Fwd: PERFORCE change 150813 for review

Rene Ladan r.c.ladan at gmail.com
Thu Oct 2 19:55:50 UTC 2008


FYI.

some nits I found when translating the chapter on MAC to Dutch.

(wow, I've sent the first non-spam message of the month to this list :) )
Regards,
Rene

---------- Forwarded message ----------
From: Rene Ladan <rene at freebsd.org>
Date: 2008/10/2
Subject: PERFORCE change 150813 for review
To: Perforce Change Reviews <perforce at freebsd.org>


http://perforce.freebsd.org/chv.cgi?CH=150813

Change 150813 by rene at rene_self on 2008/10/02 19:52:40

       Fix some nits in revision 1.73 of the MAC chapter, propagate
the changes to the Dutch version where applicable.
       Checked build (nl + en).

Affected files ...

.. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5
edit
.. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9
edit

Differences ...

==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5
(text+ko) ====

@@ -700,7 +700,7 @@
       implement the labeling feature, including the Biba, Lomac,
       <acronym>MLS</acronym> and <acronym>SEBSD</acronym>
       policies.</para>
-
+
      <para>In many cases, the <option>multilabel</option> may not need
       to be set at all.  Consider the following situation and
       security model:</para>
@@ -967,12 +967,6 @@

      <screen>&prompt.root; <userinput>ugidfw add subject not uid root
new object not uid root mode n</userinput></screen>

-      <note>
-       <para>In releases prior to &os; 5.3, the
-         <parameter>add</parameter> parameter did not exist.  In those
-         cases the <parameter>set</parameter> should be used
-         instead.  See below for a command example.</para></note>
-
      <para>This is a very bad idea as it will block all users from
       issuing even the most simple commands, such as
       <command>ls</command>.  A more patriotic list of rules
@@ -1427,6 +1421,7 @@
       company information, and financial institution environments.
       The most unlikely place would be a personal workstation with
       only two or three users.</para>
+    </sect2>
  </sect1>

  <sect1 id="mac-biba">
@@ -1552,7 +1547,7 @@
       to.</para>

      <para>The &man.mac.biba.4; security policy module permits an
-       administrator to address which files and programs a user or
+       administrator to address which files and programs a user or
       users may see and invoke while assuring that the programs and
       files are free from threats and trusted by the system for that
       user, or group of users.</para>
@@ -1570,7 +1565,7 @@
       utilities.  While other users would be grouped into other
       categories such as testers, designers, or just ordinary
       users and would only be permitted read access.</para>
-
+
      <para>With its natural security control, a lower integrity subject
       is unable to write to a higher integrity subject; a higher
       integrity subject cannot observe or read a lower integrity
@@ -1733,7 +1728,7 @@
       <username>www</username> users into the insecure class:</para>

      <screen>&prompt.root; <userinput>pw usermod nagios -L
insecure</userinput></screen>
-      <screen>&prompt.root; <userinput>pw usermod www -L
insecure</userinput></screen>
+      <screen>&prompt.root; <userinput>pw usermod www -L
insecure</userinput></screen>
    </sect2>

    <sect2>
@@ -1887,7 +1882,7 @@
      &man.mac.seeotheruids.4; could co-exist and block access not
      only to system objects but to hide user processes as well.

-    <para>Begin by adding the following lines to
+    <para>Begin by adding the following line to
      <filename>/boot/loader.conf</filename>:</para>

    <programlisting>mac_seeotheruids_enabled="YES"</programlisting>
@@ -2032,9 +2027,10 @@
    <sect2>
      <title>Error: &man..secure.path.3; cannot stat
<filename>.login_conf</filename></title>

-      <para>When I attempt to switch from the <username>root</username>
+      <para>When I attempt to switch from the <username>root</username> user
       to another user in the system, the error message
-       <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
+       <errorname>_secure_path: unable to state .login_conf</errorname>
+       appears.</para>

      <para>This message is usually shown when the user has a higher
       label setting then that of the user whom they are attempting to

==== //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9
(text+ko) ====

@@ -1066,13 +1066,6 @@

      <screen>&prompt.root; <userinput>ugidfw add subject not uid root
new object not uid root mode n</userinput></screen>

-      <note><!--(rene) dit verwijderen, ook in en_US versie (1.73,
regel 970)-->
-       <para>In versies voor &os; 5.3 bestond de parameter
-         <parameter>add</parameter> niet.  In die gevallen dient in
-         plaats daarvan <parameter>set</parameter> gebruikt te worden
-         als in het onderstaande voorbeeld.</para>
-      </note>
-
      <para>Dit is een slecht idee, omdat het voorkomt dat alle
       gebruikers ook maar het meest eenvoudige commando kunnen
       uitvoeren, zoals <command>ls</command>.  Een betere lijst met
@@ -1534,7 +1527,7 @@
       instellingen zijn.  De meest onwaarschijnlijke plaats zou een
       persoonlijk werkstation met slechts twee of drie gebruikers
       zijn.</para>
-    </sect2> <!--(rene) ontbreekt in en_US 1.73 ?-->
+    </sect2>
  </sect1>

  <sect1 id="mac-biba">
@@ -1865,7 +1858,7 @@
 /dev                            biba/equal
 /dev/*                          biba/equal

-/var                            biba/equal <!--(rene) ws-fout in
en_US 1.73 ?-->
+/var                            biba/equal
 /var/spool                      biba/equal
 /var/spool/*                    biba/equal

@@ -1999,8 +1992,8 @@
      met &man.mac.seeotheruids.4; naast elkaar bestaan en zowel toegang
      tot systeemobjecten als tot gebruikersprocessen ontzeggen.</para>

-    <para>Begin door de volgende regels aan
-      <filename>/boot/loader.conf</filename> toe te
voegen:</para><!--(rene) dit is maar 1 regel? en_US 1.73 -->
+    <para>Begin door de volgende regel aan
+      <filename>/boot/loader.conf</filename> toe te voegen:</para>

    <programlisting>mac_seeotheruids_enabled="YES"</programlisting>

@@ -2142,7 +2135,7 @@

      <para>Bij het wisselen van <username>root</username> naar een
       andere gebruiker in het systeem, verschijnt de foutmelding
-       <errorname>_secure_path: unable to state
.login_conf</errorname>.</para><!--(rene) Engelse tekst klopt niet
1.73-->
+       <errorname>_secure_path: unable to state .login_conf</errorname>.</para>

      <para>Deze melding komt meestal voor als de gebruiker een hogere
       labelinstelling heeft dan de gebruiker waarnaar wordt



-- 
http://www.rene-ladan.nl/

GPG fingerprint = E738 5471 D185 7013 0EE0  4FC8 3C1D 6F83 12E1 84F6
(subkeys.pgp.net)



More information about the freebsd-doc mailing list