Date: Sun, 28 Sep 2008 15:31:30 GMT From: Rene Ladan <rene@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 150602 for review Message-ID: <200809281531.m8SFVUIA089485@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=150602 Change 150602 by rene@rene_self on 2008/09/28 15:31:12 IFC Affected files ... .. //depot/projects/docproj_nl/en_US.ISO8859-1/articles/gjournal-desktop/article.sgml#2 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/Makefile#2 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/basics/chapter.sgml#2 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/book.sgml#2 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/chapters.ent#2 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/dtrace/Makefile#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/dtrace/chapter.sgml#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/eresources/chapter.sgml#6 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/filesystems/Makefile#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/filesystems/chapter.sgml#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/geom/chapter.sgml#3 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mirrors/chapter.sgml#6 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/ports/chapter.sgml#3 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/security/chapter.sgml#8 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/updating/Makefile#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/updating/chapter.sgml#1 branch .. //depot/projects/docproj_nl/en_US.ISO8859-1/share/sgml/mailing-lists.ent#5 integrate .. //depot/projects/docproj_nl/share/sgml/man-refs.ent#5 integrate Differences ... ==== //depot/projects/docproj_nl/en_US.ISO8859-1/articles/gjournal-desktop/article.sgml#2 (text+ko) ==== @@ -13,22 +13,22 @@ <article lang="en"> <articleinfo> - <title>Implementing UFS journaling on a desktop PC</title> + <title>Implementing UFS Journaling on a Desktop PC</title> <author> <firstname>Manolis</firstname> <surname>Kiagias</surname> <affiliation> - <address><email>sonicy@otenet.gr</email></address> + <address><email>manolis@FreeBSD.org</email></address> </affiliation> </author> <copyright> <year>2008</year> - <holder role="mailto:sonicy@otenet.gr">Manolis Kiagias</holder> + <holder role="mailto:manolis@FreeBSD.org">Manolis Kiagias</holder> </copyright> - <releaseinfo>$FreeBSD: doc/en_US.ISO8859-1/articles/gjournal-desktop/article.sgml,v 1.2 2008/04/28 15:56:20 gabor Exp $</releaseinfo> + <releaseinfo>$FreeBSD: doc/en_US.ISO8859-1/articles/gjournal-desktop/article.sgml,v 1.3 2008/09/26 11:44:17 pgj Exp $</releaseinfo> <legalnotice id="trademarks" role="trademarks"> &tm-attrib.freebsd; @@ -36,16 +36,16 @@ </legalnotice> <abstract> - <para>A journaling filesystem uses a log to record all transactions - that take place in the filesystem, and preserves its integrity in the + <para>A journaling file system uses a log to record all transactions + that take place in the file system, and preserves its integrity in the event of a system crash or power failure. Although it is still possible to lose unsaved changes to files, journaling almost - completely eliminates the possibility of filesystem corruption caused + completely eliminates the possibility of file system corruption caused by an unclean shutdown. It also shortens to a minimum the time - required for after-failure filesystem checking. Although the UFS - filesystem employed by &os; does not implement journaling itself, - the new journal class of the GEOM framework in &os; 7.X can be - used to provide filesystem independent journaling. This article + required for after-failure file system checking. Although the UFS + file system employed by &os; does not implement journaling itself, + the new journal class of the GEOM framework in &os; 7.<replaceable>X</replaceable> can be + used to provide file system independent journaling. This article explains how to implement UFS journaling on a typical desktop PC scenario.</para> </abstract> @@ -57,15 +57,15 @@ <para>While professional servers are usually well protected from unforeseen shutdowns, the typical desktop is at the mercy of power failures, accidental resets, and other user related incidents that can - lead to unclean shutdowns. Soft updates usually protect the filesystem + lead to unclean shutdowns. Soft Updates usually protect the file system efficiently in such cases, although most of the times a lengthy - background check is required. On rare occasions, filesystem corruption + background check is required. On rare occasions, file system corruption reaches a point where user intervention is required and data may be lost.</para> <para>The new journaling capability provided by GEOM can greatly assist in such scenarios, by virtually eliminating the time required for - filesystem checking, and ensuring that the filesystem is quickly + file system checking, and ensuring that the file system is quickly restored to a consistent state.</para> <para>This article describes a procedure for implementing UFS journaling @@ -88,7 +88,7 @@ </listitem> <listitem> - <para>How to convert your existing filesystems to utilize journaling, + <para>How to convert your existing file systems to utilize journaling, and what options to use in <filename>/etc/fstab</filename> to mount them.</para> </listitem> @@ -128,59 +128,59 @@ </sect1> <sect1 id="understanding-journaling"> - <title>Understanding journaling in &os;</title> + <title>Understanding Journaling in &os;</title> - <para>The journaling provided by GEOM in &os; 7.X is not filesystem - specific (unlike for example the ext3 filesystem in &linux;) but is + <para>The journaling provided by GEOM in &os; 7.<replaceable>X</replaceable> is not file system + specific (unlike for example the ext3 file system in &linux;) but is functioning at the block level. Though this means it can be applied - to different filesystems, for &os; 7.0-RELEASE, it can only be used + to different file systems, for &os; 7.0-RELEASE, it can only be used on UFS2.</para> <para>This functionality is provided by loading the <filename>geom_journal.ko</filename> module into the kernel (or building it into a custom kernel) and using the - <command>gjournal</command> command to configure the filesystems. - In general, you would like to journal large filesystems, like + <command>gjournal</command> command to configure the file systems. + In general, you would like to journal large file systems, like <filename>/usr</filename>. You will need however (see the following section) to reserve some free disk space.</para> - <para>When a filesystem is journaled, some disk space is needed to keep + <para>When a file system is journaled, some disk space is needed to keep the journal itself. The disk space that holds the actual data is referred to as the <emphasis>data provider</emphasis>, while the one that holds the journal is referred to as the <emphasis>journal provider</emphasis>. The data and journal providers need to be on different partitions when journaling an existing - (non empty) partition. When journaling a new partition, you have the + (non-empty) partition. When journaling a new partition, you have the option to use a single provider for both data and journal. In any case, the <command>gjournal</command> command combines both providers to - create the final journaled filesystem. For example:</para> + create the final journaled file system. For example:</para> <itemizedlist> <listitem> - <para>You wish to journal your <filename>/usr</filename> filesystem, - stored in <filename role="device">/dev/ad0s1f</filename> (which + <para>You wish to journal your <filename>/usr</filename> file system, + stored in <filename class="devicefile">/dev/ad0s1f</filename> (which already contains data).</para> </listitem> <listitem> <para>You reserved some free disk space in a partition in - <filename role="device">/dev/ad0s1g</filename>.</para> + <filename class="devicefile">/dev/ad0s1g</filename>.</para> </listitem> <listitem> <para>Using <command>gjournal</command>, a new <filename - role="device">/dev/ad0s1f.journal</filename> device is created - where <filename role="device">/dev/ad0s1f</filename> is the data - provider, and <filename role="device">/dev/ad0s1g</filename> is + class="devicefile">/dev/ad0s1f.journal</filename> device is created + where <filename class="devicefile">/dev/ad0s1f</filename> is the data + provider, and <filename class="devicefile">/dev/ad0s1g</filename> is the journal provider. This new device is then used for all subsequent file operations.</para> </listitem> </itemizedlist> <para>The amount of disk space you need to reserve for the journal - provider depends on the usage load of the filesystem and not on the + provider depends on the usage load of the file system and not on the size of the data provider. For example on a typical office desktop, - a 1Gb journal provider for the <filename>/usr</filename> filesystem + a 1 GB journal provider for the <filename>/usr</filename> file system will suffice, while a machine that deals with heavy disk I/O (i.e. video editing) may need more. A kernel panic will occur if the journal space is exhausted before it has a chance to be @@ -191,10 +191,10 @@ </sect1> <sect1 id="reserve-space"> - <title>Steps during the installation of &os;</title> + <title>Steps During the Installation of &os;</title> <sect2> - <title>Reserving space for journaling</title> + <title>Reserving Space for Journaling</title> <para>A typical desktop machine usually has one hard disk that stores both the OS and user data. Arguably, the default partitioning scheme @@ -202,17 +202,17 @@ suitable: A desktop machine does not need a large <filename>/var</filename> partition, while <filename>/usr</filename> is allocated the bulk of the disk space, since user data and a lot of - packages are installed into its sub-directories.</para> + packages are installed into its subdirectories.</para> <para>The default partitioning (the one obtained by pressing - <keycap>A</keycap> at the disklabel editor) does not leave any + <keycap>A</keycap> at the &os; partition editor, called <application>Disklabel</application>) does not leave any unallocated space. Each partition that will be journaled, requires another partition for the journal. Since the <filename>/usr</filename> partition is the largest, it makes sense to shrink this partition slightly, to obtain the space required for journaling.</para> - <para>In our example, an 80Gb disk is used. The following screenshot - shows the default partitions created by the disklabel editor during + <para>In our example, an 80 GB disk is used. The following screenshot + shows the default partitions created by <application>Disklabel</application> during installation:</para> <mediaobject> @@ -222,25 +222,25 @@ </mediaobject> <para>If this is more or less what you need, it is very easy to adjust - for journaling. Simply use the <keycap>up</keycap> and - <keycap>down</keycap> arrow keys to move the highlight to the + for journaling. Simply use the + arrow keys to move the highlight to the <filename>/usr</filename> partition and press <keycap>D</keycap> to delete it.</para> <para>Now, move the highlight to the disk name at the top of the screen and press <keycap>C</keycap> to create a new partition for <filename>/usr</filename>. This new partition should be smaller by - 1Gb (if you intend to journal <filename>/usr</filename> only), or - 2Gb (if you intend to journal both <filename>/usr</filename> and + 1 GB (if you intend to journal <filename>/usr</filename> only), or + 2 GB (if you intend to journal both <filename>/usr</filename> and <filename>/var</filename>). From the pop-up that appears, opt to - create a filesystem, and type <filename>/usr</filename> as the mount + create a file system, and type <filename>/usr</filename> as the mount point.</para> <note> <para>Should you journal the <filename>/var</filename> partition? Normally, journaling makes sense on quite large partitions. You may decide not to journal <filename>/var</filename>, although doing so - on a typical desktop will cause no harm. If the filesystem is + on a typical desktop will cause no harm. If the file system is lightly used (quite probable for a desktop) you may wish to allocate less disk space for its journal.</para> @@ -266,9 +266,9 @@ <filename>/etc/fstab</filename> will have to be edited, and the extra swap space entries removed.</para> - <para>To create the swap, again use the <keycap>up</keycap> and - <keycap>down</keycap> arrow keys to move the highlight to the top of - the disklabel editor screen, so that the disk name itself is + <para>To create the swap, again use the + arrow keys to move the highlight to the top of + <application>Disklabel</application> screen, so that the disk name itself is highlighted. Then press <keycap>N</keycap>, enter the desired size (<replaceable>1024M</replaceable>), and select <quote>swap space</quote> from the pop-up menu that appears. Repeat @@ -290,12 +290,12 @@ following table shows our notes for the sample configuration:</para> <table pgwide="1"> - <title>Partitions and journals</title> + <title>Partitions and Journals</title> <tgroup cols="3"> <thead> <row> <entry>Partition</entry> - <entry>Mount point</entry> + <entry>Mount Point</entry> <entry>Journal</entry> </row> </thead> @@ -316,7 +316,7 @@ </table> <para>Continue the installation as you would normally do. We would - however suggest you postpone installation of add-on software + however suggest you postpone installation of third party software (packages) until you have completely setup journaling.</para> </sect2> @@ -335,42 +335,42 @@ </sect2> <sect1 id="configure-journal"> - <title>Setting up journaling</title> + <title>Setting Up Journaling</title> <sect2 id="running-gjournal"> - <title>Executing gjournal</title> + <title>Executing <command>gjournal</command></title> <para>Having prepared all the required partitions, it is quite easy to configure journaling. We will need to switch to single user - mode, so login as root and type:</para> + mode, so login as <username>root</username> and type:</para> - <screen>&prompt.root; shutdown now</screen> + <screen>&prompt.root; <userinput>shutdown now</userinput></screen> - <para>Press enter to get the default shell. We will need to unmount + <para>Press <keycap>Enter</keycap> to get the default shell. We will need to unmount the partitions that will be journaled, in our example - <filename>/usr </filename> and <filename>/var</filename>:</para> + <filename>/usr</filename> and <filename>/var</filename>:</para> - <screen>&prompt.root; umount /usr /var</screen> + <screen>&prompt.root; <userinput>umount /usr /var</userinput></screen> <para>Load the module required for journaling:</para> - <screen>&prompt.root; gjournal load</screen> + <screen>&prompt.root; <userinput>gjournal load</userinput></screen> <para>Now, use your notes to determine which partition will be used for each journal. In our example, <filename>/usr</filename> is - <filename role="device">ad0s1f</filename> and its journal will be - <filename role="device">ad0s1g</filename>, while + <filename class="devicefile">ad0s1f</filename> and its journal will be + <filename class="devicefile">ad0s1g</filename>, while <filename>/var</filename> is <filename - role="device">ad0s1d</filename> and will - be journaled to <filename role="device">ad0s1h</filename>. + class="devicefile">ad0s1d</filename> and will + be journaled to <filename class="devicefile">ad0s1h</filename>. The following commands are required:</para> - <screen>&prompt.root; gjournal label ad0s1f ad0s1g + <screen>&prompt.root; <userinput>gjournal label ad0s1f ad0s1g</userinput> GEOM_JOURNAL: Journal 2948326772: ad0s1f contains data. GEOM_JOURNAL: Journal 2948326772: ad0s1g contains journal. -&prompt.root; gjournal label ad0s1d ad0s1h +&prompt.root; <userinput>gjournal label ad0s1d ad0s1h</userinput> GEOM_JOURNAL: Journal 3193218002: ad0s1d contains data. GEOM_JOURNAL: Journal 3193218002: ad0s1h contains journal.</screen> @@ -381,34 +381,34 @@ to run the command using the <option>-f</option> flag to force an overwrite, i.e.:</para> - <screen>&prompt.root; gjournal label -f ad0s1d ad0s1h</screen> + <screen>&prompt.root; <userinput>gjournal label -f ad0s1d ad0s1h</userinput></screen> <para>Since this is a new installation, it is highly unlikely that anything will be actually overwritten.</para></note> <para>At this point, two new devices are created, namely - <filename role="device">ad0s1d.journal</filename> and - <filename role="device">ad0s1f.journal</filename>. These represent + <filename class="devicefile">ad0s1d.journal</filename> and + <filename class="devicefile">ad0s1f.journal</filename>. These represent the <filename>/var</filename> and <filename>/usr</filename> partitions we have to mount. Before mounting, we must however set - the journal flag on them and clear the soft updates flag:</para> + the journal flag on them and clear the Soft Updates flag:</para> - <screen>&prompt.root; tunefs -J enable -n disable ad0s1d.journal + <screen>&prompt.root; <userinput>tunefs -J enable -n disable ad0s1d.journal</userinput> tunefs: gjournal set tunefs: soft updates cleared -&prompt.root; tunefs -J enable -n disable ad0s1f.journal +&prompt.root; <userinput>tunefs -J enable -n disable ad0s1f.journal</userinput> tunefs: gjournal set tunefs: soft updates cleared</screen> <para>Now, mount the new devices manually at their respective places - (note that we can now use the <quote>async</quote> mount + (note that we can now use the <option>async</option> mount option):</para> - <screen>&prompt.root; mount -o async /dev/ad0s1d.journal /var -&prompt.root; mount -o async /dev/ad0s1f.journal /usr</screen> + <screen>&prompt.root; <userinput>mount -o async /dev/ad0s1d.journal /var</userinput> +&prompt.root; <userinput>mount -o async /dev/ad0s1f.journal /usr</userinput></screen> <para>Edit <filename>/etc/fstab</filename> and update the entries for <filename>/usr</filename> and <filename>/var</filename>:</para> @@ -428,7 +428,7 @@ <programlisting>geom_journal_load="YES"</programlisting> <para>Congratulations! Your system is now set for journaling. You can - either type <quote>exit</quote> to return to multi-user mode, or + either type <userinput>exit</userinput> to return to multi-user mode, or reboot to test your configuration (recommended). During the boot you will see messages like the following:</para> @@ -446,42 +446,42 @@ <screen>GEOM_JOURNAL: Journal ad0s1d consistent.</screen> <para>This usually means that &man.gjournal.8; used the information in - the journal provider to return the filesystem to a consistent + the journal provider to return the file system to a consistent state.</para> </sect2> <sect2 id="gjournal-new"> - <title>Journaling newly created partitions</title> + <title>Journaling Newly Created Partitions</title> <para>While the above procedure is necessary for journaling partitions that already contain data, journaling an empty partition is somewhat easier, since both the data and the journal provider can be stored in the same partition. For example, assume a new disk was installed, - and a new partition <filename role="device">/dev/ads1s1d</filename> + and a new partition <filename class="devicefile">/dev/ad1s1d</filename> was created. Creating the journal would be as simple as:</para> - <screen>&prompt.root; gjournal label ad1s1d</screen> + <screen>&prompt.root; <userinput>gjournal label ad1s1d</userinput></screen> - <para>The journal size will be 1GB by default. You may adjust it by + <para>The journal size will be 1 GB by default. You may adjust it by using the <option>-s</option> option. The value can be given in bytes, or appended by <literal>K</literal>, <literal>M</literal> or <literal>G</literal> to denote Kilobytes, Megabytes or Gigabytes respectively. Note that <command>gjournal</command> will not allow you to create unsuitably small journal sizes.</para> - <para>For example, to create a 2GB journal, you could use the following + <para>For example, to create a 2 GB journal, you could use the following command:</para> - <screen>&prompt.root; gjournal label -s 2G ad1s1d</screen> + <screen>&prompt.root; <userinput>gjournal label -s 2G ad1s1d</userinput></screen> - <para>You can then create a filesystem on your new partition, and + <para>You can then create a file system on your new partition, and enable journaling using the <option>-J</option> option:</para> - <screen>&prompt.root; newfs -J /dev/ad1s1d.journal</screen> + <screen>&prompt.root; <userinput>newfs -J /dev/ad1s1d.journal</userinput></screen> </sect2> <sect2 id="configure-kernel"> - <title>Building journaling into your custom kernel</title> + <title>Building Journaling into Your Custom Kernel</title> <para>If you do not wish to load <literal>geom_journal</literal> as a module, you can build its functions right into your kernel. Edit your @@ -503,7 +503,7 @@ </sect1> <sect1 id="troubleshooting-gjournal"> - <title>Troubleshooting journaling</title> + <title>Troubleshooting Journaling</title> <para>The following section covers frequently asked questions regarding problems related to journaling.</para> @@ -534,17 +534,17 @@ <para>You either forgot (or misspelled) the entry in <filename>/boot/loader.conf</filename>, or there are errors in your <filename>/etc/fstab</filename> file. These are usually easy - to fix. Press enter to get to the default single user shell. Then + to fix. Press <keycap>Enter</keycap> to get to the default single user shell. Then locate the root of the problem:</para> - <screen>&prompt.root; cat /boot/loader.conf</screen> + <screen>&prompt.root; <userinput>cat /boot/loader.conf</userinput></screen> <para>If the <literal>geom_journal_load</literal> entry is missing or misspelled, the journaled devices are never created. Load the module manually, mount all partitions, and continue with multi-user boot:</para> - <screen>&prompt.root; gjournal load + <screen>&prompt.root; <userinput>gjournal load</userinput> GEOM_JOURNAL: Journal 2948326772: ad0s1g contains journal. GEOM_JOURNAL: Journal 3193218002: ad0s1h contains journal. @@ -553,9 +553,9 @@ GEOM_JOURNAL: Journal 2948326772: ad0s1f contains data. GEOM_JOURNAL: Journal ad0s1f clean. -&prompt.root; mount -a -&prompt.root; exit -(boot continues)</screen> +&prompt.root; <userinput>mount -a</userinput> +&prompt.root; <userinput>exit</userinput> +<emphasis>(boot continues)</emphasis></screen> <para>If, on the other hand, this entry is correct, have a look at <filename>/etc/fstab</filename>. You will probably find a @@ -566,8 +566,8 @@ <qandaentry> <question id="remove-journaling"> - <para>Can I remove journaling and return to my standard filesystem - with soft updates?</para> + <para>Can I remove journaling and return to my standard file system + with Soft Updates?</para> </question> <answer> @@ -575,47 +575,47 @@ changes. The partitions you created for the journal providers can then be used for other purposes, if you so wish.<para> - <para>Login as root and switch to single user mode:</para> + <para>Login as <username>root</username> and switch to single user mode:</para> - <screen>&prompt.root; shutdown now</screen> + <screen>&prompt.root; <userinput>shutdown now</userinput></screen> <para>Synchronize the journals:</para> - <screen>&prompt.root; gjournal sync</screen> + <screen>&prompt.root; <userinput>gjournal sync</userinput></screen> <para>Unmount the journaled partitions:</para> - <screen>&prompt.root; umount /usr /var</screen> + <screen>&prompt.root; <userinput>umount /usr /var</userinput></screen> <para>Stop the journaling providers:</para> - <screen>&prompt.root; gjournal stop ad0s1d.journal -&prompt.root; gjournal stop ad0s1f.journal</screen> + <screen>&prompt.root; <userinput>gjournal stop ad0s1d.journal</userinput> +&prompt.root; <userinput>gjournal stop ad0s1f.journal</userinput></screen> <para>Clear journaling metadata from all the devices used:</para> - <screen>&prompt.root; gjournal clear ad0s1d -&prompt.root; gjournal clear ad0s1f -&prompt.root; gjournal clear ad0s1g -&prompt.root; gjournal clear ad0s1h</screen> + <screen>&prompt.root; <userinput>gjournal clear ad0s1d</userinput> +&prompt.root; <userinput>gjournal clear ad0s1f</userinput> +&prompt.root; <userinput>gjournal clear ad0s1g</userinput> +&prompt.root; <userinput>gjournal clear ad0s1h</userinput></screen> - <para>Clear the filesystem journaling flag, and restore the soft - updates flag:</para> + <para>Clear the file system journaling flag, and restore the Soft + Updates flag:</para> - <screen>&prompt.root; tunefs -J disable -n enable ad0s1d + <screen>&prompt.root; <userinput>tunefs -J disable -n enable ad0s1d</userinput> tunefs: gjournal cleared tunefs: soft updates set -&prompt.root; tunefs-J disable -n enable ad0s1f +&prompt.root; <userinput>tunefs -J disable -n enable ad0s1f</userinput> tunefs: gjournal cleared tunefs: soft updates set</screen> <para>Remount the old devices by hand:</para> - <screen>&prompt.root; mount -o rw /dev/ad0s1d /var -&prompt.root; mount -o rw /dev/ad0s1f /usr</screen> + <screen>&prompt.root; <userinput>mount -o rw /dev/ad0s1d /var</userinput> +&prompt.root; <userinput>mount -o rw /dev/ad0s1f /usr</userinput></screen> <para>Edit <filename>/etc/fstab</filename> and restore it to its original state:</para> @@ -633,7 +633,7 @@ </sect1> <sect1 id="further-reading"> - <title>Further reading</title> + <title>Further Reading</title> <para>Journaling is a fairly new feature of &os;, and as such, it is not very well documented yet. You may however find the following @@ -652,7 +652,7 @@ <listitem> <para><ulink url="http://lists.freebsd.org/pipermail/freebsd-questions/2008-April/173501.html">This post</ulink> - in &a.questions.name; by Ivan Voras.</para> + in &a.questions.name; by &a.ivoras;.</para> </listitem> <listitem> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/Makefile#2 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.109 2008/03/03 11:07:37 brd Exp $ +# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.110 2008/09/28 12:54:12 trhodes Exp $ # # Build the FreeBSD Handbook. # @@ -198,6 +198,7 @@ SRCS+= audit/chapter.sgml SRCS+= book.sgml SRCS+= colophon.sgml +SRCS+= dtrace/chapter.sgml SRCS+= freebsd-glossary.sgml SRCS+= advanced-networking/chapter.sgml SRCS+= basics/chapter.sgml @@ -209,6 +210,7 @@ SRCS+= disks/chapter.sgml SRCS+= eresources/chapter.sgml SRCS+= firewalls/chapter.sgml +SRCS+= filesystems/chapter.sgml SRCS+= geom/chapter.sgml SRCS+= install/chapter.sgml SRCS+= introduction/chapter.sgml @@ -228,6 +230,7 @@ SRCS+= printing/chapter.sgml SRCS+= security/chapter.sgml SRCS+= serialcomms/chapter.sgml +SRCS+= updating/chapter.sgml SRCS+= users/chapter.sgml SRCS+= vinum/chapter.sgml SRCS+= virtualization/chapter.sgml ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/basics/chapter.sgml#2 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.153 2008/03/02 22:02:36 brd Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.154 2008/09/28 11:56:09 trhodes Exp $ --> <chapter id="basics"> @@ -653,6 +653,145 @@ over the &man.chflags.1; and &man.chflags.2; manual pages for more information.</para> </sect2> + + <sect2> + <sect2info> + <authorgroup> + <author> + <firstname>Tom</firstname> + <surname>Rhodes</surname> + <contrib>Contributed by </contrib> + </author> + </authorgroup> + </sect2info> + + <title>The setuid, setgid, and sticky Permissions</title> + + <para>Other than the permissions already discussed, there are + three other specific settings that all administrators should + know about. They are the <literal>setuid</literal>, + <literal>setgid</literal> and <literal>sticky</literal> + permissions.</para> + + <para>These settings are important for some &unix; operations + as they provide functionality not normally granted to normal + users. To understand them, the difference between the real + user ID and effective user ID must also be noted.</para> + + <para>The real user ID is the <acronym>UID</acronym> who owns + or starts the process. The effective <acronym>UID</acronym> + is the user ID the process runs as. As an example, the + &man.passwd.1; utility runs with the real user ID as the + user changing their password; however, to manipulate the + password database, it runs as the effective ID of the + <username>root</username> user. This is what allows normal + users to change their passwords without seeing a + <errorname>Permission Denied</errorname> error.</para> + + <note> + <para>The <literal>nosuid</literal> &man.mount.8; option will + cause these binaries to silently fail. That is, they will + fail to execute without ever alerting the user. That option + is also not completely reliable as a <literal>nosuid</literal> + wrapper may be able to circumvent it; according to the + &man.mount.8; manual page.</para> + </note> + + <para>The setuid permission may be set by prefixing a permission + set with the number four (4) as shown in the following + example:</para> + + <screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen> + + <para>The permissions on the + <filename><replaceable>suidexample.sh</replaceable></filename> + file should now look like the following:</para> + + <programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting> + + <para>It should be noticeable from this example that an + <literal>s</literal> is now part of the permission set + designated for the file owner, replacing the executable + bit. This allows utilities which need elevated permissions, + such as <command>passwd</command>.</para> + + <para>To view this in real time, open two terminals. On + one, start the <command>passwd</command> process as a normal + user. While it waits for a new password, check the process + table and look at the user information of the + <command>passwd</command> command.</para> + + <para>In terminal A:</para> + + <screen>Changing local password for trhodes +Old Password:</screen> + + <para>In terminal B:</para> + + <screen>&prompt.root; <userinput>ps aux | grep passwd</userinput></screen> + + <screen>trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd +root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen> + + <para>As stated above, the <command>passwd</command> is run + by a normal user, but is using the effective + <acronym>UID</acronym> of <username>root</username>.</para> + + <para>The <literal>setgid</literal> permission performs the + same function as the <literal>setuid</literal> permission; + except that it alters the group settings. When an application + or utility is ran with this setting, it will be granted the + permissions based on the group that owns the file, not + the user who started the process.</para> + + <para>To set the <literal>setgid</literal> permission on a + file, provide the <command>chmod</command> command with a + leading two (2) as in the following example:</para> + + <screen>&prompt.root; <userinput>chmod 2755 suidexample.sh</userinput></screen> + + <para>The new setting may be viewed as before, notice the + <literal>s</literal> is now in the field designated for the + group permission settings:<para> + + <screen>-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 suidexample.sh</screen> + + <note> + <para>In these examples, even though the shell script in + question is an executable file, it will not run with + a different <acronym>EUID</acronym> or effective user ID. + This is because shell scripts may not access the + &man.setuid.2; system calls.</para> + </note> + + <para>The first two special permission bits we discussed + (the <literal>setuid</literal> and <literal>setgid</literal> + permission bits) may lower system security, by allowing for + elevated permissions. There is a third special permission bit + that can strengthen the security of a system: the + <literal>sticky bit</literal>.</para> + + <para>The <literal>sticky bit</literal>, when set on a directory, + allows file deletion only by the file owner. This + permission set is useful to prevent file deletion in public + directories, such as + <filename class="directory">/tmp</filename>, by users who do + not own the file. To utilize this permission, prefix the + permission with a one (1). For example:</para> + + <screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen> + + <para>Now, it is possible to see the effect by using the + <command>ls</command> command:</para> + + <screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen> + + <screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen> + + <para>The <literal>sticky bit</literal> permission is + distinguishable from the <literal>t</literal> at the very + end of the set.</para> + </sect2> </sect1> <sect1 id="dirstructure"> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/book.sgml#2 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.172 2008/01/06 13:49:29 danger Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.173 2008/09/28 12:54:12 trhodes Exp $ --> <!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ @@ -48,6 +48,9 @@ <!ENTITY % chap.freebsd-glossary "IGNORE"> <!ENTITY % chap.mac "IGNORE"> <!ENTITY % chap.audit "IGNORE"> +<!ENTITY % chap.filesystems "IGNORE"> +<!ENTITY % chap.dtrace "IGNORE"> +<!ENTITY % chap.updating "IGNORE"> <!ENTITY % pgpkeys SYSTEM "../../../share/pgpkeys/pgpkeys.ent"> %pgpkeys; ]> @@ -270,10 +273,12 @@ <![ %chap.audit; [ &chap.audit; ]]> <![ %chap.disks; [ &chap.disks; ]]> <![ %chap.geom; [ &chap.geom; ]]> + <![ %chap.filesystems; [ &chap.filesystems; ]]> <![ %chap.vinum; [ &chap.vinum; ]]> <![ %chap.virtualization; [ &chap.virtualization; ]]> <![ %chap.l10n; [ &chap.l10n; ]]> <![ %chap.cutting-edge; [ &chap.cutting-edge; ]]> + <![ %chap.dtrace; [ &chap.dtrace; ]]> </part> <part id="network-communication"> @@ -316,6 +321,7 @@ can begin using FreeBSD in a network environment.</para> </partintro> + <![ %chap.updating; [ &chap.updating; ]]> <![ %chap.serialcomms; [ &chap.serialcomms; ]]> <![ %chap.ppp-and-slip; [ &chap.ppp-and-slip; ]]> <![ %chap.mail; [ &chap.mail; ]]> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/chapters.ent#2 (text+ko) ==== @@ -6,7 +6,7 @@ Chapters should be listed in the order in which they are referenced. - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.37 2007/04/06 07:38:50 murray Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.38 2008/09/28 12:54:12 trhodes Exp $ --> <!ENTITY chap.preface SYSTEM "preface/preface.sgml"> @@ -35,12 +35,15 @@ <!ENTITY chap.audit SYSTEM "audit/chapter.sgml"> <!ENTITY chap.disks SYSTEM "disks/chapter.sgml"> <!ENTITY chap.geom SYSTEM "geom/chapter.sgml"> +<!ENTITY chap.filesystems SYSTEM "filesystems/chapter.sgml"> <!ENTITY chap.vinum SYSTEM "vinum/chapter.sgml"> <!ENTITY chap.virtualization SYSTEM "virtualization/chapter.sgml"> <!ENTITY chap.l10n SYSTEM "l10n/chapter.sgml"> <!ENTITY chap.cutting-edge SYSTEM "cutting-edge/chapter.sgml"> +<!ENTITY chap.dtrace SYSTEM "dtrace/chapter.sgml"> <!-- Part four --> +<!ENTITY chap.updating SYSTEM "updating/chapter.sgml"> <!ENTITY chap.serialcomms SYSTEM "serialcomms/chapter.sgml"> <!ENTITY chap.ppp-and-slip SYSTEM "ppp-and-slip/chapter.sgml"> <!ENTITY chap.mail SYSTEM "mail/chapter.sgml"> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/eresources/chapter.sgml#6 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/eresources/chapter.sgml,v 1.188 2008/09/25 07:30:03 manolis Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/eresources/chapter.sgml,v 1.190 2008/09/26 17:49:40 manolis Exp $ --> <appendix id="eresources"> @@ -594,10 +594,11 @@ you can change your digest options in your account options section.</para> - <para><emphasis>CVS lists:</emphasis> The following lists are for people - interested in seeing the log messages for changes to various areas of - the source tree. They are <emphasis>Read-Only</emphasis> lists and - should not have mail sent to them.</para> + <para><emphasis>CVS & SVN lists:</emphasis> The following lists + are for people interested in seeing the log messages for changes to + various areas of the source tree. They are + <emphasis>Read-Only</emphasis> lists and should not have mail sent to + them.</para> <informaltable frame="none" pgwide="1"> <tgroup cols="3"> @@ -637,7 +638,15 @@ <row> <entry>&a.cvs-src.name;</entry> <entry><filename>/usr/src</filename></entry> - <entry>All changes to the src tree</entry> + <entry>All changes to the src tree (generated by the svn-to-cvs + importer commits)</entry> + </row> + + <row> + <entry>&a.svn-src.name;</entry> + <entry><filename>/usr/src</filename></entry> + <entry>All changes to the src tree + (<application>SVN</application> commit logs)</entry> </row> </tbody> </tgroup> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/geom/chapter.sgml#3 (text+ko) ==== @@ -1,6 +1,6 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/geom/chapter.sgml,v 1.42 2008/08/06 22:03:50 pgj Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/geom/chapter.sgml,v 1.43 2008/09/28 11:58:10 trhodes Exp $ --> @@ -240,135 +240,126 @@ safe.</para> <para>To begin, ensure the system has two disk drives of equal size, - this exercise assumes they are direct access (&man.da.4;) + these exercises assume they are direct access (&man.da.4;) <acronym>SCSI</acronym> disks.</para> - <para>Begin by installing &os; on the first disk with only two - partitions. One should be a swap partition, double the - <acronym>RAM</acronym> size and all remaining space devoted to - the root (<filename class="directory">/</filename>) file system. - It is possible to have separate partitions for other mount points; - however, this will increase the difficulty level ten fold due to - manual alteration of the &man.bsdlabel.8; and &man.fdisk.8; - settings.</para> + <sect2> + <title>Mirroring Primary Disks</title> - <para>Reboot and wait for the system to fully initialize. Once this - process has completed, log in as the <username>root</username> - user.</para> + <para>Assuming &os; has been installed on the first, + <devicename>da0</devicename> disk device, &man.gmirror.8; + should be told to store its primary data there.</para> - <para>Create the <filename>/dev/mirror/gm</filename> device and link - it with <filename>/dev/da1</filename>:</para> + <para>Before building the mirror, enable additional debugging + information and opening access to the device by setting the + <varname>kern.geom.debugflags</varname> &man.sysctl.8; option + to the following value:</para> - <screen>&prompt.root; <userinput>gmirror label -vnb round-robin gm0 /dev/da1</userinput></screen> + <screen>&prompt.root; <userinput>sysctl kern.geom.debugflags=17</userinput></screen> - <para>The system should respond with:</para> - <screen> -Metadata value stored on /dev/da1. -Done.</screen> + <para>Now create the mirror. Begin the process by storing + meta-data information on the primary disk device, + effectively creating the + <filename class="devicefile">/dev/mirror/gm</filename> device + using the following command:</para> - <para>Initialize GEOM, this will load the - <filename>/boot/kernel/geom_mirror.ko</filename> kernel - module:</para> + <screen>&prompt.root; <userinput>gmirror label -vb round-robin gm0 /dev/da0</userinput></screen> - <screen>&prompt.root; <userinput>gmirror load</userinput></screen> + <para>The system should respond with:</para> - <note> - <para>This command should have created the - <devicename>gm0</devicename>, device node under the - <filename class="directory">/dev/mirror</filename> - directory.</para> - </note> + <screen>Metadata value stored on /dev/da0. +Done.</screen> - <para>Install a generic <command>fdisk</command> label and boot code - to new <devicename>gm0</devicename> device:</para> + <para>Initialize GEOM, this will load the + <filename>/boot/kernel/geom_mirror.ko</filename> kernel + module:</para> - <screen>&prompt.root; <userinput>fdisk -vBI /dev/mirror/gm0</userinput></screen> + <screen>&prompt.root; <userinput>gmirror load</userinput></screen> - <para>Now install generic <command>bsdlabel</command> - information:</para> + <note> + <para>When this command completes successfully, it creates the + <devicename>gm0</devicename> device node under the + <filename class="directory">/dev/mirror</filename> + directory.</para> + </note> - <screen>&prompt.root; <userinput>bsdlabel -wB /dev/mirror/gm0s1</userinput></screen> + <para>Enable loading of the <filename>geom_mirror.ko</filename> + kernel module during system initialization:</para> - <note> - <para>If multiple slices and partitions exist, the flags for the - previous two commands will require alteration. They must match - the slice and partition size of the other disk.</para> - </note> + <screen>&prompt.root; <userinput>echo 'geom_mirror_load="YES"' >> /boot/loader.conf</userinput></screen> - <para>Use the &man.newfs.8; utility to construct a default <acronym>UFS</acronym> >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809281531.m8SFVUIA089485>