Date: Thu, 7 Nov 2013 11:57:57 +0000 (UTC) From: Ryusuke SUZUKI <ryusuke@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43116 - head/ja_JP.eucJP/books/handbook/security Message-ID: <201311071157.rA7BvvsI060173@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ryusuke Date: Thu Nov 7 11:57:57 2013 New Revision: 43116 URL: http://svnweb.freebsd.org/changeset/doc/43116 Log: - Merge the following from the English version: r15267 -> r15428 head/ja_JP.eucJP/books/handbook/security/chapter.xml Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml ============================================================================== --- head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 7 11:44:29 2013 (r43115) +++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 7 11:57:57 2013 (r43116) @@ -3,9 +3,7 @@ The FreeBSD Documentation Project The FreeBSD Japanese Documentation Project - Original revision: r15267 - Waiting for: 1.123 or mac/chapter.xml - ("mac" referenced from disks). + Original revision: r15428 Translation note: "fs-acl" section added in rev.1.118 is moved to handbook/basics in rev.1.134 and moved back to this file in rev.1.150. The traslation is already done in handbook/basics, so we @@ -81,11 +79,6 @@ <para>FreeBSD で使われている SSH 実装である OpenSSH の設定および使用方法</para> </listitem> - - <listitem> - <para>拡張されたファイルシステムアクセス制御リスト - (ACL) の UFS での設定および使用方法</para> - </listitem> <!-- <listitem> <para>How to configure and load access control extension @@ -3807,70 +3800,6 @@ user@unfirewalled.myserver.com's passwor <para>&man.sshd.8; &man.sftp-server.8;</para> </sect2> </sect1> - -<!-- XXX 2006/05/01 hiroo: Do not translate this section. - See the translation note in the header for the reason. - <sect1 id="fs-acl"> - <sect1info> - <authorgroup> - <author> - <firstname>Tom</firstname> - <surname>Rhodes</surname> - <contrib>Contributed by </contrib> - </author> - </authorgroup> - </sect1info> - <indexterm> - <primary>ACL</primary> - </indexterm> - <title>File System Access Control Lists</title> - - <para>In conjunction with file system enhancements like snapshots, FreeBSD 5.0 - and later offers the security of File System Access Control Lists - (<acronym>ACLs</acronym>).</para> - - <para>Access Control Lists extend the standard UNIX - permission model in a highly compatible (POSIX.1e) way. This feature - permits an administrator to make use of and take advantage of a - more sophisticated security model.</para> - - <para>For <acronym>ACLs</acronym> to work:</para> - - <programlisting>options UFS_ACL</programlisting> - - <para>must be compiled into the kernel. If this option has - not been compiled in, a warning message will be displayed - when attempting to mount a file system sporting <acronym>ACLs</acronym>. - <acronym>ACLs</acronym> rely on extended attributes being enabled on - the file system. This is supported natively in the next generation of - the <acronym>UNIX</acronym> file system or <acronym>UFS2</acronym>.</para> - - <note><para>The use of extended attributes on <acronym>UFS1</acronym> file - systems will lead to higher administration overhead and lower overall - file system performance. <acronym>UFS2</acronym> does not have this - problem.</para></note> - - <para>To enable <acronym>ACLs</acronym> on a file system, the <option>-a</option> - option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates - process:</para> - - <screen>&prompt.root; <userinput>umount /usr</userinput> -&prompt.root; <userinput>tunefs -a enable /dev/<replaceable>diskNsNx</replaceable></userinput> -&prompt.root; <userinput>mount /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen> - - <para>This assumes that <devicename>/dev/<replaceable>diskNsNx</replaceable></devicename> is the - <filename>/usr</filename> partition.</para> - - <para><acronym>ACLs</acronym> can also be enabled by passing the - <option>-o acls</option> argument to &man.mount.8;:</para> - - <screen>&prompt.root; <userinput>mount -o acls /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen> - - <para>This flag can also be set in <filename>/etc/fstab</filename>. - It is recommended to use the former over the latter to avoid remount - issues with the root file system.</para> - </sect1> ---> <!-- <sect1 id="mac"> <sect1info> @@ -3956,7 +3885,7 @@ user@unfirewalled.myserver.com's passwor <primary>TCB</primary> </indexterm> <para>The Biba Integrity Policy (&man.mac.biba.4;) provides - for hierarchal and non-hierarchal labeling of all system + for hierarchical and non-hierarchical labeling of all system objects with integrity data, and the strict enforcement of an information flow policy to prevent corruption of high integrity subjects and data by low-integrity subjects. @@ -4048,7 +3977,7 @@ user@unfirewalled.myserver.com's passwor <para>Module name: mac_mls.ko</para> <para>Kernel option: <literal>MAC_MLS</literal></para> <para>Multi-Level Security (<acronym>MLS</acronym>) - (&man.mac.mls.4;) provides for hierarchal and non-hierarchal + (&man.mac.mls.4;) provides for hierarchical and non-hierarchical labeling of all system objects with sensitivity data, and the strict enforcement of an information flow policy to prevent the leakage of confidential data to untrusted parties. The @@ -4057,7 +3986,7 @@ user@unfirewalled.myserver.com's passwor trusted operating systems to protect data secrecy in multi-user environments. Hierarchal labels provide support for the notion of clearances and classifications in - traditional parlance; non-hierarchal labels provide support + traditional parlance; non-hierarchical labels provide support for <quote>need-to-know.</quote> As with Biba, ubiquitous labeling of objects occurs, and it must therefore be compiled into the kernel or loaded at boot. As with Biba, extensive
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311071157.rA7BvvsI060173>