From nobody Fri Aug 29 08:30:32 2025 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cCs0S6pwbz66LVL for ; Fri, 29 Aug 2025 08:30:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cCs0S5y9yz46Bj; Fri, 29 Aug 2025 08:30:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756456232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z6HeqbMsSJaxWpLpUQGPsLu20w6DlsGU8r1+0Lau+m0=; b=Y3++GI+GyJHsKV9V0duIvagY7VFrCvE0hJuNHe2AmJ74GL43bh/h/EDyaHDvi8+2cEud7O Vx7mlTXDSYaHZAJLkphpGHNmD6/PuukteoHlyUtuiEqBAHLVW6CnchHlx/+JTvXfU/hAt+ Sv++n+lmJ6XU+iosuizhhDpqtF5JxMhZu1kRKLHH11nwYO275WTlxYTLNSFic3+SuDdaAj y9AiRWCO8B9tEZDcSWlkfM5oQ4XDjl+wmkLLoI0jiVT/wbwjjUTZZZFjaXvoTCA7MMFgPH YMAq6o3TnNcjaDlPpzlFtr6qb5NDmmQbFtQn8aQHrrisahGzICmEIBIcjByAsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756456232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Z6HeqbMsSJaxWpLpUQGPsLu20w6DlsGU8r1+0Lau+m0=; b=aXNdLHifHnueRACRTeCl4RrCb+qDzx43WySKrK4Qz3DZ+eBa6eqvTZ1Akb1zP0bKbG3bp3 dHMO752FeCkmq41CZ66iLJfBcTRp7xbuDbYh9Of/HFpJOyt0HgUS9HkW9kDMrL5RBYUYhH HfPoeUHO44RiIGTtj59kmZjoJ+rnNSCNRplgymiQ1yHyoeIag1ezbYFEoM0XoOlOhBLxVw x9t4vZqIlsJY2MRolccgmtcKy7xEYAQbC1SigHSwGfGk/Ae7dupus+fBPja0EWEdmxmt+W 0OOAJzXwHq0RuIx0Pluly3QsucUWQcL9htTixy76xMl4hHl7cZ2wzDvjs6UBOg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756456232; a=rsa-sha256; cv=none; b=DFYM0wnkib9L8iCB99Gs17bYSzU7fKubiDN05zq+neMdy1V/d5I24QYeQd57wtaQKZx0bi 8Yo/nhDDeJXuzmHkw/ZhNaDfrVH9+wxKNZ+3B5v4QZLvGJQQQYHytKjDa38p0Wn4abL4wF LuQ2aCj7AXa+c9LVfSwpAKXVyCigp2NxWASy3WGCoB7Eeoe/tiD1t7P47wH11lWBioaYwn Nbn3BZG+IzqG5zwLYGAVpR41jiyzdXtrBJa8ytIUAsYCDQGl5XO9POkEbcAhxYyTx+rfhG MZ7tS2VV96bdCYaIUdgC+sthiBnoKRXJ4rhdANBFPDz5RB7imxJOaNLYmxtW+w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cCs0S5WPmzY4L; Fri, 29 Aug 2025 08:30:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57T8UWYJ038171; Fri, 29 Aug 2025 08:30:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57T8UWgf038168; Fri, 29 Aug 2025 08:30:32 GMT (envelope-from git) Date: Fri, 29 Aug 2025 08:30:32 GMT Message-Id: <202508290830.57T8UWgf038168@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Benedict Reuschling Subject: git: 63d63c114e - main - Avoid the use of "you" in the security chapter List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bcr X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 63d63c114e8992e455b8f2390f95bdc8c6a92282 Auto-Submitted: auto-generated The branch main has been updated by bcr: URL: https://cgit.FreeBSD.org/doc/commit/?id=63d63c114e8992e455b8f2390f95bdc8c6a92282 commit 63d63c114e8992e455b8f2390f95bdc8c6a92282 Author: Benedict Reuschling AuthorDate: 2025-08-28 15:51:38 +0000 Commit: Benedict Reuschling CommitDate: 2025-08-29 08:30:14 +0000 Avoid the use of "you" in the security chapter Rewrite sentences that contain 'you', which should be avoided according to the FDP Primer. The resulting sentences are easier to understand and often shorter. I did not change programlistings and other output as these are from programs, which need to be changed first (out of scope of this change). Event: Oslo Hackathon 2025 Reviewed by: carlavilla Differential Revision: https://reviews.freebsd.org/D52217 --- documentation/content/en/books/handbook/security/_index.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 53be6040d1..f2dc051b6a 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -256,7 +256,7 @@ Enter new password: If a password that does not match the policy is entered, it will be rejected with a warning and the user will have an opportunity to try again, up to the configured number of retries. -If your organization's policy requires passwords to expire, FreeBSD supports the `passwordtime` in the user's login class in [.filename]#/etc/login.conf# +If the organization's policy requires passwords to expire, FreeBSD supports the `passwordtime` in the user's login class in [.filename]#/etc/login.conf# The `default` login class contains an example: @@ -580,7 +580,7 @@ All devices may be read or written subject to their permissions. 1:: *Secure mode* - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, [.filename]#/dev/mem# and [.filename]#/dev/kmem# may not be opened for writing; -[.filename]#/dev/io# (if your platform has it) may not be opened at all; kernel modules (see man:kld[4]) may not be loaded or unloaded. +[.filename]#/dev/io# (if the platform has it) may not be opened at all; kernel modules (see man:kld[4]) may not be loaded or unloaded. The kernel debugger may not be entered using the debug.kdb.enter sysctl. A panic or trap cannot be forced using the debug.kdb.panic, debug.kdb.panic_str and other sysctl's. @@ -1888,7 +1888,7 @@ Additionally, always exercise caution when editing system configuration files, e === Enabling and Configuring Resource Limits The man:rctl[8] system provides a more fine-grained way to set and manage resource limits for individual processes and users. -It allows you to dynamically assign resource limits to specific processes or users, regardless of their user class. +It allows dynamically assigning resource limits to specific processes or users, regardless of their user class. The first step to use man:rctl[8] will be to enable it adding the following line to [.filename]#/boot/loader.conf# and reboot the system: