Date: Tue, 26 Nov 2013 18:09:30 +0000 (UTC) From: Warren Block <wblock@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43257 - head/en_US.ISO8859-1/books/handbook/basics Message-ID: <201311261809.rAQI9UVJ077070@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wblock Date: Tue Nov 26 18:09:29 2013 New Revision: 43257 URL: http://svnweb.freebsd.org/changeset/doc/43257 Log: Whitespace-only fixes, translators please ignore. Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Tue Nov 26 17:37:42 2013 (r43256) +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Tue Nov 26 18:09:29 2013 (r43257) @@ -4,7 +4,10 @@ $FreeBSD$ --> -<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="basics"> +<chapter xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" + xml:id="basics"> + <!-- <chapterinfo> <authorgroup> @@ -82,9 +85,15 @@ <sect1 xml:id="consoles"> <title>Virtual Consoles and Terminals</title> - <indexterm><primary>virtual consoles</primary></indexterm> - <indexterm><primary>terminals</primary></indexterm> - <indexterm><primary>console</primary></indexterm> + <indexterm> + <primary>virtual consoles</primary> + </indexterm> + <indexterm> + <primary>terminals</primary> + </indexterm> + <indexterm> + <primary>console</primary> + </indexterm> <para>Unless &os; has been configured to automatically start a graphical environment during startup, the system will boot @@ -194,17 +203,17 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" <para>To disable a virtual console, put a comment symbol (<literal>#</literal>) at the beginning of the line - representing that virtual console. For example, to reduce - the number of available virtual consoles from eight to four, - put a <literal>#</literal> in front of the last four lines - representing virtual consoles - <filename>ttyv5</filename> through - <filename>ttyv8</filename>. <emphasis>Do not</emphasis> - comment out the line for the system console - <filename>ttyv0</filename>. Note that the last virtual - console (<filename>ttyv8</filename>) is used to access + representing that virtual console. For example, to reduce the + number of available virtual consoles from eight to four, put a + <literal>#</literal> in front of the last four lines + representing virtual consoles <filename>ttyv5</filename> + through <filename>ttyv8</filename>. + <emphasis>Do not</emphasis> comment out the line for the + system console <filename>ttyv0</filename>. Note that the last + virtual console (<filename>ttyv8</filename>) is used to access the graphical environment if <application>&xorg;</application> - has been installed and configured as described in <xref linkend="x11"/>.</para> + has been installed and configured as described in + <xref linkend="x11"/>.</para> <para>For a detailed description of every column in this file and the available options for the virtual consoles, refer to @@ -219,15 +228,16 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" the system will boot into a special mode known as <quote>single user mode</quote>. This mode is typically used to repair a system that will not boot or to reset the - <systemitem class="username">root</systemitem> password when it is not known. - While in single user mode, networking and other virtual - consoles are not available. However, full - <systemitem class="username">root</systemitem> access to the system is available, - and by default, the <systemitem class="username">root</systemitem> password is not - needed. For these reasons, physical access to the keyboard - is needed to boot into this mode and determining who has - physical access to the keyboard is something to consider when - securing a &os; system.</para> + <systemitem class="username">root</systemitem> password when + it is not known. While in single user mode, networking and + other virtual consoles are not available. However, full + <systemitem class="username">root</systemitem> access to the + system is available, and by default, the + <systemitem class="username">root</systemitem> password is not + needed. For these reasons, physical access to the keyboard is + needed to boot into this mode and determining who has physical + access to the keyboard is something to consider when securing + a &os; system.</para> <para>The settings which control single user mode are found in this section of <filename>/etc/ttys</filename>:</para> @@ -239,23 +249,23 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" console none unknown off secure</programlisting> <para>By default, the status is set to - <literal>secure</literal>. This assumes that who has - physical access to the keyboard is either not important or it - is controlled by a physical security policy. If this setting - is changed to <literal>insecure</literal>, the assumption is - that the environment itself is insecure because anyone can - access the keyboard. When this line is changed to + <literal>secure</literal>. This assumes that who has physical + access to the keyboard is either not important or it is + controlled by a physical security policy. If this setting is + changed to <literal>insecure</literal>, the assumption is that + the environment itself is insecure because anyone can access + the keyboard. When this line is changed to <literal>insecure</literal>, &os; will prompt for the - <systemitem class="username">root</systemitem> password when a user selects to - boot into single user mode.</para> + <systemitem class="username">root</systemitem> password when a + user selects to boot into single user mode.</para> <note> <para><emphasis>Be careful when changing this setting to <literal>insecure</literal></emphasis>! If the - <systemitem class="username">root</systemitem> password is forgotten, booting - into single user mode is still possible, but may be - difficult for someone who is not familiar with the &os; - booting process.</para> + <systemitem class="username">root</systemitem> password is + forgotten, booting into single user mode is still possible, + but may be difficult for someone who is not familiar with + the &os; booting process.</para> </note> </sect2> @@ -360,28 +370,34 @@ console none <indexterm> <primary>accounts</primary> - <secondary><systemitem class="username">daemon</systemitem></secondary> + <secondary><systemitem + class="username">daemon</systemitem></secondary> </indexterm> <indexterm> <primary>accounts</primary> - <secondary><systemitem class="username">operator</systemitem></secondary> + <secondary><systemitem + class="username">operator</systemitem></secondary> </indexterm> <para>Examples of system accounts are - <systemitem class="username">daemon</systemitem>, <systemitem class="username">operator</systemitem>, - <systemitem class="username">bind</systemitem>, <systemitem class="username">news</systemitem>, and + <systemitem class="username">daemon</systemitem>, + <systemitem class="username">operator</systemitem>, + <systemitem class="username">bind</systemitem>, + <systemitem class="username">news</systemitem>, and <systemitem class="username">www</systemitem>.</para> <indexterm> <primary>accounts</primary> - <secondary><systemitem class="username">nobody</systemitem></secondary> + <secondary><systemitem + class="username">nobody</systemitem></secondary> </indexterm> - <para><systemitem class="username">nobody</systemitem> is the generic unprivileged - system account. However, the more services that use - <systemitem class="username">nobody</systemitem>, the more files and processes - that user will become associated with, and hence the more - privileged that user becomes.</para> + <para><systemitem class="username">nobody</systemitem> is the + generic unprivileged system account. However, the more + services that use + <systemitem class="username">nobody</systemitem>, the more + files and processes that user will become associated with, + and hence the more privileged that user becomes.</para> </sect3> <sect3 xml:id="users-user"> @@ -410,300 +426,314 @@ console none <varlistentry> <term>User name</term> - <listitem> - <para>The user name is typed at the <prompt>login:</prompt> - prompt. User names must be unique on the system as no two - users can have the same user name. There are a number of - rules for creating valid user names which are documented - in &man.passwd.5;. It is recommended to use user names - that consist of eight or fewer, all lower case characters - in order to maintain backwards compatibility with - applications.</para> - </listitem> - </varlistentry> + <listitem> + <para>The user name is typed at the + <prompt>login:</prompt> prompt. User names must be + unique on the system as no two users can have the same + user name. There are a number of rules for creating + valid user names which are documented in + &man.passwd.5;. It is recommended to use user names + that consist of eight or fewer, all lower case + characters in order to maintain backwards + compatibility with applications.</para> + </listitem> + </varlistentry> - <varlistentry> - <term>Password</term> + <varlistentry> + <term>Password</term> - <listitem> - <para>Each user account should have an associated password. - While the password can be blank, this is highly - discouraged.</para> - </listitem> - </varlistentry> + <listitem> + <para>Each user account should have an associated + password. While the password can be blank, this is + highly discouraged.</para> + </listitem> + </varlistentry> - <varlistentry> - <term>User ID (<acronym>UID</acronym>)</term> + <varlistentry> + <term>User ID (<acronym>UID</acronym>)</term> - <listitem> - <para>The User ID (<acronym>UID</acronym>) is a number used - to uniquely identify the user to the &os; system. - Commands that allow a user name to be specified will - first convert it to the <acronym>UID</acronym>. It is - recommended to use a UID of 65535 or lower as higher UIDs - may cause compatibility issues with software that does - not support integers larger than 32-bits.</para> - </listitem> - </varlistentry> + <listitem> + <para>The User ID (<acronym>UID</acronym>) is a number + used to uniquely identify the user to the &os; system. + Commands that allow a user name to be specified will + first convert it to the <acronym>UID</acronym>. It is + recommended to use a UID of 65535 or lower as higher + UIDs may cause compatibility issues with software that + does not support integers larger than 32-bits.</para> + </listitem> + </varlistentry> - <varlistentry> - <term>Group ID (<acronym>GID</acronym>)</term> + <varlistentry> + <term>Group ID (<acronym>GID</acronym>)</term> - <listitem> - <para>The Group ID (<acronym>GID</acronym>) is a number - used to uniquely identify the primary group that the user - belongs to. Groups are a mechanism for controlling - access to resources based on a user's - <acronym>GID</acronym> rather than their - <acronym>UID</acronym>. This can significantly reduce the - size of some configuration files and allows users to be - members of more than one group. It is recommended to use - a GID of 65535 or lower as higher GIDs may break some - software.</para> - </listitem> - </varlistentry> + <listitem> + <para>The Group ID (<acronym>GID</acronym>) is a number + used to uniquely identify the primary group that the + user belongs to. Groups are a mechanism for + controlling access to resources based on a user's + <acronym>GID</acronym> rather than their + <acronym>UID</acronym>. This can significantly reduce + the size of some configuration files and allows users + to be members of more than one group. It is + recommended to use a GID of 65535 or lower as higher + GIDs may break some software.</para> + </listitem> + </varlistentry> - <varlistentry> - <term>Login class</term> + <varlistentry> + <term>Login class</term> - <listitem> - <para>Login classes are an extension to the group mechanism - that provide additional flexibility when tailoring the - system to different users. Login classes are discussed - further in <xref linkend="users-limiting"/></para> - </listitem> - </varlistentry> + <listitem> + <para>Login classes are an extension to the group + mechanism that provide additional flexibility when + tailoring the system to different users. Login + classes are discussed further in + <xref linkend="users-limiting"/></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>Password change time</term> - <varlistentry> - <term>Password change time</term> + <listitem> + <para>By default, &os; does not force users to change + their passwords periodically. Password expiration can + be enforced on a per-user basis using &man.pw.8;, + forcing some or all users to change their passwords + after a certain amount of time has elapsed.</para> + </listitem> + </varlistentry> - <listitem> - <para>By default, &os; does not force users to change their - passwords periodically. Password expiration can be - enforced on a per-user basis using &man.pw.8;, forcing - some or all users to change their passwords after a - certain amount of time has elapsed.</para> - </listitem> - </varlistentry> + <varlistentry> + <term>Account expiry time</term> - <varlistentry> - <term>Account expiry time</term> + <listitem> + <para>By default, &os; does not expire accounts. When + creating accounts that need a limited lifespan, such + as student accounts in a school, specify the account + expiry date using &man.pw.8;. After the expiry time + has elapsed, the account cannot be used to log in to + the system, although the account's directories and + files will remain.</para> + </listitem> + </varlistentry> - <listitem> - <para>By default, &os; does not expire accounts. When - creating accounts that need a limited lifespan, such as - student accounts in a school, specify the account expiry - date using &man.pw.8;. After the expiry time has - elapsed, the account cannot be used to log in to the - system, although the account's directories and files will - remain.</para> - </listitem> - </varlistentry> + <varlistentry> + <term>User's full name</term> - <varlistentry> - <term>User's full name</term> + <listitem> + <para>The user name uniquely identifies the account to + &os;, but does not necessarily reflect the user's real + name. Similar to a comment, this information can + contain a space, uppercase characters, and be more + than 8 characters long.</para> + </listitem> + </varlistentry> - <listitem> - <para>The user name uniquely identifies the account to &os;, - but does not necessarily reflect the user's real name. - Similar to a comment, this information can contain a - space, uppercase characters, and be more than 8 - characters long.</para> - </listitem> - </varlistentry> + <varlistentry> + <term>Home directory</term> - <varlistentry> - <term>Home directory</term> + <listitem> + <para>The home directory is the full path to a directory + on the system. This is the user's starting directory + when the user logs in. A common convention is to put + all user home directories under + <filename>/home/username</filename> or + <filename>/usr/home/username</filename>. Each user + stores their personal files and subdirectories in + their own home directory.</para> + </listitem> + </varlistentry> - <listitem> - <para>The home directory is the full path to a directory on - the system. This is the user's starting directory when - the user logs in. A common convention is to put all user - home directories under <filename>/home/username</filename> - or <filename>/usr/home/username</filename>. - Each user stores their personal files and subdirectories - in their own home directory.</para> - </listitem> - </varlistentry> + <varlistentry> + <term>User shell</term> - <varlistentry> - <term>User shell</term> + <listitem> + <para>The shell provides the user's default environment + for interacting with the system. There are many + different kinds of shells and experienced users will + have their own preferences, which can be reflected in + their account settings.</para> + </listitem> + </varlistentry> + </variablelist> + </sect3> - <listitem> - <para>The shell provides the user's default environment for - interacting with the system. There are many different - kinds of shells and experienced users will have their own - preferences, which can be reflected in their account - settings.</para> - </listitem> - </varlistentry> - </variablelist> - </sect3> + <sect3 xml:id="users-superuser"> + <title>The Superuser Account</title> - <sect3 xml:id="users-superuser"> - <title>The Superuser Account</title> + <indexterm> + <primary>accounts</primary> + <secondary>superuser (root)</secondary> + </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>superuser (root)</secondary> - </indexterm> + <para>The superuser account, usually called + <systemitem class="username">root</systemitem>, is used to + manage the system with no limitations on privileges. For + this reason, it should not be used for day-to-day tasks like + sending and receiving mail, general exploration of the + system, or programming.</para> + + <para>The superuser, unlike other user accounts, can operate + without limits, and misuse of the superuser account may + result in spectacular disasters. User accounts are unable + to destroy the operating system by mistake, so it is + recommended to login as a user account and to only become + the superuser when a command requires extra + privilege.</para> + + <para>Always double and triple-check any commands issued as + the superuser, since an extra space or missing character can + mean irreparable data loss.</para> + + <para>There are several ways to become gain superuser + privilege. While one can log in as + <systemitem class="username">root</systemitem>, this is + highly discouraged.</para> + + <para>Instead, use &man.su.1; to become the superuser. If + <literal>-</literal> is specified when running this command, + the user will also inherit the root user's environment. The + user running this command must be in the + <systemitem class="groupname">wheel</systemitem> group or + else the command will fail. The user must also know the + password for the + <systemitem class="username">root</systemitem> user + account.</para> - <para>The superuser account, usually called - <systemitem class="username">root</systemitem>, is used to - manage the system with no limitations on privileges. For this - reason, it should not be used for day-to-day - tasks like sending and receiving mail, general exploration of - the system, or programming.</para> - - <para>The superuser, unlike other user - accounts, can operate without limits, and misuse of the - superuser account may result in spectacular disasters. User - accounts are unable to destroy the operating system by - mistake, so it is recommended to login as a user account and - to only become the superuser when a command requires extra - privilege.</para> - - <para>Always double and triple-check any commands issued as the - superuser, since an extra space or missing character can mean - irreparable data loss.</para> - - <para>There are several ways to become gain superuser privilege. - While one can log in as <systemitem class="username">root</systemitem>, this is - highly discouraged.</para> - - <para>Instead, use &man.su.1; to become the superuser. If - <literal>-</literal> is specified when running this command, - the user will also inherit the root user's environment. The - user running this command must be in the - <systemitem class="groupname">wheel</systemitem> group or else the command will - fail. The user must also know the password for the - <systemitem class="username">root</systemitem> user account.</para> - - <para>In this example, the user only becomes superuser in order - to run <command>make install</command> as this step requires - superuser privilege. Once the command completes, the user - types <command>exit</command> to leave the superuser account - and return to the privilege of their user account.</para> + <para>In this example, the user only becomes superuser in + order to run <command>make install</command> as this step + requires superuser privilege. Once the command completes, + the user types <command>exit</command> to leave the + superuser account and return to the privilege of their user + account.</para> - <example> - <title>Install a Program As the Superuser</title> + <example> + <title>Install a Program As the Superuser</title> - <screen>&prompt.user; <userinput>configure</userinput> + <screen>&prompt.user; <userinput>configure</userinput> &prompt.user; <userinput>make</userinput> &prompt.user; <userinput>su -</userinput> Password: &prompt.root; <userinput>make install</userinput> &prompt.root; <userinput>exit</userinput> &prompt.user;</screen> - </example> + </example> - <para>The built-in &man.su.1; framework works well for single - systems or small networks with just one system administrator. - An alternative is to install the <package>security/sudo</package> package or port. - This software provides activity logging and allows the - administrator to configure which users can run which commands - as the superuser.</para> - </sect3> - </sect2> - - <sect2 xml:id="users-modifying"> - <title>Managing Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>modifying</secondary> - </indexterm> - - <para>&os; provides a variety of different commands to manage - user accounts. The most common commands are summarized in Table - 4.1, followed by some examples of their usage. Refer to the - manual page for each utility for more details and usage - examples.</para> + <para>The built-in &man.su.1; framework works well for single + systems or small networks with just one system + administrator. An alternative is to install the + <package>security/sudo</package> package or port. This + software provides activity logging and allows the + administrator to configure which users can run which + commands as the superuser.</para> + </sect3> + </sect2> - <table frame="none" pgwide="1"> - <title>Utilities for Managing User Accounts</title> + <sect2 xml:id="users-modifying"> + <title>Managing Accounts</title> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="2*"/> + <indexterm> + <primary>accounts</primary> + <secondary>modifying</secondary> + </indexterm> - <thead> - <row> - <entry>Command</entry> - <entry>Summary</entry> - </row> - </thead> - <tbody> - <row> - <entry>&man.adduser.8;</entry> - <entry>The recommended command-line application for adding - new users.</entry> - </row> + <para>&os; provides a variety of different commands to manage + user accounts. The most common commands are summarized in + Table 4.1, followed by some examples of their usage. Refer to + the manual page for each utility for more details and usage + examples.</para> - <row> - <entry>&man.rmuser.8;</entry> - <entry>The recommended command-line application for - removing users.</entry> - </row> + <table frame="none" pgwide="1"> + <title>Utilities for Managing User Accounts</title> - <row> - <entry>&man.chpass.1;</entry> - <entry>A flexible tool for changing user database - information.</entry> - </row> + <tgroup cols="2"> + <colspec colwidth="1*"/> + <colspec colwidth="2*"/> - <row> - <entry>&man.passwd.1;</entry> - <entry>The command-line tool to change user - passwords.</entry> - </row> + <thead> + <row> + <entry>Command</entry> + <entry>Summary</entry> + </row> + </thead> + <tbody> + <row> + <entry>&man.adduser.8;</entry> + <entry>The recommended command-line application for + adding new users.</entry> + </row> - <row> - <entry>&man.pw.8;</entry> - <entry>A powerful and flexible tool for modifying all - aspects of user accounts.</entry> - </row> - </tbody> - </tgroup> - </table> + <row> + <entry>&man.rmuser.8;</entry> + <entry>The recommended command-line application for + removing users.</entry> + </row> - <sect3 xml:id="users-adduser"> - <title><command>adduser</command></title> + <row> + <entry>&man.chpass.1;</entry> + <entry>A flexible tool for changing user database + information.</entry> + </row> - <indexterm> - <primary>accounts</primary> - <secondary>adding</secondary> - </indexterm> - <indexterm> - <primary><command>adduser</command></primary> - </indexterm> - <indexterm> - <primary><filename>/usr/share/skel</filename></primary> - </indexterm> - <indexterm><primary>skeleton directory</primary></indexterm> - <para>The recommended program for adding new users is - &man.adduser.8;. When a new user is added, this program - automatically updates <filename>/etc/passwd</filename> and - <filename>/etc/group</filename>. It also creates a home - directory for the new user, copies in the default - configuration files from <filename>/usr/share/skel</filename>, and can - optionally mail the new user a welcome message. This utility - must be run as the <systemitem class="username">superuser</systemitem></para> - - <para>The &man.adduser.8; utility is interactive and walks - through the steps for creating a new user account. As seen in - Example 4.2, either input the required information or press - <keycap>Return</keycap> to accept the default value shown in - square brackets. In this example, the user has been invited - into the <systemitem class="groupname">wheel</systemitem> group, which is - required to provide the account with superuser access. When - finished, the utility will prompt to either create another - user or to exit.</para> + <row> + <entry>&man.passwd.1;</entry> + <entry>The command-line tool to change user + passwords.</entry> + </row> - <example> - <title>Adding a User on &os;</title> + <row> + <entry>&man.pw.8;</entry> + <entry>A powerful and flexible tool for modifying all + aspects of user accounts.</entry> + </row> + </tbody> + </tgroup> + </table> + + <sect3 xml:id="users-adduser"> + <title><command>adduser</command></title> + + <indexterm> + <primary>accounts</primary> + <secondary>adding</secondary> + </indexterm> + <indexterm> + <primary><command>adduser</command></primary> + </indexterm> + <indexterm> + <primary><filename>/usr/share/skel</filename></primary> + </indexterm> + <indexterm> + <primary>skeleton directory</primary> + </indexterm> + + <para>The recommended program for adding new users is + &man.adduser.8;. When a new user is added, this program + automatically updates <filename>/etc/passwd</filename> and + <filename>/etc/group</filename>. It also creates a home + directory for the new user, copies in the default + configuration files from + <filename>/usr/share/skel</filename>, and can optionally + mail the new user a welcome message. This utility must be + run as the + <systemitem class="username">superuser</systemitem></para> + + <para>The &man.adduser.8; utility is interactive and walks + through the steps for creating a new user account. As seen + in Example 4.2, either input the required information or + press <keycap>Return</keycap> to accept the default value + shown in square brackets. In this example, the user has + been invited into the + <systemitem class="groupname">wheel</systemitem> group, + which is required to provide the account with superuser + access. When finished, the utility will prompt to either + create another user or to exit.</para> - <screen>&prompt.root; <userinput>adduser</userinput> + <example> + <title>Adding a User on &os;</title> + + <screen>&prompt.root; <userinput>adduser</userinput> Username: <userinput>jru</userinput> Full name: <userinput>J. Random User</userinput> Uid (Leave empty for default): @@ -733,125 +763,133 @@ adduser: INFO: Successfully added (jru) Add another user? (yes/no): <userinput>no</userinput> Goodbye! &prompt.root;</screen> - </example> - - <note> - <para>Since the password is not echoed when typed, be careful - to not mistype the password when creating the user - account.</para> - </note> - </sect3> - - <sect3 xml:id="users-rmuser"> - <title><command>rmuser</command></title> - - <indexterm><primary><command>rmuser</command></primary></indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>removing</secondary> - </indexterm> - - <para>To completely remove a user from the system, run - &man.rmuser.8; as the superuser. This command performs the - following steps:</para> - - <procedure> - <step> - <para>Removes the user's &man.crontab.1; entry, if one - exists.</para> - </step> - - <step> - <para>Removes any &man.at.1; jobs belonging to the - user.</para> - </step> + </example> - <step> - <para>Kills all processes owned by the user.</para> - </step> - - <step> - <para>Removes the user from the system's local password - file.</para> - </step> - - <step> - <para>Optionally removes the user's home directory, if it is - owned by the user.</para> - </step> - - <step> - <para>Removes the incoming mail files belonging to the user - from <filename>/var/mail</filename>.</para> - </step> - - <step> - <para>Removes all files owned by the user from temporary - file storage areas such as <filename>/tmp</filename>.</para> - </step> - - <step> - <para>Finally, removes the username from all groups to which - it belongs in <filename>/etc/group</filename>. If a group - becomes empty and the group name is the same as the - username, the group is removed. This complements the - per-user unique groups created by &man.adduser.8;.</para> - </step> - </procedure> + <note> + <para>Since the password is not echoed when typed, be + careful to not mistype the password when creating the user + account.</para> + </note> + </sect3> - <para>&man.rmuser.8; cannot be used to remove superuser - accounts since that is almost always an indication of massive - destruction.</para> + <sect3 xml:id="users-rmuser"> + <title><command>rmuser</command></title> - <para>By default, an interactive mode is used, as shown - in the following example.</para> + <indexterm> + <primary><command>rmuser</command></primary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary>removing</secondary> + </indexterm> - <example> - <title><command>rmuser</command> Interactive Account - Removal</title> + <para>To completely remove a user from the system, run + &man.rmuser.8; as the superuser. This command performs the + following steps:</para> + + <procedure> + <step> + <para>Removes the user's &man.crontab.1; entry, if one + exists.</para> + </step> + + <step> + <para>Removes any &man.at.1; jobs belonging to the + user.</para> + </step> + + <step> + <para>Kills all processes owned by the user.</para> + </step> + + <step> + <para>Removes the user from the system's local password + file.</para> + </step> + + <step> + <para>Optionally removes the user's home directory, if it + is owned by the user.</para> + </step> + + <step> + <para>Removes the incoming mail files belonging to the + user from <filename>/var/mail</filename>.</para> + </step> + + <step> + <para>Removes all files owned by the user from temporary + file storage areas such as + <filename>/tmp</filename>.</para> + </step> + + <step> + <para>Finally, removes the username from all groups to + which it belongs in <filename>/etc/group</filename>. If + a group becomes empty and the group name is the same as + the username, the group is removed. This complements + the per-user unique groups created by + &man.adduser.8;.</para> + </step> + </procedure> + + <para>&man.rmuser.8; cannot be used to remove superuser + accounts since that is almost always an indication of + massive destruction.</para> + + <para>By default, an interactive mode is used, as shown + in the following example.</para> + + <example> + <title><command>rmuser</command> Interactive Account + Removal</title> - <screen>&prompt.root; <userinput>rmuser jru</userinput> + <screen>&prompt.root; <userinput>rmuser jru</userinput> Matching password entry: jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh Is this the entry you wish to remove? <userinput>y</userinput> Remove user's home directory (/home/jru)? <userinput>y</userinput> Removing user (jru): mailspool home passwd. &prompt.root;</screen> - </example> - </sect3> - - <sect3 xml:id="users-chpass"> - <title><command>chpass</command></title> + </example> + </sect3> - <indexterm><primary><command>chpass</command></primary></indexterm> - <para>Any user can use &man.chpass.1; to change their default - shell and personal information associated with their user - account. The superuser can use this utility to change - additional account information for any user.</para> - - <para>When passed no options, aside from an optional username, - &man.chpass.1; displays an editor containing user information. - When the user exists from the editor, the user database is - updated with the new information.</para> + <sect3 xml:id="users-chpass"> + <title><command>chpass</command></title> - <note> - <para>This utility will prompt for the user's password when - exiting the editor, unless the utility is run as the - superuser.</para> - </note> + <indexterm> + <primary><command>chpass</command></primary> + </indexterm> - <para>In Example 4.4, the superuser has typed - <command>chpass jru</command> and is now viewing the fields - that can be changed for this user. If - <systemitem class="username">jru</systemitem> runs this command instead, only the - last six fields will be displayed and available for editing. - This is shown in Example 4.5.</para> + <para>Any user can use &man.chpass.1; to change their default + shell and personal information associated with their user + account. The superuser can use this utility to change + additional account information for any user.</para> + + <para>When passed no options, aside from an optional username, + &man.chpass.1; displays an editor containing user + information. When the user exists from the editor, the user + database is updated with the new information.</para> + + <note> + <para>This utility will prompt for the user's password when + exiting the editor, unless the utility is run as the + superuser.</para> + </note> + + <para>In Example 4.4, the superuser has typed + <command>chpass jru</command> and is now viewing the fields + that can be changed for this user. If + <systemitem class="username">jru</systemitem> runs this + command instead, only the last six fields will be displayed + and available for editing. This is shown in Example + 4.5.</para> + + <example> + <title>Using <command>chpass</command> as + Superuser</title> - <example> - <title>Using <command>chpass</command> as - Superuser</title> - - <screen>#Changing user database information for jru. + <screen>#Changing user database information for jru. Login: jru Password: * Uid [#]: 1001 @@ -866,448 +904,509 @@ Office Location: Office Phone: Home Phone: Other information:</screen> - </example> + </example> - <example> - <title>Using <command>chpass</command> as Regular - User</title> + <example> + <title>Using <command>chpass</command> as Regular + User</title> - <screen>#Changing user database information for jru. + <screen>#Changing user database information for jru. Shell: /usr/local/bin/zsh Full Name: J. Random User Office Location: Office Phone: Home Phone: Other information:</screen> - </example> + </example> - <note> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311261809.rAQI9UVJ077070>