diff options
authorRyusuke SUZUKI <ryusuke@FreeBSD.org>2013-11-07 11:57:57 +0000
committerRyusuke SUZUKI <ryusuke@FreeBSD.org>2013-11-07 11:57:57 +0000
commit4e968cced8f1f201429a95b1b8b27d317de2048c (patch)
parentc057dbfa2b4cbb63421a7ae36812dd9d4452391b (diff)
- Merge the following from the English version:PRE_DOCBOOK50
r15267 -> r15428 head/ja_JP.eucJP/books/handbook/security/chapter.xml
1 files changed, 4 insertions, 75 deletions
diff --git a/ja_JP.eucJP/books/handbook/security/chapter.xml b/ja_JP.eucJP/books/handbook/security/chapter.xml
index 750588a028..f4d9d93a6b 100644
--- a/ja_JP.eucJP/books/handbook/security/chapter.xml
+++ b/ja_JP.eucJP/books/handbook/security/chapter.xml
@@ -3,9 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r15267
- Waiting for: 1.123 or mac/chapter.xml
- ("mac" referenced from disks).
+ Original revision: r15428
Translation note: "fs-acl" section added in rev.1.118 is moved to
handbook/basics in rev.1.134 and moved back to this file in
rev.1.150. The traslation is already done in handbook/basics, so we
@@ -81,11 +79,6 @@
<para>FreeBSD で使われている SSH 実装である
OpenSSH の設定および使用方法</para>
- <listitem>
- <para>拡張されたファイルシステムアクセス制御リスト
- (ACL) の UFS での設定および使用方法</para>
- </listitem>
<para>How to configure and load access control extension
@@ -3807,70 +3800,6 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
<para>&man.sshd.8; &man.sftp-server.8;</para>
-<!-- XXX 2006/05/01 hiroo: Do not translate this section.
- See the translation note in the header for the reason.
- <sect1 id="fs-acl">
- <sect1info>
- <authorgroup>
- <author>
- <firstname>Tom</firstname>
- <surname>Rhodes</surname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </sect1info>
- <indexterm>
- <primary>ACL</primary>
- </indexterm>
- <title>File System Access Control Lists</title>
- <para>In conjunction with file system enhancements like snapshots, FreeBSD 5.0
- and later offers the security of File System Access Control Lists
- (<acronym>ACLs</acronym>).</para>
- <para>Access Control Lists extend the standard UNIX
- permission model in a highly compatible (POSIX.1e) way. This feature
- permits an administrator to make use of and take advantage of a
- more sophisticated security model.</para>
- <para>For <acronym>ACLs</acronym> to work:</para>
- <programlisting>options UFS_ACL</programlisting>
- <para>must be compiled into the kernel. If this option has
- not been compiled in, a warning message will be displayed
- when attempting to mount a file system sporting <acronym>ACLs</acronym>.
- <acronym>ACLs</acronym> rely on extended attributes being enabled on
- the file system. This is supported natively in the next generation of
- the <acronym>UNIX</acronym> file system or <acronym>UFS2</acronym>.</para>
- <note><para>The use of extended attributes on <acronym>UFS1</acronym> file
- systems will lead to higher administration overhead and lower overall
- file system performance. <acronym>UFS2</acronym> does not have this
- problem.</para></note>
- <para>To enable <acronym>ACLs</acronym> on a file system, the <option>-a</option>
- option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates
- process:</para>
- <screen>&prompt.root; <userinput>umount /usr</userinput>
-&prompt.root; <userinput>tunefs -a enable /dev/<replaceable>diskNsNx</replaceable></userinput>
-&prompt.root; <userinput>mount /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen>
- <para>This assumes that <devicename>/dev/<replaceable>diskNsNx</replaceable></devicename> is the
- <filename>/usr</filename> partition.</para>
- <para><acronym>ACLs</acronym> can also be enabled by passing the
- <option>-o acls</option> argument to &man.mount.8;:</para>
- <screen>&prompt.root; <userinput>mount -o acls /dev/<replaceable>diskNsNx</replaceable> /usr</userinput></screen>
- <para>This flag can also be set in <filename>/etc/fstab</filename>.
- It is recommended to use the former over the latter to avoid remount
- issues with the root file system.</para>
- </sect1>
<sect1 id="mac">
@@ -3956,7 +3885,7 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
<para>The Biba Integrity Policy (&man.mac.biba.4;) provides
- for hierarchal and non-hierarchal labeling of all system
+ for hierarchical and non-hierarchical labeling of all system
objects with integrity data, and the strict enforcement of
an information flow policy to prevent corruption of high
integrity subjects and data by low-integrity subjects.
@@ -4048,7 +3977,7 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
<para>Module name: mac_mls.ko</para>
<para>Kernel option: <literal>MAC_MLS</literal></para>
<para>Multi-Level Security (<acronym>MLS</acronym>)
- (&man.mac.mls.4;) provides for hierarchal and non-hierarchal
+ (&man.mac.mls.4;) provides for hierarchical and non-hierarchical
labeling of all system objects with sensitivity data, and the
strict enforcement of an information flow policy to prevent
the leakage of confidential data to untrusted parties. The
@@ -4057,7 +3986,7 @@ user@unfirewalled.myserver.com's password: <userinput>*******</userinput></scree
trusted operating systems to protect data secrecy in
multi-user environments. Hierarchal labels provide support
for the notion of clearances and classifications in
- traditional parlance; non-hierarchal labels provide support
+ traditional parlance; non-hierarchical labels provide support
for <quote>need-to-know.</quote> As with Biba, ubiquitous
labeling of objects occurs, and it must therefore be compiled
into the kernel or loaded at boot. As with Biba, extensive