svn commit: r41024 - head/en_US.ISO8859-1/books/handbook/users
Dru Lavigne
dru at FreeBSD.org
Thu Feb 21 14:06:06 UTC 2013
Author: dru
Date: Thu Feb 21 14:06:06 2013
New Revision: 41024
URL: http://svnweb.freebsd.org/changeset/doc/41024
Log:
Initial content fix. This patch addresses the following:
- &os;
- rewording "you" with some tightening and clarifying
- fix xref, acronym, and directory tags
- changed 14.3-14.5 from sect2 to sect3--this may benefit from a beginning section 2 (e.g. Type of Accounts) to take it out of the intro
Approved by: bcr (mentor)
Modified:
head/en_US.ISO8859-1/books/handbook/users/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/users/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/users/chapter.xml Wed Feb 20 19:00:52 2013 (r41023)
+++ head/en_US.ISO8859-1/books/handbook/users/chapter.xml Thu Feb 21 14:06:06 2013 (r41024)
@@ -22,39 +22,32 @@
<sect1 id="users-synopsis">
<title>Synopsis</title>
- <para>FreeBSD allows multiple users to use the computer at the
- same time. Obviously, only one of those users can be sitting in
- front of the screen and keyboard at any one time
- <footnote><para>Well, unless you hook up multiple terminals, but
- we will save that for <xref linkend="serialcomms"/>.</para>
- </footnote>, but any number of users can log in through the
- network to get their work done. To use the system every user
- must have an account.</para>
+ <para>&os; allows multiple users to use the computer at the same
+ time. While only one user can sit in front of the screen and
+ use the keyboard at any one time, any number of users can log
+ in to the system through the network. To use the system, every
+ user must have a user account.</para>
<para>After reading this chapter, you will know:</para>
<itemizedlist>
<listitem>
<para>The differences between the various user accounts on a
- FreeBSD system.</para>
+ &os; system.</para>
</listitem>
<listitem>
- <para>How to add user accounts.</para>
- </listitem>
-
- <listitem>
- <para>How to remove user accounts.</para>
+ <para>How to add and remove user accounts.</para>
</listitem>
<listitem>
<para>How to change account details, such as the user's full
- name, or preferred shell.</para>
+ name or preferred shell.</para>
</listitem>
<listitem>
- <para>How to set limits on a per-account basis, to control the
- resources such as memory and CPU time that accounts and
+ <para>How to set limits on a per-account basis to control the
+ resources, such as memory and CPU time, that accounts and
groups of accounts are allowed to access.</para>
</listitem>
@@ -68,8 +61,8 @@
<itemizedlist>
<listitem>
- <para>Understand the basics of &unix; and FreeBSD (<xref
- linkend="basics"/>).</para>
+ <para>Understand the <link linkend="basics">basics of &unix;
+ and &os;</link>.</para>
</listitem>
</itemizedlist>
</sect1>
@@ -77,11 +70,11 @@
<sect1 id="users-introduction">
<title>Introduction</title>
- <para>All access to the system is achieved via accounts, and all
- processes are run by users, so user and account management are
- of integral importance on FreeBSD systems.</para>
+ <para>Since all access to the &os; system is achieved via accounts
+ and all processes are run by users, user and account management
+ is important.</para>
- <para>Every account on a FreeBSD system has certain information
+ <para>Every account on a &os; system has certain information
associated with it to identify the account.</para>
<variablelist>
@@ -89,13 +82,13 @@
<term>User name</term>
<listitem>
- <para>The user name as it would be typed at the
- <prompt>login:</prompt> prompt. User names must be unique
- across the computer; you may not have two users with the
- same user name. There are a number of rules for creating
- valid user names, documented in &man.passwd.5;; you would
- typically use user names that consist of eight or fewer
- all lower case characters.</para>
+ <para>The user name is typed at the <prompt>login:</prompt>
+ prompt. User names must be unique on the system as no two
+ users can have the same user name. There are a number of
+ rules for creating valid user names, documented in
+ &man.passwd.5;. Typically user names consist of eight or
+ fewer all lower case characters in order to maintain
+ backwards compatibility with applications.</para>
</listitem>
</varlistentry>
@@ -103,47 +96,48 @@
<term>Password</term>
<listitem>
- <para>Each account has a password associated with it. The
- password may be blank, in which case no password will be
- required to access the system. This is normally a very
- bad idea; every account should have a password.</para>
+ <para>Each account has an associated password. While the
+ password can be blank, this is highly discouraged and
+ every account should have a password.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>User ID (UID)</term>
+ <term>User ID (<acronym>UID</acronym>)</term>
<listitem>
- <para>The UID is a number, traditionally from 0 to
- 65535<footnote id="users-largeuidgid">
- <para>It is possible to use UID/GIDs as large as
- 4294967295, but such IDs can cause serious problems
- with software that makes assumptions about the values
- of IDs.</para>
+ <para>The User ID (<acronym>UID</acronym>) is a number,
+ traditionally from 0 to 65535<footnote
+ id="users-largeuidgid">
+ <para>It is possible to use
+ <acronym>UID</acronym>s/<acronym>GID</acronym>s as
+ large as 4294967295, but such IDs can cause serious
+ problems with software that makes assumptions about
+ the values of IDs.</para>
</footnote>, used to uniquely identify the user to the
- system. Internally, FreeBSD uses the UID to
- identify users—any FreeBSD commands that allow
- you to specify a user name will convert it to the UID
- before working with it. This means that you can have
- several accounts with different user names but the
- same UID. As far as FreeBSD is concerned these
- accounts are one user. It is unlikely you will ever
- need to do this.</para>
+ system. Internally, &os; uses the
+ <acronym>UID</acronym> to identify users. Commands that
+ allow a user name to be specified will first convert it to
+ the <acronym>UID</acronym>. Though unlikely, it is
+ possible for several accounts with different user names to
+ share the same <acronym>UID</acronym>. As far as &os; is
+ concerned, these accounts are one user.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>Group ID (GID)</term>
+ <term>Group ID (<acronym>GID</acronym>)</term>
<listitem>
- <para>The GID is a number, traditionally from 0 to
- 65535<footnoteref linkend="users-largeuidgid"/>, used to
- uniquely identify the primary group that the user belongs
- to. Groups are a mechanism for controlling access to
- resources based on a user's GID rather than their UID.
- This can significantly reduce the size of some
- configuration files. A user may also be in more than one
- group.</para>
+ <para>The Group ID (<acronym>GID</acronym>) is a number,
+ traditionally from 0 to 65535<footnoteref
+ linkend="users-largeuidgid"/>, used to uniquely identify
+ the primary group that the user belongs to. Groups are a
+ mechanism for controlling access to resources based on a
+ user's <acronym>GID</acronym> rather than their
+ <acronym>UID</acronym>. This can significantly reduce the
+ size of some configuration files. A user may also be a
+ member of more than one group.</para>
</listitem>
</varlistentry>
@@ -161,10 +155,10 @@
<term>Password change time</term>
<listitem>
- <para>By default FreeBSD does not force users to change
- their passwords periodically. You can enforce this on a
- per-user basis, forcing some or all of your users to
- change their passwords after a certain amount of time has
+ <para>By default &os; does not force users to change their
+ passwords periodically. This can be enforced on a
+ per-user basis, forcing some or all users to change their
+ passwords after a certain amount of time has
elapsed.</para>
</listitem>
</varlistentry>
@@ -173,11 +167,10 @@
<term>Account expiry time</term>
<listitem>
- <para>By default FreeBSD does not expire accounts. If you
- are creating accounts that you know have a limited
- lifespan, for example, in a school where you have accounts
- for the students, then you can specify when the account
- expires. After the expiry time has elapsed the account
+ <para>By default &os; does not expire accounts. When
+ creating accounts that need a limited lifespan, such as
+ student accounts in a school, specify the account expiry
+ date. After the expiry time has elapsed, the account
cannot be used to log in to the system, although the
account's directories and files will remain.</para>
</listitem>
@@ -187,9 +180,9 @@
<term>User's full name</term>
<listitem>
- <para>The user name uniquely identifies the account to
- FreeBSD, but does not necessarily reflect the user's real
- name. This information can be associated with the
+ <para>The user name uniquely identifies the account to &os;,
+ but does not necessarily reflect the user's real name.
+ This information can be associated with the
account.</para>
</listitem>
</varlistentry>
@@ -199,15 +192,14 @@
<listitem>
<para>The home directory is the full path to a directory on
- the system in which the user will start when logging on to
- the system. A common convention is to put all user home
- directories under
- <filename>/home/<replaceable>username</replaceable></filename>
- or
- <filename>/usr/home/<replaceable>username</replaceable></filename>.
- The user would store their personal files in their home
- directory, and any directories they may create in
- there.</para>
+ the system. This is the user's starting directory when
+ the user logs in. A common convention is to put all user
+ home directories under <filename
+ class="directory">/home/<replaceable>username</replaceable></filename>
+ or <filename
+ class="directory">/usr/home/<replaceable>username</replaceable></filename>.
+ Each user stores their personal files and subdirectories
+ in their own home directory.</para>
</listitem>
</varlistentry>
@@ -225,105 +217,105 @@
</variablelist>
<para>There are three main types of accounts: the <link
- linkend="users-superuser">Superuser</link>, <link
- linkend="users-system">system users</link>, and <link
- linkend="users-user">user accounts</link>. The Superuser
+ linkend="users-superuser">superuser</link>, <link
+ linkend="users-system">system accounts</link>, and <link
+ linkend="users-user">user accounts</link>. The superuser
account, usually called <username>root</username>, is used to
manage the system with no limitations on privileges. System
- users run services. Finally, user accounts are used by real
- people, who log on, read mail, and so forth.</para>
- </sect1>
+ accounts are used to run services. User accounts are
+ assigned to real people and are used to log in and use the
+ system.</para>
- <sect1 id="users-superuser">
- <title>The Superuser Account</title>
+ <sect2 id="users-superuser">
+ <title>The Superuser Account</title>
- <indexterm>
- <primary>accounts</primary>
- <secondary>superuser (root)</secondary>
- </indexterm>
- <para>The superuser account, usually called
- <username>root</username>, comes preconfigured to facilitate
- system administration, and should not be used for day-to-day
- tasks like sending and receiving mail, general exploration of
- the system, or programming.</para>
-
- <para>This is because the superuser, unlike normal user accounts,
- can operate without limits, and misuse of the superuser account
- may result in spectacular disasters. User accounts are unable
- to destroy the system by mistake, so it is generally best to use
- normal user accounts whenever possible, unless you especially
- need the extra privilege.</para>
-
- <para>You should always double and triple-check commands you issue
- as the superuser, since an extra space or missing character can
- mean irreparable data loss.</para>
-
- <para>So, the first thing you should do after reading this
- chapter is to create an unprivileged user account for yourself
- for general usage if you have not already. This applies equally
- whether you are running a multi-user or single-user machine.
- Later in this chapter, we discuss how to create additional
- accounts, and how to change between the normal user and
- superuser.</para>
- </sect1>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>superuser (root)</secondary>
+ </indexterm>
+ <para>The superuser account, usually called
+ <username>root</username>, is used to perform system
+ administration tasks and should not be used for day-to-day
+ tasks like sending and receiving mail, general exploration of
+ the system, or programming.</para>
+
+ <para>This is because the superuser, unlike normal user
+ accounts, can operate without limits, and misuse of the
+ superuser account may result in spectacular disasters. User
+ accounts are unable to destroy the system by mistake, so it is
+ generally best to use normal user accounts whenever possible,
+ unless extra privilege is required.</para>
+
+ <para>Always double and triple-check any commands issued as the
+ superuser, since an extra space or missing character can mean
+ irreparable data loss.</para>
+
+ <para>Always create a user account for the system administrator
+ and use this account to log in to the system for general
+ usage. This applies equally to multi-user or single-user
+ systems. Later sections will discuss how to create additional
+ accounts and how to change between the normal user and
+ superuser.</para>
+ </sect2>
- <sect1 id="users-system">
- <title>System Accounts</title>
+ <sect2 id="users-system">
+ <title>System Accounts</title>
- <indexterm>
- <primary>accounts</primary>
- <secondary>system</secondary>
- </indexterm>
- <para>System users are those used to run services such as DNS,
- mail, web servers, and so forth. The reason for this is
- security; if all services ran as the superuser, they could
- act without restriction.</para>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>system</secondary>
+ </indexterm>
+ <para>System accounts are used to run services such as DNS,
+ mail, and web servers. The reason for this is security; if
+ all services ran as the superuser, they could act without
+ restriction.</para>
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>daemon</username></secondary>
- </indexterm>
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>operator</username></secondary>
- </indexterm>
- <para>Examples of system users are <username>daemon</username>,
- <username>operator</username>, <username>bind</username> (for
- the Domain Name Service), <username>news</username>, and
- <username>www</username>.</para>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>daemon</username></secondary>
+ </indexterm>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>operator</username></secondary>
+ </indexterm>
+ <para>Examples of system accounts are
+ <username>daemon</username>, <username>operator</username>,
+ <username>bind</username>, <username>news</username>, and
+ <username>www</username>.</para>
- <indexterm>
- <primary>accounts</primary>
- <secondary><username>nobody</username></secondary>
- </indexterm>
- <para><username>nobody</username> is the generic unprivileged
- system user. However, it is important to keep in mind that the
- more services that use <username>nobody</username>, the more
- files and processes that user will become associated with, and
- hence the more privileged that user becomes.</para>
- </sect1>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary><username>nobody</username></secondary>
+ </indexterm>
+ <para><username>nobody</username> is the generic unprivileged
+ system account. However, the more services that use
+ <username>nobody</username>, the more files and processes that
+ user will become associated with, and hence the more
+ privileged that user becomes.</para>
+ </sect2>
- <sect1 id="users-user">
- <title>User Accounts</title>
+ <sect2 id="users-user">
+ <title>User Accounts</title>
- <indexterm>
- <primary>accounts</primary>
- <secondary>user</secondary>
- </indexterm>
- <para>User accounts are the primary means of access for real
- people to the system, and these accounts insulate the user and
- the environment, preventing the users from damaging the system
- or other users, and allowing users to customize their
- environment without affecting others.</para>
-
- <para>Every person accessing your system should have a unique user
- account. This allows you to find out who is doing what, prevent
- people from clobbering each others' settings or reading each
- others' mail, and so forth.</para>
-
- <para>Each user can set up their own environment to accommodate
- their use of the system, by using alternate shells, editors, key
- bindings, and language.</para>
+ <indexterm>
+ <primary>accounts</primary>
+ <secondary>user</secondary>
+ </indexterm>
+ <para>User accounts are the primary means of access for real
+ people to the system. User accounts insulate the user and
+ the environment, preventing users from damaging the system
+ or other users, and allowing users to customize their
+ environment without affecting others.</para>
+
+ <para>Every person accessing the system should have a unique
+ user account. This allows the administrator to find out who
+ is doing what, prevents users from clobbering each others'
+ settings or reading each others' mail, and so forth.</para>
+
+ <para>Each user can set up their own environment to accommodate
+ their use of the system, by using alternate shells, editors,
+ key bindings, and language.</para>
+ </sect2>
</sect1>
<sect1 id="users-modifying">
@@ -334,10 +326,9 @@
<secondary>modifying</secondary>
</indexterm>
- <para>There are a variety of different commands available in the
- &unix; environment to manipulate user accounts. The most common
- commands are summarized below, followed by more detailed
- examples of their usage.</para>
+ <para>&os; provides a variety of different commands to manage
+ user accounts. The most common commands are summarized below,
+ followed by more detailed examples of their usage.</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
@@ -365,7 +356,7 @@
<row>
<entry>&man.chpass.1;</entry>
- <entry>A flexible tool to change user database
+ <entry>A flexible tool for changing user database
information.</entry>
</row>
@@ -377,8 +368,8 @@
<row>
<entry>&man.pw.8;</entry>
- <entry>A powerful and flexible tool to modify all aspects
- of user accounts.</entry>
+ <entry>A powerful and flexible tool for modifying all
+ aspects of user accounts.</entry>
</row>
</tbody>
</tgroup>
@@ -399,14 +390,14 @@
class="directory">/usr/share/skel</filename></primary>
</indexterm>
<indexterm><primary>skeleton directory</primary></indexterm>
- <para>&man.adduser.8; is a simple program for
- adding new users. It creates entries in the system
- <filename>passwd</filename> and <filename>group</filename>
- files. It will also create a home directory for the new user,
- copy in the default configuration files
- (<quote>dotfiles</quote>) from
- <filename>/usr/share/skel</filename>, and can optionally mail
- the new user a welcome message.</para>
+ <para>&man.adduser.8; is a simple program for adding new users
+ When a new user is added, this program automatically updates
+ <filename>/etc/passwd</filename> and
+ <filename>/etc/group</filename>. It also creates a home
+ directory for the new user, copies in the default
+ configuration files from <filename
+ class="directory">/usr/share/skel</filename>, and can
+ optionally mail the new user a welcome message.</para>
<example>
<title>Adding a User on &os;</title>
@@ -444,9 +435,9 @@ Goodbye!
</example>
<note>
- <para>The password you type in is not echoed, nor are
- asterisks displayed. Make sure that you do not mistype the
- password.</para>
+ <para>Since the password is not echoed when typed, be careful
+ to not mistype the password when creating the user
+ account.</para>
</note>
</sect2>
@@ -459,14 +450,14 @@ Goodbye!
<secondary>removing</secondary>
</indexterm>
- <para>You can use &man.rmuser.8; to completely remove a user
- from the system. &man.rmuser.8; performs the following
+ <para>To completely remove a user from the system use
+ &man.rmuser.8;. This command performs the following
steps:</para>
<procedure>
<step>
- <para>Removes the user's &man.crontab.1; entry (if
- any).</para>
+ <para>Removes the user's &man.crontab.1; entry if one
+ exists.</para>
</step>
<step>
@@ -484,19 +475,20 @@ Goodbye!
</step>
<step>
- <para>Removes the user's home directory (if it is owned by
- the user).</para>
+ <para>Removes the user's home directory, if it is owned by
+ the user.</para>
</step>
<step>
<para>Removes the incoming mail files belonging to the user
- from <filename>/var/mail</filename>.</para>
+ from <filename
+ class="directory">/var/mail</filename>.</para>
</step>
<step>
<para>Removes all files owned by the user from temporary
- file storage areas such as
- <filename>/tmp</filename>.</para>
+ file storage areas such as <filename
+ class="directory">/tmp</filename>.</para>
</step>
<step>
@@ -505,7 +497,7 @@ Goodbye!
<note>
<para>If a group becomes empty and the group name is the
- same as the username, the group is removed; this
+ same as the username, the group is removed. This
complements the per-user unique groups created by
&man.adduser.8;.</para>
</note>
@@ -513,11 +505,11 @@ Goodbye!
</procedure>
<para>&man.rmuser.8; cannot be used to remove superuser
- accounts, since that is almost always an indication of massive
+ accounts since that is almost always an indication of massive
destruction.</para>
- <para>By default, an interactive mode is used, which attempts to
- make sure you know what you are doing.</para>
+ <para>By default, an interactive mode is used, as shown
+ in the following example.</para>
<example>
<title><command>rmuser</command> Interactive Account
@@ -542,24 +534,21 @@ Removing files belonging to jru from /va
<title><command>chpass</command></title>
<indexterm><primary><command>chpass</command></primary></indexterm>
- <para>&man.chpass.1; changes user database
+ <para>&man.chpass.1; can be used to change user database
information such as passwords, shells, and personal
information.</para>
- <para>Only system administrators, as the superuser, may change
- other users' information and passwords with
- &man.chpass.1;.</para>
+ <para>Only the superuser can change other users' information and
+ passwords with &man.chpass.1;.</para>
<para>When passed no options, aside from an optional username,
- &man.chpass.1; displays an editor
- containing user information. When the user exists from the
- editor, the user database is updated with the new
- information.</para>
+ &man.chpass.1; displays an editor containing user information.
+ When the user exists from the editor, the user database is
+ updated with the new information.</para>
<note>
- <para>You will be asked for your password
- after exiting the editor if you are not the
- superuser.</para>
+ <para>You will be asked for your password after exiting the
+ editor if you are not the superuser.</para>
</note>
<example>
@@ -583,8 +572,8 @@ Home Phone:
Other information:</screen>
</example>
- <para>The normal user can change only a small subset of this
- information, and only for themselves.</para>
+ <para>A user can change only a small subset of this
+ information, and only for their own user account.</para>
<example>
<title>Interactive <command>chpass</command> by Normal
@@ -600,15 +589,12 @@ Other information:</screen>
</example>
<note>
- <para>&man.chfn.1; and &man.chsh.1; are
- just links to &man.chpass.1;, as
- are &man.ypchpass.1;,
- &man.ypchfn.1;, and
- &man.ypchsh.1;. NIS support is automatic, so
- specifying the <literal>yp</literal> before the command is
- not necessary. If this is confusing to you, do not worry,
- NIS will be covered in <xref
- linkend="network-servers"/>.</para>
+ <para>&man.chfn.1; and &man.chsh.1; are links to
+ &man.chpass.1;, as are &man.ypchpass.1;, &man.ypchfn.1;, and
+ &man.ypchsh.1;. <acronym>NIS</acronym> support is
+ automatic, so specifying the <literal>yp</literal> before
+ the command is not necessary. How to configure NIS is
+ covered in <link linkend="network-servers"></link>.</para>
</note>
</sect2>
<sect2 id="users-passwd">
@@ -619,14 +605,15 @@ Other information:</screen>
<primary>accounts</primary>
<secondary>changing password</secondary>
</indexterm>
- <para>&man.passwd.1; is the usual way to
- change your own password as a user, or another user's password
- as the superuser.</para>
+ <para>&man.passwd.1; is the usual way to change your own
+ password as a user, or another user's password as the
+ superuser.</para>
<note>
- <para>To prevent accidental or unauthorized changes, the
- original password must be entered before a new password can
- be set.</para>
+ <para>To prevent accidental or unauthorized changes, the user
+ must enter their original password before a new password can
+ be set. This is not the case when the superuser changes a
+ user's password.</para>
</note>
<example>
@@ -654,10 +641,8 @@ passwd: done</screen>
</example>
<note>
- <para>As with &man.chpass.1;,
- &man.yppasswd.1; is just a link to
- &man.passwd.1;, so NIS works with either
- command.</para>
+ <para>As with &man.chpass.1;, &man.yppasswd.1; is a link to
+ &man.passwd.1;, so NIS works with either command.</para>
</note>
</sect2>
@@ -669,11 +654,11 @@ passwd: done</screen>
<para>&man.pw.8; is a command line utility to create, remove,
modify, and display users and groups. It functions as a front
- end to the system user and group files. &man.pw.8;
- has a very powerful set of command line options that make it
- suitable for use in shell scripts, but new users may find it
- more complicated than the other commands presented
- here.</para>
+ end to the system user and group files. &man.pw.8; has a very
+ powerful set of command line options that make it suitable for
+ use in shell scripts, but new users may find it more
+ complicated than the other commands presented in this
+ section.</para>
</sect2>
@@ -687,12 +672,10 @@ passwd: done</screen>
<primary>accounts</primary>
<secondary>limiting</secondary>
</indexterm>
- <para>If you have users, the ability to limit their system use may
- have come to mind. FreeBSD provides
- several ways an administrator can limit the amount of system
- resources an individual may use. These limits are
- divided into two sections: disk quotas, and other resource
- limits.</para>
+ <para>&os; provides several methods for an administrator to limit
+ the amount of system resources an individual may use. These
+ limits are discussed in two sections: disk quotas and other
+ resource limits.</para>
<indexterm><primary>quotas</primary></indexterm>
<indexterm>
@@ -700,11 +683,9 @@ passwd: done</screen>
<secondary>quotas</secondary>
</indexterm>
<indexterm><primary>disk quotas</primary></indexterm>
- <para>Disk quotas limit disk usage to users, and
- they
- provide a way to quickly check that usage without
- calculating it every time. Quotas are discussed in <xref
- linkend="quotas"/>.</para>
+ <para>Disk quotas limit disk usage to users and provide a way to
+ quickly check that usage without calculating it every time.
+ Quotas are discussed in <link linkend="quotas"></link>.</para>
<para>The other resource limits include ways to limit the amount
of CPU, memory, and other resources a user may consume. These
@@ -714,47 +695,45 @@ passwd: done</screen>
<primary><filename>/etc/login.conf</filename></primary>
</indexterm>
<para>Login classes are defined in
- <filename>/etc/login.conf</filename>. The precise semantics are
- beyond the scope of this section, but are described in detail in
- the &man.login.conf.5; manual page. It is sufficient to say
- that each user is assigned to a login class
- (<literal>default</literal> by default), and that each login
+ <filename>/etc/login.conf</filename> and are described in detail
+ in &man.login.conf.5;. Each user account is assigned to a login
+ class, <literal>default</literal> by default, and each login
class has a set of login capabilities associated with it. A
login capability is a
<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
pair, where <replaceable>name</replaceable> is a well-known
identifier and <replaceable>value</replaceable> is an arbitrary
- string processed accordingly depending on the name. Setting up
- login classes and capabilities is rather straight-forward and is
- also described in &man.login.conf.5;.</para>
+ string which is processed accordingly depending on the
+ <replaceable>name</replaceable>. Setting up login classes and
+ capabilities is rather straight-forward and is also described in
+ &man.login.conf.5;.</para>
<note>
- <para>The system does not normally read the configuration in
- <filename>/etc/login.conf</filename> directly, but reads the
- database file <filename>/etc/login.conf.db</filename> which
- provides faster lookups. To generate
- <filename>/etc/login.conf.db</filename> from
- <filename>/etc/login.conf</filename>, execute the following
- command:</para>
+ <para>&os; does not normally read the configuration in
+ <filename>/etc/login.conf</filename> directly, but instead
+ reads the <filename>/etc/login.conf.db</filename> database
+ which provides faster lookups. Whenever
+ <filename>/etc/login.conf</filename> is edited, the
+ <filename>/etc/login.conf.db</filename> must be updated by
+ executing the following command:</para>
<screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
</note>
- <para>Resource limits are different from plain vanilla login
- capabilities in two ways. First, for every limit, there is a
- soft (current) and hard limit. A soft limit may be adjusted by
- the user or application, but may be no higher than the hard
- limit. The latter may be lowered by the user, but never raised.
- Second, most resource limits apply per process to a specific
- user, not the user as a whole. Note, however, that these
+ <para>Resource limits differ from the default login capabilities
+ in two ways. First, for every limit, there is a soft (current)
+ and hard limit. A soft limit may be adjusted by the user or
+ application, but may not be set higher than the hard limit. The
+ hard limit may be lowered by the user, but can only be raised
+ by the superuser. Second, most resource limits apply per
+ process to a specific user, not to the user as a whole. These
differences are mandated by the specific handling of the limits,
- not by the implementation of the login capability framework
- (i.e., they are not <emphasis>really</emphasis> a special case
- of login capabilities).</para>
-
- <para>And so, without further ado, below are the most commonly
- used resource limits (the rest, along with all the other login
- capabilities, may be found in &man.login.conf.5;).</para>
+ not by the implementation of the login capability
+ framework.</para>
+
+ <para>Below are the most commonly used resource limits. The rest
+ of the limits, along with all the other login capabilities, can
+ be found in &man.login.conf.5;.</para>
<variablelist>
<varlistentry>
@@ -766,14 +745,13 @@ passwd: done</screen>
<secondary>coredumpsize</secondary>
</indexterm>
<para>The limit on the size of a core file generated by a
- program is, for obvious reasons, subordinate to other
- limits on disk usage (e.g., <literal>filesize</literal>,
- or disk quotas). Nevertheless, it is often used as a
- less-severe method of controlling disk space consumption:
- since users do not generate core files themselves, and
- often do not delete them, setting this may save them from
- running out of disk space should a large program (e.g.,
- <application>emacs</application>) crash.</para>
+ program is subordinate to other limits on disk usage, such
+ as <literal>filesize</literal>, or disk quotas.
+ This limit is often used as a less-severe method of
+ controlling disk space consumption. Since users do not
+ generate core files themselves, and often do not delete
+ them, setting this may save them from running out of disk
+ space should a large program crash.</para>
</listitem>
</varlistentry>
@@ -786,18 +764,14 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>cputime</secondary>
</indexterm>
- <para>This is the maximum amount of CPU time a user's
- process may consume. Offending processes will be killed
- by the kernel.</para>
+ <para>The maximum amount of CPU time a user's process may
+ consume. Offending processes will be killed by the
+ kernel.</para>
<note>
<para>This is a limit on CPU <emphasis>time</emphasis>
consumed, not percentage of the CPU as displayed in
- some fields by &man.top.1; and &man.ps.1;. A limit on
- the latter is, at the time of this writing, not
- possible, and would be rather useless: a
- compiler—probably a legitimate task—can
- easily use almost 100% of a CPU for some time.</para>
+ some fields by &man.top.1; and &man.ps.1;.</para>
</note>
</listitem>
</varlistentry>
@@ -811,10 +785,10 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>filesize</secondary>
</indexterm>
- <para>This is the maximum size of a file the user may
- possess. Unlike <link linkend="quotas">disk
- quotas</link>, this limit is enforced on individual
- files, not the set of all files a user owns.</para>
+ <para>The maximum size of a file the user may own. Unlike
+ <link linkend="quotas">disk quotas</link>, this limit is
+ enforced on individual files, not the set of all files a
+ user owns.</para>
</listitem>
</varlistentry>
@@ -827,17 +801,15 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>maxproc</secondary>
</indexterm>
- <para>This is the maximum number of processes a user may be
- running. This includes foreground and background
- processes alike. For obvious reasons, this may not be
- larger than the system limit specified by the
- <varname>kern.maxproc</varname> &man.sysctl.8;. Also note
- that setting this too small may hinder a user's
- productivity: it is often useful to be logged in multiple
- times or execute pipelines. Some tasks, such as
- compiling a large program, also spawn multiple processes
- (e.g., &man.make.1;, &man.cc.1;, and other intermediate
- preprocessors).</para>
+ <para>The maximum number of processes a user can run. This
+ includes foreground and background processes. This limit
+ may not be larger than the system limit specified by the
+ <varname>kern.maxproc</varname> &man.sysctl.8;. Setting
+ this limit too small may hinder a user's productivity as
+ it is often useful to be logged in multiple times or to
+ execute pipelines. Some tasks, such as compiling a large
+ program, spawn multiple processes and other intermediate
+ preprocessors.</para>
</listitem>
</varlistentry>
@@ -850,12 +822,11 @@ passwd: done</screen>
<primary>limiting users</primary>
<secondary>memorylocked</secondary>
</indexterm>
- <para>This is the maximum amount a memory a process may have
- requested to be locked into main memory (e.g., see
- &man.mlock.2;). Some system-critical programs, such as
- &man.amd.8;, lock into main memory such that in the event
- of being swapped out, they do not contribute to
- a system's thrashing in time of trouble.</para>
+ <para>The maximum amount of memory a process may request
+ to be locked into main memory using &man.mlock.2;. Some
+ system-critical programs, such as &man.amd.8;, lock into
+ main memory so that in the event of being swapped out,
+ they do not contribute to disk thrashing.</para>
</listitem>
</varlistentry>
@@ -865,12 +836,11 @@ passwd: done</screen>
<listitem>
<indexterm><primary>memoryuse</primary></indexterm>
<indexterm><primary>limiting users</primary>
- <secondary>memoryuse</secondary>
- </indexterm>
- <para>This is the maximum amount of memory a process may
- consume at any given time. It includes both core memory and
- swap usage. This is not a catch-all limit for restricting
- memory consumption, but it is a good start.</para>
+ <secondary>memoryuse</secondary></indexterm>
+ <para>The maximum amount of memory a process may consume at
+ any given time. It includes both core memory and swap
+ usage. This is not a catch-all limit for restricting
+ memory consumption, but is a good start.</para>
</listitem>
</varlistentry>
@@ -882,10 +852,10 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>openfiles</secondary>
</indexterm>
- <para>This is the maximum amount of files a process may have
- open. In FreeBSD, files are also used to represent
- sockets and IPC channels; thus, be careful not to set this
- too low. The system-wide limit for this is defined by the
+ <para>The maximum amount of files a process may have open.
+ In &os;, files are used to represent sockets and IPC
+ channels, so be careful not to set this too low. The
+ system-wide limit for this is defined by the
<varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
</listitem>
</varlistentry>
@@ -898,10 +868,8 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>sbsize</secondary>
</indexterm>
- <para>This is the limit on the amount of network memory, and
- thus mbufs, a user may consume. This originated as a
- response to an old DoS attack by creating a lot of
- sockets, but can be generally used to limit network
+ <para>The limit on the amount of network memory, and
+ thus mbufs, a user may consume in order to limit network
communications.</para>
</listitem>
</varlistentry>
@@ -914,10 +882,10 @@ passwd: done</screen>
<indexterm><primary>limiting users</primary>
<secondary>stacksize</secondary>
</indexterm>
- <para>This is the maximum size a process' stack may grow to.
- This alone is not sufficient to limit the amount of memory
- a program may use; consequently, it should be used in
- conjunction with other limits.</para>
+ <para>The maximum size of a process stack. This alone is
+ not sufficient to limit the amount of memory a program
+ may use so it should be used in conjunction with other
+ limits.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -936,25 +904,26 @@ passwd: done</screen>
<listitem>
<para>Although the <filename>/etc/login.conf</filename> that
comes with the system is a good source of reasonable values
- for most limits, only you, the administrator, can know what
- is appropriate for your system. Setting a limit too high
- may open your system up to abuse, while setting it too low
- may put a strain on productivity.</para>
+ for most limits, they may not be appropriate for every
+ system. Setting a limit too high may open the system up to
+ abuse, while setting it too low may put a strain on
+ productivity.</para>
</listitem>
<listitem>
- <para>Users of the X Window System (X11) should probably be
- granted more resources than other users. X11 by itself
- takes a lot of resources, but it also encourages users to
- run more programs simultaneously.</para>
+ <para>Users of <application>&xorg;</application> should
+ probably be granted more resources than other users.
+ <application>&xorg;</application> by itself takes a lot of
+ resources, but it also encourages users to run more programs
+ simultaneously.</para>
</listitem>
<listitem>
- <para>Remember that many limits apply to individual processes,
- not the user as a whole. For example, setting
+ <para>Many limits apply to individual processes, not the user
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list