diff options
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/basics/chapter.xml')
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/basics/chapter.xml | 3417 |
1 files changed, 0 insertions, 3417 deletions
diff --git a/en_US.ISO8859-1/books/handbook/basics/chapter.xml b/en_US.ISO8859-1/books/handbook/basics/chapter.xml deleted file mode 100644 index 1be3270b7e..0000000000 --- a/en_US.ISO8859-1/books/handbook/basics/chapter.xml +++ /dev/null @@ -1,3417 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!-- - The FreeBSD Documentation Project - - $FreeBSD$ ---> -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" - xml:id="basics"> - <!-- - <chapterinfo> - <authorgroup> - <author> - <firstname>Chris</firstname> - <surname>Shumway</surname> - <contrib>Rewritten by in Mar 2000</contrib> - </author> - </authorgroup> - </chapterinfo> - --> - <title>&os; Basics</title> - - <sect1 xml:id="basics-synopsis"> - <title>Synopsis</title> - - <para>This chapter covers the basic commands and functionality of - the &os; operating system. Much of this material is relevant - for any &unix;-like operating system. New &os; users are - encouraged to read through this chapter carefully.</para> - - <para>After reading this chapter, you will know:</para> - - <itemizedlist> - <listitem> - <para>How to use and configure virtual consoles.</para> - </listitem> - - <listitem> - <para>How to create and manage users and groups on - &os;.</para> - </listitem> - - <listitem> - <para>How &unix; file permissions and &os; file flags - work.</para> - </listitem> - - <listitem> - <para>The default &os; file system layout.</para> - </listitem> - - <listitem> - <para>The &os; disk organization.</para> - </listitem> - - <listitem> - <para>How to mount and unmount file systems.</para> - </listitem> - - <listitem> - <para>What processes, daemons, and signals are.</para> - </listitem> - - <listitem> - <para>What a shell is, and how to change the default login - environment.</para> - </listitem> - - <listitem> - <para>How to use basic text editors.</para> - </listitem> - - <listitem> - <para>What devices and device nodes are.</para> - </listitem> - - <listitem> - <para>How to read manual pages for more information.</para> - </listitem> - </itemizedlist> - </sect1> - - <sect1 xml:id="consoles"> - <title>Virtual Consoles and Terminals</title> - - <indexterm> - <primary>virtual consoles</primary> - </indexterm> - <indexterm> - <primary>terminals</primary> - </indexterm> - <indexterm> - <primary>console</primary> - </indexterm> - - <para>Unless &os; has been configured to automatically start a - graphical environment during startup, the system will boot - into a command line login prompt, as seen in this - example:</para> - - <screen>FreeBSD/amd64 (pc3.example.org) (ttyv0) - -login:</screen> - - <para>The first line contains some information about the system. - The <literal>amd64</literal> indicates that the system in this - example is running a 64-bit version of &os;. The hostname is - <systemitem>pc3.example.org</systemitem>, and - <filename>ttyv0</filename> indicates that this is the - <quote>system console</quote>. The second line is the login - prompt.</para> - - <para>Since &os; is a multiuser system, it needs some way to - distinguish between different users. This is accomplished by - requiring every user to log into the system before gaining - access to the programs on the system. Every user has a - unique name <quote>username</quote> and a personal - <quote>password</quote>.</para> - - <para>To log into the system console, type the username that - was configured during system installation, as described in - <xref linkend="bsdinstall-addusers"/>, and press - <keycap>Enter</keycap>. Then enter the password associated - with the username and press <keycap>Enter</keycap>. The - password is <emphasis>not echoed</emphasis> for security - reasons.</para> - - <para>Once the correct password is input, the message of the - day (<acronym>MOTD</acronym>) will be displayed followed - by a command prompt. Depending upon the shell that was - selected when the user was created, this prompt will be a - <literal>#</literal>, <literal>$</literal>, or - <literal>%</literal> character. The prompt indicates that - the user is now logged into the &os; system console and ready - to try the available commands.</para> - - <sect2 xml:id="consoles-virtual"> - <title>Virtual Consoles</title> - - <para>While the system console can be used to interact with - the system, a user working from the command line at the - keyboard of a &os; system will typically instead log into a - virtual console. This is because system messages are - configured by default to display on the system console. - These messages will appear over the command or file that the - user is working on, making it difficult to concentrate on - the work at hand.</para> - - <para>By default, &os; is configured to provide several virtual - consoles for inputting commands. Each virtual console has - its own login prompt and shell and it is easy to switch - between virtual consoles. This essentially provides the - command line equivalent of having several windows open at the - same time in a graphical environment.</para> - - <para>The key combinations - <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> - through - <keycombo><keycap>Alt</keycap><keycap>F8</keycap></keycombo> - have been reserved by &os; for switching between virtual - consoles. Use - <keycombo><keycap>Alt</keycap><keycap>F1</keycap></keycombo> - to switch to the system console - (<filename>ttyv0</filename>), - <keycombo><keycap>Alt</keycap><keycap>F2</keycap></keycombo> - to access the first virtual console - (<filename>ttyv1</filename>), - <keycombo><keycap>Alt</keycap><keycap>F3</keycap></keycombo> - to access the second virtual console - (<filename>ttyv2</filename>), and so on. - When using <application>&xorg;</application> as a graphical - console, the combination becomes <keycombo> - <keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>F1</keycap> - </keycombo> to return to a text-based virtual console.</para> - - <para>When switching from one console to the next, &os; - manages the screen output. The result is an illusion of - having multiple virtual screens and keyboards that can be used - to type commands for &os; to run. The programs that are - launched in one virtual console do not stop running when - the user switches to a different virtual console.</para> - - <para>Refer to &man.kbdcontrol.1;, &man.vidcontrol.1;, - &man.atkbd.4;, &man.syscons.4;, and &man.vt.4; for a more - technical description of the &os; console and its keyboard - drivers.</para> - - <para>In &os;, the number of available virtual consoles is - configured in this section of - <filename>/etc/ttys</filename>:</para> - - <programlisting># name getty type status comments -# -ttyv0 "/usr/libexec/getty Pc" xterm on secure -# Virtual terminals -ttyv1 "/usr/libexec/getty Pc" xterm on secure -ttyv2 "/usr/libexec/getty Pc" xterm on secure -ttyv3 "/usr/libexec/getty Pc" xterm on secure -ttyv4 "/usr/libexec/getty Pc" xterm on secure -ttyv5 "/usr/libexec/getty Pc" xterm on secure -ttyv6 "/usr/libexec/getty Pc" xterm on secure -ttyv7 "/usr/libexec/getty Pc" xterm on secure -ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure</programlisting> - - - <para>To disable a virtual console, put a comment symbol - (<literal>#</literal>) at the beginning of the line - representing that virtual console. For example, to reduce the - number of available virtual consoles from eight to four, put a - <literal>#</literal> in front of the last four lines - representing virtual consoles <filename>ttyv5</filename> - through <filename>ttyv8</filename>. - <emphasis>Do not</emphasis> comment out the line for the - system console <filename>ttyv0</filename>. Note that the last - virtual console (<filename>ttyv8</filename>) is used to access - the graphical environment if <application>&xorg;</application> - has been installed and configured as described in - <xref linkend="x11"/>.</para> - - <para>For a detailed description of every column in this file - and the available options for the virtual consoles, refer to - &man.ttys.5;.</para> - </sect2> - - <sect2 xml:id="consoles-singleuser"> - <title>Single User Mode</title> - - <para>The &os; boot menu provides an option labelled as - <quote>Boot Single User</quote>. If this option is selected, - the system will boot into a special mode known as - <quote>single user mode</quote>. This mode is typically used - to repair a system that will not boot or to reset the - <systemitem class="username">root</systemitem> password when - it is not known. While in single user mode, networking and - other virtual consoles are not available. However, full - <systemitem class="username">root</systemitem> access to the - system is available, and by default, the - <systemitem class="username">root</systemitem> password is not - needed. For these reasons, physical access to the keyboard is - needed to boot into this mode and determining who has physical - access to the keyboard is something to consider when securing - a &os; system.</para> - - <para>The settings which control single user mode are found in - this section of <filename>/etc/ttys</filename>:</para> - - <programlisting># name getty type status comments -# -# If console is marked "insecure", then init will ask for the root password -# when going to single-user mode. -console none unknown off secure</programlisting> - - <para>By default, the status is set to - <literal>secure</literal>. This assumes that who has physical - access to the keyboard is either not important or it is - controlled by a physical security policy. If this setting is - changed to <literal>insecure</literal>, the assumption is that - the environment itself is insecure because anyone can access - the keyboard. When this line is changed to - <literal>insecure</literal>, &os; will prompt for the - <systemitem class="username">root</systemitem> password when a - user selects to boot into single user mode.</para> - - <note> - <para><emphasis>Be careful when changing this setting to - <literal>insecure</literal></emphasis>! If the - <systemitem class="username">root</systemitem> password is - forgotten, booting into single user mode is still possible, - but may be difficult for someone who is not familiar with - the &os; booting process.</para> - </note> - </sect2> - - <sect2 xml:id="consoles-vidcontrol"> - <title>Changing Console Video Modes</title> - - <para>The &os; console default video mode may be adjusted to - 1024x768, 1280x1024, or any other size supported by the - graphics chip and monitor. To use a different video mode - load the <literal>VESA</literal> module:</para> - - <screen>&prompt.root; <userinput>kldload vesa</userinput></screen> - - <para>To determine which video modes are supported by the - hardware, use &man.vidcontrol.1;. To get a list of supported - video modes issue the following:</para> - - <screen>&prompt.root; <userinput>vidcontrol -i mode</userinput></screen> - - <para>The output of this command lists the video modes that are - supported by the hardware. To select a new video mode, - specify the mode using &man.vidcontrol.1; as the - <systemitem class="username">root</systemitem> user:</para> - - <screen>&prompt.root; <userinput>vidcontrol MODE_279</userinput></screen> - - <para>If the new video mode is acceptable, it can be permanently - set on boot by adding it to - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>allscreens_flags="MODE_279"</programlisting> - </sect2> - </sect1> - - <!-- - <chapterinfo> - <authorgroup> - <author> - <firstname>Neil</firstname> - <surname>Blakey-Milner</surname> - <contrib>Contributed by in Feb 2000</contrib> - </author> - </authorgroup> - </chapterinfo> - --> - - <sect1 xml:id="users-synopsis"> - <title>Users and Basic Account Management</title> - - <para>&os; allows multiple users to use the computer at the same - time. While only one user can sit in front of the screen and - use the keyboard at any one time, any number of users can log - in to the system through the network. To use the system, each - user should have their own user account.</para> - - <para>This chapter describes:</para> - - <itemizedlist> - <listitem> - <para>The different types of user accounts on a - &os; system.</para> - </listitem> - - <listitem> - <para>How to add, remove, and modify user accounts.</para> - </listitem> - - <listitem> - <para>How to set limits to control the - resources that users and - groups are allowed to access.</para> - </listitem> - - <listitem> - <para>How to create groups and add users as members of a - group.</para> - </listitem> - </itemizedlist> - - <sect2 xml:id="users-introduction"> - <title>Account Types</title> - - <para>Since all access to the &os; system is achieved using - accounts and all processes are run by users, user and account - management is important.</para> - - <para>There are three main types of accounts: system accounts, - user accounts, and the superuser account.</para> - - <sect3 xml:id="users-system"> - <title>System Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>system</secondary> - </indexterm> - - <para>System accounts are used to run services such as DNS, - mail, and web servers. The reason for this is security; if - all services ran as the superuser, they could act without - restriction.</para> - - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">daemon</systemitem></secondary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">operator</systemitem></secondary> - </indexterm> - - <para>Examples of system accounts are - <systemitem class="username">daemon</systemitem>, - <systemitem class="username">operator</systemitem>, - <systemitem class="username">bind</systemitem>, - <systemitem class="username">news</systemitem>, and - <systemitem class="username">www</systemitem>.</para> - - <warning> - <para>Care must be taken when using the operator group, as - unintended superuser-like access privileges may be - granted, including but not limited to shutdown, reboot, - and access to all items in <filename>/dev</filename> - in the group.</para> - </warning> - - <indexterm> - <primary>accounts</primary> - <secondary><systemitem - class="username">nobody</systemitem></secondary> - </indexterm> - - <para><systemitem class="username">nobody</systemitem> is the - generic unprivileged system account. However, the more - services that use - <systemitem class="username">nobody</systemitem>, the more - files and processes that user will become associated with, - and hence the more privileged that user becomes.</para> - </sect3> - - <sect3 xml:id="users-user"> - <title>User Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>user</secondary> - </indexterm> - - <para>User accounts are assigned to real people and are used - to log in and use the system. Every person accessing the - system should have a unique user account. This allows the - administrator to find out who is doing what and prevents - users from clobbering the settings of other users.</para> - - <para>Each user can set up their own environment to - accommodate their use of the system, by configuring their - default shell, editor, key bindings, and language - settings.</para> - - <para>Every user account on a &os; system has certain - information associated with it:</para> - - <variablelist> - <varlistentry> - <term>User name</term> - - <listitem> - <para>The user name is typed at the - <prompt>login:</prompt> prompt. Each user must have - a unique user name. There are a number of rules for - creating valid user names which are documented in - &man.passwd.5;. It is recommended to use user names - that consist of eight or fewer, all lower case - characters in order to maintain backwards - compatibility with applications.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Password</term> - - <listitem> - <para>Each account has an associated password.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User ID (<acronym>UID</acronym>)</term> - - <listitem> - <para>The User ID (<acronym>UID</acronym>) is a number - used to uniquely identify the user to the &os; system. - Commands that allow a user name to be specified will - first convert it to the <acronym>UID</acronym>. It is - recommended to use a UID less than 65535, since higher - values may cause compatibility issues with some - software.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Group ID (<acronym>GID</acronym>)</term> - - <listitem> - <para>The Group ID (<acronym>GID</acronym>) is a number - used to uniquely identify the primary group that the - user belongs to. Groups are a mechanism for - controlling access to resources based on a user's - <acronym>GID</acronym> rather than their - <acronym>UID</acronym>. This can significantly reduce - the size of some configuration files and allows users - to be members of more than one group. It is - recommended to use a GID of 65535 or lower as higher - GIDs may break some software.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Login class</term> - - <listitem> - <para>Login classes are an extension to the group - mechanism that provide additional flexibility when - tailoring the system to different users. Login - classes are discussed further in - <xref linkend="users-limiting"/>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Password change time</term> - - <listitem> - <para>By default, passwords do not expire. However, - password expiration can be enabled on a per-user - basis, forcing some or all users to change their - passwords after a certain amount of time has - elapsed.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Account expiration time</term> - - <listitem> - <para>By default, &os; does not expire accounts. When - creating accounts that need a limited lifespan, such - as student accounts in a school, specify the account - expiry date using &man.pw.8;. After the expiry time - has elapsed, the account cannot be used to log in to - the system, although the account's directories and - files will remain.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User's full name</term> - - <listitem> - <para>The user name uniquely identifies the account to - &os;, but does not necessarily reflect the user's real - name. Similar to a comment, this information can - contain spaces, uppercase characters, and be more - than 8 characters long.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>Home directory</term> - - <listitem> - <para>The home directory is the full path to a directory - on the system. This is the user's starting directory - when the user logs in. A common convention is to put - all user home directories under <filename - ><replaceable>/home/username</replaceable></filename> - or <filename - ><replaceable>/usr/home/username</replaceable></filename>. - Each user stores their personal files and - subdirectories in their own home directory.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>User shell</term> - - <listitem> - <para>The shell provides the user's default environment - for interacting with the system. There are many - different kinds of shells and experienced users will - have their own preferences, which can be reflected in - their account settings.</para> - </listitem> - </varlistentry> - </variablelist> - </sect3> - - <sect3 xml:id="users-superuser"> - <title>The Superuser Account</title> - - <indexterm> - <primary>accounts</primary> - <secondary>superuser (root)</secondary> - </indexterm> - - <para>The superuser account, usually called - <systemitem class="username">root</systemitem>, is used to - manage the system with no limitations on privileges. For - this reason, it should not be used for day-to-day tasks like - sending and receiving mail, general exploration of the - system, or programming.</para> - - <para>The superuser, unlike other user accounts, can operate - without limits, and misuse of the superuser account may - result in spectacular disasters. User accounts are unable - to destroy the operating system by mistake, so it is - recommended to login as a user account and to only become - the superuser when a command requires extra - privilege.</para> - - <para>Always double and triple-check any commands issued as - the superuser, since an extra space or missing character can - mean irreparable data loss.</para> - - <para>There are several ways to gain superuser privilege. - While one can log in as - <systemitem class="username">root</systemitem>, this is - highly discouraged.</para> - - <para>Instead, use &man.su.1; to become the superuser. If - <literal>-</literal> is specified when running this command, - the user will also inherit the root user's environment. The - user running this command must be in the - <systemitem class="groupname">wheel</systemitem> group or - else the command will fail. The user must also know the - password for the - <systemitem class="username">root</systemitem> user - account.</para> - - <para>In this example, the user only becomes superuser in - order to run <command>make install</command> as this step - requires superuser privilege. Once the command completes, - the user types <command>exit</command> to leave the - superuser account and return to the privilege of their user - account.</para> - - <example> - <title>Install a Program As the Superuser</title> - - <screen>&prompt.user; <userinput>configure</userinput> -&prompt.user; <userinput>make</userinput> -&prompt.user; <userinput>su -</userinput> -Password: -&prompt.root; <userinput>make install</userinput> -&prompt.root; <userinput>exit</userinput> -&prompt.user;</screen> - </example> - - <para>The built-in &man.su.1; framework works well for single - systems or small networks with just one system - administrator. An alternative is to install the - <package>security/sudo</package> package or port. This - software provides activity logging and allows the - administrator to configure which users can run which - commands as the superuser.</para> - </sect3> - </sect2> - - <sect2 xml:id="users-modifying"> - <title>Managing Accounts</title> - - <indexterm> - <primary>accounts</primary> - <secondary>modifying</secondary> - </indexterm> - - <para>&os; provides a variety of different commands to manage - user accounts. The most common commands are summarized in - <xref linkend="users-modifying-utilities"/>, followed by some - examples of their usage. See the manual page for each utility - for more details and usage examples.</para> - - <table frame="none" pgwide="1" - xml:id="users-modifying-utilities"> - <title>Utilities for Managing User Accounts</title> - - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="2*"/> - - <thead> - <row> - <entry>Command</entry> - <entry>Summary</entry> - </row> - </thead> - <tbody> - <row> - <entry>&man.adduser.8;</entry> - <entry>The recommended command-line application for - adding new users.</entry> - </row> - - <row> - <entry>&man.rmuser.8;</entry> - <entry>The recommended command-line application for - removing users.</entry> - </row> - - <row> - <entry>&man.chpass.1;</entry> - <entry>A flexible tool for changing user database - information.</entry> - </row> - - <row> - <entry>&man.passwd.1;</entry> - <entry>The command-line tool to change user - passwords.</entry> - </row> - - <row> - <entry>&man.pw.8;</entry> - <entry>A powerful and flexible tool for modifying all - aspects of user accounts.</entry> - </row> - </tbody> - </tgroup> - </table> - - <sect3 xml:id="users-adduser"> - <title><command>adduser</command></title> - - <indexterm> - <primary>accounts</primary> - <secondary>adding</secondary> - </indexterm> - <indexterm> - <primary><command>adduser</command></primary> - </indexterm> - <indexterm> - <primary><filename>/usr/share/skel</filename></primary> - </indexterm> - <indexterm> - <primary>skeleton directory</primary> - </indexterm> - - <para>The recommended program for adding new users is - &man.adduser.8;. When a new user is added, this program - automatically updates <filename>/etc/passwd</filename> and - <filename>/etc/group</filename>. It also creates a home - directory for the new user, copies in the default - configuration files from - <filename>/usr/share/skel</filename>, and can optionally - mail the new user a welcome message. This utility must be - run as the superuser.</para> - - <para>The &man.adduser.8; utility is interactive and walks - through the steps for creating a new user account. As seen - in <xref linkend="users-modifying-adduser"/>, either input - the required information or press <keycap>Return</keycap> - to accept the default value shown in square brackets. - In this example, the user has been invited into the - <systemitem class="groupname">wheel</systemitem> group, - allowing them to become the superuser with &man.su.1;. - When finished, the utility will prompt to either - create another user or to exit.</para> - - <example xml:id="users-modifying-adduser"> - <title>Adding a User on &os;</title> - - <screen>&prompt.root; <userinput>adduser</userinput> -Username: <userinput>jru</userinput> -Full name: <userinput>J. Random User</userinput> -Uid (Leave empty for default): -Login group [jru]: -Login group is jru. Invite jru into other groups? []: <userinput>wheel</userinput> -Login class [default]: -Shell (sh csh tcsh zsh nologin) [sh]: <userinput>zsh</userinput> -Home directory [/home/jru]: -Home directory permissions (Leave empty for default): -Use password-based authentication? [yes]: -Use an empty password? (yes/no) [no]: -Use a random password? (yes/no) [no]: -Enter password: -Enter password again: -Lock out the account after creation? [no]: -Username : jru -Password : **** -Full Name : J. Random User -Uid : 1001 -Class : -Groups : jru wheel -Home : /home/jru -Shell : /usr/local/bin/zsh -Locked : no -OK? (yes/no): <userinput>yes</userinput> -adduser: INFO: Successfully added (jru) to the user database. -Add another user? (yes/no): <userinput>no</userinput> -Goodbye! -&prompt.root;</screen> - </example> - - <note> - <para>Since the password is not echoed when typed, be - careful to not mistype the password when creating the user - account.</para> - </note> - </sect3> - - <sect3 xml:id="users-rmuser"> - <title><command>rmuser</command></title> - - <indexterm> - <primary><command>rmuser</command></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>removing</secondary> - </indexterm> - - <para>To completely remove a user from the system, run - &man.rmuser.8; as the superuser. This command performs the - following steps:</para> - - <procedure> - <step> - <para>Removes the user's &man.crontab.1; entry, if one - exists.</para> - </step> - - <step> - <para>Removes any &man.at.1; jobs belonging to the - user.</para> - </step> - - <step> - <para>Kills all processes owned by the user.</para> - </step> - - <step> - <para>Removes the user from the system's local password - file.</para> - </step> - - <step> - <para>Optionally removes the user's home directory, if it - is owned by the user.</para> - </step> - - <step> - <para>Removes the incoming mail files belonging to the - user from <filename>/var/mail</filename>.</para> - </step> - - <step> - <para>Removes all files owned by the user from temporary - file storage areas such as - <filename>/tmp</filename>.</para> - </step> - - <step> - <para>Finally, removes the username from all groups to - which it belongs in <filename>/etc/group</filename>. If - a group becomes empty and the group name is the same as - the username, the group is removed. This complements - the per-user unique groups created by - &man.adduser.8;.</para> - </step> - </procedure> - - <para>&man.rmuser.8; cannot be used to remove superuser - accounts since that is almost always an indication of - massive destruction.</para> - - <para>By default, an interactive mode is used, as shown - in the following example.</para> - - <example> - <title><command>rmuser</command> Interactive Account - Removal</title> - - <screen>&prompt.root; <userinput>rmuser jru</userinput> -Matching password entry: -jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh -Is this the entry you wish to remove? <userinput>y</userinput> -Remove user's home directory (/home/jru)? <userinput>y</userinput> -Removing user (jru): mailspool home passwd. -&prompt.root;</screen> - </example> - </sect3> - - <sect3 xml:id="users-chpass"> - <title><command>chpass</command></title> - - <indexterm> - <primary><command>chpass</command></primary> - </indexterm> - - <para>Any user can use &man.chpass.1; to change their default - shell and personal information associated with their user - account. The superuser can use this utility to change - additional account information for any user.</para> - - <para>When passed no options, aside from an optional username, - &man.chpass.1; displays an editor containing user - information. When the user exits from the editor, the user - database is updated with the new information.</para> - - <note> - <para>This utility will prompt for the user's password when - exiting the editor, unless the utility is run as the - superuser.</para> - </note> - - <para>In <xref linkend="users-modifying-chpass-su"/>, the - superuser has typed <command>chpass jru</command> and is - now viewing the fields that can be changed for this user. - If <systemitem class="username">jru</systemitem> runs this - command instead, only the last six fields will be displayed - and available for editing. This is shown in - <xref linkend="users-modifying-chpass-ru"/>.</para> - - <example xml:id="users-modifying-chpass-su"> - <title>Using <command>chpass</command> as - Superuser</title> - - <screen>#Changing user database information for jru. -Login: jru -Password: * -Uid [#]: 1001 -Gid [# or name]: 1001 -Change [month day year]: -Expire [month day year]: -Class: -Home directory: /home/jru -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information:</screen> - </example> - - <example xml:id="users-modifying-chpass-ru"> - <title>Using <command>chpass</command> as Regular - User</title> - - <screen>#Changing user database information for jru. -Shell: /usr/local/bin/zsh -Full Name: J. Random User -Office Location: -Office Phone: -Home Phone: -Other information:</screen> - </example> - - <note> - <para>The commands &man.chfn.1; and &man.chsh.1; are links - to &man.chpass.1;, as are &man.ypchpass.1;, - &man.ypchfn.1;, and &man.ypchsh.1;. Since - <acronym>NIS</acronym> support is automatic, specifying - the <literal>yp</literal> before the command is not - necessary. How to configure NIS is covered in <xref - linkend="network-servers"/>.</para> - </note> - </sect3> - - <sect3 xml:id="users-passwd"> - <title><command>passwd</command></title> - - <indexterm> - <primary><command>passwd</command></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>changing password</secondary> - </indexterm> - - <para>Any user can easily change their password using - &man.passwd.1;. To prevent accidental or unauthorized - changes, this command will prompt for the user's original - password before a new password can be set:</para> - - <example> - <title>Changing Your Password</title> - - <screen>&prompt.user; <userinput>passwd</userinput> -Changing local password for jru. -Old password: -New password: -Retype new password: -passwd: updating the database... -passwd: done</screen> - </example> - - <para>The superuser can change any user's password by - specifying the username when running &man.passwd.1;. When - this utility is run as the superuser, it will not prompt for - the user's current password. This allows the password to be - changed when a user cannot remember the original - password.</para> - - <example> - <title>Changing Another User's Password as the - Superuser</title> - - <screen>&prompt.root; <userinput>passwd jru</userinput> -Changing local password for jru. -New password: -Retype new password: -passwd: updating the database... -passwd: done</screen> - </example> - - <note> - <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to - &man.passwd.1;, so <acronym>NIS</acronym> works with - either command.</para> - </note> - </sect3> - - <sect3 xml:id="users-pw"> - <title><command>pw</command></title> - - <indexterm> - <primary><command>pw</command></primary> - </indexterm> - - <para>The &man.pw.8; utility can create, remove, - modify, and display users and groups. It functions as a - front end to the system user and group files. &man.pw.8; - has a very powerful set of command line options that make it - suitable for use in shell scripts, but new users may find it - more complicated than the other commands presented in this - section.</para> - </sect3> - </sect2> - - <sect2 xml:id="users-groups"> - <title>Managing Groups</title> - - <indexterm> - <primary>groups</primary> - </indexterm> - <indexterm> - <primary><filename>/etc/groups</filename></primary> - </indexterm> - <indexterm> - <primary>accounts</primary> - <secondary>groups</secondary> - </indexterm> - - <para>A group is a list of users. A group is identified by its - group name and <acronym>GID</acronym>. In &os;, the kernel - uses the <acronym>UID</acronym> of a process, and the list of - groups it belongs to, to determine what the process is allowed - to do. Most of the time, the <acronym>GID</acronym> of a user - or process usually means the first group in the list.</para> - - <para>The group name to <acronym>GID</acronym> mapping is listed - in <filename>/etc/group</filename>. This is a plain text file - with four colon-delimited fields. The first field is the - group name, the second is the encrypted password, the third - the <acronym>GID</acronym>, and the fourth the comma-delimited - list of members. For a more complete description of the - syntax, refer to &man.group.5;.</para> - - <para>The superuser can modify <filename>/etc/group</filename> - using a text editor. Alternatively, &man.pw.8; can be used to - add and edit groups. For example, to add a group called - <systemitem class="groupname">teamtwo</systemitem> and then - confirm that it exists:</para> - - <example> - <title>Adding a Group Using &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupadd teamtwo</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:</screen> - </example> - - <para>In this example, <literal>1100</literal> is the - <acronym>GID</acronym> of - <systemitem class="groupname">teamtwo</systemitem>. Right - now, <systemitem class="groupname">teamtwo</systemitem> has no - members. This command will add - <systemitem class="username">jru</systemitem> as a member of - <systemitem class="groupname">teamtwo</systemitem>.</para> - - <example> - <title>Adding User Accounts to a New Group Using - &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupmod teamtwo -M jru</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:jru</screen> - </example> - - <para>The argument to <option>-M</option> is a comma-delimited - list of users to be added to a new (empty) group or to replace - the members of an existing group. To the user, this group - membership is different from (and in addition to) the user's - primary group listed in the password file. This means that - the user will not show up as a member when using - <option>groupshow</option> with &man.pw.8;, but will show up - when the information is queried via &man.id.1; or a similar - tool. When &man.pw.8; is used to add a user to a group, it - only manipulates <filename>/etc/group</filename> and does not - attempt to read additional data from - <filename>/etc/passwd</filename>.</para> - - <example> - <title>Adding a New Member to a Group Using &man.pw.8;</title> - - <screen>&prompt.root; <userinput>pw groupmod teamtwo -m db</userinput> -&prompt.root; <userinput>pw groupshow teamtwo</userinput> -teamtwo:*:1100:jru,db</screen> - </example> - - <para>In this example, the argument to <option>-m</option> is a - comma-delimited list of users who are to be added to the - group. Unlike the previous example, these users are appended - to the group and do not replace existing users in the - group.</para> - - <example> - <title>Using &man.id.1; to Determine Group Membership</title> - - <screen>&prompt.user; <userinput>id jru</userinput> -uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)</screen> - </example> - - <para>In this example, - <systemitem class="username">jru</systemitem> is a member of - the groups <systemitem class="groupname">jru</systemitem> and - <systemitem class="groupname">teamtwo</systemitem>.</para> - - <para>For more information about this command and the format of - <filename>/etc/group</filename>, refer to &man.pw.8; and - &man.group.5;.</para> - </sect2> - </sect1> - - <sect1 xml:id="permissions"> - <title>Permissions</title> - - <indexterm> - <primary>UNIX</primary> - </indexterm> - - <para>In &os;, every file and directory has an associated set of - permissions and several utilities are available for viewing - and modifying these permissions. Understanding how permissions - work is necessary to make sure that users are able to access - the files that they need and are unable to improperly access - the files used by the operating system or owned by other - users.</para> - - <para>This section discusses the traditional &unix; permissions - used in &os;. For finer grained file system access control, - refer to <xref linkend="fs-acl"/>.</para> - - <para>In &unix;, basic permissions are assigned using - three types of access: read, write, and execute. These access - types are used to determine file access to the file's owner, - group, and others (everyone else). The read, write, and execute - permissions can be represented as the letters - <literal>r</literal>, <literal>w</literal>, and - <literal>x</literal>. They can also be represented as binary - numbers as each permission is either on or off - (<literal>0</literal>). When represented as a number, the - order is always read as <literal>rwx</literal>, where - <literal>r</literal> has an on value of <literal>4</literal>, - <literal>w</literal> has an on value of <literal>2</literal> - and <literal>x</literal> has an on value of - <literal>1</literal>.</para> - - <para>Table 4.1 summarizes the possible numeric and alphabetic - possibilities. When reading the <quote>Directory - Listing</quote> column, a <literal>-</literal> is used to - represent a permission that is set to off.</para> - - <indexterm> - <primary>permissions</primary> - </indexterm> - <indexterm> - <primary>file permissions</primary> - </indexterm> - - <table frame="none" pgwide="1"> - <title>&unix; Permissions</title> - - <tgroup cols="3"> - <thead> - <row> - <entry>Value</entry> - <entry>Permission</entry> - <entry>Directory Listing</entry> - </row> - </thead> - - <tbody> - <row> - <entry>0</entry> - <entry>No read, no write, no execute</entry> - <entry><literal>---</literal></entry> - </row> - - <row> - <entry>1</entry> - <entry>No read, no write, execute</entry> - <entry><literal>--x</literal></entry> - </row> - - <row> - <entry>2</entry> - <entry>No read, write, no execute</entry> - <entry><literal>-w-</literal></entry> - </row> - - <row> - <entry>3</entry> - <entry>No read, write, execute</entry> - <entry><literal>-wx</literal></entry> - </row> - - <row> - <entry>4</entry> - <entry>Read, no write, no execute</entry> - <entry><literal>r--</literal></entry> - </row> - - <row> - <entry>5</entry> - <entry>Read, no write, execute</entry> - <entry><literal>r-x</literal></entry> - </row> - - <row> - <entry>6</entry> - <entry>Read, write, no execute</entry> - <entry><literal>rw-</literal></entry> - </row> - - <row> - <entry>7</entry> - <entry>Read, write, execute</entry> - <entry><literal>rwx</literal></entry> - </row> - </tbody> - </tgroup> - </table> - - <indexterm> - <primary>&man.ls.1;</primary> - </indexterm> - <indexterm> - <primary>directories</primary> - </indexterm> - - <para>Use the <option>-l</option> argument to &man.ls.1; to view a - long directory listing that includes a column of information - about a file's permissions for the owner, group, and everyone - else. For example, an <command>ls -l</command> in an arbitrary - directory may show:</para> - - <screen>&prompt.user; <userinput>ls -l</userinput> -total 530 --rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile --rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile --rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt</screen> - - <para>The first (leftmost) character in the first column indicates - whether this file is a regular file, a directory, a special - character device, a socket, or any other special pseudo-file - device. In this example, the <literal>-</literal> indicates a - regular file. The next three characters, <literal>rw-</literal> - in this example, give the permissions for the owner of the file. - The next three characters, <literal>r--</literal>, give the - permissions for the group that the file belongs to. The final - three characters, <literal>r--</literal>, give the permissions - for the rest of the world. A dash means that the permission is - turned off. In this example, the permissions are set so the - owner can read and write to the file, the group can read the - file, and the rest of the world can only read the file. - According to the table above, the permissions for this file - would be <literal>644</literal>, where each digit represents the - three parts of the file's permission.</para> - - <para>How does the system control permissions on devices? &os; - treats most hardware devices as a file that programs can open, - read, and write data to. These special device files are - stored in <filename>/dev/</filename>.</para> - - <para>Directories are also treated as files. They have read, - write, and execute permissions. The executable bit for a - directory has a slightly different meaning than that of files. - When a directory is marked executable, it means it is possible - to change into that directory using &man.cd.1;. This also - means that it is possible to access the files within that - directory, subject to the permissions on the files - themselves.</para> - - <para>In order to perform a directory listing, the read permission - must be set on the directory. In order to delete a file that - one knows the name of, it is necessary to have write - <emphasis>and</emphasis> execute permissions to the directory - containing the file.</para> - - <para>There are more permission bits, but they are primarily used - in special circumstances such as setuid binaries and sticky - directories. For more information on file permissions and how - to set them, refer to &man.chmod.1;.</para> - - <sect2> - <info> - <title>Symbolic Permissions</title> - - <authorgroup> - <author> - <personname> - <firstname>Tom</firstname> - <surname>Rhodes</surname> - </personname> - <contrib>Contributed by </contrib> - </author> - </authorgroup> - </info> - - <indexterm> - <primary>permissions</primary> - <secondary>symbolic</secondary> - </indexterm> - - <para>Symbolic permissions use characters instead of octal - values to assign permissions to files or directories. - Symbolic permissions use the syntax of (who) (action) - (permissions), where the following values are - available:</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="3"> - <thead> - <row> - <entry>Option</entry> - <entry>Letter</entry> - <entry>Represents</entry> - </row> - </thead> - - <tbody> - <row> - <entry>(who)</entry> - <entry>u</entry> - <entry>User</entry> - </row> - - <row> - <entry>(who)</entry> - <entry>g</entry> - <entry>Group owner</entry> - </row> - - <row> - <entry>(who)</entry> - <entry>o</entry> - <entry>Other</entry> - </row> - - <row> - <entry>(who)</entry> - <entry>a</entry> - <entry>All (<quote>world</quote>)</entry> - </row> - - <row> - <entry>(action)</entry> - <entry>+</entry> - <entry>Adding permissions</entry> - </row> - - <row> - <entry>(action)</entry> - <entry>-</entry> - <entry>Removing permissions</entry> - </row> - - <row> - <entry>(action)</entry> - <entry>=</entry> - <entry>Explicitly set permissions</entry> - </row> - - <row> - <entry>(permissions)</entry> - <entry>r</entry> - <entry>Read</entry> - </row> - - <row> - <entry>(permissions)</entry> - <entry>w</entry> - <entry>Write</entry> - </row> - - <row> - <entry>(permissions)</entry> - <entry>x</entry> - <entry>Execute</entry> - </row> - - <row> - <entry>(permissions)</entry> - <entry>t</entry> - <entry>Sticky bit</entry> - </row> - - <row> - <entry>(permissions)</entry> - <entry>s</entry> - <entry>Set UID or GID</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>These values are used with &man.chmod.1;, but with - letters instead of numbers. For example, the following - command would block other users from accessing - <replaceable>FILE</replaceable>:</para> - - <screen>&prompt.user; <userinput>chmod go= FILE</userinput></screen> - - <para>A comma separated list can be provided when more than one - set of changes to a file must be made. For example, the - following command removes the group and - <quote>world</quote> write permission on - <replaceable>FILE</replaceable>, and adds the execute - permissions for everyone:</para> - - <screen>&prompt.user; <userinput>chmod go-w,a+x <replaceable>FILE</replaceable></userinput></screen> - -<!-- - <para>Most users will not notice this, but it should be pointed - out that using the octal method will only set or assign - permissions to a file; it does not add or delete them.</para> ---> - </sect2> - - <sect2> - <info> - <title>&os; File Flags</title> - - <authorgroup> - <author> - <personname> - <firstname>Tom</firstname> - <surname>Rhodes</surname> - </personname> - <contrib>Contributed by </contrib> - </author> - </authorgroup> - </info> - - <para>In addition to file permissions, &os; supports the use of - <quote>file flags</quote>. These flags add an additional - level of security and control over files, but not directories. - With file flags, even - <systemitem class="username">root</systemitem> can be - prevented from removing or altering files.</para> - - <para>File flags are modified using &man.chflags.1;. For - example, to enable the system undeletable flag on the file - <filename>file1</filename>, issue the following - command:</para> - - <screen>&prompt.root; <userinput>chflags sunlink file1</userinput></screen> - - <para>To disable the system undeletable flag, put a - <quote>no</quote> in front of the - <option>sunlink</option>:</para> - - <screen>&prompt.root; <userinput>chflags nosunlink file1</userinput></screen> - - <para>To view the flags of a file, use <option>-lo</option> with - &man.ls.1;:</para> - - <screen>&prompt.root; <userinput>ls -lo file1</userinput></screen> - - <programlisting>-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1</programlisting> - - <para>Several file flags may only be added or removed by the - <systemitem class="username">root</systemitem> user. In other - cases, the file owner may set its file flags. Refer to - &man.chflags.1; and &man.chflags.2; for more - information.</para> - </sect2> - - <sect2> - <info> - <title>The <literal>setuid</literal>, - <literal>setgid</literal>, and <literal>sticky</literal> - Permissions</title> - - <authorgroup> - <author> - <personname> - <firstname>Tom</firstname> - <surname>Rhodes</surname> - </personname> - <contrib>Contributed by </contrib> - </author> - </authorgroup> - </info> - - <para>Other than the permissions already discussed, there are - three other specific settings that all administrators should - know about. They are the <literal>setuid</literal>, - <literal>setgid</literal>, and <literal>sticky</literal> - permissions.</para> - - <para>These settings are important for some &unix; operations - as they provide functionality not normally granted to normal - users. To understand them, the difference between the real - user ID and effective user ID must be noted.</para> - - <para>The real user ID is the <acronym>UID</acronym> who owns - or starts the process. The effective <acronym>UID</acronym> - is the user ID the process runs as. As an example, - &man.passwd.1; runs with the real user ID when a user changes - their password. However, in order to update the password - database, the command runs as the effective ID of the - <systemitem class="username">root</systemitem> user. This - allows users to change their passwords without seeing a - <errorname>Permission Denied</errorname> error.</para> - - <para>The setuid permission may be set by prefixing a permission - set with the number four (4) as shown in the following - example:</para> - - <screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen> - - <para>The permissions on - <filename><replaceable>suidexample.sh</replaceable></filename> - now look like the following:</para> - - <programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting> - - <para>Note that a <literal>s</literal> is now part of the - permission set designated for the file owner, replacing the - executable bit. This allows utilities which need elevated - permissions, such as &man.passwd.1;.</para> - - <note> - <para>The <literal>nosuid</literal> &man.mount.8; option will - cause such binaries to silently fail without alerting - the user. That option is not completely reliable as a - <literal>nosuid</literal> wrapper may be able to circumvent - it.</para> - </note> - - <para>To view this in real time, open two terminals. On - one, type <command>passwd</command> as a normal user. - While it waits for a new password, check the process - table and look at the user information for - &man.passwd.1;:</para> - - <para>In terminal A:</para> - - <screen>Changing local password for trhodes -Old Password:</screen> - - <para>In terminal B:</para> - - <screen>&prompt.root; <userinput>ps aux | grep passwd</userinput></screen> - - <screen>trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd -root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen> - - <para>Although &man.passwd.1; is run as a normal user, it is - using the effective <acronym>UID</acronym> of - <systemitem class="username">root</systemitem>.</para> - - <para>The <literal>setgid</literal> permission performs the - same function as the <literal>setuid</literal> permission; - except that it alters the group settings. When an application - or utility executes with this setting, it will be granted the - permissions based on the group that owns the file, not the - user who started the process.</para> - - <para>To set the <literal>setgid</literal> permission on a - file, provide &man.chmod.1; with a leading two (2):</para> - - <screen>&prompt.root; <userinput>chmod 2755 sgidexample.sh</userinput></screen> - - <para>In the following listing, notice that the - <literal>s</literal> is now in the field designated for the - group permission settings:</para> - - <screen>-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.sh</screen> - - <note> - <para>In these examples, even though the shell script in - question is an executable file, it will not run with - a different <acronym>EUID</acronym> or effective user ID. - This is because shell scripts may not access the - &man.setuid.2; system calls.</para> - </note> - - <para>The <literal>setuid</literal> and - <literal>setgid</literal> permission bits may lower system - security, by allowing for elevated permissions. The third - special permission, the <literal>sticky bit</literal>, can - strengthen the security of a system.</para> - - <para>When the <literal>sticky bit</literal> is set on a - directory, it allows file deletion only by the file owner. - This is useful to prevent file deletion in public directories, - such as <filename>/tmp</filename>, by users - who do not own the file. To utilize this permission, prefix - the permission set with a one (1):</para> - - <screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen> - - <para>The <literal>sticky bit</literal> permission will display - as a <literal>t</literal> at the very end of the permission - set:</para> - - <screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen> - - <screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen> - - </sect2> - </sect1> - - <sect1 xml:id="dirstructure"> - <title>Directory Structure</title> - - <indexterm> - <primary>directory hierarchy</primary> - </indexterm> - - <para>The &os; directory hierarchy is fundamental to obtaining - an overall understanding of the system. The most important - directory is root or, <quote>/</quote>. This directory is the - first one mounted at boot time and it contains the base system - necessary to prepare the operating system for multi-user - operation. The root directory also contains mount points for - other file systems that are mounted during the transition to - multi-user operation.</para> - - <para>A mount point is a directory where additional file systems - can be grafted onto a parent file system (usually the root file - system). This is further described in - <xref linkend="disk-organization"/>. Standard mount points - include <filename>/usr/</filename>, <filename>/var/</filename>, - <filename>/tmp/</filename>, <filename>/mnt/</filename>, and - <filename>/cdrom/</filename>. These directories are usually - referenced to entries in <filename>/etc/fstab</filename>. This - file is a table of various file systems and mount points and is - read by the system. Most of the file systems in - <filename>/etc/fstab</filename> are mounted automatically at - boot time from the script &man.rc.8; unless their entry includes - <option>noauto</option>. Details can be found in - <xref linkend="disks-fstab"/>.</para> - - <para>A complete description of the file system hierarchy is - available in &man.hier.7;. The following table provides a brief - overview of the most common directories.</para> - - <para> - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <thead> - <row> - <entry>Directory</entry> - <entry>Description</entry> - </row> - </thead> - <tbody valign="top"> - <row> - <entry><filename>/</filename></entry> - <entry>Root directory of the file system.</entry> - </row> - - <row> - <entry><filename>/bin/</filename></entry> - <entry>User utilities fundamental to both single-user - and multi-user environments.</entry> - </row> - - <row> - <entry><filename>/boot/</filename></entry> - <entry>Programs and configuration files used during - operating system bootstrap.</entry> - </row> - - <row> - <entry><filename>/boot/defaults/</filename></entry> - <entry>Default boot configuration files. Refer to - &man.loader.conf.5; for details.</entry> - </row> - - <row> - <entry><filename>/dev/</filename></entry> - <entry>Device nodes. Refer to &man.intro.4; for - details.</entry> - </row> - - <row> - <entry><filename>/etc/</filename></entry> - <entry>System configuration files and scripts.</entry> - </row> - - <row> - <entry><filename>/etc/defaults/</filename></entry> - <entry>Default system configuration files. Refer to - &man.rc.8; for details.</entry> - </row> - - <row> - <entry><filename>/etc/mail/</filename></entry> - <entry>Configuration files for mail transport agents - such as &man.sendmail.8;.</entry> - </row> - - <row> - <entry><filename>/etc/periodic/</filename></entry> - <entry>Scripts that run daily, weekly, and monthly, - via &man.cron.8;. Refer to &man.periodic.8; for - details.</entry> - </row> - - <row> - <entry><filename>/etc/ppp/</filename></entry> - <entry>&man.ppp.8; configuration files.</entry> - </row> - - <row> - <entry><filename>/mnt/</filename></entry> - <entry>Empty directory commonly used by system - administrators as a temporary mount point.</entry> - </row> - - <row> - <entry><filename>/proc/</filename></entry> - <entry>Process file system. Refer to &man.procfs.5;, - &man.mount.procfs.8; for details.</entry> - </row> - - <row> - <entry><filename>/rescue/</filename></entry> - <entry>Statically linked programs for emergency - recovery as described in &man.rescue.8;.</entry> - </row> - - <row> - <entry><filename>/root/</filename></entry> - <entry>Home directory for the - <systemitem class="username">root</systemitem> - account.</entry> - </row> - - <row> - <entry><filename>/sbin/</filename></entry> - <entry>System programs and administration utilities - fundamental to both single-user and multi-user - environments.</entry> - </row> - - <row> - <entry><filename>/tmp/</filename></entry> - <entry>Temporary files which are usually - <emphasis>not</emphasis> preserved across a system - reboot. A memory-based file system is often mounted - at <filename>/tmp</filename>. This can be automated - using the tmpmfs-related variables of &man.rc.conf.5; - or with an entry in <filename>/etc/fstab</filename>; - refer to &man.mdmfs.8; for details.</entry> - </row> - - <row> - <entry><filename>/usr/</filename></entry> - <entry>The majority of user utilities and - applications.</entry> - </row> - - <row> - <entry><filename>/usr/bin/</filename></entry> - <entry>Common utilities, programming tools, and - applications.</entry> - </row> - - <row> - <entry><filename>/usr/include/</filename></entry> - <entry>Standard C include files.</entry> - </row> - - <row> - <entry><filename>/usr/lib/</filename></entry> - <entry>Archive libraries.</entry> - </row> - - - <row> - <entry><filename>/usr/libdata/</filename></entry> - <entry>Miscellaneous utility data files.</entry> - </row> - - <row> - <entry><filename>/usr/libexec/</filename></entry> - <entry>System daemons and system utilities executed - by other programs.</entry> - </row> - - <row> - <entry><filename>/usr/local/</filename></entry> - <entry>Local executables and libraries. Also used as - the default destination for the &os; ports framework. - Within - <filename>/usr/local</filename>, the - general layout sketched out by &man.hier.7; for - <filename>/usr</filename> should be - used. Exceptions are the man directory, which is - directly under <filename - >/usr/local</filename> rather than - under <filename - >/usr/local/share</filename>, and - the ports documentation is in <filename - >share/doc/<replaceable>port</replaceable></filename>.</entry> - </row> - - <row> - <entry><filename>/usr/obj/</filename></entry> - <entry>Architecture-specific target tree produced by - building the <filename>/usr/src</filename> - tree.</entry> - </row> - - <row> - <entry><filename>/usr/ports/</filename></entry> - <entry>The &os; Ports Collection (optional).</entry> - </row> - - <row> - <entry><filename>/usr/sbin/</filename></entry> - <entry>System daemons and system utilities executed - by users.</entry> - </row> - - <row> - <entry><filename>/usr/share/</filename></entry> - <entry>Architecture-independent files.</entry> - </row> - - <row> - <entry><filename>/usr/src/</filename></entry> - <entry>BSD and/or local source files.</entry> - </row> - - <row> - <entry><filename>/var/</filename></entry> - <entry>Multi-purpose log, temporary, transient, and - spool files. A memory-based file system is sometimes - mounted at - <filename>/var</filename>. This can - be automated using the varmfs-related variables in - &man.rc.conf.5; or with an entry in - <filename>/etc/fstab</filename>; refer to - &man.mdmfs.8; for details.</entry> - </row> - - <row> - <entry><filename>/var/log/</filename></entry> - <entry>Miscellaneous system log files.</entry> - </row> - - <row> - <entry><filename>/var/mail/</filename></entry> - <entry>User mailbox files.</entry> - </row> - - <row> - <entry><filename>/var/spool/</filename></entry> - <entry>Miscellaneous printer and mail system spooling - directories.</entry> - </row> - - <row> - <entry><filename>/var/tmp/</filename></entry> - <entry>Temporary files which are usually preserved - across a system reboot, unless - <filename>/var</filename> is a - memory-based file system.</entry> - </row> - - <row> - <entry><filename>/var/yp/</filename></entry> - <entry>NIS maps.</entry> - </row> - </tbody> - </tgroup> - </informaltable></para> - </sect1> - - <sect1 xml:id="disk-organization"> - <title>Disk Organization</title> - - <para>The smallest unit of organization that &os; uses to find - files is the filename. Filenames are case-sensitive, which - means that <filename>readme.txt</filename> and - <filename>README.TXT</filename> are two separate files. &os; - does not use the extension of a file to determine whether the - file is a program, document, or some other form of data.</para> - - <para>Files are stored in directories. A directory may contain no - files, or it may contain many hundreds of files. A directory - can also contain other directories, allowing a hierarchy of - directories within one another in order to organize - data.</para> - - <para>Files and directories are referenced by giving the file or - directory name, followed by a forward slash, - <literal>/</literal>, followed by any other directory names that - are necessary. For example, if the directory - <filename>foo</filename> contains a directory - <filename>bar</filename> which contains the - file <filename>readme.txt</filename>, the full name, or - <firstterm>path</firstterm>, to the file is - <filename>foo/bar/readme.txt</filename>. Note that this is - different from &windows; which uses <literal>\</literal> to - separate file and directory names. &os; does not use drive - letters, or other drive names in the path. For example, one - would not type <filename>c:\foo\bar\readme.txt</filename> on - &os;.</para> - - <para>Directories and files are stored in a file system. Each - file system contains exactly one directory at the very top - level, called the <firstterm>root directory</firstterm> for that - file system. This root directory can contain other directories. - One file system is designated the - <firstterm>root file system</firstterm> or <literal>/</literal>. - Every other file system is <firstterm>mounted</firstterm> under - the root file system. No matter how many disks are on the &os; - system, every directory appears to be part of the same - disk.</para> - - <para>Consider three file systems, called <literal>A</literal>, - <literal>B</literal>, and <literal>C</literal>. Each file - system has one root directory, which contains two other - directories, called <literal>A1</literal>, <literal>A2</literal> - (and likewise <literal>B1</literal>, <literal>B2</literal> and - <literal>C1</literal>, <literal>C2</literal>).</para> - - <para>Call <literal>A</literal> the root file system. If - &man.ls.1; is used to view the contents of this directory, - it will show two subdirectories, <literal>A1</literal> and - <literal>A2</literal>. The directory tree looks like - this:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/example-dir1"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2</literallayout> - </textobject> - </mediaobject> - - <para>A file system must be mounted on to a directory in another - file system. When mounting file system <literal>B</literal> - on to the directory <literal>A1</literal>, the root directory - of <literal>B</literal> replaces <literal>A1</literal>, and - the directories in <literal>B</literal> appear - accordingly:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/example-dir2"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | | - | +--- B1 - | | - | `--- B2 - | - `--- A2</literallayout> - </textobject> - </mediaobject> - - <para>Any files that are in the <literal>B1</literal> or - <literal>B2</literal> directories can be reached with the path - <filename>/A1/B1</filename> or - <filename>/A1/B2</filename> as necessary. Any - files that were in <filename>/A1</filename> - have been temporarily hidden. They will reappear if - <literal>B</literal> is <firstterm>unmounted</firstterm> from - <literal>A</literal>.</para> - - <para>If <literal>B</literal> had been mounted on - <literal>A2</literal> then the diagram would look like - this:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/example-dir3"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2 - | - +--- B1 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>and the paths would be - <filename>/A2/B1</filename> and - <filename>/A2/B2</filename> - respectively.</para> - - <para>File systems can be mounted on top of one another. - Continuing the last example, the <literal>C</literal> file - system could be mounted on top of the <literal>B1</literal> - directory in the <literal>B</literal> file system, leading to - this arrangement:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/example-dir4"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | - `--- A2 - | - +--- B1 - | | - | +--- C1 - | | - | `--- C2 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>Or <literal>C</literal> could be mounted directly on to the - <literal>A</literal> file system, under the - <literal>A1</literal> directory:</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/example-dir5"/> - </imageobject> - - <textobject> - <literallayout class="monospaced"> / - | - +--- A1 - | | - | +--- C1 - | | - | `--- C2 - | - `--- A2 - | - +--- B1 - | - `--- B2</literallayout> - </textobject> - </mediaobject> - - <para>It is entirely possible to have one large root file system, - and not need to create any others. There are some drawbacks to - this approach, and one advantage.</para> - - <itemizedlist> - <title>Benefits of Multiple File Systems</title> - - <listitem> - <para>Different file systems can have different - <firstterm>mount options</firstterm>. For example, the root - file system can be mounted read-only, making it impossible - for users to inadvertently delete or edit a critical file. - Separating user-writable file systems, such as - <filename>/home</filename>, from other - file systems allows them to be mounted - <firstterm>nosuid</firstterm>. This option prevents the - <firstterm>suid</firstterm>/<firstterm>guid</firstterm> bits - on executables stored on the file system from taking effect, - possibly improving security.</para> - </listitem> - - <listitem> - <para>&os; automatically optimizes the layout of files on a - file system, depending on how the file system is being used. - So a file system that contains many small files that are - written frequently will have a different optimization to one - that contains fewer, larger files. By having one big file - system this optimization breaks down.</para> - </listitem> - - <listitem> - <para>&os;'s file systems are robust if power is lost. - However, a power loss at a critical point could still damage - the structure of the file system. By splitting data over - multiple file systems it is more likely that the system will - still come up, making it easier to restore from backup as - necessary.</para> - </listitem> - </itemizedlist> - - <itemizedlist> - <title>Benefit of a Single File System</title> - - <listitem> - <para>File systems are a fixed size. If you create a file - system when you install &os; and give it a specific size, - you may later discover that you need to make the partition - bigger. This is not easily accomplished without backing up, - recreating the file system with the new size, and then - restoring the backed up data.</para> - - <important> - <para>&os; features the &man.growfs.8; command, which makes - it possible to increase the size of file system on the - fly, removing this limitation.</para> - </important> - </listitem> - </itemizedlist> - - <para>File systems are contained in partitions. This does not - have the same meaning as the common usage of the term partition - (for example, &ms-dos; partition), because of &os;'s &unix; - heritage. Each partition is identified by a letter from - <literal>a</literal> through to <literal>h</literal>. Each - partition can contain only one file system, which means that - file systems are often described by either their typical mount - point in the file system hierarchy, or the letter of the - partition they are contained in.</para> - - <para>&os; also uses disk space for - <firstterm>swap space</firstterm> to provide - <firstterm>virtual memory</firstterm>. This allows your - computer to behave as though it has much more memory than it - actually does. When &os; runs out of memory, it moves some of - the data that is not currently being used to the swap space, and - moves it back in (moving something else out) when it needs - it.</para> - - <para>Some partitions have certain conventions associated with - them.</para> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>Partition</entry> - <entry>Convention</entry> - </row> - </thead> - - <tbody valign="top"> - <row> - <entry><literal>a</literal></entry> - <entry>Normally contains the root file system.</entry> - </row> - - <row> - <entry><literal>b</literal></entry> - <entry>Normally contains swap space.</entry> - </row> - - <row> - <entry><literal>c</literal></entry> - <entry>Normally the same size as the enclosing slice. - This allows utilities that need to work on the entire - slice, such as a bad block scanner, to work on the - <literal>c</literal> partition. A file system would not - normally be created on this partition.</entry> - </row> - - <row> - <entry><literal>d</literal></entry> - <entry>Partition <literal>d</literal> used to have a - special meaning associated with it, although that is now - gone and <literal>d</literal> may work as any normal - partition.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Disks in &os; are divided into slices, referred to in - &windows; as partitions, which are numbered from 1 to 4. These - are then divided into partitions, which contain file systems, - and are labeled using letters.</para> - - <indexterm> - <primary>slices</primary> - </indexterm> - <indexterm> - <primary>partitions</primary> - </indexterm> - <indexterm> - <primary>dangerously dedicated</primary> - </indexterm> - - <para>Slice numbers follow the device name, prefixed with an - <literal>s</literal>, starting at 1. So - <quote>da0<emphasis>s1</emphasis></quote> is the first slice on - the first SCSI drive. There can only be four physical slices on - a disk, but there can be logical slices inside physical slices - of the appropriate type. These extended slices are numbered - starting at 5, so <quote>ada0<emphasis>s5</emphasis></quote> is - the first extended slice on the first SATA disk. These devices - are used by file systems that expect to occupy a slice.</para> - - <para>Slices, <quote>dangerously dedicated</quote> physical - drives, and other drives contain - <firstterm>partitions</firstterm>, which are represented as - letters from <literal>a</literal> to <literal>h</literal>. This - letter is appended to the device name, so - <quote>da0<emphasis>a</emphasis></quote> is the - <literal>a</literal> partition on the first - <literal>da</literal> drive, which is - <quote>dangerously dedicated</quote>. - <quote>ada1s3<emphasis>e</emphasis></quote> is the fifth - partition in the third slice of the second SATA disk - drive.</para> - - <para>Finally, each disk on the system is identified. A disk name - starts with a code that indicates the type of disk, and then a - number, indicating which disk it is. Unlike slices, disk - numbering starts at 0. Common codes are listed in - <xref linkend="disks-naming"/>.</para> - - <para>When referring to a partition, include the disk name, - <literal>s</literal>, the slice number, and then the partition - letter. Examples are shown in - <xref linkend="basics-disk-slice-part"/>.</para> - - <para><xref linkend="basics-concept-disk-model"/> shows a - conceptual model of a disk layout.</para> - - <para>When installing &os;, configure the disk slices, create - partitions within the slice to be used for &os;, create a file - system or swap space in each partition, and decide where each - file system will be mounted.</para> - - <table frame="none" pgwide="1" xml:id="disks-naming"> - <title>Disk Device Names</title> - - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>Drive Type</entry> - <entry>Drive Device Name</entry> - </row> - </thead> - - <tbody> - <row> - <entry><acronym>SATA</acronym> and <acronym>IDE</acronym> - hard drives</entry> - <entry><literal>ada</literal> or - <literal>ad</literal></entry> - </row> - - <row> - <entry><acronym>SCSI</acronym> hard drives and - <acronym>USB</acronym> storage devices</entry> - <entry><literal>da</literal></entry> - </row> - - <row> - <entry><acronym>SATA</acronym> and <acronym>IDE</acronym> - <acronym>CD-ROM</acronym> drives</entry> - <entry><literal>cd</literal> or - <literal>acd</literal></entry> - </row> - - <row> - <entry><acronym>SCSI</acronym> <acronym>CD-ROM</acronym> - drives</entry> - <entry><literal>cd</literal></entry> - </row> - - <row> - <entry>Floppy drives</entry> - <entry><literal>fd</literal></entry> - </row> - - <row> - <entry>Assorted non-standard <acronym>CD-ROM</acronym> - drives</entry> - <entry><literal>mcd</literal> for Mitsumi - <acronym>CD-ROM</acronym> and <literal>scd</literal> for - Sony <acronym>CD-ROM</acronym> devices</entry> - </row> - - <row> - <entry><acronym>SCSI</acronym> tape drives</entry> - <entry><literal>sa</literal></entry> - </row> - - <row> - <entry><acronym>IDE</acronym> tape drives</entry> - <entry><literal>ast</literal></entry> - </row> - - <row> - <entry>RAID drives</entry> - <entry>Examples include <literal>aacd</literal> for - &adaptec; AdvancedRAID, <literal>mlxd</literal> and - <literal>mlyd</literal> for &mylex;, - <literal>amrd</literal> for AMI &megaraid;, - <literal>idad</literal> for Compaq Smart RAID, - <literal>twed</literal> for &tm.3ware; RAID.</entry> - </row> - </tbody> - </tgroup> - </table> - - <example xml:id="basics-disk-slice-part"> - <title>Sample Disk, Slice, and Partition Names</title> - - <informaltable frame="none" pgwide="1"> - <tgroup cols="2"> - <colspec colwidth="1*"/> - <colspec colwidth="5*"/> - - <thead> - <row> - <entry>Name</entry> - <entry>Meaning</entry> - </row> - </thead> - - <tbody> - <row> - <entry><literal>ada0s1a</literal></entry> - <entry>The first partition (<literal>a</literal>) on the - first slice (<literal>s1</literal>) on the first - <acronym>SATA</acronym> - disk (<literal>ada0</literal>).</entry> - </row> - - <row> - <entry><literal>da1s2e</literal></entry> - <entry>The fifth partition (<literal>e</literal>) on the - second slice (<literal>s2</literal>) on the second - SCSI disk (<literal>da1</literal>).</entry> - </row> - </tbody> - </tgroup> - </informaltable> - </example> - - <example xml:id="basics-concept-disk-model"> - <title>Conceptual Model of a Disk</title> - - <para>This diagram shows &os;'s view of the first - <acronym>SATA</acronym> disk attached to the system. Assume - that the disk is 250 GB in size, and contains an - 80 GB slice and a 170 GB slice (&ms-dos; - partitions). The first slice contains a &windows; - <acronym>NTFS</acronym> file system, <filename>C:</filename>, - and the second slice contains a &os; installation. This - example &os; installation has four data partitions and a swap - partition.</para> - - <para>The four partitions each hold a file system. Partition - <literal>a</literal> is used for the root file system, - <literal>d</literal> for <filename>/var/</filename>, - <literal>e</literal> for <filename>/tmp/</filename>, and - <literal>f</literal> for <filename>/usr/</filename>. - Partition letter <literal>c</literal> refers to the entire - slice, and so is not used for ordinary partitions.</para> - - <mediaobject> - <imageobject> - <imagedata fileref="basics/disk-layout"/> - </imageobject> - </mediaobject> - </example> - </sect1> - - <sect1 xml:id="mount-unmount"> - <title>Mounting and Unmounting File Systems</title> - - <para>The file system is best visualized as a tree, rooted, as it - were, at <filename>/</filename>. - <filename>/dev</filename>, - <filename>/usr</filename>, and the other - directories in the root directory are branches, which may have - their own branches, such as - <filename>/usr/local</filename>, and so - on.</para> - - <indexterm> - <primary>root file system</primary> - </indexterm> - - <para>There are various reasons to house some of these - directories on separate file systems. - <filename>/var</filename> contains the - directories <filename>log/</filename>, - <filename>spool/</filename>, and various types - of temporary files, and as such, may get filled up. Filling up - the root file system is not a good idea, so splitting - <filename>/var</filename> from - <filename>/</filename> is often - favorable.</para> - - <para>Another common reason to contain certain directory trees on - other file systems is if they are to be housed on separate - physical disks, or are separate virtual disks, such as Network - File System mounts, described in <xref linkend="network-nfs"/>, - or CDROM drives.</para> - - <sect2 xml:id="disks-fstab"> - <title>The <filename>fstab</filename> File</title> - - <indexterm> - <primary>file systems</primary> - <secondary>mounted with fstab</secondary> - </indexterm> - - <para>During the boot process (<xref linkend="boot"/>), file - systems listed in <filename>/etc/fstab</filename> are - automatically mounted except for the entries containing - <option>noauto</option>. This file contains entries in the - following format:</para> - - <programlisting><replaceable>device</replaceable> <replaceable>/mount-point</replaceable> <replaceable>fstype</replaceable> <replaceable>options</replaceable> <replaceable>dumpfreq</replaceable> <replaceable>passno</replaceable></programlisting> - - <variablelist> - <varlistentry> - <term><literal>device</literal></term> - <listitem> - <para>An existing device name as explained in - <xref linkend="disks-naming"/>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>mount-point</literal></term> - - <listitem> - <para>An existing directory on which to mount the file - system.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>fstype</literal></term> - - <listitem> - <para>The file system type to pass to &man.mount.8;. The - default &os; file system is - <literal>ufs</literal>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>options</literal></term> - - <listitem> - <para>Either <option>rw</option> for read-write file - systems, or <option>ro</option> for read-only file - systems, followed by any other options that may be - needed. A common option is <option>noauto</option> for - file systems not normally mounted during the boot - sequence. Other options are listed in - &man.mount.8;.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>dumpfreq</literal></term> - - <listitem> - <para>Used by &man.dump.8; to determine which file systems - require dumping. If the field is missing, a value of - zero is assumed.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><literal>passno</literal></term> - - <listitem> - <para>Determines the order in which file systems should be - checked. File systems that should be skipped should - have their <literal>passno</literal> set to zero. The - root file system needs to be checked before everything - else and should have its <literal>passno</literal> set - to one. The other file systems should be set to - values greater than one. If more than one file system - has the same <literal>passno</literal>, &man.fsck.8; - will attempt to check file systems in parallel if - possible.</para> - </listitem> - </varlistentry> - </variablelist> - - <para>Refer to &man.fstab.5; for more information on the format - of <filename>/etc/fstab</filename> and its options.</para> - </sect2> - - <sect2 xml:id="disks-mount"> - <title>Using &man.mount.8;</title> - - <indexterm> - <primary>file systems</primary> - <secondary>mounting</secondary> - </indexterm> - - <para>File systems are mounted using &man.mount.8;. The most - basic syntax is as follows:</para> - - <informalexample> - <screen>&prompt.root; <userinput>mount <replaceable>device</replaceable> <replaceable>mountpoint</replaceable></userinput></screen> - </informalexample> - - <para>This command provides many options which are described in - &man.mount.8;, The most commonly used options include:</para> - - <variablelist> - <title>Mount Options</title> - - <varlistentry> - <term><option>-a</option></term> - - <listitem> - <para>Mount all the file systems listed in - <filename>/etc/fstab</filename>, except those marked as - <quote>noauto</quote>, excluded by the - <option>-t</option> flag, or those that are already - mounted.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-d</option></term> - - <listitem> - - <para>Do everything except for the actual mount system - call. This option is useful in conjunction with the - <option>-v</option> flag to determine what &man.mount.8; - is actually trying to do.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-f</option></term> - - <listitem> - <para>Force the mount of an unclean file system - (dangerous), or the revocation of write access when - downgrading a file system's mount status from read-write - to read-only.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-r</option></term> - - <listitem> - <para>Mount the file system read-only. This is identical - to using <option>-o ro</option>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-t</option> - <replaceable>fstype</replaceable></term> - - <listitem> - <para>Mount the specified file system type or mount only - file systems of the given type, if <option>-a</option> - is included. <quote>ufs</quote> is the default file - system type.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-u</option></term> - - <listitem> - <para>Update mount options on the file system.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-v</option></term> - - <listitem> - <para>Be verbose.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>-w</option></term> - - <listitem> - <para>Mount the file system read-write.</para> - </listitem> - </varlistentry> - </variablelist> - - <para>The following options can be passed to <option>-o</option> - as a comma-separated list:</para> - - <variablelist> - <varlistentry> - <term>nosuid</term> - - <listitem> - <para>Do not interpret setuid or setgid flags on the - file system. This is also a useful security - option.</para> - </listitem> - </varlistentry> - </variablelist> - </sect2> - - <sect2 xml:id="disks-umount"> - <title>Using &man.umount.8;</title> - - <indexterm> - <primary>file systems</primary> - <secondary>unmounting</secondary> - </indexterm> - - <para>To unmount a file system use &man.umount.8;. This command - takes one parameter which can be a mountpoint, device name, - <option>-a</option> or <option>-A</option>.</para> - - <para>All forms take <option>-f</option> to force unmounting, - and <option>-v</option> for verbosity. Be warned that - <option>-f</option> is not generally a good idea as it might - crash the computer or damage data on the file system.</para> - - <para>To unmount all mounted file systems, or just the file - system types listed after <option>-t</option>, use - <option>-a</option> or <option>-A</option>. Note that - <option>-A</option> does not attempt to unmount the root file - system.</para> - </sect2> - </sect1> - - <sect1 xml:id="basics-processes"> - <title>Processes and Daemons</title> - - <para>&os; is a multi-tasking operating system. Each program - running at any one time is called a - <firstterm>process</firstterm>. Every running command starts - at least one new process and there are a number of system - processes that are run by &os;.</para> - - <para>Each process is uniquely identified by a number called a - <firstterm>process ID</firstterm> (<acronym>PID</acronym>). - Similar to files, each process has one owner and group, and - the owner and group permissions are used to determine which - files and devices the process can open. Most processes also - have a parent process that started them. For example, the - shell is a process, and any command started in the shell is a - process which has the shell as its parent process. The - exception is a special process called &man.init.8; which is - always the first process to start at boot time and which always - has a <acronym>PID</acronym> of <literal>1</literal>.</para> - - <para>Some programs are not designed to be run with continuous - user input and disconnect from the terminal at the first - opportunity. For example, a web server responds to web - requests, rather than user input. Mail servers are another - example of this type of application. These types of programs - are known as <firstterm>daemons</firstterm>. The term daemon - comes from Greek mythology and represents an entity that is - neither good nor evil, and which invisibly performs useful - tasks. This is why the BSD mascot is the cheerful-looking - daemon with sneakers and a pitchfork.</para> - - <para>There is a convention to name programs that normally run as - daemons with a trailing <quote>d</quote>. For example, - <application>BIND</application> is the Berkeley Internet Name - Domain, but the actual program that executes is - <command>named</command>. The - <application>Apache</application> web server program is - <command>httpd</command> and the line printer spooling daemon - is <command>lpd</command>. This is only a naming convention. - For example, the main mail daemon for the - <application>Sendmail</application> application is - <command>sendmail</command>, and not - <literal>maild</literal>.</para> - - <sect2> - <title>Viewing Processes</title> - - <para>To see the processes running on the system, use &man.ps.1; - or &man.top.1;. To display a static list of the currently - running processes, their <acronym>PID</acronym>s, how much - memory they are using, and the command they were started with, - use &man.ps.1;. To display all the running processes and - update the display every few seconds in order to interactively - see what the computer is doing, use &man.top.1;.</para> - - <para>By default, &man.ps.1; only shows the commands that are - running and owned by the user. For example:</para> - - <screen>&prompt.user; <userinput>ps</userinput> - PID TT STAT TIME COMMAND -8203 0 Ss 0:00.59 /bin/csh -8895 0 R+ 0:00.00 ps</screen> - - <para>The output from &man.ps.1; is organized into a number of - columns. The <literal>PID</literal> column displays the - process ID. <acronym>PID</acronym>s are assigned starting at - 1, go up to 99999, then wrap around back to the beginning. - However, a <acronym>PID</acronym> is not reassigned if it is - already in use. The <literal>TT</literal> column shows the - tty the program is running on and <literal>STAT</literal> - shows the program's state. <literal>TIME</literal> is the - amount of time the program has been running on the CPU. This - is usually not the elapsed time since the program was started, - as most programs spend a lot of time waiting for things to - happen before they need to spend time on the CPU. Finally, - <literal>COMMAND</literal> is the command that was used to - start the program.</para> - - <para>A number of different options are available to change the - information that is displayed. One of the most useful sets is - <literal>auxww</literal>, where <option>a</option> displays - information about all the running processes of all users, - <option>u</option> displays the username and memory usage of - the process' owner, <option>x</option> displays - information about daemon processes, and <option>ww</option> - causes &man.ps.1; to display the full command line for each - process, rather than truncating it once it gets too long to - fit on the screen.</para> - - <para>The output from &man.top.1; is similar:</para> - - <screen>&prompt.user; <userinput>top</userinput> -last pid: 9609; load averages: 0.56, 0.45, 0.36 up 0+00:20:03 10:21:46 -107 processes: 2 running, 104 sleeping, 1 zombie -CPU: 6.2% user, 0.1% nice, 8.2% system, 0.4% interrupt, 85.1% idle -Mem: 541M Active, 450M Inact, 1333M Wired, 4064K Cache, 1498M Free -ARC: 992M Total, 377M MFU, 589M MRU, 250K Anon, 5280K Header, 21M Other -Swap: 2048M Total, 2048M Free - - PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND - 557 root 1 -21 r31 136M 42296K select 0 2:20 9.96% Xorg - 8198 dru 2 52 0 449M 82736K select 3 0:08 5.96% kdeinit4 - 8311 dru 27 30 0 1150M 187M uwait 1 1:37 0.98% firefox - 431 root 1 20 0 14268K 1728K select 0 0:06 0.98% moused - 9551 dru 1 21 0 16600K 2660K CPU3 3 0:01 0.98% top - 2357 dru 4 37 0 718M 141M select 0 0:21 0.00% kdeinit4 - 8705 dru 4 35 0 480M 98M select 2 0:20 0.00% kdeinit4 - 8076 dru 6 20 0 552M 113M uwait 0 0:12 0.00% soffice.bin - 2623 root 1 30 10 12088K 1636K select 3 0:09 0.00% powerd - 2338 dru 1 20 0 440M 84532K select 1 0:06 0.00% kwin - 1427 dru 5 22 0 605M 86412K select 1 0:05 0.00% kdeinit4</screen> - - <para>The output is split into two sections. The header (the - first five or six lines) shows the <acronym>PID</acronym> of - the last process to run, the system load averages (which are a - measure of how busy the system is), the system uptime (time - since the last reboot) and the current time. The other - figures in the header relate to how many processes are - running, how much memory and swap space has been used, and how - much time the system is spending in different CPU states. If - the <acronym>ZFS</acronym> file system module has been loaded, - an <literal>ARC</literal> line indicates how much data was - read from the memory cache instead of from disk.</para> - - <para>Below the header is a series of columns containing similar - information to the output from &man.ps.1;, such as the - <acronym>PID</acronym>, username, amount of CPU time, and the - command that started the process. By default, &man.top.1; - also displays the amount of memory space taken by the process. - This is split into two columns: one for total size and one for - resident size. Total size is how much memory the application - has needed and the resident size is how much it is actually - using now.</para> - - <para>&man.top.1; automatically updates the display every two - seconds. A different interval can be specified with - <option>-s</option>.</para> - </sect2> - - <sect2 xml:id="basics-daemons"> - <title>Killing Processes</title> - - <para>One way to communicate with any running process or daemon - is to send a <firstterm>signal</firstterm> using &man.kill.1;. - There are a number of different signals; some have a specific - meaning while others are described in the application's - documentation. A user can only send a signal to a process - they own and sending a signal to someone else's process will - result in a permission denied error. The exception is the - <systemitem class="username">root</systemitem> user, who can - send signals to anyone's processes.</para> - - <para>The operating system can also send a signal to a process. - If an application is badly written and tries to access memory - that it is not supposed to, &os; will send the process the - <quote>Segmentation Violation</quote> signal - (<literal>SIGSEGV</literal>). If an application has been - written to use the &man.alarm.3; system call to be alerted - after a period of time has elapsed, it will be sent the - <quote>Alarm</quote> signal - (<literal>SIGALRM</literal>).</para> - - <para>Two signals can be used to stop a process: - <literal>SIGTERM</literal> and <literal>SIGKILL</literal>. - <literal>SIGTERM</literal> is the polite way to kill a process - as the process can read the signal, close any log files it may - have open, and attempt to finish what it is doing before - shutting down. In some cases, a process may ignore - <literal>SIGTERM</literal> if it is in the middle of some task - that cannot be interrupted.</para> - - <para><literal>SIGKILL</literal> cannot be ignored by a - process. Sending a <literal>SIGKILL</literal> to a - process will usually stop that process there and then. - <footnote><para>There are a few tasks that cannot be - interrupted. For example, if the process is trying to - read from a file that is on another computer on the - network, and the other computer is unavailable, the - process is said to be <quote>uninterruptible</quote>. - Eventually the process will time out, typically after two - minutes. As soon as this time out occurs the process will - be killed.</para></footnote>.</para> - - <para>Other commonly used signals are <literal>SIGHUP</literal>, - <literal>SIGUSR1</literal>, and <literal>SIGUSR2</literal>. - Since these are general purpose signals, different - applications will respond differently.</para> - - <para>For example, after changing a web server's configuration - file, the web server needs to be told to re-read its - configuration. Restarting <command>httpd</command> would - result in a brief outage period on the web server. Instead, - send the daemon the <literal>SIGHUP</literal> signal. Be - aware that different daemons will have different behavior, so - refer to the documentation for the daemon to determine if - <literal>SIGHUP</literal> will achieve the desired - results.</para> - - <procedure> - <title>Sending a Signal to a Process</title> - - <para>This example shows how to send a signal to - &man.inetd.8;. The &man.inetd.8; configuration file is - <filename>/etc/inetd.conf</filename>, and &man.inetd.8; will - re-read this configuration file when it is sent a - <literal>SIGHUP</literal>.</para> - - <step> - <para>Find the <acronym>PID</acronym> of the process to send - the signal to using &man.pgrep.1;. In this example, the - <acronym>PID</acronym> for &man.inetd.8; is 198:</para> - - <screen>&prompt.user; <userinput>pgrep -l inetd</userinput> -198 inetd -wW</screen> - - </step> - - <step> - <para>Use &man.kill.1; to send the signal. As - &man.inetd.8; is owned by - <systemitem class="username">root</systemitem>, use - &man.su.1; to become - <systemitem class="username">root</systemitem> - first.</para> - - <screen>&prompt.user; <userinput>su</userinput> -<prompt>Password:</prompt> -&prompt.root; <userinput>/bin/kill -s HUP 198</userinput></screen> - - <para>Like most &unix; commands, &man.kill.1; will not print - any output if it is successful. If a signal is sent to a - process not owned by that user, the message - <errorname>kill: <replaceable>PID</replaceable>: Operation - not permitted</errorname> will be displayed. Mistyping - the <acronym>PID</acronym> will either send the signal to - the wrong process, which could have negative results, or - will send the signal to a <acronym>PID</acronym> that is - not currently in use, resulting in the error - <errorname>kill: <replaceable>PID</replaceable>: No such - process</errorname>.</para> - - <note> - <title>Why Use <command>/bin/kill</command>?</title> - - <para>Many shells provide <command>kill</command> as a - built in command, meaning that the shell will send the - signal directly, rather than running - <filename>/bin/kill</filename>. Be aware that different - shells have a different syntax for specifying the name - of the signal to send. Rather than try to learn all of - them, it can be simpler to specify - <command>/bin/kill</command>.</para> - </note> - </step> - </procedure> - - <para>When sending other signals, substitute - <literal>TERM</literal> or <literal>KILL</literal> with the - name of the signal.</para> - - <important> - <para>Killing a random process on the system is a bad idea. - In particular, &man.init.8;, <acronym>PID</acronym> 1, is - special. Running <command>/bin/kill -s KILL 1</command> is - a quick, and unrecommended, way to shutdown the system. - <emphasis>Always</emphasis> double check the arguments to - &man.kill.1; <emphasis>before</emphasis> pressing - <keycap>Return</keycap>.</para> - </important> - </sect2> - </sect1> - - <sect1 xml:id="shells"> - <title>Shells</title> - - <indexterm> - <primary>shells</primary> - </indexterm> - <indexterm> - <primary>command line</primary> - </indexterm> - - <para>A <firstterm>shell</firstterm> provides a command line - interface for interacting with the operating system. A shell - receives commands from the input channel and executes them. - Many shells provide built in functions to help with everyday - tasks such as file management, file globbing, command line - editing, command macros, and environment variables. &os; comes - with several shells, including the Bourne shell (&man.sh.1;) and - the extended C shell (&man.tcsh.1;). Other shells are available - from the &os; Ports Collection, such as - <command>zsh</command> and <command>bash</command>.</para> - - <para>The shell that is used is really a matter of taste. A C - programmer might feel more comfortable with a C-like shell such - as &man.tcsh.1;. A &linux; user might prefer - <command>bash</command>. Each shell has unique properties that - may or may not work with a user's preferred working environment, - which is why there is a choice of which shell to use.</para> - - <para>One common shell feature is filename completion. After a - user types the first few letters of a command or filename and - presses <keycap>Tab</keycap>, the shell completes the rest of - the command or filename. Consider two files called - <filename>foobar</filename> and <filename>football</filename>. - To delete <filename>foobar</filename>, the user might type - <command>rm foo</command> and press <keycap>Tab</keycap> to - complete the filename.</para> - - <para>But the shell only shows <command>rm foo</command>. It was - unable to complete the filename because both - <filename>foobar</filename> and <filename>football</filename> - start with <literal>foo</literal>. Some shells sound a beep or - show all the choices if more than one name matches. The user - must then type more characters to identify the desired filename. - Typing a <literal>t</literal> and pressing <keycap>Tab</keycap> - again is enough to let the shell determine which filename is - desired and fill in the rest.</para> - - <indexterm> - <primary>environment variables</primary> - </indexterm> - - <para>Another feature of the shell is the use of environment - variables. Environment variables are a variable/key pair stored - in the shell's environment. This environment can be read by any - program invoked by the shell, and thus contains a lot of program - configuration. <xref linkend="shell-env-vars"/> provides a list - of common environment variables and their meanings. Note that - the names of environment variables are always in - uppercase.</para> - - <table xml:id="shell-env-vars" frame="none" pgwide="1"> - <title>Common Environment Variables</title> - - <tgroup cols="2"> - <thead> - <row> - <entry>Variable</entry> - <entry>Description</entry> - </row> - </thead> - - <tbody> - <row> - <entry><envar>USER</envar></entry> - <entry>Current logged in user's name.</entry> - </row> - - <row> - <entry><envar>PATH</envar></entry> - <entry>Colon-separated list of directories to search for - binaries.</entry> - </row> - - <row> - <entry><envar>DISPLAY</envar></entry> - <entry>Network name of the - <application>&xorg;</application> - display to connect to, if available.</entry> - </row> - - <row> - <entry><envar>SHELL</envar></entry> - <entry>The current shell.</entry> - </row> - - <row> - <entry><envar>TERM</envar></entry> - - <entry>The name of the user's type of terminal. Used to - determine the capabilities of the terminal.</entry> - </row> - - <row> - <entry><envar>TERMCAP</envar></entry> - - <entry>Database entry of the terminal escape codes to - perform various terminal functions.</entry> - </row> - - <row> - <entry><envar>OSTYPE</envar></entry> - <entry>Type of operating system.</entry> - </row> - - <row> - <entry><envar>MACHTYPE</envar></entry> - <entry>The system's CPU architecture.</entry> - </row> - - <row> - <entry><envar>EDITOR</envar></entry> - <entry>The user's preferred text editor.</entry> - </row> - - <row> - <entry><envar>PAGER</envar></entry> - <entry>The user's preferred utility for viewing text one - page at a time.</entry> - </row> - - <row> - <entry><envar>MANPATH</envar></entry> - <entry>Colon-separated list of directories to search for - manual pages.</entry> - </row> - </tbody> - </tgroup> - </table> - - <indexterm> - <primary>Bourne shells</primary> - </indexterm> - - <para>How to set an environment variable differs between shells. - In &man.tcsh.1; and &man.csh.1;, use - <command>setenv</command> to set environment variables. In - &man.sh.1; and <command>bash</command>, use - <command>export</command> to set the current environment - variables. This example sets the default <envar>EDITOR</envar> - to <filename>/usr/local/bin/emacs</filename> for the - &man.tcsh.1; shell:</para> - - <screen>&prompt.user; <userinput>setenv EDITOR /usr/local/bin/emacs</userinput></screen> - - <para>The equivalent command for <command>bash</command> - would be:</para> - - <screen>&prompt.user; <userinput>export EDITOR="/usr/local/bin/emacs"</userinput></screen> - - <para>To expand an environment variable in order to see its - current setting, type a <literal>$</literal> character in front - of its name on the command line. For example, - <command>echo $TERM</command> displays the current - <envar>$TERM</envar> setting.</para> - - <para>Shells treat special characters, known as meta-characters, - as special representations of data. The most common - meta-character is <literal>*</literal>, which represents any - number of characters in a filename. Meta-characters can be used - to perform filename globbing. For example, <command>echo - *</command> is equivalent to <command>ls</command> because - the shell takes all the files that match <literal>*</literal> - and <command>echo</command> lists them on the command - line.</para> - - <para>To prevent the shell from interpreting a special character, - escape it from the shell by starting it with a backslash - (<literal>\</literal>). For example, <command>echo - $TERM</command> prints the terminal setting whereas - <command>echo \$TERM</command> literally prints the string - <literal>$TERM</literal>.</para> - - <sect2 xml:id="changing-shells"> - <title>Changing the Shell</title> - - <para>The easiest way to permanently change the default shell is - to use <command>chsh</command>. Running this command will - open the editor that is configured in the - <envar>EDITOR</envar> environment variable, which by default - is set to &man.vi.1;. Change the <literal>Shell:</literal> - line to the full path of the new shell.</para> - - <para>Alternately, use <command>chsh -s</command> which will set - the specified shell without opening an editor. For example, - to change the shell to <command>bash</command>:</para> - - <screen>&prompt.user; <userinput>chsh -s /usr/local/bin/bash</userinput></screen> - - <note> - <para>The new shell <emphasis>must</emphasis> be present in - <filename>/etc/shells</filename>. If the shell was - installed from the &os; Ports Collection as described in - <xref linkend="ports"/>, it should be automatically added - to this file. If it is missing, add it using this command, - replacing the path with the path of the shell:</para> - - <screen>&prompt.root; <userinput>echo <replaceable>/usr/local/bin/bash</replaceable> >> /etc/shells</userinput></screen> - - <para>Then, rerun &man.chsh.1;.</para> - </note> - </sect2> - - <sect2> - <info> - <title>Advanced Shell Techniques</title> - - <authorgroup> - <author> - <personname> - <firstname>Tom</firstname> - <surname>Rhodes</surname> - </personname> - <contrib>Written by </contrib> - </author> - </authorgroup> - </info> - - <para>The &unix; shell is not just a command interpreter, it - acts as a powerful tool which allows users to execute - commands, redirect their output, redirect their input and - chain commands together to improve the final command output. - When this functionality is mixed with built in commands, the - user is provided with an environment that can maximize - efficiency.</para> - - <para>Shell redirection is the action of sending the output or - the input of a command into another command or into a file. - To capture the output of the &man.ls.1; command, for example, - into a file, redirect the output:</para> - - <screen>&prompt.user; <userinput>ls > directory_listing.txt</userinput></screen> - - <para>The directory contents will now be listed in - <filename>directory_listing.txt</filename>. Some commands can - be used to read input, such as &man.sort.1;. To sort this - listing, redirect the input:</para> - - <screen>&prompt.user; <userinput>sort < directory_listing.txt</userinput></screen> - - <para>The input will be sorted and placed on the screen. To - redirect that input into another file, one could redirect the - output of &man.sort.1; by mixing the direction:</para> - - <screen>&prompt.user; <userinput>sort < directory_listing.txt > sorted.txt</userinput></screen> - - <para>In all of the previous examples, the commands are - performing redirection using file descriptors. Every &unix; - system has file descriptors, which include standard input - (stdin), standard output (stdout), and standard error - (stderr). Each one has a purpose, where input could be a - keyboard or a mouse, something that provides input. Output - could be a screen or paper in a printer. And error would be - anything that is used for diagnostic or error messages. All - three are considered <acronym>I/O</acronym> based file - descriptors and sometimes considered streams.</para> - - <para>Through the use of these descriptors, the shell allows - output and input to be passed around through various commands - and redirected to or from a file. Another method of - redirection is the pipe operator.</para> - - <para>The &unix; pipe operator, <quote>|</quote> allows the - output of one command to be directly passed or directed to - another program. Basically, a pipe allows the standard - output of a command to be passed as standard input to another - command, for example:</para> - - <screen>&prompt.user; <userinput>cat directory_listing.txt | sort | less</userinput></screen> - - <para>In that example, the contents of - <filename>directory_listing.txt</filename> will be sorted and - the output passed to &man.less.1;. This allows the user to - scroll through the output at their own pace and prevent it - from scrolling off the screen.</para> - </sect2> - </sect1> - - <sect1 xml:id="editors"> - <title>Text Editors</title> - - <indexterm> - <primary>text editors</primary> - </indexterm> - <indexterm> - <primary>editors</primary> - </indexterm> - - <para>Most &os; configuration is done by editing text files, so - it is a good idea to become familiar with a - text editor. &os; comes with a few as part of the base system, - and many more are available in the Ports Collection.</para> - - <indexterm> - <primary><command>ee</command></primary> - </indexterm> - <indexterm> - <primary>editors</primary> - <secondary>&man.ee.1;</secondary> - </indexterm> - - <para>A simple editor to learn is &man.ee.1;, which stands for - easy editor. To start this editor, type <command>ee - <replaceable>filename</replaceable></command> where - <replaceable>filename</replaceable> is the name of the file to - be edited. Once inside the editor, all of the commands for - manipulating the editor's functions are listed at the top of the - display. The caret (<literal>^</literal>) represents - <keycap>Ctrl</keycap>, so <literal>^e</literal> expands to - <keycombo action="simul"> - <keycap>Ctrl</keycap> - <keycap>e</keycap> - </keycombo>. To leave &man.ee.1;, press <keycap>Esc</keycap>, - then choose the <quote>leave editor</quote> option from the main - menu. The editor will prompt to save any changes if the file - has been modified.</para> - - <indexterm> - <primary><command>vi</command></primary> - </indexterm> - <indexterm> - <primary>editors</primary> - </indexterm> - <indexterm> - <primary><command>emacs</command></primary> - </indexterm> - - <para>&os; also comes with more powerful text editors, such as - &man.vi.1;, as part of the base system. Other editors, like - <package>editors/emacs</package> and - <package>editors/vim</package>, are part of the - &os; Ports Collection. These editors offer more functionality - at the expense of being more complicated to learn. Learning a - more powerful editor such as <application>vim</application> or - <application>Emacs</application> can save more time in the long - run.</para> - - <para>Many applications which modify files or require typed input - will automatically open a text editor. To change the default - editor, set the <envar>EDITOR</envar> environment - variable as described in <xref linkend="shells"/>.</para> - </sect1> - - <sect1 xml:id="basics-devices"> - <title>Devices and Device Nodes</title> - - <para>A device is a term used mostly for hardware-related - activities in a system, including disks, printers, graphics - cards, and keyboards. When &os; boots, the majority of the boot - messages refer to devices being detected. A copy of the boot - messages are saved to - <filename>/var/run/dmesg.boot</filename>.</para> - - <para>Each device has a device name and number. For example, - <filename>ada0</filename> is the first SATA hard drive, - while <filename>kbd0</filename> represents the - keyboard.</para> - - <para>Most devices in &os; must be accessed through special - files called device nodes, which are located in - <filename>/dev</filename>.</para> - </sect1> - - <sect1 xml:id="basics-more-information"> - <title>Manual Pages</title> - - <indexterm> - <primary>manual pages</primary> - </indexterm> - - <para>The most comprehensive documentation on &os; is in the form - of manual pages. Nearly every program on the system comes with - a short reference manual explaining the basic operation and - available arguments. These manuals can be viewed using - <command>man</command>:</para> - - <screen>&prompt.user; <userinput>man <replaceable>command</replaceable></userinput></screen> - - <para>where <replaceable>command</replaceable> is the name of the - command to learn about. For example, to learn more about - &man.ls.1;, type:</para> - - <screen>&prompt.user; <userinput>man ls</userinput></screen> - - <para>Manual pages are divided into sections which represent the - type of topic. In &os;, the following sections are - available:</para> - - <orderedlist> - <listitem> - <para>User commands.</para> - </listitem> - - <listitem> - <para>System calls and error numbers.</para> - </listitem> - - <listitem> - <para>Functions in the C libraries.</para> - </listitem> - - <listitem> - <para>Device drivers.</para> - </listitem> - - <listitem> - <para>File formats.</para> - </listitem> - - <listitem> - <para>Games and other diversions.</para> - </listitem> - - <listitem> - <para>Miscellaneous information.</para> - </listitem> - - <listitem> - <para>System maintenance and operation commands.</para> - </listitem> - - <listitem> - <para>System kernel interfaces.</para> - </listitem> - </orderedlist> - - <para>In some cases, the same topic may appear in more than one - section of the online manual. For example, there is a - <command>chmod</command> user command and a - <function>chmod()</function> system call. To tell &man.man.1; - which section to display, specify the section number:</para> - - <screen>&prompt.user; <userinput>man 1 chmod</userinput></screen> - - <para>This will display the manual page for the user command - &man.chmod.1;. References to a particular section of the - online manual are traditionally placed in parenthesis in - written documentation, so &man.chmod.1; refers to the user - command and &man.chmod.2; refers to the system call.</para> - - <para>If the name of the manual page is unknown, use <command>man - -k</command> to search for keywords in the manual page - descriptions:</para> - - <screen>&prompt.user; <userinput>man -k <replaceable>mail</replaceable></userinput></screen> - - <para>This command displays a list of commands that have the - keyword <quote>mail</quote> in their descriptions. This is - equivalent to using &man.apropos.1;.</para> - - <para>To read the descriptions for all of the commands in - <filename>/usr/bin</filename>, type:</para> - - <screen>&prompt.user; <userinput>cd /usr/bin</userinput> -&prompt.user; <userinput>man -f * | more</userinput></screen> - - <para>or</para> - - <screen>&prompt.user; <userinput>cd /usr/bin</userinput> -&prompt.user; <userinput>whatis * |more</userinput></screen> - - <sect2 xml:id="basics-info"> - <title>GNU Info Files</title> - - <indexterm> - <primary>Free Software Foundation</primary> - </indexterm> - - <para>&os; includes several applications and utilities produced - by the Free Software Foundation (FSF). In addition to manual - pages, these programs may include hypertext documents called - <literal>info</literal> files. These can be viewed using - &man.info.1; or, if <package>editors/emacs</package> is - installed, the info mode of - <application>emacs</application>.</para> - - <para>To use &man.info.1;, type:</para> - - <screen>&prompt.user; <userinput>info</userinput></screen> - - <para>For a brief introduction, type <literal>h</literal>. For - a quick command reference, type <literal>?</literal>.</para> - </sect2> - </sect1> -</chapter> |