From owner-svn-doc-head@FreeBSD.ORG Fri Oct 11 12:21:58 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6147FEE9; Fri, 11 Oct 2013 12:21:58 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3FCF2213B; Fri, 11 Oct 2013 12:21:58 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r9BCLwMq040449; Fri, 11 Oct 2013 12:21:58 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r9BCLwQT040448; Fri, 11 Oct 2013 12:21:58 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201310111221.r9BCLwQT040448@svn.freebsd.org> From: Dru Lavigne Date: Fri, 11 Oct 2013 12:21:58 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42938 - head/en_US.ISO8859-1/books/handbook/basics X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Oct 2013 12:21:58 -0000 Author: dru Date: Fri Oct 11 12:21:57 2013 New Revision: 42938 URL: http://svnweb.freebsd.org/changeset/doc/42938 Log: This patch does the following: - makes 4.2 clearer and tightens some of the headings - removed reference to learn more about single-user mode as it didn't say anything more; instead, summarized single-user mode here - made intro to permissions clearer, the next patch will work on the rest of this section Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:18:18 2013 (r42937) +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Oct 11 12:21:57 2013 (r42938) @@ -6,16 +6,17 @@ --> + + --> UNIX Basics @@ -31,8 +32,7 @@ - How to use the virtual consoles of - &os;. + How to use and configure virtual consoles. @@ -80,17 +80,6 @@ virtual consoles terminals - - &os; can be used in various ways. One of them is typing - commands to a text terminal. A lot of the flexibility and power - of a &unix; operating system is readily available when using - &os; this way. This section describes what - terminals and consoles are, and - how to use them in &os;. - - - The Console - console Unless &os; has been configured to automatically start a @@ -107,39 +96,16 @@ login: example is running a 64-bit version of &os;. The hostname is pc3.example.org, and ttyv0 indicates that this is the - system console. - - The second line is the login prompt. The next section - describes how to log into &os; at this prompt. - - - - Logging into &os; + system console. The second line is the login prompt. - &os; is a multiuser, multiprocessing system. This is the - formal description that is usually given to a system that can - be used by many different people, who simultaneously run a lot - of programs on a single machine. - - Every multiuser system needs some way to distinguish one - user from the rest. In &os; (and all the - &unix;-like operating systems), this is accomplished by - requiring that every user must log into the - system before being able to run programs. Every user has a - unique name (the username) and a personal, - secret key (the password). &os; will ask for - these two before allowing a user to run any programs. - - startup scripts - When a &os; system boots, startup scripts are - automatically executed in order to prepare the system and to - start any services which have been configured to start at - system boot. Once the system finishes running its startup - scripts, it will present a login prompt: + Since &os; is a multiuser system, it needs some way to distinguish + between different users. This is accomplished by + requiring every user to log into the + system before gaining access to the programs on the system. Every user has a + unique name username and a personal + password. - login: - - Type the username that was configured during system + To log into the system console, type the username that was configured during system installation, as described in , and press Enter. Then enter the password associated @@ -149,58 +115,62 @@ login: Once the correct password is input, the message of the day (MOTD) will be displayed followed - by a command prompt (a #, - $, or % character). You - are now logged into the &os; console and ready to try the + by a command prompt. Depending upon the shell that was selected + when the user was created, this prompt will be a #, + $, or % character. The + prompt indicates that the user is now logged into the &os; system console and ready to try the available commands. - Virtual Consoles - &os; can be configured to provide many virtual consoles + While the system console can be used to interact with + the system, a user working from the command line at the + keyboard of a &os; system will typically instead log into a + virtual console. This is because system messages are + configured by default to display on the system console. + These messages will appear over the command or file that the + user is working on, making it difficult to concentrate on + the work at hand. + + By default, &os; is configured to provide several virtual consoles for inputting commands. Each virtual console has its own - login prompt and output channel, and &os; takes care of - properly redirecting keyboard input and monitor output as - switching occurs between virtual consoles. - - Special key combinations have been reserved by &os; for - switching consoles. - Refer to &man.syscons.4;, &man.atkbd.4;, - &man.vidcontrol.1; and &man.kbdcontrol.1; for a more - technical description of the &os; console and its keyboard - drivers.. Use - AltF1, - AltF2, + login prompt and shell and it is easy to switch between + virtual consoles. This essentially provides the command line + equivalent of having several windows open at the same time + in a graphical environment. + + The key combinations AltF1 through - AltF8 - to switch to a different virtual console in &os;. + AltF8 have been reserved by &os; for + switching between virtual consoles. Use + AltF1 + to switch to the system console (ttyv0), + AltF2 + to access the first virtual console + (ttyv1), + AltF3 + to access the second virtual console + (ttyv2), and so on. When switching from one console to the next, &os; takes - care of saving and restoring the screen output. The result is - an illusion of having multiple - virtual screens and keyboards that can be used + manages the screen output. The result is + an illusion of having multiple + virtual screens and keyboards that can be used to type commands for &os; to run. The programs that are - launched in one virtual console do not stop running when that - console is not visible because the user has switched to a + launched in one virtual console do not stop running when + the user switches to a different virtual console. - - - The <filename>/etc/ttys</filename> File - - By default, &os; is configured to start eight virtual - consoles. The configuration can be customized to start - more or fewer virtual consoles. To change the number of and - the settings of the virtual consoles, edit - /etc/ttys. - - Each uncommented line in /etc/ttys - (lines that do not start with a # - character) contains settings for a single terminal or virtual - console. The default version configures nine virtual - consoles, and enables eight of them. They are the lines that - start with ttyv: + Refer to &man.syscons.4;, &man.atkbd.4;, + &man.vidcontrol.1; and &man.kbdcontrol.1; for a more + technical description of the &os; console and its keyboard + drivers. + + In &os;, the number of available virtual + consoles is configured in this + section of + /etc/ttys: # name getty type status comments # @@ -215,19 +185,46 @@ ttyv6 "/usr/libexec/getty Pc" ttyv7 "/usr/libexec/getty Pc" cons25 on secure ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure + + To disable a virtual console, put a comment symbol (#) + at the beginning of the line representing that virtual console. + For example, to reduce the number of available virtual consoles + from eight to four, put a # in front of + the last four lines representing virtual consoles + ttyv5 through + ttyv8. Do not + comment out the line for the system console + ttyv0. Note that the last virtual + console (ttyv8) is used to access + the graphical environment if &xorg; + has been installed and configured as described in . + For a detailed description of every column in this file and the available options for the virtual consoles, refer to &man.ttys.5;. - Single User Mode Console + Single User Mode - A detailed description of single user mode - can be found in . There is - only one console when &os; is in single user mode as no other - virtual consoles are available in this mode. The settings - for single user mode are found in this section of + The &os; boot menu provides an option labelled as + Boot Single User. If this option is selected, + the system will boot into a special mode known as + single user mode. This mode is typically used to + repair a system that will not boot or to reset the + root password when it is not known. + While in single user mode, networking and other + virtual consoles are not available. However, full + root access to the system is available, + and by default, the root password is not + needed. For these reasons, physical access to the keyboard + is needed to boot into this mode and determining who has physical + access to the keyboard is something to consider when securing + a &os; system. + + The settings which control + single user mode are found in this section of /etc/ttys: # name getty type status comments @@ -235,20 +232,25 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off secure - + + By default, the status is set to secure. + This assumes that who has physical access to the keyboard + is either not important or it is controlled by a physical + security policy. If this setting is changed to + insecure, the assumption is that the + environment itself is insecure because anyone can access + the keyboard. When this line is changed to + insecure, &os; will prompt for the + root password when a user selects to boot into single + user mode. + + - As the comments above the console - line indicate, editing secure to - insecure will prompt for the - root password when booting into single - user mode. The default setting enters single user mode - without prompting for a password. - Be careful when changing this setting to - insecure. If the + insecure! If the root password is forgotten, booting into single user mode is still possible, but may be - difficult for someone who is not comfortable with the &os; + difficult for someone who is not familiar with the &os; booting process. @@ -289,44 +291,46 @@ console none UNIX - &os;, being a direct descendant of BSD &unix;, is based on - several key &unix; concepts. The first and most pronounced is - that &os; is a multi-user operating system that can handle - several users working simultaneously on completely unrelated - tasks. The system is responsible for properly sharing and - managing requests for hardware devices, peripherals, memory, and - CPU time fairly to each user. - - Much more information about user accounts is in the chapter - about accounts. It is important to - understand that each person (user) who uses the computer should - be given their own username and password. The system keeps - track of the people using the computer based on this username. - Since it is often the case that several people are working on - the same project &unix; also provides groups. Several users can - be placed in the same group. - - Because the system is capable of supporting multiple users, - everything the system manages has a set of permissions governing - who can read, write, and execute the resource. These - permissions are stored as three octets broken into three pieces, - one for the owner of the file, one for the group that the file - belongs to, and one for everyone else. This numerical - representation works like this: - - - This section will discuss the traditional &unix; - permissions. For finer grained file system access control, - see the - File System Access Control Lists - section. - - + In &os;, every file and directory has an associated set of + permissions and several utilities are available for viewing + and modifying these permissions. Understanding how permissions + work is necessary to make sure that users are able to access + the files that they need and are unable to improperly access + the files used by the operating system or owned by other + users. + + This section discusses the traditional &unix; + permissions used in &os;. For finer grained file system access control, + refer to + . + + In &unix;, basic permissions are assigned using + three types of access: read, write, and execute. These access + types are used to determine file access to the file's owner, + group, and others (everyone else). The read, write, and execute + permissions can be represented as the letters + r, w, and + x. They can also be represented as binary + numbers as each permission is either on or off + (0). When represented as a number, the + order is always read as rwx, where + r has an on value of 4, + w has an on value of 2 + and x has an on value of + 1. + + Table 4.1 summarizes the possible numeric and alphabetic + possibilities. When reading the Directory Listing + column, a - is used to represent a permission + that is set to off. + permissions file permissions - + + &unix; Permissions + @@ -386,7 +390,7 @@ console none - +
&man.ls.1;