From owner-svn-doc-all@FreeBSD.ORG Thu Feb 21 14:06:06 2013 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C4915BD; Thu, 21 Feb 2013 14:06:06 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id B5D3D6F1; Thu, 21 Feb 2013 14:06:06 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r1LE66H8041471; Thu, 21 Feb 2013 14:06:06 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r1LE66bl041470; Thu, 21 Feb 2013 14:06:06 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201302211406.r1LE66bl041470@svn.freebsd.org> From: Dru Lavigne Date: Thu, 21 Feb 2013 14:06:06 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r41024 - head/en_US.ISO8859-1/books/handbook/users X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2013 14:06:06 -0000 Author: dru Date: Thu Feb 21 14:06:06 2013 New Revision: 41024 URL: http://svnweb.freebsd.org/changeset/doc/41024 Log: Initial content fix. This patch addresses the following: - &os; - rewording "you" with some tightening and clarifying - fix xref, acronym, and directory tags - changed 14.3-14.5 from sect2 to sect3--this may benefit from a beginning section 2 (e.g. Type of Accounts) to take it out of the intro Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/users/chapter.xml Wed Feb 20 19:00:52 2013 (r41023) +++ head/en_US.ISO8859-1/books/handbook/users/chapter.xml Thu Feb 21 14:06:06 2013 (r41024) @@ -22,39 +22,32 @@ Synopsis - FreeBSD allows multiple users to use the computer at the - same time. Obviously, only one of those users can be sitting in - front of the screen and keyboard at any one time - Well, unless you hook up multiple terminals, but - we will save that for . - , but any number of users can log in through the - network to get their work done. To use the system every user - must have an account. + &os; allows multiple users to use the computer at the same + time. While only one user can sit in front of the screen and + use the keyboard at any one time, any number of users can log + in to the system through the network. To use the system, every + user must have a user account. After reading this chapter, you will know: The differences between the various user accounts on a - FreeBSD system. + &os; system. - How to add user accounts. - - - - How to remove user accounts. + How to add and remove user accounts. How to change account details, such as the user's full - name, or preferred shell. + name or preferred shell. - How to set limits on a per-account basis, to control the - resources such as memory and CPU time that accounts and + How to set limits on a per-account basis to control the + resources, such as memory and CPU time, that accounts and groups of accounts are allowed to access. @@ -68,8 +61,8 @@ - Understand the basics of &unix; and FreeBSD (). + Understand the basics of &unix; + and &os;. @@ -77,11 +70,11 @@ Introduction - All access to the system is achieved via accounts, and all - processes are run by users, so user and account management are - of integral importance on FreeBSD systems. + Since all access to the &os; system is achieved via accounts + and all processes are run by users, user and account management + is important. - Every account on a FreeBSD system has certain information + Every account on a &os; system has certain information associated with it to identify the account. @@ -89,13 +82,13 @@ User name - The user name as it would be typed at the - login: prompt. User names must be unique - across the computer; you may not have two users with the - same user name. There are a number of rules for creating - valid user names, documented in &man.passwd.5;; you would - typically use user names that consist of eight or fewer - all lower case characters. + The user name is typed at the login: + prompt. User names must be unique on the system as no two + users can have the same user name. There are a number of + rules for creating valid user names, documented in + &man.passwd.5;. Typically user names consist of eight or + fewer all lower case characters in order to maintain + backwards compatibility with applications. @@ -103,47 +96,48 @@ Password - Each account has a password associated with it. The - password may be blank, in which case no password will be - required to access the system. This is normally a very - bad idea; every account should have a password. + Each account has an associated password. While the + password can be blank, this is highly discouraged and + every account should have a password. - User ID (UID) + User ID (UID) - The UID is a number, traditionally from 0 to - 65535 - It is possible to use UID/GIDs as large as - 4294967295, but such IDs can cause serious problems - with software that makes assumptions about the values - of IDs. + The User ID (UID) is a number, + traditionally from 0 to 65535 + It is possible to use + UIDs/GIDs as + large as 4294967295, but such IDs can cause serious + problems with software that makes assumptions about + the values of IDs. , used to uniquely identify the user to the - system. Internally, FreeBSD uses the UID to - identify users—any FreeBSD commands that allow - you to specify a user name will convert it to the UID - before working with it. This means that you can have - several accounts with different user names but the - same UID. As far as FreeBSD is concerned these - accounts are one user. It is unlikely you will ever - need to do this. + system. Internally, &os; uses the + UID to identify users. Commands that + allow a user name to be specified will first convert it to + the UID. Though unlikely, it is + possible for several accounts with different user names to + share the same UID. As far as &os; is + concerned, these accounts are one user. - Group ID (GID) + Group ID (GID) - The GID is a number, traditionally from 0 to - 65535, used to - uniquely identify the primary group that the user belongs - to. Groups are a mechanism for controlling access to - resources based on a user's GID rather than their UID. - This can significantly reduce the size of some - configuration files. A user may also be in more than one - group. + The Group ID (GID) is a number, + traditionally from 0 to 65535, used to uniquely identify + the primary group that the user belongs to. Groups are a + mechanism for controlling access to resources based on a + user's GID rather than their + UID. This can significantly reduce the + size of some configuration files. A user may also be a + member of more than one group. @@ -161,10 +155,10 @@ Password change time - By default FreeBSD does not force users to change - their passwords periodically. You can enforce this on a - per-user basis, forcing some or all of your users to - change their passwords after a certain amount of time has + By default &os; does not force users to change their + passwords periodically. This can be enforced on a + per-user basis, forcing some or all users to change their + passwords after a certain amount of time has elapsed. @@ -173,11 +167,10 @@ Account expiry time - By default FreeBSD does not expire accounts. If you - are creating accounts that you know have a limited - lifespan, for example, in a school where you have accounts - for the students, then you can specify when the account - expires. After the expiry time has elapsed the account + By default &os; does not expire accounts. When + creating accounts that need a limited lifespan, such as + student accounts in a school, specify the account expiry + date. After the expiry time has elapsed, the account cannot be used to log in to the system, although the account's directories and files will remain. @@ -187,9 +180,9 @@ User's full name - The user name uniquely identifies the account to - FreeBSD, but does not necessarily reflect the user's real - name. This information can be associated with the + The user name uniquely identifies the account to &os;, + but does not necessarily reflect the user's real name. + This information can be associated with the account. @@ -199,15 +192,14 @@ The home directory is the full path to a directory on - the system in which the user will start when logging on to - the system. A common convention is to put all user home - directories under - /home/username - or - /usr/home/username. - The user would store their personal files in their home - directory, and any directories they may create in - there. + the system. This is the user's starting directory when + the user logs in. A common convention is to put all user + home directories under /home/username + or /usr/home/username. + Each user stores their personal files and subdirectories + in their own home directory. @@ -225,105 +217,105 @@ There are three main types of accounts: the Superuser, system users, and user accounts. The Superuser + linkend="users-superuser">superuser, system accounts, and user accounts. The superuser account, usually called root, is used to manage the system with no limitations on privileges. System - users run services. Finally, user accounts are used by real - people, who log on, read mail, and so forth. - + accounts are used to run services. User accounts are + assigned to real people and are used to log in and use the + system. - - The Superuser Account + + The Superuser Account - - accounts - superuser (root) - - The superuser account, usually called - root, comes preconfigured to facilitate - system administration, and should not be used for day-to-day - tasks like sending and receiving mail, general exploration of - the system, or programming. - - This is because the superuser, unlike normal user accounts, - can operate without limits, and misuse of the superuser account - may result in spectacular disasters. User accounts are unable - to destroy the system by mistake, so it is generally best to use - normal user accounts whenever possible, unless you especially - need the extra privilege. - - You should always double and triple-check commands you issue - as the superuser, since an extra space or missing character can - mean irreparable data loss. - - So, the first thing you should do after reading this - chapter is to create an unprivileged user account for yourself - for general usage if you have not already. This applies equally - whether you are running a multi-user or single-user machine. - Later in this chapter, we discuss how to create additional - accounts, and how to change between the normal user and - superuser. - + + accounts + superuser (root) + + The superuser account, usually called + root, is used to perform system + administration tasks and should not be used for day-to-day + tasks like sending and receiving mail, general exploration of + the system, or programming. + + This is because the superuser, unlike normal user + accounts, can operate without limits, and misuse of the + superuser account may result in spectacular disasters. User + accounts are unable to destroy the system by mistake, so it is + generally best to use normal user accounts whenever possible, + unless extra privilege is required. + + Always double and triple-check any commands issued as the + superuser, since an extra space or missing character can mean + irreparable data loss. + + Always create a user account for the system administrator + and use this account to log in to the system for general + usage. This applies equally to multi-user or single-user + systems. Later sections will discuss how to create additional + accounts and how to change between the normal user and + superuser. + - - System Accounts + + System Accounts - - accounts - system - - System users are those used to run services such as DNS, - mail, web servers, and so forth. The reason for this is - security; if all services ran as the superuser, they could - act without restriction. + + accounts + system + + System accounts are used to run services such as DNS, + mail, and web servers. The reason for this is security; if + all services ran as the superuser, they could act without + restriction. - - accounts - daemon - - - accounts - operator - - Examples of system users are daemon, - operator, bind (for - the Domain Name Service), news, and - www. + + accounts + daemon + + + accounts + operator + + Examples of system accounts are + daemon, operator, + bind, news, and + www. - - accounts - nobody - - nobody is the generic unprivileged - system user. However, it is important to keep in mind that the - more services that use nobody, the more - files and processes that user will become associated with, and - hence the more privileged that user becomes. - + + accounts + nobody + + nobody is the generic unprivileged + system account. However, the more services that use + nobody, the more files and processes that + user will become associated with, and hence the more + privileged that user becomes. + - - User Accounts + + User Accounts - - accounts - user - - User accounts are the primary means of access for real - people to the system, and these accounts insulate the user and - the environment, preventing the users from damaging the system - or other users, and allowing users to customize their - environment without affecting others. - - Every person accessing your system should have a unique user - account. This allows you to find out who is doing what, prevent - people from clobbering each others' settings or reading each - others' mail, and so forth. - - Each user can set up their own environment to accommodate - their use of the system, by using alternate shells, editors, key - bindings, and language. + + accounts + user + + User accounts are the primary means of access for real + people to the system. User accounts insulate the user and + the environment, preventing users from damaging the system + or other users, and allowing users to customize their + environment without affecting others. + + Every person accessing the system should have a unique + user account. This allows the administrator to find out who + is doing what, prevents users from clobbering each others' + settings or reading each others' mail, and so forth. + + Each user can set up their own environment to accommodate + their use of the system, by using alternate shells, editors, + key bindings, and language. + @@ -334,10 +326,9 @@ modifying - There are a variety of different commands available in the - &unix; environment to manipulate user accounts. The most common - commands are summarized below, followed by more detailed - examples of their usage. + &os; provides a variety of different commands to manage + user accounts. The most common commands are summarized below, + followed by more detailed examples of their usage. @@ -365,7 +356,7 @@ &man.chpass.1; - A flexible tool to change user database + A flexible tool for changing user database information. @@ -377,8 +368,8 @@ &man.pw.8; - A powerful and flexible tool to modify all aspects - of user accounts. + A powerful and flexible tool for modifying all + aspects of user accounts. @@ -399,14 +390,14 @@ class="directory">/usr/share/skel skeleton directory - &man.adduser.8; is a simple program for - adding new users. It creates entries in the system - passwd and group - files. It will also create a home directory for the new user, - copy in the default configuration files - (dotfiles) from - /usr/share/skel, and can optionally mail - the new user a welcome message. + &man.adduser.8; is a simple program for adding new users + When a new user is added, this program automatically updates + /etc/passwd and + /etc/group. It also creates a home + directory for the new user, copies in the default + configuration files from /usr/share/skel, and can + optionally mail the new user a welcome message. Adding a User on &os; @@ -444,9 +435,9 @@ Goodbye! - The password you type in is not echoed, nor are - asterisks displayed. Make sure that you do not mistype the - password. + Since the password is not echoed when typed, be careful + to not mistype the password when creating the user + account. @@ -459,14 +450,14 @@ Goodbye! removing - You can use &man.rmuser.8; to completely remove a user - from the system. &man.rmuser.8; performs the following + To completely remove a user from the system use + &man.rmuser.8;. This command performs the following steps: - Removes the user's &man.crontab.1; entry (if - any). + Removes the user's &man.crontab.1; entry if one + exists. @@ -484,19 +475,20 @@ Goodbye! - Removes the user's home directory (if it is owned by - the user). + Removes the user's home directory, if it is owned by + the user. Removes the incoming mail files belonging to the user - from /var/mail. + from /var/mail. Removes all files owned by the user from temporary - file storage areas such as - /tmp. + file storage areas such as /tmp. @@ -505,7 +497,7 @@ Goodbye! If a group becomes empty and the group name is the - same as the username, the group is removed; this + same as the username, the group is removed. This complements the per-user unique groups created by &man.adduser.8;. @@ -513,11 +505,11 @@ Goodbye! &man.rmuser.8; cannot be used to remove superuser - accounts, since that is almost always an indication of massive + accounts since that is almost always an indication of massive destruction. - By default, an interactive mode is used, which attempts to - make sure you know what you are doing. + By default, an interactive mode is used, as shown + in the following example. <command>rmuser</command> Interactive Account @@ -542,24 +534,21 @@ Removing files belonging to jru from /va <title><command>chpass</command> chpass - &man.chpass.1; changes user database + &man.chpass.1; can be used to change user database information such as passwords, shells, and personal information. - Only system administrators, as the superuser, may change - other users' information and passwords with - &man.chpass.1;. + Only the superuser can change other users' information and + passwords with &man.chpass.1;. When passed no options, aside from an optional username, - &man.chpass.1; displays an editor - containing user information. When the user exists from the - editor, the user database is updated with the new - information. + &man.chpass.1; displays an editor containing user information. + When the user exists from the editor, the user database is + updated with the new information. - You will be asked for your password - after exiting the editor if you are not the - superuser. + You will be asked for your password after exiting the + editor if you are not the superuser. @@ -583,8 +572,8 @@ Home Phone: Other information: - The normal user can change only a small subset of this - information, and only for themselves. + A user can change only a small subset of this + information, and only for their own user account. Interactive <command>chpass</command> by Normal @@ -600,15 +589,12 @@ Other information:</screen> </example> <note> - <para>&man.chfn.1; and &man.chsh.1; are - just links to &man.chpass.1;, as - are &man.ypchpass.1;, - &man.ypchfn.1;, and - &man.ypchsh.1;. NIS support is automatic, so - specifying the <literal>yp</literal> before the command is - not necessary. If this is confusing to you, do not worry, - NIS will be covered in <xref - linkend="network-servers"/>.</para> + <para>&man.chfn.1; and &man.chsh.1; are links to + &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and + &man.ypchsh.1;. <acronym>NIS</acronym> support is + automatic, so specifying the <literal>yp</literal> before + the command is not necessary. How to configure NIS is + covered in <link linkend="network-servers"></link>.</para> </note> </sect2> <sect2 id="users-passwd"> @@ -619,14 +605,15 @@ Other information:</screen> <primary>accounts</primary> <secondary>changing password</secondary> </indexterm> - <para>&man.passwd.1; is the usual way to - change your own password as a user, or another user's password - as the superuser.</para> + <para>&man.passwd.1; is the usual way to change your own + password as a user, or another user's password as the + superuser.</para> <note> - <para>To prevent accidental or unauthorized changes, the - original password must be entered before a new password can - be set.</para> + <para>To prevent accidental or unauthorized changes, the user + must enter their original password before a new password can + be set. This is not the case when the superuser changes a + user's password.</para> </note> <example> @@ -654,10 +641,8 @@ passwd: done</screen> </example> <note> - <para>As with &man.chpass.1;, - &man.yppasswd.1; is just a link to - &man.passwd.1;, so NIS works with either - command.</para> + <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to + &man.passwd.1;, so NIS works with either command.</para> </note> </sect2> @@ -669,11 +654,11 @@ passwd: done</screen> <para>&man.pw.8; is a command line utility to create, remove, modify, and display users and groups. It functions as a front - end to the system user and group files. &man.pw.8; - has a very powerful set of command line options that make it - suitable for use in shell scripts, but new users may find it - more complicated than the other commands presented - here.</para> + end to the system user and group files. &man.pw.8; has a very + powerful set of command line options that make it suitable for + use in shell scripts, but new users may find it more + complicated than the other commands presented in this + section.</para> </sect2> @@ -687,12 +672,10 @@ passwd: done</screen> <primary>accounts</primary> <secondary>limiting</secondary> </indexterm> - <para>If you have users, the ability to limit their system use may - have come to mind. FreeBSD provides - several ways an administrator can limit the amount of system - resources an individual may use. These limits are - divided into two sections: disk quotas, and other resource - limits.</para> + <para>&os; provides several methods for an administrator to limit + the amount of system resources an individual may use. These + limits are discussed in two sections: disk quotas and other + resource limits.</para> <indexterm><primary>quotas</primary></indexterm> <indexterm> @@ -700,11 +683,9 @@ passwd: done</screen> <secondary>quotas</secondary> </indexterm> <indexterm><primary>disk quotas</primary></indexterm> - <para>Disk quotas limit disk usage to users, and - they - provide a way to quickly check that usage without - calculating it every time. Quotas are discussed in <xref - linkend="quotas"/>.</para> + <para>Disk quotas limit disk usage to users and provide a way to + quickly check that usage without calculating it every time. + Quotas are discussed in <link linkend="quotas"></link>.</para> <para>The other resource limits include ways to limit the amount of CPU, memory, and other resources a user may consume. These @@ -714,47 +695,45 @@ passwd: done</screen> <primary><filename>/etc/login.conf</filename></primary> </indexterm> <para>Login classes are defined in - <filename>/etc/login.conf</filename>. The precise semantics are - beyond the scope of this section, but are described in detail in - the &man.login.conf.5; manual page. It is sufficient to say - that each user is assigned to a login class - (<literal>default</literal> by default), and that each login + <filename>/etc/login.conf</filename> and are described in detail + in &man.login.conf.5;. Each user account is assigned to a login + class, <literal>default</literal> by default, and each login class has a set of login capabilities associated with it. A login capability is a <literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal> pair, where <replaceable>name</replaceable> is a well-known identifier and <replaceable>value</replaceable> is an arbitrary - string processed accordingly depending on the name. Setting up - login classes and capabilities is rather straight-forward and is - also described in &man.login.conf.5;.</para> + string which is processed accordingly depending on the + <replaceable>name</replaceable>. Setting up login classes and + capabilities is rather straight-forward and is also described in + &man.login.conf.5;.</para> <note> - <para>The system does not normally read the configuration in - <filename>/etc/login.conf</filename> directly, but reads the - database file <filename>/etc/login.conf.db</filename> which - provides faster lookups. To generate - <filename>/etc/login.conf.db</filename> from - <filename>/etc/login.conf</filename>, execute the following - command:</para> + <para>&os; does not normally read the configuration in + <filename>/etc/login.conf</filename> directly, but instead + reads the <filename>/etc/login.conf.db</filename> database + which provides faster lookups. Whenever + <filename>/etc/login.conf</filename> is edited, the + <filename>/etc/login.conf.db</filename> must be updated by + executing the following command:</para> <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen> </note> - <para>Resource limits are different from plain vanilla login - capabilities in two ways. First, for every limit, there is a - soft (current) and hard limit. A soft limit may be adjusted by - the user or application, but may be no higher than the hard - limit. The latter may be lowered by the user, but never raised. - Second, most resource limits apply per process to a specific - user, not the user as a whole. Note, however, that these + <para>Resource limits differ from the default login capabilities + in two ways. First, for every limit, there is a soft (current) + and hard limit. A soft limit may be adjusted by the user or + application, but may not be set higher than the hard limit. The + hard limit may be lowered by the user, but can only be raised + by the superuser. Second, most resource limits apply per + process to a specific user, not to the user as a whole. These differences are mandated by the specific handling of the limits, - not by the implementation of the login capability framework - (i.e., they are not <emphasis>really</emphasis> a special case - of login capabilities).</para> - - <para>And so, without further ado, below are the most commonly - used resource limits (the rest, along with all the other login - capabilities, may be found in &man.login.conf.5;).</para> + not by the implementation of the login capability + framework.</para> + + <para>Below are the most commonly used resource limits. The rest + of the limits, along with all the other login capabilities, can + be found in &man.login.conf.5;.</para> <variablelist> <varlistentry> @@ -766,14 +745,13 @@ passwd: done</screen> <secondary>coredumpsize</secondary> </indexterm> <para>The limit on the size of a core file generated by a - program is, for obvious reasons, subordinate to other - limits on disk usage (e.g., <literal>filesize</literal>, - or disk quotas). Nevertheless, it is often used as a - less-severe method of controlling disk space consumption: - since users do not generate core files themselves, and - often do not delete them, setting this may save them from - running out of disk space should a large program (e.g., - <application>emacs</application>) crash.</para> + program is subordinate to other limits on disk usage, such + as <literal>filesize</literal>, or disk quotas. + This limit is often used as a less-severe method of + controlling disk space consumption. Since users do not + generate core files themselves, and often do not delete + them, setting this may save them from running out of disk + space should a large program crash.</para> </listitem> </varlistentry> @@ -786,18 +764,14 @@ passwd: done</screen> <primary>limiting users</primary> <secondary>cputime</secondary> </indexterm> - <para>This is the maximum amount of CPU time a user's - process may consume. Offending processes will be killed - by the kernel.</para> + <para>The maximum amount of CPU time a user's process may + consume. Offending processes will be killed by the + kernel.</para> <note> <para>This is a limit on CPU <emphasis>time</emphasis> consumed, not percentage of the CPU as displayed in - some fields by &man.top.1; and &man.ps.1;. A limit on - the latter is, at the time of this writing, not - possible, and would be rather useless: a - compiler—probably a legitimate task—can - easily use almost 100% of a CPU for some time.</para> + some fields by &man.top.1; and &man.ps.1;.</para> </note> </listitem> </varlistentry> @@ -811,10 +785,10 @@ passwd: done</screen> <primary>limiting users</primary> <secondary>filesize</secondary> </indexterm> - <para>This is the maximum size of a file the user may - possess. Unlike <link linkend="quotas">disk - quotas</link>, this limit is enforced on individual - files, not the set of all files a user owns.</para> + <para>The maximum size of a file the user may own. Unlike + <link linkend="quotas">disk quotas</link>, this limit is + enforced on individual files, not the set of all files a + user owns.</para> </listitem> </varlistentry> @@ -827,17 +801,15 @@ passwd: done</screen> <primary>limiting users</primary> <secondary>maxproc</secondary> </indexterm> - <para>This is the maximum number of processes a user may be - running. This includes foreground and background - processes alike. For obvious reasons, this may not be - larger than the system limit specified by the - <varname>kern.maxproc</varname> &man.sysctl.8;. Also note - that setting this too small may hinder a user's - productivity: it is often useful to be logged in multiple - times or execute pipelines. Some tasks, such as - compiling a large program, also spawn multiple processes - (e.g., &man.make.1;, &man.cc.1;, and other intermediate - preprocessors).</para> + <para>The maximum number of processes a user can run. This + includes foreground and background processes. This limit + may not be larger than the system limit specified by the + <varname>kern.maxproc</varname> &man.sysctl.8;. Setting + this limit too small may hinder a user's productivity as + it is often useful to be logged in multiple times or to + execute pipelines. Some tasks, such as compiling a large + program, spawn multiple processes and other intermediate + preprocessors.</para> </listitem> </varlistentry> @@ -850,12 +822,11 @@ passwd: done</screen> <primary>limiting users</primary> <secondary>memorylocked</secondary> </indexterm> - <para>This is the maximum amount a memory a process may have - requested to be locked into main memory (e.g., see - &man.mlock.2;). Some system-critical programs, such as - &man.amd.8;, lock into main memory such that in the event - of being swapped out, they do not contribute to - a system's thrashing in time of trouble.</para> + <para>The maximum amount of memory a process may request + to be locked into main memory using &man.mlock.2;. Some + system-critical programs, such as &man.amd.8;, lock into + main memory so that in the event of being swapped out, + they do not contribute to disk thrashing.</para> </listitem> </varlistentry> @@ -865,12 +836,11 @@ passwd: done</screen> <listitem> <indexterm><primary>memoryuse</primary></indexterm> <indexterm><primary>limiting users</primary> - <secondary>memoryuse</secondary> - </indexterm> - <para>This is the maximum amount of memory a process may - consume at any given time. It includes both core memory and - swap usage. This is not a catch-all limit for restricting - memory consumption, but it is a good start.</para> + <secondary>memoryuse</secondary></indexterm> + <para>The maximum amount of memory a process may consume at + any given time. It includes both core memory and swap + usage. This is not a catch-all limit for restricting + memory consumption, but is a good start.</para> </listitem> </varlistentry> @@ -882,10 +852,10 @@ passwd: done</screen> <indexterm><primary>limiting users</primary> <secondary>openfiles</secondary> </indexterm> - <para>This is the maximum amount of files a process may have - open. In FreeBSD, files are also used to represent - sockets and IPC channels; thus, be careful not to set this - too low. The system-wide limit for this is defined by the + <para>The maximum amount of files a process may have open. + In &os;, files are used to represent sockets and IPC + channels, so be careful not to set this too low. The + system-wide limit for this is defined by the <varname>kern.maxfiles</varname> &man.sysctl.8;.</para> </listitem> </varlistentry> @@ -898,10 +868,8 @@ passwd: done</screen> <indexterm><primary>limiting users</primary> <secondary>sbsize</secondary> </indexterm> - <para>This is the limit on the amount of network memory, and - thus mbufs, a user may consume. This originated as a - response to an old DoS attack by creating a lot of - sockets, but can be generally used to limit network + <para>The limit on the amount of network memory, and + thus mbufs, a user may consume in order to limit network communications.</para> </listitem> </varlistentry> @@ -914,10 +882,10 @@ passwd: done</screen> <indexterm><primary>limiting users</primary> <secondary>stacksize</secondary> </indexterm> - <para>This is the maximum size a process' stack may grow to. - This alone is not sufficient to limit the amount of memory - a program may use; consequently, it should be used in - conjunction with other limits.</para> + <para>The maximum size of a process stack. This alone is + not sufficient to limit the amount of memory a program + may use so it should be used in conjunction with other + limits.</para> </listitem> </varlistentry> </variablelist> @@ -936,25 +904,26 @@ passwd: done</screen> <listitem> <para>Although the <filename>/etc/login.conf</filename> that comes with the system is a good source of reasonable values - for most limits, only you, the administrator, can know what - is appropriate for your system. Setting a limit too high - may open your system up to abuse, while setting it too low - may put a strain on productivity.</para> + for most limits, they may not be appropriate for every + system. Setting a limit too high may open the system up to + abuse, while setting it too low may put a strain on + productivity.</para> </listitem> <listitem> - <para>Users of the X Window System (X11) should probably be - granted more resources than other users. X11 by itself - takes a lot of resources, but it also encourages users to - run more programs simultaneously.</para> + <para>Users of <application>&xorg;</application> should + probably be granted more resources than other users. + <application>&xorg;</application> by itself takes a lot of + resources, but it also encourages users to run more programs + simultaneously.</para> </listitem> <listitem> - <para>Remember that many limits apply to individual processes, - not the user as a whole. For example, setting + <para>Many limits apply to individual processes, not the user *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***