svn commit: r46538 - in head/zh_TW.UTF-8: books/handbook books/handbook/basics books/handbook/bsdinstall books/handbook/config books/handbook/cutting-edge books/handbook/disks books/handbook/dtrace...
Li-Wen Hsu
lwhsu at FreeBSD.org
Tue Apr 14 21:06:10 UTC 2015
Author: lwhsu (ports committer)
Date: Tue Apr 14 21:06:08 2015
New Revision: 46538
URL: https://svnweb.freebsd.org/changeset/doc/46538
Log:
Traditional Chinese handbook update:
- Catch up the latest handbook architecture
- Translate "cutting-edge" chapter
PR: 193066, 193715, 193750
Differential Revision: https://reviews.freebsd.org/D2284
Submitted by: RayCherng Yu <raycherng at gmail.com>
Reviewed by: delphij, wblock
Approved by: delphij, wblock
Added:
head/zh_TW.UTF-8/books/handbook/basics/disk-layout.kil (contents, props changed)
head/zh_TW.UTF-8/books/handbook/bsdinstall/
head/zh_TW.UTF-8/books/handbook/bsdinstall/Makefile (contents, props changed)
head/zh_TW.UTF-8/books/handbook/bsdinstall/chapter.xml (contents, props changed)
head/zh_TW.UTF-8/books/handbook/dtrace/
head/zh_TW.UTF-8/books/handbook/dtrace/Makefile (contents, props changed)
head/zh_TW.UTF-8/books/handbook/dtrace/chapter.xml (contents, props changed)
head/zh_TW.UTF-8/books/handbook/filesystems/
head/zh_TW.UTF-8/books/handbook/filesystems/Makefile (contents, props changed)
head/zh_TW.UTF-8/books/handbook/filesystems/chapter.xml (contents, props changed)
head/zh_TW.UTF-8/books/handbook/zfs/
head/zh_TW.UTF-8/books/handbook/zfs/chapter.xml (contents, props changed)
Modified:
head/zh_TW.UTF-8/books/handbook/Makefile
head/zh_TW.UTF-8/books/handbook/basics/chapter.xml
head/zh_TW.UTF-8/books/handbook/book.xml
head/zh_TW.UTF-8/books/handbook/chapters.ent
head/zh_TW.UTF-8/books/handbook/colophon.xml
head/zh_TW.UTF-8/books/handbook/config/chapter.xml
head/zh_TW.UTF-8/books/handbook/cutting-edge/chapter.xml
head/zh_TW.UTF-8/books/handbook/disks/chapter.xml
head/zh_TW.UTF-8/books/handbook/eresources/chapter.xml
head/zh_TW.UTF-8/books/handbook/geom/chapter.xml
head/zh_TW.UTF-8/books/handbook/install/chapter.xml
head/zh_TW.UTF-8/books/handbook/jails/chapter.xml
head/zh_TW.UTF-8/books/handbook/kernelconfig/chapter.xml
head/zh_TW.UTF-8/books/handbook/mirrors/chapter.xml
head/zh_TW.UTF-8/books/handbook/network-servers/chapter.xml
head/zh_TW.UTF-8/books/handbook/ports/chapter.xml
head/zh_TW.UTF-8/books/handbook/preface/preface.xml
head/zh_TW.UTF-8/books/handbook/security/chapter.xml
head/zh_TW.UTF-8/books/handbook/serialcomms/chapter.xml
head/zh_TW.UTF-8/share/xml/mailing-lists.ent
Modified: head/zh_TW.UTF-8/books/handbook/Makefile
==============================================================================
--- head/zh_TW.UTF-8/books/handbook/Makefile Tue Apr 14 19:39:55 2015 (r46537)
+++ head/zh_TW.UTF-8/books/handbook/Makefile Tue Apr 14 21:06:08 2015 (r46538)
@@ -1,9 +1,18 @@
#
# $FreeBSD$
-# Original revision: 1.108
#
-# Build the FreeBSD Handbook.
+# Build the FreeBSD Handbook (Traditional Chinese).
#
+# Original revision: r46480
+#
+
+# ------------------------------------------------------------------------
+# To add a new chapter to the Handbook:
+#
+# - Update this Makefile, chapters.ent and book.xml
+# - Add a descriptive entry for the new chapter in preface/preface.xml
+#
+# ------------------------------------------------------------------------
.PATH: ${.CURDIR}/../../share/xml/glossary
@@ -20,7 +29,63 @@ IMAGES_EN = advanced-networking/isdn-bus
IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps
IMAGES_EN+= advanced-networking/natd.eps
IMAGES_EN+= advanced-networking/net-routing.pic
+IMAGES_EN+= advanced-networking/pxe-nfs.png
IMAGES_EN+= advanced-networking/static-routes.pic
+IMAGES_EN+= bsdinstall/bsdinstall-adduser1.png
+IMAGES_EN+= bsdinstall/bsdinstall-adduser2.png
+IMAGES_EN+= bsdinstall/bsdinstall-adduser3.png
+IMAGES_EN+= bsdinstall/bsdinstall-boot-loader-menu.png
+IMAGES_EN+= bsdinstall/bsdinstall-boot-options-menu.png
+IMAGES_EN+= bsdinstall/bsdinstall-newboot-loader-menu.png
+IMAGES_EN+= bsdinstall/bsdinstall-choose-mode.png
+IMAGES_EN+= bsdinstall/bsdinstall-config-components.png
+IMAGES_EN+= bsdinstall/bsdinstall-config-hostname.png
+IMAGES_EN+= bsdinstall/bsdinstall-config-keymap.png
+IMAGES_EN+= bsdinstall/bsdinstall-config-services.png
+IMAGES_EN+= bsdinstall/bsdinstall-config-crashdump.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-dhcp.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-static.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6-static.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-slaac.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-network-ipv4-dns.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-accesspoints.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-scan.png
+IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-wpa2setup.png
+IMAGES_EN+= bsdinstall/bsdinstall-distfile-extracting.png
+IMAGES_EN+= bsdinstall/bsdinstall-distfile-fetching.png
+IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.png
+IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png
+IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png
+IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png
+IMAGES_EN+= bsdinstall/bsdinstall-keymap-10.png
+IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png
+IMAGES_EN+= bsdinstall/bsdinstall-mainexit.png
+IMAGES_EN+= bsdinstall/bsdinstall-netinstall-files.png
+IMAGES_EN+= bsdinstall/bsdinstall-netinstall-mirrorselect.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-entire-part.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-guided-disk.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-guided-manual.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-manual-addpart.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-manual-create.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-manual-partscheme.png
+IMAGES_EN+= bsdinstall/bsdinstall-part-review.png
+IMAGES_EN+= bsdinstall/bsdinstall-post-root-passwd.png
+IMAGES_EN+= bsdinstall/bsdinstall-set-clock-local-utc.png
+IMAGES_EN+= bsdinstall/bsdinstall-timezone-confirm.png
+IMAGES_EN+= bsdinstall/bsdinstall-timezone-country.png
+IMAGES_EN+= bsdinstall/bsdinstall-timezone-region.png
+IMAGES_EN+= bsdinstall/bsdinstall-timezone-zone.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-disk_info.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-disk_select.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-geli_password.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-menu.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-partmenu.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-vdev_invalid.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-vdev_type.png
+IMAGES_EN+= bsdinstall/bsdinstall-zfs-warning.png
IMAGES_EN+= geom/striping.pic
IMAGES_EN+= install/adduser1.scr
IMAGES_EN+= install/adduser2.scr
@@ -28,6 +93,7 @@ IMAGES_EN+= install/adduser3.scr
IMAGES_EN+= install/boot-loader-menu.scr
IMAGES_EN+= install/boot-mgr.scr
IMAGES_EN+= install/config-country.scr
+IMAGES_EN+= install/config-keymap.scr
IMAGES_EN+= install/console-saver1.scr
IMAGES_EN+= install/console-saver2.scr
IMAGES_EN+= install/console-saver3.scr
@@ -104,13 +170,6 @@ IMAGES_EN+= security/ipsec-network.pic
IMAGES_EN+= security/ipsec-crypt-pkt.pic
IMAGES_EN+= security/ipsec-encap-pkt.pic
IMAGES_EN+= security/ipsec-out-pkt.pic
-IMAGES_EN+= vinum/vinum-concat.pic
-IMAGES_EN+= vinum/vinum-mirrored-vol.pic
-IMAGES_EN+= vinum/vinum-raid10-vol.pic
-IMAGES_EN+= vinum/vinum-raid5-org.pic
-IMAGES_EN+= vinum/vinum-simple-vol.pic
-IMAGES_EN+= vinum/vinum-striped-vol.pic
-IMAGES_EN+= vinum/vinum-striped.pic
IMAGES_EN+= virtualization/parallels-freebsd1.png
IMAGES_EN+= virtualization/parallels-freebsd2.png
IMAGES_EN+= virtualization/parallels-freebsd3.png
@@ -175,7 +234,9 @@ IMAGES_LIB+= callouts/15.png
# XML content
SRCS+= audit/chapter.xml
SRCS+= book.xml
+SRCS+= bsdinstall/chapter.xml
SRCS+= colophon.xml
+SRCS+= dtrace/chapter.xml
SRCS+= advanced-networking/chapter.xml
SRCS+= basics/chapter.xml
SRCS+= bibliography/chapter.xml
@@ -186,6 +247,8 @@ SRCS+= desktop/chapter.xml
SRCS+= disks/chapter.xml
SRCS+= eresources/chapter.xml
SRCS+= firewalls/chapter.xml
+SRCS+= zfs/chapter.xml
+SRCS+= filesystems/chapter.xml
SRCS+= geom/chapter.xml
SRCS+= install/chapter.xml
SRCS+= introduction/chapter.xml
@@ -205,8 +268,6 @@ SRCS+= preface/preface.xml
SRCS+= printing/chapter.xml
SRCS+= security/chapter.xml
SRCS+= serialcomms/chapter.xml
-SRCS+= users/chapter.xml
-SRCS+= vinum/chapter.xml
SRCS+= virtualization/chapter.xml
SRCS+= x11/chapter.xml
@@ -230,8 +291,6 @@ DOC_PREFIX?= ${.CURDIR}/../../..
XMLDOCS= lastmod:::mirrors.lastmod.inc \
mirrors-ftp-index:::mirrors.xml.ftp.index.inc \
mirrors-ftp:::mirrors.xml.ftp.inc \
- mirrors-cvsup-index:::mirrors.xml.cvsup.index.inc \
- mirrors-cvsup:::mirrors.xml.cvsup.inc \
eresources-index:::eresources.xml.www.index.inc \
eresources:::eresources.xml.www.inc
DEPENDSET.DEFAULT= transtable mirror
@@ -245,12 +304,6 @@ PARAMS.mirrors-ftp-index+= --param 'type
PARAMS.mirrors-ftp+= --param 'type' "'ftp'" \
--param 'proto' "'ftp'" \
--param 'target' "'handbook/mirrors/chapter.xml'"
-PARAMS.mirrors-cvsup-index+= --param 'type' "'cvsup'" \
- --param 'proto' "'cvsup'" \
- --param 'target' "'index'"
-PARAMS.mirrors-cvsup+= --param 'type' "'cvsup'" \
- --param 'proto' "'cvsup'" \
- --param 'target' "'handbook/mirrors/chapter.xml'"
PARAMS.eresources-index+= --param 'type' "'www'" \
--param 'proto' "'http'" \
--param 'target' "'index'"
@@ -261,8 +314,6 @@ PARAMS.eresources+= --param 'type' "'www
SRCS+= mirrors.lastmod.inc \
mirrors.xml.ftp.inc \
mirrors.xml.ftp.index.inc \
- mirrors.xml.cvsup.inc \
- mirrors.xml.cvsup.index.inc \
eresources.xml.www.inc \
eresources.xml.www.index.inc
Modified: head/zh_TW.UTF-8/books/handbook/basics/chapter.xml
==============================================================================
--- head/zh_TW.UTF-8/books/handbook/basics/chapter.xml Tue Apr 14 19:39:55 2015 (r46537)
+++ head/zh_TW.UTF-8/books/handbook/basics/chapter.xml Tue Apr 14 21:06:08 2015 (r46538)
@@ -1,19 +1,26 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
The FreeBSD Documentation Project
+ The FreeBSD Traditional Chinese Project
$FreeBSD$
- Original revision: 1.152
+ Original revision: r46052
-->
-<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="basics">
- <info><title>UNIX 基礎概念</title>
+<chapter xmlns="http://docbook.org/ns/docbook"
+ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+ xml:id="basics">
+ <!--
+ <chapterinfo>
<authorgroup>
- <author><personname><firstname>Chris</firstname><surname>Shumway</surname></personname><contrib>Rewritten by </contrib></author>
+ <author>
+ <firstname>Chris</firstname>
+ <surname>Shumway</surname>
+ <contrib>Rewritten by in Mar 2000</contrib>
+ </author>
</authorgroup>
-
- </info>
-
-
+ </chapterinfo>
+ -->
+ <title>UNIX 基礎概念</title>
<sect1 xml:id="basics-synopsis">
<title>概述</title>
@@ -29,44 +36,61 @@
<listitem>
<para>如何使用 FreeBSD 的<quote>virtual consoles</quote>。</para>
</listitem>
+
<listitem>
<para>&unix; 檔案權限運作的方式以及 &os; 中檔案的 flags。</para>
</listitem>
+
<listitem>
<para>預設的 &os; 檔案系統配置。</para>
</listitem>
+
<listitem>
<para>&os; 的磁碟結構。</para>
</listitem>
+
<listitem>
<para>如何掛載(mount)、卸載(umount)檔案系統</para>
</listitem>
+
<listitem>
<para>什麼是processes、daemons 以及 signals 。</para>
</listitem>
+
<listitem>
<para>什麼是 shell ,以及如何變更您預設的登入環境。</para>
</listitem>
+
<listitem>
<para>如何使用基本的文字編輯器。</para>
</listitem>
+
<listitem>
<para>什麼是 devices 和 device nodes 。</para>
</listitem>
+
<listitem>
<para>&os; 下使用的 binary 格式。</para>
</listitem>
+
<listitem>
<para>如何閱讀 manual pages 以獲得更多的資訊。</para>
</listitem>
</itemizedlist>
-
</sect1>
<sect1 xml:id="consoles">
<title>Virtual Consoles 和終端機</title>
- <indexterm><primary>virtual consoles</primary></indexterm>
- <indexterm><primary>terminals</primary></indexterm>
+
+ <indexterm>
+ <primary>virtual consoles</primary>
+ </indexterm>
+ <indexterm>
+ <primary>terminals</primary>
+ </indexterm>
+ <indexterm>
+ <primary>console</primary>
+ </indexterm>
<para>有很多方法可以操作 FreeBSD ,其中一種就是在文字終端機上打字。
如此使用 FreeBSD 即可輕易的體會到 &unix; 作業系統的威力和彈性。
@@ -279,6 +303,798 @@ options SC_PIXEL_MODE</programlisting>
</sect2>
</sect1>
+ <sect1 xml:id="users-synopsis">
+ <title>Users and Basic Account Management</title>
+
+ <para>&os; allows multiple users to use the computer at the same
+ time. While only one user can sit in front of the screen and
+ use the keyboard at any one time, any number of users can log
+ in to the system through the network. To use the system, each
+ user should have their own user account.</para>
+
+ <para>This chapter describes:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The different types of user accounts on a
+ &os; system.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to add, remove, and modify user accounts.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to set limits to control the
+ resources that users and
+ groups are allowed to access.</para>
+ </listitem>
+
+ <listitem>
+ <para>How to create groups and add users as members of a
+ group.</para>
+ </listitem>
+ </itemizedlist>
+
+ <sect2 xml:id="users-introduction">
+ <title>Account Types</title>
+
+ <para>Since all access to the &os; system is achieved using
+ accounts and all processes are run by users, user and account
+ management is important.</para>
+
+ <para>There are three main types of accounts: system accounts,
+ user accounts, and the superuser account.</para>
+
+ <sect3 xml:id="users-system">
+ <title>System Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>system</secondary>
+ </indexterm>
+
+ <para>System accounts are used to run services such as DNS,
+ mail, and web servers. The reason for this is security; if
+ all services ran as the superuser, they could act without
+ restriction.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><systemitem
+ class="username">daemon</systemitem></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><systemitem
+ class="username">operator</systemitem></secondary>
+ </indexterm>
+
+ <para>Examples of system accounts are
+ <systemitem class="username">daemon</systemitem>,
+ <systemitem class="username">operator</systemitem>,
+ <systemitem class="username">bind</systemitem>,
+ <systemitem class="username">news</systemitem>, and
+ <systemitem class="username">www</systemitem>.</para>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><systemitem
+ class="username">nobody</systemitem></secondary>
+ </indexterm>
+
+ <para><systemitem class="username">nobody</systemitem> is the
+ generic unprivileged system account. However, the more
+ services that use
+ <systemitem class="username">nobody</systemitem>, the more
+ files and processes that user will become associated with,
+ and hence the more privileged that user becomes.</para>
+ </sect3>
+
+ <sect3 xml:id="users-user">
+ <title>User Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>user</secondary>
+ </indexterm>
+
+ <para>User accounts are assigned to real people and are used
+ to log in and use the system. Every person accessing the
+ system should have a unique user account. This allows the
+ administrator to find out who is doing what and prevents
+ users from clobbering the settings of other users.</para>
+
+ <para>Each user can set up their own environment to
+ accommodate their use of the system, by configuring their
+ default shell, editor, key bindings, and language
+ settings.</para>
+
+ <para>Every user account on a &os; system has certain
+ information associated with it:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>User name</term>
+
+ <listitem>
+ <para>The user name is typed at the
+ <prompt>login:</prompt> prompt. Each user must have
+ a unique user name. There are a number of rules for
+ creating valid user names which are documented in
+ &man.passwd.5;. It is recommended to use user names
+ that consist of eight or fewer, all lower case
+ characters in order to maintain backwards
+ compatibility with applications.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Password</term>
+
+ <listitem>
+ <para>Each account has an associated password.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User ID (<acronym>UID</acronym>)</term>
+
+ <listitem>
+ <para>The User ID (<acronym>UID</acronym>) is a number
+ used to uniquely identify the user to the &os; system.
+ Commands that allow a user name to be specified will
+ first convert it to the <acronym>UID</acronym>. It is
+ recommended to use a UID less than 65535, since higher
+ values may cause compatibility issues with some
+ software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Group ID (<acronym>GID</acronym>)</term>
+
+ <listitem>
+ <para>The Group ID (<acronym>GID</acronym>) is a number
+ used to uniquely identify the primary group that the
+ user belongs to. Groups are a mechanism for
+ controlling access to resources based on a user's
+ <acronym>GID</acronym> rather than their
+ <acronym>UID</acronym>. This can significantly reduce
+ the size of some configuration files and allows users
+ to be members of more than one group. It is
+ recommended to use a GID of 65535 or lower as higher
+ GIDs may break some software.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Login class</term>
+
+ <listitem>
+ <para>Login classes are an extension to the group
+ mechanism that provide additional flexibility when
+ tailoring the system to different users. Login
+ classes are discussed further in
+ <xref linkend="users-limiting"/>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Password change time</term>
+
+ <listitem>
+ <para>By default, passwords do not expire. However,
+ password expiration can be enabled on a per-user
+ basis, forcing some or all users to change their
+ passwords after a certain amount of time has
+ elapsed.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Account expiry time</term>
+
+ <listitem>
+ <para>By default, &os; does not expire accounts. When
+ creating accounts that need a limited lifespan, such
+ as student accounts in a school, specify the account
+ expiry date using &man.pw.8;. After the expiry time
+ has elapsed, the account cannot be used to log in to
+ the system, although the account's directories and
+ files will remain.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User's full name</term>
+
+ <listitem>
+ <para>The user name uniquely identifies the account to
+ &os;, but does not necessarily reflect the user's real
+ name. Similar to a comment, this information can
+ contain spaces, uppercase characters, and be more
+ than 8 characters long.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Home directory</term>
+
+ <listitem>
+ <para>The home directory is the full path to a directory
+ on the system. This is the user's starting directory
+ when the user logs in. A common convention is to put
+ all user home directories under <filename
+ class="directory"><replaceable>/home/username</replaceable></filename>
+ or <filename
+ class="directory"><replaceable>/usr/home/username</replaceable></filename>.
+ Each user stores their personal files and
+ subdirectories in their own home directory.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>User shell</term>
+
+ <listitem>
+ <para>The shell provides the user's default environment
+ for interacting with the system. There are many
+ different kinds of shells and experienced users will
+ have their own preferences, which can be reflected in
+ their account settings.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </sect3>
+
+ <sect3 xml:id="users-superuser">
+ <title>The Superuser Account</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>superuser (root)</secondary>
+ </indexterm>
+
+ <para>The superuser account, usually called
+ <systemitem class="username">root</systemitem>, is used to
+ manage the system with no limitations on privileges. For
+ this reason, it should not be used for day-to-day tasks like
+ sending and receiving mail, general exploration of the
+ system, or programming.</para>
+
+ <para>The superuser, unlike other user accounts, can operate
+ without limits, and misuse of the superuser account may
+ result in spectacular disasters. User accounts are unable
+ to destroy the operating system by mistake, so it is
+ recommended to login as a user account and to only become
+ the superuser when a command requires extra
+ privilege.</para>
+
+ <para>Always double and triple-check any commands issued as
+ the superuser, since an extra space or missing character can
+ mean irreparable data loss.</para>
+
+ <para>There are several ways to gain superuser privilege.
+ While one can log in as
+ <systemitem class="username">root</systemitem>, this is
+ highly discouraged.</para>
+
+ <para>Instead, use &man.su.1; to become the superuser. If
+ <literal>-</literal> is specified when running this command,
+ the user will also inherit the root user's environment. The
+ user running this command must be in the
+ <systemitem class="groupname">wheel</systemitem> group or
+ else the command will fail. The user must also know the
+ password for the
+ <systemitem class="username">root</systemitem> user
+ account.</para>
+
+ <para>In this example, the user only becomes superuser in
+ order to run <command>make install</command> as this step
+ requires superuser privilege. Once the command completes,
+ the user types <command>exit</command> to leave the
+ superuser account and return to the privilege of their user
+ account.</para>
+
+ <example>
+ <title>Install a Program As the Superuser</title>
+
+ <screen>&prompt.user; <userinput>configure</userinput>
+&prompt.user; <userinput>make</userinput>
+&prompt.user; <userinput>su -</userinput>
+Password:
+&prompt.root; <userinput>make install</userinput>
+&prompt.root; <userinput>exit</userinput>
+&prompt.user;</screen>
+ </example>
+
+ <para>The built-in &man.su.1; framework works well for single
+ systems or small networks with just one system
+ administrator. An alternative is to install the
+ <package>security/sudo</package> package or port. This
+ software provides activity logging and allows the
+ administrator to configure which users can run which
+ commands as the superuser.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 xml:id="users-modifying">
+ <title>Managing Accounts</title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>modifying</secondary>
+ </indexterm>
+
+ <para>&os; provides a variety of different commands to manage
+ user accounts. The most common commands are summarized in
+ <xref linkend="users-modifying-utilities"/>, followed by some
+ examples of their usage. See the manual page for each utility
+ for more details and usage examples.</para>
+
+ <table frame="none" pgwide="1"
+ xml:id="users-modifying-utilities">
+ <title>Utilities for Managing User Accounts</title>
+
+ <tgroup cols="2">
+ <colspec colwidth="1*"/>
+ <colspec colwidth="2*"/>
+
+ <thead>
+ <row>
+ <entry>Command</entry>
+ <entry>Summary</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>&man.adduser.8;</entry>
+ <entry>The recommended command-line application for
+ adding new users.</entry>
+ </row>
+
+ <row>
+ <entry>&man.rmuser.8;</entry>
+ <entry>The recommended command-line application for
+ removing users.</entry>
+ </row>
+
+ <row>
+ <entry>&man.chpass.1;</entry>
+ <entry>A flexible tool for changing user database
+ information.</entry>
+ </row>
+
+ <row>
+ <entry>&man.passwd.1;</entry>
+ <entry>The command-line tool to change user
+ passwords.</entry>
+ </row>
+
+ <row>
+ <entry>&man.pw.8;</entry>
+ <entry>A powerful and flexible tool for modifying all
+ aspects of user accounts.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
+ <sect3 xml:id="users-adduser">
+ <title><command>adduser</command></title>
+
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>adding</secondary>
+ </indexterm>
+ <indexterm>
+ <primary><command>adduser</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/usr/share/skel</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary>skeleton directory</primary>
+ </indexterm>
+
+ <para>The recommended program for adding new users is
+ &man.adduser.8;. When a new user is added, this program
+ automatically updates <filename>/etc/passwd</filename> and
+ <filename>/etc/group</filename>. It also creates a home
+ directory for the new user, copies in the default
+ configuration files from
+ <filename>/usr/share/skel</filename>, and can optionally
+ mail the new user a welcome message. This utility must be
+ run as the superuser.</para>
+
+ <para>The &man.adduser.8; utility is interactive and walks
+ through the steps for creating a new user account. As seen
+ in <xref linkend="users-modifying-adduser"/>, either input
+ the required information or press <keycap>Return</keycap>
+ to accept the default value shown in square brackets.
+ In this example, the user has been invited into the
+ <systemitem class="groupname">wheel</systemitem> group,
+ allowing them to become the superuser with &man.su.1;.
+ When finished, the utility will prompt to either
+ create another user or to exit.</para>
+
+ <example xml:id="users-modifying-adduser">
+ <title>Adding a User on &os;</title>
+
+ <screen>&prompt.root; <userinput>adduser</userinput>
+Username: <userinput>jru</userinput>
+Full name: <userinput>J. Random User</userinput>
+Uid (Leave empty for default):
+Login group [jru]:
+Login group is jru. Invite jru into other groups? []: <userinput>wheel</userinput>
+Login class [default]:
+Shell (sh csh tcsh zsh nologin) [sh]: <userinput>zsh</userinput>
+Home directory [/home/jru]:
+Home directory permissions (Leave empty for default):
+Use password-based authentication? [yes]:
+Use an empty password? (yes/no) [no]:
+Use a random password? (yes/no) [no]:
+Enter password:
+Enter password again:
+Lock out the account after creation? [no]:
+Username : jru
+Password : ****
+Full Name : J. Random User
+Uid : 1001
+Class :
+Groups : jru wheel
+Home : /home/jru
+Shell : /usr/local/bin/zsh
+Locked : no
+OK? (yes/no): <userinput>yes</userinput>
+adduser: INFO: Successfully added (jru) to the user database.
+Add another user? (yes/no): <userinput>no</userinput>
+Goodbye!
+&prompt.root;</screen>
+ </example>
+
+ <note>
+ <para>Since the password is not echoed when typed, be
+ careful to not mistype the password when creating the user
+ account.</para>
+ </note>
+ </sect3>
+
+ <sect3 xml:id="users-rmuser">
+ <title><command>rmuser</command></title>
+
+ <indexterm>
+ <primary><command>rmuser</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>removing</secondary>
+ </indexterm>
+
+ <para>To completely remove a user from the system, run
+ &man.rmuser.8; as the superuser. This command performs the
+ following steps:</para>
+
+ <procedure>
+ <step>
+ <para>Removes the user's &man.crontab.1; entry, if one
+ exists.</para>
+ </step>
+
+ <step>
+ <para>Removes any &man.at.1; jobs belonging to the
+ user.</para>
+ </step>
+
+ <step>
+ <para>Kills all processes owned by the user.</para>
+ </step>
+
+ <step>
+ <para>Removes the user from the system's local password
+ file.</para>
+ </step>
+
+ <step>
+ <para>Optionally removes the user's home directory, if it
+ is owned by the user.</para>
+ </step>
+
+ <step>
+ <para>Removes the incoming mail files belonging to the
+ user from <filename>/var/mail</filename>.</para>
+ </step>
+
+ <step>
+ <para>Removes all files owned by the user from temporary
+ file storage areas such as
+ <filename>/tmp</filename>.</para>
+ </step>
+
+ <step>
+ <para>Finally, removes the username from all groups to
+ which it belongs in <filename>/etc/group</filename>. If
+ a group becomes empty and the group name is the same as
+ the username, the group is removed. This complements
+ the per-user unique groups created by
+ &man.adduser.8;.</para>
+ </step>
+ </procedure>
+
+ <para>&man.rmuser.8; cannot be used to remove superuser
+ accounts since that is almost always an indication of
+ massive destruction.</para>
+
+ <para>By default, an interactive mode is used, as shown
+ in the following example.</para>
+
+ <example>
+ <title><command>rmuser</command> Interactive Account
+ Removal</title>
+
+ <screen>&prompt.root; <userinput>rmuser jru</userinput>
+Matching password entry:
+jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh
+Is this the entry you wish to remove? <userinput>y</userinput>
+Remove user's home directory (/home/jru)? <userinput>y</userinput>
+Removing user (jru): mailspool home passwd.
+&prompt.root;</screen>
+ </example>
+ </sect3>
+
+ <sect3 xml:id="users-chpass">
+ <title><command>chpass</command></title>
+
+ <indexterm>
+ <primary><command>chpass</command></primary>
+ </indexterm>
+
+ <para>Any user can use &man.chpass.1; to change their default
+ shell and personal information associated with their user
+ account. The superuser can use this utility to change
+ additional account information for any user.</para>
+
+ <para>When passed no options, aside from an optional username,
+ &man.chpass.1; displays an editor containing user
+ information. When the user exits from the editor, the user
+ database is updated with the new information.</para>
+
+ <note>
+ <para>This utility will prompt for the user's password when
+ exiting the editor, unless the utility is run as the
+ superuser.</para>
+ </note>
+
+ <para>In <xref linkend="users-modifying-chpass-su"/>, the
+ superuser has typed <command>chpass jru</command> and is
+ now viewing the fields that can be changed for this user.
+ If <systemitem class="username">jru</systemitem> runs this
+ command instead, only the last six fields will be displayed
+ and available for editing. This is shown in
+ <xref linkend="users-modifying-chpass-ru"/>.</para>
+
+ <example xml:id="users-modifying-chpass-su">
+ <title>Using <command>chpass</command> as
+ Superuser</title>
+
+ <screen>#Changing user database information for jru.
+Login: jru
+Password: *
+Uid [#]: 1001
+Gid [# or name]: 1001
+Change [month day year]:
+Expire [month day year]:
+Class:
+Home directory: /home/jru
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:</screen>
+ </example>
+
+ <example xml:id="users-modifying-chpass-ru">
+ <title>Using <command>chpass</command> as Regular
+ User</title>
+
+ <screen>#Changing user database information for jru.
+Shell: /usr/local/bin/zsh
+Full Name: J. Random User
+Office Location:
+Office Phone:
+Home Phone:
+Other information:</screen>
+ </example>
+
+ <note>
+ <para>The commands &man.chfn.1; and &man.chsh.1; are links
+ to &man.chpass.1;, as are &man.ypchpass.1;,
+ &man.ypchfn.1;, and &man.ypchsh.1;. Since
+ <acronym>NIS</acronym> support is automatic, specifying
+ the <literal>yp</literal> before the command is not
+ necessary. How to configure NIS is covered in <xref
+ linkend="network-servers"/>.</para>
+ </note>
+ </sect3>
+
+ <sect3 xml:id="users-passwd">
+ <title><command>passwd</command></title>
+
+ <indexterm>
+ <primary><command>passwd</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>changing password</secondary>
+ </indexterm>
+
+ <para>Any user can easily change their password using
+ &man.passwd.1;. To prevent accidental or unauthorized
+ changes, this command will prompt for the user's original
+ password before a new password can be set:</para>
+
+ <example>
+ <title>Changing Your Password</title>
+
+ <screen>&prompt.user; <userinput>passwd</userinput>
+Changing local password for jru.
+Old password:
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done</screen>
+ </example>
+
+ <para>The superuser can change any user's password by
+ specifying the username when running &man.passwd.1;. When
+ this utility is run as the superuser, it will not prompt for
+ the user's current password. This allows the password to be
+ changed when a user cannot remember the original
+ password.</para>
+
+ <example>
+ <title>Changing Another User's Password as the
+ Superuser</title>
+
+ <screen>&prompt.root; <userinput>passwd jru</userinput>
+Changing local password for jru.
+New password:
+Retype new password:
+passwd: updating the database...
+passwd: done</screen>
+ </example>
+
+ <note>
+ <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to
+ &man.passwd.1;, so <acronym>NIS</acronym> works with
+ either command.</para>
+ </note>
+ </sect3>
+
+ <sect3 xml:id="users-pw">
+ <title><command>pw</command></title>
+
+ <indexterm>
+ <primary><command>pw</command></primary>
+ </indexterm>
+
+ <para>The &man.pw.8; utility can create, remove,
+ modify, and display users and groups. It functions as a
+ front end to the system user and group files. &man.pw.8;
+ has a very powerful set of command line options that make it
+ suitable for use in shell scripts, but new users may find it
+ more complicated than the other commands presented in this
+ section.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 xml:id="users-groups">
+ <title>Managing Groups</title>
+
+ <indexterm>
+ <primary>groups</primary>
+ </indexterm>
+ <indexterm>
+ <primary><filename>/etc/groups</filename></primary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>groups</secondary>
+ </indexterm>
+
+ <para>A group is a list of users. A group is identified by its
+ group name and <acronym>GID</acronym>. In &os;, the kernel
+ uses the <acronym>UID</acronym> of a process, and the list of
+ groups it belongs to, to determine what the process is allowed
+ to do. Most of the time, the <acronym>GID</acronym> of a user
+ or process usually means the first group in the list.</para>
+
+ <para>The group name to <acronym>GID</acronym> mapping is listed
+ in <filename>/etc/group</filename>. This is a plain text file
+ with four colon-delimited fields. The first field is the
+ group name, the second is the encrypted password, the third
+ the <acronym>GID</acronym>, and the fourth the comma-delimited
+ list of members. For a more complete description of the
+ syntax, refer to &man.group.5;.</para>
+
+ <para>The superuser can modify <filename>/etc/group</filename>
+ using a text editor. Alternatively, &man.pw.8; can be used to
+ add and edit groups. For example, to add a group called
+ <systemitem class="groupname">teamtwo</systemitem> and then
+ confirm that it exists:</para>
+
+ <example>
+ <title>Adding a Group Using &man.pw.8;</title>
+
+ <screen>&prompt.root; <userinput>pw groupadd teamtwo</userinput>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list