aboutsummaryrefslogtreecommitdiff
path: root/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
diff options
context:
space:
mode:
authorGabor Kovesdan <gabor@FreeBSD.org>2012-10-01 09:53:01 +0000
committerGabor Kovesdan <gabor@FreeBSD.org>2012-10-01 09:53:01 +0000
commitb4346b9b2dfe86a97907573086dff096850dcb1d (patch)
tree9b951977cbd22dada9b868ac83b1d56791ea3859 /el_GR.ISO8859-7/books/handbook/disks/chapter.xml
parentbee5d224febbeba11356aa848006a4f5f9e24b30 (diff)
downloaddoc-b4346b9b2dfe86a97907573086dff096850dcb1d.tar.gz
doc-b4346b9b2dfe86a97907573086dff096850dcb1d.zip
- Rename .sgml files to .xml
- Reflect the rename in referencing files Approved by: doceng (implicit)
Notes
Notes: svn path=/head/; revision=39631
Diffstat (limited to 'el_GR.ISO8859-7/books/handbook/disks/chapter.xml')
-rw-r--r--el_GR.ISO8859-7/books/handbook/disks/chapter.xml4153
1 files changed, 4153 insertions, 0 deletions
diff --git a/el_GR.ISO8859-7/books/handbook/disks/chapter.xml b/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
new file mode 100644
index 0000000000..e865836ba7
--- /dev/null
+++ b/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
@@ -0,0 +1,4153 @@
+<?xml version="1.0" encoding="iso-8859-7" standalone="no"?>
+<!--
+
+ Το Εγχειρίδιο του FreeBSD: Αποθηκευτικά Μέσα
+
+ The FreeBSD Greek Documentation Project
+
+ $FreeBSD$
+
+ %SOURCE% en_US.ISO8859-1/books/handbook/disks/chapter.xml
+ %SRCID% 1.1
+
+-->
+
+<chapter id="disks">
+ <title>Αποθηκευτικά Μέσα</title>
+
+ <sect1 id="disks-synopsis">
+ <title>Σύνοψη</title>
+
+
+ <para>Το κεφάλαιο αυτό καλύπτει την χρήση των δίσκων στο &os;.
+ Περιλαμβάνει δίσκους που υποστηρίζονται από μνήμη, δίσκους συνδεδεμένους
+ απευθείας στο δίκτυο, τις τυπικές συσκευές αποθήκευσης SCSI/IDE, καθώς
+ και συσκευές που χρησιμοποιούν διεπαφή USB.</para>
+
+ <para>Αφού διαβάσετε αυτό το κεφάλαιο, θα ξέρετε:</para>
+ <itemizedlist>
+ <listitem><para>Την ορολογία που χρησιμοποιεί το &os; για να περιγράψει
+ την οργάνωση των δεδομένων στο φυσικό μέσο του δίσκου
+ (partitions - κατατμήσεις - και slices).</para>
+ </listitem>
+
+ <listitem><para>Πως να προσθέσετε νέους σκληρούς δίσκους στο
+ σύστημα σας.</para>
+ </listitem>
+ <listitem>
+ <para>Πως να ρυθμίσετε το &os; να χρησιμοποιεί συσκευές
+ αποθήκευσης USB.</para>
+ </listitem>
+ <listitem><para>Πως να ρυθμίσετε εικονικά συστήματα αρχείων, όπως
+ δίσκους που αποθηκεύονται σε μνήμη RAM.</para></listitem>
+ <listitem>
+ <para>Πως να χρησιμοποιήσετε quotas για να περιορίσετε τη χρήση
+ χώρου στο δίσκο.</para>
+ </listitem>
+ <listitem>
+ <para>Πως να κρυπτογραφήσετε δίσκους για να τους ασφαλίσετε
+ από επιθέσεις.</para>
+ </listitem>
+ <listitem>
+ <para>Πως να δημιουργήσετε και να γράψετε CD και DVD
+ στο &os;.</para>
+ </listitem>
+ <listitem>
+ <para>Τα διάφορα διαθέσιμα μέσα αποθήκευσης για αντίγραφα
+ ασφαλείας.</para>
+ </listitem>
+ <listitem>
+ <para>Πως να χρησιμοποιήσετε προγράμματα λήψης αντιγράφων
+ ασφαλείας στο &os;.</para>
+ </listitem>
+ <listitem>
+ <para>Πως να πάρετε αντίγραφα ασφαλείας σε δισκέττες.</para>
+ </listitem>
+ <listitem>
+ <para>Τι είναι οι εικόνες (snapshots) σε ένα σύστημα αρχείων και πως
+ να τις χρησιμοποιήσετε αποδοτικά.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Πριν διαβάσετε αυτό το κεφάλαιο, θα πρέπει:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Να ξέρετε πως θα ρυθμίσετε και θα εγκαταστήσετε ένα νέο πυρήνα
+ του &os; (<xref linkend="kernelconfig"/>).</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect1>
+
+ <sect1 id="disks-naming">
+ <title>Device Names</title>
+
+ <para>The following is a list of physical storage devices
+ supported in FreeBSD, and the device names associated with
+ them.</para>
+
+ <table id="disk-naming-physical-table" frame="none">
+ <title>Physical Disk Naming Conventions</title>
+
+ <tgroup cols="2">
+ <thead>
+ <row>
+ <entry>Drive type</entry>
+ <entry>Drive device name</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>IDE hard drives</entry>
+ <entry><literal>ad</literal></entry>
+ </row>
+ <row>
+ <entry>IDE CDROM drives</entry>
+ <entry><literal>acd</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI hard drives and USB Mass storage devices</entry>
+ <entry><literal>da</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI CDROM drives</entry>
+ <entry><literal>cd</literal></entry>
+ </row>
+ <row>
+ <entry>Assorted non-standard CDROM drives</entry>
+ <entry><literal>mcd</literal> for Mitsumi CD-ROM and
+ <literal>scd</literal> for Sony CD-ROM devices
+ </entry>
+ </row>
+ <row>
+ <entry>Floppy drives</entry>
+ <entry><literal>fd</literal></entry>
+ </row>
+ <row>
+ <entry>SCSI tape drives</entry>
+ <entry><literal>sa</literal></entry>
+ </row>
+ <row>
+ <entry>IDE tape drives</entry>
+ <entry><literal>ast</literal></entry>
+ </row>
+ <row>
+ <entry>Flash drives</entry>
+ <entry><literal>fla</literal> for &diskonchip; Flash device</entry>
+ </row>
+ <row>
+ <entry>RAID drives</entry>
+ <entry><literal>aacd</literal> for &adaptec; AdvancedRAID,
+ <literal>mlxd</literal> and <literal>mlyd</literal>
+ for &mylex;,
+ <literal>amrd</literal> for AMI &megaraid;,
+ <literal>idad</literal> for Compaq Smart RAID,
+ <literal>twed</literal> for &tm.3ware; RAID.</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ </sect1>
+
+ <sect1 id="disks-adding">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>O'Brien</surname>
+ <contrib>Originally contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 26 Apr 1998 -->
+ </sect1info>
+
+ <title>Adding Disks</title>
+
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>adding</secondary>
+ </indexterm>
+
+ <para>Lets say we want to add a new SCSI disk to a machine that
+ currently only has a single drive. First turn off the computer
+ and install the drive in the computer following the instructions
+ of the computer, controller, and drive manufacturer. Due to the
+ wide variations of procedures to do this, the details are beyond
+ the scope of this document.</para>
+
+ <para>Login as user <username>root</username>. After you have installed the
+ drive, inspect <filename>/var/run/dmesg.boot</filename> to ensure the new
+ disk was found. Continuing with our example, the newly added drive will
+ be <devicename>da1</devicename> and we want to mount it on
+ <filename>/1</filename> (if you are adding an IDE drive, the device name
+ will be <devicename>ad1</devicename>).</para>
+
+ <indexterm><primary>partitions</primary></indexterm>
+ <indexterm><primary>slices</primary></indexterm>
+ <indexterm>
+ <primary><command>fdisk</command></primary>
+ </indexterm>
+
+ <para>FreeBSD runs on IBM-PC compatible computers, therefore it must
+ take into account the PC BIOS partitions. These are different
+ from the traditional BSD partitions. A PC disk has up to four
+ BIOS partition entries. If the disk is going to be truly
+ dedicated to FreeBSD, you can use the
+ <emphasis>dedicated</emphasis> mode. Otherwise, FreeBSD will
+ have to live within one of the PC BIOS partitions. FreeBSD
+ calls the PC BIOS partitions <emphasis>slices</emphasis> so as
+ not to confuse them with traditional BSD partitions. You may
+ also use slices on a disk that is dedicated to FreeBSD, but used
+ in a computer that also has another operating system installed.
+ This is a good way to avoid confusing the <command>fdisk</command> utility of
+ other, non-FreeBSD operating systems.</para>
+
+ <para>In the slice case the drive will be added as
+ <filename>/dev/da1s1e</filename>. This is read as: SCSI disk,
+ unit number 1 (second SCSI disk), slice 1 (PC BIOS partition 1),
+ and <filename>e</filename> BSD partition. In the dedicated
+ case, the drive will be added simply as
+ <filename>/dev/da1e</filename>.</para>
+
+ <para>Due to the use of 32-bit integers to store the number of sectors,
+ &man.bsdlabel.8; is
+ limited to 2^32-1 sectors per disk or 2TB in most cases. The
+ &man.fdisk.8; format allows a starting sector of no more than
+ 2^32-1 and a length of no more than 2^32-1, limiting partitions to
+ 2TB and disks to 4TB in most cases. The &man.sunlabel.8; format
+ is limited to 2^32-1 sectors per partition and 8 partitions for
+ a total of 16TB. For larger disks, &man.gpt.8; partitions may be
+ used.</para>
+
+ <sect2>
+ <title>Using &man.sysinstall.8;</title>
+ <indexterm>
+ <primary><application>sysinstall</application></primary>
+ <secondary>adding disks</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>su</primary>
+ </indexterm>
+ <procedure>
+ <step>
+ <title>Navigating <application>Sysinstall</application></title>
+
+ <para>You may use <command>sysinstall</command> to
+ partition and label a new disk using its easy to use menus.
+ Either login as user <username>root</username> or use the
+ <command>su</command> command. Run
+ <command>sysinstall</command> and enter the
+ <literal>Configure</literal> menu. Within the
+ <literal>FreeBSD Configuration Menu</literal>, scroll down and
+ select the <literal>Fdisk</literal> option.</para>
+ </step>
+
+ <step>
+ <title><application>fdisk</application> Partition Editor</title>
+ <para>Once inside <application>fdisk</application>, typing <userinput>A</userinput> will
+ use the entire disk for FreeBSD. When asked if you want to
+ <quote>remain cooperative with any future possible operating
+ systems</quote>, answer <literal>YES</literal>. Write the
+ changes to the disk using <userinput>W</userinput>. Now exit the
+ FDISK editor by typing <userinput>q</userinput>. Next you will be
+ asked about the <quote>Master Boot Record</quote>. Since you are adding a
+ disk to an already running system, choose
+ <literal>None</literal>.</para>
+ </step>
+
+ <step>
+ <title>Disk Label Editor</title>
+ <indexterm><primary>BSD partitions</primary></indexterm>
+
+ <para>Next, you need to exit <application>sysinstall</application>
+ and start it again. Follow the directions above, although this
+ time choose the <literal>Label</literal> option. This will
+ enter the <literal>Disk Label Editor</literal>. This
+ is where you will create the traditional BSD partitions. A
+ disk can have up to eight partitions, labeled
+ <literal>a-h</literal>.
+ A few of the partition labels have special uses. The
+ <literal>a</literal> partition is used for the root partition
+ (<filename>/</filename>). Thus only your system disk (e.g,
+ the disk you boot from) should have an <literal>a</literal>
+ partition. The <literal>b</literal> partition is used for
+ swap partitions, and you may have many disks with swap
+ partitions. The <literal>c</literal> partition addresses the
+ entire disk in dedicated mode, or the entire FreeBSD slice in
+ slice mode. The other partitions are for general use.</para>
+
+ <para><application>sysinstall</application>'s Label editor
+ favors the <literal>e</literal>
+ partition for non-root, non-swap partitions. Within the
+ Label editor, create a single file system by typing
+ <userinput>C</userinput>. When prompted if this will be a FS
+ (file system) or swap, choose <literal>FS</literal> and type in a
+ mount point (e.g, <filename>/mnt</filename>). When adding a
+ disk in post-install mode, <application>sysinstall</application>
+ will not create entries
+ in <filename>/etc/fstab</filename> for you, so the mount point
+ you specify is not important.</para>
+
+ <para>You are now ready to write the new label to the disk and
+ create a file system on it. Do this by typing
+ <userinput>W</userinput>. Ignore any errors from
+ <application>sysinstall</application> that
+ it could not mount the new partition. Exit the Label Editor
+ and <application>sysinstall</application> completely.</para>
+ </step>
+
+ <step>
+ <title>Finish</title>
+
+ <para>The last step is to edit <filename>/etc/fstab</filename>
+ to add an entry for your new disk.</para>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2>
+ <title>Using Command Line Utilities</title>
+
+ <sect3>
+ <title>Using Slices</title>
+
+ <para>This setup will allow your disk to work correctly with
+ other operating systems that might be installed on your
+ computer and will not confuse other operating systems'
+ <command>fdisk</command> utilities. It is recommended
+ to use this method for new disk installs. Only use
+ <literal>dedicated</literal> mode if you have a good reason
+ to do so!</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
+&prompt.root; <userinput>fdisk -BI da1</userinput> #Initialize your new disk
+&prompt.root; <userinput>bsdlabel -B -w -r da1s1 auto</userinput> #Label it.
+&prompt.root; <userinput>bsdlabel -e da1s1</userinput> # Edit the bsdlabel just created and add any partitions.
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>newfs /dev/da1s1e</userinput> # Repeat this for every partition you created.
+&prompt.root; <userinput>mount /dev/da1s1e /1</userinput> # Mount the partition(s)
+&prompt.root; <userinput>vi /etc/fstab</userinput> # Add the appropriate entry/entries to your <filename>/etc/fstab</filename>.</screen>
+
+ <para>If you have an IDE disk, substitute <filename>ad</filename>
+ for <filename>da</filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Dedicated</title>
+ <indexterm><primary>OS/2</primary></indexterm>
+
+ <para>If you will not be sharing the new drive with another operating
+ system, you may use the <literal>dedicated</literal> mode. Remember
+ this mode can confuse Microsoft operating systems; however, no damage
+ will be done by them. IBM's &os2; however, will
+ <quote>appropriate</quote> any partition it finds which it does not
+ understand.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
+&prompt.root; <userinput>bsdlabel -Brw da1 auto</userinput>
+&prompt.root; <userinput>bsdlabel -e da1</userinput> # create the `e' partition
+&prompt.root; <userinput>newfs -d0 /dev/da1e</userinput>
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
+&prompt.root; <userinput>mount /1</userinput></screen>
+
+ <para>An alternate method is:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 count=2</userinput>
+&prompt.root; <userinput>bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin</userinput>
+&prompt.root; <userinput>newfs /dev/da1e</userinput>
+&prompt.root; <userinput>mkdir -p /1</userinput>
+&prompt.root; <userinput>vi /etc/fstab</userinput> # add an entry for /dev/da1e
+&prompt.root; <userinput>mount /1</userinput></screen>
+
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="raid">
+ <title>RAID</title>
+
+ <sect2 id="raid-soft">
+ <title>Software RAID</title>
+
+ <sect3 id="ccd">
+ <sect3info>
+ <authorgroup>
+ <author>
+ <firstname>Christopher</firstname>
+ <surname>Shumway</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Jim</firstname>
+ <surname>Brown</surname>
+ <contrib>Revised by </contrib>
+ </author>
+ </authorgroup>
+ </sect3info>
+
+ <title>Concatenated Disk Driver (CCD) Configuration</title>
+
+<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
+<indexterm>
+ <primary>RAID</primary><secondary>CCD</secondary>
+</indexterm>
+
+ <para>When choosing a mass storage solution the most important
+ factors to consider are speed, reliability, and cost. It is
+ rare to have all three in balance; normally a fast, reliable mass
+ storage device is expensive, and to cut back on cost either speed
+ or reliability must be sacrificed.</para>
+
+ <para>In designing the system described below, cost was chosen
+ as the most important factor, followed by speed, then reliability.
+ Data transfer speed for this system is ultimately
+ constrained by the network. And while reliability is very important,
+ the CCD drive described below serves online data that is already
+ fully backed up on CD-R's and can easily be replaced.</para>
+
+ <para>Defining your own requirements is the first step
+ in choosing a mass storage solution. If your requirements prefer
+ speed or reliability over cost, your solution will differ from
+ the system described in this section.</para>
+
+
+ <sect4 id="ccd-installhw">
+ <title>Installing the Hardware</title>
+
+ <para>In addition to the IDE system disk, three Western
+ Digital 30GB, 5400 RPM IDE disks form the core
+ of the CCD disk described below providing approximately
+ 90GB of online storage. Ideally,
+ each IDE disk would have its own IDE controller
+ and cable, but to minimize cost, additional
+ IDE controllers were not used. Instead the disks were
+ configured with jumpers so that each IDE controller has
+ one master, and one slave.</para>
+
+ <para>Upon reboot, the system BIOS was configured to
+ automatically detect the disks attached. More importantly,
+ FreeBSD detected them on reboot:</para>
+
+ <programlisting>ad0: 19574MB &lt;WDC WD205BA&gt; [39770/16/63] at ata0-master UDMA33
+ad1: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata0-slave UDMA33
+ad2: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-master UDMA33
+ad3: 29333MB &lt;WDC WD307AA&gt; [59598/16/63] at ata1-slave UDMA33</programlisting>
+
+ <note><para>If FreeBSD does not detect all the disks, ensure
+ that you have jumpered them correctly. Most IDE drives
+ also have a <quote>Cable Select</quote> jumper. This is
+ <emphasis>not</emphasis> the jumper for the master/slave
+ relationship. Consult the drive documentation for help in
+ identifying the correct jumper.</para></note>
+
+ <para>Next, consider how to attach them as part of the file
+ system. You should research both &man.vinum.8; (<xref
+ linkend="vinum-vinum"/>) and &man.ccd.4;. In this
+ particular configuration, &man.ccd.4; was chosen.</para>
+ </sect4>
+
+ <sect4 id="ccd-setup">
+ <title>Setting Up the CCD</title>
+
+ <para>The &man.ccd.4; driver allows you to take
+ several identical disks and concatenate them into one
+ logical file system. In order to use
+ &man.ccd.4;, you need a kernel with
+ &man.ccd.4; support built in.
+ Add this line to your kernel configuration file, rebuild, and
+ reinstall the kernel:</para>
+
+ <programlisting>device ccd</programlisting>
+
+ <para>The &man.ccd.4; support can also be
+ loaded as a kernel loadable module.</para>
+
+ <para>To set up &man.ccd.4;, you must first use
+ &man.bsdlabel.8; to label the disks:</para>
+
+ <programlisting>bsdlabel -r -w ad1 auto
+bsdlabel -r -w ad2 auto
+bsdlabel -r -w ad3 auto</programlisting>
+
+ <para>This creates a bsdlabel for <devicename>ad1c</devicename>, <devicename>ad2c</devicename> and <devicename>ad3c</devicename> that
+ spans the entire disk.</para>
+
+ <para>The next step is to change the disk label type. You
+ can use &man.bsdlabel.8; to edit the
+ disks:</para>
+
+ <programlisting>bsdlabel -e ad1
+bsdlabel -e ad2
+bsdlabel -e ad3</programlisting>
+
+ <para>This opens up the current disk label on each disk with
+ the editor specified by the <envar>EDITOR</envar>
+ environment variable, typically &man.vi.1;.</para>
+
+ <para>An unmodified disk label will look something like
+ this:</para>
+
+ <programlisting>8 partitions:
+# size offset fstype [fsize bsize bps/cpg]
+ c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)</programlisting>
+
+ <para>Add a new <literal>e</literal> partition for &man.ccd.4; to use. This
+ can usually be copied from the <literal>c</literal> partition,
+ but the <option>fstype</option> <emphasis>must</emphasis>
+ be <userinput>4.2BSD</userinput>. The disk label should
+ now look something like this:</para>
+
+ <programlisting>8 partitions:
+# size offset fstype [fsize bsize bps/cpg]
+ c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)
+ e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597)</programlisting>
+
+ </sect4>
+
+ <sect4 id="ccd-buildingfs">
+ <title>Building the File System</title>
+
+ <para>Now that you have all the disks labeled, you must
+ build the &man.ccd.4;. To do that,
+ use &man.ccdconfig.8;, with options similar to the following:</para>
+
+ <programlisting>ccdconfig ccd0<co id="co-ccd-dev"/> 32<co id="co-ccd-interleave"/> 0<co id="co-ccd-flags"/> /dev/ad1e<co id="co-ccd-devs"/> /dev/ad2e /dev/ad3e</programlisting>
+
+ <para>The use and meaning of each option is shown below:</para>
+
+ <calloutlist>
+ <callout arearefs="co-ccd-dev">
+ <para>The first argument is the device to configure, in this case,
+ <filename>/dev/ccd0c</filename>. The <filename>/dev/</filename>
+ portion is optional.</para>
+ </callout>
+
+ <callout arearefs="co-ccd-interleave">
+
+ <para>The interleave for the file system. The interleave
+ defines the size of a stripe in disk blocks, each normally 512 bytes.
+ So, an interleave of 32 would be 16,384 bytes.</para>
+ </callout>
+
+ <callout arearefs="co-ccd-flags">
+ <para>Flags for &man.ccdconfig.8;. If you want to enable drive
+ mirroring, you can specify a flag here. This
+ configuration does not provide mirroring for
+ &man.ccd.4;, so it is set at 0 (zero).</para>
+ </callout>
+
+ <callout arearefs="co-ccd-devs">
+ <para>The final arguments to &man.ccdconfig.8;
+ are the devices to place into the array. Use the complete pathname
+ for each device.</para>
+ </callout>
+ </calloutlist>
+
+
+ <para>After running &man.ccdconfig.8; the &man.ccd.4;
+ is configured. A file system can be installed. Refer to &man.newfs.8;
+ for options, or simply run: </para>
+
+ <programlisting>newfs /dev/ccd0c</programlisting>
+
+
+ </sect4>
+
+ <sect4 id="ccd-auto">
+ <title>Making it All Automatic</title>
+
+ <para>Generally, you will want to mount the
+ &man.ccd.4; upon each reboot. To do this, you must
+ configure it first. Write out your current configuration to
+ <filename>/etc/ccd.conf</filename> using the following command:</para>
+
+ <programlisting>ccdconfig -g &gt; /etc/ccd.conf</programlisting>
+
+ <para>During reboot, the script <command>/etc/rc</command>
+ runs <command>ccdconfig -C</command> if <filename>/etc/ccd.conf</filename>
+ exists. This automatically configures the
+ &man.ccd.4; so it can be mounted.</para>
+
+ <note><para>If you are booting into single user mode, before you can
+ &man.mount.8; the &man.ccd.4;, you
+ need to issue the following command to configure the
+ array:</para>
+
+ <programlisting>ccdconfig -C</programlisting>
+ </note>
+
+ <para>To automatically mount the &man.ccd.4;,
+ place an entry for the &man.ccd.4; in
+ <filename>/etc/fstab</filename> so it will be mounted at
+ boot time:</para>
+
+ <programlisting>/dev/ccd0c /media ufs rw 2 2</programlisting>
+ </sect4>
+ </sect3>
+
+ <sect3 id="vinum">
+ <title>The Vinum Volume Manager</title>
+
+<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
+<indexterm>
+ <primary>RAID</primary>
+ <secondary>Vinum</secondary>
+</indexterm>
+
+ <para>The Vinum Volume Manager is a block device driver which
+ implements virtual disk drives. It isolates disk hardware
+ from the block device interface and maps data in ways which
+ result in an increase in flexibility, performance and
+ reliability compared to the traditional slice view of disk
+ storage. &man.vinum.8; implements the RAID-0, RAID-1 and
+ RAID-5 models, both individually and in combination.</para>
+
+ <para>See <xref linkend="vinum-vinum"/> for more
+ information about &man.vinum.8;.</para>
+ </sect3>
+ </sect2>
+
+ <sect2 id="raid-hard">
+ <title>Hardware RAID</title>
+
+ <indexterm>
+ <primary>RAID</primary>
+ <secondary>hardware</secondary>
+ </indexterm>
+
+ <para>FreeBSD also supports a variety of hardware <acronym>RAID</acronym>
+ controllers. These devices control a <acronym>RAID</acronym> subsystem
+ without the need for FreeBSD specific software to manage the
+ array.</para>
+
+ <para>Using an on-card <acronym>BIOS</acronym>, the card controls most of the disk operations
+ itself. The following is a brief setup description using a Promise <acronym>IDE</acronym> <acronym>RAID</acronym>
+ controller. When this card is installed and the system is started up, it
+ displays a prompt requesting information. Follow the instructions
+ to enter the card's setup screen. From here, you have the ability to
+ combine all the attached drives. After doing so, the disk(s) will look like
+ a single drive to FreeBSD. Other <acronym>RAID</acronym> levels can be set up
+ accordingly.
+ </para>
+ </sect2>
+
+ <sect2>
+ <title>Rebuilding ATA RAID1 Arrays</title>
+
+ <para>FreeBSD allows you to hot-replace a failed disk in an array. This requires
+ that you catch it before you reboot.</para>
+
+ <para>You will probably see something like the following in <filename>/var/log/messages</filename> or in the &man.dmesg.8;
+ output:</para>
+
+ <programlisting>ad6 on monster1 suffered a hard error.
+ad6: READ command timeout tag=0 serv=0 - resetting
+ad6: trying fallback to PIO mode
+ata3: resetting devices .. done
+ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\
+status=59 error=40
+ar0: WARNING - mirror lost</programlisting>
+
+ <para>Using &man.atacontrol.8;, check for further information:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol list</userinput>
+ATA channel 0:
+ Master: no device present
+ Slave: acd0 &lt;HL-DT-ST CD-ROM GCR-8520B/1.00&gt; ATA/ATAPI rev 0
+
+ATA channel 1:
+ Master: no device present
+ Slave: no device present
+
+ATA channel 2:
+ Master: ad4 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+ Slave: no device present
+
+ATA channel 3:
+ Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+ Slave: no device present
+
+&prompt.root; <userinput>atacontrol status ar0</userinput>
+ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED</screen>
+
+ <procedure>
+ <step>
+ <para>You will first need to detach the ata channel with the failed
+ disk so you can safely remove it:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol detach ata3</userinput></screen>
+ </step>
+
+ <step>
+ <para>Replace the disk.</para>
+ </step>
+
+ <step>
+ <para>Reattach the ata channel:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol attach ata3</userinput>
+Master: ad6 &lt;MAXTOR 6L080J4/A93.0500&gt; ATA/ATAPI rev 5
+Slave: no device present</screen>
+ </step>
+
+ <step>
+ <para>Add the new disk to the array as a spare:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol addspare ar0 ad6</userinput></screen>
+ </step>
+
+ <step>
+ <para>Rebuild the array:</para>
+
+ <screen>&prompt.root; <userinput>atacontrol rebuild ar0</userinput></screen>
+ </step>
+
+ <step>
+ <para>It is possible to check on the progress by issuing the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>dmesg | tail -10</userinput>
+[output removed]
+ad6: removed from configuration
+ad6: deleted from ar0 disk1
+ad6: inserted into ar0 disk1 as spare
+
+&prompt.root; <userinput>atacontrol status ar0</userinput>
+ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed</screen>
+ </step>
+
+ <step>
+ <para>Wait until this operation completes.</para>
+ </step>
+ </procedure>
+ </sect2>
+ </sect1>
+
+ <sect1 id="usb-disks">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- Jul 2004 -->
+ </sect1info>
+
+ <title>USB Storage Devices</title>
+ <indexterm>
+ <primary>USB</primary>
+ <secondary>disks</secondary>
+ </indexterm>
+
+ <para>A lot of external storage solutions, nowadays, use the
+ Universal Serial Bus (USB): hard drives, USB thumbdrives, CD-R
+ burners, etc. &os; provides support for these devices.</para>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>The USB mass storage devices driver, &man.umass.4;,
+ provides the support for USB storage devices. If you use the
+ <filename>GENERIC</filename> kernel, you do not have to change
+ anything in your configuration. If you use a custom kernel,
+ be sure that the following lines are present in your kernel
+ configuration file:</para>
+
+ <programlisting>device scbus
+device da
+device pass
+device uhci
+device ohci
+device usb
+device umass</programlisting>
+
+ <para>The &man.umass.4; driver uses the SCSI subsystem to access
+ to the USB storage devices, your USB device will be seen as a
+ SCSI device by the system. Depending on the USB chipset on
+ your motherboard, you only need either <literal>device
+ uhci</literal> or <literal>device ohci</literal>, however
+ having both in the kernel configuration file is harmless. Do
+ not forget to compile and install the new kernel if you added
+ any lines.</para>
+
+ <note>
+ <para>If your USB device is a CD-R or DVD burner, the SCSI CD-ROM
+ driver, &man.cd.4;, must be added to the kernel via the
+ line:</para>
+
+ <programlisting>device cd</programlisting>
+
+ <para>Since the burner is seen as a SCSI drive, the driver
+ &man.atapicam.4; should not be used in the kernel
+ configuration.</para>
+ </note>
+
+ <para>Support for USB 2.0 controllers is provided on
+ &os;; however, you must add:</para>
+
+ <programlisting>device ehci</programlisting>
+
+ <para>to your configuration file for USB 2.0 support. Note
+ &man.uhci.4; and &man.ohci.4; drivers are still needed if you
+ want USB 1.X support.</para>
+ </sect2>
+
+ <sect2>
+ <title>Testing the Configuration</title>
+
+ <para>The configuration is ready to be tested: plug in your USB
+ device, and in the system message buffer (&man.dmesg.8;), the
+ drive should appear as something like:</para>
+
+ <screen>umass0: USB Solid state disk, rev 1.10/1.00, addr 2
+GEOM: create disk da0 dp=0xc2d74850
+da0 at umass-sim0 bus 0 target 0 lun 0
+da0: &lt;Generic Traveling Disk 1.11&gt; Removable Direct Access SCSI-2 device
+da0: 1.000MB/s transfers
+da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)</screen>
+
+ <para>Of course, the brand, the device node
+ (<devicename>da0</devicename>) and other details can differ
+ according to your configuration.</para>
+
+ <para>Since the USB device is seen as a SCSI one, the
+ <command>camcontrol</command> command can be used to list the
+ USB storage devices attached to the system:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
+&lt;Generic Traveling Disk 1.11&gt; at scbus0 target 0 lun 0 (da0,pass0)</screen>
+
+ <para>If the drive comes with a file system, you should be able
+ to mount it. The <xref linkend="disks-adding"/> will help you
+ to format and create partitions on the USB drive if
+ needed.</para>
+
+ <para>To make this device mountable as a normal user, certain
+ steps have to be taken. First, the devices that are created
+ when a USB storage device is connected need to be accessible
+ by the user. A solution is to make all users of these devices
+ a member of the <groupname>operator</groupname> group. This
+ is done with &man.pw.8;. Second, when the devices are
+ created, the <groupname>operator</groupname> group should be
+ able to read and write them. This is accomplished by adding
+ these lines to
+ <filename>/etc/devfs.rules</filename>:</para>
+
+ <programlisting>[localrules=1]
+add path 'da*' mode 0660 group operator</programlisting>
+
+ <note>
+ <para>If there already are SCSI disks in the system, it must
+ be done a bit different. E.g., if the system already
+ contains disks <devicename>da0</devicename> through
+ <devicename>da2</devicename> attached to the system, change
+ the second line as follows:</para>
+
+ <programlisting>add path 'da[3-9]*' mode 0660 group operator</programlisting>
+
+ <para>This will exclude the already existing disks from
+ belonging to the <groupname>operator</groupname>
+ group.</para>
+ </note>
+
+ <para>You also have to enable your &man.devfs.rules.5; ruleset
+ in your <filename>/etc/rc.conf</filename> file:</para>
+
+ <programlisting>devfs_system_ruleset="localrules"</programlisting>
+
+ <para>Next, the kernel has to be configured to allow regular
+ users to mount file systems. The easiest way is to add the
+ following line to
+ <filename>/etc/sysctl.conf</filename>:</para>
+
+ <programlisting>vfs.usermount=1</programlisting>
+
+ <para>Note that this only takes effect after the next reboot.
+ Alternatively, one can also use &man.sysctl.8; to set this
+ variable.</para>
+
+ <para>The final step is to create a directory where the file
+ system is to be mounted. This directory needs to be owned by
+ the user that is to mount the file system. One way to do that
+ is for <username>root</username> to create a subdirectory
+ owned by that user as
+ <filename>/mnt/<replaceable>$USER</replaceable></filename>
+ (replace <replaceable>$USER</replaceable> by the login name of
+ the actual user):</para>
+
+ <screen>&prompt.root; <userinput>mkdir /mnt/$USER</userinput>
+&prompt.root; <userinput>chown <replaceable>$USER</replaceable>:<replaceable>$USER</replaceable> /mnt/<replaceable>$USER</replaceable></userinput></screen>
+
+ <para>Suppose a USB thumbdrive is plugged in, and a device
+ <filename>/dev/da0s1</filename> appears. Since these devices
+ usually come preformatted with a FAT file system, one can
+ mount them like this:</para>
+
+ <screen>&prompt.user; <userinput>mount_msdosfs -m 644 -M 755 /dev/da0s1 /mnt/<replaceable>$USER</replaceable></userinput></screen>
+
+ <para>If you unplug the device (the disk must be unmounted
+ before), you should see, in the system message buffer,
+ something like the following:</para>
+
+ <screen>umass0: at uhub0 port 1 (addr 2) disconnected
+(da0:umass-sim0:0:0:0): lost device
+(da0:umass-sim0:0:0:0): removing device entry
+GEOM: destroy disk da0 dp=0xc2d74850
+umass0: detached</screen>
+ </sect2>
+
+ <sect2>
+ <title>Further Reading</title>
+
+ <para>Beside the <link linkend="disks-adding">Adding
+ Disks</link> and <link linkend="mount-unmount">Mounting and
+ Unmounting File Systems</link> sections, reading various
+ manual pages may be also useful: &man.umass.4;,
+ &man.camcontrol.8;, and &man.usbdevs.8;.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="creating-cds">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Mike</firstname>
+ <surname>Meyer</surname>
+ <contrib>Contributed by </contrib>
+ <!-- mwm@mired.org -->
+ </author>
+ </authorgroup>
+ <!-- Apr 2001 -->
+ </sect1info>
+
+ <title>Creating and Using Optical Media (CDs)</title>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>creating</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>CDs have a number of features that differentiate them from
+ conventional disks. Initially, they were not writable by the
+ user. They are designed so that they can be read continuously without
+ delays to move the head between tracks. They are also much easier
+ to transport between systems than similarly sized media were at the
+ time.</para>
+
+ <para>CDs do have tracks, but this refers to a section of data to
+ be read continuously and not a physical property of the disk. To
+ produce a CD on FreeBSD, you prepare the data files that are going
+ to make up the tracks on the CD, then write the tracks to the
+ CD.</para>
+
+ <indexterm><primary>ISO 9660</primary></indexterm>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>ISO 9660</secondary>
+ </indexterm>
+ <para>The ISO 9660 file system was designed to deal with these
+ differences. It unfortunately codifies file system limits that were
+ common then. Fortunately, it provides an extension mechanism that
+ allows properly written CDs to exceed those limits while still
+ working with systems that do not support those extensions.</para>
+
+ <indexterm>
+ <primary><filename role="package">sysutils/cdrtools</filename></primary>
+ </indexterm>
+ <para>The <filename role="package">sysutils/cdrtools</filename>
+ port includes &man.mkisofs.8;, a program that you can use to
+ produce a data file containing an ISO 9660 file
+ system. It has options that support various extensions, and is
+ described below.</para>
+
+ <indexterm>
+ <primary>CD burner</primary>
+ <secondary>ATAPI</secondary>
+ </indexterm>
+ <para>Which tool to use to burn the CD depends on whether your CD burner
+ is ATAPI or something else. ATAPI CD burners use the <command><link
+ linkend="burncd">burncd</link></command> program that is part of
+ the base system. SCSI and USB CD burners should use
+ <command><link linkend="cdrecord">cdrecord</link></command> from
+ the <filename role="package">sysutils/cdrtools</filename> port.
+ It is also possible to use <command><link
+ linkend="cdrecord">cdrecord</link></command> and other tools
+ for SCSI drives on ATAPI hardware with the <link
+ linkend="atapicam">ATAPI/CAM module</link>.</para>
+
+ <para>If you want CD burning software with a graphical user
+ interface, you may wish to take a look at either
+ <application>X-CD-Roast</application> or
+ <application>K3b</application>. These tools are available as
+ packages or from the <filename
+ role="package">sysutils/xcdroast</filename> and <filename
+ role="package">sysutils/k3b</filename> ports.
+ <application>X-CD-Roast</application> and
+ <application>K3b</application> require the <link
+ linkend="atapicam">ATAPI/CAM module</link> with ATAPI
+ hardware.</para>
+ </sect2>
+
+ <sect2 id="mkisofs">
+ <title>mkisofs</title>
+
+ <para>The &man.mkisofs.8; program, which is part of the
+ <filename role="package">sysutils/cdrtools</filename> port,
+ produces an ISO 9660 file system
+ that is an image of a directory tree in the &unix; file system name
+ space. The simplest usage is:</para>
+
+ <screen>&prompt.root; <userinput>mkisofs -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/tree</replaceable></userinput></screen>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>ISO 9660</secondary>
+ </indexterm>
+ <para>This command will create an <replaceable>imagefile.iso</replaceable>
+ containing an ISO 9660 file system that is a copy of the tree at
+ <replaceable>/path/to/tree</replaceable>. In the process, it will
+ map the file names to names that fit the limitations of the
+ standard ISO 9660 file system, and will exclude files that have
+ names uncharacteristic of ISO file systems.</para>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>HFS</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>Joliet</secondary>
+ </indexterm>
+ <para>A number of options are available to overcome those
+ restrictions. In particular, <option>-R</option> enables the
+ Rock Ridge extensions common to &unix; systems, <option>-J</option>
+ enables Joliet extensions used by Microsoft systems, and
+ <option>-hfs</option> can be used to create HFS file systems used
+ by &macos;.</para>
+
+ <para>For CDs that are going to be used only on FreeBSD systems,
+ <option>-U</option> can be used to disable all filename
+ restrictions. When used with <option>-R</option>, it produces a
+ file system image that is identical to the FreeBSD tree you started
+ from, though it may violate the ISO 9660 standard in a number of
+ ways.</para>
+
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>creating bootable</secondary>
+ </indexterm>
+ <para>The last option of general use is <option>-b</option>. This is
+ used to specify the location of the boot image for use in producing an
+ <quote>El Torito</quote> bootable CD. This option takes an
+ argument which is the path to a boot image from the top of the
+ tree being written to the CD. By default, &man.mkisofs.8; creates an
+ ISO image in the so-called <quote>floppy disk emulation</quote> mode,
+ and thus expects the boot image to be exactly 1200, 1440 or
+ 2880&nbsp;KB in size. Some boot loaders, like the one used by the
+ FreeBSD distribution disks, do not use emulation mode; in this case,
+ the <option>-no-emul-boot</option> option should be used. So, if
+ <filename>/tmp/myboot</filename> holds a bootable FreeBSD system
+ with the boot image in
+ <filename>/tmp/myboot/boot/cdboot</filename>, you could produce the
+ image of an ISO 9660 file system in
+ <filename>/tmp/bootable.iso</filename> like so:</para>
+
+ <screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
+
+ <para>Having done that, if you have <devicename>md</devicename>
+ configured in your kernel, you can mount the file system with:</para>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
+&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
+
+ <para>At which point you can verify that <filename>/mnt</filename>
+ and <filename>/tmp/myboot</filename> are identical.</para>
+
+ <para>There are many other options you can use with
+ &man.mkisofs.8; to fine-tune its behavior. In particular:
+ modifications to an ISO 9660 layout and the creation of Joliet
+ and HFS discs. See the &man.mkisofs.8; manual page for details.</para>
+ </sect2>
+
+ <sect2 id="burncd">
+ <title>burncd</title>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+ <para>If you have an ATAPI CD burner, you can use the
+ <command>burncd</command> command to burn an ISO image onto a
+ CD. <command>burncd</command> is part of the base system, installed
+ as <filename>/usr/sbin/burncd</filename>. Usage is very simple, as
+ it has few options:</para>
+
+ <screen>&prompt.root; <userinput>burncd -f <replaceable>cddevice</replaceable> data <replaceable>imagefile.iso</replaceable> fixate</userinput></screen>
+
+ <para>Will burn a copy of <replaceable>imagefile.iso</replaceable> on
+ <replaceable>cddevice</replaceable>. The default device is
+ <filename>/dev/acd0</filename>. See &man.burncd.8; for options to
+ set the write speed, eject the CD after burning, and write audio
+ data.</para>
+ </sect2>
+
+ <sect2 id="cdrecord">
+ <title>cdrecord</title>
+
+ <para>If you do not have an ATAPI CD burner, you will have to use
+ <command>cdrecord</command> to burn your
+ CDs. <command>cdrecord</command> is not part of the base system;
+ you must install it from either the port at <filename role="package">sysutils/cdrtools</filename>
+ or the appropriate
+ package. Changes to the base system can cause binary versions of
+ this program to fail, possibly resulting in a
+ <quote>coaster</quote>. You should therefore either upgrade the
+ port when you upgrade your system, or if you are <link
+ linkend="stable">tracking -STABLE</link>, upgrade the port when a
+ new version becomes available.</para>
+
+ <para>While <command>cdrecord</command> has many options, basic usage
+ is even simpler than <command>burncd</command>. Burning an ISO 9660
+ image is done with:</para>
+
+ <screen>&prompt.root; <userinput>cdrecord dev=<replaceable>device</replaceable> <replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The tricky part of using <command>cdrecord</command> is finding
+ the <option>dev</option> to use. To find the proper setting, use
+ the <option>-scanbus</option> flag of <command>cdrecord</command>,
+ which might produce results like this:</para>
+ <indexterm>
+ <primary>CDROMs</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+ <screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
+Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 J&ouml;rg Schilling
+Using libscg version 'schily-0.1'
+scsibus0:
+ 0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
+ 0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
+ 0,2,0 2) *
+ 0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
+ 0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
+ 0,5,0 5) *
+ 0,6,0 6) *
+ 0,7,0 7) *
+scsibus1:
+ 1,0,0 100) *
+ 1,1,0 101) *
+ 1,2,0 102) *
+ 1,3,0 103) *
+ 1,4,0 104) *
+ 1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
+ 1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
+ 1,7,0 107) *</screen>
+
+ <para>This lists the appropriate <option>dev</option> value for the
+ devices on the list. Locate your CD burner, and use the three
+ numbers separated by commas as the value for
+ <option>dev</option>. In this case, the CRW device is 1,5,0, so the
+ appropriate input would be
+ <option>dev=1,5,0</option>. There are easier
+ ways to specify this value; see &man.cdrecord.1; for
+ details. That is also the place to look for information on writing
+ audio tracks, controlling the speed, and other things.</para>
+ </sect2>
+
+ <sect2 id="duplicating-audiocds">
+ <title>Duplicating Audio CDs</title>
+
+ <para>You can duplicate an audio CD by extracting the audio data from
+ the CD to a series of files, and then writing these files to a blank
+ CD. The process is slightly different for ATAPI and SCSI
+ drives.</para>
+
+ <procedure>
+ <title>SCSI Drives</title>
+
+ <step>
+ <para>Use <command>cdda2wav</command> to extract the audio.</para>
+
+ <screen>&prompt.user; <userinput>cdda2wav -v255 -D2,0 -B -Owav</userinput></screen>
+ </step>
+
+ <step>
+ <para>Use <command>cdrecord</command> to write the
+ <filename>.wav</filename> files.</para>
+
+ <screen>&prompt.user; <userinput>cdrecord -v dev=<replaceable>2,0</replaceable> -dao -useinfo *.wav</userinput></screen>
+
+ <para>Make sure that <replaceable>2,0</replaceable> is set
+ appropriately, as described in <xref linkend="cdrecord"/>.</para>
+ </step>
+ </procedure>
+
+ <procedure>
+ <title>ATAPI Drives</title>
+
+ <step>
+ <para>The ATAPI CD driver makes each track available as
+ <filename>/dev/acd<replaceable>d</replaceable>t<replaceable>nn</replaceable></filename>,
+ where <replaceable>d</replaceable> is the drive number, and
+ <replaceable>nn</replaceable> is the track number written with two
+ decimal digits, prefixed with zero as needed.
+ So the first track on the first disk is
+ <filename>/dev/acd0t01</filename>, the second is
+ <filename>/dev/acd0t02</filename>, the third is
+ <filename>/dev/acd0t03</filename>, and so on.</para>
+
+ <para>Make sure the appropriate files exist in
+ <filename>/dev</filename>. If the entries are missing,
+ force the system to retaste the media:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/acd0 of=/dev/null count=1</userinput></screen>
+ </step>
+
+ <step>
+ <para>Extract each track using &man.dd.1;. You must also use a
+ specific block size when extracting the files.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/acd0t01 of=track1.cdr bs=2352</userinput>
+&prompt.root; <userinput>dd if=/dev/acd0t02 of=track2.cdr bs=2352</userinput>
+...
+</screen>
+ </step>
+
+ <step>
+ <para>Burn the extracted files to disk using
+ <command>burncd</command>. You must specify that these are audio
+ files, and that <command>burncd</command> should fixate the disk
+ when finished.</para>
+
+ <screen>&prompt.root; <userinput>burncd -f <replaceable>/dev/acd0</replaceable> audio track1.cdr track2.cdr <replaceable>...</replaceable> fixate</userinput></screen>
+ </step>
+ </procedure>
+ </sect2>
+
+ <sect2 id="imaging-cd">
+ <title>Duplicating Data CDs</title>
+
+ <para>You can copy a data CD to a image file that is
+ functionally equivalent to the image file created with
+ &man.mkisofs.8;, and you can use it to duplicate
+ any data CD. The example given here assumes that your CDROM
+ device is <devicename>acd0</devicename>. Substitute your
+ correct CDROM device.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
+
+ <para>Now that you have an image, you can burn it to CD as
+ described above.</para>
+ </sect2>
+
+ <sect2 id="mounting-cd">
+ <title>Using Data CDs</title>
+
+ <para>Now that you have created a standard data CDROM, you
+ probably want to mount it and read the data on it. By
+ default, &man.mount.8; assumes that a file system is of type
+ <literal>ufs</literal>. If you try something like:</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/cd0 /mnt</userinput></screen>
+
+ <para>you will get a complaint about <errorname>Incorrect super
+ block</errorname>, and no mount. The CDROM is not a
+ <literal>UFS</literal> file system, so attempts to mount it
+ as such will fail. You just need to tell &man.mount.8; that
+ the file system is of type <literal>ISO9660</literal>, and
+ everything will work. You do this by specifying the
+ <option>-t cd9660</option> option &man.mount.8;. For
+ example, if you want to mount the CDROM device,
+ <filename>/dev/cd0</filename>, under
+ <filename>/mnt</filename>, you would execute:</para>
+
+ <screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
+
+ <para>Note that your device name
+ (<filename>/dev/cd0</filename> in this example) could be
+ different, depending on the interface your CDROM uses. Also,
+ the <option>-t cd9660</option> option just executes
+ &man.mount.cd9660.8;. The above example could be shortened
+ to:</para>
+
+<screen>&prompt.root; <userinput>mount_cd9660 /dev/cd0 /mnt</userinput></screen>
+
+ <para>You can generally use data CDROMs from any vendor in this
+ way. Disks with certain ISO 9660 extensions might behave
+ oddly, however. For example, Joliet disks store all filenames
+ in two-byte Unicode characters. The FreeBSD kernel does not
+ speak Unicode, but the &os; CD9660 driver is able to convert
+ Unicode characters on the fly. If some non-English characters
+ show up as question marks you will need to specify the local
+ charset you use with the <option>-C</option> option. For more
+ information, consult the &man.mount.cd9660.8; manual
+ page.</para>
+
+ <note>
+ <para>To be able to do this character conversion with the help
+ of the <option>-C</option> option, the kernel will require
+ the <filename>cd9660_iconv.ko</filename> module to be
+ loaded. This can be done either by adding this line to
+ <filename>loader.conf</filename>:</para>
+
+ <programlisting>cd9660_iconv_load="YES"</programlisting>
+
+ <para>and then rebooting the machine, or by directly loading the
+ module with &man.kldload.8;.</para>
+ </note>
+
+ <para>Occasionally, you might get <errorname>Device not
+ configured</errorname> when trying to mount a CDROM. This
+ usually means that the CDROM drive thinks that there is no
+ disk in the tray, or that the drive is not visible on the bus.
+ It can take a couple of seconds for a CDROM drive to realize
+ that it has been fed, so be patient.</para>
+
+ <para>Sometimes, a SCSI CDROM may be missed because it did not
+ have enough time to answer the bus reset. If you have a SCSI
+ CDROM please add the following option to your kernel
+ configuration and <link linkend="kernelconfig-building">rebuild your kernel</link>.</para>
+
+ <programlisting>options SCSI_DELAY=15000</programlisting>
+
+ <para>This tells your SCSI bus to pause 15 seconds during boot,
+ to give your CDROM drive every possible chance to answer the
+ bus reset.</para>
+ </sect2>
+
+ <sect2 id="rawdata-cd">
+ <title>Burning Raw Data CDs</title>
+
+ <para>You can choose to burn a file directly to CD, without
+ creating an ISO 9660 file system. Some people do this for
+ backup purposes. This runs more quickly than burning a
+ standard CD:</para>
+
+ <screen>&prompt.root; <userinput>burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate</userinput></screen>
+
+ <para>In order to retrieve the data burned to such a CD, you
+ must read data from the raw device node:</para>
+
+ <screen>&prompt.root; <userinput>tar xzvf /dev/acd1</userinput></screen>
+
+ <para>You cannot mount this disk as you would a normal CDROM.
+ Such a CDROM cannot be read under any operating system
+ except FreeBSD. If you want to be able to mount the CD, or
+ share data with another operating system, you must use
+ &man.mkisofs.8; as described above.</para>
+ </sect2>
+
+ <sect2 id="atapicam">
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>Using the ATAPI/CAM Driver</title>
+
+ <indexterm>
+ <primary>CD burner</primary>
+ <secondary>ATAPI/CAM driver</secondary>
+ </indexterm>
+
+ <para>This driver allows ATAPI devices (CD-ROM, CD-RW, DVD
+ drives etc...) to be accessed through the SCSI subsystem, and
+ so allows the use of applications like <filename
+ role="package">sysutils/cdrdao</filename> or
+ &man.cdrecord.1;.</para>
+
+ <para>To use this driver, you will need to add the following
+ line to the <filename>/boot/loader.conf</filename>
+ file:</para>
+
+ <programlisting>atapicam_load="YES"</programlisting>
+
+ <para>then, reboot your machine.</para>
+
+ <note>
+ <para>If you prefer to statically compile the &man.atapicam.4;
+ support in your kernel, you will have to add this line to
+ your kernel configuration file:</para>
+
+ <programlisting>device atapicam</programlisting>
+
+ <para>You also need the following lines in your kernel
+ configuration file:</para>
+
+ <programlisting>device ata
+device scbus
+device cd
+device pass</programlisting>
+
+ <para>which should already be present. Then rebuild, install
+ your new kernel, and reboot your machine.</para>
+ </note>
+
+ <para>During the boot process, your burner should show up,
+ like so:</para>
+
+ <screen>acd0: CD-RW &lt;MATSHITA CD-RW/DVD-ROM UJDA740&gt; at ata1-master PIO4
+cd0 at ata1 bus 0 target 0 lun 0
+cd0: &lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; Removable CD-ROM SCSI-0 device
+cd0: 16.000MB/s transfers
+cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
+
+ <para>The drive could now be accessed via the
+ <filename>/dev/cd0</filename> device name, for example to
+ mount a CD-ROM on <filename>/mnt</filename>, just type the
+ following:</para>
+
+ <screen>&prompt.root; <userinput>mount -t cd9660 <replaceable>/dev/cd0</replaceable> /mnt</userinput></screen>
+
+ <para>As <username>root</username>, you can run the following
+ command to get the SCSI address of the burner:</para>
+
+ <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
+&lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; at scbus1 target 0 lun 0 (pass0,cd0)</screen>
+
+ <para>So <literal>1,0,0</literal> will be the SCSI address to
+ use with &man.cdrecord.1; and other SCSI application.</para>
+
+ <para>For more information about ATAPI/CAM and SCSI system,
+ refer to the &man.atapicam.4; and &man.cam.4; manual
+ pages.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="creating-dvds">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <authorgroup>
+ <author>
+ <firstname>Andy</firstname>
+ <surname>Polyakov</surname>
+ <contrib>With inputs from </contrib>
+ </author>
+ </authorgroup>
+ <!-- Feb 2004 -->
+ </sect1info>
+
+ <title>Creating and Using Optical Media (DVDs)</title>
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>burning</secondary>
+ </indexterm>
+
+ <sect2>
+ <title>Introduction</title>
+
+ <para>Compared to the CD, the DVD is the next generation of
+ optical media storage technology. The DVD can hold more data
+ than any CD and is nowadays the standard for video
+ publishing.</para>
+
+ <para>Five physical recordable formats can be defined for what
+ we will call a recordable DVD:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>DVD-R: This was the first DVD recordable format
+ available. The DVD-R standard is defined by the <ulink
+ url="http://www.dvdforum.com/forum.shtml">DVD Forum</ulink>.
+ This format is write once.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD-RW: This is the rewritable version of
+ the DVD-R standard. A DVD-RW can be rewritten about 1000
+ times.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD-RAM: This is also a rewritable format
+ supported by the DVD Forum. A DVD-RAM can be seen as a
+ removable hard drive. However, this media is not
+ compatible with most DVD-ROM drives and DVD-Video players;
+ only a few DVD writers support the DVD-RAM format. Read
+ the <xref linkend="creating-dvd-ram"/> for more information
+ on DVD-RAM use.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD+RW: This is a rewritable format defined by
+ the <ulink url="http://www.dvdrw.com/">DVD+RW
+ Alliance</ulink>. A DVD+RW can be rewritten about 1000
+ times.</para>
+ </listitem>
+
+ <listitem>
+ <para>DVD+R: This format is the write once variation
+ of the DVD+RW format.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>A single layer recordable DVD can hold up to
+ 4,700,000,000&nbsp;bytes which is actually 4.38&nbsp;GB or
+ 4485&nbsp;MB (1 kilobyte is 1024 bytes).</para>
+
+ <note>
+ <para>A distinction must be made between the physical media and
+ the application. For example, a DVD-Video is a specific
+ file layout that can be written on any recordable DVD
+ physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing
+ the type of media, you must be sure that both the burner and the
+ DVD-Video player (a standalone player or a DVD-ROM drive on
+ a computer) are compatible with the media under consideration.</para></note>
+ </sect2>
+
+ <sect2>
+ <title>Configuration</title>
+
+ <para>The program &man.growisofs.1; will be used to perform DVD
+ recording. This command is part of the
+ <application>dvd+rw-tools</application> utilities (<filename
+ role="package">sysutils/dvd+rw-tools</filename>). The
+ <application>dvd+rw-tools</application> support all DVD media
+ types.</para>
+
+ <para>These tools use the SCSI subsystem to access to the
+ devices, therefore the <link linkend="atapicam">ATAPI/CAM
+ support</link> must be added to your kernel. If your burner
+ uses the USB interface this addition is useless, and you should
+ read the <xref linkend="usb-disks"/> for more details on USB
+ devices configuration.</para>
+
+ <para>You also have to enable DMA access for ATAPI devices, this
+ can be done in adding the following line to the
+ <filename>/boot/loader.conf</filename> file:</para>
+
+ <programlisting>hw.ata.atapi_dma="1"</programlisting>
+
+ <para>Before attempting to use the
+ <application>dvd+rw-tools</application> you should consult the
+ <ulink
+ url="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">dvd+rw-tools'
+ hardware compatibility notes</ulink> for any information
+ related to your DVD burner.</para>
+
+ <note>
+ <para>If you want a graphical user interface, you should have
+ a look to <application>K3b</application> (<filename
+ role="package">sysutils/k3b</filename>) which provides a
+ user friendly interface to &man.growisofs.1; and many other
+ burning tools.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>Burning Data DVDs</title>
+
+ <para>The &man.growisofs.1; command is a frontend to <link
+ linkend="mkisofs">mkisofs</link>, it will invoke
+ &man.mkisofs.8; to create the file system layout and will
+ perform the write on the DVD. This means you do not need to
+ create an image of the data before the burning process.</para>
+
+ <para>To burn onto a DVD+R or a DVD-R the data from the <filename
+ class="directory">/path/to/data</filename> directory, use the
+ following command:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
+
+ <para>The options <option>-J -R</option> are passed to
+ &man.mkisofs.8; for the file system creation (in this case: an
+ ISO 9660 file system with Joliet and Rock Ridge extensions),
+ consult the &man.mkisofs.8; manual page for more
+ details.</para>
+
+ <para>The option <option>-Z</option> is used for the initial
+ session recording in any case: multiple sessions or not. The
+ DVD device, <replaceable>/dev/cd0</replaceable>, must be
+ changed according to your configuration. The
+ <option>-dvd-compat</option> parameter will close the disk,
+ the recording will be unappendable. In return this should provide better
+ media compatibility with DVD-ROM drives.</para>
+
+ <para>It is also possible to burn a pre-mastered image, for
+ example to burn the image
+ <replaceable>imagefile.iso</replaceable>, we will run:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The write speed should be detected and automatically set
+ according to the media and the drive being used. If you want
+ to force the write speed, use the <option>-speed=</option>
+ parameter. For more information, read the &man.growisofs.1;
+ manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Burning a DVD-Video</title>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD-Video</secondary>
+ </indexterm>
+
+ <para>A DVD-Video is a specific file layout based on ISO 9660
+ and the micro-UDF (M-UDF) specifications. The DVD-Video also
+ presents a specific data structure hierarchy, it is the reason
+ why you need a particular program such as <filename
+ role="package">multimedia/dvdauthor</filename> to author the
+ DVD.</para>
+
+ <para>If you already have an image of the DVD-Video file system,
+ just burn it in the same way as for any image, see the
+ previous section for an example. If you have made the DVD
+ authoring and the result is in, for example, the directory
+ <filename class="directory">/path/to/video</filename>, the
+ following command should be used to burn the DVD-Video:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -dvd-video <replaceable>/path/to/video</replaceable></userinput></screen>
+
+ <para>The <option>-dvd-video</option> option will be passed down to
+ &man.mkisofs.8; and will instruct it to create a DVD-Video file system
+ layout. Beside this, the <option>-dvd-video</option> option
+ implies <option>-dvd-compat</option> &man.growisofs.1;
+ option.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using a DVD+RW</title>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD+RW</secondary>
+ </indexterm>
+
+ <para>Unlike CD-RW, a virgin DVD+RW needs to be formatted before
+ first use. The &man.growisofs.1; program will take care of it
+ automatically whenever appropriate, which is the
+ <emphasis>recommended</emphasis> way. However you can use the
+ <command>dvd+rw-format</command> command to format the
+ DVD+RW:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <para>You need to perform this operation just once, keep in mind
+ that only virgin DVD+RW medias need to be formatted. Then you
+ can burn the DVD+RW in the way seen in previous
+ sections.</para>
+
+ <para>If you want to burn new data (burn a totally new file
+ system not append some data) onto a DVD+RW, you do not need to
+ blank it, you just have to write over the previous recording
+ (in performing a new initial session), like this:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/newdata</replaceable></userinput></screen>
+
+ <para>DVD+RW format offers the possibility to easily append data
+ to a previous recording. The operation consists in merging a
+ new session to the existing one, it is not multisession
+ writing, &man.growisofs.1; will <emphasis>grow</emphasis> the
+ ISO 9660 file system present on the media.</para>
+
+ <para>For example, if we want to append data to our previous
+ DVD+RW, we have to use the following:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
+
+ <para>The same &man.mkisofs.8; options we used to burn the
+ initial session should be used during next writes.</para>
+
+ <note>
+ <para>You may want to use the <option>-dvd-compat</option>
+ option if you want better media compatibility with DVD-ROM
+ drives. In the DVD+RW case, this will not prevent you from
+ adding data.</para>
+ </note>
+
+ <para>If for any reason you really want to blank the media, do
+ the following:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable>=<replaceable>/dev/zero</replaceable></userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Using a DVD-RW</title>
+
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD-RW</secondary>
+ </indexterm>
+
+ <para>A DVD-RW accepts two disc formats: the incremental
+ sequential one and the restricted overwrite. By default
+ DVD-RW discs are in sequential format.</para>
+
+ <para>A virgin DVD-RW can be directly written without the need
+ of a formatting operation, however a non-virgin DVD-RW in
+ sequential format needs to be blanked before to be able to
+ write a new initial session.</para>
+
+ <para>To blank a DVD-RW in sequential mode, run:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <note>
+ <para>A full blanking (<option>-blank=full</option>) will take
+ about one hour on a 1x media. A fast blanking can be
+ performed using the <option>-blank</option> option if the
+ DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn
+ the DVD-RW in DAO mode, use the command:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
+
+ <para>The <option>-use-the-force-luke=dao</option> option
+ should not be required since &man.growisofs.1; attempts to
+ detect minimally (fast blanked) media and engage DAO
+ write.</para>
+
+ <para>In fact one should use restricted overwrite mode with
+ any DVD-RW, this format is more flexible than the default
+ incremental sequential one.</para>
+ </note>
+
+ <para>To write data on a sequential DVD-RW, use the same
+ instructions as for the other DVD formats:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
+
+ <para>If you want to append some data to your previous
+ recording, you will have to use the &man.growisofs.1;
+ <option>-M</option> option. However, if you perform data
+ addition on a DVD-RW in incremental sequential mode, a new
+ session will be created on the disc and the result will be a
+ multi-session disc.</para>
+
+ <para>A DVD-RW in restricted overwrite format does not need to
+ be blanked before a new initial session, you just have to
+ overwrite the disc with the <option>-Z</option> option, this
+ is similar to the DVD+RW case. It is also possible to grow an
+ existing ISO 9660 file system written on the disc in a same
+ way as for a DVD+RW with the <option>-M</option> option. The
+ result will be a one-session DVD.</para>
+
+ <para>To put a DVD-RW in the restricted overwrite format, the
+ following command must be used:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
+
+ <para>To change back to the sequential format use:</para>
+
+ <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Multisession</title>
+
+ <para>Very few DVD-ROM drives support
+ multisession DVDs, they will most of time, hopefully, only read
+ the first session. DVD+R, DVD-R and DVD-RW in sequential
+ format can accept multiple sessions, the notion of multiple
+ sessions does not exist for the DVD+RW and the DVD-RW
+ restricted overwrite formats.</para>
+
+ <para>Using the following command after an initial (non-closed)
+ session on a DVD+R, DVD-R, or DVD-RW in sequential format,
+ will add a new session to the disc:</para>
+
+ <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
+
+ <para>Using this command line with a DVD+RW or a DVD-RW in restricted
+ overwrite mode, will append data in merging the new session to
+ the existing one. The result will be a single-session disc.
+ This is the way used to add data after an initial write on these
+ medias.</para>
+
+ <note>
+ <para>Some space on the media is used between each session for
+ end and start of sessions. Therefore, one should add
+ sessions with large amount of data to optimize media space.
+ The number of sessions is limited to 154 for a DVD+R,
+ about 2000 for a DVD-R, and 127 for a DVD+R Double
+ Layer.</para>
+ </note>
+ </sect2>
+
+ <sect2>
+ <title>For More Information</title>
+
+ <para>To obtain more information about a DVD, the
+ <command>dvd+rw-mediainfo
+ <replaceable>/dev/cd0</replaceable></command> command can be
+ ran with the disc in the drive.</para>
+
+ <para>More information about the
+ <application>dvd+rw-tools</application> can be found in
+ the &man.growisofs.1; manual page, on the <ulink
+ url="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
+ web site</ulink> and in the <ulink
+ url="http://lists.debian.org/cdwrite/">cdwrite mailing
+ list</ulink> archives.</para>
+
+ <note>
+ <para>The <command>dvd+rw-mediainfo</command> output of the
+ resulting recording or the media with issues is mandatory
+ for any problem report. Without this output, it will be
+ quite impossible to help you.</para>
+ </note>
+ </sect2>
+
+ <sect2 id="creating-dvd-ram">
+ <title>Using a DVD-RAM</title>
+ <indexterm>
+ <primary>DVD</primary>
+ <secondary>DVD-RAM</secondary>
+ </indexterm>
+
+ <sect3>
+ <title>Configuration</title>
+
+ <para>DVD-RAM writers come with either SCSI or ATAPI
+ interface. DMA access for ATAPI devices has to be enabled,
+ this can be done by adding the following line to the
+ <filename>/boot/loader.conf</filename> file:</para>
+
+ <programlisting>hw.ata.atapi_dma="1"</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Preparing the Medium</title>
+
+ <para>As previously mentioned in the chapter introduction, a
+ DVD-RAM can be seen as a removable hard drive. As any other
+ hard drive the DVD-RAM must be <quote>prepared</quote>
+ before the first use. In the example, the whole
+ disk space will be used with a standard UFS2 file system:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>/dev/acd0</replaceable> count=2</userinput>
+&prompt.root; <userinput>bsdlabel -Bw <replaceable>acd0</replaceable></userinput>
+&prompt.root; <userinput>newfs <replaceable>/dev/acd0</replaceable></userinput></screen>
+
+ <para>The DVD device, <devicename>acd0</devicename>, must be
+ changed according to the configuration.</para>
+ </sect3>
+
+ <sect3>
+ <title>Using the Medium</title>
+
+ <para>Once the previous operations have been performed on the
+ DVD-RAM, it can be mounted as a normal hard drive:</para>
+
+ <screen>&prompt.root; <userinput>mount <replaceable>/dev/acd0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>
+
+ <para>After this the DVD-RAM will be both readable and writeable.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+ <sect1 id="floppies">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Julio</firstname>
+ <surname>Merino</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 24 Dec 2001 -->
+ <authorgroup>
+ <author>
+ <firstname>Martin</firstname>
+ <surname>Karlsson</surname>
+ <contrib>Rewritten by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 27 Apr 2003 -->
+ </sect1info>
+
+ <title>Creating and Using Floppy Disks</title>
+
+ <para>Storing data on floppy disks is sometimes useful, for
+ example when one does not have any other removable storage media
+ or when one needs to transfer small amounts of data to another
+ computer.</para>
+
+ <para>This section will explain how to use floppy disks in
+ FreeBSD. It will primarily cover formatting and usage of
+ 3.5inch DOS floppies, but the concepts are similar for other
+ floppy disk formats.</para>
+
+ <sect2>
+ <title>Formatting Floppies</title>
+
+ <sect3>
+ <title>The Device</title>
+
+ <para>Floppy disks are accessed through entries in
+ <filename>/dev</filename>, just like other devices. To
+ access the raw floppy disk, simply use
+ <filename>/dev/fd<replaceable>N</replaceable></filename>.</para>
+ </sect3>
+
+ <sect3>
+ <title>Formatting</title>
+
+ <para>A floppy disk needs to be low-level formated before it
+ can be used. This is usually done by the vendor, but
+ formatting is a good way to check media integrity. Although
+ it is possible to force larger (or smaller) disk sizes,
+ 1440kB is what most floppy disks are designed for.</para>
+
+ <para>To low-level format the floppy disk you need to use
+ &man.fdformat.1;. This utility expects the device name as an
+ argument.</para>
+
+ <para>Make note of any error messages, as these can help
+ determine if the disk is good or bad.</para>
+
+ <sect4>
+ <title>Formatting Floppy Disks</title>
+
+ <para>Use the
+ <filename>/dev/fd<replaceable>N</replaceable></filename>
+ devices to format the floppy. Insert a new 3.5inch floppy
+ disk in your drive and issue:</para>
+
+ <screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
+
+ </sect4>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>The Disk Label</title>
+
+ <para>After low-level formatting the disk, you will need to
+ place a disk label on it. This disk label will be destroyed
+ later, but it is needed by the system to determine the size of
+ the disk and its geometry later.</para>
+
+ <para>The new disk label will take over the whole disk, and will
+ contain all the proper information about the geometry of the
+ floppy. The geometry values for the disk label are listed in
+ <filename>/etc/disktab</filename>.</para>
+
+ <para>You can run now &man.bsdlabel.8; like so:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/bsdlabel -B -r -w /dev/fd0 fd1440</userinput></screen>
+
+ </sect2>
+
+ <sect2>
+ <title>The File System</title>
+
+ <para>Now the floppy is ready to be high-level formated. This
+ will place a new file system on it, which will let FreeBSD read
+ and write to the disk. After creating the new file system, the
+ disk label is destroyed, so if you want to reformat the disk, you
+ will have to recreate the disk label.</para>
+
+ <para>The floppy's file system can be either UFS or FAT.
+ FAT is generally a better choice for floppies.</para>
+
+ <para>To put a new file system on the floppy, issue:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
+
+ <para>The disk is now ready for use.</para>
+ </sect2>
+
+
+ <sect2>
+ <title>Using the Floppy</title>
+
+ <para>To use the floppy, mount it with &man.mount.msdosfs.8;. One can also use
+ <filename role="package">emulators/mtools</filename> from the ports
+ collection.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="backups-tapebackups">
+ <title>Creating and Using Data Tapes</title>
+
+ <indexterm><primary>tape media</primary></indexterm>
+ <para>The major tape media are the 4mm, 8mm, QIC, mini-cartridge and
+ DLT.</para>
+
+ <sect2 id="backups-tapebackups-4mm">
+ <title>4mm (DDS: Digital Data Storage)</title>
+
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>DDS (4mm) tapes</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>QIC tapes</secondary>
+ </indexterm>
+ <para>4mm tapes are replacing QIC as the workstation backup media of
+ choice. This trend accelerated greatly when Conner purchased Archive,
+ a leading manufacturer of QIC drives, and then stopped production of
+ QIC drives. 4mm drives are small and quiet but do not have the
+ reputation for reliability that is enjoyed by 8mm drives. The
+ cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51
+ x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short
+ head life for the same reason, both use helical scan.</para>
+
+ <para>Data throughput on these drives starts ~150&nbsp;kB/s, peaking at ~500&nbsp;kB/s.
+ Data capacity starts at 1.3&nbsp;GB and ends at 2.0&nbsp;GB. Hardware
+ compression, available with most of these drives, approximately
+ doubles the capacity. Multi-drive tape library units can have 6
+ drives in a single cabinet with automatic tape changing. Library
+ capacities reach 240&nbsp;GB.</para>
+
+ <para>The DDS-3 standard now supports tape capacities up to 12&nbsp;GB (or
+ 24&nbsp;GB compressed).</para>
+
+ <para>4mm drives, like 8mm drives, use helical-scan. All the benefits
+ and drawbacks of helical-scan apply to both 4mm and 8mm drives.</para>
+
+ <para>Tapes should be retired from use after 2,000 passes or 100 full
+ backups.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-8mm">
+ <title>8mm (Exabyte)</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>Exabyte (8mm) tapes</secondary>
+ </indexterm>
+
+ <para>8mm tapes are the most common SCSI tape drives; they are the best
+ choice of exchanging tapes. Nearly every site has an Exabyte 2&nbsp;GB 8mm
+ tape drive. 8mm drives are reliable, convenient and quiet. Cartridges
+ are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm).
+ One downside of 8mm tape is relatively short head and tape life due to
+ the high rate of relative motion of the tape across the heads.</para>
+
+ <para>Data throughput ranges from ~250&nbsp;kB/s to ~500&nbsp;kB/s. Data sizes start
+ at 300&nbsp;MB and go up to 7&nbsp;GB. Hardware compression, available with
+ most of these drives, approximately doubles the capacity. These
+ drives are available as single units or multi-drive tape libraries
+ with 6 drives and 120 tapes in a single cabinet. Tapes are changed
+ automatically by the unit. Library capacities reach 840+&nbsp;GB.</para>
+
+ <para>The Exabyte <quote>Mammoth</quote> model supports 12&nbsp;GB on one tape
+ (24&nbsp;GB with compression) and costs approximately twice as much as
+ conventional tape drives.</para>
+
+ <para>Data is recorded onto the tape using helical-scan, the heads are
+ positioned at an angle to the media (approximately 6 degrees). The
+ tape wraps around 270 degrees of the spool that holds the heads. The
+ spool spins while the tape slides over the spool. The result is a
+ high density of data and closely packed tracks that angle across the
+ tape from one edge to the other.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-qic">
+ <title>QIC</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>QIC-150</secondary>
+ </indexterm>
+
+ <para>QIC-150 tapes and drives are, perhaps, the most common tape drive
+ and media around. QIC tape drives are the least expensive <quote>serious</quote>
+ backup drives. The downside is the cost of media. QIC tapes are
+ expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB
+ data storage. But, if your needs can be satisfied with a half-dozen
+ tapes, QIC may be the correct choice. QIC is the
+ <emphasis>most</emphasis> common tape drive. Every site has a QIC
+ drive of some density or another. Therein lies the rub, QIC has a
+ large number of densities on physically similar (sometimes identical)
+ tapes. QIC drives are not quiet. These drives audibly seek before
+ they begin to record data and are clearly audible whenever reading,
+ writing or seeking. QIC tapes measure 6&nbsp;x 4&nbsp;x 0.7 inches
+ (152&nbsp;x 102&nbsp;x 17 mm).</para>
+
+ <para>Data throughput ranges from ~150&nbsp;kB/s to ~500&nbsp;kB/s. Data capacity
+ ranges from 40&nbsp;MB to 15&nbsp;GB. Hardware compression is available on many
+ of the newer QIC drives. QIC drives are less frequently installed;
+ they are being supplanted by DAT drives.</para>
+
+ <para>Data is recorded onto the tape in tracks. The tracks run along
+ the long axis of the tape media from one end to the other. The number
+ of tracks, and therefore the width of a track, varies with the tape's
+ capacity. Most if not all newer drives provide backward-compatibility
+ at least for reading (but often also for writing). QIC has a good
+ reputation regarding the safety of the data (the mechanics are simpler
+ and more robust than for helical scan drives).</para>
+
+ <para>Tapes should be retired from use after 5,000 backups.</para>
+ </sect2>
+
+ <sect2 id="backups-tapebackups-dlt">
+ <title>DLT</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>DLT</secondary>
+ </indexterm>
+
+ <para>DLT has the fastest data transfer rate of all the drive types
+ listed here. The 1/2" (12.5mm) tape is contained in a single spool
+ cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a
+ swinging gate along one entire side of the cartridge. The drive
+ mechanism opens this gate to extract the tape leader. The tape leader
+ has an oval hole in it which the drive uses to <quote>hook</quote> the tape. The
+ take-up spool is located inside the tape drive. All the other tape
+ cartridges listed here (9 track tapes are the only exception) have
+ both the supply and take-up spools located inside the tape cartridge
+ itself.</para>
+
+ <para>Data throughput is approximately 1.5&nbsp;MB/s, three times the throughput of
+ 4mm, 8mm, or QIC tape drives. Data capacities range from 10&nbsp;GB to 20&nbsp;GB
+ for a single drive. Drives are available in both multi-tape changers
+ and multi-tape, multi-drive tape libraries containing from 5 to 900
+ tapes over 1 to 20 drives, providing from 50&nbsp;GB to 9&nbsp;TB of
+ storage.</para>
+
+ <para>With compression, DLT Type IV format supports up to 70&nbsp;GB
+ capacity.</para>
+
+ <para>Data is recorded onto the tape in tracks parallel to the direction
+ of travel (just like QIC tapes). Two tracks are written at once.
+ Read/write head lifetimes are relatively long; once the tape stops
+ moving, there is no relative motion between the heads and the
+ tape.</para>
+ </sect2>
+
+ <sect2>
+ <title id="backups-tapebackups-ait">AIT</title>
+ <indexterm>
+ <primary>tape media</primary>
+ <secondary>AIT</secondary>
+ </indexterm>
+
+ <para>AIT is a new format from Sony, and can hold up to 50&nbsp;GB (with
+ compression) per tape. The tapes contain memory chips which retain an
+ index of the tape's contents. This index can be rapidly read by the
+ tape drive to determine the position of files on the tape, instead of
+ the several minutes that would be required for other tapes. Software
+ such as <application>SAMS:Alexandria</application> can operate forty or more AIT tape libraries,
+ communicating directly with the tape's memory chip to display the
+ contents on screen, determine what files were backed up to which
+ tape, locate the correct tape, load it, and restore the data from the
+ tape.</para>
+
+ <para>Libraries like this cost in the region of $20,000, pricing them a
+ little out of the hobbyist market.</para>
+ </sect2>
+
+ <sect2>
+ <title>Using a New Tape for the First Time</title>
+
+ <para>The first time that you try to read or write a new, completely
+ blank tape, the operation will fail. The console messages should be
+ similar to:</para>
+
+ <screen>sa0(ncr1:4:0): NOT READY asc:4,1
+sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
+
+ <para>The tape does not contain an Identifier Block (block number 0).
+ All QIC tape drives since the adoption of QIC-525 standard write an
+ Identifier Block to the tape. There are two solutions:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><command>mt fsf 1</command> causes the tape drive to write an
+ Identifier Block to the tape.</para>
+ </listitem>
+
+ <listitem>
+ <para>Use the front panel button to eject the tape.</para>
+
+ <para>Re-insert the tape and <command>dump</command> data to
+ the tape.</para>
+
+ <para><command>dump</command> will report <errorname>DUMP: End of tape
+ detected</errorname> and the console will show: <errorname>HARDWARE
+ FAILURE info:280 asc:80,96</errorname>.</para>
+
+ <para>rewind the tape using: <command>mt rewind</command>.</para>
+
+ <para>Subsequent tape operations are successful.</para>
+ </listitem>
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="backups-floppybackups">
+ <title>Backups to Floppies</title>
+
+ <sect2 id="floppies-using">
+ <title>Can I Use Floppies for Backing Up My Data?</title>
+ <indexterm><primary>backup floppies</primary></indexterm>
+ <indexterm><primary>floppy disks</primary></indexterm>
+
+ <para>Floppy disks are not really a suitable media for
+ making backups as:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The media is unreliable, especially over long periods of
+ time.</para>
+ </listitem>
+
+ <listitem>
+ <para>Backing up and restoring is very slow.</para>
+ </listitem>
+
+ <listitem>
+ <para>They have a very limited capacity (the days of backing up
+ an entire hard disk onto a dozen or so floppies has long since
+ passed).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>However, if you have no other method of backing up your data then
+ floppy disks are better than no backup at all.</para>
+
+ <para>If you do have to use floppy disks then ensure that you use good
+ quality ones. Floppies that have been lying around the office for a
+ couple of years are a bad choice. Ideally use new ones from a
+ reputable manufacturer.</para>
+ </sect2>
+
+ <sect2 id="floppies-creating">
+ <title>So How Do I Backup My Data to Floppies?</title>
+
+ <para>The best way to backup to floppy disk is to use
+ &man.tar.1; with the <option>-M</option> (multi
+ volume) option, which allows backups to span multiple
+ floppies.</para>
+
+ <para>To backup all the files in the current directory and sub-directory
+ use this (as <username>root</username>):</para>
+
+ <screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>
+
+ <para>When the first floppy is full &man.tar.1; will prompt you to
+ insert the next volume (because &man.tar.1; is media independent it
+ refers to volumes; in this context it means floppy disk).</para>
+
+ <screen>Prepare volume #2 for /dev/fd0 and hit return:</screen>
+
+ <para>This is repeated (with the volume number incrementing) until all
+ the specified files have been archived.</para>
+ </sect2>
+
+ <sect2 id="floppies-compress">
+ <title>Can I Compress My Backups?</title>
+ <indexterm>
+ <primary><command>tar</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>gzip</command></primary>
+ </indexterm>
+ <indexterm><primary>compression</primary></indexterm>
+
+ <para>Unfortunately, &man.tar.1; will not allow the
+ <option>-z</option> option to be used for multi-volume archives.
+ You could, of course, &man.gzip.1; all the files,
+ &man.tar.1; them to the floppies, then
+ &man.gunzip.1; the files again!</para>
+ </sect2>
+
+ <sect2 id="floppies-restoring">
+ <title>How Do I Restore My Backups?</title>
+
+ <para>To restore the entire archive use:</para>
+
+ <screen>&prompt.root; <userinput>tar Mxvf /dev/fd0</userinput></screen>
+
+ <para>There are two ways that you can use to restore only
+ specific files. First, you can start with the first floppy
+ and use:</para>
+
+ <screen>&prompt.root; <userinput>tar Mxvf /dev/fd0 <replaceable>filename</replaceable></userinput></screen>
+
+ <para>The utility &man.tar.1; will prompt you to insert subsequent floppies until it
+ finds the required file.</para>
+
+ <para>Alternatively, if you know which floppy the file is on then you
+ can simply insert that floppy and use the same command as above. Note
+ that if the first file on the floppy is a continuation from the
+ previous one then &man.tar.1; will warn you that it cannot
+ restore it, even if you have not asked it to!</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="backup-strategies">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Lowell</firstname>
+ <surname>Gilbert</surname>
+ <contrib>Original work by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 3 Dec 2005 -->
+ </sect1info>
+
+ <title>Backup Strategies</title>
+
+ <para>The first requirement in devising a backup plan is to make sure that
+ all of the following problems are covered:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Disk failure</para>
+ </listitem>
+ <listitem>
+ <para>Accidental file deletion</para>
+ </listitem>
+ <listitem>
+ <para>Random file corruption</para>
+ </listitem>
+ <listitem>
+ <para>Complete machine destruction (e.g. fire), including destruction
+ of any on-site backups.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>It is perfectly possible that some systems will be best served by
+ having each of these problems covered by a completely different
+ technique. Except for strictly personal systems with very low-value
+ data, it is unlikely that one technique would cover all of them.</para>
+
+ <para>Some of the techniques in the toolbox are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Archives of the whole system, backed up onto permanent media
+ offsite. This actually provides protection against all of the
+ possible problems listed above, but is slow and inconvenient to
+ restore from. You can keep copies of the backups onsite and/or
+ online, but there will still be inconveniences in restoring files,
+ especially for non-privileged users.</para>
+ </listitem>
+
+ <listitem>
+ <para>Filesystem snapshots. This is really only helpful in the
+ accidental file deletion scenario, but it can be
+ <emphasis>very</emphasis> helpful in that case, and is quick and
+ easy to deal with.</para>
+ </listitem>
+
+ <listitem>
+ <para>Copies of whole filesystems and/or disks (e.g. periodic &man.rsync.1; of
+ the whole machine). This is generally most useful in networks with
+ unique requirements. For general protection against disk failure,
+ it is usually inferior to <acronym>RAID</acronym>. For restoring
+ accidentally deleted files, it can be comparable to
+ <acronym>UFS</acronym> snapshots, but that depends on your
+ preferences.</para>
+ </listitem>
+
+ <listitem>
+ <para><acronym>RAID</acronym>. Minimizes or avoids downtime when a
+ disk fails. At the expense of having to deal with disk failures
+ more often (because you have more disks), albeit at a much lower
+ urgency.</para>
+ </listitem>
+
+ <listitem>
+ <para>Checking fingerprints of files. The &man.mtree.8; utility is
+ very useful for this. Although it is not a backup technique, it
+ helps guarantee that you will notice when you need to resort to your
+ backups. This is particularly important for offline backups, and
+ should be checked periodically.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>It is quite easy to come up with even more techniques, many of them
+ variations on the ones listed above. Specialized requirements will
+ usually lead to specialized techniques (for example, backing up a live
+ database usually requires a method particular to the database software
+ as an intermediate step). The important thing is to know what dangers
+ you want to protect against, and how you will handle each.</para>
+ </sect1>
+
+ <sect1 id="backup-basics">
+ <title>Backup Basics</title>
+
+ <para>The three major backup programs are
+ &man.dump.8;,
+ &man.tar.1;,
+ and
+ &man.cpio.1;.</para>
+
+ <sect2>
+ <title>Dump and Restore</title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary>dump / restore</secondary>
+ </indexterm>
+ <indexterm><primary><command>dump</command></primary></indexterm>
+ <indexterm><primary><command>restore</command></primary></indexterm>
+
+ <para>The traditional &unix; backup programs are
+ <command>dump</command> and <command>restore</command>. They
+ operate on the drive as a collection of disk blocks, below the
+ abstractions of files, links and directories that are created by
+ the file systems. <command>dump</command> backs up an entire
+ file system on a device. It is unable to backup only part of a
+ file system or a directory tree that spans more than one
+ file system. <command>dump</command> does not write files and
+ directories to tape, but rather writes the raw data blocks that
+ comprise files and directories.</para>
+
+ <note><para>If you use <command>dump</command> on your root directory, you
+ would not back up <filename>/home</filename>,
+ <filename>/usr</filename> or many other directories since
+ these are typically mount points for other file systems or
+ symbolic links into those file systems.</para></note>
+
+ <para><command>dump</command> has quirks that remain from its early days in
+ Version 6 of AT&amp;T UNIX (circa 1975). The default
+ parameters are suitable for 9-track tapes (6250 bpi), not the
+ high-density media available today (up to 62,182 ftpi). These
+ defaults must be overridden on the command line to utilize the
+ capacity of current tape drives.</para>
+
+ <indexterm><primary><filename>.rhosts</filename></primary></indexterm>
+ <para>It is also possible to backup data across the network to a
+ tape drive attached to another computer with <command>rdump</command> and
+ <command>rrestore</command>. Both programs rely upon &man.rcmd.3; and
+ &man.ruserok.3; to access the remote tape drive. Therefore,
+ the user performing the backup must be listed in the
+ <filename>.rhosts</filename> file on the remote computer. The
+ arguments to <command>rdump</command> and <command>rrestore</command> must be suitable
+ to use on the remote computer. When
+ <command>rdump</command>ing from a FreeBSD computer to an
+ Exabyte tape drive connected to a Sun called
+ <hostid>komodo</hostid>, use:</para>
+
+ <screen>&prompt.root; <userinput>/sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&amp;1</userinput></screen>
+
+ <para>Beware: there are security implications to
+ allowing <filename>.rhosts</filename> authentication. Evaluate your
+ situation carefully.</para>
+
+ <para>It is also possible to use <command>dump</command> and
+ <command>restore</command> in a more secure fashion over
+ <command>ssh</command>.</para>
+
+ <example>
+ <title>Using <command>dump</command> over <application>ssh</application></title>
+
+ <screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
+ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
+
+ </example>
+
+ <para>Or using <command>dump</command>'s built-in method,
+ setting the environment variable <envar>RSH</envar>:</para>
+
+ <example>
+ <title>Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set</title>
+
+ <screen>&prompt.root; <userinput>RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
+
+ </example>
+
+ </sect2>
+
+ <sect2>
+ <title><command>tar</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>tar</command></secondary>
+ </indexterm>
+
+ <para>&man.tar.1; also dates back to Version 6 of AT&amp;T UNIX
+ (circa 1975). <command>tar</command> operates in cooperation
+ with the file system; it writes files and
+ directories to tape. <command>tar</command> does not support the
+ full range of options that are available from &man.cpio.1;, but
+ it does not require the unusual command
+ pipeline that <command>cpio</command> uses.</para>
+
+ <indexterm><primary><command>tar</command></primary></indexterm>
+
+ <para>On FreeBSD 5.3 and later, both GNU <command>tar</command>
+ and the default <command>bsdtar</command> are available. The
+ GNU version can be invoked with <command>gtar</command>. It
+ supports remote devices using the same syntax as
+ <command>rdump</command>. To <command>tar</command> to an
+ Exabyte tape drive connected to a Sun called
+ <hostid>komodo</hostid>, use:</para>
+
+ <screen>&prompt.root; <userinput>/usr/bin/gtar cf komodo:/dev/nsa8 . 2>&amp;1</userinput></screen>
+
+ <para>The same could be accomplished with
+ <command>bsdtar</command> by using a pipeline and
+ <command>rsh</command> to send the data to a remote tape
+ drive.</para>
+
+ <screen>&prompt.root; <userinput>tar cf - . | rsh <replaceable>hostname</replaceable> dd of=<replaceable>tape-device</replaceable> obs=20b</userinput></screen>
+
+ <para>If you are worried about the security of backing up over a
+ network you should use the <command>ssh</command> command
+ instead of <command>rsh</command>.</para>
+ </sect2>
+
+ <sect2>
+ <title><command>cpio</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>cpio</command></secondary>
+ </indexterm>
+
+ <para>&man.cpio.1; is the original &unix; file interchange tape
+ program for magnetic media. <command>cpio</command> has options
+ (among many others) to perform byte-swapping, write a number of
+ different archive formats, and pipe the data to other programs.
+ This last feature makes <command>cpio</command> an excellent
+ choice for installation media. <command>cpio</command> does not
+ know how to walk the directory tree and a list of files must be
+ provided through <filename>stdin</filename>.</para>
+ <indexterm><primary><command>cpio</command></primary></indexterm>
+
+ <para><command>cpio</command> does not support backups across
+ the network. You can use a pipeline and <command>rsh</command>
+ to send the data to a remote tape drive.</para>
+
+ <screen>&prompt.root; <userinput>for f in <replaceable>directory_list; do</replaceable></userinput>
+<userinput>find $f &gt;&gt; backup.list</userinput>
+<userinput>done</userinput>
+&prompt.root; <userinput>cpio -v -o --format=newc &lt; backup.list | ssh <replaceable>user</replaceable>@<replaceable>host</replaceable> "cat &gt; <replaceable>backup_device</replaceable>"</userinput></screen>
+
+ <para>Where <replaceable>directory_list</replaceable> is the list of
+ directories you want to back up,
+ <replaceable>user</replaceable>@<replaceable>host</replaceable> is the
+ user/hostname combination that will be performing the backups, and
+ <replaceable>backup_device</replaceable> is where the backups should
+ be written to (e.g., <filename>/dev/nsa0</filename>).</para>
+ </sect2>
+
+ <sect2>
+ <title><command>pax</command></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><command>pax</command></secondary>
+ </indexterm>
+ <indexterm><primary><command>pax</command></primary></indexterm>
+ <indexterm><primary>POSIX</primary></indexterm>
+ <indexterm><primary>IEEE</primary></indexterm>
+
+ <para>&man.pax.1; is IEEE/&posix;'s answer to
+ <command>tar</command> and <command>cpio</command>. Over the
+ years the various versions of <command>tar</command> and
+ <command>cpio</command> have gotten slightly incompatible. So
+ rather than fight it out to fully standardize them, &posix;
+ created a new archive utility. <command>pax</command> attempts
+ to read and write many of the various <command>cpio</command>
+ and <command>tar</command> formats, plus new formats of its own.
+ Its command set more resembles <command>cpio</command> than
+ <command>tar</command>.</para>
+ </sect2>
+
+ <sect2 id="backups-programs-amanda">
+ <title><application>Amanda</application></title>
+ <indexterm>
+ <primary>backup software</primary>
+ <secondary><application>Amanda</application></secondary>
+ </indexterm>
+ <indexterm><primary><application>Amanda</application></primary></indexterm>
+
+ <!-- Remove link until <port> tag is available -->
+ <para><application>Amanda</application> (Advanced Maryland
+ Network Disk Archiver) is a client/server backup system,
+ rather than a single program. An <application>Amanda</application> server will backup to
+ a single tape drive any number of computers that have <application>Amanda</application>
+ clients and a network connection to the <application>Amanda</application> server. A
+ common problem at sites with a number of large disks is
+ that the length of time required to backup to data directly to tape
+ exceeds the amount of time available for the task. <application>Amanda</application>
+ solves this problem. <application>Amanda</application> can use a <quote>holding disk</quote> to
+ backup several file systems at the same time. <application>Amanda</application> creates
+ <quote>archive sets</quote>: a group of tapes used over a period of time to
+ create full backups of all the file systems listed in <application>Amanda</application>'s
+ configuration file. The <quote>archive set</quote> also contains nightly
+ incremental (or differential) backups of all the file systems.
+ Restoring a damaged file system requires the most recent full
+ backup and the incremental backups.</para>
+
+ <para>The configuration file provides fine control of backups and the
+ network traffic that <application>Amanda</application> generates. <application>Amanda</application> will use any of the
+ above backup programs to write the data to tape. <application>Amanda</application> is available
+ as either a port or a package, it is not installed by default.</para>
+ </sect2>
+
+ <sect2>
+ <title>Do Nothing</title>
+
+ <para><quote>Do nothing</quote> is not a computer program, but it is the
+ most widely used backup strategy. There are no initial costs. There
+ is no backup schedule to follow. Just say no. If something happens
+ to your data, grin and bear it!</para>
+
+ <para>If your time and your data is worth little to nothing, then
+ <quote>Do nothing</quote> is the most suitable backup program for your
+ computer. But beware, &unix; is a useful tool, you may find that within
+ six months you have a collection of files that are valuable to
+ you.</para>
+
+ <para><quote>Do nothing</quote> is the correct backup method for
+ <filename>/usr/obj</filename> and other directory trees that can be
+ exactly recreated by your computer. An example is the files that
+ comprise the HTML or &postscript; version of this Handbook.
+ These document formats have been created from SGML input
+ files. Creating backups of the HTML or &postscript; files is
+ not necessary. The SGML files are backed up regularly.</para>
+ </sect2>
+
+ <sect2>
+ <title>Which Backup Program Is Best?</title>
+ <indexterm>
+ <primary>LISA</primary>
+ </indexterm>
+
+ <para>&man.dump.8; <emphasis>Period.</emphasis> Elizabeth D. Zwicky
+ torture tested all the backup programs discussed here. The clear
+ choice for preserving all your data and all the peculiarities of &unix;
+ file systems is <command>dump</command>. Elizabeth created file systems containing
+ a large variety of unusual conditions (and some not so unusual ones)
+ and tested each program by doing a backup and restore of those
+ file systems. The peculiarities included: files with holes, files with
+ holes and a block of nulls, files with funny characters in their
+ names, unreadable and unwritable files, devices, files that change
+ size during the backup, files that are created/deleted during the
+ backup and more. She presented the results at LISA V in Oct. 1991.
+ See <ulink
+ url="http://berdmann.dyndns.org/zwicky/testdump.doc.html">torture-testing
+ Backup and Archive Programs</ulink>.</para>
+ </sect2>
+
+ <sect2>
+ <title>Emergency Restore Procedure</title>
+
+ <sect3>
+ <title>Before the Disaster</title>
+
+ <para>There are only four steps that you need to perform in
+ preparation for any disaster that may occur.</para>
+ <indexterm>
+ <primary><command>bsdlabel</command></primary>
+ </indexterm>
+
+ <para>First, print the bsdlabel from each of your disks
+ (e.g. <command>bsdlabel da0 | lpr</command>), your file system table
+ (<filename>/etc/fstab</filename>) and all boot messages,
+ two copies of
+ each.</para>
+
+ <indexterm><primary>fix-it floppies</primary></indexterm>
+ <para>Second, determine that the boot and fix-it floppies
+ (<filename>boot.flp</filename> and <filename>fixit.flp</filename>)
+ have all your devices. The easiest way to check is to reboot your
+ machine with the boot floppy in the floppy drive and check the boot
+ messages. If all your devices are listed and functional, skip on to
+ step three.</para>
+
+ <para>Otherwise, you have to create two custom bootable
+ floppies which have a kernel that can mount all of your disks
+ and access your tape drive. These floppies must contain:
+ <command>fdisk</command>, <command>bsdlabel</command>,
+ <command>newfs</command>, <command>mount</command>, and
+ whichever backup program you use. These programs must be
+ statically linked. If you use <command>dump</command>, the
+ floppy must contain <command>restore</command>.</para>
+
+ <para>Third, create backup tapes regularly. Any changes that you make
+ after your last backup may be irretrievably lost. Write-protect the
+ backup tapes.</para>
+
+ <para>Fourth, test the floppies (either <filename>boot.flp</filename>
+ and <filename>fixit.flp</filename> or the two custom bootable
+ floppies you made in step two.) and backup tapes. Make notes of the
+ procedure. Store these notes with the bootable floppy, the
+ printouts and the backup tapes. You will be so distraught when
+ restoring that the notes may prevent you from destroying your backup
+ tapes (How? In place of <command>tar xvf /dev/sa0</command>, you
+ might accidentally type <command>tar cvf /dev/sa0</command> and
+ over-write your backup tape).</para>
+
+ <para>For an added measure of security, make bootable floppies and two
+ backup tapes each time. Store one of each at a remote location. A
+ remote location is NOT the basement of the same office building. A
+ number of firms in the World Trade Center learned this lesson the
+ hard way. A remote location should be physically separated from
+ your computers and disk drives by a significant distance.</para>
+
+ <example>
+ <title>A Script for Creating a Bootable Floppy</title>
+
+ <programlisting><![ CDATA [#!/bin/sh
+#
+# create a restore floppy
+#
+# format the floppy
+#
+PATH=/bin:/sbin:/usr/sbin:/usr/bin
+
+fdformat -q fd0
+if [ $? -ne 0 ]
+then
+ echo "Bad floppy, please use a new one"
+ exit 1
+fi
+
+# place boot blocks on the floppy
+#
+bsdlabel -w -B /dev/fd0c fd1440
+
+#
+# newfs the one and only partition
+#
+newfs -t 2 -u 18 -l 1 -c 40 -i 5120 -m 5 -o space /dev/fd0a
+
+#
+# mount the new floppy
+#
+mount /dev/fd0a /mnt
+
+#
+# create required directories
+#
+mkdir /mnt/dev
+mkdir /mnt/bin
+mkdir /mnt/sbin
+mkdir /mnt/etc
+mkdir /mnt/root
+mkdir /mnt/mnt # for the root partition
+mkdir /mnt/tmp
+mkdir /mnt/var
+
+#
+# populate the directories
+#
+if [ ! -x /sys/compile/MINI/kernel ]
+then
+ cat << EOM
+The MINI kernel does not exist, please create one.
+Here is an example config file:
+#
+# MINI -- A kernel to get FreeBSD onto a disk.
+#
+machine "i386"
+cpu "I486_CPU"
+ident MINI
+maxusers 5
+
+options INET # needed for _tcp _icmpstat _ipstat
+ # _udpstat _tcpstat _udb
+options FFS #Berkeley Fast File System
+options FAT_CURSOR #block cursor in syscons or pccons
+options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device
+options NCONS=2 #1 virtual consoles
+options USERCONFIG #Allow user configuration with -c XXX
+
+config kernel root on da0 swap on da0 and da1 dumps on da0
+
+device isa0
+device pci0
+
+device fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
+device fd0 at fdc0 drive 0
+
+device ncr0
+
+device scbus0
+
+device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
+device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
+
+device da0
+device da1
+device da2
+
+device sa0
+
+pseudo-device loop # required by INET
+pseudo-device gzip # Exec gzipped a.out's
+EOM
+ exit 1
+fi
+
+cp -f /sys/compile/MINI/kernel /mnt
+
+gzip -c -best /sbin/init > /mnt/sbin/init
+gzip -c -best /sbin/fsck > /mnt/sbin/fsck
+gzip -c -best /sbin/mount > /mnt/sbin/mount
+gzip -c -best /sbin/halt > /mnt/sbin/halt
+gzip -c -best /sbin/restore > /mnt/sbin/restore
+
+gzip -c -best /bin/sh > /mnt/bin/sh
+gzip -c -best /bin/sync > /mnt/bin/sync
+
+cp /root/.profile /mnt/root
+
+cp -f /dev/MAKEDEV /mnt/dev
+chmod 755 /mnt/dev/MAKEDEV
+
+chmod 500 /mnt/sbin/init
+chmod 555 /mnt/sbin/fsck /mnt/sbin/mount /mnt/sbin/halt
+chmod 555 /mnt/bin/sh /mnt/bin/sync
+chmod 6555 /mnt/sbin/restore
+
+#
+# create the devices nodes
+#
+cd /mnt/dev
+./MAKEDEV std
+./MAKEDEV da0
+./MAKEDEV da1
+./MAKEDEV da2
+./MAKEDEV sa0
+./MAKEDEV pty0
+cd /
+
+#
+# create minimum file system table
+#
+cat > /mnt/etc/fstab <<EOM
+/dev/fd0a / ufs rw 1 1
+EOM
+
+#
+# create minimum passwd file
+#
+cat > /mnt/etc/passwd <<EOM
+root:*:0:0:Charlie &:/root:/bin/sh
+EOM
+
+cat > /mnt/etc/master.passwd <<EOM
+root::0:0::0:0:Charlie &:/root:/bin/sh
+EOM
+
+chmod 600 /mnt/etc/master.passwd
+chmod 644 /mnt/etc/passwd
+/usr/sbin/pwd_mkdb -d/mnt/etc /mnt/etc/master.passwd
+
+#
+# umount the floppy and inform the user
+#
+/sbin/umount /mnt
+echo "The floppy has been unmounted and is now ready."]]></programlisting>
+
+ </example>
+
+ </sect3>
+
+ <sect3>
+ <title>After the Disaster</title>
+
+ <para>The key question is: did your hardware survive? You have been
+ doing regular backups so there is no need to worry about the
+ software.</para>
+
+ <para>If the hardware has been damaged, the parts should be replaced
+ before attempting to use the computer.</para>
+
+ <para>If your hardware is okay, check your floppies. If you are using
+ a custom boot floppy, boot single-user (type <literal>-s</literal>
+ at the <prompt>boot:</prompt> prompt). Skip the following
+ paragraph.</para>
+
+ <para>If you are using the <filename>boot.flp</filename> and
+ <filename>fixit.flp</filename> floppies, keep reading. Insert the
+ <filename>boot.flp</filename> floppy in the first floppy drive and
+ boot the computer. The original install menu will be displayed on
+ the screen. Select the <literal>Fixit--Repair mode with CDROM or
+ floppy.</literal> option. Insert the
+ <filename>fixit.flp</filename> when prompted.
+ <command>restore</command> and the other programs that you need are
+ located in <filename class="directory">/mnt2/rescue</filename>
+ (<filename class="directory">/mnt2/stand</filename> for
+ &os; versions older than 5.2).</para>
+
+ <para>Recover each file system separately.</para>
+
+ <indexterm>
+ <primary><command>mount</command></primary>
+ </indexterm>
+ <indexterm><primary>root partition</primary></indexterm>
+ <indexterm>
+ <primary><command>bsdlabel</command></primary>
+ </indexterm>
+ <indexterm>
+ <primary><command>newfs</command></primary>
+ </indexterm>
+ <para>Try to <command>mount</command> (e.g. <command>mount /dev/da0a
+ /mnt</command>) the root partition of your first disk. If the
+ bsdlabel was damaged, use <command>bsdlabel</command> to re-partition and
+ label the disk to match the label that you printed and saved. Use
+ <command>newfs</command> to re-create the file systems. Re-mount the root
+ partition of the floppy read-write (<command>mount -u -o rw
+ /mnt</command>). Use your backup program and backup tapes to
+ recover the data for this file system (e.g. <command>restore vrf
+ /dev/sa0</command>). Unmount the file system (e.g. <command>umount
+ /mnt</command>). Repeat for each file system that was
+ damaged.</para>
+
+ <para>Once your system is running, backup your data onto new tapes.
+ Whatever caused the crash or data loss may strike again. Another
+ hour spent now may save you from further distress later.</para>
+ </sect3>
+
+<![ %not.published; [
+
+ <sect3>
+ <title>* I Did Not Prepare for the Disaster, What Now?</title>
+
+ <para></para>
+ </sect3>
+]]>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="disks-virtual">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ <contrib>Reorganized and enhanced by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+ <title>Network, Memory, and File-Backed File Systems</title>
+ <indexterm><primary>virtual disks</primary></indexterm>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>virtual</secondary>
+ </indexterm>
+
+ <para>Aside from the disks you physically insert into your computer:
+ floppies, CDs, hard drives, and so forth; other forms of disks
+ are understood by FreeBSD - the <firstterm>virtual
+ disks</firstterm>.</para>
+
+ <indexterm><primary>NFS</primary></indexterm>
+ <indexterm><primary>Coda</primary></indexterm>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>memory</secondary>
+ </indexterm>
+ <para>These include network file systems such as the <link
+ linkend="network-nfs">Network File System</link> and Coda, memory-based
+ file systems and
+ file-backed file systems.</para>
+
+ <para>According to the FreeBSD version you run, you will have to use
+ different tools for creation and use of file-backed and
+ memory-based file systems.</para>
+
+ <note>
+ <para>Use &man.devfs.5; to allocate device nodes transparently for the
+ user.</para>
+ </note>
+
+ <sect2 id="disks-mdconfig">
+ <title>File-Backed File System</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>file-backed</secondary>
+ </indexterm>
+
+ <para>The utility &man.mdconfig.8; is used to configure and enable
+ memory disks, &man.md.4;, under FreeBSD. To use
+ &man.mdconfig.8;, you have to load &man.md.4; module or to add
+ the support in your kernel configuration file:</para>
+
+ <programlisting>device md</programlisting>
+
+ <para>The &man.mdconfig.8; command supports three kinds of
+ memory backed virtual disks: memory disks allocated with
+ &man.malloc.9;, memory disks using a file or swap space as
+ backing. One possible use is the mounting of floppy
+ or CD images kept in files.</para>
+
+ <para>To mount an existing file system image:</para>
+
+ <example>
+ <title>Using <command>mdconfig</command> to Mount an Existing File System
+ Image</title>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>diskimage</replaceable> -u <replaceable>0</replaceable></userinput>
+&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>
+ </example>
+
+ <para>To create a new file system image with &man.mdconfig.8;:</para>
+
+ <example>
+ <title>Creating a New File-Backed Disk with <command>mdconfig</command></title>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>newimage</replaceable> -u <replaceable>0</replaceable></userinput>
+&prompt.root; <userinput>bsdlabel -w md<replaceable>0</replaceable> auto</userinput>
+&prompt.root; <userinput>newfs md<replaceable>0</replaceable>a</userinput>
+/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
+ using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
+super-block backups (for fsck -b #) at:
+ 160, 2720, 5280, 7840
+&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable>a <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0a 4710 4 4330 0% /mnt</screen>
+ </example>
+
+ <para>If you do not specify the unit number with the
+ <option>-u</option> option, &man.mdconfig.8; will use the
+ &man.md.4; automatic allocation to select an unused device.
+ The name of the allocated unit will be output on stdout like
+ <devicename>md4</devicename>. For more details about
+ &man.mdconfig.8;, please refer to the manual page.</para>
+
+ <para>The utility &man.mdconfig.8; is very useful, however it
+ asks many command lines to create a file-backed file system.
+ FreeBSD also comes with a tool called &man.mdmfs.8;,
+ this program configures a &man.md.4; disk using
+ &man.mdconfig.8;, puts a UFS file system on it using
+ &man.newfs.8;, and mounts it using &man.mount.8;. For example,
+ if you want to create and mount the same file system image as
+ above, simply type the following:</para>
+
+ <example>
+ <title>Configure and Mount a File-Backed Disk with <command>mdmfs</command></title>
+ <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
+5120+0 records in
+5120+0 records out
+&prompt.root; <userinput>mdmfs -F <replaceable>newimage</replaceable> -s <replaceable>5</replaceable>m md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0 4718 4 4338 0% /mnt</screen>
+ </example>
+
+ <para>If you use the option <option>md</option> without unit
+ number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to
+ automatically select an unused device. For more details
+ about &man.mdmfs.8;, please refer to the manual page.</para>
+
+ </sect2>
+
+ <sect2 id="disks-md-freebsd5">
+ <title>Memory-Based File System</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>memory file system</secondary>
+ </indexterm>
+
+ <para>For a
+ memory-based file system the <quote>swap backing</quote>
+ should normally be used. Using swap backing does not mean
+ that the memory disk will be swapped out to disk by default,
+ but merely that the memory disk will be allocated from a
+ memory pool which can be swapped out to disk if needed. It is
+ also possible to create memory-based disk which are
+ &man.malloc.9; backed, but using malloc backed memory disks,
+ especially large ones, can result in a system panic if the
+ kernel runs out of memory.</para>
+
+ <example>
+ <title>Creating a New Memory-Based Disk with
+ <command>mdconfig</command></title>
+
+ <screen>&prompt.root; <userinput>mdconfig -a -t swap -s <replaceable>5</replaceable>m -u <replaceable>1</replaceable></userinput>
+&prompt.root; <userinput>newfs -U md<replaceable>1</replaceable></userinput>
+/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
+ using 4 cylinder groups of 1.27MB, 81 blks, 192 inodes.
+ with soft updates
+super-block backups (for fsck -b #) at:
+ 160, 2752, 5344, 7936
+&prompt.root; <userinput>mount /dev/md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md1 4718 4 4338 0% /mnt</screen>
+ </example>
+
+ <example>
+ <title>Creating a New Memory-Based Disk with
+ <command>mdmfs</command></title>
+ <screen>&prompt.root; <userinput>mdmfs -s <replaceable>5</replaceable>m md<replaceable>2</replaceable> <replaceable>/mnt</replaceable></userinput>
+&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md2 4846 2 4458 0% /mnt</screen>
+ </example>
+ </sect2>
+
+ <sect2>
+ <title>Detaching a Memory Disk from the System</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>detaching a memory disk</secondary>
+ </indexterm>
+
+ <para>When a memory-based or file-based file system
+ is not used, you should release all resources to the system.
+ The first thing to do is to unmount the file system, then use
+ &man.mdconfig.8; to detach the disk from the system and release
+ the resources.</para>
+
+ <para>For example to detach and free all resources used by
+ <filename>/dev/md4</filename>:</para>
+
+ <screen>&prompt.root; <userinput>mdconfig -d -u <replaceable>4</replaceable></userinput></screen>
+
+ <para>It is possible to list information about configured
+ &man.md.4; devices in using the command <command>mdconfig
+ -l</command>.</para>
+ </sect2>
+ </sect1>
+
+ <sect1 id="snapshots">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- 15 JUL 2002 -->
+ </sect1info>
+
+ <title>File System Snapshots</title>
+
+ <indexterm>
+ <primary>file systems</primary>
+ <secondary>snapshots</secondary>
+ </indexterm>
+
+ <para>FreeBSD offers a feature in conjunction with
+ <link linkend="soft-updates">Soft Updates</link>: File system snapshots.</para>
+
+ <para>Snapshots allow a user to create images of specified file
+ systems, and treat them as a file.
+ Snapshot files must be created in the file system that the
+ action is performed on, and a user may create no more than 20
+ snapshots per file system. Active snapshots are recorded
+ in the superblock so they are persistent across unmount and
+ remount operations along with system reboots. When a snapshot
+ is no longer required, it can be removed with the standard &man.rm.1;
+ command. Snapshots may be removed in any order,
+ however all the used space may not be acquired because another snapshot will
+ possibly claim some of the released blocks.</para>
+
+ <para>The un-alterable <option>snapshot</option> file flag is set
+ by &man.mksnap.ffs.8; after initial creation of a snapshot file.
+ The &man.unlink.1; command makes an exception for snapshot files
+ since it allows them to be removed.</para>
+
+ <para>Snapshots are created with the &man.mount.8; command. To place
+ a snapshot of <filename>/var</filename> in the file
+ <filename>/var/snapshot/snap</filename> use the following
+ command:</para>
+
+<screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>
+
+ <para>Alternatively, you can use &man.mksnap.ffs.8; to create
+ a snapshot:</para>
+<screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>
+
+ <para>One can find snapshot files on a file system (e.g. <filename>/var</filename>)
+ by using the &man.find.1; command:</para>
+<screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>
+
+ <para>Once a snapshot has been created, it has several
+ uses:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Some administrators will use a snapshot file for backup purposes,
+ because the snapshot can be transfered to CDs or tape.</para>
+ </listitem>
+
+ <listitem>
+ <para>The file system integrity checker, &man.fsck.8;, may be run on the snapshot.
+ Assuming that the file system was clean when it was mounted, you
+ should always get a clean (and unchanging) result.
+ This is essentially what the
+ background &man.fsck.8; process does.</para>
+ </listitem>
+
+ <listitem>
+ <para>Run the &man.dump.8; utility on the snapshot.
+ A dump will be returned that is consistent with the
+ file system and the timestamp of the snapshot. &man.dump.8;
+ can also take a snapshot, create a dump image and then
+ remove the snapshot in one command using the
+ <option>-L</option> flag.</para>
+ </listitem>
+
+ <listitem>
+ <para>&man.mount.8; the snapshot as a frozen image of the file system.
+ To &man.mount.8; the snapshot
+ <filename>/var/snapshot/snap</filename> run:</para>
+
+<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /var/snapshot/snap -u 4</userinput>
+&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
+
+ </listitem>
+ </itemizedlist>
+
+ <para>You can now walk the hierarchy of your frozen <filename>/var</filename>
+ file system mounted at <filename>/mnt</filename>. Everything will
+ initially be in the same state it was during the snapshot creation time.
+ The only exception is that any earlier snapshots will appear
+ as zero length files. When the use of a snapshot has delimited,
+ it can be unmounted with:</para>
+
+<screen>&prompt.root; <userinput>umount /mnt</userinput>
+&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
+
+ <para>For more information about <option>softupdates</option> and
+ file system snapshots, including technical papers, you can visit
+ Marshall Kirk McKusick's website at
+ <ulink url="http://www.mckusick.com/"></ulink>.</para>
+ </sect1>
+
+ <sect1 id="quotas">
+ <title>File System Quotas</title>
+ <indexterm>
+ <primary>accounting</primary>
+ <secondary>disk space</secondary>
+ </indexterm>
+ <indexterm><primary>disk quotas</primary></indexterm>
+
+ <para>Quotas are an optional feature of the operating system that
+ allow you to limit the amount of disk space and/or the number of
+ files a user or members of a group may allocate on a per-file
+ system basis. This is used most often on timesharing systems where
+ it is desirable to limit the amount of resources any one user or
+ group of users may allocate. This will prevent one user or group
+ of users from consuming all of the available disk space.</para>
+
+ <sect2>
+ <title>Configuring Your System to Enable Disk Quotas</title>
+
+ <para>Before attempting to use disk quotas, it is necessary to make
+ sure that quotas are configured in your kernel. This is done by
+ adding the following line to your kernel configuration
+ file:</para>
+
+ <programlisting>options QUOTA</programlisting>
+
+ <para>The stock <filename>GENERIC</filename> kernel does not have
+ this enabled by default, so you will have to configure, build and
+ install a custom kernel in order to use disk quotas. Please refer
+ to <xref linkend="kernelconfig"/> for more information on kernel
+ configuration.</para>
+
+ <para>Next you will need to enable disk quotas in
+ <filename>/etc/rc.conf</filename>. This is done by adding the
+ line:</para>
+
+ <programlisting>enable_quotas="YES"</programlisting>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>checking</secondary>
+ </indexterm>
+ <para>For finer control over your quota startup, there is an
+ additional configuration variable available. Normally on bootup,
+ the quota integrity of each file system is checked by the
+ &man.quotacheck.8; program. The
+ &man.quotacheck.8; facility insures that the data in
+ the quota database properly reflects the data on the file system.
+ This is a very time consuming process that will significantly
+ affect the time your system takes to boot. If you would like to
+ skip this step, a variable in <filename>/etc/rc.conf</filename>
+ is made available for the purpose:</para>
+
+ <programlisting>check_quotas="NO"</programlisting>
+
+ <para>Finally you will need to edit <filename>/etc/fstab</filename>
+ to enable disk quotas on a per-file system basis. This is where
+ you can either enable user or group quotas or both for all of your
+ file systems.</para>
+
+ <para>To enable per-user quotas on a file system, add the
+ <option>userquota</option> option to the options field in the
+ <filename>/etc/fstab</filename> entry for the file system you want
+ to enable quotas on. For example:</para>
+
+ <programlisting>/dev/da1s2g /home ufs rw,userquota 1 2</programlisting>
+
+ <para>Similarly, to enable group quotas, use the
+ <option>groupquota</option> option instead of
+ <option>userquota</option>. To enable both user and
+ group quotas, change the entry as follows:</para>
+
+ <programlisting>/dev/da1s2g /home ufs rw,userquota,groupquota 1 2</programlisting>
+
+ <para>By default, the quota files are stored in the root directory of
+ the file system with the names <filename>quota.user</filename> and
+ <filename>quota.group</filename> for user and group quotas
+ respectively. See &man.fstab.5; for more
+ information. Even though the &man.fstab.5; manual page says that
+ you can specify
+ an alternate location for the quota files, this is not recommended
+ because the various quota utilities do not seem to handle this
+ properly.</para>
+
+ <para>At this point you should reboot your system with your new
+ kernel. <filename>/etc/rc</filename> will automatically run the
+ appropriate commands to create the initial quota files for all of
+ the quotas you enabled in <filename>/etc/fstab</filename>, so
+ there is no need to manually create any zero length quota
+ files.</para>
+
+ <para>In the normal course of operations you should not be required
+ to run the &man.quotacheck.8;,
+ &man.quotaon.8;, or &man.quotaoff.8;
+ commands manually. However, you may want to read their manual pages
+ just to be familiar with their operation.</para>
+ </sect2>
+
+ <sect2>
+ <title>Setting Quota Limits</title>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>limits</secondary>
+ </indexterm>
+
+ <para>Once you have configured your system to enable quotas, verify
+ that they really are enabled. An easy way to do this is to
+ run:</para>
+
+ <screen>&prompt.root; <userinput>quota -v</userinput></screen>
+
+ <para>You should see a one line summary of disk usage and current
+ quota limits for each file system that quotas are enabled
+ on.</para>
+
+ <para>You are now ready to start assigning quota limits with the
+ &man.edquota.8; command.</para>
+
+ <para>You have several options on how to enforce limits on the
+ amount of disk space a user or group may allocate, and how many
+ files they may create. You may limit allocations based on disk
+ space (block quotas) or number of files (inode quotas) or a
+ combination of both. Each of these limits are further broken down
+ into two categories: hard and soft limits.</para>
+
+ <indexterm><primary>hard limit</primary></indexterm>
+ <para>A hard limit may not be exceeded. Once a user reaches his
+ hard limit he may not make any further allocations on the file
+ system in question. For example, if the user has a hard limit of
+ 500 kbytes on a file system and is currently using 490 kbytes, the
+ user can only allocate an additional 10 kbytes. Attempting to
+ allocate an additional 11 kbytes will fail.</para>
+
+ <indexterm><primary>soft limit</primary></indexterm>
+ <para>Soft limits, on the other hand, can be exceeded for a limited
+ amount of time. This period of time is known as the grace period,
+ which is one week by default. If a user stays over his or her
+ soft limit longer than the grace period, the soft limit will
+ turn into a hard limit and no further allocations will be allowed.
+ When the user drops back below the soft limit, the grace period
+ will be reset.</para>
+
+ <para>The following is an example of what you might see when you run
+ the &man.edquota.8; command. When the
+ &man.edquota.8; command is invoked, you are placed into
+ the editor specified by the <envar>EDITOR</envar> environment
+ variable, or in the <application>vi</application> editor if the
+ <envar>EDITOR</envar> variable is not set, to allow you to edit
+ the quota limits.</para>
+
+ <screen>&prompt.root; <userinput>edquota -u test</userinput></screen>
+
+ <programlisting>Quotas for user test:
+/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
+ inodes in use: 7, limits (soft = 50, hard = 60)
+/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
+ inodes in use: 0, limits (soft = 50, hard = 60)</programlisting>
+
+ <para>You will normally see two lines for each file system that has
+ quotas enabled. One line for the block limits, and one line for
+ inode limits. Simply change the value you want updated to modify
+ the quota limit. For example, to raise this user's block limit
+ from a soft limit of 50 and a hard limit of 75 to a soft limit of
+ 500 and a hard limit of 600, change:</para>
+
+ <programlisting>/usr: kbytes in use: 65, limits (soft = 50, hard = 75)</programlisting>
+
+ <para>to:</para>
+
+ <programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>
+
+ <para>The new quota limits will be in place when you exit the
+ editor.</para>
+
+ <para>Sometimes it is desirable to set quota limits on a range of
+ UIDs. This can be done by use of the <option>-p</option> option
+ on the &man.edquota.8; command. First, assign the
+ desired quota limit to a user, and then run
+ <command>edquota -p protouser startuid-enduid</command>. For
+ example, if user <username>test</username> has the desired quota
+ limits, the following command can be used to duplicate those quota
+ limits for UIDs 10,000 through 19,999:</para>
+
+ <screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>
+
+ <para>For more information see &man.edquota.8; manual page.</para>
+ </sect2>
+
+ <sect2>
+ <title>Checking Quota Limits and Disk Usage</title>
+ <indexterm>
+ <primary>disk quotas</primary>
+ <secondary>checking</secondary>
+ </indexterm>
+
+ <para>You can use either the &man.quota.1; or the
+ &man.repquota.8; commands to check quota limits and
+ disk usage. The &man.quota.1; command can be used to
+ check individual user or group quotas and disk usage. A user
+ may only examine his own quota, and the quota of a group he
+ is a member of. Only the super-user may view all user and group
+ quotas. The
+ &man.repquota.8; command can be used to get a summary
+ of all quotas and disk usage for file systems with quotas
+ enabled.</para>
+
+ <para>The following is some sample output from the
+ <command>quota -v</command> command for a user that has quota
+ limits on two file systems.</para>
+
+ <programlisting>Disk quotas for user test (uid 1002):
+ Filesystem usage quota limit grace files quota limit grace
+ /usr 65* 50 75 5days 7 50 60
+ /usr/var 0 50 75 0 50 60</programlisting>
+
+ <indexterm><primary>grace period</primary></indexterm>
+ <para>On the <filename>/usr</filename> file system in the above
+ example, this user is currently 15 kbytes over the soft limit of
+ 50 kbytes and has 5 days of the grace period left. Note the
+ asterisk <literal>*</literal> which indicates that the user is
+ currently over his quota limit.</para>
+
+ <para>Normally file systems that the user is not using any disk
+ space on will not show up in the output from the
+ &man.quota.1; command, even if he has a quota limit
+ assigned for that file system. The <option>-v</option> option
+ will display those file systems, such as the
+ <filename>/usr/var</filename> file system in the above
+ example.</para>
+ </sect2>
+
+ <sect2>
+ <title>Quotas over NFS</title>
+ <indexterm><primary>NFS</primary></indexterm>
+
+ <para>Quotas are enforced by the quota subsystem on the NFS server.
+ The &man.rpc.rquotad.8; daemon makes quota information available
+ to the &man.quota.1; command on NFS clients, allowing users on
+ those machines to see their quota statistics.</para>
+
+ <para>Enable <command>rpc.rquotad</command> in
+ <filename>/etc/inetd.conf</filename> like so:</para>
+
+ <programlisting>rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>
+
+ <para>Now restart <command>inetd</command>:</para>
+
+ <screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="disks-encrypting">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Lucky</firstname>
+ <surname>Green</surname>
+ <contrib>Contributed by </contrib>
+ <affiliation>
+ <address><email>shamrock@cypherpunks.to</email></address>
+ </affiliation>
+ </author>
+ </authorgroup>
+ <!-- 11 MARCH 2003 -->
+ </sect1info>
+
+ <title>Encrypting Disk Partitions</title>
+ <indexterm>
+ <primary>disks</primary>
+ <secondary>encrypting</secondary></indexterm>
+
+ <para>FreeBSD offers excellent online protections against
+ unauthorized data access. File permissions and Mandatory
+ Access Control (MAC) (see <xref linkend="mac"/>) help prevent
+ unauthorized third-parties from accessing data while the operating
+ system is active and the computer is powered up. However,
+ the permissions enforced by the operating system are irrelevant if an
+ attacker has physical access to a computer and can simply move
+ the computer's hard drive to another system to copy and analyze
+ the sensitive data.</para>
+
+ <para>Regardless of how an attacker may have come into possession of
+ a hard drive or powered-down computer, both <application>GEOM
+ Based Disk Encryption (gbde)</application> and
+ <command>geli</command> cryptographic subsystems in &os; are able
+ to protect the data on the computer's file systems against even
+ highly-motivated attackers with significant resources. Unlike
+ cumbersome encryption methods that encrypt only individual files,
+ <command>gbde</command> and <command>geli</command> transparently
+ encrypt entire file systems. No cleartext ever touches the hard
+ drive's platter.</para>
+
+ <sect2>
+ <title>Disk Encryption with <application>gbde</application></title>
+
+ <procedure>
+ <step>
+ <title>Become <username>root</username></title>
+
+ <para>Configuring <application>gbde</application> requires
+ super-user privileges.</para>
+
+ <screen>&prompt.user; <userinput>su -</userinput>
+Password:</screen>
+ </step>
+
+ <step>
+ <title>Add &man.gbde.4; Support to the Kernel Configuration File</title>
+
+ <para>Add the following line to the kernel configuration
+ file:</para>
+
+ <para><literal>options GEOM_BDE</literal></para>
+
+ <para>Rebuild the kernel as described in <xref
+ linkend="kernelconfig"/>.</para>
+
+ <para>Reboot into the new kernel.</para>
+ </step>
+
+ <step>
+ <para>An alternative to recompiling the kernel is to use
+ <command>kldload</command> to load &man.gbde.4;:</para>
+
+ <screen>&prompt.root; <userinput>kldload geom_bde</userinput></screen>
+ </step>
+ </procedure>
+
+ <sect3>
+ <title>Preparing the Encrypted Hard Drive</title>
+
+ <para>The following example assumes that you are adding a new hard
+ drive to your system that will hold a single encrypted partition.
+ This partition will be mounted as <filename>/private</filename>.
+ <application>gbde</application> can also be used to encrypt
+ <filename>/home</filename> and <filename>/var/mail</filename>, but
+ this requires more complex instructions which exceed the scope of
+ this introduction.</para>
+
+ <procedure>
+ <step>
+ <title>Add the New Hard Drive</title>
+
+ <para>Install the new drive to the system as explained in <xref
+ linkend="disks-adding"/>. For the purposes of this example,
+ a new hard drive partition has been added as
+ <filename>/dev/ad4s1c</filename>. The
+ <filename>/dev/ad0s1<replaceable>*</replaceable></filename>
+ devices represent existing standard FreeBSD partitions on
+ the example system.</para>
+
+ <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
+/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
+/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
+/dev/ad0s1a /dev/ad0s1d /dev/ad4</screen>
+ </step>
+
+ <step>
+ <title>Create a Directory to Hold gbde Lock Files</title>
+
+ <screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>
+
+ <para>The <application>gbde</application> lock file contains
+ information that <application>gbde</application> requires to
+ access encrypted partitions. Without access to the lock file,
+ <application>gbde</application> will not be able to decrypt
+ the data contained in the encrypted partition without
+ significant manual intervention which is not supported by the
+ software. Each encrypted partition uses a separate lock
+ file.</para>
+ </step>
+
+ <step>
+ <title>Initialize the gbde Partition</title>
+
+ <para>A <application>gbde</application> partition must be
+ initialized before it can be used. This initialization needs to
+ be performed only once:</para>
+
+ <screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c</userinput></screen>
+
+ <para>&man.gbde.8; will open your editor, permitting you to set
+ various configuration options in a template. For use with UFS1
+ or UFS2, set the sector_size to 2048:</para>
+
+ <programlisting>$<!-- This is not the space you are looking
+for-->FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $
+#
+# Sector size is the smallest unit of data which can be read or written.
+# Making it too small decreases performance and decreases available space.
+# Making it too large may prevent filesystems from working. 512 is the
+# minimum and always safe. For UFS, use the fragment size
+#
+sector_size = 2048
+[...]
+</programlisting>
+
+ <para>&man.gbde.8; will ask you twice to type the passphrase that
+ should be used to secure the data. The passphrase must be the
+ same both times. <application>gbde</application>'s ability to
+ protect your data depends entirely on the quality of the
+ passphrase that you choose.
+ <footnote>
+ <para>For tips on how to select a secure passphrase that is easy
+ to remember, see the <ulink
+ url="http://world.std.com/~reinhold/diceware.html">Diceware
+ Passphrase</ulink> website.</para></footnote></para>
+
+ <para>The <command>gbde init</command> command creates a lock
+ file for your <application>gbde</application> partition that in
+ this example is stored as
+ <filename>/etc/gbde/ad4s1c</filename>.</para>
+
+ <caution>
+ <para><application>gbde</application> lock files
+ <emphasis>must</emphasis> be backed up together with the
+ contents of any encrypted partitions. While deleting a lock
+ file alone cannot prevent a determined attacker from
+ decrypting a <application>gbde</application> partition,
+ without the lock file, the legitimate owner will be unable
+ to access the data on the encrypted partition without a
+ significant amount of work that is totally unsupported by
+ &man.gbde.8; and its designer.</para>
+ </caution>
+ </step>
+
+ <step>
+ <title>Attach the Encrypted Partition to the Kernel</title>
+
+ <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
+
+ <para> You will be asked to provide the passphrase that you
+ selected during the initialization of the encrypted partition.
+ The new encrypted device will show up in
+ <filename>/dev</filename> as
+ <filename>/dev/device_name.bde</filename>:</para>
+
+ <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
+/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
+/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
+/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde</screen>
+ </step>
+
+ <step>
+ <title>Create a File System on the Encrypted Device</title>
+
+ <para>Once the encrypted device has been attached to the kernel,
+ you can create a file system on the device. To create a file
+ system on the encrypted device, use &man.newfs.8;. Since it is
+ much faster to initialize a new UFS2 file system than it is to
+ initialize the old UFS1 file system, using &man.newfs.8; with
+ the <option>-O2</option> option is recommended.</para>
+
+ <screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
+
+ <note>
+ <para>The &man.newfs.8; command must be performed on an
+ attached <application>gbde</application> partition which
+ is identified by a
+ <filename><replaceable>*</replaceable>.bde</filename>
+ extension to the device name.</para>
+ </note>
+ </step>
+
+ <step>
+ <title>Mount the Encrypted Partition</title>
+
+ <para>Create a mount point for the encrypted file system.</para>
+
+ <screen>&prompt.root; <userinput>mkdir /private</userinput></screen>
+
+ <para>Mount the encrypted file system.</para>
+
+ <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
+ </step>
+
+ <step>
+ <title>Verify That the Encrypted File System is Available</title>
+
+ <para>The encrypted file system should now be visible to
+ &man.df.1; and be available for use.</para>
+
+ <screen>&prompt.user; <userinput>df -H</userinput>
+Filesystem Size Used Avail Capacity Mounted on
+/dev/ad0s1a 1037M 72M 883M 8% /
+/devfs 1.0K 1.0K 0B 100% /dev
+/dev/ad0s1f 8.1G 55K 7.5G 0% /home
+/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
+/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
+/dev/ad4s1c.bde 150G 4.1K 138G 0% /private</screen>
+ </step>
+ </procedure>
+ </sect3>
+
+ <sect3>
+ <title>Mounting Existing Encrypted File Systems</title>
+
+ <para>After each boot, any encrypted file systems must be
+ re-attached to the kernel, checked for errors, and mounted, before
+ the file systems can be used. The required commands must be
+ executed as user <username>root</username>.</para>
+
+ <procedure>
+ <step>
+ <title>Attach the gbde Partition to the Kernel</title>
+
+ <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
+
+ <para>You will be asked to provide the passphrase that you
+ selected during initialization of the encrypted
+ <application>gbde</application> partition.</para>
+ </step>
+
+ <step>
+ <title>Check the File System for Errors</title>
+
+ <para>Since encrypted file systems cannot yet be listed in
+ <filename>/etc/fstab</filename> for automatic mounting, the
+ file systems must be checked for errors by running &man.fsck.8;
+ manually before mounting.</para>
+
+ <screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
+ </step>
+
+ <step>
+ <title>Mount the Encrypted File System</title>
+
+ <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
+
+ <para>The encrypted file system is now available for use.</para>
+ </step>
+ </procedure>
+
+ <sect4>
+ <title>Automatically Mounting Encrypted Partitions</title>
+
+ <para>It is possible to create a script to automatically attach,
+ check, and mount an encrypted partition, but for security reasons
+ the script should not contain the &man.gbde.8; password. Instead,
+ it is recommended that such scripts be run manually while
+ providing the password via the console or &man.ssh.1;.</para>
+
+ <para>As an alternative, an <filename>rc.d</filename> script is
+ provided. Arguments for this script can be passed via
+ &man.rc.conf.5;, for example:</para>
+
+ <screen>gbde_autoattach_all="YES"
+gbde_devices="ad4s1c"</screen>
+
+ <para>This will require that the <application>gbde</application>
+ passphrase be entered at boot time. After typing the correct
+ passphrase, the <application>gbde</application> encrypted
+ partition will be mounted automatically. This can be very
+ useful when using <application>gbde</application> on
+ notebooks.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>Cryptographic Protections Employed by gbde</title>
+
+ <para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
+ CBC mode. Each sector on the disk is encrypted with a different
+ AES key. For more information on <application>gbde</application>'s
+ cryptographic design, including how the sector keys are derived
+ from the user-supplied passphrase, see &man.gbde.4;.</para>
+ </sect3>
+
+ <sect3>
+ <title>Compatibility Issues</title>
+
+ <para>&man.sysinstall.8; is incompatible with
+ <application>gbde</application>-encrypted devices. All
+ <devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
+ kernel before starting &man.sysinstall.8; or it will crash during
+ its initial probing for devices. To detach the encrypted device
+ used in our example, use the following command:</para>
+ <screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
+
+ <para>Also note that, as &man.vinum.4; does not use the
+ &man.geom.4; subsystem, you cannot use
+ <application>gbde</application> with
+ <application>vinum</application> volumes.</para>
+ </sect3>
+
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Daniel</firstname>
+ <surname>Gerzo</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ <!-- Date of writing: 28 November 2005 -->
+ </sect2info>
+
+ <title>Disk Encryption with <command>geli</command></title>
+
+ <para>A new cryptographic GEOM class is available as of &os; 6.0 -
+ <command>geli</command>. It is currently being developed by
+ &a.pjd;. <command>Geli</command> is different to
+ <command>gbde</command>; it offers different features and uses
+ a different scheme for doing cryptographic work.</para>
+
+ <para>The most important features of &man.geli.8; are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Utilizes the &man.crypto.9; framework &mdash; when
+ cryptographic hardware is available, <command>geli</command>
+ will use it automatically.</para>
+ </listitem>
+ <listitem>
+ <para>Supports multiple cryptographic algorithms (currently
+ AES, Blowfish, and 3DES).</para>
+ </listitem>
+ <listitem>
+ <para>Allows the root partition to be encrypted. The
+ passphrase used to access the encrypted root partition will
+ be requested during the system boot.</para>
+ </listitem>
+ <listitem>
+ <para>Allows the use of two independent keys (e.g. a
+ <quote>key</quote> and a <quote>company key</quote>).</para>
+ </listitem>
+ <listitem>
+ <para><command>geli</command> is fast - performs simple
+ sector-to-sector encryption.</para>
+ </listitem>
+ <listitem>
+ <para>Allows backup and restore of Master Keys. When a user
+ has to destroy his keys, it will be possible to get access
+ to the data again by restoring keys from the backup.</para>
+ </listitem>
+ <listitem>
+ <para>Allows to attach a disk with a random, one-time key
+ &mdash; useful for swap partitions and temporary file
+ systems.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>More <command>geli</command> features can be found in the
+ &man.geli.8; manual page.</para>
+
+ <para>The next steps will describe how to enable support for
+ <command>geli</command> in the &os; kernel and will explain how
+ to create a new <command>geli</command> encryption provider. At
+ the end it will be demonstrated how to create an encrypted swap
+ partition using features provided by <command>geli</command>.</para>
+
+ <para>In order to use <command>geli</command>, you must be running
+ &os; 6.0-RELEASE or later. Super-user privileges will be
+ required since modifications to the kernel are necessary.</para>
+
+ <procedure>
+ <step>
+ <title>Adding <command>geli</command> Support to the Kernel
+ Configuration File</title>
+
+ <para>Add the following lines to the kernel configuration
+ file:</para>
+
+ <screen>options GEOM_ELI
+device crypto</screen>
+
+ <para>Rebuild the kernel as described in <xref
+ linkend="kernelconfig"/>.</para>
+
+ <para>Alternatively, the <command>geli</command> module can
+ be loaded at boot time. Add the following line to the
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <para><literal>geom_eli_load="YES"</literal></para>
+
+ <para>&man.geli.8; should now be supported by the kernel.</para>
+ </step>
+
+ <step>
+ <title>Generating the Master Key</title>
+
+ <para>The following example will describe how to generate a
+ key file, which will be used as part of the Master Key for
+ the encrypted provider mounted under
+ <filename role="directory">/private</filename>. The key
+ file will provide some random data used to encrypt the
+ Master Key. The Master Key will be protected by a
+ passphrase as well. Provider's sector size will be 4kB big.
+ Furthermore, the discussion will describe how to attach the
+ <command>geli</command> provider, create a file system on
+ it, how to mount it, how to work with it, and finally how to
+ detach it.</para>
+
+ <para>It is recommended to use a bigger sector size (like 4kB) for
+ better performance.</para>
+
+ <para>The Master Key will be protected with a passphrase and
+ the data source for key file will be
+ <filename>/dev/random</filename>. The sector size of
+ <filename>/dev/da2.eli</filename>, which we call provider,
+ will be 4kB.</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput>
+&prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput>
+Enter new passphrase:
+Reenter new passphrase:</screen>
+
+ <para>It is not mandatory that both a passphrase and a key
+ file are used; either method of securing the Master Key can
+ be used in isolation.</para>
+
+ <para>If key file is given as <quote>-</quote>, standard
+ input will be used. This example shows how more than one
+ key file can be used.</para>
+
+ <screen>&prompt.root; <userinput>cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2</userinput></screen>
+ </step>
+
+ <step>
+ <title>Attaching the Provider with the generated Key</title>
+
+ <screen>&prompt.root; <userinput>geli attach -k /root/da2.key /dev/da2</userinput>
+Enter passphrase:</screen>
+
+ <para>The new plaintext device will be named
+ <filename>/dev/<replaceable>da2</replaceable>.eli</filename>.</para>
+
+ <screen>&prompt.root; <userinput>ls /dev/da2*</userinput>
+/dev/da2 /dev/da2.eli</screen>
+ </step>
+
+ <step>
+ <title>Creating the new File System</title>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/da2.eli bs=1m</userinput>
+&prompt.root; <userinput>newfs /dev/da2.eli</userinput>
+&prompt.root; <userinput>mount /dev/da2.eli /private</userinput></screen>
+
+ <para>The encrypted file system should be visible to &man.df.1;
+ and be available for use now.</para>
+
+ <screen>&prompt.root; <userinput>df -H</userinput>
+Filesystem Size Used Avail Capacity Mounted on
+/dev/ad0s1a 248M 89M 139M 38% /
+/devfs 1.0K 1.0K 0B 100% /dev
+/dev/ad0s1f 7.7G 2.3G 4.9G 32% /usr
+/dev/ad0s1d 989M 1.5M 909M 0% /tmp
+/dev/ad0s1e 3.9G 1.3G 2.3G 35% /var
+/dev/da2.eli 150G 4.1K 138G 0% /private</screen>
+
+ </step>
+
+ <step>
+ <title>Unmounting and Detaching the Provider</title>
+
+ <para>Once the work on the encrypted partition is done, and
+ the <filename role="directory">/private</filename> partition
+ is no longer needed, it is prudent to consider unmounting
+ and detaching the <command>geli</command> encrypted
+ partition from the kernel.</para>
+
+ <screen>&prompt.root; <userinput>umount /private</userinput>
+&prompt.root; <userinput>geli detach da2.eli</userinput></screen>
+ </step>
+ </procedure>
+
+ <para>More information about the use of &man.geli.8; can be
+ found in the manual page.</para>
+
+ <sect3>
+ <title>Using the <filename>geli</filename> <filename>rc.d</filename> Script</title>
+
+ <para><command>geli</command> comes with a <filename>rc.d</filename> script which
+ can be used to simplify the usage of <command>geli</command>.
+ An example of configuring <command>geli</command> through
+ &man.rc.conf.5; follows:</para>
+
+ <screen>geli_devices="da2"
+geli_da2_flags="-p -k /root/da2.key"</screen>
+
+ <para>This will configure <filename>/dev/da2</filename> as a
+ <command>geli</command> provider of which the Master Key file
+ is located in <filename>/root/da2.key</filename>, and
+ <command>geli</command> will not use a passphrase when
+ attaching the provider (note that this can only be used if -P
+ was given during the <command>geli</command> init phase). The
+ system will detach the <command>geli</command> provider from
+ the kernel before the system shuts down.</para>
+
+ <para>More information about configuring <filename>rc.d</filename> is provided in the
+ <link linkend="configtuning-rcd">rc.d</link> section of the
+ Handbook.</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="swap-encrypting">
+ <sect1info>
+ <authorgroup>
+ <author>
+ <firstname>Christian</firstname>
+ <surname>Br&uuml;ffer</surname>
+ <contrib>Written by </contrib>
+ </author>
+ </authorgroup>
+ </sect1info>
+
+ <title>Encrypting Swap Space</title>
+ <indexterm>
+ <primary>swap</primary>
+ <secondary>encrypting</secondary>
+ </indexterm>
+
+ <para>Swap encryption in &os; is easy to configure and has been
+ available since &os; 5.3-RELEASE. Depending on which version
+ of &os; is being used, different options are available
+ and configuration can vary slightly. From &os; 6.0-RELEASE onwards,
+ the &man.gbde.8; or &man.geli.8; encryption systems can be used
+ for swap encryption. With earlier versions, only &man.gbde.8; is
+ available. Both systems use the <filename>encswap</filename>
+ <link linkend="configtuning-rcd">rc.d</link> script.</para>
+
+ <para>The previous section, <link linkend="disks-encrypting">Encrypting
+ Disk Partitions</link>, includes a short discussion on the different
+ encryption systems.</para>
+
+ <sect2>
+ <title>Why should Swap be Encrypted?</title>
+
+ <para>Like the encryption of disk partitions, encryption of swap space
+ is done to protect sensitive information. Imagine an application
+ that e.g. deals with passwords. As long as these passwords stay in
+ physical memory, all is well. However, if the operating system starts
+ swapping out memory pages to free space for other applications, the
+ passwords may be written to the disk platters unencrypted and easy to
+ retrieve for an adversary. Encrypting swap space can be a solution for
+ this scenario.</para>
+ </sect2>
+
+ <sect2>
+ <title>Preparation</title>
+
+ <note>
+ <para>For the remainder of this section, <devicename>ad0s1b</devicename>
+ will be the swap partition.</para>
+ </note>
+
+ <para>Up to this point the swap has been unencrypted. It is possible that
+ there are already passwords or other sensitive data on the disk platters
+ in cleartext. To rectify this, the data on the swap partition should be
+ overwritten with random garbage:</para>
+
+ <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
+ </sect2>
+
+ <sect2>
+ <title>Swap Encryption with &man.gbde.8;</title>
+
+ <para>If &os; 6.0-RELEASE or newer is being used, the
+ <literal>.bde</literal> suffix should be added to the device in the
+ respective <filename>/etc/fstab</filename> swap line:</para>
+
+ <screen>
+# Device Mountpoint FStype Options Dump Pass#
+/dev/ad0s1b.bde none swap sw 0 0
+ </screen>
+
+ <para>For systems prior to &os; 6.0-RELEASE, the following line
+ in <filename>/etc/rc.conf</filename> is also needed:</para>
+
+ <programlisting>gbde_swap_enable="YES"</programlisting>
+ </sect2>
+
+ <sect2>
+ <title>Swap Encryption with &man.geli.8;</title>
+
+ <para>Alternatively, the procedure for using &man.geli.8; for swap
+ encryption is similar to that of using &man.gbde.8;. The
+ <literal>.eli</literal> suffix should be added to the device in the
+ respective <filename>/etc/fstab</filename> swap line:</para>
+
+ <screen>
+# Device Mountpoint FStype Options Dump Pass#
+/dev/ad0s1b.eli none swap sw 0 0
+ </screen>
+
+ <para>&man.geli.8; uses the <acronym>AES</acronym> algorithm with
+ a key length of 256 bit by default.</para>
+
+ <para>Optionally, these defaults can be altered using the
+ <literal>geli_swap_flags</literal> option in
+ <filename>/etc/rc.conf</filename>. The following line tells the
+ <filename>encswap</filename> rc.d script to create &man.geli.8; swap
+ partitions using the Blowfish algorithm with a key length of 128 bit,
+ a sectorsize of 4 kilobytes and the <quote>detach on last close</quote>
+ option set:</para>
+
+ <programlisting>geli_swap_flags="-a blowfish -l 128 -s 4096 -d"</programlisting>
+
+ <para>Please refer to the description of the <command>onetime</command> command
+ in the &man.geli.8; manual page for a list of possible options.</para>
+ </sect2>
+
+ <sect2>
+ <title>Verifying that it Works</title>
+
+ <para>Once the system has been rebooted, proper operation of the
+ encrypted swap can be verified using the
+ <command>swapinfo</command> command.</para>
+
+ <para>If &man.gbde.8; is being used:</para>
+
+ <screen>&prompt.user; <userinput>swapinfo</userinput>
+Device 1K-blocks Used Avail Capacity
+/dev/ad0s1b.bde 542720 0 542720 0%
+ </screen>
+
+ <para>If &man.geli.8; is being used:</para>
+
+ <screen>&prompt.user; <userinput>swapinfo</userinput>
+Device 1K-blocks Used Avail Capacity
+/dev/ad0s1b.eli 542720 0 542720 0%
+ </screen>
+ </sect2>
+ </sect1>
+</chapter>