Date: Mon, 28 Jan 2013 15:09:10 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40779 - head/en_US.ISO8859-1/books/handbook/users Message-ID: <201301281509.r0SF9Ah1011231@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Mon Jan 28 15:09:10 2013 New Revision: 40779 URL: http://svnweb.freebsd.org/changeset/doc/40779 Log: White space fix only. Translators can ignore. Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 15:05:36 2013 (r40778) +++ head/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 15:09:10 2013 (r40779) @@ -9,7 +9,7 @@ <chapterinfo> <authorgroup> <author> - <firstname>Neil</firstname> + <firstname>Neil</firstname> <surname>Blakey-Milner</surname> <contrib>Contributed by </contrib> </author> @@ -22,22 +22,21 @@ <sect1 id="users-synopsis"> <title>Synopsis</title> - <para>FreeBSD allows multiple users to use the computer at the same time. - Obviously, only one of those users can be sitting in front of the screen and - keyboard at any one time - <footnote> - <para>Well, unless you hook up multiple terminals, but we will - save that for <xref linkend="serialcomms"/>.</para> - </footnote>, but any number of users can log in through the - network to get their work done. To use the system every user must have - an account.</para> + <para>FreeBSD allows multiple users to use the computer at the + same time. Obviously, only one of those users can be sitting in + front of the screen and keyboard at any one time + <footnote><para>Well, unless you hook up multiple terminals, but + we will save that for <xref linkend="serialcomms"/>.</para> + </footnote>, but any number of users can log in through the + network to get their work done. To use the system every user + must have an account.</para> <para>After reading this chapter, you will know:</para> <itemizedlist> <listitem> - <para>The differences between the various user accounts on a FreeBSD - system.</para> + <para>The differences between the various user accounts on a + FreeBSD system.</para> </listitem> <listitem> @@ -49,18 +48,19 @@ </listitem> <listitem> - <para>How to change account details, such as the user's full name, or - preferred shell.</para> + <para>How to change account details, such as the user's full + name, or preferred shell.</para> </listitem> <listitem> <para>How to set limits on a per-account basis, to control the - resources such as memory and CPU time that accounts and groups of - accounts are allowed to access.</para> + resources such as memory and CPU time that accounts and + groups of accounts are allowed to access.</para> </listitem> <listitem> - <para>How to use groups to make account management easier.</para> + <para>How to use groups to make account management + easier.</para> </listitem> </itemizedlist> @@ -81,8 +81,8 @@ processes are run by users, so user and account management are of integral importance on FreeBSD systems.</para> - <para>Every account on a FreeBSD system has certain information associated - with it to identify the account.</para> + <para>Every account on a FreeBSD system has certain information + associated with it to identify the account.</para> <variablelist> <varlistentry> @@ -90,12 +90,12 @@ <listitem> <para>The user name as it would be typed at the - <prompt>login:</prompt> prompt. User names must be unique across - the computer; you may not have two users with the same - user name. There are a number of rules for creating valid user - names, documented in &man.passwd.5;; you would typically use user - names that consist of eight or fewer all lower case - characters.</para> + <prompt>login:</prompt> prompt. User names must be unique + across the computer; you may not have two users with the + same user name. There are a number of rules for creating + valid user names, documented in &man.passwd.5;; you would + typically use user names that consist of eight or fewer + all lower case characters.</para> </listitem> </varlistentry> @@ -103,10 +103,10 @@ <term>Password</term> <listitem> - <para>Each account has a password associated with it. The password - may be blank, in which case no password will be required to access - the system. This is normally a very bad idea; every account - should have a password.</para> + <para>Each account has a password associated with it. The + password may be blank, in which case no password will be + required to access the system. This is normally a very + bad idea; every account should have a password.</para> </listitem> </varlistentry> @@ -114,19 +114,21 @@ <term>User ID (UID)</term> <listitem> - <para>The UID is a number, traditionally from 0 to 65535<footnote id="users-largeuidgid"> + <para>The UID is a number, traditionally from 0 to + 65535<footnote id="users-largeuidgid"> <para>It is possible to use UID/GIDs as large as 4294967295, but such IDs can cause serious problems with software that makes assumptions about the values of IDs.</para> - </footnote>, used to uniquely identify - the user to the system. Internally, FreeBSD uses the UID to - identify users—any FreeBSD commands that allow you to - specify a user name will convert it to the UID before working with - it. This means that you can have several accounts with different - user names but the same UID. As far as FreeBSD is concerned these - accounts are one user. It is unlikely you will ever need to do - this.</para> + </footnote>, used to uniquely identify the user to the + system. Internally, FreeBSD uses the UID to + identify users—any FreeBSD commands that allow + you to specify a user name will convert it to the UID + before working with it. This means that you can have + several accounts with different user names but the + same UID. As far as FreeBSD is concerned these + accounts are one user. It is unlikely you will ever + need to do this.</para> </listitem> </varlistentry> @@ -134,11 +136,13 @@ <term>Group ID (GID)</term> <listitem> - <para>The GID is a number, traditionally from 0 to 65535<footnoteref linkend="users-largeuidgid"/>, used to uniquely identify - the primary group that the user belongs to. Groups are a - mechanism for controlling access to resources based on a user's - GID rather than their UID. This can significantly reduce the size - of some configuration files. A user may also be in more than one + <para>The GID is a number, traditionally from 0 to + 65535<footnoteref linkend="users-largeuidgid"/>, used to + uniquely identify the primary group that the user belongs + to. Groups are a mechanism for controlling access to + resources based on a user's GID rather than their UID. + This can significantly reduce the size of some + configuration files. A user may also be in more than one group.</para> </listitem> </varlistentry> @@ -147,9 +151,9 @@ <term>Login class</term> <listitem> - <para>Login classes are an extension to the group mechanism that - provide additional flexibility when tailoring the system to - different users.</para> + <para>Login classes are an extension to the group mechanism + that provide additional flexibility when tailoring the + system to different users.</para> </listitem> </varlistentry> @@ -157,10 +161,11 @@ <term>Password change time</term> <listitem> - <para>By default FreeBSD does not force users to change their - passwords periodically. You can enforce this on a per-user basis, - forcing some or all of your users to change their passwords after - a certain amount of time has elapsed.</para> + <para>By default FreeBSD does not force users to change + their passwords periodically. You can enforce this on a + per-user basis, forcing some or all of your users to + change their passwords after a certain amount of time has + elapsed.</para> </listitem> </varlistentry> @@ -168,13 +173,13 @@ <term>Account expiry time</term> <listitem> - <para>By default FreeBSD does not expire accounts. If you are - creating accounts that you know have a limited lifespan, for - example, in a school where you have accounts for the students, - then you can specify when the account expires. After the expiry - time has elapsed the account cannot be used to log in to the - system, although the account's directories and files will - remain.</para> + <para>By default FreeBSD does not expire accounts. If you + are creating accounts that you know have a limited + lifespan, for example, in a school where you have accounts + for the students, then you can specify when the account + expires. After the expiry time has elapsed the account + cannot be used to log in to the system, although the + account's directories and files will remain.</para> </listitem> </varlistentry> @@ -182,9 +187,10 @@ <term>User's full name</term> <listitem> - <para>The user name uniquely identifies the account to FreeBSD, but - does not necessarily reflect the user's real name. This - information can be associated with the account.</para> + <para>The user name uniquely identifies the account to + FreeBSD, but does not necessarily reflect the user's real + name. This information can be associated with the + account.</para> </listitem> </varlistentry> @@ -192,14 +198,16 @@ <term>Home directory</term> <listitem> - <para>The home directory is the full path to a directory on the - system in which the user will start when logging on to the - system. A common convention is to put all user home directories - under + <para>The home directory is the full path to a directory on + the system in which the user will start when logging on to + the system. A common convention is to put all user home + directories under <filename>/home/<replaceable>username</replaceable></filename> - or <filename>/usr/home/<replaceable>username</replaceable></filename>. - The user would store their personal files in their home directory, - and any directories they may create in there.</para> + or + <filename>/usr/home/<replaceable>username</replaceable></filename>. + The user would store their personal files in their home + directory, and any directories they may create in + there.</para> </listitem> </varlistentry> @@ -207,10 +215,11 @@ <term>User shell</term> <listitem> - <para>The shell provides the default environment users use to - interact with the system. There are many different kinds of - shells, and experienced users will have their own preferences, - which can be reflected in their account settings.</para> + <para>The shell provides the default environment users use + to interact with the system. There are many different + kinds of shells, and experienced users will have their own + preferences, which can be reflected in their account + settings.</para> </listitem> </varlistentry> </variablelist> @@ -345,26 +354,31 @@ <row> <entry>&man.adduser.8;</entry> <entry>The recommended command-line application for adding - new users.</entry> + new users.</entry> </row> + <row> <entry>&man.rmuser.8;</entry> <entry>The recommended command-line application for - removing users.</entry> + removing users.</entry> </row> + <row> <entry>&man.chpass.1;</entry> - <entry>A flexible tool to change user database information.</entry> + <entry>A flexible tool to change user database + information.</entry> </row> + <row> <entry>&man.passwd.1;</entry> <entry>The simple command-line tool to change user - passwords.</entry> + passwords.</entry> </row> + <row> <entry>&man.pw.8;</entry> <entry>A powerful and flexible tool to modify all aspects - of user accounts.</entry> + of user accounts.</entry> </row> </tbody> </tgroup> @@ -374,21 +388,23 @@ <title><command>adduser</command></title> <indexterm> - <primary>accounts</primary> - <secondary>adding</secondary> + <primary>accounts</primary> + <secondary>adding</secondary> </indexterm> <indexterm> - <primary><command>adduser</command></primary> + <primary><command>adduser</command></primary> </indexterm> <indexterm> - <primary><filename class="directory">/usr/share/skel</filename></primary> + <primary><filename + class="directory">/usr/share/skel</filename></primary> </indexterm> <indexterm><primary>skeleton directory</primary></indexterm> <para>&man.adduser.8; is a simple program for adding new users. It creates entries in the system <filename>passwd</filename> and <filename>group</filename> files. It will also create a home directory for the new user, - copy in the default configuration files (<quote>dotfiles</quote>) from + copy in the default configuration files + (<quote>dotfiles</quote>) from <filename>/usr/share/skel</filename>, and can optionally mail the new user a welcome message.</para> @@ -428,9 +444,9 @@ Goodbye! </example> <note> - <para>The password you type in is not echoed, nor are asterisks - displayed. Make sure that you do not mistype the password. - </para> + <para>The password you type in is not echoed, nor are + asterisks displayed. Make sure that you do not mistype the + password.</para> </note> </sect2> @@ -439,13 +455,12 @@ Goodbye! <indexterm><primary><command>rmuser</command></primary></indexterm> <indexterm> - <primary>accounts</primary> - <secondary>removing</secondary> + <primary>accounts</primary> + <secondary>removing</secondary> </indexterm> - <para>You can use &man.rmuser.8; to - completely remove a user from the system. - &man.rmuser.8; performs the following + <para>You can use &man.rmuser.8; to completely remove a user + from the system. &man.rmuser.8; performs the following steps:</para> <procedure> @@ -453,51 +468,60 @@ Goodbye! <para>Removes the user's &man.crontab.1; entry (if any).</para> </step> + <step> <para>Removes any &man.at.1; jobs belonging to the user.</para> </step> + <step> <para>Kills all processes owned by the user.</para> </step> + <step> <para>Removes the user from the system's local password file.</para> </step> + <step> <para>Removes the user's home directory (if it is owned by the user).</para> </step> + <step> <para>Removes the incoming mail files belonging to the user from <filename>/var/mail</filename>.</para> </step> + <step> <para>Removes all files owned by the user from temporary - file storage areas such as <filename>/tmp</filename>.</para> + file storage areas such as + <filename>/tmp</filename>.</para> </step> + <step> <para>Finally, removes the username from all groups to which it belongs in <filename>/etc/group</filename>.</para> - <note> - <para>If a group becomes empty and the group name is the - same as the username, the group is removed; this - complements the per-user unique groups created by - &man.adduser.8;.</para> - </note> + <note> + <para>If a group becomes empty and the group name is the + same as the username, the group is removed; this + complements the per-user unique groups created by + &man.adduser.8;.</para> + </note> </step> </procedure> - <para>&man.rmuser.8; cannot be used to remove - superuser accounts, since that is almost always an indication - of massive destruction.</para> + <para>&man.rmuser.8; cannot be used to remove superuser + accounts, since that is almost always an indication of massive + destruction.</para> <para>By default, an interactive mode is used, which attempts to make sure you know what you are doing.</para> <example> - <title><command>rmuser</command> Interactive Account Removal</title> + <title><command>rmuser</command> Interactive Account + Removal</title> <screen>&prompt.root; <userinput>rmuser jru</userinput> Matching password entry: @@ -534,11 +558,13 @@ Removing files belonging to jru from /va <note> <para>You will be asked for your password - after exiting the editor if you are not the superuser.</para> + after exiting the editor if you are not the + superuser.</para> </note> <example> - <title>Interactive <command>chpass</command> by Superuser</title> + <title>Interactive <command>chpass</command> by + Superuser</title> <screen>#Changing user database information for jru. Login: jru @@ -561,7 +587,8 @@ Other information:</screen> information, and only for themselves.</para> <example> - <title>Interactive <command>chpass</command> by Normal User</title> + <title>Interactive <command>chpass</command> by Normal + User</title> <screen>#Changing user database information for jru. Shell: /usr/local/bin/zsh @@ -579,8 +606,9 @@ Other information:</screen> &man.ypchfn.1;, and &man.ypchsh.1;. NIS support is automatic, so specifying the <literal>yp</literal> before the command is - not necessary. If this is confusing to you, do not worry, NIS will - be covered in <xref linkend="network-servers"/>.</para> + not necessary. If this is confusing to you, do not worry, + NIS will be covered in <xref + linkend="network-servers"/>.</para> </note> </sect2> <sect2 id="users-passwd"> @@ -588,16 +616,17 @@ Other information:</screen> <indexterm><primary><command>passwd</command></primary></indexterm> <indexterm> - <primary>accounts</primary> - <secondary>changing password</secondary> + <primary>accounts</primary> + <secondary>changing password</secondary> </indexterm> <para>&man.passwd.1; is the usual way to change your own password as a user, or another user's password as the superuser.</para> <note> - <para>To prevent accidental or unauthorized changes, the original - password must be entered before a new password can be set.</para> + <para>To prevent accidental or unauthorized changes, the + original password must be entered before a new password can + be set.</para> </note> <example> @@ -613,7 +642,8 @@ passwd: done</screen> </example> <example> - <title>Changing Another User's Password as the Superuser</title> + <title>Changing Another User's Password as the + Superuser</title> <screen>&prompt.root; <userinput>passwd jru</userinput> Changing local password for jru. @@ -634,6 +664,7 @@ passwd: done</screen> <sect2 id="users-pw"> <title><command>pw</command></title> + <indexterm><primary><command>pw</command></primary></indexterm> <para>&man.pw.8; is a command line utility to create, remove, @@ -673,35 +704,36 @@ passwd: done</screen> they provide a way to quickly check that usage without calculating it every time. Quotas are discussed in <xref - linkend="quotas"/>.</para> + linkend="quotas"/>.</para> - <para>The other resource limits include ways to limit the amount of - CPU, memory, and other resources a user may consume. These are - defined using login classes and are discussed here.</para> + <para>The other resource limits include ways to limit the amount + of CPU, memory, and other resources a user may consume. These + are defined using login classes and are discussed here.</para> <indexterm> <primary><filename>/etc/login.conf</filename></primary> </indexterm> <para>Login classes are defined in <filename>/etc/login.conf</filename>. The precise semantics are - beyond the scope of this section, but are described in detail in the - &man.login.conf.5; manual page. It is sufficient to say that each - user is assigned to a login class (<literal>default</literal> by - default), and that each login class has a set of login capabilities - associated with it. A login capability is a + beyond the scope of this section, but are described in detail in + the &man.login.conf.5; manual page. It is sufficient to say + that each user is assigned to a login class + (<literal>default</literal> by default), and that each login + class has a set of login capabilities associated with it. A + login capability is a <literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal> pair, where <replaceable>name</replaceable> is a well-known identifier and <replaceable>value</replaceable> is an arbitrary - string processed accordingly depending on the name. Setting up login - classes and capabilities is rather straight-forward and is also - described in &man.login.conf.5;.</para> + string processed accordingly depending on the name. Setting up + login classes and capabilities is rather straight-forward and is + also described in &man.login.conf.5;.</para> <note> <para>The system does not normally read the configuration in - <filename>/etc/login.conf</filename> directly, but reads the database - file <filename>/etc/login.conf.db</filename> which provides - faster lookups. - To generate <filename>/etc/login.conf.db</filename> from + <filename>/etc/login.conf</filename> directly, but reads the + database file <filename>/etc/login.conf.db</filename> which + provides faster lookups. To generate + <filename>/etc/login.conf.db</filename> from <filename>/etc/login.conf</filename>, execute the following command:</para> @@ -709,230 +741,230 @@ passwd: done</screen> </note> <para>Resource limits are different from plain vanilla login - capabilities in two ways. First, for every limit, there is a soft - (current) and hard limit. A soft limit may be adjusted by the user - or application, but may be no higher than the hard limit. The latter - may be lowered by the user, but never raised. Second, most resource - limits apply per process to a specific user, not the user as a whole. - Note, however, that these differences are mandated by the specific - handling of the limits, not by the implementation of the login - capability framework (i.e., they are not <emphasis>really</emphasis> - a special case of login capabilities).</para> + capabilities in two ways. First, for every limit, there is a + soft (current) and hard limit. A soft limit may be adjusted by + the user or application, but may be no higher than the hard + limit. The latter may be lowered by the user, but never raised. + Second, most resource limits apply per process to a specific + user, not the user as a whole. Note, however, that these + differences are mandated by the specific handling of the limits, + not by the implementation of the login capability framework + (i.e., they are not <emphasis>really</emphasis> a special case + of login capabilities).</para> - <para>And so, without further ado, below are the most commonly used - resource limits (the rest, along with all the other login + <para>And so, without further ado, below are the most commonly + used resource limits (the rest, along with all the other login capabilities, may be found in &man.login.conf.5;).</para> <variablelist> <varlistentry> - <term><literal>coredumpsize</literal></term> + <term><literal>coredumpsize</literal></term> <listitem> - <indexterm><primary>coredumpsize</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>coredumpsize</secondary> - </indexterm> - <para>The limit on the size of a core file generated by a program - is, for obvious reasons, subordinate to other limits on disk - usage (e.g., <literal>filesize</literal>, or disk quotas). - Nevertheless, it is often used as a less-severe method of - controlling disk space consumption: since users do not generate - core files themselves, and often do not delete them, setting this - may save them from running out of disk space should a large - program (e.g., <application>emacs</application>) crash.</para> + <indexterm><primary>coredumpsize</primary></indexterm> + <indexterm><primary>limiting users</primary> + <secondary>coredumpsize</secondary> + </indexterm> + <para>The limit on the size of a core file generated by a + program is, for obvious reasons, subordinate to other + limits on disk usage (e.g., <literal>filesize</literal>, + or disk quotas). Nevertheless, it is often used as a + less-severe method of controlling disk space consumption: + since users do not generate core files themselves, and + often do not delete them, setting this may save them from + running out of disk space should a large program (e.g., + <application>emacs</application>) crash.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>cputime</literal></term> + <term><literal>cputime</literal></term> <listitem> - <indexterm><primary>cputime</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>cputime</secondary> - </indexterm> - <para>This is the maximum amount of CPU time a user's process may - consume. Offending processes will be killed by the kernel.</para> - - <note> - <para>This is a limit on CPU <emphasis>time</emphasis> - consumed, not percentage of the CPU as displayed in some - fields by &man.top.1; and &man.ps.1;. A limit on the - latter is, at the time of this writing, not possible, and - would be rather useless: a compiler—probably a - legitimate task—can easily use almost 100% of a CPU - for some time.</para> - </note> + <indexterm><primary>cputime</primary></indexterm> + <indexterm> + <primary>limiting users</primary> + <secondary>cputime</secondary> + </indexterm> + <para>This is the maximum amount of CPU time a user's + process may consume. Offending processes will be killed + by the kernel.</para> + + <note> + <para>This is a limit on CPU <emphasis>time</emphasis> + consumed, not percentage of the CPU as displayed in + some fields by &man.top.1; and &man.ps.1;. A limit on + the latter is, at the time of this writing, not + possible, and would be rather useless: a + compiler—probably a legitimate task—can + easily use almost 100% of a CPU for some time.</para> + </note> </listitem> </varlistentry> <varlistentry> - <term><literal>filesize</literal></term> + <term><literal>filesize</literal></term> <listitem> - <indexterm><primary>filesize</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>filesize</secondary> - </indexterm> - <para>This is the maximum size of a file the user may possess. - Unlike <link linkend="quotas">disk quotas</link>, this limit is - enforced on individual files, not the set of all files a user - owns.</para> + <indexterm><primary>filesize</primary></indexterm> + <indexterm> + <primary>limiting users</primary> + <secondary>filesize</secondary> + </indexterm> + <para>This is the maximum size of a file the user may + possess. Unlike <link linkend="quotas">disk + quotas</link>, this limit is enforced on individual + files, not the set of all files a user owns.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>maxproc</literal></term> + <term><literal>maxproc</literal></term> <listitem> - <indexterm><primary>maxproc</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>maxproc</secondary> - </indexterm> + <indexterm><primary>maxproc</primary></indexterm> + <indexterm> + <primary>limiting users</primary> + <secondary>maxproc</secondary> + </indexterm> <para>This is the maximum number of processes a user may be - running. This includes foreground and background processes - alike. For obvious reasons, this may not be larger than the - system limit specified by the <varname>kern.maxproc</varname> - &man.sysctl.8;. Also note that setting this - too small may hinder a - user's productivity: it is often useful to be logged in - multiple times or execute pipelines. Some tasks, such as - compiling a large program, also spawn multiple processes (e.g., - &man.make.1;, &man.cc.1;, and other intermediate + running. This includes foreground and background + processes alike. For obvious reasons, this may not be + larger than the system limit specified by the + <varname>kern.maxproc</varname> &man.sysctl.8;. Also note + that setting this too small may hinder a user's + productivity: it is often useful to be logged in multiple + times or execute pipelines. Some tasks, such as + compiling a large program, also spawn multiple processes + (e.g., &man.make.1;, &man.cc.1;, and other intermediate preprocessors).</para> </listitem> </varlistentry> <varlistentry> - <term><literal>memorylocked</literal></term> + <term><literal>memorylocked</literal></term> <listitem> - <indexterm><primary>memorylocked</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>memorylocked</secondary> - </indexterm> + <indexterm><primary>memorylocked</primary></indexterm> + <indexterm> + <primary>limiting users</primary> + <secondary>memorylocked</secondary> + </indexterm> <para>This is the maximum amount a memory a process may have requested to be locked into main memory (e.g., see &man.mlock.2;). Some system-critical programs, such as - &man.amd.8;, lock into main memory such that in the event + &man.amd.8;, lock into main memory such that in the event of being swapped out, they do not contribute to a system's thrashing in time of trouble.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>memoryuse</literal></term> + <term><literal>memoryuse</literal></term> <listitem> - <indexterm><primary>memoryuse</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>memoryuse</secondary> - </indexterm> - <para>This is the maximum amount of memory a process may consume - at any given time. It includes both core memory and swap - usage. This is not a catch-all limit for restricting memory - consumption, but it is a good start.</para> + <indexterm><primary>memoryuse</primary></indexterm> + <indexterm><primary>limiting users</primary> + <secondary>memoryuse</secondary> + </indexterm> + <para>This is the maximum amount of memory a process may + consume at any given time. It includes both core memory and + swap usage. This is not a catch-all limit for restricting + memory consumption, but it is a good start.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>openfiles</literal></term> + <term><literal>openfiles</literal></term> <listitem> - <indexterm><primary>openfiles</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>openfiles</secondary> - </indexterm> + <indexterm><primary>openfiles</primary></indexterm> + <indexterm><primary>limiting users</primary> + <secondary>openfiles</secondary> + </indexterm> <para>This is the maximum amount of files a process may have - open. In FreeBSD, files are also used to represent sockets and - IPC channels; thus, be careful not to set this too low. The - system-wide limit for this is defined by the + open. In FreeBSD, files are also used to represent + sockets and IPC channels; thus, be careful not to set this + too low. The system-wide limit for this is defined by the <varname>kern.maxfiles</varname> &man.sysctl.8;.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>sbsize</literal></term> + <term><literal>sbsize</literal></term> <listitem> - <indexterm><primary>sbsize</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>sbsize</secondary> - </indexterm> - <para>This is the limit on the amount of network memory, and thus - mbufs, a user may consume. This originated as a response to an - old DoS attack by creating a lot of sockets, but can be - generally used to limit network communications.</para> + <indexterm><primary>sbsize</primary></indexterm> + <indexterm><primary>limiting users</primary> + <secondary>sbsize</secondary> + </indexterm> + <para>This is the limit on the amount of network memory, and + thus mbufs, a user may consume. This originated as a + response to an old DoS attack by creating a lot of + sockets, but can be generally used to limit network + communications.</para> </listitem> </varlistentry> <varlistentry> - <term><literal>stacksize</literal></term> + <term><literal>stacksize</literal></term> <listitem> - <indexterm><primary>stacksize</primary></indexterm> - <indexterm> - <primary>limiting users</primary> - <secondary>stacksize</secondary> - </indexterm> + <indexterm><primary>stacksize</primary></indexterm> + <indexterm><primary>limiting users</primary> + <secondary>stacksize</secondary> + </indexterm> <para>This is the maximum size a process' stack may grow to. - This alone is not sufficient to limit the amount of memory a - program may use; consequently, it should be used in conjunction - with other limits.</para> + This alone is not sufficient to limit the amount of memory + a program may use; consequently, it should be used in + conjunction with other limits.</para> </listitem> </varlistentry> </variablelist> - <para>There are a few other things to remember when setting resource - limits. Following are some general tips, suggestions, and - miscellaneous comments.</para> + <para>There are a few other things to remember when setting + resource limits. Following are some general tips, suggestions, + and miscellaneous comments.</para> <itemizedlist> <listitem> - <para>Processes started at system startup by - <filename>/etc/rc</filename> are assigned to the - <literal>daemon</literal> login class.</para> + <para>Processes started at system startup by + <filename>/etc/rc</filename> are assigned to the + <literal>daemon</literal> login class.</para> </listitem> <listitem> - <para>Although the <filename>/etc/login.conf</filename> that comes - with the system is a good source of reasonable values for most - limits, only you, the administrator, can know what is appropriate - for your system. Setting a limit too high may open your system - up to abuse, while setting it too low may put a strain on - productivity.</para> + <para>Although the <filename>/etc/login.conf</filename> that + comes with the system is a good source of reasonable values + for most limits, only you, the administrator, can know what + is appropriate for your system. Setting a limit too high + may open your system up to abuse, while setting it too low + may put a strain on productivity.</para> </listitem> <listitem> - <para>Users of the X Window System (X11) should probably be granted - more resources than other users. X11 by itself takes a lot of - resources, but it also encourages users to run more programs - simultaneously.</para> + <para>Users of the X Window System (X11) should probably be + granted more resources than other users. X11 by itself + takes a lot of resources, but it also encourages users to + run more programs simultaneously.</para> </listitem> <listitem> - <para>Remember that many limits apply to individual processes, not - the user as a whole. For example, setting - <varname>openfiles</varname> to 50 means - that each process the user runs may open up to 50 files. Thus, - the gross amount of files a user may open is the value of - <literal>openfiles</literal> multiplied by the value of - <literal>maxproc</literal>. This also applies to memory - consumption.</para> + <para>Remember that many limits apply to individual processes, + not the user as a whole. For example, setting + <varname>openfiles</varname> to 50 means that each process + the user runs may open up to 50 files. Thus, the gross + amount of files a user may open is the value of + <literal>openfiles</literal> multiplied by the value of + <literal>maxproc</literal>. This also applies to memory + consumption.</para> </listitem> </itemizedlist> - <para>For further information on resource limits and login classes and - capabilities in general, please consult the relevant manual pages: - &man.cap.mkdb.1;, &man.getrlimit.2;, &man.login.conf.5;.</para> + <para>For further information on resource limits and login classes + and capabilities in general, please consult the relevant manual + pages: &man.cap.mkdb.1;, &man.getrlimit.2;, + &man.login.conf.5;.</para> </sect1> <sect1 id="users-groups"> @@ -947,27 +979,28 @@ passwd: done</screen> <secondary>groups</secondary> </indexterm> <para>A group is simply a list of users. Groups are identified by - their group name and GID (Group ID). In FreeBSD (and most other &unix; like - systems), the two factors the kernel uses to decide whether a process - is allowed to do something is its user ID and list of groups it - belongs to. Unlike a user ID, a process has a list of groups - associated with it. You may hear some things refer to the <quote>group ID</quote> - of a user or process; most of the time, this just means the first - group in the list.</para> + their group name and GID (Group ID). In FreeBSD (and most other + &unix; like systems), the two factors the kernel uses to decide + whether a process is allowed to do something is its user ID and + list of groups it belongs to. Unlike a user ID, a process has a + list of groups associated with it. You may hear some things + refer to the <quote>group ID</quote> of a user or process; most + of the time, this just means the first group in the list.</para> <para>The group name to group ID map is in - <filename>/etc/group</filename>. This is a plain text file with four - colon-delimited fields. The first field is the group name, the - second is the encrypted password, the third the group ID, and the - fourth the comma-delimited list of members. It can safely be edited - by hand (assuming, of course, that you do not make any syntax - errors!). For a more complete description of the syntax, see the - &man.group.5; manual page.</para> + <filename>/etc/group</filename>. This is a plain text file with + four colon-delimited fields. The first field is the group name, + the second is the encrypted password, the third the group ID, + and the fourth the comma-delimited list of members. It can + safely be edited by hand (assuming, of course, that you do not + make any syntax errors!). For a more complete description of + the syntax, see the &man.group.5; manual page.</para> <para>If you do not want to edit <filename>/etc/group</filename> - manually, you can use the &man.pw.8; command to add and edit groups. - For example, to add a group called <groupname>teamtwo</groupname> and - then confirm that it exists you can use:</para> + manually, you can use the &man.pw.8; command to add and edit + groups. For example, to add a group called + <groupname>teamtwo</groupname> and then confirm that it exists + you can use:</para> <example> <title>Adding a Group Using &man.pw.8;</title> @@ -977,14 +1010,16 @@ passwd: done</screen> teamtwo:*:1100:</screen> </example> - <para>The number <literal>1100</literal> above is the group ID of the - group <groupname>teamtwo</groupname>. Right now, - <groupname>teamtwo</groupname> has no members, and is thus rather - useless. Let's change that by inviting <username>jru</username> to - the <groupname>teamtwo</groupname> group.</para> + <para>The number <literal>1100</literal> above is the group ID of + the group <groupname>teamtwo</groupname>. Right now, + <groupname>teamtwo</groupname> has no members, and is thus + rather useless. Let's change that by inviting + <username>jru</username> to the <groupname>teamtwo</groupname> + group.</para> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301281509.r0SF9Ah1011231>