Date: Sun, 13 Jul 2003 23:57:29 -0400 (EDT) From: Ken Smith <kensmith@cse.Buffalo.EDU> To: FreeBSD-gnats-submit@FreeBSD.org Cc: kensmith@cse.Buffalo.EDU Subject: docs/54461: Possible addition to Handbook Message-ID: <200307140357.h6E3vTWR046180@zeus.cse.buffalo.edu> Resent-Message-ID: <200307140400.h6E40RQb048258@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54461 >Category: docs >Synopsis: Possible addition to Handbook >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Jul 13 21:00:27 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Ken Smith >Release: FreeBSD 4.8-RELEASE i386 >Organization: U. Buffalo CSE Department/FreeBSD >Environment: System: FreeBSD zeus.cse.buffalo.edu 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386 >Description: Just some suggested additions to the Handbook, "Basics" and "Users" chapters. >How-To-Repeat: N/A >Fix: Apply following diff, relative to handbook directory. --- basics/chapter.sgml.orig Fri Jul 11 09:24:44 2003 +++ basics/chapter.sgml Sun Jul 13 23:54:45 2003 @@ -69,6 +69,15 @@ sharing and managing requests for hardware devices, peripherals, memory, and CPU time evenly to each user.</para> + <para>Much more information about User Accounts is in the chapter + about <link linkend="users">accounts</link>. For now you just + need to know that each person (user) who uses the computer should be + given their own username and password. The system keeps track + of the people using the computer based on this username. Since + it is often the case that several people are working on the same + project Unix also provides groups. Several users can be placed + in the same group.</para> + <para>Because the system is capable of supporting multiple users, everything the system manages has a set of permissions governing who can read, write, and execute the resource. These permissions are @@ -1687,6 +1696,20 @@ <sect1 id="binary-formats"> <title>Binary Formats</title> + <para>Typically when you type in a command to a shell the shell + will arrange for an executable file to be loaded into memory and + a new process results. Executable files can either be a binary + file (usually created by the linker as part of compiling a program) + or a shell script (text file to be interpreted by a binary file, + like &man.sh.1; or &man.perl.1;). The &man.file.1; command can + usually tell you what is inside of a file.</para> + + <para>Binary files need to have a well defined format for the system + to be able to use them properly. Part of the file will be the + executable machine code (the instructions that tell the CPU what + to do), part of it will be data space with pre-defined values, + part will be data space with no pre-defined values, etc. Through + time different binary file formats have evolved.</para> <para>To understand why FreeBSD uses the <filename>ELF</filename> format, you must first know a little about the 3 currently @@ -1824,6 +1847,14 @@ <filename>a.out</filename> will be moved out of the GENERIC kernel, and eventually removed from the kernel once the need to run legacy <filename>a.out</filename> programs is past.</para> + + <para>In addition to &man.file.1; another command that can prove + useful when working with executables is &man.ldd.1;. If + &man.file.1; says that a file is a dynamically linked executable + &man.ldd.1; can tell you what dynamically linked libraries that + executable file requires. Sometimes programs can be linked against + compatibility libraries instead of the main system libraries, or + otherwise rely on dynamic libraries you were not aware of.</para> </sect1> <sect1 id="basics-more-information"> --- users/chapter.sgml.orig Thu Oct 10 17:14:28 2002 +++ users/chapter.sgml Sun Jul 13 23:45:12 2003 @@ -248,8 +248,8 @@ for general usage if you have not already. This applies equally whether you are running a multi-user or single-user machine. Later in this chapter, we discuss how to create additional - accounts, and how to change between the normal user and - superuser.</para> + accounts, and how to <link linkend="users-becomesuper"> + change between the normal user and superuser</link>.</para> </sect1> <sect1 id="users-system"> @@ -1053,6 +1053,50 @@ <filename>/etc/group</filename>, consult the &man.group.5; manual page.</para> </sect1> + + <sect1 id="users-becomesuper"> + <title>Becoming Superuser</title> + + <para>There are several ways to do things as the superuser. The worst + way is to log in as <username>root</username>. Usually very little + needs to be done as <username>root</username> so logging off as your + normal username, logging in as <username>root</username>, doing what + you needed to do, then logging off and back on as your normal username + is quite a waste of time.</para> + + <para>A better way is to use &man.su.1; without providing a username, + which implies the <username>root</username> user. For this to work + the username that you normally log in as must be in the <groupname> + wheel</groupname> group. An example of a fairly typical software + installation would involve the sys-admin unpacking the software as + their normal user account. Then in the unpacked directory, starting + as their normal user account, doing something like.</para> + + <example> + <title>Compile and Install a Program</title> + + <screen>&prompt.user; <userinput>configure</userinput> +&prompt.user; <userinput>make</userinput> +&prompt.user; <userinput>su</userinput> +Password: +&prompt.root; <userinput>make install</userinput> +&prompt.root; <userinput>exit</userinput> +&prompt.user;</screen> + </example> + + <para>Note in this example the transition to <username>root</username> + was much less painful than logging off and back on twice, and only + what was absolutely necessary got run as <username>root</username>.</para> + + <para>Using &man.su.1; works well for single systems or small networks + with just one systems administrator. For more complex environments + (or even for these simple environments) you should take a look at + &man.sudo.8;. It is provided as the port <filename role="package"> + security/sudo</filename>. It allows for things like logging what + gets done, granting users the ability to only run certain things + as the superuser, etc.</para> + </sect1> + </chapter> <!-- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307140357.h6E3vTWR046180>