was configured during system installation, as described in
+ <xref linkend="bsdinstall-addusers"/>, and press
+ <keycap>Enter</keycap>. Then enter the password associated
+ with the username and press <keycap>Enter</keycap>. The
+ password is <emphasis>not echoed</emphasis> for security
+ reasons.</para>
+
+ <para>Once the correct password is input, the message of the
+ day (<acronym>MOTD</acronym>) will be displayed followed
+ by a command prompt. Depending upon the shell that was
+ selected when the user was created, this prompt will be a
+ <literal>#</literal>, <literal>$</literal>, or
+ <literal>%</literal> character. The prompt indicates that
+ the user is now logged into the &os; system console and ready
+ to try the available commands.</para>
<sect2 id="consoles-virtual">
<title>Virtual Consoles</title>
@@ -138,19 +140,22 @@ login:</screen>
user is working on, making it difficult to concentrate on
the work at hand.</para>
- <para>By default, &os; is configured to provide several virtual consoles
- for inputting commands. Each virtual console has its own
- login prompt and shell and it is easy to switch between
- virtual consoles. This essentially provides the command line
- equivalent of having several windows open at the same time
- in a graphical environment.</para>
+ <para>By default, &os; is configured to provide several virtual
+ consoles for inputting commands. Each virtual console has
+ its own login prompt and shell and it is easy to switch
+ between virtual consoles. This essentially provides the
+ command line equivalent of having several windows open at the
+ same time in a graphical environment.</para>
- <para>The key combinations <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
+ <para>The key combinations
+ <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
through
- <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> have been reserved by &os; for
- switching between virtual consoles. Use
+ <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo>
+ have been reserved by &os; for switching between virtual
+ consoles. Use
<keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>
- to switch to the system console (<devicename>ttyv0</devicename>),
+ to switch to the system console
+ (<devicename>ttyv0</devicename>),
<keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>
to access the first virtual console
(<devicename>ttyv1</devicename>),
@@ -159,22 +164,19 @@ login:</screen>
(<devicename>ttyv2</devicename>), and so on.</para>
<para>When switching from one console to the next, &os; takes
- manages the screen output. The result is
- an illusion of having multiple
- virtual screens and keyboards that can be used
+ manages the screen output. The result is an illusion of
+ having multiple virtual screens and keyboards that can be used
to type commands for &os; to run. The programs that are
launched in one virtual console do not stop running when
- the user switches to a
- different virtual console.</para>
+ the user switches to a different virtual console.</para>
<para>Refer to &man.syscons.4;, &man.atkbd.4;,
&man.vidcontrol.1; and &man.kbdcontrol.1; for a more
technical description of the &os; console and its keyboard
drivers.</para>
- <para>In &os;, the number of available virtual
- consoles is configured in this
- section of
+ <para>In &os;, the number of available virtual consoles is
+ configured in this section of
<filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
@@ -191,11 +193,12 @@ ttyv7 "/usr/libexec/getty Pc"
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting>
- <para>To disable a virtual console, put a comment symbol (<literal>#</literal>)
- at the beginning of the line representing that virtual console.
- For example, to reduce the number of available virtual consoles
- from eight to four, put a <literal>#</literal> in front of
- the last four lines representing virtual consoles
+ <para>To disable a virtual console, put a comment symbol
+ (<literal>#</literal>) at the beginning of the line
+ representing that virtual console. For example, to reduce
+ the number of available virtual consoles from eight to four,
+ put a <literal>#</literal> in front of the last four lines
+ representing virtual consoles
<devicename>ttyv5</devicename> through
<devicename>ttyv8</devicename>. <emphasis>Do not</emphasis>
comment out the line for the system console
@@ -204,7 +207,7 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon"
the graphical environment if <application>&xorg;</application>
has been installed and configured as described in <xref
linkend="x11"/>.</para>
-
+
<para>For a detailed description of every column in this file
and the available options for the virtual consoles, refer to
&man.ttys.5;.</para>
@@ -216,40 +219,38 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon"
<para>The &os; boot menu provides an option labelled as
<quote>Boot Single User</quote>. If this option is selected,
the system will boot into a special mode known as
- <quote>single user mode</quote>. This mode is typically used to
- repair a system that will not boot or to reset the
+ <quote>single user mode</quote>. This mode is typically used
+ to repair a system that will not boot or to reset the
<username>root</username> password when it is not known.
- While in single user mode, networking and other
- virtual consoles are not available. However, full
+ While in single user mode, networking and other virtual
+ consoles are not available. However, full
<username>root</username> access to the system is available,
and by default, the <username>root</username> password is not
needed. For these reasons, physical access to the keyboard
- is needed to boot into this mode and determining who has physical
- access to the keyboard is something to consider when securing
- a &os; system.</para>
+ is needed to boot into this mode and determining who has
+ physical access to the keyboard is something to consider when
+ securing a &os; system.</para>
- <para>The settings which control
- single user mode are found in this section of
- <filename>/etc/ttys</filename>:</para>
+ <para>The settings which control single user mode are found in
+ this section of <filename>/etc/ttys</filename>:</para>
<programlisting># name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure</programlisting>
-
- <para>By default, the status is set to <literal>secure</literal>.
- This assumes that who has physical access to the keyboard
- is either not important or it is controlled by a physical
- security policy. If this setting is changed to
- <literal>insecure</literal>, the assumption is that the
- environment itself is insecure because anyone can access
- the keyboard. When this line is changed to
- <literal>insecure</literal>, &os; will prompt for the
- <username>root</username> password when a user selects to boot into single
- user mode.
- </para>
-
+
+ <para>By default, the status is set to
+ <literal>secure</literal>. This assumes that who has
+ physical access to the keyboard is either not important or it
+ is controlled by a physical security policy. If this setting
+ is changed to <literal>insecure</literal>, the assumption is
+ that the environment itself is insecure because anyone can
+ access the keyboard. When this line is changed to
+ <literal>insecure</literal>, &os; will prompt for the
+ <username>root</username> password when a user selects to
+ boot into single user mode.</para>
+
<note>
<para><emphasis>Be careful when changing this setting to
<literal>insecure</literal></emphasis>! If the
@@ -331,94 +332,95 @@ console none
</listitem>
<listitem>
- <para>How to create groups and add users as members of a group.</para>
+ <para>How to create groups and add users as members of a
+ group.</para>
</listitem>
</itemizedlist>
- <sect2 id="users-introduction">
- <title>Account Types</title>
-
- <para>Since all access to the &os; system is achieved using accounts
- and all processes are run by users, user and account management
- is important.</para>
-
- <para>There are three main types of accounts:
- system accounts,
- user accounts, and the
- superuser account.</para>
-
- <sect3 id="users-system">
- <title>System Accounts</title>
-
- <indexterm>
- <primary>accounts</primary>
- <secondary>system</secondary>
- </indexterm>
-
- <para>System accounts are used to run services such as DNS,
- mail, and web servers. The reason for this is security; if
- all services ran as the superuser, they could act without
- restriction.</para>
-
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>daemon</username></secondary>
- </indexterm>
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>operator</username></secondary>
- </indexterm>
-
- <para>Examples of system accounts are
- <username>daemon</username>, <username>operator</username>,
- <username>bind</username>, <username>news</username>, and
- <username>www</username>.</para>
+ <sect2 id="users-introduction">
+ <title>Account Types</title>
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>nobody</username></secondary>
- </indexterm>
-
- <para><username>nobody</username> is the generic unprivileged
- system account. However, the more services that use
- <username>nobody</username>, the more files and processes that
- user will become associated with, and hence the more
- privileged that user becomes.</para>
- </sect3>
-
- <sect3 id="users-user">
- <title>User Accounts</title>
-
- <indexterm>
- <primary>accounts</primary>
- <secondary>user</secondary>
- </indexterm>
-
- <para>User accounts are
- assigned to real people and are used to log in and use the
- system. Every person accessing the system should have a unique
- user account. This allows the administrator to find out who
- is doing what and prevents users from clobbering the
- settings of other users.</para>
-
- <para>Each user can set up their own environment to accommodate
- their use of the system, by configuring their default shell, editor,
- key bindings, and language settings.</para>
- <para>Every user account on a &os; system has certain information
- associated with it:</para>
-
- <variablelist>
- <varlistentry>
- <term>User name</term>
+ <para>Since all access to the &os; system is achieved using
+ accounts and all processes are run by users, user and account
+ management is important.</para>
+
+ <para>There are three main types of accounts: system accounts,
+ user accounts, and the superuser account.</para>
+
+ <sect3 id="users-system">
+ <title>System Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>system</secondary>
+ </indexterm>
+
+ <para>System accounts are used to run services such as DNS,
+ mail, and web servers. The reason for this is security; if
+ all services ran as the superuser, they could act without
+ restriction.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>daemon</username></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>operator</username></secondary>
+ </indexterm>
+
+ <para>Examples of system accounts are
+ <username>daemon</username>, <username>operator</username>,
+ <username>bind</username>, <username>news</username>, and
+ <username>www</username>.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>nobody</username></secondary>
+ </indexterm>
+
+ <para><username>nobody</username> is the generic unprivileged
+ system account. However, the more services that use
+ <username>nobody</username>, the more files and processes
+ that user will become associated with, and hence the more
+ privileged that user becomes.</para>
+ </sect3>
+
+ <sect3 id="users-user">
+ <title>User Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>user</secondary>
+ </indexterm>
+
+ <para>User accounts are assigned to real people and are used
+ to log in and use the system. Every person accessing the
+ system should have a unique user account. This allows the
+ administrator to find out who is doing what and prevents
+ users from clobbering the settings of other users.</para>
+
+ <para>Each user can set up their own environment to
+ accommodate their use of the system, by configuring their
+ default shell, editor, key bindings, and language
+ settings.</para>
+
+ <para>Every user account on a &os; system has certain
+ information associated with it:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>User name</term>
<listitem>
<para>The user name is typed at the <prompt>login:</prompt>
prompt. User names must be unique on the system as no two
users can have the same user name. There are a number of
- rules for creating valid user names which are documented in
- &man.passwd.5;. It is recommended to use user names that consist of eight or
- fewer, all lower case characters in order to maintain
- backwards compatibility with applications.</para>
+ rules for creating valid user names which are documented
+ in &man.passwd.5;. It is recommended to use user names
+ that consist of eight or fewer, all lower case characters
+ in order to maintain backwards compatibility with
+ applications.</para>
</listitem>
</varlistentry>
@@ -426,8 +428,9 @@ console none
<term>Password</term>
<listitem>
- <para>Each user account should have an associated password. While the
- password can be blank, this is highly discouraged.</para>
+ <para>Each user account should have an associated password.
+ While the password can be blank, this is highly
+ discouraged.</para>
</listitem>
</varlistentry>
@@ -435,14 +438,13 @@ console none
<term>User ID (<acronym>UID</acronym>)</term>
<listitem>
- <para>The User ID (<acronym>UID</acronym>) is a number
- used to uniquely identify the user to the
- &os; system. Commands that
- allow a user name to be specified will first convert it to
- the <acronym>UID</acronym>. It is recommended to use a UID of
- 65535 or lower as higher UIDs may cause compatibility
- issues with software that does not support integers larger
- than 32-bits.</para>
+ <para>The User ID (<acronym>UID</acronym>) is a number used
+ to uniquely identify the user to the &os; system.
+ Commands that allow a user name to be specified will
+ first convert it to the <acronym>UID</acronym>. It is
+ recommended to use a UID of 65535 or lower as higher UIDs
+ may cause compatibility issues with software that does
+ not support integers larger than 32-bits.</para>
</listitem>
</varlistentry>
@@ -450,14 +452,15 @@ console none
<term>Group ID (<acronym>GID</acronym>)</term>
<listitem>
- <para>The Group ID (<acronym>GID</acronym>) is a number used to uniquely identify
- the primary group that the user belongs to. Groups are a
- mechanism for controlling access to resources based on a
- user's <acronym>GID</acronym> rather than their
+ <para>The Group ID (<acronym>GID</acronym>) is a number
+ used to uniquely identify the primary group that the user
+ belongs to. Groups are a mechanism for controlling
+ access to resources based on a user's
+ <acronym>GID</acronym> rather than their
<acronym>UID</acronym>. This can significantly reduce the
size of some configuration files and allows users to be
- members of more than one group. It is recommended to use a GID of
- 65535 or lower as higher GIDs may break some
+ members of more than one group. It is recommended to use
+ a GID of 65535 or lower as higher GIDs may break some
software.</para>
</listitem>
</varlistentry>
@@ -479,9 +482,9 @@ console none
<listitem>
<para>By default, &os; does not force users to change their
passwords periodically. Password expiration can be
- enforced on a per-user basis using &man.pw.8;, forcing some or all users to
- change their passwords after a certain amount of time has
- elapsed.</para>
+ enforced on a per-user basis using &man.pw.8;, forcing
+ some or all users to change their passwords after a
+ certain amount of time has elapsed.</para>
</listitem>
</varlistentry>
@@ -492,9 +495,10 @@ console none
<para>By default, &os; does not expire accounts. When
creating accounts that need a limited lifespan, such as
student accounts in a school, specify the account expiry
- date using &man.pw.8;. After the expiry time has elapsed, the account
- cannot be used to log in to the system, although the
- account's directories and files will remain.</para>
+ date using &man.pw.8;. After the expiry time has
+ elapsed, the account cannot be used to log in to the
+ system, although the account's directories and files will
+ remain.</para>
</listitem>
</varlistentry>
@@ -504,9 +508,9 @@ console none
<listitem>
<para>The user name uniquely identifies the account to &os;,
but does not necessarily reflect the user's real name.
- Similar to a comment, this information
- can contain a space, uppercase characters, and be more
- than 8 characters long.</para>
+ Similar to a comment, this information can contain a
+ space, uppercase characters, and be more than 8
+ characters long.</para>
</listitem>
</varlistentry>
@@ -538,9 +542,9 @@ console none
</listitem>
</varlistentry>
</variablelist>
- </sect3>
+ </sect3>
- <sect3 id="users-superuser">
+ <sect3 id="users-superuser">
<title>The Superuser Account</title>
<indexterm>
@@ -558,50 +562,53 @@ console none
<para>The superuser, unlike other user
accounts, can operate without limits, and misuse of the
superuser account may result in spectacular disasters. User
- accounts are unable to destroy the operating system by mistake, so it is
- recommended to login as a user account and to only become the superuser
- when a command requires extra privilege.</para>
+ accounts are unable to destroy the operating system by
+ mistake, so it is recommended to login as a user account and
+ to only become the superuser when a command requires extra
+ privilege.</para>
<para>Always double and triple-check any commands issued as the
superuser, since an extra space or missing character can mean
irreparable data loss.</para>
- <para>There are several ways to become gain superuser privilege. While one
- can log in as <username>root</username>, this is highly discouraged.</para>
-
- <para>Instead, use &man.su.1; to become the superuser. If
- <literal>-</literal> is specified when running this command, the user will also inherit the root user's environment.
- The user running this command must
- be in the <groupname>wheel</groupname> group or else the command
- will fail. The user must also know the password for the
- <username>root</username> user account.</para>
-
- <para>In this example, the user only becomes superuser in order to run
- <command>make install</command> as this step requires superuser privilege.
- Once the command completes, the user types <command>exit</command>
- to leave the superuser account and return to the privilege of
- their user account.</para>
+ <para>There are several ways to become gain superuser privilege.
+ While one can log in as <username>root</username>, this is
+ highly discouraged.</para>
+
+ <para>Instead, use &man.su.1; to become the superuser. If
+ <literal>-</literal> is specified when running this command,
+ the user will also inherit the root user's environment. The
+ user running this command must be in the
+ <groupname>wheel</groupname> group or else the command will
+ fail. The user must also know the password for the
+ <username>root</username> user account.</para>
+
+ <para>In this example, the user only becomes superuser in order
+ to run <command>make install</command> as this step requires
+ superuser privilege. Once the command completes, the user
+ types <command>exit</command> to leave the superuser account
+ and return to the privilege of their user account.</para>
- <example>
- <title>Install a Program As The Superuser</title>
+ <example>
+ <title>Install a Program As The Superuser</title>
- <screen>&prompt.user; <userinput>configure</userinput>
+ <screen>&prompt.user; <userinput>configure</userinput>
&prompt.user; <userinput>make</userinput>
&prompt.user; <userinput>su -</userinput>
Password:
&prompt.root; <userinput>make install</userinput>
&prompt.root; <userinput>exit</userinput>
&prompt.user;</screen>
- </example>
+ </example>
- <para>The built-in &man.su.1; framework works well for single systems or small
- networks with just one system administrator. An alternative
- is to install the
- <filename role="package">security/sudo</filename> package or port. This software
- provides activity logging and allows the administrator to configure which users
- can run which commands
- as the superuser.</para>
- </sect3>
+ <para>The built-in &man.su.1; framework works well for single
+ systems or small networks with just one system administrator.
+ An alternative is to install the <filename
+ role="package">security/sudo</filename> package or port.
+ This software provides activity logging and allows the
+ administrator to configure which users can run which commands
+ as the superuser.</para>
+ </sect3>
</sect2>
<sect2 id="users-modifying">
@@ -918,7 +925,7 @@ passwd: done</screen>
<title>Changing Another User's Password as the
Superuser</title>
- <screen>&prompt.root; <userinput>passwd jru</userinput>
+ <screen>&prompt.root; <userinput>passwd jru</userinput>
Changing local password for jru.
New password:
Retype new password:
@@ -1025,14 +1032,17 @@ passwd: done</screen>
<term><literal>coredumpsize</literal></term>
<listitem>
- <para>The limit on the size of a core file<indexterm><primary>coredumpsize</primary></indexterm> generated by a
- program is subordinate to other limits<indexterm><primary>limiting users</primary><secondary>coredumpsize</secondary></indexterm> on disk usage, such
- as <literal>filesize</literal>, or disk quotas.
- This limit is often used as a less-severe method of
- controlling disk space consumption. Since users do not
- generate core files themselves, and often do not delete
- them, setting this may save them from running out of disk
- space should a large program crash.</para>
+ <para>The limit on the size of a core file
+ <indexterm><primary>coredumpsize</primary></indexterm>
+ generated by a program is subordinate to other
+ limits <indexterm><primary>limiting users
+ </primary><secondary>coredumpsize</secondary></indexterm>
+ on disk usage, such as <literal>filesize</literal>, or
+ disk quotas. This limit is often used as a less-severe
+ method of controlling disk space consumption. Since
+ users do not generate core files themselves, and often do
+ not delete them, setting this may save them from running
+ out of disk space should a large program crash.</para>
</listitem>
</varlistentry>
@@ -1040,9 +1050,12 @@ passwd: done</screen>
<term><literal>cputime</literal></term>
<listitem>
- <para>The maximum amount of CPU<indexterm><primary>cputime</primary></indexterm><indexterm><primary>limiting users</primary><secondary>cputime</secondary></indexterm> time a user's process may
- consume. Offending processes will be killed by the
- kernel.</para>
+ <para>The maximum amount of CPU
+ <indexterm><primary>cputime</primary></indexterm><indexterm><primary>
+ limiting users
+ </primary><secondary>cputime</secondary></indexterm>
+ time a user's process may consume. Offending processes
+ will be killed by the kernel.</para>
<note>
<para>This is a limit on CPU <emphasis>time</emphasis>
@@ -1056,10 +1069,13 @@ passwd: done</screen>
<term><literal>filesize</literal></term>
<listitem>
- <para>The maximum size of a file<indexterm><primary>filesize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>filesize</secondary></indexterm> the user may own. Unlike
- <link linkend="quotas">disk quotas</link>, this limit is
- enforced on individual files, not the set of all files a
- user owns.</para>
+ <para>The maximum size of a file
+ <indexterm><primary>filesize</primary></indexterm><indexterm><primary>
+ limiting users
+ </primary><secondary>filesize</secondary></indexterm>
+ the user may own. Unlike <link linkend="quotas">disk
+ quotas</link>, this limit is enforced on individual
+ files, not the set of all files a user owns.</para>
</listitem>
</varlistentry>
@@ -1067,9 +1083,13 @@ passwd: done</screen>
<term><literal>maxproc</literal></term>
<listitem>
- <para>The maximum number of processes<indexterm><primary>maxproc</primary></indexterm><indexterm><primary>limiting users</primary><secondary>maxproc</secondary></indexterm> a user can run. This
- includes foreground and background processes. This limit
- may not be larger than the system limit specified by the
+ <para>The maximum number of processes
+ <indexterm><primary>maxproc</primary></indexterm><indexterm><primary>
+ limiting users
+ </primary><secondary>maxproc</secondary></indexterm> a
+ user can run. This includes foreground and background
+ processes. This limit may not be larger than the system
+ limit specified by the
<varname>kern.maxproc</varname> &man.sysctl.8;. Setting
this limit too small may hinder a user's productivity as
it is often useful to be logged in multiple times or to
@@ -1083,11 +1103,15 @@ passwd: done</screen>
<term><literal>memorylocked</literal></term>
<listitem>
- <para>The maximum amount of memory<indexterm><primary>memorylocked</primary></indexterm><indexterm><primary>limiting users</primary><secondary>memorylocked</secondary></indexterm> a process may request
- to be locked into main memory using &man.mlock.2;. Some
- system-critical programs, such as &man.amd.8;, lock into
- main memory so that if the system begins to swap, they do
- not contribute to disk thrashing.</para>
+ <para>The maximum amount of memory
+ <indexterm><primary>memorylocked</primary></indexterm><indexterm><primary>
+ limiting users
+ </primary><secondary>memorylocked</secondary></indexterm>
+ a process may request to be locked into main memory using
+ &man.mlock.2;. Some system-critical programs, such as
+ &man.amd.8;, lock into main memory so that if the system
+ begins to swap, they do not contribute to disk
+ thrashing.</para>
</listitem>
</varlistentry>
@@ -1095,10 +1119,14 @@ passwd: done</screen>
<term><literal>memoryuse</literal></term>
<listitem>
- <para>The maximum amount of memory<indexterm><primary>memoryuse</primary></indexterm><indexterm><primary>limiting users</primary><secondary>memoryuse</secondary></indexterm> a process may consume at
- any given time. It includes both core memory and swap
- usage. This is not a catch-all limit for restricting
- memory consumption, but is a good start.</para>
+ <para>The maximum amount of memory
+ <indexterm><primary>memoryuse</primary></indexterm><indexterm><primary>
+ limiting
+ users</primary><secondary>memoryuse</secondary></indexterm>
+ a process may consume at any given time. It includes both
+ core memory and swap usage. This is not a catch-all limit
+ for restricting memory consumption, but is a good
+ start.</para>
</listitem>
</varlistentry>
@@ -1106,7 +1134,10 @@ passwd: done</screen>
<term><literal>openfiles</literal></term>
<listitem>
- <para>The maximum number of files a process may have open<indexterm><primary>openfiles</primary></indexterm><indexterm><primary>limiting users</primary><secondary>openfiles</secondary></indexterm>.
+ <para>The maximum number of files a process may have open
+ <indexterm><primary>openfiles</primary></indexterm><indexterm><primary>
+ limiting
+ users</primary><secondary>openfiles</secondary></indexterm>.
In &os;, files are used to represent sockets and IPC
channels, so be careful not to set this too low. The
system-wide limit for this is defined by the
@@ -1119,7 +1150,10 @@ passwd: done</screen>
<listitem>
<para>The limit on the amount of network memory, and
- thus mbufs<indexterm><primary>sbsize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>sbsize</secondary></indexterm>, a user may consume in order to limit network
+ thus mbufs
+ <indexterm><primary>sbsize</primary></indexterm><indexterm><primary>limiting
+ users</primary><secondary>sbsize</secondary></indexterm>,
+ a user may consume in order to limit network
communications.</para>
</listitem>
</varlistentry>
@@ -1128,10 +1162,12 @@ passwd: done</screen>
<term><literal>stacksize</literal></term>
<listitem>
- <para>The maximum size of a process stack<indexterm><primary>stacksize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>stacksize</secondary></indexterm>. This alone is
- not sufficient to limit the amount of memory a program
- may use so it should be used in conjunction with other
- limits.</para>
+ <para>The maximum size of a process stack
+ <indexterm><primary>stacksize</primary></indexterm><indexterm><primary>limiting
+ users</primary><secondary>stacksize</secondary></indexterm>.
+ This alone is not sufficient to limit the amount of memory
+ a program may use so it should be used in conjunction with
+ other limits.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -1271,13 +1307,13 @@ teamtwo:*:1100:jru,db</screen>
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen>
</example>
- <para>In this example, <username>jru</username> is a member of the
- groups <groupname>jru</groupname> and
- <groupname>teamtwo</groupname>.</para>
-
- <para>For more information about this command and the format of
- <filename>/etc/group</filename>, refer to &man.pw.8; and
- &man.group.5;.</para>
+ <para>In this example, <username>jru</username> is a member of
+ the groups <groupname>jru</groupname> and
+ <groupname>teamtwo</groupname>.</para>
+
+ <para>For more information about this command and the format of
+ <filename>/etc/group</filename>, refer to &man.pw.8; and
+ &man.group.5;.</para>
</sect2>
</sect1>
@@ -1294,15 +1330,14 @@ uid=1001(jru) gid=1001(jru) groups=1001(
the files used by the operating system or owned by other
users.</para>
- <para>This section discusses the traditional &unix;
- permissions used in &os;. For finer grained file system access control,
- refer to
- <xref linkend="fs-acl"/>.</para>
+ <para>This section discusses the traditional &unix; permissions
+ used in &os;. For finer grained file system access control,
+ refer to <xref linkend="fs-acl"/>.</para>
<para>In &unix;, basic permissions are assigned using
three types of access: read, write, and execute. These access
types are used to determine file access to the file's owner,
- group, and others (everyone else). The read, write, and execute
+ group, and others (everyone else). The read, write, and execute
permissions can be represented as the letters
<literal>r</literal>, <literal>w</literal>, and
<literal>x</literal>. They can also be represented as binary
@@ -1315,10 +1350,10 @@ uid=1001(jru) gid=1001(jru) groups=1001(
<literal>1</literal>.</para>
<para>Table 4.1 summarizes the possible numeric and alphabetic
- possibilities. When reading the <quote>Directory Listing</quote>
- column, a <literal>-</literal> is used to represent a permission
- that is set to off.</para>
-
+ possibilities. When reading the <quote>Directory
+ Listing</quote> column, a <literal>-</literal> is used to
+ represent a permission that is set to off.</para>
+
<indexterm><primary>permissions</primary></indexterm>
<indexterm>
<primary>file permissions</primary>
More information about the svn-doc-all
mailing list