Date: Fri, 1 Feb 2013 17:03:42 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40856 - head/en_US.ISO8859-1/books/handbook/basics Message-ID: <201302011703.r11H3gc6091846@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Feb 1 17:03:41 2013 New Revision: 40856 URL: http://svnweb.freebsd.org/changeset/doc/40856 Log: This patch addresses the following: - replaces FreeBSD with &os; - rewording to address "you", redundancy, poor grammar, and verbosity - the console/login prompt was updated to amd64 Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Feb 1 15:57:20 2013 (r40855) +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Fri Feb 1 17:03:41 2013 (r40856) @@ -22,24 +22,22 @@ <sect1 id="basics-synopsis"> <title>Synopsis</title> - <para>The following chapter will cover the basic commands and - functionality of the FreeBSD operating system. Much of this - material is relevant for any &unix;-like operating system. Feel - free to skim over this chapter if you are familiar with the - material. If you are new to FreeBSD, then you will definitely - want to read through this chapter carefully.</para> + <para>This chapter covers the basic commands and functionality of + the &os; operating system. Much of this material is relevant + for any &unix;-like operating system. New &os; users are + encouraged to read through this chapter carefully.</para> <para>After reading this chapter, you will know:</para> <itemizedlist> <listitem> <para>How to use the <quote>virtual consoles</quote> of - FreeBSD.</para> + &os;.</para> </listitem> <listitem> - <para>How &unix; file permissions work along with - understanding file flags in &os;.</para> + <para>How &unix; file permissions and &os; file flags + work.</para> </listitem> <listitem> @@ -87,186 +85,128 @@ <indexterm><primary>virtual consoles</primary></indexterm> <indexterm><primary>terminals</primary></indexterm> - <para>FreeBSD can be used in various ways. One of them is typing + <para>&os; can be used in various ways. One of them is typing commands to a text terminal. A lot of the flexibility and power of a &unix; operating system is readily available at your hands - when using FreeBSD this way. This section describes what + when using &os; this way. This section describes what <quote>terminals</quote> and <quote>consoles</quote> are, and - how you can use them in FreeBSD.</para> + how you can use them in &os;.</para> <sect2 id="consoles-intro"> <title>The Console</title> <indexterm><primary>console</primary></indexterm> - <para>If you have not configured FreeBSD to automatically start - a graphical environment during startup, the system will - present you with a login prompt after it boots, right after - the startup scripts finish running. You will see something - similar to:</para> - - <screen>Additional ABI support:. -Local package initialization:. -Additional TCP options:. - -Fri Sep 20 13:01:06 EEST 2002 + <para>Unless &os; has been configured to automatically start + a graphical environment during startup, the system will boot + into a command line login prompt, as seen in this + example:</para> -FreeBSD/i386 (pc3.example.org) (ttyv0) + <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0) login:</screen> - <para>The messages might be a bit different on your system, but - you will see something similar. The last two lines are what - we are interested in right now. The second last line - reads:</para> - - <programlisting>FreeBSD/i386 (pc3.example.org) (ttyv0)</programlisting> - - <para>This line contains some bits of information about the - system you have just booted. You are looking at a - <quote>FreeBSD</quote> console, running on an Intel or - compatible processor of the x86 architecture<footnote> - <para>This is what <literal>i386</literal> means. Note that - even if you are not running FreeBSD on an Intel 386 CPU, - this is going to be <literal>i386</literal>. It is not - the type of your processor, but the processor - <quote>architecture</quote> that is shown here.</para> - </footnote>. The name of this machine (every &unix; machine - has a name) is <hostid>pc3.example.org</hostid>, and you are - now looking at its system console—the - <devicename>ttyv0</devicename> terminal.</para> - - <para>Finally, the last line is always:</para> - - <programlisting>login:</programlisting> - - <para>This is the part where you are supposed to type in your - <quote>username</quote> to log into FreeBSD. The next section - describes how you can do this.</para> + <para>The first line contains some information about the + system. The <literal>amd64</literal> indicates that the + system in this example is running a 64-bit version of &os;. + The hostname is <hostid>pc3.example.org</hostid>, and + <devicename>ttyv0</devicename> indicates that this is the + system console.</para> + + <para>The second line is the login prompt. The next section + describes how to log into &os; at this prompt.</para> </sect2> <sect2 id="consoles-login"> - <title>Logging into FreeBSD</title> + <title>Logging into &os;</title> - <para>FreeBSD is a multiuser, multiprocessing system. This is + <para>&os; is a multiuser, multiprocessing system. This is the formal description that is usually given to a system that can be used by many different people, who simultaneously run a lot of programs on a single machine.</para> <para>Every multiuser system needs some way to distinguish one - <quote>user</quote> from the rest. In FreeBSD (and all the + <quote>user</quote> from the rest. In &os; (and all the &unix;-like operating systems), this is accomplished by requiring that every user must <quote>log into</quote> the system before being able to run programs. Every user has a unique name (the <quote>username</quote>) and a personal, - secret key (the <quote>password</quote>). FreeBSD will ask + secret key (the <quote>password</quote>). &os; will ask for these two before allowing a user to run any programs.</para> <indexterm><primary>startup scripts</primary></indexterm> - <para>Right after FreeBSD boots and finishes running its startup - scripts<footnote> - <para>Startup scripts are programs that are run - automatically by FreeBSD when booting. Their main - function is to set things up for everything else to run, - and start any services that you have configured to run in - the background doing useful things.</para> - </footnote>, it will present you with a prompt and ask for a - valid username:</para> + <para>When a &os; system boots, startup scripts are + automatically executed in order to prepare the system and to + start any services which have been configured to start at + system boot. Once the system finishes running its startup + scripts, it will present a login prompt:</para> <screen>login:</screen> - <para>For the sake of this example, let us assume that your - username is <username>john</username>. Type - <literal>john</literal> at this prompt and press - <keycap>Enter</keycap>. You should then be presented with a - prompt to enter a <quote>password</quote>:</para> - - <screen>login: <userinput>john</userinput> -Password:</screen> - - <para>Type in <username>john</username>'s password now, and - press <keycap>Enter</keycap>. The password is - <emphasis>not echoed!</emphasis> You need not worry about this - right now. Suffice it to say that it is done for security + <para>Type the username that was configured during <link + linkend="bsdinstall-addusers">system installation</link> and + press <keycap>Enter</keycap>. Then enter the password + associated with the username and press <keycap>Enter</keycap>. + The password is <emphasis>not echoed</emphasis> for security reasons.</para> - <para>If you have typed your password correctly, you should by - now be logged into FreeBSD and ready to try out all the + <para>Once the correct password is input, the message of + the day (<acronym>MOTD</acronym>) will be displayed followed + by a command prompt (a <literal>#</literal>, + <literal>$</literal>, or <literal>%</literal> character). You + are now logged into the &os; console and ready to try the available commands.</para> - - <para>You should see the <acronym>MOTD</acronym> or message of - the day followed by a command prompt (a <literal>#</literal>, - <literal>$</literal>, or <literal>%</literal> character). - This indicates you have successfully logged into - FreeBSD.</para> </sect2> <sect2 id="consoles-virtual"> - <title>Multiple Consoles</title> + <title>Virtual Consoles</title> - <para>Running &unix; commands in one console is fine, but - FreeBSD can run many programs at once. Having one console - where commands can be typed would be a bit of a waste when an - operating system like FreeBSD can run dozens of programs at - the same time. This is where <quote>virtual consoles</quote> - can be very helpful.</para> - - <para>FreeBSD can be configured to present you with many - different virtual consoles. You can switch from one of them - to any other virtual console by pressing a couple of keys on - your keyboard. Each console has its own different output - channel, and FreeBSD takes care of properly redirecting - keyboard input and monitor output as you switch from one - virtual console to the next.</para> - - <para>Special key combinations have been reserved by FreeBSD for - switching consoles<footnote> - <para>A fairly technical and accurate description of all the - details of the FreeBSD console and keyboard drivers can be - found in the manual pages of &man.syscons.4;, - &man.atkbd.4;, &man.vidcontrol.1; and &man.kbdcontrol.1;. - We will not expand on the details here, but the interested - reader can always consult the manual pages for a more - detailed and thorough explanation of how things - work.</para> - </footnote>. You can use + <para>&os; can be configured to provide many virtual consoles + for inputting commands. Each virtual console has its own + login prompt and output channel, and &os; takes care of + properly redirecting keyboard input and monitor output as you + switch between virtual consoles.</para> + + <para>Special key combinations have been reserved by &os; for + switching consoles.<footnote> + <para>Refer to &man.syscons.4;, &man.atkbd.4;, + &man.vidcontrol.1; and &man.kbdcontrol.1; for a more + technical description of the &os; console and its keyboard + drivers.</para></footnote>. Use <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo>, <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo>, through <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> - to switch to a different virtual console in FreeBSD.</para> + to switch to a different virtual console in &os;.</para> - <para>As you are switching from one console to the next, FreeBSD - takes care of saving and restoring the screen output. The - result is an <quote>illusion</quote> of having multiple - <quote>virtual</quote> screens and keyboards that you can use - to type commands for FreeBSD to run. The programs that you - launch on one virtual console do not stop running when that - console is not visible. They continue running when you have - switched to a different virtual console.</para> + <para>When switching from one console to the next, &os; takes + care of saving and restoring the screen output. The result is + an <quote>illusion</quote> of having multiple + <quote>virtual</quote> screens and keyboards that can be used + to type commands for &os; to run. The programs that are + launched in one virtual console do not stop running when that + console is not visible because the user has switched to a + different virtual console.</para> </sect2> <sect2 id="consoles-ttys"> <title>The <filename>/etc/ttys</filename> File</title> - <para>The default configuration of FreeBSD will start up with - eight virtual consoles. This is not a hardwired setting - though, and you can easily customize your installation to boot - with more or fewer virtual consoles. The number and settings - of the virtual consoles are configured in the - <filename>/etc/ttys</filename> file.</para> - - <para>You can use the <filename>/etc/ttys</filename> file to - configure the virtual consoles of FreeBSD. Each uncommented - line in this file (lines that do not start with a - <literal>#</literal> character) contains settings for a single - terminal or virtual console. The default version of this file - that ships with FreeBSD configures nine virtual consoles, and - enables eight of them. They are the lines that start with - <literal>ttyv</literal>:</para> + <para>By default, &os; is configured to start eight virtual + consoles. The configuration can be customized to start + more or fewer virtual consoles. To change the number of and + the settings of the virtual consoles, edit + <filename>/etc/ttys</filename>.</para> + + <para>Each uncommented line in <filename>/etc/ttys</filename> + (lines that do not start with a <literal>#</literal> + character) contains settings for a single terminal or virtual + console. The default version configures nine virtual + consoles, and enables eight of them. They are the lines that + start with <literal>ttyv</literal>:</para> - <programlisting># name getty type status comments + <programlisting># name getty type status comments # ttyv0 "/usr/libexec/getty Pc" cons25 on secure # Virtual terminals @@ -280,73 +220,69 @@ ttyv7 "/usr/libexec/getty Pc" ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting> <para>For a detailed description of every column in this file - and all the options you can use to set things up for the - virtual consoles, consult the &man.ttys.5; manual page.</para> + and the available options for the virtual consoles, refer to + &man.ttys.5;.</para> </sect2> <sect2 id="consoles-singleuser"> <title>Single User Mode Console</title> - <para>A detailed description of what - <quote>single user mode</quote> is can be found in - <xref linkend="boot-singleuser"/>. It is worth noting that - there is only one console when you are running FreeBSD in - single user mode. There are no virtual consoles available. - The settings of the single user mode console can also be found - in the <filename>/etc/ttys</filename> file. Look for the line - that starts with <literal>console</literal>:</para> + <para>A detailed description of <quote>single user mode</quote> + can be found <link linkend="boot-singleuser">here</link>. + There is only one console when &os; is in single user mode as + no other virtual consoles are available in this mode. The + settings for single user mode are found in this section of + <filename>/etc/ttys</filename>:</para> - <programlisting># name getty type status comments + <programlisting># name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. -console none unknown off secure</programlisting> +console none unknown off secure</programlisting> <note> <para>As the comments above the <literal>console</literal> - line indicate, you can edit this line and change - <literal>secure</literal> to <literal>insecure</literal>. - If you do that, when FreeBSD boots into single user mode, it - will still ask for the <username>root</username> - password.</para> + line indicate, editing <literal>secure</literal> to + <literal>insecure</literal> will prompt for the + <username>root</username> password when booting into single + user mode. The default setting enters single user mode + without prompting for a password.</para> - <para><emphasis>Be careful when changing this to + <para><emphasis>Be careful when changing this setting to <literal>insecure</literal></emphasis>. If you ever forget the <username>root</username> password, booting into - single user mode is a bit involved. It is still possible, - but it might be a bit hard for someone who is not very - comfortable with the FreeBSD booting process and the - programs involved.</para> + single user mode is still possible, but may be difficult for + someone who is not comfortable with the &os; booting + process.</para> </note> </sect2> <sect2 id="consoles-vidcontrol"> <title>Changing Console Video Modes</title> - <para>The FreeBSD console default video mode may be adjusted to - 1024x768, 1280x1024, or any other size supported by your + <para>The &os; console default video mode may be adjusted to + 1024x768, 1280x1024, or any other size supported by the graphics chip and monitor. To use a different video mode load the <literal>VESA</literal> module:</para> <screen>&prompt.root; <userinput>kldload vesa</userinput></screen> - <para>Then determine what video modes are supported - by your hardware by using &man.vidcontrol.1;. To - get a list of supported video modes issue the - following:</para> + <para>To determine which video modes are supported by the + hardware, use &man.vidcontrol.1;. To get a list of supported + video modes issue the following:</para> <screen>&prompt.root; <userinput>vidcontrol -i mode</userinput></screen> - <para>The output of this command is a list of video modes that - are supported by your hardware. You can then choose to use a - new video mode by passing it to &man.vidcontrol.1; in a - <username>root</username> console:</para> + <para>The output of this command lists the video modes that + are supported by the hardware. To select a new video mode, + specify the mode using &man.vidcontrol.1; as the + <username>root</username> user:</para> <screen>&prompt.root; <userinput>vidcontrol MODE_279</userinput></screen> <para>If the new video mode is acceptable, it can be permanently - set on boot by setting it in the - <filename>/etc/rc.conf</filename> file:</para> + set on boot by adding it to + <filename>/etc/rc.conf</filename>:</para> <programlisting>allscreens_flags="MODE_279"</programlisting> </sect2> @@ -357,13 +293,13 @@ console none <indexterm><primary>UNIX</primary></indexterm> - <para>FreeBSD, being a direct descendant of BSD &unix;, is based + <para>&os;, being a direct descendant of BSD &unix;, is based on several key &unix; concepts. The first and most pronounced - is that FreeBSD is a multi-user operating system. The system - can handle several users all working simultaneously on - completely unrelated tasks. The system is responsible for - properly sharing and managing requests for hardware devices, - peripherals, memory, and CPU time fairly to each user.</para> + is that &os; is a multi-user operating system that can handle + several users working simultaneously on completely unrelated + tasks. The system is responsible for properly sharing and + managing requests for hardware devices, peripherals, memory, and + CPU time fairly to each user.</para> <para>Because the system is capable of supporting multiple users, everything the system manages has a set of permissions governing @@ -443,69 +379,59 @@ console none </indexterm> <indexterm><primary>directories</primary></indexterm> - <para>You can use the <option>-l</option> command line - argument to &man.ls.1; to view a long directory listing that - includes a column with information about a file's permissions - for the owner, group, and everyone else. For example, a - <command>ls -l</command> in an arbitrary directory may - show:</para> + <para>Use the <option>-l</option> argument to &man.ls.1; to view a + long directory listing that includes a column of information + about a file's permissions for the owner, group, and everyone + else. For example, a <command>ls -l</command> in an arbitrary + directory may show:</para> <screen>&prompt.user; <userinput>ls -l</userinput> total 530 -rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile -rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile --rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt -...</screen> +-rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt</screen> - <para>Here is how the first column of <command>ls -l</command> is - broken up:</para> - - <screen>-rw-r--r--</screen> - - <para>The first (leftmost) character tells if this file is a - regular file, a directory, a special character device, a socket, - or any other special pseudo-file device. In this case, the - <literal>-</literal> indicates a regular file. The next three - characters, <literal>rw-</literal> in this example, give the - permissions for the owner of the file. The next three - characters, <literal>r--</literal>, give the permissions for the - group that the file belongs to. The final three characters, - <literal>r--</literal>, give the permissions for the rest of the - world. A dash means that the permission is turned off. In the - case of this file, the permissions are set so the owner can read - and write to the file, the group can read the file, and the rest - of the world can only read the file. According to the table - above, the permissions for this file would be - <literal>644</literal>, where each digit represents the three - parts of the file's permission.</para> - - <para>This is all well and good, but how does the system control - permissions on devices? FreeBSD actually treats most hardware - devices as a file that programs can open, read, and write data - to just like any other file. These special device files are - stored on the <filename>/dev</filename> directory.</para> + <para>The first (leftmost) character in the first column indicates + whether this file is a regular file, a directory, a special + character device, a socket, or any other special pseudo-file + device. In this example, the <literal>-</literal> indicates a + regular file. The next three characters, <literal>rw-</literal> + in this example, give the permissions for the owner of the file. + The next three characters, <literal>r--</literal>, give the + permissions for the group that the file belongs to. The final + three characters, <literal>r--</literal>, give the permissions + for the rest of the world. A dash means that the permission is + turned off. In this example, the permissions are set so the + owner can read and write to the file, the group can read the + file, and the rest of the world can only read the file. + According to the table above, the permissions for this file + would be <literal>644</literal>, where each digit represents the + three parts of the file's permission.</para> + + <para>How does the system control permissions on devices? &os; + treats most hardware devices as a file that programs can open, + read, and write data to. These special device files are + stored in <filename class="directory">/dev/</filename>.</para> <para>Directories are also treated as files. They have read, write, and execute permissions. The executable bit for a directory has a slightly different meaning than that of files. - When a directory is marked executable, it means it can be - traversed into, that is, it is possible to <quote>cd</quote> - (change directory) into it. This also means that within the - directory it is possible to access files whose names are known - (subject, of course, to the permissions on the files - themselves).</para> - - <para>In particular, in order to perform a directory listing, read - permission must be set on the directory, whilst to delete a file - that one knows the name of, it is necessary to have write + When a directory is marked executable, it means it is possible + to change into that directory using + <application>cd</application>. This also means that it is + possible to access the files within that directory, subject to + the permissions on the files themselves.</para> + + <para>In order to perform a directory listing, the read permission + must be set on the directory. In order to delete a file that + one knows the name of, it is necessary to have write <emphasis>and</emphasis> execute permissions to the directory containing the file.</para> <para>There are more permission bits, but they are primarily used in special circumstances such as setuid binaries and sticky - directories. If you want more information on file permissions - and how to set them, be sure to look at the &man.chmod.1; manual - page.</para> + directories. For more information on file permissions and how + to set them, refer to &man.chmod.1;.</para> <sect2> <sect2info> @@ -525,11 +451,11 @@ total 530 <secondary>symbolic</secondary> </indexterm> - <para>Symbolic permissions, sometimes referred to as symbolic - expressions, use characters in place of octal values to assign - permissions to files or directories. Symbolic expressions use - the syntax of (who) (action) (permissions), where the - following values are available:</para> + <para>Symbolic permissions use characters instead of octal + values to assign permissions to files or directories. + Symbolic permissions use the syntax of (who) (action) + (permissions), where the following values are + available:</para> <informaltable frame="none" pgwide="1"> <tgroup cols="3"> @@ -617,18 +543,18 @@ total 530 </tgroup> </informaltable> - <para>These values are used with the &man.chmod.1; command - just like before, but with letters. For an example, you could - use the following command to block other users from accessing + <para>These values are used with &man.chmod.1;, but with + letters instead of numbers. For example, the following + command would block other users from accessing <replaceable>FILE</replaceable>:</para> <screen>&prompt.user; <userinput>chmod go= FILE</userinput></screen> <para>A comma separated list can be provided when more than one - set of changes to a file must be made. For example the - following command will remove the group and + set of changes to a file must be made. For example, the + following command removes the group and <quote>world</quote> write permission on - <replaceable>FILE</replaceable>, then it adds the execute + <replaceable>FILE</replaceable>, and adds the execute permissions for everyone:</para> <screen>&prompt.user; <userinput>chmod go-w,a+x <replaceable>FILE</replaceable></userinput></screen> @@ -653,43 +579,37 @@ total 530 <title>&os; File Flags</title> - <para>In addition to file permissions discussed previously, &os; - supports the use of <quote>file flags.</quote> These flags add - an additional level of security and control over files, but - not directories.</para> - - <para>These file flags add an additional level of control over - files, helping to ensure that in some cases not even the - <username>root</username> can remove or alter files.</para> - - <para>File flags are altered by using the &man.chflags.1; - utility, using a simple interface. For example, to enable the - system undeletable flag on the file + <para>In addition to file permissions, &os; supports the use of + <quote>file flags</quote>. These flags add an additional + level of security and control over files, but not + directories. With file flags, even + <username>root</username> can be prevented from removing or + altering files.</para> + + <para>File flags are modified using &man.chflags.1;. For + example, to enable the system undeletable flag on the file <filename>file1</filename>, issue the following command:</para> <screen>&prompt.root; <userinput>chflags sunlink <filename>file1</filename></userinput></screen> - <para>And to disable the system undeletable flag, - issue the previous command with <quote>no</quote> in - front of the <option>sunlink</option>. Observe:</para> + <para>To disable the system undeletable flag, put a + <quote>no</quote> in front of the + <option>sunlink</option>:</para> <screen>&prompt.root; <userinput>chflags nosunlink <filename>file1</filename></userinput></screen> - <para>To view the flags of this file, use the &man.ls.1; command - with the <option>-lo</option> flags:</para> + <para>To view the flags of a file, use <option>-lo</option> with + &man.ls.1;:</para> <screen>&prompt.root; <userinput>ls -lo <filename>file1</filename></userinput></screen> - <para>The output should look like the following:</para> - <programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting> - <para>Several flags may only added or removed to files by the + <para>Several file flags may only added or removed by the <username>root</username> user. In other cases, the file - owner may set these flags. It is recommended that - administrators read over the &man.chflags.1; and - &man.chflags.2; manual pages for more information.</para> + owner may set its file flags. Refer to &man.chflags.1; and + &man.chflags.2; for more information.</para> </sect2> <sect2> @@ -709,56 +629,54 @@ total 530 <para>Other than the permissions already discussed, there are three other specific settings that all administrators should know about. They are the <literal>setuid</literal>, - <literal>setgid</literal> and <literal>sticky</literal> + <literal>setgid</literal>, and <literal>sticky</literal> permissions.</para> <para>These settings are important for some &unix; operations as they provide functionality not normally granted to normal users. To understand them, the difference between the real - user ID and effective user ID must also be noted.</para> + user ID and effective user ID must be noted.</para> <para>The real user ID is the <acronym>UID</acronym> who owns or starts the process. The effective <acronym>UID</acronym> - is the user ID the process runs as. As an example, the - &man.passwd.1; utility runs with the real user ID as the - user changing their password; however, to manipulate the - password database, it runs as the effective ID of the - <username>root</username> user. This is what allows normal - users to change their passwords without seeing a + is the user ID the process runs as. As an example, + &man.passwd.1; runs with the real user ID when a user changes + their password. However, in order to update the password + database, the command runs as the effective ID of the + <username>root</username> user. This allows users to change + their passwords without seeing a <errorname>Permission Denied</errorname> error.</para> - <note> - <para>The <literal>nosuid</literal> &man.mount.8; option will - cause these binaries to silently fail. That is, they will - fail to execute without ever alerting the user. That option - is also not completely reliable as a - <literal>nosuid</literal> wrapper may be able to circumvent - it; according to the &man.mount.8; manual page.</para> - </note> - <para>The setuid permission may be set by prefixing a permission set with the number four (4) as shown in the following example:</para> <screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen> - <para>The permissions on the + <para>The permissions on <filename><replaceable>suidexample.sh</replaceable></filename> - file should now look like the following:</para> + now look like the following:</para> <programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting> - <para>It should be noticeable from this example that an - <literal>s</literal> is now part of the permission set - designated for the file owner, replacing the executable - bit. This allows utilities which need elevated permissions, - such as <command>passwd</command>.</para> + <para>Note that a <literal>s</literal> is now part of the + permission set designated for the file owner, replacing the + executable bit. This allows utilities which need elevated + permissions, such as <command>passwd</command>.</para> + + <note> + <para>The <literal>nosuid</literal> &man.mount.8; option will + cause such binaries to silently fail without alerting + the user. That option is not completely reliable as a + <literal>nosuid</literal> wrapper may be able to circumvent + it.</para> + </note> <para>To view this in real time, open two terminals. On one, start the <command>passwd</command> process as a normal user. While it waits for a new password, check the process - table and look at the user information of the - <command>passwd</command> command.</para> + table and look at the user information for + <command>passwd</command>:</para> <para>In terminal A:</para> @@ -779,17 +697,17 @@ root 5211 0.0 0.2 3620 1724 2 <para>The <literal>setgid</literal> permission performs the same function as the <literal>setuid</literal> permission; except that it alters the group settings. When an application - or utility is ran with this setting, it will be granted the - permissions based on the group that owns the file, not - the user who started the process.</para> + or utility executes with this setting, it will be granted the + permissions based on the group that owns the file, not the + user who started the process.</para> <para>To set the <literal>setgid</literal> permission on a - file, provide the <command>chmod</command> command with a - leading two (2) as in the following example:</para> + file, provide <command>chmod</command> with a leading two + (2):</para> <screen>&prompt.root; <userinput>chmod 2755 sgidexample.sh</userinput></screen> - <para>The new setting may be viewed as before, notice the + <para>In the following listing, notice that the <literal>s</literal> is now in the field designated for the group permission settings:</para> @@ -803,33 +721,29 @@ root 5211 0.0 0.2 3620 1724 2 &man.setuid.2; system calls.</para> </note> - <para>The first two special permission bits we discussed - (the <literal>setuid</literal> and <literal>setgid</literal> - permission bits) may lower system security, by allowing for - elevated permissions. There is a third special permission bit - that can strengthen the security of a system: the - <literal>sticky bit</literal>.</para> - - <para>The <literal>sticky bit</literal>, when set on a - directory, allows file deletion only by the file owner. This - permission set is useful to prevent file deletion in public - directories, such as - <filename class="directory">/tmp</filename>, by users who do - not own the file. To utilize this permission, prefix the - permission with a one (1). For example:</para> + <para>The <literal>setuid</literal> and + <literal>setgid</literal> permission bits may lower system + security, by allowing for elevated permissions. The third + special permission, the <literal>sticky bit</literal>, can + strengthen the security of a system.</para> + + <para>When the <literal>sticky bit</literal> is set on a + directory, it allows file deletion only by the file owner. + This is useful to prevent file deletion in public directories, + such as <filename class="directory">/tmp</filename>, by users + who do not own the file. To utilize this permission, prefix + the permission set with a one (1):</para> <screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen> - <para>Now, it is possible to see the effect by using the - <command>ls</command> command:</para> + <para>The <literal>sticky bit</literal> permission will display + as a <literal>t</literal> at the very end of the permission + set:</para> <screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen> <screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen> - <para>The <literal>sticky bit</literal> permission is - distinguishable from the <literal>t</literal> at the very - end of the set.</para> </sect2> </sect1> @@ -838,35 +752,35 @@ root 5211 0.0 0.2 3620 1724 2 <indexterm><primary>directory hierarchy</primary></indexterm> - <para>The FreeBSD directory hierarchy is fundamental to obtaining + <para>The &os; directory hierarchy is fundamental to obtaining an overall understanding of the system. The most important - concept to grasp is that of the root directory, - <quote>/</quote>. This directory is the first one mounted at - boot time and it contains the base system necessary to prepare - the operating system for multi-user operation. The root - directory also contains mount points for other file systems that - are mounted during the transition to multi-user - operation.</para> + directory is root or, <quote>/</quote>. This directory is the + first one mounted at boot time and it contains the base system + necessary to prepare the operating system for multi-user + operation. The root directory also contains mount points for + other file systems that are mounted during the transition to + multi-user operation.</para> <para>A mount point is a directory where additional file systems can be grafted onto a parent file system (usually the root file - system). This is further described in - <xref linkend="disk-organization"/>. Standard mount points - include <filename>/usr</filename>, <filename>/var</filename>, - <filename>/tmp</filename>, <filename>/mnt</filename>, and - <filename>/cdrom</filename>. These directories are usually - referenced to entries in the file - <filename>/etc/fstab</filename>. - <filename>/etc/fstab</filename> is a table of various file - systems and mount points for reference by the system. Most of - the file systems in <filename>/etc/fstab</filename> are mounted - automatically at boot time from the script &man.rc.8; unless - they contain the <option>noauto</option> option. Details can be - found in <xref linkend="disks-fstab"/>.</para> + system). This is further described in <xref + linkend="disk-organization"/>. Standard mount points + include <filename class="directory">/usr/</filename>, + <filename class="directory">/var/</filename>, + <filename class="directory">/tmp/</filename>, + <filename class="directory">/mnt/</filename>, and + <filename class="directory">/cdrom/</filename>. These + directories are usually referenced to entries in + <filename>/etc/fstab</filename>. This file is a table of + various file systems and mount points and is read by the system. + Most of the file systems in <filename>/etc/fstab</filename> are + mounted automatically at boot time from the script &man.rc.8; + unless their entry includes <option>noauto</option>. Details + can be found in <xref linkend="disks-fstab"/>.</para> <para>A complete description of the file system hierarchy is - available in &man.hier.7;. For now, a brief overview of the - most common directories will suffice.</para> + available in &man.hier.7;. The following table provides a brief + overview of the most common directories.</para> <para> <informaltable frame="none" pgwide="1"> @@ -900,14 +814,15 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/boot/defaults/</filename></entry> - <entry>Default bootstrapping configuration files; see - &man.loader.conf.5;.</entry> + <entry>Default boot configuration files. Refer to + &man.loader.conf.5; for details.</entry> </row> <row> <entry><filename class="directory">/dev/</filename></entry> - <entry>Device nodes; see &man.intro.4;.</entry> + <entry>Device nodes. Refer to &man.intro.4; for + details.</entry> </row> <row> @@ -919,8 +834,8 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/etc/defaults/</filename></entry> - <entry>Default system configuration files; see - &man.rc.8;.</entry> + <entry>Default system configuration files. Refer to + &man.rc.8; for details.</entry> </row> <row> @@ -933,22 +848,23 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/etc/namedb/</filename></entry> - <entry><command>named</command> configuration files; see - &man.named.8;.</entry> + <entry><command>named</command> configuration files. + Refer to &man.named.8; for details.</entry> </row> <row> <entry><filename class="directory">/etc/periodic/</filename></entry> - <entry>Scripts that are run daily, weekly, and monthly, - via &man.cron.8;; see &man.periodic.8;.</entry> + <entry>Scripts that run daily, weekly, and monthly, + via &man.cron.8;. Refer to &man.periodic.8; for + details.</entry> </row> <row> <entry><filename class="directory">/etc/ppp/</filename></entry> - <entry><command>ppp</command> configuration files; see - &man.ppp.8;.</entry> + <entry><command>ppp</command> configuration files as + described in &man.ppp.8;.</entry> </row> <row> @@ -961,15 +877,15 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/proc/</filename></entry> - <entry>Process file system; see &man.procfs.5;, - &man.mount.procfs.8;.</entry> + <entry>Process file system. Refer to &man.procfs.5;, + &man.mount.procfs.8; for details.</entry> </row> <row> <entry><filename class="directory">/rescue/</filename></entry> <entry>Statically linked programs for emergency - recovery; see &man.rescue.8;.</entry> + recovery as described in &man.rescue.8;.</entry> </row> <row> @@ -990,15 +906,14 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/tmp/</filename></entry> - <entry>Temporary files. The contents of - <filename class="directory">/tmp</filename> are - usually NOT preserved across a system reboot. A - memory-based file system is often mounted at - <filename class="directory">/tmp</filename>. This can - be automated using the tmpmfs-related variables of - &man.rc.conf.5; (or with an entry in - <filename>/etc/fstab</filename>; see - &man.mdmfs.8;).</entry> + <entry>Temporary files which are usually + <emphasis>not</emphasis> preserved across a system + reboot. A memory-based file system is often mounted + at <filename class="directory">/tmp</filename>. This + can be automated using the tmpmfs-related variables of + &man.rc.conf.5; or with an entry in + <filename>/etc/fstab</filename>; refer to + &man.mdmfs.8; for details.</entry> </row> <row> @@ -1037,15 +952,15 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/usr/libexec/</filename></entry> - <entry>System daemons & system utilities (executed - by other programs).</entry> + <entry>System daemons and system utilities executed + by other programs.</entry> </row> <row> <entry><filename class="directory">/usr/local/</filename></entry> - <entry>Local executables, libraries, etc. Also used as - the default destination for the FreeBSD ports + <entry>Local executables and libraries. Also used as + the default destination for the &os; ports framework. Within <filename>/usr/local</filename>, the general layout sketched out by &man.hier.7; for <filename>/usr</filename> should be used. Exceptions @@ -1067,14 +982,14 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename class="directory">/usr/ports/</filename></entry> - <entry>The FreeBSD Ports Collection (optional).</entry> + <entry>The &os; Ports Collection (optional).</entry> </row> <row> <entry><filename class="directory">/usr/sbin/</filename></entry> - <entry>System daemons & system utilities (executed - by users).</entry> + <entry>System daemons and system utilities executed + by users.</entry> </row> <row> @@ -1091,22 +1006,15 @@ root 5211 0.0 0.2 3620 1724 2 <row> <entry><filename - class="directory">/usr/X11R6/</filename></entry> - <entry>X11R6 distribution executables, libraries, etc - (optional).</entry> - </row> - - <row> - <entry><filename class="directory">/var/</filename></entry> <entry>Multi-purpose log, temporary, transient, and spool files. A memory-based file system is sometimes - mounted at - <filename class="directory">/var</filename>. This can - be automated using the varmfs-related variables of - &man.rc.conf.5; (or with an entry in - <filename>/etc/fstab</filename>; see *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302011703.r11H3gc6091846>