From 8aabb07c0a88e56a9d69e75b12dc178e9ed07a11 Mon Sep 17 00:00:00 2001 From: Manolis Kiagias Date: Fri, 24 Jan 2014 18:11:24 +0000 Subject: Update more parts of the Greek Handbook to the latest versions Highlights: - 'vinum' chapter removed from build - Mostly untranslated 'disks' chapter replaced with the latest en_US version Note that the 'users' chapter still remains in the Greek Handbook for reference until it is updated and merged with 'basics' New revisions: preface r43126 disks r43449 book.xml r43566 chapters.ent r43126 Makefile r43126 Obtained From: The FreeBSD Greek Documentation Project --- el_GR.ISO8859-7/books/handbook/Makefile | 20 +- el_GR.ISO8859-7/books/handbook/book.xml | 26 +- el_GR.ISO8859-7/books/handbook/chapters.ent | 4 +- el_GR.ISO8859-7/books/handbook/disks/chapter.xml | 5117 ++++++++++---------- el_GR.ISO8859-7/books/handbook/preface/preface.xml | 245 +- 5 files changed, 2670 insertions(+), 2742 deletions(-) (limited to 'el_GR.ISO8859-7/books') diff --git a/el_GR.ISO8859-7/books/handbook/Makefile b/el_GR.ISO8859-7/books/handbook/Makefile index e791d06ba2..ac3b982eea 100644 --- a/el_GR.ISO8859-7/books/handbook/Makefile +++ b/el_GR.ISO8859-7/books/handbook/Makefile @@ -4,7 +4,7 @@ # Μορφοποίηση του Εγχειριδίου του FreeBSD # # %SOURCE% en_US.ISO8859-1/books/handbook/Makefile -# %SRCID% 1.119 +# %SRCID% 43126 # # ------------------------------------------------------------------------ @@ -50,6 +50,7 @@ IMAGES_EN = advanced-networking/isdn-bus.eps IMAGES_EN+= advanced-networking/isdn-twisted-pair.eps IMAGES_EN+= advanced-networking/natd.eps IMAGES_EN+= advanced-networking/net-routing.pic +IMAGES_EN+= advanced-networking/pxe-nfs.png IMAGES_EN+= advanced-networking/static-routes.pic IMAGES_EN+= bsdinstall/bsdinstall-adduser1.png IMAGES_EN+= bsdinstall/bsdinstall-adduser2.png @@ -179,13 +180,6 @@ IMAGES_EN+= security/ipsec-network.pic IMAGES_EN+= security/ipsec-crypt-pkt.pic IMAGES_EN+= security/ipsec-encap-pkt.pic IMAGES_EN+= security/ipsec-out-pkt.pic -IMAGES_EN+= vinum/vinum-concat.pic -IMAGES_EN+= vinum/vinum-mirrored-vol.pic -IMAGES_EN+= vinum/vinum-raid10-vol.pic -IMAGES_EN+= vinum/vinum-raid5-org.pic -IMAGES_EN+= vinum/vinum-simple-vol.pic -IMAGES_EN+= vinum/vinum-striped-vol.pic -IMAGES_EN+= vinum/vinum-striped.pic IMAGES_EN+= virtualization/parallels-freebsd1.png IMAGES_EN+= virtualization/parallels-freebsd2.png IMAGES_EN+= virtualization/parallels-freebsd3.png @@ -283,8 +277,8 @@ SRCS+= preface/preface.xml SRCS+= printing/chapter.xml SRCS+= security/chapter.xml SRCS+= serialcomms/chapter.xml +# Users chapter stays in the Greek Build until merged with basics SRCS+= users/chapter.xml -SRCS+= vinum/chapter.xml SRCS+= virtualization/chapter.xml SRCS+= x11/chapter.xml @@ -316,12 +310,12 @@ DOC_PREFIX?= ${.CURDIR}/../../.. # rules generating lists of mirror site from XML database. # XMLDOCS= lastmod:::mirrors.lastmod.inc \ - mirrors-ftp:::mirrors.xml.ftp.inc \ mirrors-ftp-index:::mirrors.xml.ftp.index.inc \ - mirrors-cvsup:::mirrors.xml.cvsup.inc \ + mirrors-ftp:::mirrors.xml.ftp.inc \ mirrors-cvsup-index:::mirrors.xml.cvsup.index.inc \ - eresources:::eresources.xml.www.inc \ - eresources-index:::eresources.xml.www.index.inc + mirrors-cvsup:::mirrors.xml.cvsup.inc \ + eresources-index:::eresources.xml.www.index.inc \ + eresources:::eresources.xml.www.inc DEPENDSET.DEFAULT= transtable mirror XSLT.DEFAULT= ${XSL_MIRRORS} XML.DEFAULT= ${XML_MIRRORS} diff --git a/el_GR.ISO8859-7/books/handbook/book.xml b/el_GR.ISO8859-7/books/handbook/book.xml index 9d58451388..67aebd1386 100644 --- a/el_GR.ISO8859-7/books/handbook/book.xml +++ b/el_GR.ISO8859-7/books/handbook/book.xml @@ -5,9 +5,8 @@ %chapters; %txtfiles; - - ]> + + Εγχειρίδιο του FreeBSD - Ομάδα Τεκμηρίωσης του FreeBSD @@ -49,6 +48,8 @@ 2010 2011 2012 + 2013 + 2014 Ομάδα Τεκμηρίωσης του FreeBSD @@ -62,7 +63,6 @@ &tm-attrib.adaptec; &tm-attrib.adobe; &tm-attrib.apple; - &tm-attrib.corel; &tm-attrib.creative; &tm-attrib.cvsup; &tm-attrib.heidelberger; @@ -73,18 +73,12 @@ &tm-attrib.linux; &tm-attrib.lsilogic; &tm-attrib.m-systems; - &tm-attrib.macromedia; &tm-attrib.microsoft; - &tm-attrib.netscape; - &tm-attrib.nexthop; &tm-attrib.opengroup; &tm-attrib.oracle; - &tm-attrib.powerquest; &tm-attrib.realnetworks; &tm-attrib.redhat; - &tm-attrib.sap; &tm-attrib.sun; - &tm-attrib.symantec; &tm-attrib.themathworks; &tm-attrib.thomson; &tm-attrib.usrobotics; @@ -113,8 +107,9 @@ http://docs.FreeBSD.org/doc/). Μπορείτε επίσης να μεταφορτώσετε στον υπολογιστή σας το ίδιο βιβλίο σε άλλες μορφές αρχείου και με διάφορες μορφές συμπίεσης από - τον εξυπηρετητή - FTP του &os; ή ένα από τα + τον εξυπηρετητή + FTP του &os; ή ένα από τα πολλά mirror sites. Αν προτιμάτε ένα τυπωμένο αντίτυπο, μπορείτε να αγοράσετε ένα αντίγραφο του Εγχειριδίου, από το @@ -171,8 +166,8 @@ &chap.introduction; - &chap.install; &chap.bsdinstall; + &chap.install; &chap.basics; &chap.ports; &chap.x11; @@ -252,6 +247,8 @@ &chap.config; &chap.boot; + &chap.users; &chap.security; &chap.jails; @@ -260,7 +257,6 @@ &chap.disks; &chap.geom; &chap.filesystems; - &chap.vinum; &chap.virtualization; &chap.l10n; &chap.cutting-edge; diff --git a/el_GR.ISO8859-7/books/handbook/chapters.ent b/el_GR.ISO8859-7/books/handbook/chapters.ent index a37c47b59d..ea04851198 100644 --- a/el_GR.ISO8859-7/books/handbook/chapters.ent +++ b/el_GR.ISO8859-7/books/handbook/chapters.ent @@ -13,7 +13,7 @@ $FreeBSD$ %SOURCE% en_US.ISO8859-1/books/handbook/chapters.ent - %SRCID% 1.40 + %SRCID% 43126 --> @@ -38,6 +38,7 @@ + @@ -46,7 +47,6 @@ - diff --git a/el_GR.ISO8859-7/books/handbook/disks/chapter.xml b/el_GR.ISO8859-7/books/handbook/disks/chapter.xml index 987380c80c..55142fd69b 100644 --- a/el_GR.ISO8859-7/books/handbook/disks/chapter.xml +++ b/el_GR.ISO8859-7/books/handbook/disks/chapter.xml @@ -8,7 +8,7 @@ $FreeBSD$ %SOURCE% en_US.ISO8859-1/books/handbook/disks/chapter.xml - %SRCID% 1.1 + %SRCID% 43449 --> @@ -51,17 +51,10 @@ Πως να δημιουργήσετε και να γράψετε CD και DVD στο &os;. - - Τα διάφορα διαθέσιμα μέσα αποθήκευσης για αντίγραφα - ασφαλείας. - Πως να χρησιμοποιήσετε προγράμματα λήψης αντιγράφων ασφαλείας στο &os;. - - Πως να πάρετε αντίγραφα ασφαλείας σε δισκέττες. - Τι είναι οι εικόνες (snapshots) σε ένα σύστημα αρχείων και πως να τις χρησιμοποιήσετε αποδοτικά. @@ -72,19 +65,17 @@ - Να ξέρετε πως θα ρυθμίσετε και θα εγκαταστήσετε ένα νέο πυρήνα - του &os; (). + Να ξέρετε πως να ρυθμίσετε και + να εγκαταστήσετε ένα νέο πυρήνα του &os;. - Device Names The following is a list of physical storage devices - supported in FreeBSD, and the device names associated with - them. + supported in &os; and their associated device names. Physical Disk Naming Conventions @@ -96,45 +87,70 @@ Drive device name + IDE hard drives - ad + ad or + ada + + + + IDE CD-ROM drives + acd or + cd + + + + SATA hard drives + ad or + ada + - IDE CDROM drives - acd + SATA CD-ROM drives + acd or + cd + - SCSI hard drives and USB Mass storage devices + SCSI hard drives and USB Mass storage + devices da + - SCSI CDROM drives + SCSI CD-ROM drives cd + - Assorted non-standard CDROM drives + Assorted non-standard CD-ROM drives mcd for Mitsumi CD-ROM and - scd for Sony CD-ROM devices - + scd for Sony CD-ROM devices + Floppy drives fd + SCSI tape drives sa - + + IDE tape drives ast + Flash drives - fla for &diskonchip; Flash device + fla for &diskonchip; Flash + device + RAID drives aacd for &adaptec; AdvancedRAID, @@ -150,618 +166,142 @@ - Adding Disks + + Adding Disks + - DavidO'BrienOriginally contributed by + + + David + O'Brien + + Originally contributed by + - - - disks adding - Lets say we want to add a new SCSI disk to a machine that - currently only has a single drive. First turn off the computer - and install the drive in the computer following the instructions - of the computer, controller, and drive manufacturer. Due to the - wide variations of procedures to do this, the details are beyond - the scope of this document. + This section describes how to add a new + SATA disk to a machine that currently only + has a single drive. First, turn off the computer and install + the drive in the computer following the instructions of the + computer, controller, and drive manufacturers. Reboot the + system and become + root. - Login as user root. After you have installed the - drive, inspect /var/run/dmesg.boot to ensure the new - disk was found. Continuing with our example, the newly added drive will - be da1 and we want to mount it on - /1 (if you are adding an IDE drive, the device name - will be ad1). + Inspect /var/run/dmesg.boot to ensure + the new disk was found. In this example, the newly added + SATA drive will appear as + ada1. partitions - slices - fdisk + gpart - FreeBSD runs on IBM-PC compatible computers, therefore it must - take into account the PC BIOS partitions. These are different - from the traditional BSD partitions. A PC disk has up to four - BIOS partition entries. If the disk is going to be truly - dedicated to FreeBSD, you can use the - dedicated mode. Otherwise, FreeBSD will - have to live within one of the PC BIOS partitions. FreeBSD - calls the PC BIOS partitions slices so as - not to confuse them with traditional BSD partitions. You may - also use slices on a disk that is dedicated to FreeBSD, but used - in a computer that also has another operating system installed. - This is a good way to avoid confusing the fdisk utility of - other, non-FreeBSD operating systems. - - In the slice case the drive will be added as - /dev/da1s1e. This is read as: SCSI disk, - unit number 1 (second SCSI disk), slice 1 (PC BIOS partition 1), - and e BSD partition. In the dedicated - case, the drive will be added simply as - /dev/da1e. - - Due to the use of 32-bit integers to store the number of sectors, - &man.bsdlabel.8; is - limited to 2^32-1 sectors per disk or 2TB in most cases. The - &man.fdisk.8; format allows a starting sector of no more than - 2^32-1 and a length of no more than 2^32-1, limiting partitions to - 2TB and disks to 4TB in most cases. The &man.sunlabel.8; format - is limited to 2^32-1 sectors per partition and 8 partitions for - a total of 16TB. For larger disks, &man.gpt.8; partitions may be - used. - - - Using &man.sysinstall.8; - - sysinstall - adding disks - - - su - - - - Navigating <application>Sysinstall</application> - - You may use sysinstall to - partition and label a new disk using its easy to use menus. - Either login as user root or use the - su command. Run - sysinstall and enter the - Configure menu. Within the - FreeBSD Configuration Menu, scroll down and - select the Fdisk option. - - - - <application>fdisk</application> Partition Editor - Once inside fdisk, typing A will - use the entire disk for FreeBSD. When asked if you want to - remain cooperative with any future possible operating - systems, answer YES. Write the - changes to the disk using W. Now exit the - FDISK editor by typing q. Next you will be - asked about the Master Boot Record. Since you are adding a - disk to an already running system, choose - None. - - - - Disk Label Editor - BSD partitions - - Next, you need to exit sysinstall - and start it again. Follow the directions above, although this - time choose the Label option. This will - enter the Disk Label Editor. This - is where you will create the traditional BSD partitions. A - disk can have up to eight partitions, labeled - a-h. - A few of the partition labels have special uses. The - a partition is used for the root partition - (/). Thus only your system disk (e.g, - the disk you boot from) should have an a - partition. The b partition is used for - swap partitions, and you may have many disks with swap - partitions. The c partition addresses the - entire disk in dedicated mode, or the entire FreeBSD slice in - slice mode. The other partitions are for general use. - - sysinstall's Label editor - favors the e - partition for non-root, non-swap partitions. Within the - Label editor, create a single file system by typing - C. When prompted if this will be a FS - (file system) or swap, choose FS and type in a - mount point (e.g, /mnt). When adding a - disk in post-install mode, sysinstall - will not create entries - in /etc/fstab for you, so the mount point - you specify is not important. - - You are now ready to write the new label to the disk and - create a file system on it. Do this by typing - W. Ignore any errors from - sysinstall that - it could not mount the new partition. Exit the Label Editor - and sysinstall completely. - - - - Finish - - The last step is to edit /etc/fstab - to add an entry for your new disk. - - - - - - Using Command Line Utilities - - - Using Slices - - This setup will allow your disk to work correctly with - other operating systems that might be installed on your - computer and will not confuse other operating systems' - fdisk utilities. It is recommended - to use this method for new disk installs. Only use - dedicated mode if you have a good reason - to do so! - - &prompt.root; dd if=/dev/zero of=/dev/da1 bs=1k count=1 -&prompt.root; fdisk -BI da1 #Initialize your new disk -&prompt.root; bsdlabel -B -w -r da1s1 auto #Label it. -&prompt.root; bsdlabel -e da1s1 # Edit the bsdlabel just created and add any partitions. -&prompt.root; mkdir -p /1 -&prompt.root; newfs /dev/da1s1e # Repeat this for every partition you created. -&prompt.root; mount /dev/da1s1e /1 # Mount the partition(s) -&prompt.root; vi /etc/fstab # Add the appropriate entry/entries to your /etc/fstab. - - If you have an IDE disk, substitute ad - for da. - - - - Dedicated - OS/2 - - If you will not be sharing the new drive with another operating - system, you may use the dedicated mode. Remember - this mode can confuse Microsoft operating systems; however, no damage - will be done by them. IBM's &os2; however, will - appropriate any partition it finds which it does not - understand. - - &prompt.root; dd if=/dev/zero of=/dev/da1 bs=1k count=1 -&prompt.root; bsdlabel -Brw da1 auto -&prompt.root; bsdlabel -e da1 # create the `e' partition -&prompt.root; newfs -d0 /dev/da1e -&prompt.root; mkdir -p /1 -&prompt.root; vi /etc/fstab # add an entry for /dev/da1e -&prompt.root; mount /1 - - An alternate method is: - - &prompt.root; dd if=/dev/zero of=/dev/da1 count=2 -&prompt.root; bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin -&prompt.root; newfs /dev/da1e -&prompt.root; mkdir -p /1 -&prompt.root; vi /etc/fstab # add an entry for /dev/da1e -&prompt.root; mount /1 - - - - - - - RAID - - - Software RAID - - - Concatenated Disk Driver (CCD) Configuration - - ChristopherShumwayOriginal work by - - - JimBrownRevised by - - - - - -RAIDsoftware - - RAIDCCD - - - When choosing a mass storage solution the most important - factors to consider are speed, reliability, and cost. It is - rare to have all three in balance; normally a fast, reliable mass - storage device is expensive, and to cut back on cost either speed - or reliability must be sacrificed. - - In designing the system described below, cost was chosen - as the most important factor, followed by speed, then reliability. - Data transfer speed for this system is ultimately - constrained by the network. And while reliability is very important, - the CCD drive described below serves online data that is already - fully backed up on CD-R's and can easily be replaced. - - Defining your own requirements is the first step - in choosing a mass storage solution. If your requirements prefer - speed or reliability over cost, your solution will differ from - the system described in this section. - - - - Installing the Hardware - - In addition to the IDE system disk, three Western - Digital 30GB, 5400 RPM IDE disks form the core - of the CCD disk described below providing approximately - 90GB of online storage. Ideally, - each IDE disk would have its own IDE controller - and cable, but to minimize cost, additional - IDE controllers were not used. Instead the disks were - configured with jumpers so that each IDE controller has - one master, and one slave. - - Upon reboot, the system BIOS was configured to - automatically detect the disks attached. More importantly, - FreeBSD detected them on reboot: - - ad0: 19574MB <WDC WD205BA> [39770/16/63] at ata0-master UDMA33 -ad1: 29333MB <WDC WD307AA> [59598/16/63] at ata0-slave UDMA33 -ad2: 29333MB <WDC WD307AA> [59598/16/63] at ata1-master UDMA33 -ad3: 29333MB <WDC WD307AA> [59598/16/63] at ata1-slave UDMA33 - - If FreeBSD does not detect all the disks, ensure - that you have jumpered them correctly. Most IDE drives - also have a Cable Select jumper. This is - not the jumper for the master/slave - relationship. Consult the drive documentation for help in - identifying the correct jumper. - - Next, consider how to attach them as part of the file - system. You should research both &man.vinum.8; () and &man.ccd.4;. In this - particular configuration, &man.ccd.4; was chosen. - - - - Setting Up the CCD - - The &man.ccd.4; driver allows you to take - several identical disks and concatenate them into one - logical file system. In order to use - &man.ccd.4;, you need a kernel with - &man.ccd.4; support built in. - Add this line to your kernel configuration file, rebuild, and - reinstall the kernel: - - device ccd - - The &man.ccd.4; support can also be - loaded as a kernel loadable module. - - To set up &man.ccd.4;, you must first use - &man.bsdlabel.8; to label the disks: - - bsdlabel -r -w ad1 auto -bsdlabel -r -w ad2 auto -bsdlabel -r -w ad3 auto + For this example, a single large partition will be created + on the new disk. The + GPT partitioning scheme will be + used in preference to the older and less versatile + MBR scheme. - This creates a bsdlabel for ad1c, ad2c and ad3c that - spans the entire disk. - - The next step is to change the disk label type. You - can use &man.bsdlabel.8; to edit the - disks: - - bsdlabel -e ad1 -bsdlabel -e ad2 -bsdlabel -e ad3 - - This opens up the current disk label on each disk with - the editor specified by the EDITOR - environment variable, typically &man.vi.1;. - - An unmodified disk label will look something like - this: - - 8 partitions: -# size offset fstype [fsize bsize bps/cpg] - c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597) - - Add a new e partition for &man.ccd.4; to use. This - can usually be copied from the c partition, - but the must - be 4.2BSD. The disk label should - now look something like this: - - 8 partitions: -# size offset fstype [fsize bsize bps/cpg] - c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597) - e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597) - - - - - Building the File System - - Now that you have all the disks labeled, you must - build the &man.ccd.4;. To do that, - use &man.ccdconfig.8;, with options similar to the following: - - ccdconfig ccd0 32 0 /dev/ad1e /dev/ad2e /dev/ad3e - - The use and meaning of each option is shown below: - - - - The first argument is the device to configure, in this case, - /dev/ccd0c. The /dev/ - portion is optional. - - - - - The interleave for the file system. The interleave - defines the size of a stripe in disk blocks, each normally 512 bytes. - So, an interleave of 32 would be 16,384 bytes. - - - - Flags for &man.ccdconfig.8;. If you want to enable drive - mirroring, you can specify a flag here. This - configuration does not provide mirroring for - &man.ccd.4;, so it is set at 0 (zero). - - - - The final arguments to &man.ccdconfig.8; - are the devices to place into the array. Use the complete pathname - for each device. - - - - - After running &man.ccdconfig.8; the &man.ccd.4; - is configured. A file system can be installed. Refer to &man.newfs.8; - for options, or simply run: - - newfs /dev/ccd0c - - - - - - Making it All Automatic - - Generally, you will want to mount the - &man.ccd.4; upon each reboot. To do this, you must - configure it first. Write out your current configuration to - /etc/ccd.conf using the following command: - - ccdconfig -g > /etc/ccd.conf - - During reboot, the script /etc/rc - runs ccdconfig -C if /etc/ccd.conf - exists. This automatically configures the - &man.ccd.4; so it can be mounted. - - If you are booting into single user mode, before you can - &man.mount.8; the &man.ccd.4;, you - need to issue the following command to configure the - array: - - ccdconfig -C - - - To automatically mount the &man.ccd.4;, - place an entry for the &man.ccd.4; in - /etc/fstab so it will be mounted at - boot time: - - /dev/ccd0c /media ufs rw 2 2 - - - - - The Vinum Volume Manager - -RAIDsoftware - - RAID - Vinum - - - The Vinum Volume Manager is a block device driver which - implements virtual disk drives. It isolates disk hardware - from the block device interface and maps data in ways which - result in an increase in flexibility, performance and - reliability compared to the traditional slice view of disk - storage. &man.vinum.8; implements the RAID-0, RAID-1 and - RAID-5 models, both individually and in combination. - - See for more - information about &man.vinum.8;. - - - - - Hardware RAID - - - RAID - hardware - - - FreeBSD also supports a variety of hardware RAID - controllers. These devices control a RAID subsystem - without the need for FreeBSD specific software to manage the - array. - - Using an on-card BIOS, the card controls most of the disk operations - itself. The following is a brief setup description using a Promise IDE RAID - controller. When this card is installed and the system is started up, it - displays a prompt requesting information. Follow the instructions - to enter the card's setup screen. From here, you have the ability to - combine all the attached drives. After doing so, the disk(s) will look like - a single drive to FreeBSD. Other RAID levels can be set up - accordingly. - - - - - Rebuilding ATA RAID1 Arrays - - FreeBSD allows you to hot-replace a failed disk in an array. This requires - that you catch it before you reboot. - - You will probably see something like the following in /var/log/messages or in the &man.dmesg.8; - output: - - ad6 on monster1 suffered a hard error. -ad6: READ command timeout tag=0 serv=0 - resetting -ad6: trying fallback to PIO mode -ata3: resetting devices .. done -ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\ -status=59 error=40 -ar0: WARNING - mirror lost - - Using &man.atacontrol.8;, check for further information: - - &prompt.root; atacontrol list -ATA channel 0: - Master: no device present - Slave: acd0 <HL-DT-ST CD-ROM GCR-8520B/1.00> ATA/ATAPI rev 0 - -ATA channel 1: - Master: no device present - Slave: no device present - -ATA channel 2: - Master: ad4 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5 - Slave: no device present - -ATA channel 3: - Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5 - Slave: no device present - -&prompt.root; atacontrol status ar0 -ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED - - - - You will first need to detach the ata channel with the failed - disk so you can safely remove it: - - &prompt.root; atacontrol detach ata3 - + + If the disk to be added is not blank, old partition + information can be removed with + gpart delete. See &man.gpart.8; for + details. + - - Replace the disk. - + The partition scheme is created, and then a single partition + is added: - - Reattach the ata channel: + &prompt.root; gpart create -s GPT ada1 +&prompt.root; gpart add -t freebsd-ufs ada1 - &prompt.root; atacontrol attach ata3 -Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5 -Slave: no device present - + Depending on use, several smaller partitions may be desired. + See &man.gpart.8; for options to create partitions smaller than + a whole disk. - - Add the new disk to the array as a spare: + A file system is created on the new blank disk: - &prompt.root; atacontrol addspare ar0 ad6 - + &prompt.root; newfs -U /dev/ada1p1 - - Rebuild the array: + An empty directory is created as a + mountpoint, a location for mounting the new + disk in the original disk's file system: - &prompt.root; atacontrol rebuild ar0 - + &prompt.root; mkdir /newdisk - - It is possible to check on the progress by issuing the - following command: + Finally, an entry is added to + /etc/fstab so the new disk will be mounted + automatically at startup: - &prompt.root; dmesg | tail -10 -[output removed] -ad6: removed from configuration -ad6: deleted from ar0 disk1 -ad6: inserted into ar0 disk1 as spare + /dev/ada1p1 /newdisk ufs rw 2 2 -&prompt.root; atacontrol status ar0 -ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed - + The new disk can be mounted manually, without restarting the + system: - - Wait until this operation completes. - - - + &prompt.root; mount /newdisk - USB Storage Devices + + USB Storage Devices + - MarcFonvieilleContributed by + + + Marc + Fonvieille + + Contributed by + - - USB disks - A lot of external storage solutions, nowadays, use the - Universal Serial Bus (USB): hard drives, USB thumbdrives, CD-R - burners, etc. &os; provides support for these devices. + Many external storage solutions, such as hard drives, USB + thumbdrives, and CD/DVD burners, use the Universal Serial Bus + (USB). &os; provides support for these devices. Configuration - The USB mass storage devices driver, &man.umass.4;, - provides the support for USB storage devices. If you use the - GENERIC kernel, you do not have to change - anything in your configuration. If you use a custom kernel, - be sure that the following lines are present in your kernel - configuration file: + The USB mass storage devices driver, &man.umass.4;, is + built into the GENERIC kernel and + provides support for USB storage devices. For a custom + kernel, be sure that the following lines are present in the + kernel configuration file: device scbus device da device pass device uhci device ohci +device ehci device usb device umass - The &man.umass.4; driver uses the SCSI subsystem to access - to the USB storage devices, your USB device will be seen as a - SCSI device by the system. Depending on the USB chipset on - your motherboard, you only need either device - uhci or device ohci, however - having both in the kernel configuration file is harmless. Do - not forget to compile and install the new kernel if you added - any lines. + Since the &man.umass.4; driver uses the SCSI subsystem to + access the USB storage devices, any USB device will be seen as + a SCSI device by the system. Depending on the USB chipset on + the motherboard, device uhci or + device ohci is used to provide USB 1.X + support. Support for USB 2.0 controllers is provided by + device ehci. - If your USB device is a CD-R or DVD burner, the SCSI CD-ROM - driver, &man.cd.4;, must be added to the kernel via the - line: + If the USB device is a CD or DVD burner, &man.cd.4;, + must be added to the kernel via the line: device cd @@ -769,23 +309,14 @@ device umass &man.atapicam.4; should not be used in the kernel configuration. - - Support for USB 2.0 controllers is provided on - &os;; however, you must add: - - device ehci - - to your configuration file for USB 2.0 support. Note - &man.uhci.4; and &man.ohci.4; drivers are still needed if you - want USB 1.X support. Testing the Configuration - The configuration is ready to be tested: plug in your USB - device, and in the system message buffer (&man.dmesg.8;), the - drive should appear as something like: + To test the USB configuration, plug in the USB device. In + the system message buffer, &man.dmesg.8;, the drive should + appear as something like: umass0: USB Solid state disk, rev 1.10/1.00, addr 2 GEOM: create disk da0 dp=0xc2d74850 @@ -794,88 +325,92 @@ da0: <Generic Traveling Disk 1.11> Removable Direct Access SCSI-2 device da0: 1.000MB/s transfers da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C) - Of course, the brand, the device node - (da0) and other details can differ - according to your configuration. + The brand, device node (da0), and + other details will differ according to the device. - Since the USB device is seen as a SCSI one, the - camcontrol command can be used to list the - USB storage devices attached to the system: + Since the USB device is seen as a SCSI one, + camcontrol can be used to list the USB + storage devices attached to the system: &prompt.root; camcontrol devlist <Generic Traveling Disk 1.11> at scbus0 target 0 lun 0 (da0,pass0) - If the drive comes with a file system, you should be able - to mount it. The will help you - to format and create partitions on the USB drive if - needed. - - To make this device mountable as a normal user, certain - steps have to be taken. First, the devices that are created - when a USB storage device is connected need to be accessible - by the user. A solution is to make all users of these devices - a member of the operator group. This - is done with &man.pw.8;. Second, when the devices are - created, the operator group should be - able to read and write them. This is accomplished by adding - these lines to + If the drive comes with a file system, it can be mounted. + Refer to for + instructions on how to format and create partitions on the USB + drive. + + + Allowing untrusted users to mount arbitrary media, by + enabling vfs.usermount as + described below, should not be considered safe from a + security point of view. Most file systems in &os; were not + built to safeguard against malicious devices. + + + To make the device mountable as a normal user, one + solution is to make all users of the device a member of the + operator group + using &man.pw.8;. Next, ensure that the + operator group is + able to read and write the device by adding these lines to /etc/devfs.rules: - [localrules=1] + [localrules=5] add path 'da*' mode 0660 group operator - If there already are SCSI disks in the system, it must - be done a bit different. E.g., if the system already - contains disks da0 through - da2 attached to the system, change + If SCSI disks are installed in the system, change the second line as follows: add path 'da[3-9]*' mode 0660 group operator - This will exclude the already existing disks from - belonging to the operator + This will exclude the first three SCSI disks + (da0 to + da2)from belonging to the + operator group. - You also have to enable your &man.devfs.rules.5; ruleset - in your /etc/rc.conf file: + Next, enable the &man.devfs.rules.5; ruleset in + /etc/rc.conf: devfs_system_ruleset="localrules" - Next, the kernel has to be configured to allow regular - users to mount file systems. The easiest way is to add the + Next, instruct the running kernel to allow regular users + to mount file systems. The easiest way is to add the following line to /etc/sysctl.conf: vfs.usermount=1 - Note that this only takes effect after the next reboot. - Alternatively, one can also use &man.sysctl.8; to set this - variable. + Since this only takes effect after the next reboot use + &man.sysctl.8; to set this variable now. The final step is to create a directory where the file system is to be mounted. This directory needs to be owned by the user that is to mount the file system. One way to do that - is for root to create a subdirectory - owned by that user as - /mnt/$USER - (replace $USER by the login name of - the actual user): + is for root to + create a subdirectory owned by that user as + /mnt/username. In the following example, + replace username with the login + name of the user and usergroup with + the user's primary group: - &prompt.root; mkdir /mnt/$USER -&prompt.root; chown $USER:$USER /mnt/$USER + &prompt.root; mkdir /mnt/username +&prompt.root; chown username:usergroup /mnt/username Suppose a USB thumbdrive is plugged in, and a device - /dev/da0s1 appears. Since these devices - usually come preformatted with a FAT file system, one can - mount them like this: + /dev/da0s1 appears. If the device is + preformatted with a FAT file system, it can be mounted + using: - &prompt.user; mount_msdosfs -m 644 -M 755 /dev/da0s1 /mnt/$USER + &prompt.user; mount -t msdosfs -o -m=644,-M=755 /dev/da0s1 /mnt/username - If you unplug the device (the disk must be unmounted - before), you should see, in the system message buffer, - something like the following: + Before the device can be unplugged, it + must be unmounted first. After device + removal, the system message buffer will show messages similar + to the following: umass0: at uhub0 port 1 (addr 2) disconnected (da0:umass-sim0:0:0:0): lost device @@ -888,214 +423,232 @@ umass0: detached Further Reading Beside the Adding - Disks and Mounting and + Disks and Mounting and Unmounting File Systems sections, reading various - manual pages may be also useful: &man.umass.4;, - &man.camcontrol.8;, and &man.usbdevs.8;. + manual pages may also be useful: &man.umass.4;, + &man.camcontrol.8;, and &man.usbconfig.8; under &os;  8.X + or &man.usbdevs.8; under earlier versions of &os;. - Creating and Using Optical Media (CDs) + + Creating and Using CD Media + - MikeMeyerContributed by + + + Mike + Meyer + + Contributed by + - - - CDROMs + CD-ROMs creating Introduction - CDs have a number of features that differentiate them from - conventional disks. Initially, they were not writable by the - user. They are designed so that they can be read continuously without - delays to move the head between tracks. They are also much easier - to transport between systems than similarly sized media were at the - time. + CD media provide a number of features that differentiate + them from conventional disks. Initially, they were not + writable by the user. They are designed so that they can be + read continuously without delays to move the head between + tracks. They are also much easier to transport between + systems. - CDs do have tracks, but this refers to a section of data to - be read continuously and not a physical property of the disk. To - produce a CD on FreeBSD, you prepare the data files that are going - to make up the tracks on the CD, then write the tracks to the - CD. + CD media do have tracks, but this refers to a section of + data to be read continuously and not a physical property of + the disk. For example, to produce a CD on &os;, prepare the + data files that are going to make up the tracks on the CD, + then write the tracks to the CD. ISO 9660 - file systems - ISO 9660 + file systems + ISO 9660 + The ISO 9660 file system was designed to deal with these - differences. It unfortunately codifies file system limits that were - common then. Fortunately, it provides an extension mechanism that - allows properly written CDs to exceed those limits while still - working with systems that do not support those extensions. + differences. To overcome the original file system limits, it + provides an extension mechanism that allows properly written + CDs to exceed those limits while still working with systems + that do not support those extensions. - sysutils/cdrtools + sysutils/cdrtools + The sysutils/cdrtools - port includes &man.mkisofs.8;, a program that you can use to - produce a data file containing an ISO 9660 file - system. It has options that support various extensions, and is - described below. + port includes &man.mkisofs.8;, a program that can be used to + produce a data file containing an ISO 9660 file system. It + has options that support various extensions, and is described + below. - CD burner - ATAPI + CD burner + ATAPI - Which tool to use to burn the CD depends on whether your CD burner - is ATAPI or something else. ATAPI CD burners use the burncd program that is part of - the base system. SCSI and USB CD burners should use - cdrecord from - the sysutils/cdrtools port. - It is also possible to use cdrecord and other tools - for SCSI drives on ATAPI hardware with the ATAPI/CAM module. - - If you want CD burning software with a graphical user - interface, you may wish to take a look at either - X-CD-Roast or + + Which tool to use to burn the CD depends on whether the + CD burner is ATAPI or something else. ATAPI CD burners use + burncd which is part of the base system. + SCSI and USB CD burners should use cdrecord + from the sysutils/cdrtools port. It is + also possible to use cdrecord and other + tools for SCSI drives on ATAPI hardware with the + ATAPI/CAM module. + + For CD burning software with a graphical user + interface, consider X-CD-Roast or K3b. These tools are available as - packages or from the sysutils/xcdroast and sysutils/k3b ports. + packages or from the sysutils/xcdroast and + sysutils/k3b ports. X-CD-Roast and - K3b require the ATAPI/CAM module with ATAPI + K3b require the + ATAPI/CAM module with ATAPI hardware. - mkisofs + <application>mkisofs</application> - The &man.mkisofs.8; program, which is part of the - sysutils/cdrtools port, - produces an ISO 9660 file system - that is an image of a directory tree in the &unix; file system name - space. The simplest usage is: + The sysutils/cdrtools + port also installs &man.mkisofs.8;, which produces an ISO 9660 + file system that is an image of a directory tree in the &unix; + file system name space. The simplest usage is: &prompt.root; mkisofs -o imagefile.iso /path/to/tree - file systems - ISO 9660 + file systems + ISO 9660 - This command will create an imagefile.iso - containing an ISO 9660 file system that is a copy of the tree at - /path/to/tree. In the process, it will - map the file names to names that fit the limitations of the - standard ISO 9660 file system, and will exclude files that have - names uncharacteristic of ISO file systems. + + This command creates an + imagefile.iso containing an ISO + 9660 file system that is a copy of the tree at + /path/to/tree. In the process, it + maps the file names to names that fit the limitations of + the standard ISO 9660 file system, and will exclude files that + have names uncharacteristic of ISO file systems. - file systems - HFS + file systems + HFS - file systems - Joliet + file systems + Joliet - A number of options are available to overcome those - restrictions. In particular, enables the - Rock Ridge extensions common to &unix; systems, - enables Joliet extensions used by Microsoft systems, and - can be used to create HFS file systems used - by &macos;. - - For CDs that are going to be used only on FreeBSD systems, + A number of options are available to overcome these + restrictions. In particular, enables the + Rock Ridge extensions common to &unix; systems, + enables Joliet extensions used by + Microsoft systems, and can be used to + create HFS file systems used by &macos;. + + For CDs that are going to be used only on &os; systems, can be used to disable all filename - restrictions. When used with , it produces a - file system image that is identical to the FreeBSD tree you started - from, though it may violate the ISO 9660 standard in a number of - ways. + restrictions. When used with , it produces + a file system image that is identical to the specified &os; + tree, though it may violate the ISO 9660 standard in a number + of ways. - CDROMs - creating bootable + CD-ROMs + creating bootable - The last option of general use is . This is - used to specify the location of the boot image for use in producing an - El Torito bootable CD. This option takes an - argument which is the path to a boot image from the top of the - tree being written to the CD. By default, &man.mkisofs.8; creates an - ISO image in the so-called floppy disk emulation mode, - and thus expects the boot image to be exactly 1200, 1440 or - 2880 KB in size. Some boot loaders, like the one used by the - FreeBSD distribution disks, do not use emulation mode; in this case, - the option should be used. So, if - /tmp/myboot holds a bootable FreeBSD system + The last option of general use is . + This is used to specify the location of the boot image for use + in producing an El Torito bootable CD. This + option takes an argument which is the path to a boot image + from the top of the tree being written to the CD. By default, + &man.mkisofs.8; creates an ISO image in + floppy disk emulation mode, and thus expects + the boot image to be exactly 1200, 1440 or 2880 KB in + size. Some boot loaders, like the one used by the &os; + distribution disks, do not use emulation mode. In this case, + should be used. So, if + /tmp/myboot holds a bootable &os; system with the boot image in - /tmp/myboot/boot/cdboot, you could produce the - image of an ISO 9660 file system in - /tmp/bootable.iso like so: + /tmp/myboot/boot/cdboot, this command + would produce the image of an ISO 9660 file system as + /tmp/bootable.iso: &prompt.root; mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot - Having done that, if you have md - configured in your kernel, you can mount the file system with: + If md is configured in the + kernel, the file system can be mounted as a memory disk + with: &prompt.root; mdconfig -a -t vnode -f /tmp/bootable.iso -u 0 &prompt.root; mount -t cd9660 /dev/md0 /mnt - At which point you can verify that /mnt - and /tmp/myboot are identical. + One can then verify that /mnt and + /tmp/myboot are identical. - There are many other options you can use with - &man.mkisofs.8; to fine-tune its behavior. In particular: - modifications to an ISO 9660 layout and the creation of Joliet - and HFS discs. See the &man.mkisofs.8; manual page for details. + There are many other options available for + &man.mkisofs.8; to fine-tune its behavior. Refer to + &man.mkisofs.8; for details. - burncd + <application>burncd</application> + - CDROMs - burning + CD-ROMs + burning - If you have an ATAPI CD burner, you can use the - burncd command to burn an ISO image onto a - CD. burncd is part of the base system, installed - as /usr/sbin/burncd. Usage is very simple, as - it has few options: + For an ATAPI CD burner, burncd can be + used to burn an ISO image onto a CD. + burncd is part of the base system, + installed as /usr/sbin/burncd. Usage is + very simple, as it has few options: &prompt.root; burncd -f cddevice data imagefile.iso fixate - Will burn a copy of imagefile.iso on - cddevice. The default device is - /dev/acd0. See &man.burncd.8; for options to - set the write speed, eject the CD after burning, and write audio - data. + This command will burn a copy of + imagefile.iso on + cddevice. The default device is + /dev/acd0. See &man.burncd.8; for + options to set the write speed, eject the CD after burning, + and write audio data. - cdrecord - - If you do not have an ATAPI CD burner, you will have to use - cdrecord to burn your - CDs. cdrecord is not part of the base system; - you must install it from either the port at sysutils/cdrtools - or the appropriate - package. Changes to the base system can cause binary versions of - this program to fail, possibly resulting in a - coaster. You should therefore either upgrade the - port when you upgrade your system, or if you are tracking -STABLE, upgrade the port when a - new version becomes available. - - While cdrecord has many options, basic usage - is even simpler than burncd. Burning an ISO 9660 - image is done with: + <application>cdrecord</application> + + For systems without an ATAPI CD burner, + cdrecord can be used to burn CDs. + cdrecord is not part of the base system and + must be installed from either the + sysutils/cdrtools package or port. Changes + to the base system can cause binary versions of this program + to fail, possibly resulting in a coaster. It + is recommended to either upgrade the port when the system is + upgraded, or for users + tracking -STABLE, to upgrade the + port when a new version becomes available. + + While cdrecord has many options, basic + usage is simple. Burning an ISO 9660 image is done + with: &prompt.root; cdrecord dev=device imagefile.iso - The tricky part of using cdrecord is finding - the to use. To find the proper setting, use - the flag of cdrecord, - which might produce results like this: + The tricky part of using cdrecord is + finding the to use. To find the proper + setting, use which might produce + results like this: + - CDROMs - burning + CD-ROMs + burning &prompt.root; cdrecord -scanbus Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 Jörg Schilling @@ -1119,55 +672,65 @@ scsibus1: 1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner 1,7,0 107) * - This lists the appropriate value for the - devices on the list. Locate your CD burner, and use the three - numbers separated by commas as the value for - . In this case, the CRW device is 1,5,0, so the - appropriate input would be - . There are easier - ways to specify this value; see &man.cdrecord.1; for - details. That is also the place to look for information on writing - audio tracks, controlling the speed, and other things. + This lists the appropriate value for + the devices on the list. Locate the CD burner, and use the + three numbers separated by commas as the value for + . In this case, the CRW device is 1,5,0, + so the appropriate input is . + Refer to &man.cdrecord.1; for easier ways to specify this + value and for information on writing audio tracks and + controlling the write speed. Duplicating Audio CDs - You can duplicate an audio CD by extracting the audio data from - the CD to a series of files, and then writing these files to a blank - CD. The process is slightly different for ATAPI and SCSI + To duplicate an audio CD, extract the audio data from the + CD to a series of files, then write these files to a blank CD. + The process is slightly different for ATAPI and SCSI drives. SCSI Drives - Use cdda2wav to extract the audio. + Use cdda2wav to extract the + audio: - &prompt.user; cdda2wav -v255 -D2,0 -B -Owav + &prompt.user; cdda2wav -vall -D2,0 -B -Owav Use cdrecord to write the - .wav files. + .wav files: &prompt.user; cdrecord -v dev=2,0 -dao -useinfo *.wav Make sure that 2,0 is set - appropriately, as described in . + appropriately, as described in + . ATAPI Drives + + With the help of the + ATAPI/CAM module, + cdda2wav can also be used on ATAPI + drives. This tool is usually a better choice for most of + users, as it supports jitter correction and endianness, + than the method proposed below. + + The ATAPI CD driver makes each track available as /dev/acddtnn, - where d is the drive number, and - nn is the track number written with two - decimal digits, prefixed with zero as needed. - So the first track on the first disk is + where d is the drive number, + and nn is the track number + written with two decimal digits, prefixed with zero as + needed. So the first track on the first disk is /dev/acd0t01, the second is /dev/acd0t02, the third is /dev/acd0t03, and so on. @@ -1180,20 +743,19 @@ scsibus1: - Extract each track using &man.dd.1;. You must also use a - specific block size when extracting the files. + Extract each track using &man.dd.1;, making sure to + specify a block size when extracting the files: &prompt.root; dd if=/dev/acd0t01 of=track1.cdr bs=2352 &prompt.root; dd if=/dev/acd0t02 of=track2.cdr bs=2352 -... - +... Burn the extracted files to disk using - burncd. You must specify that these are audio - files, and that burncd should fixate the disk - when finished. + burncd. Specify that these are audio + files, and that burncd should fixate + the disk when finished: &prompt.root; burncd -f /dev/acd0 audio track1.cdr track2.cdr ... fixate @@ -1203,164 +765,167 @@ scsibus1: Duplicating Data CDs - You can copy a data CD to a image file that is + It is possible to copy a data CD to an image file that is functionally equivalent to the image file created with - &man.mkisofs.8;, and you can use it to duplicate - any data CD. The example given here assumes that your CDROM - device is acd0. Substitute your - correct CDROM device. + &man.mkisofs.8;, and then use it to duplicate any data CD. + The example given here assumes that the CD-ROM device is + acd0. Substitute the correct CD-ROM + device. &prompt.root; dd if=/dev/acd0 of=file.iso bs=2048 - Now that you have an image, you can burn it to CD as + Now that there is an image, it can be burned to CD as described above. Using Data CDs - Now that you have created a standard data CDROM, you - probably want to mount it and read the data on it. By - default, &man.mount.8; assumes that a file system is of type - ufs. If you try something like: + It is possible to mount and read the data on a standard + data CD. By default, &man.mount.8; assumes that a file system + is of type ufs. Running this + command: &prompt.root; mount /dev/cd0 /mnt - you will get a complaint about Incorrect super - block, and no mount. The CDROM is not a - UFS file system, so attempts to mount it - as such will fail. You just need to tell &man.mount.8; that - the file system is of type ISO9660, and - everything will work. You do this by specifying the - option &man.mount.8;. For - example, if you want to mount the CDROM device, - /dev/cd0, under - /mnt, you would execute: - - &prompt.root; mount -t cd9660 /dev/cd0 /mnt - - Note that your device name - (/dev/cd0 in this example) could be - different, depending on the interface your CDROM uses. Also, - the option just executes - &man.mount.cd9660.8;. The above example could be shortened - to: - -&prompt.root; mount_cd9660 /dev/cd0 /mnt - - You can generally use data CDROMs from any vendor in this - way. Disks with certain ISO 9660 extensions might behave - oddly, however. For example, Joliet disks store all filenames - in two-byte Unicode characters. The FreeBSD kernel does not - speak Unicode, but the &os; CD9660 driver is able to convert - Unicode characters on the fly. If some non-English characters - show up as question marks you will need to specify the local - charset you use with the option. For more - information, consult the &man.mount.cd9660.8; manual - page. + will generate an error about Incorrect super + block, and will fail to mount the CD. The CD + does not use the UFS file system, so + attempts to mount it as such will fail. Instead, tell + &man.mount.8; that the file system is of type + ISO9660 by specifying + to &man.mount.8;. For example, + to mount the CD-ROM device, /dev/cd0, + under /mnt, + use: + + &prompt.root; mount -t cd9660 /dev/cd0 /mnt + + Replace /dev/cd0 with the device + name for the CD device. Also, + executes &man.mount.cd9660.8;, meaning the above command is + equivalent to: + + &prompt.root; mount_cd9660 /dev/cd0 /mnt + + While data CD-ROMs from any vendor can be mounted this + way, disks with certain ISO 9660 extensions might behave + oddly. For example, Joliet disks store all filenames in + two-byte Unicode characters. The &os; kernel does not speak + Unicode, but the &os; CD9660 driver is able to convert Unicode + characters on the fly. If some non-English characters show up + as question marks, specify the local charset with + . For more information, refer to + &man.mount.cd9660.8;. - To be able to do this character conversion with the help - of the option, the kernel will require - the cd9660_iconv.ko module to be - loaded. This can be done either by adding this line to + In order to do this character conversion with the help + of , the kernel requires the + cd9660_iconv.ko module to be loaded. + This can be done either by adding this line to loader.conf: cd9660_iconv_load="YES" - and then rebooting the machine, or by directly loading the - module with &man.kldload.8;. + and then rebooting the machine, or by directly loading + the module with &man.kldload.8;. - Occasionally, you might get Device not - configured when trying to mount a CDROM. This - usually means that the CDROM drive thinks that there is no + Occasionally, Device not configured + will be displayed when trying to mount a CD-ROM. This + usually means that the CD-ROM drive thinks that there is no disk in the tray, or that the drive is not visible on the bus. - It can take a couple of seconds for a CDROM drive to realize - that it has been fed, so be patient. + It can take a couple of seconds for a CD-ROM drive to realize + that a media is present, so be patient. - Sometimes, a SCSI CDROM may be missed because it did not - have enough time to answer the bus reset. If you have a SCSI - CDROM please add the following option to your kernel - configuration and rebuild your kernel. + Sometimes, a SCSI CD-ROM may be missed because it did not + have enough time to answer the bus reset. To resolve this, + add the following option to the kernel configuration and + rebuild the + kernel. options SCSI_DELAY=15000 - This tells your SCSI bus to pause 15 seconds during boot, - to give your CDROM drive every possible chance to answer the + This tells the SCSI bus to pause 15 seconds during boot, + to give the CD-ROM drive every possible chance to answer the bus reset. Burning Raw Data CDs - You can choose to burn a file directly to CD, without + It is possible to burn a file directly to CD, without creating an ISO 9660 file system. Some people do this for - backup purposes. This runs more quickly than burning a - standard CD: + backup purposes. This command runs more quickly than burning + a standard CD: &prompt.root; burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate - In order to retrieve the data burned to such a CD, you - must read data from the raw device node: + In order to retrieve the data burned to such a CD, the + data must be read from the raw device node: &prompt.root; tar xzvf /dev/acd1 - You cannot mount this disk as you would a normal CDROM. - Such a CDROM cannot be read under any operating system - except FreeBSD. If you want to be able to mount the CD, or - share data with another operating system, you must use - &man.mkisofs.8; as described above. + This type of disk can not be mounted as a normal CD-ROM + and the data cannot be read under any operating system except + &os;. In order to mount the CD, or to share the data with + another operating system, &man.mkisofs.8; must be used as + described above. - Using the ATAPI/CAM Driver + + Using the ATAPI/CAM Driver + - MarcFonvieilleContributed by + + + Marc + Fonvieille + + Contributed by + - - CD burner ATAPI/CAM driver - This driver allows ATAPI devices (CD-ROM, CD-RW, DVD - drives etc...) to be accessed through the SCSI subsystem, and - so allows the use of applications like sysutils/cdrdao or + This driver allows ATAPI devices, such as CD/DVD drives, + to be accessed through the SCSI subsystem, and so allows the + use of applications like sysutils/cdrdao or &man.cdrecord.1;. - To use this driver, you will need to add the following - line to the /boot/loader.conf - file: + To use this driver, add the following line to + /boot/loader.conf: atapicam_load="YES" - then, reboot your machine. + then, reboot the system. - If you prefer to statically compile the &man.atapicam.4; - support in your kernel, you will have to add this line to - your kernel configuration file: + Users who prefer to statically compile &man.atapicam.4; + support into the kernel, should add this line to the + kernel configuration file: - device atapicam + device atapicam - You also need the following lines in your kernel - configuration file: + Ensure the following lines are still in the kernel + configuration file: - device ata + device ata device scbus device cd device pass - which should already be present. Then rebuild, install - your new kernel, and reboot your machine. + Then rebuild, install the new kernel, and reboot the + machine. - During the boot process, your burner should show up, - like so: + During the boot process, the burner should show up, like + so: acd0: CD-RW <MATSHITA CD-RW/DVD-ROM UJDA740> at ata1-master PIO4 cd0 at ata1 bus 0 target 0 lun 0 @@ -1368,40 +933,53 @@ cd0: <MATSHITA CDRW/DVD UJDA740 1.00> Removable CD-ROM SCSI-0 device cd0: 16.000MB/s transfers cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed - The drive could now be accessed via the - /dev/cd0 device name, for example to - mount a CD-ROM on /mnt, just type the - following: + The drive can now be accessed via the + /dev/cd0 device name. For example, to + mount a CD-ROM on /mnt, + type the following: &prompt.root; mount -t cd9660 /dev/cd0 /mnt - As root, you can run the following - command to get the SCSI address of the burner: + As root, run the + following command to get the SCSI address of the + burner: &prompt.root; camcontrol devlist <MATSHITA CDRW/DVD UJDA740 1.00> at scbus1 target 0 lun 0 (pass0,cd0) - So 1,0,0 will be the SCSI address to - use with &man.cdrecord.1; and other SCSI application. + In this example, 1,0,0 is the SCSI + address to use with &man.cdrecord.1; and other SCSI + applications. For more information about ATAPI/CAM and SCSI system, - refer to the &man.atapicam.4; and &man.cam.4; manual - pages. + refer to &man.atapicam.4; and &man.cam.4;. - Creating and Using Optical Media (DVDs) + + Creating and Using DVD Media + - MarcFonvieilleContributed by + + + Marc + Fonvieille + + Contributed by + - AndyPolyakovWith inputs from + + + Andy + Polyakov + + With inputs from + - - DVD burning @@ -1412,33 +990,32 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Compared to the CD, the DVD is the next generation of optical media storage technology. The DVD can hold more data - than any CD and is nowadays the standard for video - publishing. + than any CD and is the standard for video publishing. - Five physical recordable formats can be defined for what - we will call a recordable DVD: + Five physical recordable formats can be defined for a + recordable DVD: DVD-R: This was the first DVD recordable format - available. The DVD-R standard is defined by the DVD Forum. - This format is write once. + available. The DVD-R standard is defined by the + DVD + Forum. This format is write once. - DVD-RW: This is the rewritable version of - the DVD-R standard. A DVD-RW can be rewritten about 1000 + DVD-RW: This is the rewritable version of the + DVD-R standard. A DVD-RW can be rewritten about 1000 times. - DVD-RAM: This is also a rewritable format - supported by the DVD Forum. A DVD-RAM can be seen as a - removable hard drive. However, this media is not - compatible with most DVD-ROM drives and DVD-Video players; - only a few DVD writers support the DVD-RAM format. Read - the for more information - on DVD-RAM use. + DVD-RAM: This is a rewritable format which can be seen + as a removable hard drive. However, this media is not + compatible with most DVD-ROM drives and DVD-Video players + as only a few DVD writers support the DVD-RAM format. + Refer to for more + information on DVD-RAM use. @@ -1456,50 +1033,49 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c A single layer recordable DVD can hold up to 4,700,000,000 bytes which is actually 4.38 GB or - 4485 MB (1 kilobyte is 1024 bytes). + 4485 MB as 1 kilobyte is 1024 bytes. - A distinction must be made between the physical media and - the application. For example, a DVD-Video is a specific + A distinction must be made between the physical media + and the application. For example, a DVD-Video is a specific file layout that can be written on any recordable DVD - physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing - the type of media, you must be sure that both the burner and the - DVD-Video player (a standalone player or a DVD-ROM drive on - a computer) are compatible with the media under consideration. + physical media such as DVD-R, DVD+R, or DVD-RW. Before + choosing the type of media, ensure that both the burner and + the DVD-Video player are compatible with the media under + consideration. + Configuration - The program &man.growisofs.1; will be used to perform DVD - recording. This command is part of the - dvd+rw-tools utilities (sysutils/dvd+rw-tools). The - dvd+rw-tools support all DVD media - types. + To perform DVD recording, use &man.growisofs.1;. This + command is part of the + sysutils/dvd+rw-tools utilities which + support all DVD media types. - These tools use the SCSI subsystem to access to the - devices, therefore the ATAPI/CAM - support must be added to your kernel. If your burner - uses the USB interface this addition is useless, and you should - read the for more details on USB - devices configuration. + These tools use the SCSI subsystem to access the devices, + therefore ATAPI/CAM support + must be loaded or statically compiled into the kernel. This + support is not needed if the burner uses the USB interface. + Refer to for more details + on USB device configuration. - You also have to enable DMA access for ATAPI devices, this - can be done in adding the following line to the - /boot/loader.conf file: + DMA access must also be enabled for ATAPI devices, by + adding the following line to + /boot/loader.conf: hw.ata.atapi_dma="1" - Before attempting to use the - dvd+rw-tools you should consult the - dvd+rw-tools' - hardware compatibility notes for any information - related to your DVD burner. + Before attempting to use + dvd+rw-tools, consult the Hardware + Compatibility Notes. - If you want a graphical user interface, you should have - a look to K3b (sysutils/k3b) which provides a - user friendly interface to &man.growisofs.1; and many other + For a graphical user interface, consider using + sysutils/k3b which provides a user + friendly interface to &man.growisofs.1; and many other burning tools. @@ -1507,41 +1083,72 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Burning Data DVDs - The &man.growisofs.1; command is a frontend to mkisofs, it will invoke - &man.mkisofs.8; to create the file system layout and will - perform the write on the DVD. This means you do not need to - create an image of the data before the burning process. + Since &man.growisofs.1; is a front-end to + mkisofs, it will invoke + &man.mkisofs.8; to create the file system layout and perform + the write on the DVD. This means that an image of the data + does not need to be created before the burning process. - To burn onto a DVD+R or a DVD-R the data from the /path/to/data directory, use the - following command: + To burn to a DVD+R or a DVD-R the data in + /path/to/data, + use the following command: &prompt.root; growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/data - The options are passed to - &man.mkisofs.8; for the file system creation (in this case: an - ISO 9660 file system with Joliet and Rock Ridge extensions), - consult the &man.mkisofs.8; manual page for more + In this example, is passed to + &man.mkisofs.8; to create an ISO 9660 file system with Joliet + and Rock Ridge extensions. Refer to &man.mkisofs.8; for more details. - The option is used for the initial - session recording in any case: multiple sessions or not. The - DVD device, /dev/cd0, must be - changed according to your configuration. The - parameter will close the disk, - the recording will be unappendable. In return this should provide better - media compatibility with DVD-ROM drives. + For the initial session recording, is + used for both single and multiple sessions. Replace + /dev/cd0, with the name of the DVD + device. Using indicates that the + disk will be closed and that the recording will be + unappendable. This should also provide better media + compatibility with DVD-ROM drives. - It is also possible to burn a pre-mastered image, for - example to burn the image - imagefile.iso, we will run: + To burn a pre-mastered image, such as + imagefile.iso, use: &prompt.root; growisofs -dvd-compat -Z /dev/cd0=imagefile.iso The write speed should be detected and automatically set - according to the media and the drive being used. If you want - to force the write speed, use the - parameter. For more information, read the &man.growisofs.1; - manual page. + according to the media and the drive being used. To force the + write speed, use . Refer to + &man.growisofs.1; for example usage. + + + In order to support working files larger than 4.38GB, an + UDF/ISO-9660 hybrid filesystem must be created by passing + to &man.mkisofs.8; and + all related programs, such as &man.growisofs.1;. This is + required only when creating an ISO image file or when + writing files directly to a disk. Since a disk created this + way must be mounted as an UDF filesystem with + &man.mount.udf.8;, it will be usable only on an UDF aware + operating system. Otherwise it will look as if it contains + corrupted files. + + To create this type of ISO file: + + &prompt.user; mkisofs -R -J -udf -iso-level 3 -o imagefile.iso /path/to/data + + To burn files directly to a disk: + + &prompt.root; growisofs -dvd-compat -udf -iso-level 3 -Z /dev/cd0 -J -R /path/to/data + + When an ISO image already contains large files, no + additional options are required for &man.growisofs.1; to + burn that image on a disk. + + Be sure to use an up-to-date version of + sysutils/cdrtools, which contains + &man.mkisofs.8;, as an older version may not contain large + files support. If the latest version does not work, install + sysutils/cdrtools-devel and read its + &man.mkisofs.8;. + @@ -1552,26 +1159,24 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c DVD-Video - A DVD-Video is a specific file layout based on ISO 9660 - and the micro-UDF (M-UDF) specifications. The DVD-Video also - presents a specific data structure hierarchy, it is the reason - why you need a particular program such as multimedia/dvdauthor to author the - DVD. + A DVD-Video is a specific file layout based on the ISO + 9660 and micro-UDF (M-UDF) specifications. Since DVD-Video + presents a specific data structure hierarchy, a particular + program such as multimedia/dvdauthor is + needed to author the DVD. - If you already have an image of the DVD-Video file system, - just burn it in the same way as for any image, see the - previous section for an example. If you have made the DVD - authoring and the result is in, for example, the directory - /path/to/video, the + If an image of the DVD-Video file system already exists, + it can be burned in the same way as any other image. If + dvdauthor was used to make the DVD and the + result is in /path/to/video, the following command should be used to burn the DVD-Video: &prompt.root; growisofs -Z /dev/cd0 -dvd-video /path/to/video - The option will be passed down to - &man.mkisofs.8; and will instruct it to create a DVD-Video file system - layout. Beside this, the option - implies &man.growisofs.1; - option. + is passed to &man.mkisofs.8; + to instruct it to create a DVD-Video file system layout. + This option implies the + &man.growisofs.1; option. @@ -1583,49 +1188,46 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Unlike CD-RW, a virgin DVD+RW needs to be formatted before - first use. The &man.growisofs.1; program will take care of it - automatically whenever appropriate, which is the - recommended way. However you can use the - dvd+rw-format command to format the - DVD+RW: + first use. It is recommended to let + &man.growisofs.1; take care of this automatically whenever + appropriate. However, it is possible to use + dvd+rw-format to format the DVD+RW: &prompt.root; dvd+rw-format /dev/cd0 - You need to perform this operation just once, keep in mind - that only virgin DVD+RW medias need to be formatted. Then you - can burn the DVD+RW in the way seen in previous - sections. + Only perform this operation once and keep in mind that + only virgin DVD+RW medias need to be formatted. Once + formatted, the DVD+RW can be burned as usual. - If you want to burn new data (burn a totally new file - system not append some data) onto a DVD+RW, you do not need to - blank it, you just have to write over the previous recording - (in performing a new initial session), like this: + To burn a totally new file system and not just append some + data onto a DVD+RW, the media does not need to be blanked + first. Instead, write over the previous recording like + this: &prompt.root; growisofs -Z /dev/cd0 -J -R /path/to/newdata - DVD+RW format offers the possibility to easily append data - to a previous recording. The operation consists in merging a - new session to the existing one, it is not multisession - writing, &man.growisofs.1; will grow the - ISO 9660 file system present on the media. + The DVD+RW format supports appending data to a previous + recording. This operation consists of merging a new session + to the existing one as it is not considered to be + multi-session writing. &man.growisofs.1; will + grow the ISO 9660 file system present on + the media. - For example, if we want to append data to our previous - DVD+RW, we have to use the following: + For example, to append data to a DVD+RW, use the + following: &prompt.root; growisofs -M /dev/cd0 -J -R /path/to/nextdata - The same &man.mkisofs.8; options we used to burn the + The same &man.mkisofs.8; options used to burn the initial session should be used during next writes. - You may want to use the - option if you want better media compatibility with DVD-ROM - drives. In the DVD+RW case, this will not prevent you from - adding data. + Use for better media + compatibility with DVD-ROM drives. When using DVD+RW, this + option will not prevent the addition of data. - If for any reason you really want to blank the media, do - the following: + To blank the media, use: &prompt.root; growisofs -Z /dev/cd0=/dev/zero @@ -1638,36 +1240,36 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c DVD-RW - A DVD-RW accepts two disc formats: the incremental - sequential one and the restricted overwrite. By default - DVD-RW discs are in sequential format. + A DVD-RW accepts two disc formats: incremental sequential + and restricted overwrite. By default, DVD-RW discs are in + sequential format. - A virgin DVD-RW can be directly written without the need - of a formatting operation, however a non-virgin DVD-RW in - sequential format needs to be blanked before to be able to - write a new initial session. + A virgin DVD-RW can be directly written without being + formatted. However, a non-virgin DVD-RW in sequential format + needs to be blanked before writing a new initial + session. - To blank a DVD-RW in sequential mode, run: + To blank a DVD-RW in sequential mode: &prompt.root; dvd+rw-format -blank=full /dev/cd0 - A full blanking () will take - about one hour on a 1x media. A fast blanking can be - performed using the option if the - DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn - the DVD-RW in DAO mode, use the command: + A full blanking using will + take about one hour on a 1x media. A fast blanking can be + performed using , if the DVD-RW will + be recorded in Disk-At-Once (DAO) mode. To burn the DVD-RW + in DAO mode, use the command: &prompt.root; growisofs -use-the-force-luke=dao -Z /dev/cd0=imagefile.iso - The option - should not be required since &man.growisofs.1; attempts to - detect minimally (fast blanked) media and engage DAO - write. + Since &man.growisofs.1; automatically attempts to detect + fast blanked media and engage DAO write, + should not be + required. - In fact one should use restricted overwrite mode with - any DVD-RW, this format is more flexible than the default - incremental sequential one. + One should instead use restricted overwrite mode with + any DVD-RW as this format is more flexible than the default + of incremental sequential. To write data on a sequential DVD-RW, use the same @@ -1675,59 +1277,56 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c &prompt.root; growisofs -Z /dev/cd0 -J -R /path/to/data - If you want to append some data to your previous - recording, you will have to use the &man.growisofs.1; - option. However, if you perform data - addition on a DVD-RW in incremental sequential mode, a new + To append some data to a previous recording, use + with &man.growisofs.1;. However, if data + is appended on a DVD-RW in incremental sequential mode, a new session will be created on the disc and the result will be a multi-session disc. A DVD-RW in restricted overwrite format does not need to - be blanked before a new initial session, you just have to - overwrite the disc with the option, this - is similar to the DVD+RW case. It is also possible to grow an - existing ISO 9660 file system written on the disc in a same - way as for a DVD+RW with the option. The - result will be a one-session DVD. - - To put a DVD-RW in the restricted overwrite format, the + be blanked before a new initial session. Instead, overwrite + the disc with . It is also possible to + grow an existing ISO 9660 file system written on the disc with + . The result will be a one-session + DVD. + + To put a DVD-RW in restricted overwrite format, the following command must be used: &prompt.root; dvd+rw-format /dev/cd0 - To change back to the sequential format use: + To change back to sequential format, use: &prompt.root; dvd+rw-format -blank=full /dev/cd0 - Multisession + Multi-Session - Very few DVD-ROM drives support - multisession DVDs, they will most of time, hopefully, only read - the first session. DVD+R, DVD-R and DVD-RW in sequential - format can accept multiple sessions, the notion of multiple - sessions does not exist for the DVD+RW and the DVD-RW - restricted overwrite formats. + Few DVD-ROM drives support multi-session DVDs and most of + the time only read the first session. DVD+R, DVD-R and DVD-RW + in sequential format can accept multiple sessions. The notion + of multiple sessions does not exist for the DVD+RW and the + DVD-RW restricted overwrite formats. - Using the following command after an initial (non-closed) + Using the following command after an initial non-closed session on a DVD+R, DVD-R, or DVD-RW in sequential format, will add a new session to the disc: &prompt.root; growisofs -M /dev/cd0 -J -R /path/to/nextdata - Using this command line with a DVD+RW or a DVD-RW in restricted - overwrite mode, will append data in merging the new session to - the existing one. The result will be a single-session disc. - This is the way used to add data after an initial write on these - medias. + Using this command with a DVD+RW or a DVD-RW in restricted + overwrite mode will append data while merging the new session + to the existing one. The result will be a single-session + disc. Use this method to add data after an initial write on + these types of media. - Some space on the media is used between each session for - end and start of sessions. Therefore, one should add - sessions with large amount of data to optimize media space. - The number of sessions is limited to 154 for a DVD+R, - about 2000 for a DVD-R, and 127 for a DVD+R Double + Since some space on the media is used between each + session to mark the end and start of sessions, one should + add sessions with a large amount of data to optimize media + space. The number of sessions is limited to 154 for a + DVD+R, about 2000 for a DVD-R, and 127 for a DVD+R Double Layer. @@ -1735,27 +1334,29 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c For More Information - To obtain more information about a DVD, the + To obtain more information about a DVD, use dvd+rw-mediainfo - /dev/cd0 command can be - ran with the disc in the drive. + /dev/cd0 while the disc + in the specified drive. - More information about the + More information about dvd+rw-tools can be found in - the &man.growisofs.1; manual page, on the dvd+rw-tools - web site and in the cdwrite mailing - list archives. + &man.growisofs.1;, on the dvd+rw-tools + web site, and in the cdwrite + mailing list archives. - The dvd+rw-mediainfo output of the - resulting recording or the media with issues is mandatory - for any problem report. Without this output, it will be - quite impossible to help you. + When creating a problem report related to the use of + dvd+rw-tools, always include the + output of dvd+rw-mediainfo. Using a DVD-RAM + DVD DVD-RAM @@ -1764,24 +1365,23 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Configuration - DVD-RAM writers come with either SCSI or ATAPI - interface. DMA access for ATAPI devices has to be enabled, - this can be done by adding the following line to the - /boot/loader.conf file: + DVD-RAM writers can use either a SCSI or ATAPI + interface. For ATAPI devices, DMA access has to be + enabled by adding the following line to + /boot/loader.conf: hw.ata.atapi_dma="1" - Preparing the Medium + Preparing the Media - As previously mentioned in the chapter introduction, a - DVD-RAM can be seen as a removable hard drive. As any other - hard drive the DVD-RAM must be prepared - before the first use. In the example, the whole - disk space will be used with a standard UFS2 file system: + A DVD-RAM can be seen as a removable hard drive. Like + any other hard drive, the DVD-RAM must be formatted before + it can be used. In this example, the whole disk space will + be formatted with a standard UFS2 file system: - &prompt.root; dd if=/dev/zero of=/dev/acd0 count=2 + &prompt.root; dd if=/dev/zero of=/dev/acd0 bs=2k count=1 &prompt.root; bsdlabel -Bw acd0 &prompt.root; newfs /dev/acd0 @@ -1790,41 +1390,52 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c - Using the Medium + Using the Media - Once the previous operations have been performed on the - DVD-RAM, it can be mounted as a normal hard drive: + Once the DVD-RAM has been formatted, it can be mounted + as a normal hard drive: &prompt.root; mount /dev/acd0 /mnt - After this the DVD-RAM will be both readable and writeable. + Once mounted, the DVD-RAM will be both readable and + writeable. - Creating and Using Floppy Disks + + Creating and Using Floppy Disks + - JulioMerinoOriginal work by + + + Julio + Merino + + Original work by + - + - MartinKarlssonRewritten by + + + Martin + Karlsson + + Rewritten by + - - - Storing data on floppy disks is sometimes useful, for example when one does not have any other removable storage media or when one needs to transfer small amounts of data to another computer. - This section will explain how to use floppy disks in - FreeBSD. It will primarily cover formatting and usage of - 3.5inch DOS floppies, but the concepts are similar for other - floppy disk formats. + This section explains how to use floppy disks in &os;. It + covers formatting and usage of 3.5inch DOS floppies, but the + concepts are similar for other floppy disk formats. Formatting Floppies @@ -1833,37 +1444,34 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c The Device Floppy disks are accessed through entries in - /dev, just like other devices. To - access the raw floppy disk, simply use + /dev, just like other + devices. To access the raw floppy disk, simply use /dev/fdN. Formatting - A floppy disk needs to be low-level formated before it + A floppy disk needs to be low-level formatted before it can be used. This is usually done by the vendor, but formatting is a good way to check media integrity. Although - it is possible to force larger (or smaller) disk sizes, - 1440kB is what most floppy disks are designed for. + it is possible to force other disk sizes, 1440kB is what + most floppy disks are designed for. - To low-level format the floppy disk you need to use - &man.fdformat.1;. This utility expects the device name as an - argument. + To low-level format the floppy disk, use + &man.fdformat.1;. This utility expects the device name as + an argument. - Make note of any error messages, as these can help - determine if the disk is good or bad. + Make note of any error messages, as these can help + determine if the disk is good or bad. Formatting Floppy Disks - Use the - /dev/fdN - devices to format the floppy. Insert a new 3.5inch floppy - disk in your drive and issue: + To format the floppy, insert a new 3.5inch floppy + disk into the first floppy drive and issue: &prompt.root; /usr/sbin/fdformat -f 1440 /dev/fd0 - @@ -1871,33 +1479,32 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c The Disk Label - After low-level formatting the disk, you will need to - place a disk label on it. This disk label will be destroyed - later, but it is needed by the system to determine the size of - the disk and its geometry later. + After low-level formatting the disk, a disk label needs to + placed on it. This disk label will be destroyed later, but + it is needed by the system to determine the size of the disk + and its geometry. - The new disk label will take over the whole disk, and will + The new disk label will take over the whole disk and will contain all the proper information about the geometry of the floppy. The geometry values for the disk label are listed in /etc/disktab. - You can run now &man.bsdlabel.8; like so: - - &prompt.root; /sbin/bsdlabel -B -r -w /dev/fd0 fd1440 + To write the disk label, use &man.bsdlabel.8;: + &prompt.root; /sbin/bsdlabel -B -w /dev/fd0 fd1440 The File System - Now the floppy is ready to be high-level formated. This - will place a new file system on it, which will let FreeBSD read - and write to the disk. After creating the new file system, the - disk label is destroyed, so if you want to reformat the disk, you - will have to recreate the disk label. + The floppy is now ready to be high-level formatted. This + will place a new file system on it so that &os; can read and + write to the disk. Since creating the new file system + destroys the disk label, the disk label needs to be recreated + whenever the disk is reformatted. The floppy's file system can be either UFS or FAT. - FAT is generally a better choice for floppies. + FAT is generally a better choice for floppies. To put a new file system on the floppy, issue: @@ -1906,13 +1513,13 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c The disk is now ready for use. - Using the Floppy - To use the floppy, mount it with &man.mount.msdosfs.8;. One can also use - emulators/mtools from the ports - collection. + To use the floppy, mount it with &man.mount.msdosfs.8;. + One can also use + emulators/mtools from the + Ports Collection. @@ -1920,543 +1527,344 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Creating and Using Data Tapes tape media - The major tape media are the 4mm, 8mm, QIC, mini-cartridge and - DLT. - - 4mm (DDS: Digital Data Storage) + Tape technology has continued to evolve but is less likely + to be used in a modern system. Modern backup systems tend to + use off site combined with local removable disk drive + technologies. Still, &os; will support any tape drive that + uses SCSI, such as LTO and older devices such as DAT. There is + limited support for SATA and USB tape drives. - - tape media - DDS (4mm) tapes - - - tape media - QIC tapes - - 4mm tapes are replacing QIC as the workstation backup media of - choice. This trend accelerated greatly when Conner purchased Archive, - a leading manufacturer of QIC drives, and then stopped production of - QIC drives. 4mm drives are small and quiet but do not have the - reputation for reliability that is enjoyed by 8mm drives. The - cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51 - x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short - head life for the same reason, both use helical scan. - - Data throughput on these drives starts ~150 kB/s, peaking at ~500 kB/s. - Data capacity starts at 1.3 GB and ends at 2.0 GB. Hardware - compression, available with most of these drives, approximately - doubles the capacity. Multi-drive tape library units can have 6 - drives in a single cabinet with automatic tape changing. Library - capacities reach 240 GB. - - The DDS-3 standard now supports tape capacities up to 12 GB (or - 24 GB compressed). - - 4mm drives, like 8mm drives, use helical-scan. All the benefits - and drawbacks of helical-scan apply to both 4mm and 8mm drives. - - Tapes should be retired from use after 2,000 passes or 100 full - backups. - + + Serial Access with &man.sa.4; - - 8mm (Exabyte) - tape media - Exabyte (8mm) tapes + tape drives - 8mm tapes are the most common SCSI tape drives; they are the best - choice of exchanging tapes. Nearly every site has an Exabyte 2 GB 8mm - tape drive. 8mm drives are reliable, convenient and quiet. Cartridges - are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm). - One downside of 8mm tape is relatively short head and tape life due to - the high rate of relative motion of the tape across the heads. - - Data throughput ranges from ~250 kB/s to ~500 kB/s. Data sizes start - at 300 MB and go up to 7 GB. Hardware compression, available with - most of these drives, approximately doubles the capacity. These - drives are available as single units or multi-drive tape libraries - with 6 drives and 120 tapes in a single cabinet. Tapes are changed - automatically by the unit. Library capacities reach 840+ GB. - - The Exabyte Mammoth model supports 12 GB on one tape - (24 GB with compression) and costs approximately twice as much as - conventional tape drives. - - Data is recorded onto the tape using helical-scan, the heads are - positioned at an angle to the media (approximately 6 degrees). The - tape wraps around 270 degrees of the spool that holds the heads. The - spool spins while the tape slides over the spool. The result is a - high density of data and closely packed tracks that angle across the - tape from one edge to the other. + &os; uses the &man.sa.4; driver, providing + /dev/sa0, + /dev/nsa0, and + /dev/esa0. In normal use, only + /dev/sa0 is needed. + /dev/nsa0 is the same physical drive + as /dev/sa0 but does not rewind the + tape after writing a file. This allows writing more than one + file to a tape. Using /dev/esa0 + ejects the tape after the device is closed, if + applicable. - - QIC - - tape media - QIC-150 - - - QIC-150 tapes and drives are, perhaps, the most common tape drive - and media around. QIC tape drives are the least expensive serious - backup drives. The downside is the cost of media. QIC tapes are - expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB - data storage. But, if your needs can be satisfied with a half-dozen - tapes, QIC may be the correct choice. QIC is the - most common tape drive. Every site has a QIC - drive of some density or another. Therein lies the rub, QIC has a - large number of densities on physically similar (sometimes identical) - tapes. QIC drives are not quiet. These drives audibly seek before - they begin to record data and are clearly audible whenever reading, - writing or seeking. QIC tapes measure 6 x 4 x 0.7 inches - (152 x 102 x 17 mm). - - Data throughput ranges from ~150 kB/s to ~500 kB/s. Data capacity - ranges from 40 MB to 15 GB. Hardware compression is available on many - of the newer QIC drives. QIC drives are less frequently installed; - they are being supplanted by DAT drives. - - Data is recorded onto the tape in tracks. The tracks run along - the long axis of the tape media from one end to the other. The number - of tracks, and therefore the width of a track, varies with the tape's - capacity. Most if not all newer drives provide backward-compatibility - at least for reading (but often also for writing). QIC has a good - reputation regarding the safety of the data (the mechanics are simpler - and more robust than for helical scan drives). - - Tapes should be retired from use after 5,000 backups. - + + Controlling the Tape Drive with + &man.mt.1; - - DLT - tape media - DLT + tape media + mt - DLT has the fastest data transfer rate of all the drive types - listed here. The 1/2" (12.5mm) tape is contained in a single spool - cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a - swinging gate along one entire side of the cartridge. The drive - mechanism opens this gate to extract the tape leader. The tape leader - has an oval hole in it which the drive uses to hook the tape. The - take-up spool is located inside the tape drive. All the other tape - cartridges listed here (9 track tapes are the only exception) have - both the supply and take-up spools located inside the tape cartridge - itself. - - Data throughput is approximately 1.5 MB/s, three times the throughput of - 4mm, 8mm, or QIC tape drives. Data capacities range from 10 GB to 20 GB - for a single drive. Drives are available in both multi-tape changers - and multi-tape, multi-drive tape libraries containing from 5 to 900 - tapes over 1 to 20 drives, providing from 50 GB to 9 TB of - storage. - - With compression, DLT Type IV format supports up to 70 GB - capacity. - - Data is recorded onto the tape in tracks parallel to the direction - of travel (just like QIC tapes). Two tracks are written at once. - Read/write head lifetimes are relatively long; once the tape stops - moving, there is no relative motion between the heads and the - tape. - + &man.mt.1; is the &os; utility for controlling other + operations of the tape drive, such as seeking through files on + a tape or writing tape control marks to the tape. - - AIT - - tape media - AIT - + For example, the first three files on a tape can be + preserved by skipping past them before writing a new + file: - AIT is a new format from Sony, and can hold up to 50 GB (with - compression) per tape. The tapes contain memory chips which retain an - index of the tape's contents. This index can be rapidly read by the - tape drive to determine the position of files on the tape, instead of - the several minutes that would be required for other tapes. Software - such as SAMS:Alexandria can operate forty or more AIT tape libraries, - communicating directly with the tape's memory chip to display the - contents on screen, determine what files were backed up to which - tape, locate the correct tape, load it, and restore the data from the - tape. - - Libraries like this cost in the region of $20,000, pricing them a - little out of the hobbyist market. + &prompt.root; mt -f /dev/nsa0 fsf 3 - Using a New Tape for the First Time - - The first time that you try to read or write a new, completely - blank tape, the operation will fail. The console messages should be - similar to: - - sa0(ncr1:4:0): NOT READY asc:4,1 -sa0(ncr1:4:0): Logical unit is in process of becoming ready - - The tape does not contain an Identifier Block (block number 0). - All QIC tape drives since the adoption of QIC-525 standard write an - Identifier Block to the tape. There are two solutions: - - - - mt fsf 1 causes the tape drive to write an - Identifier Block to the tape. - - - - Use the front panel button to eject the tape. - - Re-insert the tape and dump data to - the tape. - - dump will report DUMP: End of tape - detected and the console will show: HARDWARE - FAILURE info:280 asc:80,96. - - rewind the tape using: mt rewind. - - Subsequent tape operations are successful. - - - - - - - - Backups to Floppies - - - Can I Use Floppies for Backing Up My Data? - backup floppies - floppy disks - - Floppy disks are not really a suitable media for - making backups as: - - - - The media is unreliable, especially over long periods of - time. - + Using &man.tar.1; to Read and + Write Tape Backups - - Backing up and restoring is very slow. - + An example of writing a single file to tape using + &man.tar.1;: - - They have a very limited capacity (the days of backing up - an entire hard disk onto a dozen or so floppies has long since - passed). - - + &prompt.root; tar cvf /dev/sa0 file - However, if you have no other method of backing up your data then - floppy disks are better than no backup at all. + Recovering files from a &man.tar.1; archive on tape into + the current directory: - If you do have to use floppy disks then ensure that you use good - quality ones. Floppies that have been lying around the office for a - couple of years are a bad choice. Ideally use new ones from a - reputable manufacturer. + &prompt.root; tar xvf /dev/sa0 - - So How Do I Backup My Data to Floppies? - - The best way to backup to floppy disk is to use - &man.tar.1; with the (multi - volume) option, which allows backups to span multiple - floppies. - - To backup all the files in the current directory and sub-directory - use this (as root): - - &prompt.root; tar Mcvf /dev/fd0 * - - When the first floppy is full &man.tar.1; will prompt you to - insert the next volume (because &man.tar.1; is media independent it - refers to volumes; in this context it means floppy disk). + + Using &man.dump.8; and + &man.restore.8; to Create and Restore Backups - Prepare volume #2 for /dev/fd0 and hit return: + A simple backup of /usr with + &man.dump.8;: - This is repeated (with the volume number incrementing) until all - the specified files have been archived. - + &prompt.root; dump -0aL -b64 -f /dev/nsa0 /usr - - Can I Compress My Backups? - - tar - - - gzip - - compression + Interactively restoring files from a &man.dump.8; file on + tape into the current directory: - Unfortunately, &man.tar.1; will not allow the - option to be used for multi-volume archives. - You could, of course, &man.gzip.1; all the files, - &man.tar.1; them to the floppies, then - &man.gunzip.1; the files again! + &prompt.root; restore -i -f /dev/nsa0 - - How Do I Restore My Backups? - - To restore the entire archive use: - - &prompt.root; tar Mxvf /dev/fd0 - - There are two ways that you can use to restore only - specific files. First, you can start with the first floppy - and use: - - &prompt.root; tar Mxvf /dev/fd0 filename - - The utility &man.tar.1; will prompt you to insert subsequent floppies until it - finds the required file. - - Alternatively, if you know which floppy the file is on then you - can simply insert that floppy and use the same command as above. Note - that if the first file on the floppy is a continuation from the - previous one then &man.tar.1; will warn you that it cannot - restore it, even if you have not asked it to! + + Other Tape Software + + Higher-level programs are available to simplify tape + backup. The most popular are + Amanda and + Bacula. These programs aim to make + backups easier and more convenient, or to automate complex + backups of multiple machines. The Ports Collection contains + both these and other tape utility applications. - Backup Strategies + + Backup Strategies + - LowellGilbertOriginal work by + + + Lowell + Gilbert + + Original work by + - - - - The first requirement in devising a backup plan is to make sure that - all of the following problems are covered: + The first requirement in devising a backup plan is to make + sure that all of the following problems are covered: - Disk failure + Disk failure. + - Accidental file deletion + Accidental file deletion. + - Random file corruption + Random file corruption. + - Complete machine destruction (e.g. fire), including destruction - of any on-site backups. + Complete machine destruction, say by fire, including + destruction of any on-site backups. - It is perfectly possible that some systems will be best served by - having each of these problems covered by a completely different - technique. Except for strictly personal systems with very low-value - data, it is unlikely that one technique would cover all of them. + Some systems will be best served by having each of these + problems covered by a completely different technique. Except + for strictly personal systems with low-value data, it is + unlikely that one technique will cover all of them. - Some of the techniques in the toolbox are: + Some possible techniques include: - Archives of the whole system, backed up onto permanent media - offsite. This actually provides protection against all of the - possible problems listed above, but is slow and inconvenient to - restore from. You can keep copies of the backups onsite and/or - online, but there will still be inconveniences in restoring files, - especially for non-privileged users. + Archives of the whole system, backed up onto permanent, + off-site media. This provides protection against all of the + problems listed above, but is slow and inconvenient to + restore from. Copies of the backups can be stored on site + or online, but there will still be inconveniences in + restoring files, especially for non-privileged users. - Filesystem snapshots. This is really only helpful in the - accidental file deletion scenario, but it can be - very helpful in that case, and is quick and - easy to deal with. + Filesystem snapshots, which are really only helpful in + the accidental file deletion scenario, but can be + very helpful in that case, as well as + quick and easy to deal with. - Copies of whole filesystems and/or disks (e.g. periodic &man.rsync.1; of - the whole machine). This is generally most useful in networks with - unique requirements. For general protection against disk failure, - it is usually inferior to RAID. For restoring - accidentally deleted files, it can be comparable to - UFS snapshots, but that depends on your - preferences. + Copies of whole file systems or disks which can be + created with a periodic net/rsync of the + whole machine. This is generally most useful in networks + with unique requirements. For general protection against + disk failure, this is usually inferior to + RAID. For restoring accidentally deleted + files, it can be comparable to UFS + snapshots. - RAID. Minimizes or avoids downtime when a - disk fails. At the expense of having to deal with disk failures - more often (because you have more disks), albeit at a much lower - urgency. + RAID, which minimizes or avoids + downtime when a disk fails at the expense of having to deal + with disk failures more often, because there are more disks, + albeit at a much lower urgency. - Checking fingerprints of files. The &man.mtree.8; utility is - very useful for this. Although it is not a backup technique, it - helps guarantee that you will notice when you need to resort to your - backups. This is particularly important for offline backups, and - should be checked periodically. + Checking fingerprints of files using &man.mtree.8;. + Although this is not a backup, this technique indicates + when one needs to resort to backups. This is particularly + important for offline backups, and should be checked + periodically. - It is quite easy to come up with even more techniques, many of them - variations on the ones listed above. Specialized requirements will - usually lead to specialized techniques (for example, backing up a live - database usually requires a method particular to the database software - as an intermediate step). The important thing is to know what dangers - you want to protect against, and how you will handle each. + It is quite easy to come up with more techniques, many + of them variations on the ones listed above. Specialized + requirements usually lead to specialized techniques. For + example, backing up a live database usually requires a method + particular to the database software as an intermediate step. + The important thing is to know which dangers should be protected + against, and how each will be handled. Backup Basics - The three major backup programs are - &man.dump.8;, - &man.tar.1;, - and - &man.cpio.1;. + The major backup programs built into &os; are + &man.dump.8;, &man.tar.1;, &man.cpio.1;, and + &man.pax.1;. Dump and Restore + - backup software + backup software dump / restore - dump - restore - - The traditional &unix; backup programs are - dump and restore. They + + dump + + + restore + + + The traditional &unix; backup programs are + dump and restore. They operate on the drive as a collection of disk blocks, below the - abstractions of files, links and directories that are created by - the file systems. dump backs up an entire - file system on a device. It is unable to backup only part of a - file system or a directory tree that spans more than one - file system. dump does not write files and - directories to tape, but rather writes the raw data blocks that - comprise files and directories. - - If you use dump on your root directory, you - would not back up /home, - /usr or many other directories since - these are typically mount points for other file systems or - symbolic links into those file systems. - - dump has quirks that remain from its early days in - Version 6 of AT&T UNIX (circa 1975). The default - parameters are suitable for 9-track tapes (6250 bpi), not the - high-density media available today (up to 62,182 ftpi). These - defaults must be overridden on the command line to utilize the - capacity of current tape drives. - - .rhosts + abstractions of files, links and directories that are created + by the file systems. Unlike other backup software, + dump backs up an entire file system on a + device. It is unable to backup only part of a file system or + a directory tree that spans more than one file system. + dump does not write files and directories, + but rather writes the raw data blocks that comprise files and + directories. When used to extract data, + restore stores temporary files in + /tmp/ by default. When using a recovery + disk with a small /tmp, set + TMPDIR to a directory with more free space in + order for the restore to succeed. + + + If dump is used on the root + directory, it will not back up /home, + /usr or many other + directories since these are typically mount points for other + file systems or symbolic links into those file + systems. + + + dump has quirks that remain from its + early days in Version 6 of AT&T &unix;,circa 1975. The + default parameters are suitable for 9-track tapes (6250 bpi), + not the high-density media available today (up to 62,182 + ftpi). These defaults must be overridden on the command line + to utilize the capacity of current tape drives. + + + .rhosts + It is also possible to backup data across the network to a - tape drive attached to another computer with rdump and - rrestore. Both programs rely upon &man.rcmd.3; and - &man.ruserok.3; to access the remote tape drive. Therefore, - the user performing the backup must be listed in the - .rhosts file on the remote computer. The - arguments to rdump and rrestore must be suitable - to use on the remote computer. When - rdumping from a FreeBSD computer to an - Exabyte tape drive connected to a Sun called - komodo, use: + tape drive attached to another computer with + rdump and rrestore. + Both programs rely upon &man.rcmd.3; and &man.ruserok.3; to + access the remote tape drive. Therefore, the user performing + the backup must be listed in .rhosts on + the remote computer. The arguments to + rdump and rrestore must + be suitable to use on the remote computer. For example, to + rdump from a &os; computer to an Exabyte + tape drive connected to a host called + komodo, use: &prompt.root; /sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&1 - Beware: there are security implications to - allowing .rhosts authentication. Evaluate your - situation carefully. + There are security implications to allowing + .rhosts authentication, so use + with caution. It is also possible to use dump and - restore in a more secure fashion over - ssh. + restore in a more secure fashion over + ssh. - Using <command>dump</command> over <application>ssh</application> + Using <command>dump</command> over + <application>ssh</application> &prompt.root; /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz - - Or using dump's built-in method, - setting the environment variable RSH: + Or, use the built-in RSH: - Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set - - &prompt.root; RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr + Using <command>dump</command> over + <application>ssh</application> with <envar>RSH</envar> + Set + &prompt.root; env RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr - <command>tar</command> + - backup software - tar + backup software + tar - &man.tar.1; also dates back to Version 6 of AT&T UNIX - (circa 1975). tar operates in cooperation - with the file system; it writes files and - directories to tape. tar does not support the - full range of options that are available from &man.cpio.1;, but - it does not require the unusual command + &man.tar.1; also dates back to Version 6 of AT&T + &unix;, circa 1975. tar operates in + cooperation with the file system and writes files and + directories to tape. tar does not support + the full range of options that are available from + &man.cpio.1;, but it does not require the unusual command pipeline that cpio uses. tar - On FreeBSD 5.3 and later, both GNU tar - and the default bsdtar are available. The - GNU version can be invoked with gtar. It - supports remote devices using the same syntax as - rdump. To tar to an - Exabyte tape drive connected to a Sun called - komodo, use: - - &prompt.root; /usr/bin/gtar cf komodo:/dev/nsa8 . 2>&1 + To tar to an Exabyte tape drive + connected to a host called + komodo: - The same could be accomplished with - bsdtar by using a pipeline and - rsh to send the data to a remote tape - drive. + &prompt.root; tar cf - . | rsh komodo dd of=tape-device obs=20b - &prompt.root; tar cf - . | rsh hostname dd of=tape-device obs=20b - - If you are worried about the security of backing up over a - network you should use the ssh command - instead of rsh. + When backing up over an insecure network, instead use + ssh. <command>cpio</command> + - backup software - cpio + backup software + cpio &man.cpio.1; is the original &unix; file interchange tape - program for magnetic media. cpio has options - (among many others) to perform byte-swapping, write a number of - different archive formats, and pipe the data to other programs. - This last feature makes cpio an excellent - choice for installation media. cpio does not - know how to walk the directory tree and a list of files must be + program for magnetic media. cpio includes + options to perform byte-swapping, write a number of different + archive formats, and pipe the data to other programs. This + last feature makes cpio an excellent choice + for installation media. cpio does not know + how to walk the directory tree and a list of files must be provided through stdin. - cpio - cpio does not support backups across - the network. You can use a pipeline and rsh + + cpio + + + Since cpio does not support backups + across the network, use a pipeline and ssh to send the data to a remote tape drive. &prompt.root; for f in directory_list; do @@ -2464,109 +1872,127 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready done &prompt.root; cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device" - Where directory_list is the list of - directories you want to back up, - user@host is the - user/hostname combination that will be performing the backups, and - backup_device is where the backups should - be written to (e.g., /dev/nsa0). + Where directory_list is the + list of directories to back up, + user@host + is the user/hostname combination that will be performing the + backups, and backup_device is where + the backups should be written to, such as + /dev/nsa0). <command>pax</command> + - backup software - pax + backup software + pax pax POSIX IEEE - &man.pax.1; is IEEE/&posix;'s answer to + &man.pax.1; is the IEEE/&posix; answer to tar and cpio. Over the years the various versions of tar and - cpio have gotten slightly incompatible. So + cpio have become slightly incompatible. So rather than fight it out to fully standardize them, &posix; - created a new archive utility. pax attempts - to read and write many of the various cpio - and tar formats, plus new formats of its own. - Its command set more resembles cpio than - tar. + created a new archive utility. pax + attempts to read and write many of the various + cpio and tar formats, + plus new formats of its own. Its command set more resembles + cpio than tar. <application>Amanda</application> + - backup software - Amanda + backup software + Amanda + + + Amanda - Amanda Amanda (Advanced Maryland - Network Disk Archiver) is a client/server backup system, - rather than a single program. An Amanda server will backup to - a single tape drive any number of computers that have Amanda - clients and a network connection to the Amanda server. A - common problem at sites with a number of large disks is - that the length of time required to backup to data directly to tape - exceeds the amount of time available for the task. Amanda - solves this problem. Amanda can use a holding disk to - backup several file systems at the same time. Amanda creates - archive sets: a group of tapes used over a period of time to - create full backups of all the file systems listed in Amanda's - configuration file. The archive set also contains nightly - incremental (or differential) backups of all the file systems. - Restoring a damaged file system requires the most recent full - backup and the incremental backups. - - The configuration file provides fine control of backups and the - network traffic that Amanda generates. Amanda will use any of the - above backup programs to write the data to tape. Amanda is available - as either a port or a package, it is not installed by default. - + Network Disk Archiver) is a client/server backup system, + rather than a single program. An + Amanda server will backup to a + single tape drive any number of computers that have + Amanda clients and a network + connection to the Amanda server. A + common problem at sites with a number of large disks is that + the length of time required to backup to data directly to tape + exceeds the amount of time available for the task. + Amanda solves this problem by using + a holding disk to backup several file systems + at the same time. Amanda creates + archive sets: a group of tapes used over a + period of time to create full backups of all the file systems + listed in Amanda's configuration + file. The archive set also contains nightly + incremental, or differential, backups of all the file systems. + Restoring a damaged file system requires the most recent full + backup and the incremental backups. + + The configuration file provides fine grained control of + backups and the network traffic that + Amanda generates. + Amanda will use any of the above + backup programs to write the data to tape. + Amanda is not installed by + but is available as either a port or package. + Do Nothing - Do nothing is not a computer program, but it is the - most widely used backup strategy. There are no initial costs. There - is no backup schedule to follow. Just say no. If something happens - to your data, grin and bear it! + Do nothing is not a computer program, but + it is the most widely used backup strategy. There are no + initial costs. There is no backup schedule to follow. Just + say no. If something happens to your data, grin and bear + it! - If your time and your data is worth little to nothing, then - Do nothing is the most suitable backup program for your - computer. But beware, &unix; is a useful tool, you may find that within - six months you have a collection of files that are valuable to - you. + If your time and data is worth little to nothing, then + Do nothing is the most suitable backup program + for the computer. But beware, &os; is a useful tool and + over time it can be used to create a valuable collection of + files. Do nothing is the correct backup method for - /usr/obj and other directory trees that can be - exactly recreated by your computer. An example is the files that - comprise the HTML or &postscript; version of this Handbook. - These document formats have been created from SGML input - files. Creating backups of the HTML or &postscript; files is - not necessary. The SGML files are backed up regularly. + /usr/obj and other + directory trees that can be exactly recreated by the computer. + An example is the files that comprise the HTML or &postscript; + version of this Handbook. These document formats have been + created from XML input files. Creating backups of the HTML or + &postscript; files is not necessary if the XML files are + backed up regularly. Which Backup Program Is Best? + - LISA + LISA - &man.dump.8; Period. Elizabeth D. Zwicky - torture tested all the backup programs discussed here. The clear - choice for preserving all your data and all the peculiarities of &unix; - file systems is dump. Elizabeth created file systems containing - a large variety of unusual conditions (and some not so unusual ones) - and tested each program by doing a backup and restore of those - file systems. The peculiarities included: files with holes, files with - holes and a block of nulls, files with funny characters in their - names, unreadable and unwritable files, devices, files that change - size during the backup, files that are created/deleted during the - backup and more. She presented the results at LISA V in Oct. 1991. - See torture-testing + &man.dump.8; Period. Elizabeth D. + Zwicky torture tested all the backup programs discussed here. + The clear choice for preserving all your data and all the + peculiarities of &unix; file systems is + dump. Elizabeth created file systems + containing a large variety of unusual conditions (and some not + so unusual ones) and tested each program by doing a backup and + restore of those file systems. The peculiarities included: + files with holes, files with holes and a block of nulls, files + with funny characters in their names, unreadable and + unwritable files, devices, files that change size during the + backup, files that are created/deleted during the backup and + more. She presented the results at LISA V in Oct. 1991. See + torture-testing Backup and Archive Programs. @@ -2576,291 +2002,136 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready Before the Disaster - There are only four steps that you need to perform in + There are four steps which should be performed in preparation for any disaster that may occur. - bsdlabel - - - First, print the bsdlabel from each of your disks - (e.g. bsdlabel da0 | lpr), your file system table - (/etc/fstab) and all boot messages, - two copies of - each. - - fix-it floppies - Second, determine that the boot and fix-it floppies - (boot.flp and fixit.flp) - have all your devices. The easiest way to check is to reboot your - machine with the boot floppy in the floppy drive and check the boot - messages. If all your devices are listed and functional, skip on to - step three. - - Otherwise, you have to create two custom bootable - floppies which have a kernel that can mount all of your disks - and access your tape drive. These floppies must contain: - fdisk, bsdlabel, - newfs, mount, and - whichever backup program you use. These programs must be - statically linked. If you use dump, the - floppy must contain restore. - - Third, create backup tapes regularly. Any changes that you make - after your last backup may be irretrievably lost. Write-protect the - backup tapes. - - Fourth, test the floppies (either boot.flp - and fixit.flp or the two custom bootable - floppies you made in step two.) and backup tapes. Make notes of the - procedure. Store these notes with the bootable floppy, the - printouts and the backup tapes. You will be so distraught when - restoring that the notes may prevent you from destroying your backup - tapes (How? In place of tar xvf /dev/sa0, you - might accidentally type tar cvf /dev/sa0 and - over-write your backup tape). - - For an added measure of security, make bootable floppies and two - backup tapes each time. Store one of each at a remote location. A - remote location is NOT the basement of the same office building. A - number of firms in the World Trade Center learned this lesson the - hard way. A remote location should be physically separated from - your computers and disk drives by a significant distance. - - - A Script for Creating a Bootable Floppy - - /mnt/sbin/init -gzip -c -best /sbin/fsck > /mnt/sbin/fsck -gzip -c -best /sbin/mount > /mnt/sbin/mount -gzip -c -best /sbin/halt > /mnt/sbin/halt -gzip -c -best /sbin/restore > /mnt/sbin/restore - -gzip -c -best /bin/sh > /mnt/bin/sh -gzip -c -best /bin/sync > /mnt/bin/sync - -cp /root/.profile /mnt/root - -cp -f /dev/MAKEDEV /mnt/dev -chmod 755 /mnt/dev/MAKEDEV - -chmod 500 /mnt/sbin/init -chmod 555 /mnt/sbin/fsck /mnt/sbin/mount /mnt/sbin/halt -chmod 555 /mnt/bin/sh /mnt/bin/sync -chmod 6555 /mnt/sbin/restore - -# -# create the devices nodes -# -cd /mnt/dev -./MAKEDEV std -./MAKEDEV da0 -./MAKEDEV da1 -./MAKEDEV da2 -./MAKEDEV sa0 -./MAKEDEV pty0 -cd / - -# -# create minimum file system table -# -cat > /mnt/etc/fstab <<EOM -/dev/fd0a / ufs rw 1 1 -EOM - -# -# create minimum passwd file -# -cat > /mnt/etc/passwd <<EOM -root:*:0:0:Charlie &:/root:/bin/sh -EOM - -cat > /mnt/etc/master.passwd <<EOM -root::0:0::0:0:Charlie &:/root:/bin/sh -EOM - -chmod 600 /mnt/etc/master.passwd -chmod 644 /mnt/etc/passwd -/usr/sbin/pwd_mkdb -d/mnt/etc /mnt/etc/master.passwd - -# -# umount the floppy and inform the user -# -/sbin/umount /mnt -echo "The floppy has been unmounted and is now ready."]]> - - - + bsdlabel + + + First, print the bsdlabel of each disk using a command + such as bsdlabel da0 | lpr. Also print a + copy of /etc/fstab and all boot + messages. + + livefs CD + Second, burn a livefs CD. This CD + contains support for booting into a &os; + livefs rescue mode, allowing the user to + perform many tasks like running &man.dump.8;, + &man.restore.8;, &man.fdisk.8;, &man.bsdlabel.8;, + &man.newfs.8;, &man.mount.8;, and more. The livefs CD image + for &os;/&arch.i386; &rel2.current;-RELEASE is + available from ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel2.current;/&os;-&rel2.current;-RELEASE-&arch.i386;-livefs.iso. + + + Livefs CD images are not available for + &os; &rel.current;-RELEASE and later. In addition to + the CD-ROM installation images, flash drive installation + images may be used to recover a system. The + memstick image for + &os;/&arch.i386; &rel.current;-RELEASE is available + from ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/&arch.i386;/ISO-IMAGES/&rel.current;/&os;-&rel.current;-RELEASE-&arch.i386;-memstick.img. + + + Third, create backup tapes regularly. Any changes that + made after the last backup may be irretrievably lost. + Write-protect the backup media. + + Fourth, test the livefs CD and the + backups. Make notes of the procedure. Store these notes + with the CD, the printouts, and the backups. These notes + may prevent the inadvertent destruction of the backups while + under the stress of performing an emergency + recovery. + + For an added measure of security, store an extra + livefs CD and the latest backup at a + remote location, where a remote location is + not the basement of the same building. + A remote location should be physically separated from the + computers and disk drives by a significant distance. After the Disaster - The key question is: did your hardware survive? You have been - doing regular backups so there is no need to worry about the - software. - - If the hardware has been damaged, the parts should be replaced - before attempting to use the computer. - - If your hardware is okay, check your floppies. If you are using - a custom boot floppy, boot single-user (type -s - at the boot: prompt). Skip the following - paragraph. - - If you are using the boot.flp and - fixit.flp floppies, keep reading. Insert the - boot.flp floppy in the first floppy drive and - boot the computer. The original install menu will be displayed on - the screen. Select the Fixit--Repair mode with CDROM or - floppy. option. Insert the - fixit.flp when prompted. - restore and the other programs that you need are - located in /mnt2/rescue - (/mnt2/stand for - &os; versions older than 5.2). + First, determine if the hardware survived. Thanks + to regular, off-site backups, there is no need to worry + about the software. + + If the hardware has been damaged, the parts should be + replaced before attempting to use the computer. + + If the hardware is okay, insert the + livefs CD and boot the computer. The + original install menu will be displayed on the screen. + Select the correct country, then choose + Fixit -- Repair mode with CD-ROM/DVD/floppy or + start a shell. then select + CD-ROM/DVD -- Use the live filesystem + CD-ROM/DVD. + restore and the other needed programs + are located in /mnt2/rescue. Recover each file system separately. - mount - + mount + root partition - bsdlabel - + bsdlabel + - newfs - - Try to mount (e.g. mount /dev/da0a - /mnt) the root partition of your first disk. If the - bsdlabel was damaged, use bsdlabel to re-partition and - label the disk to match the label that you printed and saved. Use - newfs to re-create the file systems. Re-mount the root - partition of the floppy read-write (mount -u -o rw - /mnt). Use your backup program and backup tapes to - recover the data for this file system (e.g. restore vrf - /dev/sa0). Unmount the file system (e.g. umount - /mnt). Repeat for each file system that was - damaged. - - Once your system is running, backup your data onto new tapes. - Whatever caused the crash or data loss may strike again. Another - hour spent now may save you from further distress later. + newfs + + + Try to mount the root partition + of the first disk using mount /dev/da0a + /mnt. If the bsdlabel was damaged, use + bsdlabel to re-partition and label the + disk to match the label that was printed and saved. Use + newfs to re-create the file systems. + Re-mount the root partition of the disk read-write using + mount -u -o rw /mnt. Use the backups + to recover the data for this file system. Unmount the file + system with umount /mnt. Repeat for each + file system that was damaged. + + Once the system is running, backup the data onto new + media as whatever caused the crash or data loss may strike + again. Another hour spent now may save further distress + later. - Network, Memory, and File-Backed File Systems + + Network, Memory, and File-Backed File Systems + - MarcFonvieilleReorganized and enhanced by + + + Marc + Fonvieille + + Reorganized and enhanced by + - + virtual disks disks virtual - Aside from the disks you physically insert into your computer: - floppies, CDs, hard drives, and so forth; other forms of disks - are understood by FreeBSD - the virtual - disks. + In addition to physical disks such as floppies, CDs, and + hard drives, &os; also supports + virtual disks. NFS Coda @@ -2868,53 +2139,55 @@ echo "The floppy has been unmounted and is now ready."]]> disks memory - These include network file systems such as the Network File System and Coda, memory-based - file systems and - file-backed file systems. + These include network file systems such as the + Network File System and Coda, + memory-based file systems, and file-backed file systems. - According to the FreeBSD version you run, you will have to use - different tools for creation and use of file-backed and - memory-based file systems. + According to the &os; version, the tools used for the + creation and use of file-backed and memory-based file systems + differ. - Use &man.devfs.5; to allocate device nodes transparently for the - user. + Use &man.devfs.5; to allocate device nodes transparently + for the user. File-Backed File System + - disks - file-backed + disks + file-backed - The utility &man.mdconfig.8; is used to configure and enable - memory disks, &man.md.4;, under FreeBSD. To use - &man.mdconfig.8;, you have to load &man.md.4; module or to add - the support in your kernel configuration file: + &man.mdconfig.8; is used to configure and enable memory + disks, &man.md.4;, under &os;. To use &man.mdconfig.8;, + &man.md.4; must be first loaded. When using a custom kernel + configuration file, ensure it includes this line: device md - The &man.mdconfig.8; command supports three kinds of - memory backed virtual disks: memory disks allocated with - &man.malloc.9;, memory disks using a file or swap space as - backing. One possible use is the mounting of floppy - or CD images kept in files. + &man.mdconfig.8; supports several types of memory backed + virtual disks: memory disks allocated with &man.malloc.9; and + memory disks using a file or swap space as backing. One + possible use is the mounting of CD images. To mount an existing file system image: - Using <command>mdconfig</command> to Mount an Existing File System - Image + Using <command>mdconfig</command> to Mount an Existing + File System Image &prompt.root; mdconfig -a -t vnode -f diskimage -u 0 &prompt.root; mount /dev/md0 /mnt - To create a new file system image with &man.mdconfig.8;: + To create a new file system image with + &man.mdconfig.8;: - Creating a New File-Backed Disk with <command>mdconfig</command> + Creating a New File-Backed Disk with + <command>mdconfig</command> &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in @@ -2932,24 +2205,25 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/md0a 4710 4 4330 0% /mnt - If you do not specify the unit number with the - option, &man.mdconfig.8; will use the + If unit number is not specified with + , &man.mdconfig.8; uses the &man.md.4; automatic allocation to select an unused device. - The name of the allocated unit will be output on stdout like - md4. For more details about - &man.mdconfig.8;, please refer to the manual page. - - The utility &man.mdconfig.8; is very useful, however it - asks many command lines to create a file-backed file system. - FreeBSD also comes with a tool called &man.mdmfs.8;, - this program configures a &man.md.4; disk using - &man.mdconfig.8;, puts a UFS file system on it using - &man.newfs.8;, and mounts it using &man.mount.8;. For example, - if you want to create and mount the same file system image as - above, simply type the following: + The name of the allocated unit will be output to stdout, such + as md4. Refer to &man.mdconfig.8; + for more details about. + + While &man.mdconfig.8; is useful, it takes several + command lines to create a file-backed file system. &os; also + comes with &man.mdmfs.8; which automatically configures a + &man.md.4; disk using &man.mdconfig.8;, puts a UFS file system + on it using &man.newfs.8;, and mounts it using &man.mount.8;. + For example, to create and mount the same file system image as + above, type the following: - Configure and Mount a File-Backed Disk with <command>mdmfs</command> + Configure and Mount a File-Backed Disk with + <command>mdmfs</command> + &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in 5120+0 records out @@ -2959,30 +2233,29 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/md0 4718 4 4338 0% /mnt - If you use the option without unit - number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to + When is used without a unit number, + &man.mdmfs.8; uses the &man.md.4; auto-unit feature to automatically select an unused device. For more details - about &man.mdmfs.8;, please refer to the manual page. - + about &man.mdmfs.8;, refer to its manual page. Memory-Based File System + - disks - memory file system + disks + memory file system - For a - memory-based file system the swap backing - should normally be used. Using swap backing does not mean + For a memory-based file system, swap + backing should normally be used. This does not mean that the memory disk will be swapped out to disk by default, - but merely that the memory disk will be allocated from a + but rather that the memory disk will be allocated from a memory pool which can be swapped out to disk if needed. It is - also possible to create memory-based disk which are - &man.malloc.9; backed, but using malloc backed memory disks, - especially large ones, can result in a system panic if the - kernel runs out of memory. + also possible to create memory-based disks which are + &man.malloc.9; backed, but using large malloc backed memory + disks can result in a system panic if the kernel runs out of + memory. Creating a New Memory-Based Disk with @@ -3004,6 +2277,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on <example> <title>Creating a New Memory-Based Disk with <command>mdmfs</command> + &prompt.root; mdmfs -s 5m md2 /mnt &prompt.root; df /mnt Filesystem 1K-blocks Used Avail Capacity Mounted on @@ -3013,133 +2287,141 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Detaching a Memory Disk from the System + - disks - detaching a memory disk + disks + detaching a memory disk - When a memory-based or file-based file system - is not used, you should release all resources to the system. - The first thing to do is to unmount the file system, then use - &man.mdconfig.8; to detach the disk from the system and release - the resources. + When a memory-based or file-based file system is no + longer in use, its resources should be released back to + the system. First, unmount the file system, then use + &man.mdconfig.8; to detach the disk from the system and + release the resources. - For example to detach and free all resources used by + For example, to detach and free all resources used by /dev/md4: &prompt.root; mdconfig -d -u 4 It is possible to list information about configured - &man.md.4; devices in using the command mdconfig - -l. + &man.md.4; devices by running + mdconfig -l. - File System Snapshots + + File System Snapshots + - TomRhodesContributed by + + + Tom + Rhodes + + Contributed by + - - - file systems snapshots - FreeBSD offers a feature in conjunction with - Soft Updates: File system snapshots. - - Snapshots allow a user to create images of specified file - systems, and treat them as a file. - Snapshot files must be created in the file system that the - action is performed on, and a user may create no more than 20 - snapshots per file system. Active snapshots are recorded - in the superblock so they are persistent across unmount and - remount operations along with system reboots. When a snapshot - is no longer required, it can be removed with the standard &man.rm.1; - command. Snapshots may be removed in any order, - however all the used space may not be acquired because another snapshot will - possibly claim some of the released blocks. - - The un-alterable file flag is set + &os; offers a feature in conjunction with + Soft Updates: file system + snapshots. + + UFS snapshots allow a user to create images of specified + file systems, and treat them as a file. Snapshot files must be + created in the file system that the action is performed on, and + a user may create no more than 20 snapshots per file system. + Active snapshots are recorded in the superblock so they are + persistent across unmount and remount operations along with + system reboots. When a snapshot is no longer required, it can + be removed using &man.rm.1;. While snapshots may be removed in + any order, all the used space may not be acquired because + another snapshot will possibly claim some of the released + blocks. + + The un-alterable file flag is set by &man.mksnap.ffs.8; after initial creation of a snapshot file. - The &man.unlink.1; command makes an exception for snapshot files - since it allows them to be removed. + &man.unlink.1; makes an exception for snapshot files since it + allows them to be removed. - Snapshots are created with the &man.mount.8; command. To place - a snapshot of /var in the file - /var/snapshot/snap use the following - command: + Snapshots are created using &man.mount.8;. To place a + snapshot of /var in the + file /var/snapshot/snap, use the following + command: -&prompt.root; mount -u -o snapshot /var/snapshot/snap /var + &prompt.root; mount -u -o snapshot /var/snapshot/snap /var - Alternatively, you can use &man.mksnap.ffs.8; to create - a snapshot: -&prompt.root; mksnap_ffs /var /var/snapshot/snap + Alternatively, use &man.mksnap.ffs.8; to create the + snapshot: - One can find snapshot files on a file system (e.g. /var) - by using the &man.find.1; command: -&prompt.root; find /var -flags snapshot + &prompt.root; mksnap_ffs /var /var/snapshot/snap - Once a snapshot has been created, it has several - uses: + One can find snapshot files on a file system, such as + /var, using + &man.find.1;: - - - Some administrators will use a snapshot file for backup purposes, - because the snapshot can be transfered to CDs or tape. - + &prompt.root; find /var -flags snapshot - - The file system integrity checker, &man.fsck.8;, may be run on the snapshot. - Assuming that the file system was clean when it was mounted, you - should always get a clean (and unchanging) result. - This is essentially what the - background &man.fsck.8; process does. - + Once a snapshot has been created, it has several + uses: - - Run the &man.dump.8; utility on the snapshot. - A dump will be returned that is consistent with the - file system and the timestamp of the snapshot. &man.dump.8; - can also take a snapshot, create a dump image and then - remove the snapshot in one command using the - flag. - + + + Some administrators will use a snapshot file for backup + purposes, because the snapshot can be transferred to CDs or + tape. + - - &man.mount.8; the snapshot as a frozen image of the file system. - To &man.mount.8; the snapshot - /var/snapshot/snap run: + + The file system integrity checker, &man.fsck.8;, may be + run on the snapshot. Assuming that the file system was + clean when it was mounted, this should always provide a + clean and unchanging result. + -&prompt.root; mdconfig -a -t vnode -f /var/snapshot/snap -u 4 -&prompt.root; mount -r /dev/md4 /mnt + + Running &man.dump.8; on the snapshot will produce a dump + file that is consistent with the file system and the + timestamp of the snapshot. &man.dump.8; can also take a + snapshot, create a dump image, and then remove the snapshot + in one command by using . + - - + + The snapshot can be mounted as a frozen image of the + file system. To &man.mount.8; the snapshot + /var/snapshot/snap run: + + &prompt.root; mdconfig -a -t vnode -f /var/snapshot/snap -u 4 +&prompt.root; mount -r /dev/md4 /mnt + + - You can now walk the hierarchy of your frozen /var - file system mounted at /mnt. Everything will - initially be in the same state it was during the snapshot creation time. - The only exception is that any earlier snapshots will appear - as zero length files. When the use of a snapshot has delimited, - it can be unmounted with: + The frozen /var is now available + through /mnt. Everything will initially be + in the same state it was during the snapshot creation time. The + only exception is that any earlier snapshots will appear as zero + length files. To unmount the snapshot, use: -&prompt.root; umount /mnt + &prompt.root; umount /mnt &prompt.root; mdconfig -d -u 4 - For more information about and - file system snapshots, including technical papers, you can visit - Marshall Kirk McKusick's website at - http://www.mckusick.com/. + For more information about and + file system snapshots, including technical papers, visit + Marshall Kirk McKusick's website at http://www.mckusick.com/. File System Quotas + accounting disk space @@ -3147,145 +2429,139 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on disk quotas Quotas are an optional feature of the operating system that - allow you to limit the amount of disk space and/or the number of + can be used to limit the amount of disk space or the number of files a user or members of a group may allocate on a per-file - system basis. This is used most often on timesharing systems where - it is desirable to limit the amount of resources any one user or - group of users may allocate. This will prevent one user or group - of users from consuming all of the available disk space. + system basis. This is used most often on timesharing systems + where it is desirable to limit the amount of resources any one + user or group of users may allocate. This prevents one user or + group of users from consuming all of the available disk + space. - Configuring Your System to Enable Disk Quotas + Configuring the System to Enable Disk Quotas - Before attempting to use disk quotas, it is necessary to make - sure that quotas are configured in your kernel. This is done by - adding the following line to your kernel configuration - file: + Before using disk quotas, quota support must be added to + the kernel by adding the following line to the kernel + configuration file: options QUOTA - The stock GENERIC kernel does not have - this enabled by default, so you will have to configure, build and - install a custom kernel in order to use disk quotas. Please refer - to for more information on kernel - configuration. + Before &os; 9.2, the GENERIC + kernel usually did not include this option. + sysctl kern.features.ufs_quota can be used + to test whether the current kernel supports quotas. If the + option is not present, a custom kernel must be compiled. + Refer to for more information + on kernel configuration. - Next you will need to enable disk quotas in - /etc/rc.conf. This is done by adding the - line: + Next, enable disk quotas in + /etc/rc.conf: + + quota_enable="YES" - enable_quotas="YES" - disk quotas - checking + disk quotas + checking - For finer control over your quota startup, there is an - additional configuration variable available. Normally on bootup, - the quota integrity of each file system is checked by the - &man.quotacheck.8; program. The - &man.quotacheck.8; facility insures that the data in - the quota database properly reflects the data on the file system. - This is a very time consuming process that will significantly - affect the time your system takes to boot. If you would like to - skip this step, a variable in /etc/rc.conf - is made available for the purpose: + For finer control over quota startup, an additional + configuration variable is available. Normally on bootup, the + quota integrity of each file system is checked by + &man.quotacheck.8;. This program insures that the data in the + quota database properly reflects the data on the file system. + This is a time consuming process that will significantly + affect the time the system takes to boot. To skip this step, + add this variable to /etc/rc.conf: check_quotas="NO" - Finally you will need to edit /etc/fstab - to enable disk quotas on a per-file system basis. This is where - you can either enable user or group quotas or both for all of your - file systems. + Finally, edit /etc/fstab to enable + disk quotas on a per-file system basis. This is when user or + group quotas can be enabled on the file systems. - To enable per-user quotas on a file system, add the - option to the options field in the - /etc/fstab entry for the file system you want - to enable quotas on. For example: + To enable per-user quotas on a file system, add + to the options field in the + /etc/fstab entry for the file system to + enable quotas on. For example: /dev/da1s2g /home ufs rw,userquota 1 2 - Similarly, to enable group quotas, use the - option instead of - . To enable both user and - group quotas, change the entry as follows: + To enable group quotas, instead use + . To enable both user and group + quotas, change the entry as follows: /dev/da1s2g /home ufs rw,userquota,groupquota 1 2 - By default, the quota files are stored in the root directory of - the file system with the names quota.user and - quota.group for user and group quotas - respectively. See &man.fstab.5; for more - information. Even though the &man.fstab.5; manual page says that - you can specify - an alternate location for the quota files, this is not recommended - because the various quota utilities do not seem to handle this + By default, the quota files are stored in the root + directory of the file system as + quota.user and + quota.group. Refer to &man.fstab.5; for + more information. Even though an alternate location for the + quota files can be specified, this is not recommended because + the various quota utilities do not seem to handle this properly. - At this point you should reboot your system with your new - kernel. /etc/rc will automatically run the - appropriate commands to create the initial quota files for all of - the quotas you enabled in /etc/fstab, so - there is no need to manually create any zero length quota - files. - - In the normal course of operations you should not be required - to run the &man.quotacheck.8;, - &man.quotaon.8;, or &man.quotaoff.8; - commands manually. However, you may want to read their manual pages - just to be familiar with their operation. + Once the configuration is complete, reboot the system + with the new kernel. /etc/rc will + automatically run the appropriate commands to create the + initial quota files for all of the quotas enabled in + /etc/fstab. There is no need to + manually create any zero length quota files. + + In the normal course of operations, there should be no + need to manually run &man.quotacheck.8;, &man.quotaon.8;, or + &man.quotaoff.8;. However, one should read their manual pages + to be familiar with their operation. Setting Quota Limits + - disk quotas - limits + disk quotas + limits - Once you have configured your system to enable quotas, verify - that they really are enabled. An easy way to do this is to - run: + Once the system has been configured to enable quotas, + verify they really are enabled by running: &prompt.root; quota -v - You should see a one line summary of disk usage and current - quota limits for each file system that quotas are enabled - on. + There should be a one line summary of disk usage and + current quota limits for each file system that quotas are + enabled on. - You are now ready to start assigning quota limits with the - &man.edquota.8; command. + The system is now ready to be assigned quota limits with + &man.edquota.8;. - You have several options on how to enforce limits on the - amount of disk space a user or group may allocate, and how many - files they may create. You may limit allocations based on disk - space (block quotas) or number of files (inode quotas) or a - combination of both. Each of these limits are further broken down + Several options are available to enforce limits on the + amount of disk space a user or group may allocate, and how + many files they may create. Allocations can be limited based + on disk space (block quotas), number of files (inode quotas), + or a combination of both. Each limits is further broken down into two categories: hard and soft limits. hard limit - A hard limit may not be exceeded. Once a user reaches his - hard limit he may not make any further allocations on the file - system in question. For example, if the user has a hard limit of - 500 kbytes on a file system and is currently using 490 kbytes, the - user can only allocate an additional 10 kbytes. Attempting to - allocate an additional 11 kbytes will fail. + A hard limit may not be exceeded. Once a user reaches a + hard limit, no further allocations can be made on that file + system by that user. For example, if the user has a hard + limit of 500 kbytes on a file system and is currently using + 490 kbytes, the user can only allocate an additional 10 + kbytes. Attempting to allocate an additional 11 kbytes will + fail. soft limit - Soft limits, on the other hand, can be exceeded for a limited - amount of time. This period of time is known as the grace period, - which is one week by default. If a user stays over his or her - soft limit longer than the grace period, the soft limit will - turn into a hard limit and no further allocations will be allowed. - When the user drops back below the soft limit, the grace period - will be reset. - - The following is an example of what you might see when you run - the &man.edquota.8; command. When the - &man.edquota.8; command is invoked, you are placed into - the editor specified by the EDITOR environment - variable, or in the vi editor if the - EDITOR variable is not set, to allow you to edit - the quota limits. + Soft limits can be exceeded for a limited amount of time, + known as the grace period, which is one week by default. If a + user stays over their limit longer than the grace period, the + soft limit turns into a hard limit and no further allocations + are allowed. When the user drops back below the soft limit, + the grace period is reset. + + The following is an example output from &man.edquota.8;. + When &man.edquota.8; is invoked, the editor specified by + EDITOR is opened in order to edit the quota + limits. The default editor is set to + vi. &prompt.root; edquota -u test @@ -3295,12 +2571,13 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /usr/var: kbytes in use: 0, limits (soft = 50, hard = 75) inodes in use: 0, limits (soft = 50, hard = 60) - You will normally see two lines for each file system that has - quotas enabled. One line for the block limits, and one line for - inode limits. Simply change the value you want updated to modify - the quota limit. For example, to raise this user's block limit - from a soft limit of 50 and a hard limit of 75 to a soft limit of - 500 and a hard limit of 600, change: + There are normally two lines for each file system that + has quotas enabled. One line represents the block limits and + the other represents the inode limits. Change the value to + modify the quota limit. For example, to raise this + user's block limit from a soft limit of 50 and a hard limit of + 75 to a soft limit of 500 and a hard limit of 600, + change: /usr: kbytes in use: 65, limits (soft = 50, hard = 75) @@ -3308,44 +2585,43 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /usr: kbytes in use: 65, limits (soft = 500, hard = 600) - The new quota limits will be in place when you exit the + The new quota limits take affect upon exiting the editor. - Sometimes it is desirable to set quota limits on a range of - UIDs. This can be done by use of the option - on the &man.edquota.8; command. First, assign the - desired quota limit to a user, and then run + Sometimes it is desirable to set quota limits on a range + of UIDs. This can be done by passing to + &man.edquota.8;. First, assign the desired quota limit to a + user, then run edquota -p protouser startuid-enduid. For - example, if user test has the desired quota - limits, the following command can be used to duplicate those quota - limits for UIDs 10,000 through 19,999: + example, if test has + the desired quota limits, the following command will duplicate + those quota limits for UIDs 10,000 through 19,999: &prompt.root; edquota -p test 10000-19999 - For more information see &man.edquota.8; manual page. + For more information, refer to &man.edquota.8;. Checking Quota Limits and Disk Usage + - disk quotas - checking + disk quotas + checking - You can use either the &man.quota.1; or the - &man.repquota.8; commands to check quota limits and - disk usage. The &man.quota.1; command can be used to - check individual user or group quotas and disk usage. A user - may only examine his own quota, and the quota of a group he - is a member of. Only the super-user may view all user and group - quotas. The - &man.repquota.8; command can be used to get a summary - of all quotas and disk usage for file systems with quotas - enabled. - - The following is some sample output from the - quota -v command for a user that has quota - limits on two file systems. + Either &man.quota.1; or &man.repquota.8; can be used to + check quota limits and disk usage. To check individual user + or group quotas and disk usage, use &man.quota.1;. A user + may only examine their own quota and the quota of a group they + are a member of. Only the superuser may view all user and + group quotas. To get a summary of all quotas and disk usage + for file systems with quotas enabled, use + &man.repquota.8;. + + The following is sample output from + quota -v for a user that has quota limits + on two file systems. Disk quotas for user test (uid 1002): Filesystem usage quota limit grace files quota limit grace @@ -3353,29 +2629,31 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /usr/var 0 50 75 0 50 60 grace period - On the /usr file system in the above - example, this user is currently 15 kbytes over the soft limit of - 50 kbytes and has 5 days of the grace period left. Note the - asterisk * which indicates that the user is - currently over his quota limit. - - Normally file systems that the user is not using any disk - space on will not show up in the output from the - &man.quota.1; command, even if he has a quota limit - assigned for that file system. The option - will display those file systems, such as the - /usr/var file system in the above + + In this example, the user is currently 15 kbytes over the + soft limit of 50 kbytes on /usr and has 5 + days of grace period left. The asterisk * + indicates that the user is currently over the quota + limit. + + Normally, file systems that the user is not using any disk + space on will not show in the output of &man.quota.1;, even if + the user has a quota limit assigned for that file system. Use + to display those file systems, such as + /usr/var in the above example. Quotas over NFS + NFS - Quotas are enforced by the quota subsystem on the NFS server. - The &man.rpc.rquotad.8; daemon makes quota information available - to the &man.quota.1; command on NFS clients, allowing users on - those machines to see their quota statistics. + Quotas are enforced by the quota subsystem on the NFS + server. The &man.rpc.rquotad.8; daemon makes quota + information available to &man.quota.1; on NFS clients, + allowing users on those machines to see their quota + statistics. Enable rpc.rquotad in /etc/inetd.conf like so: @@ -3384,235 +2662,248 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Now restart inetd: - &prompt.root; kill -HUP `cat /var/run/inetd.pid` + &prompt.root; service inetd restart - - Encrypting Disk Partitions + + Encrypting Disk Partitions + - LuckyGreenContributed by -
shamrock@cypherpunks.to
- + + + Lucky + Green + + Contributed by + +
+ shamrock@cypherpunks.to +
+ + - - disks - encrypting - - FreeBSD offers excellent online protections against - unauthorized data access. File permissions and Mandatory - Access Control (MAC) (see ) help prevent - unauthorized third-parties from accessing data while the operating - system is active and the computer is powered up. However, - the permissions enforced by the operating system are irrelevant if an - attacker has physical access to a computer and can simply move - the computer's hard drive to another system to copy and analyze - the sensitive data. - - Regardless of how an attacker may have come into possession of - a hard drive or powered-down computer, both GEOM - Based Disk Encryption (gbde) and - geli cryptographic subsystems in &os; are able - to protect the data on the computer's file systems against even - highly-motivated attackers with significant resources. Unlike - cumbersome encryption methods that encrypt only individual files, - gbde and geli transparently - encrypt entire file systems. No cleartext ever touches the hard - drive's platter. + encrypting + + + &os; offers excellent online protections against + unauthorized data access. File permissions and + Mandatory Access Control (MAC) help + prevent unauthorized users from accessing data while the + operating system is active and the computer is powered up. + However, the permissions enforced by the operating system are + irrelevant if an attacker has physical access to a computer and + can move the computer's hard drive to another system to copy and + analyze the data. + + Regardless of how an attacker may have come into possession + of a hard drive or powered-down computer, both the GEOM Based + Disk Encryption (gbde) and + geli cryptographic subsystems in &os; are + able to protect the data on the computer's file systems against + even highly-motivated attackers with significant resources. + Unlike cumbersome encryption methods that encrypt only + individual files, gbde and + geli transparently encrypt entire file + systems. No cleartext ever touches the hard drive's + platter. - Disk Encryption with <application>gbde</application> + Disk Encryption with + <application>gbde</application> - Become <systemitem class="username">root</systemitem> - Configuring gbde requires - super-user privileges. + superuser privileges. &prompt.user; su - Password: - Add &man.gbde.4; Support to the Kernel Configuration File - - Add the following line to the kernel configuration - file: + If using a custom kernel configuration file, ensure it + contains this line: options GEOM_BDE - Rebuild the kernel as described in . + If the kernel already contains this support, use + kldload to load &man.gbde.4;: - Reboot into the new kernel. + &prompt.root; kldload geom_bde - - - An alternative to recompiling the kernel is to use - kldload to load &man.gbde.4;: - - &prompt.root; kldload geom_bde - - - Preparing the Encrypted Hard Drive - - The following example assumes that you are adding a new hard - drive to your system that will hold a single encrypted partition. - This partition will be mounted as /private. - gbde can also be used to encrypt - /home and /var/mail, but - this requires more complex instructions which exceed the scope of - this introduction. - - - - Add the New Hard Drive - - Install the new drive to the system as explained in . For the purposes of this example, - a new hard drive partition has been added as - /dev/ad4s1c. The - /dev/ad0s1* - devices represent existing standard FreeBSD partitions on - the example system. - - &prompt.root; ls /dev/ad* + + Preparing the Encrypted Hard Drive + + The following example demonstrates adding a new hard + drive to a system that will hold a single encrypted + partition. This partition will be mounted as + /private. + gbde can also be used to encrypt + /home and + /var/mail, but this + requires more complex instructions which exceed the scope of + this introduction. + + + + Add the New Hard Drive + + Install the new drive to the system as explained in + . For the purposes + of this example, a new hard drive partition has been + added as /dev/ad4s1c and + /dev/ad0s1* + represents the existing standard &os; partitions. + + &prompt.root; ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 /dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c /dev/ad0s1a /dev/ad0s1d /dev/ad4 - + - - Create a Directory to Hold gbde Lock Files - - &prompt.root; mkdir /etc/gbde - - The gbde lock file contains - information that gbde requires to - access encrypted partitions. Without access to the lock file, - gbde will not be able to decrypt - the data contained in the encrypted partition without - significant manual intervention which is not supported by the - software. Each encrypted partition uses a separate lock - file. - + + Create a Directory to Hold <command>gbde</command> + Lock Files - - Initialize the gbde Partition + &prompt.root; mkdir /etc/gbde - A gbde partition must be - initialized before it can be used. This initialization needs to - be performed only once: + The gbde lock file + contains information that + gbde requires to access + encrypted partitions. Without access to the lock file, + gbde will not be able to + decrypt the data contained in the encrypted partition + without significant manual intervention which is not + supported by the software. Each encrypted partition + uses a separate lock file. + - &prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c + + Initialize the <command>gbde</command> + Partition - &man.gbde.8; will open your editor, permitting you to set - various configuration options in a template. For use with UFS1 - or UFS2, set the sector_size to 2048: + A gbde partition must be + initialized before it can be used. This initialization + needs to be performed only once: - $FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $ + &prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock + + &man.gbde.8; will open the default editor, in order + to set various configuration options in a template. For + use with UFS1 or UFS2, set the sector_size to + 2048: + + # $FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $ # # Sector size is the smallest unit of data which can be read or written. # Making it too small decreases performance and decreases available space. # Making it too large may prevent filesystems from working. 512 is the # minimum and always safe. For UFS, use the fragment size # -sector_size = 2048 -[...] - - - &man.gbde.8; will ask you twice to type the passphrase that - should be used to secure the data. The passphrase must be the - same both times. gbde's ability to - protect your data depends entirely on the quality of the - passphrase that you choose. - - For tips on how to select a secure passphrase that is easy - to remember, see the Diceware - Passphrase website. - - The gbde init command creates a lock - file for your gbde partition that in - this example is stored as - /etc/gbde/ad4s1c. - - - gbde lock files - must be backed up together with the - contents of any encrypted partitions. While deleting a lock - file alone cannot prevent a determined attacker from - decrypting a gbde partition, - without the lock file, the legitimate owner will be unable - to access the data on the encrypted partition without a - significant amount of work that is totally unsupported by - &man.gbde.8; and its designer. - - - - - Attach the Encrypted Partition to the Kernel - - &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c - - You will be asked to provide the passphrase that you - selected during the initialization of the encrypted partition. - The new encrypted device will show up in - /dev as - /dev/device_name.bde: - - &prompt.root; ls /dev/ad* +sector_size = 2048 +[...] + + &man.gbde.8; will ask the user twice to type the + passphrase used to secure the data. The passphrase must + be the same both times. The ability of + gbde to protect data depends + entirely on the quality of the passphrase. For tips on + how to select a secure passphrase that is easy to + remember, see the Diceware + Passphrase website. + + gbde initcreates a lock file for + the gbde partition. In this + example, it is stored as + /etc/gbde/ad4s1c.lock. + gbde lock files must end in + .lock in order to be correctly detected + by the /etc/rc.d/gbde start up + script. + + + gbde lock files + must be backed up together with + the contents of any encrypted partitions. While + deleting a lock file alone cannot prevent a determined + attacker from decrypting a + gbde partition, without the + lock file, the legitimate owner will be unable to + access the data on the encrypted partition without a + significant amount of work that is totally unsupported + by &man.gbde.8;. + + + + + Attach the Encrypted Partition to the + Kernel + + &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock + + This command will prompt to input the passphrase + that was selected during the initialization of the + encrypted partition. The new encrypted device will + appear in + /dev as + /dev/device_name.bde: + + &prompt.root; ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 /dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c /dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde - + - - Create a File System on the Encrypted Device - - Once the encrypted device has been attached to the kernel, - you can create a file system on the device. To create a file - system on the encrypted device, use &man.newfs.8;. Since it is - much faster to initialize a new UFS2 file system than it is to - initialize the old UFS1 file system, using &man.newfs.8; with - the option is recommended. - - &prompt.root; newfs -U -O2 /dev/ad4s1c.bde - - - The &man.newfs.8; command must be performed on an - attached gbde partition which - is identified by a - *.bde - extension to the device name. - - + + Create a File System on the Encrypted + Device - - Mount the Encrypted Partition + Once the encrypted device has been attached to the + kernel, a file system can be created on the device using + &man.newfs.8;. This example creates a UFS2 file + system with soft updates enabled. - Create a mount point for the encrypted file system. + &prompt.root; newfs -U /dev/ad4s1c.bde - &prompt.root; mkdir /private + + &man.newfs.8; must be performed on an attached + gbde partition which is + identified by a + *.bde + extension to the device name. + + - Mount the encrypted file system. + + Mount the Encrypted Partition - &prompt.root; mount /dev/ad4s1c.bde /private - + Create a mount point for the encrypted file + system: - - Verify That the Encrypted File System is Available + &prompt.root; mkdir /private - The encrypted file system should now be visible to - &man.df.1; and be available for use. + Mount the encrypted file system: + + &prompt.root; mount /dev/ad4s1c.bde /private + + + + Verify That the Encrypted File System is + Available - &prompt.user; df -H + The encrypted file system should now be visible to + &man.df.1; and be available for use. + + &prompt.user; df -H Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1a 1037M 72M 883M 8% / /devfs 1.0K 1.0K 0B 100% /dev @@ -3620,233 +2911,245 @@ Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1e 1037M 1.1M 953M 0% /tmp /dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr /dev/ad4s1c.bde 150G 4.1K 138G 0% /private - - - - - - Mounting Existing Encrypted File Systems - - After each boot, any encrypted file systems must be - re-attached to the kernel, checked for errors, and mounted, before - the file systems can be used. The required commands must be - executed as user root. - - - - Attach the gbde Partition to the Kernel - - &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c + + + - You will be asked to provide the passphrase that you - selected during initialization of the encrypted - gbde partition. - + + Mounting Existing Encrypted File Systems - - Check the File System for Errors + After each boot, any encrypted file systems must be + re-attached to the kernel, checked for errors, and mounted, + before the file systems can be used. The required commands + must be executed as + root. - Since encrypted file systems cannot yet be listed in - /etc/fstab for automatic mounting, the - file systems must be checked for errors by running &man.fsck.8; - manually before mounting. + + + Attach the <command>gbde</command> Partition to the + Kernel - &prompt.root; fsck -p -t ffs /dev/ad4s1c.bde - + &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock - - Mount the Encrypted File System + This command will prompt for the passphrase that was + selected during initialization of the encrypted + gbde partition. + - &prompt.root; mount /dev/ad4s1c.bde /private + + Check the File System for Errors - The encrypted file system is now available for use. - - + Since encrypted file systems cannot yet be listed in + /etc/fstab for automatic mounting, + the file systems must be checked for errors by running + &man.fsck.8; manually before mounting: - - Automatically Mounting Encrypted Partitions + &prompt.root; fsck -p -t ffs /dev/ad4s1c.bde + - It is possible to create a script to automatically attach, - check, and mount an encrypted partition, but for security reasons - the script should not contain the &man.gbde.8; password. Instead, - it is recommended that such scripts be run manually while - providing the password via the console or &man.ssh.1;. + + Mount the Encrypted File System - As an alternative, an rc.d script is - provided. Arguments for this script can be passed via - &man.rc.conf.5;, for example: + &prompt.root; mount /dev/ad4s1c.bde /private - gbde_autoattach_all="YES" -gbde_devices="ad4s1c" + The encrypted file system is now available for + use. + + - This will require that the gbde - passphrase be entered at boot time. After typing the correct - passphrase, the gbde encrypted - partition will be mounted automatically. This can be very - useful when using gbde on - notebooks. - - + + Automatically Mounting Encrypted Partitions + + It is possible to create a script to automatically + attach, check, and mount an encrypted partition, but for + security reasons the script should not contain the + &man.gbde.8; password. Instead, it is recommended that + such scripts be run manually while providing the password + via the console or &man.ssh.1;. + + As an alternative, an rc.d script + is provided. Arguments for this script can be passed via + &man.rc.conf.5;: + + gbde_autoattach_all="YES" +gbde_devices="ad4s1c" +gbde_lockdir="/etc/gbde" + + This requires that the + gbde passphrase be entered at + boot time. After typing the correct passphrase, the + gbde encrypted partition will + be mounted automatically. This can be useful when using + gbde on laptops. + + - Cryptographic Protections Employed by gbde - - &man.gbde.8; encrypts the sector payload using 128-bit AES in - CBC mode. Each sector on the disk is encrypted with a different - AES key. For more information on gbde's - cryptographic design, including how the sector keys are derived - from the user-supplied passphrase, see &man.gbde.4;. + Cryptographic Protections Employed by + <command>gbde</command> + + &man.gbde.8; encrypts the sector payload using 128-bit + AES in CBC mode. Each sector on the disk is encrypted with + a different AES key. For more information on the + cryptographic design, including how the sector keys are + derived from the user-supplied passphrase, refer to + &man.gbde.4;. Compatibility Issues &man.sysinstall.8; is incompatible with - gbde-encrypted devices. All - *.bde devices must be detached from the - kernel before starting &man.sysinstall.8; or it will crash during - its initial probing for devices. To detach the encrypted device - used in our example, use the following command: + gbde-encrypted devices. All + *.bde + devices must be detached from the kernel before starting + &man.sysinstall.8; or it will crash during its initial + probing for devices. To detach the encrypted device used in + the example, use the following command: + &prompt.root; gbde detach /dev/ad4s1c - Also note that, as &man.vinum.4; does not use the - &man.geom.4; subsystem, you cannot use - gbde with - vinum volumes. - - Disk Encryption with <command>geli</command> + + Disk Encryption with <command>geli</command> + - DanielGerzoContributed by + + + Daniel + Gerzo + + Contributed by + - - - - A new cryptographic GEOM class is available as of &os; 6.0 - - geli. It is currently being developed by - &a.pjd;. Geli is different to - gbde; it offers different features and uses + An alternative cryptographic GEOM class is available + through &man.geli.8;. geli differs from + gbde; offers different features, and uses a different scheme for doing cryptographic work. - The most important features of &man.geli.8; are: + &man.geli.8; provides the following features: - Utilizes the &man.crypto.9; framework — when - cryptographic hardware is available, geli - will use it automatically. + Utilizes the &man.crypto.9; framework and, when + cryptographic hardware is available, + geli uses it automatically. + - Supports multiple cryptographic algorithms (currently - AES, Blowfish, and 3DES). + Supports multiple cryptographic algorithms such as + AES, Blowfish, and 3DES. + Allows the root partition to be encrypted. The - passphrase used to access the encrypted root partition will - be requested during the system boot. + passphrase used to access the encrypted root partition + will be requested during system boot. + - Allows the use of two independent keys (e.g. a - key and a company key). + Allows the use of two independent keys such as a + key and a + company key. + - geli is fast - performs simple + geli is fast as it performs simple sector-to-sector encryption. + - Allows backup and restore of Master Keys. When a user - has to destroy his keys, it will be possible to get access - to the data again by restoring keys from the backup. + Allows backup and restore of master keys. If a user + destroys their keys, it is still possible to get access + to the data by restoring keys from the backup. + - Allows to attach a disk with a random, one-time key - — useful for swap partitions and temporary file + Allows a disk to attach with a random, one-time key + which is useful for swap partitions and temporary file systems. - More geli features can be found in the - &man.geli.8; manual page. + More geli features can be found in + &man.geli.8;. - The next steps will describe how to enable support for - geli in the &os; kernel and will explain how - to create a new geli encryption provider. At - the end it will be demonstrated how to create an encrypted swap - partition using features provided by geli. + This section describes how to enable support for + geli in the &os; kernel and explains how + to create and use a geli encryption + provider. - In order to use geli, you must be running - &os; 6.0-RELEASE or later. Super-user privileges will be - required since modifications to the kernel are necessary. + Superuser privileges are required since modifications + to the kernel are necessary. - Adding <command>geli</command> Support to the Kernel - Configuration File - - Add the following lines to the kernel configuration - file: + Adding <command>geli</command> Support to the + Kernel - options GEOM_ELI -device crypto + For a custom kernel, ensure the kernel configuration + file contains these lines: - Rebuild the kernel as described in . + options GEOM_ELI +device crypto Alternatively, the geli module can - be loaded at boot time. Add the following line to the + be loaded at boot time by adding the following line to /boot/loader.conf: - geom_eli_load="YES" + geom_eli_load="YES" - &man.geli.8; should now be supported by the kernel. + &man.geli.8; should now be supported by the + kernel. Generating the Master Key - The following example will describe how to generate a - key file, which will be used as part of the Master Key for + The following example describes how to generate a + key file which will be used as part of the master key for the encrypted provider mounted under /private. The key file will provide some random data used to encrypt the - Master Key. The Master Key will be protected by a - passphrase as well. Provider's sector size will be 4kB big. - Furthermore, the discussion will describe how to attach the + master key. The master key will also be protected by a + passphrase. The provider's sector size will be 4kB. + The example will describe how to attach to the geli provider, create a file system on - it, how to mount it, how to work with it, and finally how to - detach it. + it, mount it, work with it, and finally, how to detach + it. - It is recommended to use a bigger sector size (like 4kB) for - better performance. + It is recommended to use a bigger sector size, such as + 4kB, for better performance. - The Master Key will be protected with a passphrase and - the data source for key file will be + The master key will be protected with a passphrase and + the data source for the key file will be /dev/random. The sector size of - /dev/da2.eli, which we call provider, - will be 4kB. + the provider /dev/da2.eli will be + 4kB. &prompt.root; dd if=/dev/random of=/root/da2.key bs=64 count=1 &prompt.root; geli init -s 4096 -K /root/da2.key /dev/da2 Enter new passphrase: Reenter new passphrase: - It is not mandatory that both a passphrase and a key - file are used; either method of securing the Master Key can - be used in isolation. + It is not mandatory to use both a passphrase and a key + file as either method of securing the master key can be + used in isolation. - If key file is given as -, standard + If the key file is given as -, standard input will be used. This example shows how more than one - key file can be used. + key file can be used: &prompt.root; cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2 - Attaching the Provider with the generated Key + Attaching the Provider with the Generated Key &prompt.root; geli attach -k /root/da2.key /dev/da2 Enter passphrase: @@ -3859,14 +3162,14 @@ Enter passphrase: - Creating the new File System + Creating the New File System &prompt.root; dd if=/dev/random of=/dev/da2.eli bs=1m &prompt.root; newfs /dev/da2.eli &prompt.root; mount /dev/da2.eli /private - The encrypted file system should be visible to &man.df.1; - and be available for use now. + The encrypted file system should now be visible to + &man.df.1; and be available for use: &prompt.root; df -H Filesystem Size Used Avail Capacity Mounted on @@ -3876,17 +3179,16 @@ Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1d 989M 1.5M 909M 0% /tmp /dev/ad0s1e 3.9G 1.3G 2.3G 35% /var /dev/da2.eli 150G 4.1K 138G 0% /private - Unmounting and Detaching the Provider Once the work on the encrypted partition is done, and - the /private partition - is no longer needed, it is prudent to consider unmounting - and detaching the geli encrypted - partition from the kernel. + the /private + partition is no longer needed, it is prudent to consider + unmounting and detaching the geli + encrypted partition from the kernel: &prompt.root; umount /private &prompt.root; geli detach da2.eli @@ -3894,159 +3196,820 @@ Filesystem Size Used Avail Capacity Mounted on More information about the use of &man.geli.8; can be - found in the manual page. + found in its manual page. - Using the <filename>geli</filename> <filename>rc.d</filename> Script + Using the <filename>geli</filename> + <filename>rc.d</filename> Script - geli comes with a rc.d script which - can be used to simplify the usage of geli. - An example of configuring geli through + geli comes with a + rc.d script which can be used to + simplify the usage of geli. An example + of configuring geli through &man.rc.conf.5; follows: - geli_devices="da2" -geli_da2_flags="-p -k /root/da2.key" + geli_devices="da2" +geli_da2_flags="-p -k /root/da2.key" - This will configure /dev/da2 as a - geli provider of which the Master Key file - is located in /root/da2.key, and + This configures /dev/da2 as a + geli provider of which the master key + file is located in /root/da2.key. geli will not use a passphrase when - attaching the provider (note that this can only be used if -P - was given during the geli init phase). The - system will detach the geli provider from - the kernel before the system shuts down. - - More information about configuring rc.d is provided in the + attaching to the provider if + was given during the + geli init phase. The system will detach + the geli provider from the kernel before + the system shuts down. + + More information about configuring + rc.d is provided in the rc.d section of the Handbook. - - Encrypting Swap Space + + Encrypting Swap Space + - ChristianBrüfferWritten by + + + Christian + Brüffer + + Written by + - swap encrypting - Swap encryption in &os; is easy to configure and has been - available since &os; 5.3-RELEASE. Depending on which version - of &os; is being used, different options are available - and configuration can vary slightly. From &os; 6.0-RELEASE onwards, - the &man.gbde.8; or &man.geli.8; encryption systems can be used - for swap encryption. With earlier versions, only &man.gbde.8; is - available. Both systems use the encswap + Like the encryption of disk partitions, encryption of swap + space is used to protect sensitive information. Consider an + application that deals with passwords. As long as these + passwords stay in physical memory, these passwords will not be + written to disk and be cleared after a reboot. If &os; starts + swapping out memory pages to free space for other applications, + the passwords may be written to the disk platters unencrypted. + Encrypting swap space can be a solution for this + scenario. + + The &man.gbde.8; or &man.geli.8; encryption systems may be + used for swap encryption. Both systems use the + encswap rc.d script. - The previous section, Encrypting - Disk Partitions, includes a short discussion on the different - encryption systems. + + For the remainder of this section, + ad0s1b will be the swap + partition. + + + Swap partitions are not encrypted by default and should + be cleared of any sensitive data before continuing. To + overwrite the current swap parition with random garbage, + execute the following command: + + &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m - Why should Swap be Encrypted? - - Like the encryption of disk partitions, encryption of swap space - is done to protect sensitive information. Imagine an application - that e.g. deals with passwords. As long as these passwords stay in - physical memory, all is well. However, if the operating system starts - swapping out memory pages to free space for other applications, the - passwords may be written to the disk platters unencrypted and easy to - retrieve for an adversary. Encrypting swap space can be a solution for - this scenario. + Swap Encryption with &man.gbde.8; + + The .bde suffix should be added to the + device in the respective /etc/fstab swap + line: + + # Device Mountpoint FStype Options Dump Pass# +/dev/ad0s1b.bde none swap sw 0 0 - Preparation + Swap Encryption with &man.geli.8; - - For the remainder of this section, ad0s1b - will be the swap partition. - + The procedure for instead using &man.geli.8; for swap + encryption is similar to that of using &man.gbde.8;. The + .eli suffix should be added to the device + in the respective /etc/fstab swap + line: + + # Device Mountpoint FStype Options Dump Pass# +/dev/ad0s1b.eli none swap sw 0 0 + + &man.geli.8; uses the AES algorithm + with a key length of 128 bit by default. These defaults can + be altered by using geli_swap_flags in + /etc/rc.conf. The following line tells + the encswap rc.d script to create + &man.geli.8; swap partitions using the Blowfish algorithm with + a key length of 128 bits and a sectorsize of 4 kilobytes, and + sets detach on last close: - Up to this point the swap has been unencrypted. It is possible that - there are already passwords or other sensitive data on the disk platters - in cleartext. To rectify this, the data on the swap partition should be - overwritten with random garbage: + geli_swap_flags="-e blowfish -l 128 -s 4096 -d" - &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m + Refer to the description of + onetime in &man.geli.8; for a list of + possible options. - Swap Encryption with &man.gbde.8; + Encrypted Swap Verification - If &os; 6.0-RELEASE or newer is being used, the - .bde suffix should be added to the device in the - respective /etc/fstab swap line: + Once the system has rebooted, proper operation of the + encrypted swap can be verified using + swapinfo. - -# Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.bde none swap sw 0 0 - + If &man.gbde.8; is being used: - For systems prior to &os; 6.0-RELEASE, the following line - in /etc/rc.conf is also needed: + &prompt.user; swapinfo +Device 1K-blocks Used Avail Capacity +/dev/ad0s1b.bde 542720 0 542720 0% + + If &man.geli.8; is being used: - gbde_swap_enable="YES" + &prompt.user; swapinfo +Device 1K-blocks Used Avail Capacity +/dev/ad0s1b.eli 542720 0 542720 0% + + + + + Highly Available Storage (HAST) + + + + + Daniel + Gerzo + + Contributed by + + + + + + + Freddie + Cash + + With inputs from + + + + + Pawel Jakub + Dawidek + + + + + + Michael W. + Lucas + + + + + + Viktor + Petersson + + + + + + + HAST + high availability + - Swap Encryption with &man.geli.8; + Synopsis + + High availability is one of the main requirements in + serious business applications and highly-available storage is + a key component in such environments. Highly Available + STorage, or HASTHighly + Available STorage, was developed by + &a.pjd.email; as a framework which allows transparent storage + of the same data across several physically separated machines + connected by a TCP/IP network. HAST can be + understood as a network-based RAID1 (mirror), and is similar + to the DRBD® storage system known from the GNU/&linux; + platform. In combination with other high-availability + features of &os; like CARP, + HAST makes it possible to build a + highly-available storage cluster that is resistant to hardware + failures. + + After reading this section, you will know: - Alternatively, the procedure for using &man.geli.8; for swap - encryption is similar to that of using &man.gbde.8;. The - .eli suffix should be added to the device in the - respective /etc/fstab swap line: + + + What HAST is, how it works and + which features it provides. + + + + How to set up and use HAST on + &os;. + + + + How to integrate CARP and + &man.devd.8; to build a robust storage system. + + - -# Device Mountpoint FStype Options Dump Pass# -/dev/ad0s1b.eli none swap sw 0 0 - + Before reading this section, you should: - &man.geli.8; uses the AES algorithm with - a key length of 256 bit by default. + + + Understand &unix; and + &os; basics. + - Optionally, these defaults can be altered using the - geli_swap_flags option in - /etc/rc.conf. The following line tells the - encswap rc.d script to create &man.geli.8; swap - partitions using the Blowfish algorithm with a key length of 128 bit, - a sectorsize of 4 kilobytes and the detach on last close - option set: + + Know how to + configure network + interfaces and other core &os; subsystems. + - geli_swap_flags="-a blowfish -l 128 -s 4096 -d" + + Have a good understanding of + &os; + networking. + + - Please refer to the description of the onetime command - in the &man.geli.8; manual page for a list of possible options. + The HAST project was sponsored by The + &os; Foundation with support from + OMCnet Internet Service + GmbH and TransIP + BV. - Verifying that it Works + HAST Features - Once the system has been rebooted, proper operation of the - encrypted swap can be verified using the - swapinfo command. + The main features of the HAST system + are: - If &man.gbde.8; is being used: + + + Can be used to mask I/O errors on local hard + drives. + - &prompt.user; swapinfo -Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.bde 542720 0 542720 0% - + + File system agnostic as it works with any file + system supported by &os;. + - If &man.geli.8; is being used: + + Efficient and quick resynchronization, synchronizing + only blocks that were modified during the downtime of a + node. + - &prompt.user; swapinfo -Device 1K-blocks Used Avail Capacity -/dev/ad0s1b.eli 542720 0 542720 0% - + + + + Can be used in an already deployed environment to add + additional redundancy. + + + + Together with CARP, + Heartbeat, or other tools, it + can be used to build a robust and durable storage + system. + + + + + + HAST Operation + + As HAST provides a synchronous + block-level replication of any storage media to several + machines, it requires at least two physical machines: + the primary, also known as the + master node, and the + secondary or slave + node. These two machines together are referred to as a + cluster. + + + HAST is currently limited to two cluster nodes in + total. + + + Since HAST works in a + primary-secondary configuration, it allows only one of the + cluster nodes to be active at any given time. The + primary node, also called + active, is the one which will handle all + the I/O requests to HAST-managed + devices. The secondary node is + automatically synchronized from the primary + node. + + The physical components of the HAST + system are: + + + + local disk on primary node, and + + + + disk on remote, secondary node. + + + + HAST operates synchronously on a block + level, making it transparent to file systems and applications. + HAST provides regular GEOM providers in + /dev/hast/ for use by + other tools or applications, thus there is no difference + between using HAST-provided devices and + raw disks or partitions. + + Each write, delete, or flush operation is sent to the + local disk and to the remote disk over TCP/IP. Each read + operation is served from the local disk, unless the local disk + is not up-to-date or an I/O error occurs. In such case, the + read operation is sent to the secondary node. + + + Synchronization and Replication Modes + + HAST tries to provide fast failure + recovery. For this reason, it is very important to reduce + synchronization time after a node's outage. To provide fast + synchronization, HAST manages an on-disk + bitmap of dirty extents and only synchronizes those during a + regular synchronization, with an exception of the initial + sync. + + There are many ways to handle synchronization. + HAST implements several replication modes + to handle different synchronization methods: + + + + memsync: report write operation + as completed when the local write operation is finished + and when the remote node acknowledges data arrival, but + before actually storing the data. The data on the + remote node will be stored directly after sending the + acknowledgement. This mode is intended to reduce + latency, but still provides very good + reliability. + + + + fullsync: report write + operation as completed when local write completes and + when remote write completes. This is the safest and the + slowest replication mode. This mode is the + default. + + + + async: report write operation + as completed when local write completes. This is the + fastest and the most dangerous replication mode. It + should be used when replicating to a distant node where + latency is too high for other modes. + + + + + + + HAST Configuration + + HAST requires + GEOM_GATE support which is not present in + the default GENERIC kernel. However, the + geom_gate.ko loadable module is available + in the default &os; installation. Alternatively, to build + GEOM_GATE support into the kernel + statically, add this line to the custom kernel configuration + file: + + options GEOM_GATE + + The HAST framework consists of several + parts from the operating system's point of view: + + + + the &man.hastd.8; daemon responsible for data + synchronization, + + + + the &man.hastctl.8; userland management + utility, + + + + and the &man.hast.conf.5; configuration file. + + + + The following example describes how to configure two nodes + in master-slave / + primary-secondary + operation using HAST to replicate the data + between the two. The nodes will be called + hasta with an IP address of + 172.16.0.1 and + hastb with an IP of address + 172.16.0.2. Both nodes will have a + dedicated hard drive /dev/ad6 of the same + size for HAST operation. The + HAST pool, sometimes also referred to as a + resource or the GEOM provider in + /dev/hast/, will be called + test. + + Configuration of HAST is done using + /etc/hast.conf. This file should be the + same on both nodes. The simplest configuration possible + is: + + resource test { + on hasta { + local /dev/ad6 + remote 172.16.0.2 + } + on hastb { + local /dev/ad6 + remote 172.16.0.1 + } +} + + For more advanced configuration, refer to + &man.hast.conf.5;. + + + It is also possible to use host names in the + remote statements. In such a case, make + sure that these hosts are resolvable and are defined in + /etc/hosts or in the local + DNS. + + + Now that the configuration exists on both nodes, + the HAST pool can be created. Run these + commands on both nodes to place the initial metadata onto the + local disk and to start &man.hastd.8;: + + &prompt.root; hastctl create test +&prompt.root; service hastd onestart + + + It is not possible to use GEOM + providers with an existing file system or to convert an + existing storage to a HAST-managed pool. + This procedure needs to store some metadata on the provider + and there will not be enough required space + available on an existing provider. + + + A HAST node's primary or + secondary role is selected by an + administrator, or software like + Heartbeat, using &man.hastctl.8;. + On the primary node, + hasta, issue + this command: + + &prompt.root; hastctl role primary test + + Similarly, run this command on the secondary node, + hastb: + + &prompt.root; hastctl role secondary test + + + When the nodes are unable to communicate with each + other, and both are configured as primary nodes, the + condition is called split-brain. To + troubleshoot this situation, follow the steps described in + . + + + Verify the result by running &man.hastctl.8; on each + node: + + &prompt.root; hastctl status test + + The important text is the status line, + which should say complete + on each of the nodes. If it says degraded, + something went wrong. At this point, the synchronization + between the nodes has already started. The synchronization + completes when hastctl status + reports 0 bytes of dirty extents. + + + The next step is to create a filesystem on the + /dev/hast/test + GEOM provider and mount it. This must be done on the + primary node, as + /dev/hast/test + appears only on the primary node. Creating + the filesystem can take a few minutes, depending on the size + of the hard drive: + + &prompt.root; newfs -U /dev/hast/test +&prompt.root; mkdir /hast/test +&prompt.root; mount /dev/hast/test /hast/test + + Once the HAST framework is configured + properly, the final step is to make sure that + HAST is started automatically during + system boot. Add this line to + /etc/rc.conf: + + hastd_enable="YES" + + + Failover Configuration + + The goal of this example is to build a robust storage + system which is resistant to the failure of any given node. + The scenario is that a primary node of + the cluster fails. If this happens, the + secondary node is there to take over + seamlessly, check and mount the file system, and continue to + work without missing a single bit of data. + + To accomplish this task, another &os; feature, + CARP, provides for automatic failover on + the IP layer. CARP (Common + Address Redundancy Protocol) allows multiple hosts on the + same network segment to share an IP address. Set up + CARP on both nodes of the cluster + according to the documentation available in + . After setup, each node will + have its own carp0 interface with a + shared IP address of + 172.16.0.254. The primary + HAST node of the cluster must be the + master CARP node. + + The HAST pool created in the previous + section is now ready to be exported to the other hosts on + the network. This can be accomplished by exporting it + through NFS or + Samba, using the shared IP + address 172.16.0.254. The only + problem which remains unresolved is an automatic failover + should the primary node fail. + + In the event of CARP interfaces going + up or down, the &os; operating system generates a + &man.devd.8; event, making it possible to watch for state + changes on the CARP interfaces. A state + change on the CARP interface is an + indication that one of the nodes failed or came back online. + These state change events make it possible to run a script + which will automatically handle the HAST failover. + + To be able to catch state changes on the + CARP interfaces, add this + configuration to + /etc/devd.conf on each node: + + notify 30 { + match "system" "IFNET"; + match "subsystem" "carp0"; + match "type" "LINK_UP"; + action "/usr/local/sbin/carp-hast-switch master"; +}; + +notify 30 { + match "system" "IFNET"; + match "subsystem" "carp0"; + match "type" "LINK_DOWN"; + action "/usr/local/sbin/carp-hast-switch slave"; +}; + + Restart &man.devd.8; on both nodes to put the new + configuration into effect: + + &prompt.root; service devd restart + + When the carp0 interface state + changes by going up or down , the system generates a + notification, allowing the &man.devd.8; subsystem to run an + arbitrary script, in this case + /usr/local/sbin/carp-hast-switch. This + script handles the automatic failover. For further + clarification about the above &man.devd.8; configuration, + refer to &man.devd.conf.5;. + + An example of such a script could be: + + #!/bin/sh + +# Original script by Freddie Cash <fjwcash@gmail.com> +# Modified by Michael W. Lucas <mwlucas@BlackHelicopters.org> +# and Viktor Petersson <vpetersson@wireload.net> + +# The names of the HAST resources, as listed in /etc/hast.conf +resources="test" + +# delay in mounting HAST resource after becoming master +# make your best guess +delay=3 + +# logging +log="local0.debug" +name="carp-hast" + +# end of user configurable stuff + +case "$1" in + master) + logger -p $log -t $name "Switching to primary provider for ${resources}." + sleep ${delay} + + # Wait for any "hastd secondary" processes to stop + for disk in ${resources}; do + while $( pgrep -lf "hastd: ${disk} \(secondary\)" > /dev/null 2>&1 ); do + sleep 1 + done + + # Switch role for each disk + hastctl role primary ${disk} + if [ $? -ne 0 ]; then + logger -p $log -t $name "Unable to change role to primary for resource ${disk}." + exit 1 + fi + done + + # Wait for the /dev/hast/* devices to appear + for disk in ${resources}; do + for I in $( jot 60 ); do + [ -c "/dev/hast/${disk}" ] && break + sleep 0.5 + done + + if [ ! -c "/dev/hast/${disk}" ]; then + logger -p $log -t $name "GEOM provider /dev/hast/${disk} did not appear." + exit 1 + fi + done + + logger -p $log -t $name "Role for HAST resources ${resources} switched to primary." + + + logger -p $log -t $name "Mounting disks." + for disk in ${resources}; do + mkdir -p /hast/${disk} + fsck -p -y -t ufs /dev/hast/${disk} + mount /dev/hast/${disk} /hast/${disk} + done + + ;; + + slave) + logger -p $log -t $name "Switching to secondary provider for ${resources}." + + # Switch roles for the HAST resources + for disk in ${resources}; do + if ! mount | grep -q "^/dev/hast/${disk} on " + then + else + umount -f /hast/${disk} + fi + sleep $delay + hastctl role secondary ${disk} 2>&1 + if [ $? -ne 0 ]; then + logger -p $log -t $name "Unable to switch role to secondary for resource ${disk}." + exit 1 + fi + logger -p $log -t $name "Role switched to secondary for resource ${disk}." + done + ;; +esac + + In a nutshell, the script takes these actions when a + node becomes master / + primary: + + + + Promotes the HAST pools to + primary on a given node. + + + + Checks the file system under the + HAST pool. + + + + Mounts the pools at an appropriate place. + + + + When a node becomes backup / + secondary: + + + + Unmounts the HAST pools. + + + + Degrades the HAST pools to + secondary. + + + + + Keep in mind that this is just an example script which + serves as a proof of concept. It does not handle all the + possible scenarios and can be extended or altered in any + way, for example, to start/stop required services. + + + + For this example, a standard UFS file system was used. + To reduce the time needed for recovery, a journal-enabled + UFS or ZFS file system can be used instead. + + + More detailed information with additional examples can + be found in the HAST Wiki + page. + + + + + Troubleshooting + + + General Troubleshooting Tips + + HAST should generally work without + issues. However, as with any other software product, there + may be times when it does not work as supposed. The sources + of the problems may be different, but the rule of thumb is + to ensure that the time is synchronized between all nodes of + the cluster. + + When troubleshooting HAST problems, + the debugging level of &man.hastd.8; should be increased by + starting &man.hastd.8; with -d. This + argument may be specified multiple times to further increase + the debugging level. A lot of useful information may be + obtained this way. Consider also using + -F, which starts &man.hastd.8; in the + foreground. + + + + Recovering from the Split-brain Condition + + Split-brain is when the nodes of the + cluster are unable to communicate with each other, and both + are configured as primary. This is a dangerous condition + because it allows both nodes to make incompatible changes to + the data. This problem must be corrected manually by the + system administrator. + + The administrator must decide which node has more + important changes (or merge them manually) and let + HAST perform full synchronization of the + node which has the broken data. To do this, issue these + commands on the node which needs to be + resynchronized: + + &prompt.root; hastctl role init <resource> +&prompt.root; hastctl create <resource> +&prompt.root; hastctl role secondary <resource> + diff --git a/el_GR.ISO8859-7/books/handbook/preface/preface.xml b/el_GR.ISO8859-7/books/handbook/preface/preface.xml index a4239b9146..3a08e0b1f7 100644 --- a/el_GR.ISO8859-7/books/handbook/preface/preface.xml +++ b/el_GR.ISO8859-7/books/handbook/preface/preface.xml @@ -8,7 +8,7 @@ $FreeBSD$ %SOURCE% en_US.ISO8859-1/books/handbook/preface/preface.xml - %SRCID% 38826 + %SRCID% 43126 --> @@ -37,39 +37,39 @@ Αλλαγές από την Τρίτη Έκδοση - Η τρέχουσα έκδοση του Εγχειριδίου στο διαδίκτυο, είναι το αποτέλεσμα της - προσπάθειας πολλών εκατοντάδων εθελοντών στο διάστημα των τελευταίων - 10 χρόνων. Οι πιο σημαντικές αλλαγές σε σχέση με την τρίτη έντυπη - έκδοση του Εγχειριδίου (2004) φαίνονται παρακάτω: + Η τρέχουσα έκδοση του Εγχειριδίου στο διαδίκτυο, είναι το + αποτέλεσμα της προσπάθειας πολλών εκατοντάδων εθελοντών στο διάστημα + των τελευταίων 10 χρόνων. Οι πιο σημαντικές αλλαγές σε σχέση με την + τρίτη έντυπη έκδοση του Εγχειριδίου (2004) φαίνονται παρακάτω: - , το &dtrace;, είναι ένα νέο κεφάλαιο με + Το είναι ένα νέο κεφάλαιο με πληροφορίες σχετικά με αυτό το πανίσχυρο εργαλείο ανάλυσης απόδοσης. - , η Υποστήριξη Συστημάτων Αρχείων, - είναι ένα νέο κεφάλαιο με πληροφορίες για συστήματα αρχείων τα οποία + Το είναι ένα νέο κεφάλαιο + με πληροφορίες για συστήματα αρχείων τα οποία υποστηρίζονται από το &os; αλλά αναπτύσσονται από άλλες ομάδες, όπως το ZFS από την &sun;. - ,ο Έλεγχος Συμβάντων Ασφαλείας, είναι ένα + Το είναι ένα νέο κεφάλαιο με πληροφορίες σχετικά με τις νέες δυνατότητες και την χρήση του auditing στο &os;. - , η Εικονικοποίηση, είναι ένα νέο + Το είναι ένα νέο κεφάλαιο με πληροφορίες σχετικά με την εγκατάσταση του &os; σε λογισμικό εκτέλεσης εικονικών (virtual) μηχανημάτων. - , η Εγκατάσταση του + Το &os; 9.x και Μεταγενέστερων Εκδόσεων, είναι ένα νέο κεφάλαιο σχετικά με την εγκατάσταση του &os; με τη βοήθεια του νέου προγράμματος @@ -88,29 +88,29 @@ - , Το κεφάλαιο Ρύθμισης και - Βελτιστοποίησης του &os;, επεκτάθηκε με νέες πληροφορίες για τη + Το + επεκτάθηκε με νέες πληροφορίες για τη διαχείριση ενέργειας και πόρων του συστήματος μέσω ACPI, με περισσότερες πληροφορίες για το σύστημα cron και με περισσότερες επιλογές παραμετροποίησης του πυρήνα του &os;. - , Το κεφάλαιο Ασφάλειας, επεκτάθηκε + Το επεκτάθηκε με νέες πληροφορίες για Δίκτυα VPN, για λίστες ελέγχου πρόσβασης αρχείων (ACLs) και περισσότερες συμβουλές σχετικά με την ασφάλεια του &os;. - , Ο Υποχρεωτικός Έλεγχος Πρόσβασης (MAC), + Το είναι ένα νέο κεφάλαιο σε αυτή την έκδοση. Εξηγεί τι είναι ο μηχανισμός MAC και πώς μπορεί να χρησιμοποιηθεί για να ενισχυθεί η ασφάλεια ενός συστήματος &os;. - , Το κεφάλαιο για τα Αποθηκευτικά Μέσα, + Το επεκτάθηκε, με νέες πληροφορίες για συσκευές αποθήκευσης USB, στιγμιότυπα συστήματος αρχείων (snapshots), περιορισμούς στη χρήση των συστημάτων αρχείων (quotas), συστήματα αρχείων που βασίζονται @@ -119,22 +119,13 @@ - , Ο Διαχειριστής Τόμων Vinum, είναι - ένα νέο κεφάλαιο σε αυτή την έκδοση. Περιγράφει τον τρόπο χρήσης του - Vinum, ενός συστήματος διαχείρισης αποθηκευτικών μέσων που υλοποιεί - την οργάνωση φυσικών δίσκων του συστήματος σε διάταξη RAID-0, RAID-1 - και RAID-5. + Προστέθηκε μια ενότητα σχετικά με την αντιμετώπιση προβλημάτων + στο . - Στο , προστέθηκε ένα - τμήμα σχετικό με την επίλυση προβλημάτων στις συνδέσεις PPP και - SLIP. - - - - , Το κεφάλαιο για το Ηλεκτρονικό - Ταχυδρομείο, επεκτάθηκε με νέες πληροφορίες για την χρήση + Το + επεκτάθηκε με νέες πληροφορίες για την χρήση εναλλακτικών MTA, πιστοποίηση ταυτότητας στο SMTP, το πρωτόκολλο UUCP, τα εργαλεία fetchmail και procmail και με άλλα θέματα για @@ -142,8 +133,8 @@ - , Το κεφάλαιο Εξυπηρετητών - Δικτύων, περιλαμβάνεται για πρώτη φορά σε αυτή την έκδοση. Αυτό + Το + περιλαμβάνεται για πρώτη φορά σε αυτή την έκδοση. Αυτό το κεφάλαιο περιγράφει πως να εγκαταστήσετε τον Διακομιστή HTTP Apache, τον εξυπηρετητή ftpd του &os; και τον διακομιστή @@ -154,8 +145,8 @@ - , Το κεφάλαιο για Προχωρημένα - Θέματα Δικτύωσης, επεκτάθηκε με νέες πληροφορίες για τη χρήση + Το + επεκτάθηκε με νέες πληροφορίες για τη χρήση συσκευών &bluetooth; στο &os;, την εγκατάσταση ασύρματων δικτύων, και την Μέθοδο Δικτύωσης Ασύγχρονης Μεταφοράς (ATM). @@ -175,7 +166,7 @@ Αλλαγές από την Πρώτη Έκδοση (2001) - Η δεύτερη έκδοση ήταν το αποτέλεσμα τουλάχιστον δύο χρόνων εργασίας + Η δεύτερη έκδοση ήταν το αποτέλεσμα τουλάχιστον δύο χρόνων εργασίας από τα μέλη της Ομάδας Τεκμηρίωσης του &os;. Οι πιο σημαντικές αλλαγές σε αυτή την έκδοση ήταν οι παρακάτω: @@ -205,39 +196,39 @@ - Το (Εγκαθιστώντας το &os;) + Το ξαναγράφτηκε από την αρχή με πολλές εικόνες, ώστε να διευκολύνει τους χρήστες να κατανοήσουν το κείμενο. - Το (Βασικές Έννοιες στο - &unix;) επεκτάθηκε ώστε να συμπεριλαμβάνει πρόσθετες + Το + επεκτάθηκε ώστε να συμπεριλαμβάνει πρόσθετες πληροφορίες για τις διεργασίες (processes), τους δαίμονες (daemons), και τα σήματα (signals). - Το (Εγκατάστασης Εφαρμογών: Πακέτα - και Ports) επεκτάθηκε ώστε να συμπεριλαμβάνει πρόσθετες + Το + επεκτάθηκε ώστε να συμπεριλαμβάνει πρόσθετες πληροφορίες για την διαχείριση προμεταγλωττισμένων πακέτων (packages). - Το (Το Σύστημα X Window) + Το ξαναγράφτηκε από την αρχή με έμφαση στην χρήση μοντέρνων τεχνολογιών, όπως τα περιβάλλοντα εργασίας KDE και GNOME σε &xfree86; 4.X. - Το (Η Διαδικασία Εκκίνησης του - &os;) επεκτάθηκε με περισσότερες πληροφορίες. + Το + επεκτάθηκε με περισσότερες πληροφορίες. - Το (Αποθηκευτικά Μέσα) + Το ξαναγράφτηκε με βάση τα παλαιότερα δύο κεφάλαια Δίσκοι και Αντίγραφα Ασφαλείας. Πιστεύουμε ότι τα θέματα αυτά είναι πιο ευκολονόητα όταν παρουσιάζονται μαζί σαν ένα κεφάλαιο. @@ -246,33 +237,33 @@ - Το (Σειριακές - Επικοινωνίες) αναδιοργανώθηκε από την αρχή και ενημερώθηκε για + Το + αναδιοργανώθηκε από την αρχή και ενημερώθηκε για τις εκδόσεις &os; 4.X/5.X. - Το (PPP και SLIP) + Το ενημερώθηκε σε σημαντικό βαθμό. - Πολλοί νέοι τομείς προστέθηκαν στο (Προχωρημένα Θέματα - Δικτύωσης). + Πολλοί νέοι τομείς προστέθηκαν στο + . - Το (Ηλεκτρονικό Ταχυδρομείο) + Το επεκτάθηκε για να συμπεριλαμβάνει περισσότερες πληροφορίες για τις - ρυθμίσεις του Sendmail. + ρυθμίσεις του sendmail. - Το (Συμβατότητα με Εκτελέσιμα - του &linux;) επεκτάθηκε για να συμπεριλαμβάνει πληροφορίες + Το + επεκτάθηκε για να συμπεριλαμβάνει πληροφορίες για την εγκατάσταση της βάσης δεδομένων &oracle; και του - &mathematica;. + &sap.r3;. @@ -281,12 +272,11 @@ - Ρύθμιση και Βελτιστοποίηση - () + . - Πολυμέσα () + . @@ -318,7 +308,7 @@ - , Εισαγωγή + Εισαγωγή Παρουσιάζει το &os; στο νέο χρήστη. Περιγράφει την @@ -328,30 +318,31 @@ - , Εγκατάσταση του &os; 8.x και Προγενέστερων Εκδόσεων + Οδηγεί τον χρήστη στην διαδικασία εγκατάστασης του - &os; 8.x και προγενέστερων - εκδόσεων με τη χρήση του sysinstall. - Συμπεριλαμβάνονται επίσης μερικά θέματα εγκατάστασης για - προχωρημένους, όπως η εγκατάσταση μέσω σειριακής κονσόλας. + &os; 9.x και μεταγενέστερων + εκδόσεων με τη χρήση του + bsdinstall. - , Εγκατάσταση του &os; 9.x και Μεταγενέστερων Εκδόσεων + Οδηγεί τον χρήστη στην διαδικασία εγκατάστασης του - &os; 9.x και μεταγενέστερων - εκδόσεων με τη χρήση του - bsdinstall. + &os; 8.x και προγενέστερων + εκδόσεων με τη χρήση του sysinstall. + Συμπεριλαμβάνονται επίσης μερικά θέματα εγκατάστασης για + προχωρημένους, όπως η εγκατάσταση μέσω σειριακής κονσόλας. + - , Βασικές Έννοιες στο &unix; + Περιέχει τις βασικές εντολές και λειτουργίες του λειτουργικού @@ -362,7 +353,7 @@ - , Εγκατάσταση Εφαρμογών: Πακέτα και Ports + Περιγράφει τον τρόπο εγκατάστασης λογισμικού τρίτων @@ -373,7 +364,7 @@ - , Το Σύστημα X Window + Περιγράφει γενικά το σύστημα X Window και ειδικότερα το @@ -386,7 +377,7 @@ - , Desktop Εφαρμογές + Αναφέρει και εξηγεί μερικές από τις πιο συνήθεις εφαρμογές @@ -397,7 +388,7 @@ - , Πολυμέσα + Υποδεικνύει πως να εγκαταστήσετε δυνατότητες αναπαραγωγής ήχου @@ -407,18 +398,18 @@ - , Ρυθμίζοντας τον Πυρήνα του &os; + Εξηγεί τους λόγους για τους οποίους θα πρέπει να δημιουργήσετε - ένα νέο πυρήνα. Παρέχει, επίσης, λεπτομερείς οδηγίες για την ρύθμιση, - μεταγλώττιση και εγκατάσταση του νέου σας προσαρμοσμένου + ένα νέο πυρήνα. Παρέχει, επίσης, λεπτομερείς οδηγίες για την + ρύθμιση, μεταγλώττιση και εγκατάσταση του νέου σας προσαρμοσμένου πυρήνα. - , Εκτυπώσεις + Περιγράφει πως να διαχειρίζεστε εκτυπωτές στο &os;. @@ -428,14 +419,13 @@ - , Συμβατότητα με Εκτελέσιμα του &linux; + Περιγράφει τις δυνατότητες συμβατότητας του &os; με εφαρμογές &linux;. Επίσης παρέχει λεπτομερείς οδηγίες εγκατάστασης για πολλές γνωστές εφαρμογές του &linux; όπως &oracle;, - &sap.r3;, και &mathematica;. @@ -443,7 +433,7 @@ - , Ρύθμιση και Βελτιστοποίηση + Περιγράφει τις παραμέτρους που έχουν στη διάθεση τους οι @@ -454,7 +444,7 @@ - , Η Διαδικασία Εκκίνησης του &os; + Περιγράφει την διαδικασία εκκίνησης του &os; και εξηγεί πως @@ -464,7 +454,7 @@ - , Χρήστες και Βασική Διαχείριση Λογαριασμών + Περιγράφει την δημιουργία και την διαχείριση των λογαριασμών @@ -476,7 +466,7 @@ - , Ασφάλεια + Περιγράφει διάφορα διαθέσιμα εργαλεία που θα σας βοηθήσουν να @@ -486,7 +476,7 @@ - , Jails + Περιγράφει το πλαίσιο λειτουργιών των jails και τις βελτιώσεις @@ -496,7 +486,7 @@ - , Υποχρεωτικός Έλεγχος Πρόσβασης + Εξηγεί τι είναι ο Υποχρεωτικός Έλεγχος Πρόσβασης (MAC) και @@ -506,7 +496,7 @@ - , Έλεγχος Συμβάντων Ασφαλείας + Περιγράφει τι είναι ο Έλεγχος Συμβάντων, πως μπορεί να @@ -516,7 +506,7 @@ - , Αποθηκευτικά Μέσα + Περιγράφει πως να διαχειρίζεστε μέσα αποθήκευσης και συστήματα @@ -527,7 +517,7 @@ - , GEOM: Διαχείριση Συστοιχιών Δίσκων + Περιγράφει τι είναι το πλαίσιο λειτουργιών GEOM στο &os; και @@ -537,7 +527,7 @@ - , Υποστήριξη Συστημάτων Αρχείων + Εξετάζει την υποστήριξη μη-εγγενών συστημάτων αρχείων στο &os;, @@ -546,18 +536,7 @@ - , Vinum - - - Περιγράφει πως να χρησιμοποιήσετε το Vinum, ένα διαχειριστή - λογικών τόμων που παρέχει λογικούς δίσκους ανεξάρτητα από τη - συσκευή στην οποία είναι αποθηκευμένοι, καθώς και δυνατότητες - RAID-0, RAID-1 και RAID-5 μέσω λογισμικού. - - - - - , Εικονικοποίηση + Περιγράφει τι προσφέρουν τα συστήματα εικονικοποίησης και πως @@ -566,7 +545,7 @@ - , Τοπικές Ρυθμίσεις - Χρήση και Ρύθμιση I18N/L10N + Περιγράφει πως να χρησιμοποιήσετε το &os; σε γλώσσες εκτός της @@ -576,11 +555,11 @@ - , Ενημέρωση και Αναβάθμιση του &os; + - Εξηγεί τις διαφορές μεταξύ των εκδόσεων &os.stable;, - &os.current; και των επίσημων (RELEASE) εκδόσεων του &os;. + Εξηγεί τις διαφορές μεταξύ των εκδόσεων &os;-STABLE, + &os;-CURRENT και των επίσημων (RELEASE) εκδόσεων του &os;. Περιγράφει ποιοι χρήστες ωφελούνται όταν ακολουθούν ένα σύστημα ανάπτυξης καθώς και τα απαιτούμενα για αυτό το σκοπό βήματα. Καλύπτει τις μεθόδους που μπορούν να χρησιμοποιήσουν οι χρήστες @@ -590,7 +569,7 @@ - , &dtrace; + Περιγράφει την ρύθμιση και χρήση του εργαλείου &dtrace; της @@ -603,7 +582,7 @@ - , Σειριακές Επικοινωνίες + Εξηγεί πως να συνδέσετε τερματικά και μόντεμ στο &os; σύστημα @@ -613,7 +592,7 @@ - , PPP και SLIP + Περιγράφει πως να χρησιμοποιήσετε τις τεχνολογίες PPP, SLIP, ή @@ -623,7 +602,7 @@ - , Ηλεκτρονικό Ταχυδρομείο + Εξηγεί τα διαφορετικά στοιχεία ενός διακομιστή ηλεκτρονικής @@ -634,7 +613,7 @@ - , Εξυπηρετητές Δικτύου + Παρέχει λεπτομερείς οδηγίες και παραδείγματα αρχείων ρύθμισης @@ -645,7 +624,7 @@ - , Firewalls + Εξηγεί την φιλοσοφία που κρύβεται πίσω από τα firewalls (τείχη @@ -656,7 +635,7 @@ - , Προχωρημένα Θέματα Δικτύωσης + Περιγράφει πολλά προχωρημένα θέματα δικτύωσης, @@ -670,7 +649,7 @@ - , Που θα Βρείτε το &os; + Περιέχει λίστα με διάφορες πηγές για να αποκτήσετε το &os; σε @@ -680,7 +659,7 @@ - , Βιβλιογραφία + Αυτό το βιβλίο αγγίζει πολλά διαφορετικά θέματα που μπορεί να @@ -691,7 +670,7 @@ - , Πηγές Πληροφόρησης στο Διαδίκτυο + Περιγράφει πολλά φόρουμ που διατίθενται στους χρήστες του &os;, @@ -701,7 +680,7 @@ - , Κλειδιά PGP + Καταγράφει τα δακτυλικά αποτυπώματα των κλειδιών PGP αρκετών @@ -754,21 +733,18 @@ - Είσοδος Δεδομένων - από το Χρήστη + Είσοδος + Δεδομένων από το Χρήστη Η πληκτρολόγηση σημειώνεται με έντονη γραφή ώστε να ξεχωρίζει από το υπόλοιπο κείμενο. Συνδυασμοί πλήκτρων που πρέπει να πιεσθούν ταυτόχρονα σημειώνονται με `+' μεταξύ των πλήκτρων, όπως: - - - Ctrl - Alt - Del - - + + Ctrl + Alt + Del Το οποίο σημαίνει πως ο χρήστης θα πρέπει να πιέσει τα πλήκτρα Ctrl, Alt και το πλήκτρο @@ -777,15 +753,12 @@ Σε περίπτωση που κάποια πλήκτρα πρέπει να πιεσθούν με συγκεκριμένη σειρά, θα εμφανίζονται χωρισμένα με κόμματα: - - - Ctrl - X - , + + Ctrl + X, Ctrl - S - + S Το οποίο σημαίνει πως ο χρήστης αναμένεται να πιέσει τα πλήκτρα Ctrl και X ταυτόχρονα @@ -795,7 +768,7 @@ Παραδείγματα - Τα παραδείγματα που ξεκινούν με E:\> + Τα παραδείγματα που ξεκινούν με C:\> υποδηλώνουν μια εντολή &ms-dos;. Αυτές οι εντολές μπορούν να εκτελούνται από το παράθυρο Γραμμής Εντολών σε σύγχρονο περιβάλλον µsoft.windows;, εκτός αν αναφέρεται κάτι διαφορετικό. @@ -805,9 +778,10 @@ Τα παραδείγματα που ξεκινούν με &prompt.root; υποδηλώνουν μια εντολή που θα πρέπει να εκτελεστεί από τον υπερχρήστη (superuser) ενός συστήματος &os;. Μπορείτε να συνδεθείτε σαν χρήστης - root για να πληκτρολογήσετε την εντολή, ή - να συνδεθείτε σαν κανονικός χρήστης και να χρησιμοποιήσετε την εντολή - &man.su.1; ώστε να αποκτήσετε προνόμια υπερχρήστη. + root για να πληκτρολογήσετε + την εντολή, ή να συνδεθείτε σαν κανονικός χρήστης και να + χρησιμοποιήσετε την εντολή &man.su.1; ώστε να αποκτήσετε προνόμια + υπερχρήστη. &prompt.root; dd if=kern.flp of=/dev/fd0 @@ -835,7 +809,8 @@ να κάνει βελτιώσεις στην δομή της έντυπης έκδοσης και να προσθέσει κάποια νέα κεφάλαια. Η αποκορύφωση αυτής της εργασίας ήταν η παρουσίαση της δεύτερης έντυπης έκδοσης, τον Νοέμβριο του 2001 (ISBN 1-57176-303-1). - 1-57176-303-1). Το 2003-2004, η FreeBSD Mall, Inc, μίσθωσε + 1-57176-303-1). Το 2003-2004, η &os; Mall, Inc, μίσθωσε αρκετούς συνεργάτες να βελτιώσουν το Εγχειρίδιο Χρήσης προς ετοιμασία της τρίτης έντυπης έκδοσης. -- cgit v1.2.3