From owner-svn-doc-all@FreeBSD.ORG Mon Jan 28 15:09:11 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0CF5C961; Mon, 28 Jan 2013 15:09:11 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id D80C71E7; Mon, 28 Jan 2013 15:09:10 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0SF9AV0011232; Mon, 28 Jan 2013 15:09:10 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0SF9Ah1011231; Mon, 28 Jan 2013 15:09:10 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201301281509.r0SF9Ah1011231@svn.freebsd.org> From: Dru Lavigne Date: Mon, 28 Jan 2013 15:09:10 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40779 - head/en_US.ISO8859-1/books/handbook/users X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2013 15:09:11 -0000 Author: dru Date: Mon Jan 28 15:09:10 2013 New Revision: 40779 URL: http://svnweb.freebsd.org/changeset/doc/40779 Log: White space fix only. Translators can ignore. Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 15:05:36 2013 (r40778) +++ head/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 15:09:10 2013 (r40779) @@ -9,7 +9,7 @@ - Neil + Neil Blakey-Milner Contributed by @@ -22,22 +22,21 @@ Synopsis - FreeBSD allows multiple users to use the computer at the same time. - Obviously, only one of those users can be sitting in front of the screen and - keyboard at any one time - - Well, unless you hook up multiple terminals, but we will - save that for . - , but any number of users can log in through the - network to get their work done. To use the system every user must have - an account. + FreeBSD allows multiple users to use the computer at the + same time. Obviously, only one of those users can be sitting in + front of the screen and keyboard at any one time + Well, unless you hook up multiple terminals, but + we will save that for . + , but any number of users can log in through the + network to get their work done. To use the system every user + must have an account. After reading this chapter, you will know: - The differences between the various user accounts on a FreeBSD - system. + The differences between the various user accounts on a + FreeBSD system. @@ -49,18 +48,19 @@ - How to change account details, such as the user's full name, or - preferred shell. + How to change account details, such as the user's full + name, or preferred shell. How to set limits on a per-account basis, to control the - resources such as memory and CPU time that accounts and groups of - accounts are allowed to access. + resources such as memory and CPU time that accounts and + groups of accounts are allowed to access. - How to use groups to make account management easier. + How to use groups to make account management + easier. @@ -81,8 +81,8 @@ processes are run by users, so user and account management are of integral importance on FreeBSD systems. - Every account on a FreeBSD system has certain information associated - with it to identify the account. + Every account on a FreeBSD system has certain information + associated with it to identify the account. @@ -90,12 +90,12 @@ The user name as it would be typed at the - login: prompt. User names must be unique across - the computer; you may not have two users with the same - user name. There are a number of rules for creating valid user - names, documented in &man.passwd.5;; you would typically use user - names that consist of eight or fewer all lower case - characters. + login: prompt. User names must be unique + across the computer; you may not have two users with the + same user name. There are a number of rules for creating + valid user names, documented in &man.passwd.5;; you would + typically use user names that consist of eight or fewer + all lower case characters. @@ -103,10 +103,10 @@ Password - Each account has a password associated with it. The password - may be blank, in which case no password will be required to access - the system. This is normally a very bad idea; every account - should have a password. + Each account has a password associated with it. The + password may be blank, in which case no password will be + required to access the system. This is normally a very + bad idea; every account should have a password. @@ -114,19 +114,21 @@ User ID (UID) - The UID is a number, traditionally from 0 to 65535 + The UID is a number, traditionally from 0 to + 65535 It is possible to use UID/GIDs as large as 4294967295, but such IDs can cause serious problems with software that makes assumptions about the values of IDs. - , used to uniquely identify - the user to the system. Internally, FreeBSD uses the UID to - identify users—any FreeBSD commands that allow you to - specify a user name will convert it to the UID before working with - it. This means that you can have several accounts with different - user names but the same UID. As far as FreeBSD is concerned these - accounts are one user. It is unlikely you will ever need to do - this. + , used to uniquely identify the user to the + system. Internally, FreeBSD uses the UID to + identify users—any FreeBSD commands that allow + you to specify a user name will convert it to the UID + before working with it. This means that you can have + several accounts with different user names but the + same UID. As far as FreeBSD is concerned these + accounts are one user. It is unlikely you will ever + need to do this. @@ -134,11 +136,13 @@ Group ID (GID) - The GID is a number, traditionally from 0 to 65535, used to uniquely identify - the primary group that the user belongs to. Groups are a - mechanism for controlling access to resources based on a user's - GID rather than their UID. This can significantly reduce the size - of some configuration files. A user may also be in more than one + The GID is a number, traditionally from 0 to + 65535, used to + uniquely identify the primary group that the user belongs + to. Groups are a mechanism for controlling access to + resources based on a user's GID rather than their UID. + This can significantly reduce the size of some + configuration files. A user may also be in more than one group. @@ -147,9 +151,9 @@ Login class - Login classes are an extension to the group mechanism that - provide additional flexibility when tailoring the system to - different users. + Login classes are an extension to the group mechanism + that provide additional flexibility when tailoring the + system to different users. @@ -157,10 +161,11 @@ Password change time - By default FreeBSD does not force users to change their - passwords periodically. You can enforce this on a per-user basis, - forcing some or all of your users to change their passwords after - a certain amount of time has elapsed. + By default FreeBSD does not force users to change + their passwords periodically. You can enforce this on a + per-user basis, forcing some or all of your users to + change their passwords after a certain amount of time has + elapsed. @@ -168,13 +173,13 @@ Account expiry time - By default FreeBSD does not expire accounts. If you are - creating accounts that you know have a limited lifespan, for - example, in a school where you have accounts for the students, - then you can specify when the account expires. After the expiry - time has elapsed the account cannot be used to log in to the - system, although the account's directories and files will - remain. + By default FreeBSD does not expire accounts. If you + are creating accounts that you know have a limited + lifespan, for example, in a school where you have accounts + for the students, then you can specify when the account + expires. After the expiry time has elapsed the account + cannot be used to log in to the system, although the + account's directories and files will remain. @@ -182,9 +187,10 @@ User's full name - The user name uniquely identifies the account to FreeBSD, but - does not necessarily reflect the user's real name. This - information can be associated with the account. + The user name uniquely identifies the account to + FreeBSD, but does not necessarily reflect the user's real + name. This information can be associated with the + account. @@ -192,14 +198,16 @@ Home directory - The home directory is the full path to a directory on the - system in which the user will start when logging on to the - system. A common convention is to put all user home directories - under + The home directory is the full path to a directory on + the system in which the user will start when logging on to + the system. A common convention is to put all user home + directories under /home/username - or /usr/home/username. - The user would store their personal files in their home directory, - and any directories they may create in there. + or + /usr/home/username. + The user would store their personal files in their home + directory, and any directories they may create in + there. @@ -207,10 +215,11 @@ User shell - The shell provides the default environment users use to - interact with the system. There are many different kinds of - shells, and experienced users will have their own preferences, - which can be reflected in their account settings. + The shell provides the default environment users use + to interact with the system. There are many different + kinds of shells, and experienced users will have their own + preferences, which can be reflected in their account + settings. @@ -345,26 +354,31 @@ &man.adduser.8; The recommended command-line application for adding - new users. + new users. + &man.rmuser.8; The recommended command-line application for - removing users. + removing users. + &man.chpass.1; - A flexible tool to change user database information. + A flexible tool to change user database + information. + &man.passwd.1; The simple command-line tool to change user - passwords. + passwords. + &man.pw.8; A powerful and flexible tool to modify all aspects - of user accounts. + of user accounts. @@ -374,21 +388,23 @@ <command>adduser</command> - accounts - adding + accounts + adding - adduser + adduser - /usr/share/skel + /usr/share/skel skeleton directory &man.adduser.8; is a simple program for adding new users. It creates entries in the system passwd and group files. It will also create a home directory for the new user, - copy in the default configuration files (dotfiles) from + copy in the default configuration files + (dotfiles) from /usr/share/skel, and can optionally mail the new user a welcome message. @@ -428,9 +444,9 @@ Goodbye! - The password you type in is not echoed, nor are asterisks - displayed. Make sure that you do not mistype the password. - + The password you type in is not echoed, nor are + asterisks displayed. Make sure that you do not mistype the + password. @@ -439,13 +455,12 @@ Goodbye! rmuser - accounts - removing + accounts + removing - You can use &man.rmuser.8; to - completely remove a user from the system. - &man.rmuser.8; performs the following + You can use &man.rmuser.8; to completely remove a user + from the system. &man.rmuser.8; performs the following steps: @@ -453,51 +468,60 @@ Goodbye! Removes the user's &man.crontab.1; entry (if any). + Removes any &man.at.1; jobs belonging to the user. + Kills all processes owned by the user. + Removes the user from the system's local password file. + Removes the user's home directory (if it is owned by the user). + Removes the incoming mail files belonging to the user from /var/mail. + Removes all files owned by the user from temporary - file storage areas such as /tmp. + file storage areas such as + /tmp. + Finally, removes the username from all groups to which it belongs in /etc/group. - - If a group becomes empty and the group name is the - same as the username, the group is removed; this - complements the per-user unique groups created by - &man.adduser.8;. - + + If a group becomes empty and the group name is the + same as the username, the group is removed; this + complements the per-user unique groups created by + &man.adduser.8;. + - &man.rmuser.8; cannot be used to remove - superuser accounts, since that is almost always an indication - of massive destruction. + &man.rmuser.8; cannot be used to remove superuser + accounts, since that is almost always an indication of massive + destruction. By default, an interactive mode is used, which attempts to make sure you know what you are doing. - <command>rmuser</command> Interactive Account Removal + <command>rmuser</command> Interactive Account + Removal &prompt.root; rmuser jru Matching password entry: @@ -534,11 +558,13 @@ Removing files belonging to jru from /va You will be asked for your password - after exiting the editor if you are not the superuser. + after exiting the editor if you are not the + superuser. - Interactive <command>chpass</command> by Superuser + Interactive <command>chpass</command> by + Superuser #Changing user database information for jru. Login: jru @@ -561,7 +587,8 @@ Other information: information, and only for themselves. - Interactive <command>chpass</command> by Normal User + Interactive <command>chpass</command> by Normal + User #Changing user database information for jru. Shell: /usr/local/bin/zsh @@ -579,8 +606,9 @@ Other information: &man.ypchfn.1;, and &man.ypchsh.1;. NIS support is automatic, so specifying the yp before the command is - not necessary. If this is confusing to you, do not worry, NIS will - be covered in . + not necessary. If this is confusing to you, do not worry, + NIS will be covered in . @@ -588,16 +616,17 @@ Other information: passwd - accounts - changing password + accounts + changing password &man.passwd.1; is the usual way to change your own password as a user, or another user's password as the superuser. - To prevent accidental or unauthorized changes, the original - password must be entered before a new password can be set. + To prevent accidental or unauthorized changes, the + original password must be entered before a new password can + be set. @@ -613,7 +642,8 @@ passwd: done - Changing Another User's Password as the Superuser + Changing Another User's Password as the + Superuser &prompt.root; passwd jru Changing local password for jru. @@ -634,6 +664,7 @@ passwd: done <command>pw</command> + pw &man.pw.8; is a command line utility to create, remove, @@ -673,35 +704,36 @@ passwd: done they provide a way to quickly check that usage without calculating it every time. Quotas are discussed in . + linkend="quotas"/>. - The other resource limits include ways to limit the amount of - CPU, memory, and other resources a user may consume. These are - defined using login classes and are discussed here. + The other resource limits include ways to limit the amount + of CPU, memory, and other resources a user may consume. These + are defined using login classes and are discussed here. /etc/login.conf Login classes are defined in /etc/login.conf. The precise semantics are - beyond the scope of this section, but are described in detail in the - &man.login.conf.5; manual page. It is sufficient to say that each - user is assigned to a login class (default by - default), and that each login class has a set of login capabilities - associated with it. A login capability is a + beyond the scope of this section, but are described in detail in + the &man.login.conf.5; manual page. It is sufficient to say + that each user is assigned to a login class + (default by default), and that each login + class has a set of login capabilities associated with it. A + login capability is a name=value pair, where name is a well-known identifier and value is an arbitrary - string processed accordingly depending on the name. Setting up login - classes and capabilities is rather straight-forward and is also - described in &man.login.conf.5;. + string processed accordingly depending on the name. Setting up + login classes and capabilities is rather straight-forward and is + also described in &man.login.conf.5;. The system does not normally read the configuration in - /etc/login.conf directly, but reads the database - file /etc/login.conf.db which provides - faster lookups. - To generate /etc/login.conf.db from + /etc/login.conf directly, but reads the + database file /etc/login.conf.db which + provides faster lookups. To generate + /etc/login.conf.db from /etc/login.conf, execute the following command: @@ -709,230 +741,230 @@ passwd: done Resource limits are different from plain vanilla login - capabilities in two ways. First, for every limit, there is a soft - (current) and hard limit. A soft limit may be adjusted by the user - or application, but may be no higher than the hard limit. The latter - may be lowered by the user, but never raised. Second, most resource - limits apply per process to a specific user, not the user as a whole. - Note, however, that these differences are mandated by the specific - handling of the limits, not by the implementation of the login - capability framework (i.e., they are not really - a special case of login capabilities). + capabilities in two ways. First, for every limit, there is a + soft (current) and hard limit. A soft limit may be adjusted by + the user or application, but may be no higher than the hard + limit. The latter may be lowered by the user, but never raised. + Second, most resource limits apply per process to a specific + user, not the user as a whole. Note, however, that these + differences are mandated by the specific handling of the limits, + not by the implementation of the login capability framework + (i.e., they are not really a special case + of login capabilities). - And so, without further ado, below are the most commonly used - resource limits (the rest, along with all the other login + And so, without further ado, below are the most commonly + used resource limits (the rest, along with all the other login capabilities, may be found in &man.login.conf.5;). - coredumpsize + coredumpsize - coredumpsize - - limiting users - coredumpsize - - The limit on the size of a core file generated by a program - is, for obvious reasons, subordinate to other limits on disk - usage (e.g., filesize, or disk quotas). - Nevertheless, it is often used as a less-severe method of - controlling disk space consumption: since users do not generate - core files themselves, and often do not delete them, setting this - may save them from running out of disk space should a large - program (e.g., emacs) crash. + coredumpsize + limiting users + coredumpsize + + The limit on the size of a core file generated by a + program is, for obvious reasons, subordinate to other + limits on disk usage (e.g., filesize, + or disk quotas). Nevertheless, it is often used as a + less-severe method of controlling disk space consumption: + since users do not generate core files themselves, and + often do not delete them, setting this may save them from + running out of disk space should a large program (e.g., + emacs) crash. - cputime + cputime - cputime - - limiting users - cputime - - This is the maximum amount of CPU time a user's process may - consume. Offending processes will be killed by the kernel. - - - This is a limit on CPU time - consumed, not percentage of the CPU as displayed in some - fields by &man.top.1; and &man.ps.1;. A limit on the - latter is, at the time of this writing, not possible, and - would be rather useless: a compiler—probably a - legitimate task—can easily use almost 100% of a CPU - for some time. - + cputime + + limiting users + cputime + + This is the maximum amount of CPU time a user's + process may consume. Offending processes will be killed + by the kernel. + + + This is a limit on CPU time + consumed, not percentage of the CPU as displayed in + some fields by &man.top.1; and &man.ps.1;. A limit on + the latter is, at the time of this writing, not + possible, and would be rather useless: a + compiler—probably a legitimate task—can + easily use almost 100% of a CPU for some time. + - filesize + filesize - filesize - - limiting users - filesize - - This is the maximum size of a file the user may possess. - Unlike disk quotas, this limit is - enforced on individual files, not the set of all files a user - owns. + filesize + + limiting users + filesize + + This is the maximum size of a file the user may + possess. Unlike disk + quotas, this limit is enforced on individual + files, not the set of all files a user owns. - maxproc + maxproc - maxproc - - limiting users - maxproc - + maxproc + + limiting users + maxproc + This is the maximum number of processes a user may be - running. This includes foreground and background processes - alike. For obvious reasons, this may not be larger than the - system limit specified by the kern.maxproc - &man.sysctl.8;. Also note that setting this - too small may hinder a - user's productivity: it is often useful to be logged in - multiple times or execute pipelines. Some tasks, such as - compiling a large program, also spawn multiple processes (e.g., - &man.make.1;, &man.cc.1;, and other intermediate + running. This includes foreground and background + processes alike. For obvious reasons, this may not be + larger than the system limit specified by the + kern.maxproc &man.sysctl.8;. Also note + that setting this too small may hinder a user's + productivity: it is often useful to be logged in multiple + times or execute pipelines. Some tasks, such as + compiling a large program, also spawn multiple processes + (e.g., &man.make.1;, &man.cc.1;, and other intermediate preprocessors). - memorylocked + memorylocked - memorylocked - - limiting users - memorylocked - + memorylocked + + limiting users + memorylocked + This is the maximum amount a memory a process may have requested to be locked into main memory (e.g., see &man.mlock.2;). Some system-critical programs, such as - &man.amd.8;, lock into main memory such that in the event + &man.amd.8;, lock into main memory such that in the event of being swapped out, they do not contribute to a system's thrashing in time of trouble. - memoryuse + memoryuse - memoryuse - - limiting users - memoryuse - - This is the maximum amount of memory a process may consume - at any given time. It includes both core memory and swap - usage. This is not a catch-all limit for restricting memory - consumption, but it is a good start. + memoryuse + limiting users + memoryuse + + This is the maximum amount of memory a process may + consume at any given time. It includes both core memory and + swap usage. This is not a catch-all limit for restricting + memory consumption, but it is a good start. - openfiles + openfiles - openfiles - - limiting users - openfiles - + openfiles + limiting users + openfiles + This is the maximum amount of files a process may have - open. In FreeBSD, files are also used to represent sockets and - IPC channels; thus, be careful not to set this too low. The - system-wide limit for this is defined by the + open. In FreeBSD, files are also used to represent + sockets and IPC channels; thus, be careful not to set this + too low. The system-wide limit for this is defined by the kern.maxfiles &man.sysctl.8;. - sbsize + sbsize - sbsize - - limiting users - sbsize - - This is the limit on the amount of network memory, and thus - mbufs, a user may consume. This originated as a response to an - old DoS attack by creating a lot of sockets, but can be - generally used to limit network communications. + sbsize + limiting users + sbsize + + This is the limit on the amount of network memory, and + thus mbufs, a user may consume. This originated as a + response to an old DoS attack by creating a lot of + sockets, but can be generally used to limit network + communications. - stacksize + stacksize - stacksize - - limiting users - stacksize - + stacksize + limiting users + stacksize + This is the maximum size a process' stack may grow to. - This alone is not sufficient to limit the amount of memory a - program may use; consequently, it should be used in conjunction - with other limits. + This alone is not sufficient to limit the amount of memory + a program may use; consequently, it should be used in + conjunction with other limits. - There are a few other things to remember when setting resource - limits. Following are some general tips, suggestions, and - miscellaneous comments. + There are a few other things to remember when setting + resource limits. Following are some general tips, suggestions, + and miscellaneous comments. - Processes started at system startup by - /etc/rc are assigned to the - daemon login class. + Processes started at system startup by + /etc/rc are assigned to the + daemon login class. - Although the /etc/login.conf that comes - with the system is a good source of reasonable values for most - limits, only you, the administrator, can know what is appropriate - for your system. Setting a limit too high may open your system - up to abuse, while setting it too low may put a strain on - productivity. + Although the /etc/login.conf that + comes with the system is a good source of reasonable values + for most limits, only you, the administrator, can know what + is appropriate for your system. Setting a limit too high + may open your system up to abuse, while setting it too low + may put a strain on productivity. - Users of the X Window System (X11) should probably be granted - more resources than other users. X11 by itself takes a lot of - resources, but it also encourages users to run more programs - simultaneously. + Users of the X Window System (X11) should probably be + granted more resources than other users. X11 by itself + takes a lot of resources, but it also encourages users to + run more programs simultaneously. - Remember that many limits apply to individual processes, not - the user as a whole. For example, setting - openfiles to 50 means - that each process the user runs may open up to 50 files. Thus, - the gross amount of files a user may open is the value of - openfiles multiplied by the value of - maxproc. This also applies to memory - consumption. + Remember that many limits apply to individual processes, + not the user as a whole. For example, setting + openfiles to 50 means that each process + the user runs may open up to 50 files. Thus, the gross + amount of files a user may open is the value of + openfiles multiplied by the value of + maxproc. This also applies to memory + consumption. - For further information on resource limits and login classes and - capabilities in general, please consult the relevant manual pages: - &man.cap.mkdb.1;, &man.getrlimit.2;, &man.login.conf.5;. + For further information on resource limits and login classes + and capabilities in general, please consult the relevant manual + pages: &man.cap.mkdb.1;, &man.getrlimit.2;, + &man.login.conf.5;. @@ -947,27 +979,28 @@ passwd: done groups A group is simply a list of users. Groups are identified by - their group name and GID (Group ID). In FreeBSD (and most other &unix; like - systems), the two factors the kernel uses to decide whether a process - is allowed to do something is its user ID and list of groups it - belongs to. Unlike a user ID, a process has a list of groups - associated with it. You may hear some things refer to the group ID - of a user or process; most of the time, this just means the first - group in the list. + their group name and GID (Group ID). In FreeBSD (and most other + &unix; like systems), the two factors the kernel uses to decide + whether a process is allowed to do something is its user ID and + list of groups it belongs to. Unlike a user ID, a process has a + list of groups associated with it. You may hear some things + refer to the group ID of a user or process; most + of the time, this just means the first group in the list. The group name to group ID map is in - /etc/group. This is a plain text file with four - colon-delimited fields. The first field is the group name, the - second is the encrypted password, the third the group ID, and the - fourth the comma-delimited list of members. It can safely be edited - by hand (assuming, of course, that you do not make any syntax - errors!). For a more complete description of the syntax, see the - &man.group.5; manual page. + /etc/group. This is a plain text file with + four colon-delimited fields. The first field is the group name, + the second is the encrypted password, the third the group ID, + and the fourth the comma-delimited list of members. It can + safely be edited by hand (assuming, of course, that you do not + make any syntax errors!). For a more complete description of + the syntax, see the &man.group.5; manual page. If you do not want to edit /etc/group - manually, you can use the &man.pw.8; command to add and edit groups. - For example, to add a group called teamtwo and - then confirm that it exists you can use: + manually, you can use the &man.pw.8; command to add and edit + groups. For example, to add a group called + teamtwo and then confirm that it exists + you can use: Adding a Group Using &man.pw.8; @@ -977,14 +1010,16 @@ passwd: done teamtwo:*:1100: - The number 1100 above is the group ID of the - group teamtwo. Right now, - teamtwo has no members, and is thus rather - useless. Let's change that by inviting jru to - the teamtwo group. + The number 1100 above is the group ID of + the group teamtwo. Right now, + teamtwo has no members, and is thus + rather useless. Let's change that by inviting + jru to the teamtwo + group. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***