Date: Fri, 11 Oct 2013 12:21:58 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42938 - head/en_US.ISO8859-1/books/handbook/basics Message-ID: <201310111221.r9BCLwQT040448@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Oct 11 12:21:57 2013 New Revision: 42938 URL: http://svnweb.freebsd.org/changeset/doc/42938 Log: This patch does the following: - makes 4.2 clearer and tightens some of the headings - removed reference to learn more about single-user mode as it didn't say anything more; instead, summarized single-user mode here - made intro to permissions clearer, the next patch will work on the rest of this section Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:18:18 2013 (r42937) +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:21:57 2013 (r42938) @@ -6,16 +6,17 @@ --> <chapter id="basics"> + <!-- <chapterinfo> <authorgroup> <author> <firstname>Chris</firstname> <surname>Shumway</surname> - <contrib>Rewritten by </contrib> + <contrib>Rewritten by in Mar 2000</contrib> </author> </authorgroup> - <!-- 10 Mar 2000 --> </chapterinfo> + --> <title>UNIX Basics</title> @@ -31,8 +32,7 @@ <itemizedlist> <listitem> - <para>How to use the <quote>virtual consoles</quote> of - &os;.</para> + <para>How to use and configure virtual consoles.</para> </listitem> <listitem> @@ -80,17 +80,6 @@ <indexterm><primary>virtual consoles</primary></indexterm> <indexterm><primary>terminals</primary></indexterm> - - <para>&os; can be used in various ways. One of them is typing - commands to a text terminal. A lot of the flexibility and power - of a &unix; operating system is readily available when using - &os; this way. This section describes what - <quote>terminals</quote> and <quote>consoles</quote> are, and - how to use them in &os;.</para> - - <sect2 id="consoles-intro"> - <title>The Console</title> - <indexterm><primary>console</primary></indexterm> <para>Unless &os; has been configured to automatically start a @@ -107,39 +96,16 @@ login:</screen> example is running a 64-bit version of &os;. The hostname is <hostid>pc3.example.org</hostid>, and <devicename>ttyv0</devicename> indicates that this is the - system console.</para> - - <para>The second line is the login prompt. The next section - describes how to log into &os; at this prompt.</para> - </sect2> - - <sect2 id="consoles-login"> - <title>Logging into &os;</title> + <quote>system console</quote>. The second line is the login prompt.</para> - <para>&os; is a multiuser, multiprocessing system. This is the - formal description that is usually given to a system that can - be used by many different people, who simultaneously run a lot - of programs on a single machine.</para> - - <para>Every multiuser system needs some way to distinguish one - <quote>user</quote> from the rest. In &os; (and all the - &unix;-like operating systems), this is accomplished by - requiring that every user must <quote>log into</quote> the - system before being able to run programs. Every user has a - unique name (the <quote>username</quote>) and a personal, - secret key (the <quote>password</quote>). &os; will ask for - these two before allowing a user to run any programs.</para> - - <indexterm><primary>startup scripts</primary></indexterm> - <para>When a &os; system boots, startup scripts are - automatically executed in order to prepare the system and to - start any services which have been configured to start at - system boot. Once the system finishes running its startup - scripts, it will present a login prompt:</para> + <para>Since &os; is a multiuser system, it needs some way to distinguish + between different users. This is accomplished by + requiring every user to log into the + system before gaining access to the programs on the system. Every user has a + unique name <quote>username</quote> and a personal + <quote>password</quote>.</para> - <screen>login:</screen> - - <para>Type the username that was configured during system + <para>To log into the system console, type the username that was configured during system installation, as described in <xref linkend="bsdinstall-addusers"/>, and press <keycap>Enter</keycap>. Then enter the password associated @@ -149,58 +115,62 @@ login:</screen> <para>Once the correct password is input, the message of the day (<acronym>MOTD</acronym>) will be displayed followed - by a command prompt (a <literal>#</literal>, - <literal>$</literal>, or <literal>%</literal> character). You - are now logged into the &os; console and ready to try the + by a command prompt. Depending upon the shell that was selected + when the user was created, this prompt will be a <literal>#</literal>, + <literal>$</literal>, or <literal>%</literal> character. The + prompt indicates that the user is now logged into the &os; system console and ready to try the available commands.</para> - </sect2> <sect2 id="consoles-virtual"> <title>Virtual Consoles</title> - <para>&os; can be configured to provide many virtual consoles + <para>While the system console can be used to interact with + the system, a user working from the command line at the + keyboard of a &os; system will typically instead log into a + virtual console. This is because system messages are + configured by default to display on the system console. + These messages will appear over the command or file that the + user is working on, making it difficult to concentrate on + the work at hand.</para> + + <para>By default, &os; is configured to provide several virtual consoles for inputting commands. Each virtual console has its own - login prompt and output channel, and &os; takes care of - properly redirecting keyboard input and monitor output as - switching occurs between virtual consoles.</para> - - <para>Special key combinations have been reserved by &os; for - switching consoles.<footnote> - <para>Refer to &man.syscons.4;, &man.atkbd.4;, - &man.vidcontrol.1; and &man.kbdcontrol.1; for a more - technical description of the &os; console and its keyboard - drivers.</para></footnote>. Use - <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>, - <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>, + login prompt and shell and it is easy to switch between + virtual consoles. This essentially provides the command line + equivalent of having several windows open at the same time + in a graphical environment.</para> + + <para>The key combinations <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> through - <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> - to switch to a different virtual console in &os;.</para> + <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> have been reserved by &os; for + switching between virtual consoles. Use + <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> + to switch to the system console (<devicename>ttyv0</devicename>), + <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo> + to access the first virtual console + (<devicename>ttyv1</devicename>), + <keycombo><keycap>Alt</keycap><keycap>F3</keycap></keycombo> + to access the second virtual console + (<devicename>ttyv2</devicename>), and so on.</para> <para>When switching from one console to the next, &os; takes - care of saving and restoring the screen output. The result is - an <quote>illusion</quote> of having multiple - <quote>virtual</quote> screens and keyboards that can be used + manages the screen output. The result is + an illusion of having multiple + virtual screens and keyboards that can be used to type commands for &os; to run. The programs that are - launched in one virtual console do not stop running when that - console is not visible because the user has switched to a + launched in one virtual console do not stop running when + the user switches to a different virtual console.</para> - </sect2> - <sect2 id="consoles-ttys"> - <title>The <filename>/etc/ttys</filename> File</title> - - <para>By default, &os; is configured to start eight virtual - consoles. The configuration can be customized to start - more or fewer virtual consoles. To change the number of and - the settings of the virtual consoles, edit - <filename>/etc/ttys</filename>.</para> - - <para>Each uncommented line in <filename>/etc/ttys</filename> - (lines that do not start with a <literal>#</literal> - character) contains settings for a single terminal or virtual - console. The default version configures nine virtual - consoles, and enables eight of them. They are the lines that - start with <literal>ttyv</literal>:</para> + <para>Refer to &man.syscons.4;, &man.atkbd.4;, + &man.vidcontrol.1; and &man.kbdcontrol.1; for a more + technical description of the &os; console and its keyboard + drivers.</para> + + <para>In &os;, the number of available virtual + consoles is configured in this + section of + <filename>/etc/ttys</filename>:</para> <programlisting># name getty type status comments # @@ -215,19 +185,46 @@ ttyv6 "/usr/libexec/getty Pc" ttyv7 "/usr/libexec/getty Pc" cons25 on secure ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting> + + <para>To disable a virtual console, put a comment symbol (<literal>#</literal>) + at the beginning of the line representing that virtual console. + For example, to reduce the number of available virtual consoles + from eight to four, put a <literal>#</literal> in front of + the last four lines representing virtual consoles + <devicename>ttyv5</devicename> through + <devicename>ttyv8</devicename>. <emphasis>Do not</emphasis> + comment out the line for the system console + <devicename>ttyv0</devicename>. Note that the last virtual + console (<devicename>ttyv8</devicename>) is used to access + the graphical environment if <application>&xorg;</application> + has been installed and configured as described in <xref + linkend="x11"/>.</para> + <para>For a detailed description of every column in this file and the available options for the virtual consoles, refer to &man.ttys.5;.</para> </sect2> <sect2 id="consoles-singleuser"> - <title>Single User Mode Console</title> + <title>Single User Mode</title> - <para>A detailed description of <quote>single user mode</quote> - can be found in <xref linkend="boot-singleuser"/>. There is - only one console when &os; is in single user mode as no other - virtual consoles are available in this mode. The settings - for single user mode are found in this section of + <para>The &os; boot menu provides an option labelled as + <quote>Boot Single User</quote>. If this option is selected, + the system will boot into a special mode known as + <quote>single user mode</quote>. This mode is typically used to + repair a system that will not boot or to reset the + <username>root</username> password when it is not known. + While in single user mode, networking and other + virtual consoles are not available. However, full + <username>root</username> access to the system is available, + and by default, the <username>root</username> password is not + needed. For these reasons, physical access to the keyboard + is needed to boot into this mode and determining who has physical + access to the keyboard is something to consider when securing + a &os; system.</para> + + <para>The settings which control + single user mode are found in this section of <filename>/etc/ttys</filename>:</para> <programlisting># name getty type status comments @@ -235,20 +232,25 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off secure</programlisting> - + + <para>By default, the status is set to <literal>secure</literal>. + This assumes that who has physical access to the keyboard + is either not important or it is controlled by a physical + security policy. If this setting is changed to + <literal>insecure</literal>, the assumption is that the + environment itself is insecure because anyone can access + the keyboard. When this line is changed to + <literal>insecure</literal>, &os; will prompt for the + <username>root</username> password when a user selects to boot into single + user mode. + </para> + <note> - <para>As the comments above the <literal>console</literal> - line indicate, editing <literal>secure</literal> to - <literal>insecure</literal> will prompt for the - <username>root</username> password when booting into single - user mode. The default setting enters single user mode - without prompting for a password.</para> - <para><emphasis>Be careful when changing this setting to - <literal>insecure</literal></emphasis>. If the + <literal>insecure</literal></emphasis>! If the <username>root</username> password is forgotten, booting into single user mode is still possible, but may be - difficult for someone who is not comfortable with the &os; + difficult for someone who is not familiar with the &os; booting process.</para> </note> </sect2> @@ -289,44 +291,46 @@ console none <indexterm><primary>UNIX</primary></indexterm> - <para>&os;, being a direct descendant of BSD &unix;, is based on - several key &unix; concepts. The first and most pronounced is - that &os; is a multi-user operating system that can handle - several users working simultaneously on completely unrelated - tasks. The system is responsible for properly sharing and - managing requests for hardware devices, peripherals, memory, and - CPU time fairly to each user.</para> - - <para>Much more information about user accounts is in the chapter - about <link linkend="users">accounts</link>. It is important to - understand that each person (user) who uses the computer should - be given their own username and password. The system keeps - track of the people using the computer based on this username. - Since it is often the case that several people are working on - the same project &unix; also provides groups. Several users can - be placed in the same group.</para> - - <para>Because the system is capable of supporting multiple users, - everything the system manages has a set of permissions governing - who can read, write, and execute the resource. These - permissions are stored as three octets broken into three pieces, - one for the owner of the file, one for the group that the file - belongs to, and one for everyone else. This numerical - representation works like this:</para> - - <note> - <para>This section will discuss the traditional &unix; - permissions. For finer grained file system access control, - see the - <link linkend="fs-acl">File System Access Control Lists</link> - section.</para> - </note> - + <para>In &os;, every file and directory has an associated set of + permissions and several utilities are available for viewing + and modifying these permissions. Understanding how permissions + work is necessary to make sure that users are able to access + the files that they need and are unable to improperly access + the files used by the operating system or owned by other + users.</para> + + <para>This section discusses the traditional &unix; + permissions used in &os;. For finer grained file system access control, + refer to + <xref linkend="fs-acl"/>.</para> + + <para>In &unix;, basic permissions are assigned using + three types of access: read, write, and execute. These access + types are used to determine file access to the file's owner, + group, and others (everyone else). The read, write, and execute + permissions can be represented as the letters + <literal>r</literal>, <literal>w</literal>, and + <literal>x</literal>. They can also be represented as binary + numbers as each permission is either on or off + (<literal>0</literal>). When represented as a number, the + order is always read as <literal>rwx</literal>, where + <literal>r</literal> has an on value of <literal>4</literal>, + <literal>w</literal> has an on value of <literal>2</literal> + and <literal>x</literal> has an on value of + <literal>1</literal>.</para> + + <para>Table 4.1 summarizes the possible numeric and alphabetic + possibilities. When reading the <quote>Directory Listing</quote> + column, a <literal>-</literal> is used to represent a permission + that is set to off.</para> + <indexterm><primary>permissions</primary></indexterm> <indexterm> <primary>file permissions</primary> </indexterm> - <informaltable frame="none" pgwide="1"> + <table frame="none" pgwide="1"> + <title>&unix; Permissions</title> + <tgroup cols="3"> <thead> <row> @@ -386,7 +390,7 @@ console none </row> </tbody> </tgroup> - </informaltable> + </table> <indexterm> <primary>&man.ls.1;</primary>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310111221.r9BCLwQT040448>