Date: Tue, 14 Apr 2015 21:06:09 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46538 - in head/zh_TW.UTF-8: books/handbook books/handbook/basics books/handbook/bsdinstall books/handbook/config books/handbook/cutting-edge books/handbook/disks books/handbook/dtrace... Message-ID: <201504142106.t3EL696u003674@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu (ports committer) Date: Tue Apr 14 21:06:08 2015 New Revision: 46538 URL: https://svnweb.freebsd.org/changeset/doc/46538 Log: Traditional Chinese handbook update: - Catch up the latest handbook architecture - Translate "cutting-edge" chapter PR: 193066, 193715, 193750 Differential Revision: https://reviews.freebsd.org/D2284 Submitted by: RayCherng Yu <raycherng@gmail.com> Reviewed by: delphij, wblock Approved by: delphij, wblock Added: head/zh_TW.UTF-8/books/handbook/basics/disk-layout.kil (contents, props changed) head/zh_TW.UTF-8/books/handbook/bsdinstall/ head/zh_TW.UTF-8/books/handbook/bsdinstall/Makefile (contents, props changed) head/zh_TW.UTF-8/books/handbook/bsdinstall/chapter.xml (contents, props changed) head/zh_TW.UTF-8/books/handbook/dtrace/ head/zh_TW.UTF-8/books/handbook/dtrace/Makefile (contents, props changed) head/zh_TW.UTF-8/books/handbook/dtrace/chapter.xml (contents, props changed) head/zh_TW.UTF-8/books/handbook/filesystems/ head/zh_TW.UTF-8/books/handbook/filesystems/Makefile (contents, props changed) head/zh_TW.UTF-8/books/handbook/filesystems/chapter.xml (contents, props changed) head/zh_TW.UTF-8/books/handbook/zfs/ head/zh_TW.UTF-8/books/handbook/zfs/chapter.xml (contents, props changed) Modified: head/zh_TW.UTF-8/books/handbook/Makefile head/zh_TW.UTF-8/books/handbook/basics/chapter.xml head/zh_TW.UTF-8/books/handbook/book.xml head/zh_TW.UTF-8/books/handbook/chapters.ent head/zh_TW.UTF-8/books/handbook/colophon.xml head/zh_TW.UTF-8/books/handbook/config/chapter.xml head/zh_TW.UTF-8/books/handbook/cutting-edge/chapter.xml head/zh_TW.UTF-8/books/handbook/disks/chapter.xml head/zh_TW.UTF-8/books/handbook/eresources/chapter.xml head/zh_TW.UTF-8/books/handbook/geom/chapter.xml head/zh_TW.UTF-8/books/handbook/install/chapter.xml head/zh_TW.UTF-8/books/handbook/jails/chapter.xml head/zh_TW.UTF-8/books/handbook/kernelconfig/chapter.xml head/zh_TW.UTF-8/books/handbook/mirrors/chapter.xml head/zh_TW.UTF-8/books/handbook/network-servers/chapter.xml head/zh_TW.UTF-8/books/handbook/ports/chapter.xml head/zh_TW.UTF-8/books/handbook/preface/preface.xml head/zh_TW.UTF-8/books/handbook/security/chapter.xml head/zh_TW.UTF-8/books/handbook/serialcomms/chapter.xml head/zh_TW.UTF-8/share/xml/mailing-lists.ent Modified: head/zh_TW.UTF-8/books/handbook/Makefile ============================================================================== --- head/zh_TW.UTF-8/books/handbook/Makefile Tue Apr 14 19:39:55 2015 (r46537) +++ head/zh_TW.UTF-8/books/handbook/Makefile Tue Apr 14 21:06:08 2015 (r46538) @@ -1,9 +1,18 @@ # # $FreeBSD$ -# Original revision: 1.108 # -# Build the FreeBSD Handbook. +# Build the FreeBSD Handbook (Traditional Chinese). # +# Original revision: r46480 +# + +# ------------------------------------------------------------------------ +# To add a new chapter to the Handbook: +# +# - Update this Makefile, chapters.ent and book.xml +# - Add a descriptive entry for the new chapter in preface/preface.xml +# +# ------------------------------------------------------------------------ .PATH: ${.CURDIR}/../../share/xml/glossary @@ -20,7 +29,63 @@ IMAGES_EN = advanced-networking/isdn-bus IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps IMAGES_EN+= advanced-networking/natd.eps IMAGES_EN+= advanced-networking/net-routing.pic +IMAGES_EN+= advanced-networking/pxe-nfs.png IMAGES_EN+= advanced-networking/static-routes.pic +IMAGES_EN+= bsdinstall/bsdinstall-adduser1.png +IMAGES_EN+= bsdinstall/bsdinstall-adduser2.png +IMAGES_EN+= bsdinstall/bsdinstall-adduser3.png +IMAGES_EN+= bsdinstall/bsdinstall-boot-loader-menu.png +IMAGES_EN+= bsdinstall/bsdinstall-boot-options-menu.png +IMAGES_EN+= bsdinstall/bsdinstall-newboot-loader-menu.png +IMAGES_EN+= bsdinstall/bsdinstall-choose-mode.png +IMAGES_EN+= bsdinstall/bsdinstall-config-components.png +IMAGES_EN+= bsdinstall/bsdinstall-config-hostname.png +IMAGES_EN+= bsdinstall/bsdinstall-config-keymap.png +IMAGES_EN+= bsdinstall/bsdinstall-config-services.png +IMAGES_EN+= bsdinstall/bsdinstall-config-crashdump.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-dhcp.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv4-static.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-ipv6-static.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface-slaac.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-interface.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-network-ipv4-dns.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-accesspoints.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-scan.png +IMAGES_EN+= bsdinstall/bsdinstall-configure-wireless-wpa2setup.png +IMAGES_EN+= bsdinstall/bsdinstall-distfile-extracting.png +IMAGES_EN+= bsdinstall/bsdinstall-distfile-fetching.png +IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.png +IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png +IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png +IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png +IMAGES_EN+= bsdinstall/bsdinstall-keymap-10.png +IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png +IMAGES_EN+= bsdinstall/bsdinstall-mainexit.png +IMAGES_EN+= bsdinstall/bsdinstall-netinstall-files.png +IMAGES_EN+= bsdinstall/bsdinstall-netinstall-mirrorselect.png +IMAGES_EN+= bsdinstall/bsdinstall-part-entire-part.png +IMAGES_EN+= bsdinstall/bsdinstall-part-guided-disk.png +IMAGES_EN+= bsdinstall/bsdinstall-part-guided-manual.png +IMAGES_EN+= bsdinstall/bsdinstall-part-manual-addpart.png +IMAGES_EN+= bsdinstall/bsdinstall-part-manual-create.png +IMAGES_EN+= bsdinstall/bsdinstall-part-manual-partscheme.png +IMAGES_EN+= bsdinstall/bsdinstall-part-review.png +IMAGES_EN+= bsdinstall/bsdinstall-post-root-passwd.png +IMAGES_EN+= bsdinstall/bsdinstall-set-clock-local-utc.png +IMAGES_EN+= bsdinstall/bsdinstall-timezone-confirm.png +IMAGES_EN+= bsdinstall/bsdinstall-timezone-country.png +IMAGES_EN+= bsdinstall/bsdinstall-timezone-region.png +IMAGES_EN+= bsdinstall/bsdinstall-timezone-zone.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-disk_info.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-disk_select.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-geli_password.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-menu.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-partmenu.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-vdev_invalid.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-vdev_type.png +IMAGES_EN+= bsdinstall/bsdinstall-zfs-warning.png IMAGES_EN+= geom/striping.pic IMAGES_EN+= install/adduser1.scr IMAGES_EN+= install/adduser2.scr @@ -28,6 +93,7 @@ IMAGES_EN+= install/adduser3.scr IMAGES_EN+= install/boot-loader-menu.scr IMAGES_EN+= install/boot-mgr.scr IMAGES_EN+= install/config-country.scr +IMAGES_EN+= install/config-keymap.scr IMAGES_EN+= install/console-saver1.scr IMAGES_EN+= install/console-saver2.scr IMAGES_EN+= install/console-saver3.scr @@ -104,13 +170,6 @@ IMAGES_EN+= security/ipsec-network.pic IMAGES_EN+= security/ipsec-crypt-pkt.pic IMAGES_EN+= security/ipsec-encap-pkt.pic IMAGES_EN+= security/ipsec-out-pkt.pic -IMAGES_EN+= vinum/vinum-concat.pic -IMAGES_EN+= vinum/vinum-mirrored-vol.pic -IMAGES_EN+= vinum/vinum-raid10-vol.pic -IMAGES_EN+= vinum/vinum-raid5-org.pic -IMAGES_EN+= vinum/vinum-simple-vol.pic -IMAGES_EN+= vinum/vinum-striped-vol.pic -IMAGES_EN+= vinum/vinum-striped.pic IMAGES_EN+= virtualization/parallels-freebsd1.png IMAGES_EN+= virtualization/parallels-freebsd2.png IMAGES_EN+= virtualization/parallels-freebsd3.png @@ -175,7 +234,9 @@ IMAGES_LIB+= callouts/15.png # XML content SRCS+= audit/chapter.xml SRCS+= book.xml +SRCS+= bsdinstall/chapter.xml SRCS+= colophon.xml +SRCS+= dtrace/chapter.xml SRCS+= advanced-networking/chapter.xml SRCS+= basics/chapter.xml SRCS+= bibliography/chapter.xml @@ -186,6 +247,8 @@ SRCS+= desktop/chapter.xml SRCS+= disks/chapter.xml SRCS+= eresources/chapter.xml SRCS+= firewalls/chapter.xml +SRCS+= zfs/chapter.xml +SRCS+= filesystems/chapter.xml SRCS+= geom/chapter.xml SRCS+= install/chapter.xml SRCS+= introduction/chapter.xml @@ -205,8 +268,6 @@ SRCS+= preface/preface.xml SRCS+= printing/chapter.xml SRCS+= security/chapter.xml SRCS+= serialcomms/chapter.xml -SRCS+= users/chapter.xml -SRCS+= vinum/chapter.xml SRCS+= virtualization/chapter.xml SRCS+= x11/chapter.xml @@ -230,8 +291,6 @@ DOC_PREFIX?= ${.CURDIR}/../../.. XMLDOCS= lastmod:::mirrors.lastmod.inc \ mirrors-ftp-index:::mirrors.xml.ftp.index.inc \ mirrors-ftp:::mirrors.xml.ftp.inc \ - mirrors-cvsup-index:::mirrors.xml.cvsup.index.inc \ - mirrors-cvsup:::mirrors.xml.cvsup.inc \ eresources-index:::eresources.xml.www.index.inc \ eresources:::eresources.xml.www.inc DEPENDSET.DEFAULT= transtable mirror @@ -245,12 +304,6 @@ PARAMS.mirrors-ftp-index+= --param 'type PARAMS.mirrors-ftp+= --param 'type' "'ftp'" \ --param 'proto' "'ftp'" \ --param 'target' "'handbook/mirrors/chapter.xml'" -PARAMS.mirrors-cvsup-index+= --param 'type' "'cvsup'" \ - --param 'proto' "'cvsup'" \ - --param 'target' "'index'" -PARAMS.mirrors-cvsup+= --param 'type' "'cvsup'" \ - --param 'proto' "'cvsup'" \ - --param 'target' "'handbook/mirrors/chapter.xml'" PARAMS.eresources-index+= --param 'type' "'www'" \ --param 'proto' "'http'" \ --param 'target' "'index'" @@ -261,8 +314,6 @@ PARAMS.eresources+= --param 'type' "'www SRCS+= mirrors.lastmod.inc \ mirrors.xml.ftp.inc \ mirrors.xml.ftp.index.inc \ - mirrors.xml.cvsup.inc \ - mirrors.xml.cvsup.index.inc \ eresources.xml.www.inc \ eresources.xml.www.index.inc Modified: head/zh_TW.UTF-8/books/handbook/basics/chapter.xml ============================================================================== --- head/zh_TW.UTF-8/books/handbook/basics/chapter.xml Tue Apr 14 19:39:55 2015 (r46537) +++ head/zh_TW.UTF-8/books/handbook/basics/chapter.xml Tue Apr 14 21:06:08 2015 (r46538) @@ -1,19 +1,26 @@ <?xml version="1.0" encoding="utf-8"?> <!-- The FreeBSD Documentation Project + The FreeBSD Traditional Chinese Project $FreeBSD$ - Original revision: 1.152 + Original revision: r46052 --> -<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="basics"> - <info><title>UNIX 基礎概念</title> +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" + xml:id="basics"> + <!-- + <chapterinfo> <authorgroup> - <author><personname><firstname>Chris</firstname><surname>Shumway</surname></personname><contrib>Rewritten by </contrib></author> + <author> + <firstname>Chris</firstname> + <surname>Shumway</surname> + <contrib>Rewritten by in Mar 2000</contrib> + </author> </authorgroup> - - </info> - - + </chapterinfo> + --> + <title>UNIX 基礎概念</title> <sect1 xml:id="basics-synopsis"> <title>概述</title> @@ -29,44 +36,61 @@ <listitem> <para>如何使用 FreeBSD 的<quote>virtual consoles</quote>。</para> </listitem> + <listitem> <para>&unix; 檔案權限運作的方式以及 &os; 中檔案的 flags。</para> </listitem> + <listitem> <para>預設的 &os; 檔案系統配置。</para> </listitem> + <listitem> <para>&os; 的磁碟結構。</para> </listitem> + <listitem> <para>如何掛載(mount)、卸載(umount)檔案系統</para> </listitem> + <listitem> <para>什麼是processes、daemons 以及 signals 。</para> </listitem> + <listitem> <para>什麼是 shell ,以及如何變更您預設的登入環境。</para> </listitem> + <listitem> <para>如何使用基本的文字編輯器。</para> </listitem> + <listitem> <para>什麼是 devices 和 device nodes 。</para> </listitem> + <listitem> <para>&os; 下使用的 binary 格式。</para> </listitem> + <listitem> <para>如何閱讀 manual pages 以獲得更多的資訊。</para> </listitem> </itemizedlist> - </sect1> <sect1 xml:id="consoles"> <title>Virtual Consoles 和終端機</title> - <indexterm><primary>virtual consoles</primary></indexterm> - <indexterm><primary>terminals</primary></indexterm> + + <indexterm> + <primary>virtual consoles</primary> + </indexterm> + <indexterm> + <primary>terminals</primary> + </indexterm> + <indexterm> + <primary>console</primary> + </indexterm> <para>有很多方法可以操作 FreeBSD ,其中一種就是在文字終端機上打字。 如此使用 FreeBSD 即可輕易的體會到 &unix; 作業系統的威力和彈性。 @@ -279,6 +303,798 @@ options SC_PIXEL_MODE</programlisting> </sect2> </sect1> + <sect1 xml:id="users-synopsis"> + <title>Users and Basic Account Management</title> + + <para>&os; allows multiple users to use the computer at the same + time. While only one user can sit in front of the screen and + use the keyboard at any one time, any number of users can log + in to the system through the network. To use the system, each + user should have their own user account.</para> + + <para>This chapter describes:</para> + + <itemizedlist> + <listitem> + <para>The different types of user accounts on a + &os; system.</para> + </listitem> + + <listitem> + <para>How to add, remove, and modify user accounts.</para> + </listitem> + + <listitem> + <para>How to set limits to control the + resources that users and + groups are allowed to access.</para> + </listitem> + + <listitem> + <para>How to create groups and add users as members of a + group.</para> + </listitem> + </itemizedlist> + + <sect2 xml:id="users-introduction"> + <title>Account Types</title> + + <para>Since all access to the &os; system is achieved using + accounts and all processes are run by users, user and account + management is important.</para> + + <para>There are three main types of accounts: system accounts, + user accounts, and the superuser account.</para> + + <sect3 xml:id="users-system"> + <title>System Accounts</title> + + <indexterm> + <primary>accounts</primary> + <secondary>system</secondary> + </indexterm> + + <para>System accounts are used to run services such as DNS, + mail, and web servers. The reason for this is security; if + all services ran as the superuser, they could act without + restriction.</para> + + <indexterm> + <primary>accounts</primary> + <secondary><systemitem + class="username">daemon</systemitem></secondary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary><systemitem + class="username">operator</systemitem></secondary> + </indexterm> + + <para>Examples of system accounts are + <systemitem class="username">daemon</systemitem>, + <systemitem class="username">operator</systemitem>, + <systemitem class="username">bind</systemitem>, + <systemitem class="username">news</systemitem>, and + <systemitem class="username">www</systemitem>.</para> + + <indexterm> + <primary>accounts</primary> + <secondary><systemitem + class="username">nobody</systemitem></secondary> + </indexterm> + + <para><systemitem class="username">nobody</systemitem> is the + generic unprivileged system account. However, the more + services that use + <systemitem class="username">nobody</systemitem>, the more + files and processes that user will become associated with, + and hence the more privileged that user becomes.</para> + </sect3> + + <sect3 xml:id="users-user"> + <title>User Accounts</title> + + <indexterm> + <primary>accounts</primary> + <secondary>user</secondary> + </indexterm> + + <para>User accounts are assigned to real people and are used + to log in and use the system. Every person accessing the + system should have a unique user account. This allows the + administrator to find out who is doing what and prevents + users from clobbering the settings of other users.</para> + + <para>Each user can set up their own environment to + accommodate their use of the system, by configuring their + default shell, editor, key bindings, and language + settings.</para> + + <para>Every user account on a &os; system has certain + information associated with it:</para> + + <variablelist> + <varlistentry> + <term>User name</term> + + <listitem> + <para>The user name is typed at the + <prompt>login:</prompt> prompt. Each user must have + a unique user name. There are a number of rules for + creating valid user names which are documented in + &man.passwd.5;. It is recommended to use user names + that consist of eight or fewer, all lower case + characters in order to maintain backwards + compatibility with applications.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Password</term> + + <listitem> + <para>Each account has an associated password.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>User ID (<acronym>UID</acronym>)</term> + + <listitem> + <para>The User ID (<acronym>UID</acronym>) is a number + used to uniquely identify the user to the &os; system. + Commands that allow a user name to be specified will + first convert it to the <acronym>UID</acronym>. It is + recommended to use a UID less than 65535, since higher + values may cause compatibility issues with some + software.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Group ID (<acronym>GID</acronym>)</term> + + <listitem> + <para>The Group ID (<acronym>GID</acronym>) is a number + used to uniquely identify the primary group that the + user belongs to. Groups are a mechanism for + controlling access to resources based on a user's + <acronym>GID</acronym> rather than their + <acronym>UID</acronym>. This can significantly reduce + the size of some configuration files and allows users + to be members of more than one group. It is + recommended to use a GID of 65535 or lower as higher + GIDs may break some software.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Login class</term> + + <listitem> + <para>Login classes are an extension to the group + mechanism that provide additional flexibility when + tailoring the system to different users. Login + classes are discussed further in + <xref linkend="users-limiting"/>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Password change time</term> + + <listitem> + <para>By default, passwords do not expire. However, + password expiration can be enabled on a per-user + basis, forcing some or all users to change their + passwords after a certain amount of time has + elapsed.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Account expiry time</term> + + <listitem> + <para>By default, &os; does not expire accounts. When + creating accounts that need a limited lifespan, such + as student accounts in a school, specify the account + expiry date using &man.pw.8;. After the expiry time + has elapsed, the account cannot be used to log in to + the system, although the account's directories and + files will remain.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>User's full name</term> + + <listitem> + <para>The user name uniquely identifies the account to + &os;, but does not necessarily reflect the user's real + name. Similar to a comment, this information can + contain spaces, uppercase characters, and be more + than 8 characters long.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Home directory</term> + + <listitem> + <para>The home directory is the full path to a directory + on the system. This is the user's starting directory + when the user logs in. A common convention is to put + all user home directories under <filename + class="directory"><replaceable>/home/username</replaceable></filename> + or <filename + class="directory"><replaceable>/usr/home/username</replaceable></filename>. + Each user stores their personal files and + subdirectories in their own home directory.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>User shell</term> + + <listitem> + <para>The shell provides the user's default environment + for interacting with the system. There are many + different kinds of shells and experienced users will + have their own preferences, which can be reflected in + their account settings.</para> + </listitem> + </varlistentry> + </variablelist> + </sect3> + + <sect3 xml:id="users-superuser"> + <title>The Superuser Account</title> + + <indexterm> + <primary>accounts</primary> + <secondary>superuser (root)</secondary> + </indexterm> + + <para>The superuser account, usually called + <systemitem class="username">root</systemitem>, is used to + manage the system with no limitations on privileges. For + this reason, it should not be used for day-to-day tasks like + sending and receiving mail, general exploration of the + system, or programming.</para> + + <para>The superuser, unlike other user accounts, can operate + without limits, and misuse of the superuser account may + result in spectacular disasters. User accounts are unable + to destroy the operating system by mistake, so it is + recommended to login as a user account and to only become + the superuser when a command requires extra + privilege.</para> + + <para>Always double and triple-check any commands issued as + the superuser, since an extra space or missing character can + mean irreparable data loss.</para> + + <para>There are several ways to gain superuser privilege. + While one can log in as + <systemitem class="username">root</systemitem>, this is + highly discouraged.</para> + + <para>Instead, use &man.su.1; to become the superuser. If + <literal>-</literal> is specified when running this command, + the user will also inherit the root user's environment. The + user running this command must be in the + <systemitem class="groupname">wheel</systemitem> group or + else the command will fail. The user must also know the + password for the + <systemitem class="username">root</systemitem> user + account.</para> + + <para>In this example, the user only becomes superuser in + order to run <command>make install</command> as this step + requires superuser privilege. Once the command completes, + the user types <command>exit</command> to leave the + superuser account and return to the privilege of their user + account.</para> + + <example> + <title>Install a Program As the Superuser</title> + + <screen>&prompt.user; <userinput>configure</userinput> +&prompt.user; <userinput>make</userinput> +&prompt.user; <userinput>su -</userinput> +Password: +&prompt.root; <userinput>make install</userinput> +&prompt.root; <userinput>exit</userinput> +&prompt.user;</screen> + </example> + + <para>The built-in &man.su.1; framework works well for single + systems or small networks with just one system + administrator. An alternative is to install the + <package>security/sudo</package> package or port. This + software provides activity logging and allows the + administrator to configure which users can run which + commands as the superuser.</para> + </sect3> + </sect2> + + <sect2 xml:id="users-modifying"> + <title>Managing Accounts</title> + + <indexterm> + <primary>accounts</primary> + <secondary>modifying</secondary> + </indexterm> + + <para>&os; provides a variety of different commands to manage + user accounts. The most common commands are summarized in + <xref linkend="users-modifying-utilities"/>, followed by some + examples of their usage. See the manual page for each utility + for more details and usage examples.</para> + + <table frame="none" pgwide="1" + xml:id="users-modifying-utilities"> + <title>Utilities for Managing User Accounts</title> + + <tgroup cols="2"> + <colspec colwidth="1*"/> + <colspec colwidth="2*"/> + + <thead> + <row> + <entry>Command</entry> + <entry>Summary</entry> + </row> + </thead> + <tbody> + <row> + <entry>&man.adduser.8;</entry> + <entry>The recommended command-line application for + adding new users.</entry> + </row> + + <row> + <entry>&man.rmuser.8;</entry> + <entry>The recommended command-line application for + removing users.</entry> + </row> + + <row> + <entry>&man.chpass.1;</entry> + <entry>A flexible tool for changing user database + information.</entry> + </row> + + <row> + <entry>&man.passwd.1;</entry> + <entry>The command-line tool to change user + passwords.</entry> + </row> + + <row> + <entry>&man.pw.8;</entry> + <entry>A powerful and flexible tool for modifying all + aspects of user accounts.</entry> + </row> + </tbody> + </tgroup> + </table> + + <sect3 xml:id="users-adduser"> + <title><command>adduser</command></title> + + <indexterm> + <primary>accounts</primary> + <secondary>adding</secondary> + </indexterm> + <indexterm> + <primary><command>adduser</command></primary> + </indexterm> + <indexterm> + <primary><filename>/usr/share/skel</filename></primary> + </indexterm> + <indexterm> + <primary>skeleton directory</primary> + </indexterm> + + <para>The recommended program for adding new users is + &man.adduser.8;. When a new user is added, this program + automatically updates <filename>/etc/passwd</filename> and + <filename>/etc/group</filename>. It also creates a home + directory for the new user, copies in the default + configuration files from + <filename>/usr/share/skel</filename>, and can optionally + mail the new user a welcome message. This utility must be + run as the superuser.</para> + + <para>The &man.adduser.8; utility is interactive and walks + through the steps for creating a new user account. As seen + in <xref linkend="users-modifying-adduser"/>, either input + the required information or press <keycap>Return</keycap> + to accept the default value shown in square brackets. + In this example, the user has been invited into the + <systemitem class="groupname">wheel</systemitem> group, + allowing them to become the superuser with &man.su.1;. + When finished, the utility will prompt to either + create another user or to exit.</para> + + <example xml:id="users-modifying-adduser"> + <title>Adding a User on &os;</title> + + <screen>&prompt.root; <userinput>adduser</userinput> +Username: <userinput>jru</userinput> +Full name: <userinput>J. Random User</userinput> +Uid (Leave empty for default): +Login group [jru]: +Login group is jru. Invite jru into other groups? []: <userinput>wheel</userinput> +Login class [default]: +Shell (sh csh tcsh zsh nologin) [sh]: <userinput>zsh</userinput> +Home directory [/home/jru]: +Home directory permissions (Leave empty for default): +Use password-based authentication? [yes]: +Use an empty password? (yes/no) [no]: +Use a random password? (yes/no) [no]: +Enter password: +Enter password again: +Lock out the account after creation? [no]: +Username : jru +Password : **** +Full Name : J. Random User +Uid : 1001 +Class : +Groups : jru wheel +Home : /home/jru +Shell : /usr/local/bin/zsh +Locked : no +OK? (yes/no): <userinput>yes</userinput> +adduser: INFO: Successfully added (jru) to the user database. +Add another user? (yes/no): <userinput>no</userinput> +Goodbye! +&prompt.root;</screen> + </example> + + <note> + <para>Since the password is not echoed when typed, be + careful to not mistype the password when creating the user + account.</para> + </note> + </sect3> + + <sect3 xml:id="users-rmuser"> + <title><command>rmuser</command></title> + + <indexterm> + <primary><command>rmuser</command></primary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary>removing</secondary> + </indexterm> + + <para>To completely remove a user from the system, run + &man.rmuser.8; as the superuser. This command performs the + following steps:</para> + + <procedure> + <step> + <para>Removes the user's &man.crontab.1; entry, if one + exists.</para> + </step> + + <step> + <para>Removes any &man.at.1; jobs belonging to the + user.</para> + </step> + + <step> + <para>Kills all processes owned by the user.</para> + </step> + + <step> + <para>Removes the user from the system's local password + file.</para> + </step> + + <step> + <para>Optionally removes the user's home directory, if it + is owned by the user.</para> + </step> + + <step> + <para>Removes the incoming mail files belonging to the + user from <filename>/var/mail</filename>.</para> + </step> + + <step> + <para>Removes all files owned by the user from temporary + file storage areas such as + <filename>/tmp</filename>.</para> + </step> + + <step> + <para>Finally, removes the username from all groups to + which it belongs in <filename>/etc/group</filename>. If + a group becomes empty and the group name is the same as + the username, the group is removed. This complements + the per-user unique groups created by + &man.adduser.8;.</para> + </step> + </procedure> + + <para>&man.rmuser.8; cannot be used to remove superuser + accounts since that is almost always an indication of + massive destruction.</para> + + <para>By default, an interactive mode is used, as shown + in the following example.</para> + + <example> + <title><command>rmuser</command> Interactive Account + Removal</title> + + <screen>&prompt.root; <userinput>rmuser jru</userinput> +Matching password entry: +jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh +Is this the entry you wish to remove? <userinput>y</userinput> +Remove user's home directory (/home/jru)? <userinput>y</userinput> +Removing user (jru): mailspool home passwd. +&prompt.root;</screen> + </example> + </sect3> + + <sect3 xml:id="users-chpass"> + <title><command>chpass</command></title> + + <indexterm> + <primary><command>chpass</command></primary> + </indexterm> + + <para>Any user can use &man.chpass.1; to change their default + shell and personal information associated with their user + account. The superuser can use this utility to change + additional account information for any user.</para> + + <para>When passed no options, aside from an optional username, + &man.chpass.1; displays an editor containing user + information. When the user exits from the editor, the user + database is updated with the new information.</para> + + <note> + <para>This utility will prompt for the user's password when + exiting the editor, unless the utility is run as the + superuser.</para> + </note> + + <para>In <xref linkend="users-modifying-chpass-su"/>, the + superuser has typed <command>chpass jru</command> and is + now viewing the fields that can be changed for this user. + If <systemitem class="username">jru</systemitem> runs this + command instead, only the last six fields will be displayed + and available for editing. This is shown in + <xref linkend="users-modifying-chpass-ru"/>.</para> + + <example xml:id="users-modifying-chpass-su"> + <title>Using <command>chpass</command> as + Superuser</title> + + <screen>#Changing user database information for jru. +Login: jru +Password: * +Uid [#]: 1001 +Gid [# or name]: 1001 +Change [month day year]: +Expire [month day year]: +Class: +Home directory: /home/jru +Shell: /usr/local/bin/zsh +Full Name: J. Random User +Office Location: +Office Phone: +Home Phone: +Other information:</screen> + </example> + + <example xml:id="users-modifying-chpass-ru"> + <title>Using <command>chpass</command> as Regular + User</title> + + <screen>#Changing user database information for jru. +Shell: /usr/local/bin/zsh +Full Name: J. Random User +Office Location: +Office Phone: +Home Phone: +Other information:</screen> + </example> + + <note> + <para>The commands &man.chfn.1; and &man.chsh.1; are links + to &man.chpass.1;, as are &man.ypchpass.1;, + &man.ypchfn.1;, and &man.ypchsh.1;. Since + <acronym>NIS</acronym> support is automatic, specifying + the <literal>yp</literal> before the command is not + necessary. How to configure NIS is covered in <xref + linkend="network-servers"/>.</para> + </note> + </sect3> + + <sect3 xml:id="users-passwd"> + <title><command>passwd</command></title> + + <indexterm> + <primary><command>passwd</command></primary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary>changing password</secondary> + </indexterm> + + <para>Any user can easily change their password using + &man.passwd.1;. To prevent accidental or unauthorized + changes, this command will prompt for the user's original + password before a new password can be set:</para> + + <example> + <title>Changing Your Password</title> + + <screen>&prompt.user; <userinput>passwd</userinput> +Changing local password for jru. +Old password: +New password: +Retype new password: +passwd: updating the database... +passwd: done</screen> + </example> + + <para>The superuser can change any user's password by + specifying the username when running &man.passwd.1;. When + this utility is run as the superuser, it will not prompt for + the user's current password. This allows the password to be + changed when a user cannot remember the original + password.</para> + + <example> + <title>Changing Another User's Password as the + Superuser</title> + + <screen>&prompt.root; <userinput>passwd jru</userinput> +Changing local password for jru. +New password: +Retype new password: +passwd: updating the database... +passwd: done</screen> + </example> + + <note> + <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to + &man.passwd.1;, so <acronym>NIS</acronym> works with + either command.</para> + </note> + </sect3> + + <sect3 xml:id="users-pw"> + <title><command>pw</command></title> + + <indexterm> + <primary><command>pw</command></primary> + </indexterm> + + <para>The &man.pw.8; utility can create, remove, + modify, and display users and groups. It functions as a + front end to the system user and group files. &man.pw.8; + has a very powerful set of command line options that make it + suitable for use in shell scripts, but new users may find it + more complicated than the other commands presented in this + section.</para> + </sect3> + </sect2> + + <sect2 xml:id="users-groups"> + <title>Managing Groups</title> + + <indexterm> + <primary>groups</primary> + </indexterm> + <indexterm> + <primary><filename>/etc/groups</filename></primary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary>groups</secondary> + </indexterm> + + <para>A group is a list of users. A group is identified by its + group name and <acronym>GID</acronym>. In &os;, the kernel + uses the <acronym>UID</acronym> of a process, and the list of + groups it belongs to, to determine what the process is allowed + to do. Most of the time, the <acronym>GID</acronym> of a user + or process usually means the first group in the list.</para> + + <para>The group name to <acronym>GID</acronym> mapping is listed + in <filename>/etc/group</filename>. This is a plain text file + with four colon-delimited fields. The first field is the + group name, the second is the encrypted password, the third + the <acronym>GID</acronym>, and the fourth the comma-delimited + list of members. For a more complete description of the + syntax, refer to &man.group.5;.</para> + + <para>The superuser can modify <filename>/etc/group</filename> + using a text editor. Alternatively, &man.pw.8; can be used to + add and edit groups. For example, to add a group called + <systemitem class="groupname">teamtwo</systemitem> and then + confirm that it exists:</para> + + <example> + <title>Adding a Group Using &man.pw.8;</title> + + <screen>&prompt.root; <userinput>pw groupadd teamtwo</userinput> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504142106.t3EL696u003674>