Date: Mon, 14 Oct 2013 17:45:55 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42956 - head/en_US.ISO8859-1/books/handbook/basics Message-ID: <201310141745.r9EHjt4e048642@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Mon Oct 14 17:45:55 2013 New Revision: 42956 URL: http://svnweb.freebsd.org/changeset/doc/42956 Log: White space fix only. Translators can ignore. Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Mon Oct 14 17:26:03 2013 (r42955) +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Mon Oct 14 17:45:55 2013 (r42956) @@ -85,46 +85,48 @@ <indexterm><primary>virtual consoles</primary></indexterm> <indexterm><primary>terminals</primary></indexterm> - <indexterm><primary>console</primary></indexterm> + <indexterm><primary>console</primary></indexterm> - <para>Unless &os; has been configured to automatically start a - graphical environment during startup, the system will boot - into a command line login prompt, as seen in this - example:</para> + <para>Unless &os; has been configured to automatically start a + graphical environment during startup, the system will boot + into a command line login prompt, as seen in this + example:</para> - <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0) + <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0) login:</screen> - <para>The first line contains some information about the system. - The <literal>amd64</literal> indicates that the system in this - example is running a 64-bit version of &os;. The hostname is - <hostid>pc3.example.org</hostid>, and - <devicename>ttyv0</devicename> indicates that this is the - <quote>system console</quote>. The second line is the login prompt.</para> - - <para>Since &os; is a multiuser system, it needs some way to distinguish - between different users. This is accomplished by - requiring every user to log into the - system before gaining access to the programs on the system. Every user has a - unique name <quote>username</quote> and a personal - <quote>password</quote>.</para> - - <para>To log into the system console, type the username that was configured during system - installation, as described in - <xref linkend="bsdinstall-addusers"/>, and press - <keycap>Enter</keycap>. Then enter the password associated - with the username and press <keycap>Enter</keycap>. The - password is <emphasis>not echoed</emphasis> for security - reasons.</para> - - <para>Once the correct password is input, the message of the - day (<acronym>MOTD</acronym>) will be displayed followed - by a command prompt. Depending upon the shell that was selected - when the user was created, this prompt will be a <literal>#</literal>, - <literal>$</literal>, or <literal>%</literal> character. The - prompt indicates that the user is now logged into the &os; system console and ready to try the - available commands.</para> + <para>The first line contains some information about the system. + The <literal>amd64</literal> indicates that the system in this + example is running a 64-bit version of &os;. The hostname is + <hostid>pc3.example.org</hostid>, and + <devicename>ttyv0</devicename> indicates that this is the + <quote>system console</quote>. The second line is the login + prompt.</para> + + <para>Since &os; is a multiuser system, it needs some way to + distinguish between different users. This is accomplished by + requiring every user to log into the system before gaining + access to the programs on the system. Every user has a + unique name <quote>username</quote> and a personal + <quote>password</quote>.</para> + + <para>To log into the system console, type the username that + was configured during system installation, as described in + <xref linkend="bsdinstall-addusers"/>, and press + <keycap>Enter</keycap>. Then enter the password associated + with the username and press <keycap>Enter</keycap>. The + password is <emphasis>not echoed</emphasis> for security + reasons.</para> + + <para>Once the correct password is input, the message of the + day (<acronym>MOTD</acronym>) will be displayed followed + by a command prompt. Depending upon the shell that was + selected when the user was created, this prompt will be a + <literal>#</literal>, <literal>$</literal>, or + <literal>%</literal> character. The prompt indicates that + the user is now logged into the &os; system console and ready + to try the available commands.</para> <sect2 id="consoles-virtual"> <title>Virtual Consoles</title> @@ -138,19 +140,22 @@ login:</screen> user is working on, making it difficult to concentrate on the work at hand.</para> - <para>By default, &os; is configured to provide several virtual consoles - for inputting commands. Each virtual console has its own - login prompt and shell and it is easy to switch between - virtual consoles. This essentially provides the command line - equivalent of having several windows open at the same time - in a graphical environment.</para> + <para>By default, &os; is configured to provide several virtual + consoles for inputting commands. Each virtual console has + its own login prompt and shell and it is easy to switch + between virtual consoles. This essentially provides the + command line equivalent of having several windows open at the + same time in a graphical environment.</para> - <para>The key combinations <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> + <para>The key combinations + <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> through - <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> have been reserved by &os; for - switching between virtual consoles. Use + <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> + have been reserved by &os; for switching between virtual + consoles. Use <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> - to switch to the system console (<devicename>ttyv0</devicename>), + to switch to the system console + (<devicename>ttyv0</devicename>), <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo> to access the first virtual console (<devicename>ttyv1</devicename>), @@ -159,22 +164,19 @@ login:</screen> (<devicename>ttyv2</devicename>), and so on.</para> <para>When switching from one console to the next, &os; takes - manages the screen output. The result is - an illusion of having multiple - virtual screens and keyboards that can be used + manages the screen output. The result is an illusion of + having multiple virtual screens and keyboards that can be used to type commands for &os; to run. The programs that are launched in one virtual console do not stop running when - the user switches to a - different virtual console.</para> + the user switches to a different virtual console.</para> <para>Refer to &man.syscons.4;, &man.atkbd.4;, &man.vidcontrol.1; and &man.kbdcontrol.1; for a more technical description of the &os; console and its keyboard drivers.</para> - <para>In &os;, the number of available virtual - consoles is configured in this - section of + <para>In &os;, the number of available virtual consoles is + configured in this section of <filename>/etc/ttys</filename>:</para> <programlisting># name getty type status comments @@ -191,11 +193,12 @@ ttyv7 "/usr/libexec/getty Pc" ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting> - <para>To disable a virtual console, put a comment symbol (<literal>#</literal>) - at the beginning of the line representing that virtual console. - For example, to reduce the number of available virtual consoles - from eight to four, put a <literal>#</literal> in front of - the last four lines representing virtual consoles + <para>To disable a virtual console, put a comment symbol + (<literal>#</literal>) at the beginning of the line + representing that virtual console. For example, to reduce + the number of available virtual consoles from eight to four, + put a <literal>#</literal> in front of the last four lines + representing virtual consoles <devicename>ttyv5</devicename> through <devicename>ttyv8</devicename>. <emphasis>Do not</emphasis> comment out the line for the system console @@ -204,7 +207,7 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" the graphical environment if <application>&xorg;</application> has been installed and configured as described in <xref linkend="x11"/>.</para> - + <para>For a detailed description of every column in this file and the available options for the virtual consoles, refer to &man.ttys.5;.</para> @@ -216,40 +219,38 @@ ttyv8 "/usr/X11R6/bin/xdm -nodaemon" <para>The &os; boot menu provides an option labelled as <quote>Boot Single User</quote>. If this option is selected, the system will boot into a special mode known as - <quote>single user mode</quote>. This mode is typically used to - repair a system that will not boot or to reset the + <quote>single user mode</quote>. This mode is typically used + to repair a system that will not boot or to reset the <username>root</username> password when it is not known. - While in single user mode, networking and other - virtual consoles are not available. However, full + While in single user mode, networking and other virtual + consoles are not available. However, full <username>root</username> access to the system is available, and by default, the <username>root</username> password is not needed. For these reasons, physical access to the keyboard - is needed to boot into this mode and determining who has physical - access to the keyboard is something to consider when securing - a &os; system.</para> + is needed to boot into this mode and determining who has + physical access to the keyboard is something to consider when + securing a &os; system.</para> - <para>The settings which control - single user mode are found in this section of - <filename>/etc/ttys</filename>:</para> + <para>The settings which control single user mode are found in + this section of <filename>/etc/ttys</filename>:</para> <programlisting># name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off secure</programlisting> - - <para>By default, the status is set to <literal>secure</literal>. - This assumes that who has physical access to the keyboard - is either not important or it is controlled by a physical - security policy. If this setting is changed to - <literal>insecure</literal>, the assumption is that the - environment itself is insecure because anyone can access - the keyboard. When this line is changed to - <literal>insecure</literal>, &os; will prompt for the - <username>root</username> password when a user selects to boot into single - user mode. - </para> - + + <para>By default, the status is set to + <literal>secure</literal>. This assumes that who has + physical access to the keyboard is either not important or it + is controlled by a physical security policy. If this setting + is changed to <literal>insecure</literal>, the assumption is + that the environment itself is insecure because anyone can + access the keyboard. When this line is changed to + <literal>insecure</literal>, &os; will prompt for the + <username>root</username> password when a user selects to + boot into single user mode.</para> + <note> <para><emphasis>Be careful when changing this setting to <literal>insecure</literal></emphasis>! If the @@ -331,94 +332,95 @@ console none </listitem> <listitem> - <para>How to create groups and add users as members of a group.</para> + <para>How to create groups and add users as members of a + group.</para> </listitem> </itemizedlist> - <sect2 id="users-introduction"> - <title>Account Types</title> - - <para>Since all access to the &os; system is achieved using accounts - and all processes are run by users, user and account management - is important.</para> - - <para>There are three main types of accounts: - system accounts, - user accounts, and the - superuser account.</para> - - <sect3 id="users-system"> - <title>System Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>system</secondary> - </indexterm> - - <para>System accounts are used to run services such as DNS, - mail, and web servers. The reason for this is security; if - all services ran as the superuser, they could act without - restriction.</para> - - <indexterm> - <primary>accounts</primary> - <secondary><username>daemon</username></secondary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary><username>operator</username></secondary> - </indexterm> - - <para>Examples of system accounts are - <username>daemon</username>, <username>operator</username>, - <username>bind</username>, <username>news</username>, and - <username>www</username>.</para> + <sect2 id="users-introduction"> + <title>Account Types</title> - <indexterm> - <primary>accounts</primary> - <secondary><username>nobody</username></secondary> - </indexterm> - - <para><username>nobody</username> is the generic unprivileged - system account. However, the more services that use - <username>nobody</username>, the more files and processes that - user will become associated with, and hence the more - privileged that user becomes.</para> - </sect3> - - <sect3 id="users-user"> - <title>User Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>user</secondary> - </indexterm> - - <para>User accounts are - assigned to real people and are used to log in and use the - system. Every person accessing the system should have a unique - user account. This allows the administrator to find out who - is doing what and prevents users from clobbering the - settings of other users.</para> - - <para>Each user can set up their own environment to accommodate - their use of the system, by configuring their default shell, editor, - key bindings, and language settings.</para> - <para>Every user account on a &os; system has certain information - associated with it:</para> - - <variablelist> - <varlistentry> - <term>User name</term> + <para>Since all access to the &os; system is achieved using + accounts and all processes are run by users, user and account + management is important.</para> + + <para>There are three main types of accounts: system accounts, + user accounts, and the superuser account.</para> + + <sect3 id="users-system"> + <title>System Accounts</title> + + <indexterm> + <primary>accounts</primary> + <secondary>system</secondary> + </indexterm> + + <para>System accounts are used to run services such as DNS, + mail, and web servers. The reason for this is security; if + all services ran as the superuser, they could act without + restriction.</para> + + <indexterm> + <primary>accounts</primary> + <secondary><username>daemon</username></secondary> + </indexterm> + <indexterm> + <primary>accounts</primary> + <secondary><username>operator</username></secondary> + </indexterm> + + <para>Examples of system accounts are + <username>daemon</username>, <username>operator</username>, + <username>bind</username>, <username>news</username>, and + <username>www</username>.</para> + + <indexterm> + <primary>accounts</primary> + <secondary><username>nobody</username></secondary> + </indexterm> + + <para><username>nobody</username> is the generic unprivileged + system account. However, the more services that use + <username>nobody</username>, the more files and processes + that user will become associated with, and hence the more + privileged that user becomes.</para> + </sect3> + + <sect3 id="users-user"> + <title>User Accounts</title> + + <indexterm> + <primary>accounts</primary> + <secondary>user</secondary> + </indexterm> + + <para>User accounts are assigned to real people and are used + to log in and use the system. Every person accessing the + system should have a unique user account. This allows the + administrator to find out who is doing what and prevents + users from clobbering the settings of other users.</para> + + <para>Each user can set up their own environment to + accommodate their use of the system, by configuring their + default shell, editor, key bindings, and language + settings.</para> + + <para>Every user account on a &os; system has certain + information associated with it:</para> + + <variablelist> + <varlistentry> + <term>User name</term> <listitem> <para>The user name is typed at the <prompt>login:</prompt> prompt. User names must be unique on the system as no two users can have the same user name. There are a number of - rules for creating valid user names which are documented in - &man.passwd.5;. It is recommended to use user names that consist of eight or - fewer, all lower case characters in order to maintain - backwards compatibility with applications.</para> + rules for creating valid user names which are documented + in &man.passwd.5;. It is recommended to use user names + that consist of eight or fewer, all lower case characters + in order to maintain backwards compatibility with + applications.</para> </listitem> </varlistentry> @@ -426,8 +428,9 @@ console none <term>Password</term> <listitem> - <para>Each user account should have an associated password. While the - password can be blank, this is highly discouraged.</para> + <para>Each user account should have an associated password. + While the password can be blank, this is highly + discouraged.</para> </listitem> </varlistentry> @@ -435,14 +438,13 @@ console none <term>User ID (<acronym>UID</acronym>)</term> <listitem> - <para>The User ID (<acronym>UID</acronym>) is a number - used to uniquely identify the user to the - &os; system. Commands that - allow a user name to be specified will first convert it to - the <acronym>UID</acronym>. It is recommended to use a UID of - 65535 or lower as higher UIDs may cause compatibility - issues with software that does not support integers larger - than 32-bits.</para> + <para>The User ID (<acronym>UID</acronym>) is a number used + to uniquely identify the user to the &os; system. + Commands that allow a user name to be specified will + first convert it to the <acronym>UID</acronym>. It is + recommended to use a UID of 65535 or lower as higher UIDs + may cause compatibility issues with software that does + not support integers larger than 32-bits.</para> </listitem> </varlistentry> @@ -450,14 +452,15 @@ console none <term>Group ID (<acronym>GID</acronym>)</term> <listitem> - <para>The Group ID (<acronym>GID</acronym>) is a number used to uniquely identify - the primary group that the user belongs to. Groups are a - mechanism for controlling access to resources based on a - user's <acronym>GID</acronym> rather than their + <para>The Group ID (<acronym>GID</acronym>) is a number + used to uniquely identify the primary group that the user + belongs to. Groups are a mechanism for controlling + access to resources based on a user's + <acronym>GID</acronym> rather than their <acronym>UID</acronym>. This can significantly reduce the size of some configuration files and allows users to be - members of more than one group. It is recommended to use a GID of - 65535 or lower as higher GIDs may break some + members of more than one group. It is recommended to use + a GID of 65535 or lower as higher GIDs may break some software.</para> </listitem> </varlistentry> @@ -479,9 +482,9 @@ console none <listitem> <para>By default, &os; does not force users to change their passwords periodically. Password expiration can be - enforced on a per-user basis using &man.pw.8;, forcing some or all users to - change their passwords after a certain amount of time has - elapsed.</para> + enforced on a per-user basis using &man.pw.8;, forcing + some or all users to change their passwords after a + certain amount of time has elapsed.</para> </listitem> </varlistentry> @@ -492,9 +495,10 @@ console none <para>By default, &os; does not expire accounts. When creating accounts that need a limited lifespan, such as student accounts in a school, specify the account expiry - date using &man.pw.8;. After the expiry time has elapsed, the account - cannot be used to log in to the system, although the - account's directories and files will remain.</para> + date using &man.pw.8;. After the expiry time has + elapsed, the account cannot be used to log in to the + system, although the account's directories and files will + remain.</para> </listitem> </varlistentry> @@ -504,9 +508,9 @@ console none <listitem> <para>The user name uniquely identifies the account to &os;, but does not necessarily reflect the user's real name. - Similar to a comment, this information - can contain a space, uppercase characters, and be more - than 8 characters long.</para> + Similar to a comment, this information can contain a + space, uppercase characters, and be more than 8 + characters long.</para> </listitem> </varlistentry> @@ -538,9 +542,9 @@ console none </listitem> </varlistentry> </variablelist> - </sect3> + </sect3> - <sect3 id="users-superuser"> + <sect3 id="users-superuser"> <title>The Superuser Account</title> <indexterm> @@ -558,50 +562,53 @@ console none <para>The superuser, unlike other user accounts, can operate without limits, and misuse of the superuser account may result in spectacular disasters. User - accounts are unable to destroy the operating system by mistake, so it is - recommended to login as a user account and to only become the superuser - when a command requires extra privilege.</para> + accounts are unable to destroy the operating system by + mistake, so it is recommended to login as a user account and + to only become the superuser when a command requires extra + privilege.</para> <para>Always double and triple-check any commands issued as the superuser, since an extra space or missing character can mean irreparable data loss.</para> - <para>There are several ways to become gain superuser privilege. While one - can log in as <username>root</username>, this is highly discouraged.</para> - - <para>Instead, use &man.su.1; to become the superuser. If - <literal>-</literal> is specified when running this command, the user will also inherit the root user's environment. - The user running this command must - be in the <groupname>wheel</groupname> group or else the command - will fail. The user must also know the password for the - <username>root</username> user account.</para> - - <para>In this example, the user only becomes superuser in order to run - <command>make install</command> as this step requires superuser privilege. - Once the command completes, the user types <command>exit</command> - to leave the superuser account and return to the privilege of - their user account.</para> + <para>There are several ways to become gain superuser privilege. + While one can log in as <username>root</username>, this is + highly discouraged.</para> + + <para>Instead, use &man.su.1; to become the superuser. If + <literal>-</literal> is specified when running this command, + the user will also inherit the root user's environment. The + user running this command must be in the + <groupname>wheel</groupname> group or else the command will + fail. The user must also know the password for the + <username>root</username> user account.</para> + + <para>In this example, the user only becomes superuser in order + to run <command>make install</command> as this step requires + superuser privilege. Once the command completes, the user + types <command>exit</command> to leave the superuser account + and return to the privilege of their user account.</para> - <example> - <title>Install a Program As The Superuser</title> + <example> + <title>Install a Program As The Superuser</title> - <screen>&prompt.user; <userinput>configure</userinput> + <screen>&prompt.user; <userinput>configure</userinput> &prompt.user; <userinput>make</userinput> &prompt.user; <userinput>su -</userinput> Password: &prompt.root; <userinput>make install</userinput> &prompt.root; <userinput>exit</userinput> &prompt.user;</screen> - </example> + </example> - <para>The built-in &man.su.1; framework works well for single systems or small - networks with just one system administrator. An alternative - is to install the - <filename role="package">security/sudo</filename> package or port. This software - provides activity logging and allows the administrator to configure which users - can run which commands - as the superuser.</para> - </sect3> + <para>The built-in &man.su.1; framework works well for single + systems or small networks with just one system administrator. + An alternative is to install the <filename + role="package">security/sudo</filename> package or port. + This software provides activity logging and allows the + administrator to configure which users can run which commands + as the superuser.</para> + </sect3> </sect2> <sect2 id="users-modifying"> @@ -918,7 +925,7 @@ passwd: done</screen> <title>Changing Another User's Password as the Superuser</title> - <screen>&prompt.root; <userinput>passwd jru</userinput> + <screen>&prompt.root; <userinput>passwd jru</userinput> Changing local password for jru. New password: Retype new password: @@ -1025,14 +1032,17 @@ passwd: done</screen> <term><literal>coredumpsize</literal></term> <listitem> - <para>The limit on the size of a core file<indexterm><primary>coredumpsize</primary></indexterm> generated by a - program is subordinate to other limits<indexterm><primary>limiting users</primary><secondary>coredumpsize</secondary></indexterm> on disk usage, such - as <literal>filesize</literal>, or disk quotas. - This limit is often used as a less-severe method of - controlling disk space consumption. Since users do not - generate core files themselves, and often do not delete - them, setting this may save them from running out of disk - space should a large program crash.</para> + <para>The limit on the size of a core file + <indexterm><primary>coredumpsize</primary></indexterm> + generated by a program is subordinate to other + limits <indexterm><primary>limiting users + </primary><secondary>coredumpsize</secondary></indexterm> + on disk usage, such as <literal>filesize</literal>, or + disk quotas. This limit is often used as a less-severe + method of controlling disk space consumption. Since + users do not generate core files themselves, and often do + not delete them, setting this may save them from running + out of disk space should a large program crash.</para> </listitem> </varlistentry> @@ -1040,9 +1050,12 @@ passwd: done</screen> <term><literal>cputime</literal></term> <listitem> - <para>The maximum amount of CPU<indexterm><primary>cputime</primary></indexterm><indexterm><primary>limiting users</primary><secondary>cputime</secondary></indexterm> time a user's process may - consume. Offending processes will be killed by the - kernel.</para> + <para>The maximum amount of CPU + <indexterm><primary>cputime</primary></indexterm><indexterm><primary> + limiting users + </primary><secondary>cputime</secondary></indexterm> + time a user's process may consume. Offending processes + will be killed by the kernel.</para> <note> <para>This is a limit on CPU <emphasis>time</emphasis> @@ -1056,10 +1069,13 @@ passwd: done</screen> <term><literal>filesize</literal></term> <listitem> - <para>The maximum size of a file<indexterm><primary>filesize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>filesize</secondary></indexterm> the user may own. Unlike - <link linkend="quotas">disk quotas</link>, this limit is - enforced on individual files, not the set of all files a - user owns.</para> + <para>The maximum size of a file + <indexterm><primary>filesize</primary></indexterm><indexterm><primary> + limiting users + </primary><secondary>filesize</secondary></indexterm> + the user may own. Unlike <link linkend="quotas">disk + quotas</link>, this limit is enforced on individual + files, not the set of all files a user owns.</para> </listitem> </varlistentry> @@ -1067,9 +1083,13 @@ passwd: done</screen> <term><literal>maxproc</literal></term> <listitem> - <para>The maximum number of processes<indexterm><primary>maxproc</primary></indexterm><indexterm><primary>limiting users</primary><secondary>maxproc</secondary></indexterm> a user can run. This - includes foreground and background processes. This limit - may not be larger than the system limit specified by the + <para>The maximum number of processes + <indexterm><primary>maxproc</primary></indexterm><indexterm><primary> + limiting users + </primary><secondary>maxproc</secondary></indexterm> a + user can run. This includes foreground and background + processes. This limit may not be larger than the system + limit specified by the <varname>kern.maxproc</varname> &man.sysctl.8;. Setting this limit too small may hinder a user's productivity as it is often useful to be logged in multiple times or to @@ -1083,11 +1103,15 @@ passwd: done</screen> <term><literal>memorylocked</literal></term> <listitem> - <para>The maximum amount of memory<indexterm><primary>memorylocked</primary></indexterm><indexterm><primary>limiting users</primary><secondary>memorylocked</secondary></indexterm> a process may request - to be locked into main memory using &man.mlock.2;. Some - system-critical programs, such as &man.amd.8;, lock into - main memory so that if the system begins to swap, they do - not contribute to disk thrashing.</para> + <para>The maximum amount of memory + <indexterm><primary>memorylocked</primary></indexterm><indexterm><primary> + limiting users + </primary><secondary>memorylocked</secondary></indexterm> + a process may request to be locked into main memory using + &man.mlock.2;. Some system-critical programs, such as + &man.amd.8;, lock into main memory so that if the system + begins to swap, they do not contribute to disk + thrashing.</para> </listitem> </varlistentry> @@ -1095,10 +1119,14 @@ passwd: done</screen> <term><literal>memoryuse</literal></term> <listitem> - <para>The maximum amount of memory<indexterm><primary>memoryuse</primary></indexterm><indexterm><primary>limiting users</primary><secondary>memoryuse</secondary></indexterm> a process may consume at - any given time. It includes both core memory and swap - usage. This is not a catch-all limit for restricting - memory consumption, but is a good start.</para> + <para>The maximum amount of memory + <indexterm><primary>memoryuse</primary></indexterm><indexterm><primary> + limiting + users</primary><secondary>memoryuse</secondary></indexterm> + a process may consume at any given time. It includes both + core memory and swap usage. This is not a catch-all limit + for restricting memory consumption, but is a good + start.</para> </listitem> </varlistentry> @@ -1106,7 +1134,10 @@ passwd: done</screen> <term><literal>openfiles</literal></term> <listitem> - <para>The maximum number of files a process may have open<indexterm><primary>openfiles</primary></indexterm><indexterm><primary>limiting users</primary><secondary>openfiles</secondary></indexterm>. + <para>The maximum number of files a process may have open + <indexterm><primary>openfiles</primary></indexterm><indexterm><primary> + limiting + users</primary><secondary>openfiles</secondary></indexterm>. In &os;, files are used to represent sockets and IPC channels, so be careful not to set this too low. The system-wide limit for this is defined by the @@ -1119,7 +1150,10 @@ passwd: done</screen> <listitem> <para>The limit on the amount of network memory, and - thus mbufs<indexterm><primary>sbsize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>sbsize</secondary></indexterm>, a user may consume in order to limit network + thus mbufs + <indexterm><primary>sbsize</primary></indexterm><indexterm><primary>limiting + users</primary><secondary>sbsize</secondary></indexterm>, + a user may consume in order to limit network communications.</para> </listitem> </varlistentry> @@ -1128,10 +1162,12 @@ passwd: done</screen> <term><literal>stacksize</literal></term> <listitem> - <para>The maximum size of a process stack<indexterm><primary>stacksize</primary></indexterm><indexterm><primary>limiting users</primary><secondary>stacksize</secondary></indexterm>. This alone is - not sufficient to limit the amount of memory a program - may use so it should be used in conjunction with other - limits.</para> + <para>The maximum size of a process stack + <indexterm><primary>stacksize</primary></indexterm><indexterm><primary>limiting + users</primary><secondary>stacksize</secondary></indexterm>. + This alone is not sufficient to limit the amount of memory + a program may use so it should be used in conjunction with + other limits.</para> </listitem> </varlistentry> </variablelist> @@ -1271,13 +1307,13 @@ teamtwo:*:1100:jru,db</screen> uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen> </example> - <para>In this example, <username>jru</username> is a member of the - groups <groupname>jru</groupname> and - <groupname>teamtwo</groupname>.</para> - - <para>For more information about this command and the format of - <filename>/etc/group</filename>, refer to &man.pw.8; and - &man.group.5;.</para> + <para>In this example, <username>jru</username> is a member of + the groups <groupname>jru</groupname> and + <groupname>teamtwo</groupname>.</para> + + <para>For more information about this command and the format of + <filename>/etc/group</filename>, refer to &man.pw.8; and + &man.group.5;.</para> </sect2> </sect1> @@ -1294,15 +1330,14 @@ uid=1001(jru) gid=1001(jru) groups=1001( the files used by the operating system or owned by other users.</para> - <para>This section discusses the traditional &unix; - permissions used in &os;. For finer grained file system access control, - refer to - <xref linkend="fs-acl"/>.</para> + <para>This section discusses the traditional &unix; permissions + used in &os;. For finer grained file system access control, + refer to <xref linkend="fs-acl"/>.</para> <para>In &unix;, basic permissions are assigned using three types of access: read, write, and execute. These access types are used to determine file access to the file's owner, - group, and others (everyone else). The read, write, and execute + group, and others (everyone else). The read, write, and execute permissions can be represented as the letters <literal>r</literal>, <literal>w</literal>, and <literal>x</literal>. They can also be represented as binary @@ -1315,10 +1350,10 @@ uid=1001(jru) gid=1001(jru) groups=1001( <literal>1</literal>.</para> <para>Table 4.1 summarizes the possible numeric and alphabetic - possibilities. When reading the <quote>Directory Listing</quote> - column, a <literal>-</literal> is used to represent a permission - that is set to off.</para> - + possibilities. When reading the <quote>Directory + Listing</quote> column, a <literal>-</literal> is used to + represent a permission that is set to off.</para> + <indexterm><primary>permissions</primary></indexterm> <indexterm> <primary>file permissions</primary>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310141745.r9EHjt4e048642>