svn commit: r43708 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Fri Jan 31 18:43:30 UTC 2014
Author: dru
Date: Fri Jan 31 18:43:29 2014
New Revision: 43708
URL: http://svnweb.freebsd.org/changeset/doc/43708
Log:
White space fix only. Translators can ignore.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 17:03:23 2014 (r43707)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 18:43:29 2014 (r43708)
@@ -113,9 +113,9 @@
</sect1>
<sect1 xml:id="network-inetd">
- <title>The <application>inetd</application>
+ <title>The <application>inetd</application>
Super-Server</title>
-
+
<!--
<sect1info>
<authorgroup>
@@ -133,53 +133,54 @@
</authorgroup>
</sect1info>
-->
-
- <para>The &man.inetd.8; daemon is sometimes referred to as a
- Super-Server because it manages
- connections for many services. Instead of starting multiple
- applications, only the <application>inetd</application> service
- needs to be started. When a connection is received
- for a service that is managed by <application>inetd</application>, it determines which
- program the connection is destined for, spawns a
- process for that program, and delegates the program a socket.
- Using <application>inetd</application>
- for services that are not heavily used can reduce
- system load, when compared to running each daemon individually
- in stand-alone mode.</para>
-
- <para>Primarily, <application>inetd</application> is used to
- spawn other daemons, but several trivial protocols are handled
- internally, such as <application>chargen</application>,
- <application>auth</application>,
- <application>time</application>,
- <application>echo</application>,
- <application>discard</application>, and
- <application>daytime</application>.</para>
- <para>This section covers the basics of configuring
- <application>inetd</application>.</para>
+ <para>The &man.inetd.8; daemon is sometimes referred to as a
+ Super-Server because it manages connections for many services.
+ Instead of starting multiple applications, only the
+ <application>inetd</application> service needs to be started.
+ When a connection is received for a service that is managed by
+ <application>inetd</application>, it determines which program
+ the connection is destined for, spawns a process for that
+ program, and delegates the program a socket. Using
+ <application>inetd</application> for services that are not
+ heavily used can reduce system load, when compared to running
+ each daemon individually in stand-alone mode.</para>
+
+ <para>Primarily, <application>inetd</application> is used to
+ spawn other daemons, but several trivial protocols are handled
+ internally, such as <application>chargen</application>,
+ <application>auth</application>,
+ <application>time</application>,
+ <application>echo</application>,
+ <application>discard</application>, and
+ <application>daytime</application>.</para>
+
+ <para>This section covers the basics of configuring
+ <application>inetd</application>.</para>
<sect2 xml:id="network-inetd-conf">
<title>Configuration File</title>
<para>Configuration of <application>inetd</application> is
- done by editing <filename>/etc/inetd.conf</filename>. Each line of this configuration file represents an application
+ done by editing <filename>/etc/inetd.conf</filename>. Each
+ line of this configuration file represents an application
which can be started by <application>inetd</application>. By
default, every line starts with a comment
- (<literal>#</literal>), meaning that <application>inetd</application>
- is not listening for any applications. To configure
- <application>inetd</application> to listen for an application's
- connections, remove the <literal>#</literal> at the beginning of
- the line for that application.</para>
-
- <para>After saving your edits, configure <application>inetd</application>
- to start at system boot by editing <filename>/etc/rc.conf</filename>:</para>
+ (<literal>#</literal>), meaning that
+ <application>inetd</application> is not listening for any
+ applications. To configure <application>inetd</application>
+ to listen for an application's connections, remove the
+ <literal>#</literal> at the beginning of the line for that
+ application.</para>
+
+ <para>After saving your edits, configure
+ <application>inetd</application> to start at system boot by
+ editing <filename>/etc/rc.conf</filename>:</para>
<programlisting>inetd_enable="YES"</programlisting>
- <para>To start
- <application>inetd</application> now, so that it listens for
- the service you configured, type:</para>
+ <para>To start <application>inetd</application> now, so that it
+ listens for the service you configured, type:</para>
<screen>&prompt.root; <userinput>service inetd start</userinput></screen>
@@ -192,16 +193,17 @@
Configuration File</title>
<screen>&prompt.root; <userinput>service inetd reload</userinput></screen>
- </example>
+ </example>
<para>Typically, the default entry for an application does not
- need to be edited beyond removing the <literal>#</literal>.
+ need to be edited beyond removing the <literal>#</literal>.
In some situations, it may be appropriate to edit the default
entry.</para>
- <para>As an example, this is the default entry for &man.ftpd.8; over IPv4:</para>
+ <para>As an example, this is the default entry for &man.ftpd.8;
+ over IPv4:</para>
- <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
+ <programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
<para>The seven columns in an entry are as follows:</para>
@@ -220,13 +222,13 @@ server-program-arguments</programlisting
<term>service-name</term>
<listitem>
- <para>The service name of the daemon to start.
- It must correspond to a service listed in
+ <para>The service name of the daemon to start. It must
+ correspond to a service listed in
<filename>/etc/services</filename>. This determines
which port <application>inetd</application> listens on
- for incoming connections to that service.
- When using a custom service, it must first be
- added to <filename>/etc/services</filename>.</para>
+ for incoming connections to that service. When using a
+ custom service, it must first be added to
+ <filename>/etc/services</filename>.</para>
</listitem>
</varlistentry>
@@ -236,8 +238,8 @@ server-program-arguments</programlisting
<listitem>
<para>Either <literal>stream</literal>,
<literal>dgram</literal>, <literal>raw</literal>, or
- <literal>seqpacket</literal>. Use <literal>stream</literal>
- for TCP connections and
+ <literal>seqpacket</literal>. Use
+ <literal>stream</literal> for TCP connections and
<literal>dgram</literal> for
<acronym>UDP</acronym> services.</para>
</listitem>
@@ -286,7 +288,8 @@ server-program-arguments</programlisting
<row>
<entry>udp46</entry>
- <entry>Both <acronym>UDP</acronym> IPv4 and IPv6</entry>
+ <entry>Both <acronym>UDP</acronym> IPv4 and
+ IPv6</entry>
</row>
</tbody>
</tgroup>
@@ -304,42 +307,40 @@ server-program-arguments</programlisting
<option>max-connections-per-ip-per-minute</option> and
<option>max-child-per-ip</option> are optional.</para>
- <para><option>wait|nowait</option> indicates whether or not the
- service is
- able to handle its own socket.
+ <para><option>wait|nowait</option> indicates whether or
+ not the service is able to handle its own socket.
<option>dgram</option> socket types must use the
- <option>wait</option> option while <option>stream</option>
- daemons, which are usually multi-threaded, should use
- <option>nowait</option>. <option>wait</option> usually
- hands off multiple sockets to a single daemon, while
- <option>nowait</option> spawns a child daemon for each
- new socket.</para>
+ <option>wait</option> option while
+ <option>stream</option> daemons, which are usually
+ multi-threaded, should use <option>nowait</option>.
+ <option>wait</option> usually hands off multiple sockets
+ to a single daemon, while <option>nowait</option> spawns
+ a child daemon for each new socket.</para>
<para>The maximum number of child daemons
<application>inetd</application> may spawn is set by
- <option>max-child</option>. For example, to limit
- ten instances of the daemon, place a
- <literal>/10</literal> after
- <option>nowait</option>. Specifying
+ <option>max-child</option>. For example, to limit ten
+ instances of the daemon, place a <literal>/10</literal>
+ after <option>nowait</option>. Specifying
<literal>/0</literal> allows an unlimited number of
children.</para>
<para><option>max-connections-per-ip-per-minute</option>
limits the number of connections from any particular
- <acronym>IP</acronym> address per minute. Once the limit
- is reached, further connections from this IP address
- will be dropped until the end of the minute. For example, a value
- of <literal>/10</literal> would limit any particular <acronym>IP</acronym>
- address to ten
- connection attempts per minute. <option>max-child-per-ip</option>
- limits the number of child processes that can be started on
- behalf on any single <acronym>IP</acronym> address at
- any moment. These options can limit
- excessive resource
- consumption and help to prevent Denial of Service attacks.</para>
+ <acronym>IP</acronym> address per minute. Once the
+ limit is reached, further connections from this IP
+ address will be dropped until the end of the minute.
+ For example, a value of <literal>/10</literal> would
+ limit any particular <acronym>IP</acronym> address to
+ ten connection attempts per minute.
+ <option>max-child-per-ip</option> limits the number of
+ child processes that can be started on behalf on any
+ single <acronym>IP</acronym> address at any moment.
+ These options can limit excessive resource consumption
+ and help to prevent Denial of Service attacks.</para>
- <para>An example can be seen in the default
- settings for &man.fingerd.8;:</para>
+ <para>An example can be seen in the default settings for
+ &man.fingerd.8;:</para>
<programlisting>finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s</programlisting>
</listitem>
@@ -361,10 +362,9 @@ server-program-arguments</programlisting
<term>server-program</term>
<listitem>
- <para>The full path to the daemon.
- If the daemon is a service
- provided by <application>inetd</application> internally,
- use <option>internal</option>.</para>
+ <para>The full path to the daemon. If the daemon is a
+ service provided by <application>inetd</application>
+ internally, use <option>internal</option>.</para>
</listitem>
</varlistentry>
@@ -372,11 +372,9 @@ server-program-arguments</programlisting
<term>server-program-arguments</term>
<listitem>
- <para>Used to
- specify any command
- arguments to be
- passed to the daemon on invocation. If
- the daemon is an internal service, use
+ <para>Used to specify any command arguments to be passed
+ to the daemon on invocation. If the daemon is an
+ internal service, use
<option>internal</option>.</para>
</listitem>
</varlistentry>
@@ -387,17 +385,17 @@ server-program-arguments</programlisting
<title>Command-Line Options</title>
<para>Like most server daemons, <application>inetd</application>
- has a number of options that can be used to
- modify its behaviour. By default,
- <application>inetd</application> is started with
- <literal>-wW -C 60</literal>. These options enable TCP wrappers for
- all services, including internal services, and prevent any
- <acronym>IP</acronym> address from requesting any
- service more than 60 times per minute.</para>
-
- <para>To change the default options which are passed to <application>inetd</application>,
- add an entry for <literal>inetd_flags</literal> in
- <filename>/etc/rc.conf</filename>. If
+ has a number of options that can be used to modify its
+ behaviour. By default, <application>inetd</application> is
+ started with <literal>-wW -C 60</literal>. These options
+ enable TCP wrappers for all services, including internal
+ services, and prevent any <acronym>IP</acronym> address from
+ requesting any service more than 60 times per minute.</para>
+
+ <para>To change the default options which are passed to
+ <application>inetd</application>, add an entry for
+ <literal>inetd_flags</literal> in
+ <filename>/etc/rc.conf</filename>. If
<application>inetd</application> is already running, restart
it with <command>service inetd restart</command>.</para>
@@ -409,9 +407,10 @@ server-program-arguments</programlisting
<listitem>
<para>Specify the default maximum number of simultaneous
- invocations of each service, where the default is unlimited.
- May be overridden on a per-service basis by using
- <option>max-child</option> in <filename>/etc/inetd.conf</filename>.</para>
+ invocations of each service, where the default is
+ unlimited. May be overridden on a per-service basis by
+ using <option>max-child</option> in
+ <filename>/etc/inetd.conf</filename>.</para>
</listitem>
</varlistentry>
@@ -421,8 +420,8 @@ server-program-arguments</programlisting
<listitem>
<para>Specify the default maximum number of times a
service can be invoked from a single
- <acronym>IP</acronym> address per minute. May be overridden on a per-service basis
- by using
+ <acronym>IP</acronym> address per minute. May be
+ overridden on a per-service basis by using
<option>max-connections-per-ip-per-minute</option> in
<filename>/etc/inetd.conf</filename>.</para>
</listitem>
@@ -433,7 +432,8 @@ server-program-arguments</programlisting
<listitem>
<para>Specify the maximum number of times a service can be
- invoked in one minute, where the default is <literal>256</literal>. A rate of <literal>0</literal>
+ invoked in one minute, where the default is
+ <literal>256</literal>. A rate of <literal>0</literal>
allows an unlimited number.</para>
</listitem>
</varlistentry>
@@ -446,13 +446,14 @@ server-program-arguments</programlisting
invoked from a single <acronym>IP</acronym> address at
any one time, where the default is unlimited. May be
overridden on a per-service basis by using
- <option>max-child-per-ip</option> in <filename>/etc/inetd.conf</filename>.</para>
+ <option>max-child-per-ip</option> in
+ <filename>/etc/inetd.conf</filename>.</para>
</listitem>
</varlistentry>
</variablelist>
- <para>Additional options are available. Refer to &man.inetd.8; for
- the full list of options.</para>
+ <para>Additional options are available. Refer to &man.inetd.8;
+ for the full list of options.</para>
</sect2>
<sect2 xml:id="network-inetd-security">
@@ -460,19 +461,18 @@ server-program-arguments</programlisting
<para>Many of the daemons which can be managed by
<application>inetd</application> are not security-conscious.
- Some daemons, such as
- <application>fingerd</application>, can
- provide information that may be useful to an
- attacker. Only enable the services which are needed and
- monitor the system for excessive connection attempts.
+ Some daemons, such as <application>fingerd</application>, can
+ provide information that may be useful to an attacker. Only
+ enable the services which are needed and monitor the system
+ for excessive connection attempts.
<literal>max-connections-per-ip-per-minute</literal>,
<literal>max-child</literal> and
<literal>max-child-per-ip</literal> can be used to limit such
attacks.</para>
<para>By default, TCP wrappers is enabled. Consult
- &man.hosts.access.5; for more information on
- placing TCP restrictions on various
+ &man.hosts.access.5; for more information on placing TCP
+ restrictions on various
<application>inetd</application> invoked daemons.</para>
</sect2>
</sect1>
@@ -657,28 +657,28 @@ mountd_flags="-r"</programlisting>
read-only, preventing clients from making any changes to
those exported file systems.</para>
- <para>The next example exports
- <filename>/home</filename> to three clients
- by <acronym>IP</acronym> address. This can be useful for
- networks without <acronym>DNS</acronym>. Optionally,
- <filename>/etc/hosts</filename> could be configured for
- internal hostnames; please review &man.hosts.5; for more
- information. The <literal>-alldirs</literal> flag allows
- subdirectories to be mount points. In other words, it will
- not mount the subdirectories but permit the client to mount
- only the directories that are required or needed.</para>
+ <para>The next example exports <filename>/home</filename> to
+ three clients by <acronym>IP</acronym> address. This can be
+ useful for networks without <acronym>DNS</acronym>.
+ Optionally, <filename>/etc/hosts</filename> could be
+ configured for internal hostnames; please review &man.hosts.5;
+ for more information. The <literal>-alldirs</literal> flag
+ allows subdirectories to be mount points. In other words, it
+ will not mount the subdirectories but permit the client to
+ mount only the directories that are required or needed.</para>
<programlisting>/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4</programlisting>
- <para>This next line exports
- <filename>/a</filename> so that two clients
- from different domains may access the file system. The
- <option>-maproot=root</option> flag allows the
- <systemitem class="username">root</systemitem> user on the remote system to write
- data on the exported file system as <systemitem class="username">root</systemitem>.
- If the <literal>-maproot=root</literal> flag is not specified,
- the client's <systemitem class="username">root</systemitem> user will be mapped to
- the server's <systemitem class="username">nobody</systemitem> account and will be
+ <para>This next line exports <filename>/a</filename> so that two
+ clients from different domains may access the file system.
+ The <option>-maproot=root</option> flag allows the
+ <systemitem class="username">root</systemitem> user on the
+ remote system to write data on the exported file system as
+ <systemitem class="username">root</systemitem>. If the
+ <literal>-maproot=root</literal> flag is not specified, the
+ client's <systemitem class="username">root</systemitem> user
+ will be mapped to the server's <systemitem
+ class="username">nobody</systemitem> account and will be
subject to the access limitations defined for user,
<systemitem class="username">nobody</systemitem>.</para>
@@ -692,16 +692,16 @@ mountd_flags="-r"</programlisting>
the export information for one file system to one or more
clients. A remote host can only be specified once per file
system. For example, assume that
- <filename>/usr</filename> is a single file
- system. This entry, in <filename>/etc/exports</filename>,
- would be invalid:</para>
+ <filename>/usr</filename> is a single file system. This
+ entry, in <filename>/etc/exports</filename>, would be
+ invalid:</para>
<programlisting># Invalid when /usr is one file system
/usr/src client
/usr/ports client</programlisting>
- <para>The <filename>/usr</filename> file
- system has two lines specifying exports to the same host,
+ <para>The <filename>/usr</filename> file system has two lines
+ specifying exports to the same host,
<systemitem>client</systemitem>. The correct format for this
situation is:</para>
@@ -713,9 +713,8 @@ mountd_flags="-r"</programlisting>
system.</para>
<para>The following is an example of a valid export list, where
- <filename>/usr</filename> and
- <filename>/exports</filename> are local
- file systems:</para>
+ <filename>/usr</filename> and <filename>/exports</filename>
+ are local file systems:</para>
<programlisting># Export src and ports to client01 and client02, but only
# client01 has root privileges on it
@@ -739,7 +738,8 @@ mountd_flags="-r"</programlisting>
<para>On a new server being configured with
<acronym>NFS</acronym> services, the server can be started by
- running this command as <systemitem class="username">root</systemitem>:</para>
+ running this command as <systemitem
+ class="username">root</systemitem>:</para>
<screen>&prompt.root; <userinput>service nfsd start</userinput></screen>
@@ -750,9 +750,10 @@ mountd_flags="-r"</programlisting>
<para>The client now has everything it needs to mount a remote
file system. In these examples, the server's name is
<systemitem>server</systemitem> and the client's name is
- <systemitem>client</systemitem>. For testing or to temporarily mount
- a remote file system, execute <application>mount</application>
- as <systemitem class="username">root</systemitem> on
+ <systemitem>client</systemitem>. For testing or to
+ temporarily mount a remote file system, execute
+ <application>mount</application> as <systemitem
+ class="username">root</systemitem> on
<systemitem>client</systemitem>:</para>
<indexterm>
@@ -762,16 +763,16 @@ mountd_flags="-r"</programlisting>
<screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
<para>This mounts the <systemitem>server</systemitem>:
- <filename>/home</filename> file system to
- the <systemitem>client</systemitem>:
- <filename>/mnt</filename> mount point. The
- files and directories in the <systemitem>server</systemitem>
- <filename>/home</filename> file system will
- now be available on <systemitem>client</systemitem>, in the
+ <filename>/home</filename> file system to the
+ <systemitem>client</systemitem>:
+ <filename>/mnt</filename> mount point. The files and
+ directories in the <systemitem>server</systemitem>
+ <filename>/home</filename> file system will now be available
+ on <systemitem>client</systemitem>, in the
<filename>/mnt</filename> directory.</para>
- <para>To mount a remote file system each time the client
- boots, add it to <filename>/etc/fstab</filename>:</para>
+ <para>To mount a remote file system each time the client boots,
+ add it to <filename>/etc/fstab</filename>:</para>
<programlisting>server:/home /mnt nfs rw 0 0</programlisting>
@@ -786,8 +787,8 @@ mountd_flags="-r"</programlisting>
require file locking to operate correctly. In the case of
<acronym>NFS</acronym>, <application>rpc.lockd</application>
can be used for file locking. To enable it, add this line to
- <filename>/etc/rc.conf</filename> on both client
- and server:</para>
+ <filename>/etc/rc.conf</filename> on both client and
+ server:</para>
<programlisting>rpc_lockd_enable="YES"
rpc_statd_enable="YES"</programlisting>
@@ -796,8 +797,8 @@ rpc_statd_enable="YES"</programlisting>
<acronym>NFS</acronym> client and server are already
configured.</para>
- <para>Start the application, as <systemitem class="username">root</systemitem>,
- with:</para>
+ <para>Start the application, as <systemitem
+ class="username">root</systemitem>, with:</para>
<screen>&prompt.root; <userinput>service lockd start</userinput>
&prompt.root; <userinput>service statd start</userinput></screen>
@@ -805,8 +806,7 @@ rpc_statd_enable="YES"</programlisting>
<para>If locking is not required on the server, the
<acronym>NFS</acronym> client can be configured to lock
locally by passing <option>-L</option> to &man.mount.nfs.8;.
- Refer to &man.mount.nfs.8; for further
- details.</para>
+ Refer to &man.mount.nfs.8; for further details.</para>
</sect2>
<sect2>
@@ -836,10 +836,11 @@ rpc_statd_enable="YES"</programlisting>
</listitem>
<listitem>
- <para>Several clients may need access to the <filename>/usr/ports/distfiles</filename>
- directory. Sharing that directory allows for quick access
- to the source files without having to download them to
- each client.</para>
+ <para>Several clients may need access to the
+ <filename>/usr/ports/distfiles</filename> directory.
+ Sharing that directory allows for quick access to the
+ source files without having to download them to each
+ client.</para>
</listitem>
</itemizedlist>
</sect2>
@@ -886,14 +887,15 @@ rpc_statd_enable="YES"</programlisting>
<filename>/net</filename> directories. When
a file is accessed within one of these directories,
<application>amd</application> looks up the corresponding
- remote mount and automatically mounts it. <filename>/net</filename> is used to mount an
- exported file system from an <acronym>IP</acronym> address,
- while <filename>/host</filename> is used to
- mount an export from a remote hostname.</para>
+ remote mount and automatically mounts it.
+ <filename>/net</filename> is used to mount an exported file
+ system from an <acronym>IP</acronym> address, while
+ <filename>/host</filename> is used to mount an export from a
+ remote hostname.</para>
<para>For instance, an attempt to access a file within
- <filename>/host/foobar/usr</filename> would
- tell <application>amd</application> to mount the
+ <filename>/host/foobar/usr</filename> would tell
+ <application>amd</application> to mount the
<filename>/usr</filename> export on the host
<systemitem>foobar</systemitem>.</para>
@@ -901,10 +903,9 @@ rpc_statd_enable="YES"</programlisting>
<title>Mounting an Export with
<application>amd</application></title>
- <para><command>showmount -e</command> shows the
- exported file systems that can be mounted from
- the <acronym>NFS</acronym> server,
- <systemitem>foobar</systemitem>:</para>
+ <para><command>showmount -e</command> shows the exported file
+ systems that can be mounted from the <acronym>NFS</acronym>
+ server, <systemitem>foobar</systemitem>:</para>
<screen>&prompt.user; <userinput>showmount -e foobar</userinput>
Exports list on foobar:
@@ -914,13 +915,13 @@ Exports list on foobar:
</example>
<para>The output from <command>showmount</command> shows
- <filename>/usr</filename> as an export.
- When changing directories to
- <filename>/host/foobar/usr</filename>,
+ <filename>/usr</filename> as an export. When changing
+ directories to <filename>/host/foobar/usr</filename>,
<application>amd</application> intercepts the request and
- attempts to resolve the hostname <systemitem>foobar</systemitem>. If
- successful, <application>amd</application> automatically
- mounts the desired export.</para>
+ attempts to resolve the hostname
+ <systemitem>foobar</systemitem>. If successful,
+ <application>amd</application> automatically mounts the
+ desired export.</para>
<para><application>amd</application> is enabled by placing
this line in <filename>/etc/rc.conf</filename>:</para>
@@ -942,8 +943,8 @@ Exports list on foobar:
<filename>/etc/amd.conf</filename> defines some of the more
advanced features of <application>amd</application>.</para>
- <para>Consult &man.amd.8; and &man.amd.conf.5;
- for more information.</para>
+ <para>Consult &man.amd.8; and &man.amd.conf.5; for more
+ information.</para>
</sect2>
</sect1>
@@ -1193,32 +1194,37 @@ Exports list on foobar:
<tbody>
<row>
<entry><systemitem>ellington</systemitem></entry>
- <entry><systemitem class="ipaddress">10.0.0.2</systemitem></entry>
+ <entry><systemitem
+ class="ipaddress">10.0.0.2</systemitem></entry>
<entry><acronym>NIS</acronym> master</entry>
</row>
<row>
<entry><systemitem>coltrane</systemitem></entry>
- <entry><systemitem class="ipaddress">10.0.0.3</systemitem></entry>
+ <entry><systemitem
+ class="ipaddress">10.0.0.3</systemitem></entry>
<entry><acronym>NIS</acronym> slave</entry>
</row>
<row>
<entry><systemitem>basie</systemitem></entry>
- <entry><systemitem class="ipaddress">10.0.0.4</systemitem></entry>
+ <entry><systemitem
+ class="ipaddress">10.0.0.4</systemitem></entry>
<entry>Faculty workstation</entry>
</row>
<row>
<entry><systemitem>bird</systemitem></entry>
- <entry><systemitem class="ipaddress">10.0.0.5</systemitem></entry>
+ <entry><systemitem
+ class="ipaddress">10.0.0.5</systemitem></entry>
<entry>Client machine</entry>
</row>
<row>
<entry><systemitem>cli[1-11]</systemitem></entry>
<entry>
- <systemitem class="ipaddress">10.0.0.[6-17]</systemitem></entry>
+ <systemitem
+ class="ipaddress">10.0.0.[6-17]</systemitem></entry>
<entry>Other client machines</entry>
</row>
</tbody>
@@ -1376,8 +1382,8 @@ nis_client_flags="-S <replaceable>NIS do
<primary>NIS</primary>
<secondary>maps</secondary>
</indexterm>
- <para><acronym>NIS</acronym> maps
- are generated from the configuration files in <filename>/etc</filename> on the
+ <para><acronym>NIS</acronym> maps are generated from the
+ configuration files in <filename>/etc</filename> on the
<acronym>NIS</acronym> master, with one exception:
<filename>/etc/master.passwd</filename>. This is to
prevent the propagation of passwords to all the servers in
@@ -1392,8 +1398,8 @@ nis_client_flags="-S <replaceable>NIS do
<para>It is advisable to remove all entries for system
accounts as well as any user accounts that do not need to
be propagated to the <acronym>NIS</acronym> clients, such
- as the <systemitem class="username">root</systemitem> and any other
- administrative accounts.</para>
+ as the <systemitem class="username">root</systemitem> and
+ any other administrative accounts.</para>
<note><para>Ensure that the
<filename>/var/yp/master.passwd</filename> is neither
@@ -1603,8 +1609,7 @@ Remember to update map ypservers on elli
<para>Edit <filename>/etc/rc.conf</filename> and add the
following lines in order to set the
<acronym>NIS</acronym> domain name and start
- &man.ypbind.8; during network
- startup:</para>
+ &man.ypbind.8; during network startup:</para>
<programlisting>nisdomainname="test-domain"
nis_client_enable="YES"</programlisting>
@@ -1618,7 +1623,8 @@ nis_client_enable="YES"</programlisting>
<filename>/etc/master.passwd</filename>. When
removing the accounts, keep in mind that at least one
local account should remain and this account should be
- a member of <systemitem class="groupname">wheel</systemitem>. If there is
+ a member of <systemitem
+ class="groupname">wheel</systemitem>. If there is
a problem with <acronym>NIS</acronym>, this local
account can be used to log in remotely, become the
superuser, and fix the problem. Before saving the
@@ -1633,8 +1639,8 @@ nis_client_enable="YES"</programlisting>
account on the client. There are many ways to
configure the <acronym>NIS</acronym> client by
modifying this line. One method is described in
- <xref linkend="network-netgroups"/>. For
- more detailed reading, refer to the book
+ <xref linkend="network-netgroups"/>. For more
+ detailed reading, refer to the book
<literal>Managing NFS and NIS</literal>, published
by O'Reilly Media.</para>
</step>
@@ -1728,27 +1734,27 @@ nis_client_enable="YES"</programlisting>
<sect3>
<title>Barring Some Users</title>
- <para>In this example, the <systemitem>basie</systemitem> system
- is a faculty workstation within the <acronym>NIS</acronym>
- domain. The <filename>passwd</filename> map on the master
+ <para>In this example, the <systemitem>basie</systemitem>
+ system is a faculty workstation within the
+ <acronym>NIS</acronym> domain. The
+ <filename>passwd</filename> map on the master
<acronym>NIS</acronym> server contains accounts for both
faculty and students. This section demonstrates how to
allow faculty logins on this system while refusing student
logins.</para>
- <para>To prevent specified users from logging on to a
- system, even if they are present in the
+ <para>To prevent specified users from logging on to a system,
+ even if they are present in the
<acronym>NIS</acronym> database, use <command>vipw</command>
- to add
- <literal>-username</literal> with
- the correct number of colons towards the end of
+ to add <literal>-username</literal> with the correct number
+ of colons towards the end of
<filename>/etc/master.passwd</filename> on the client,
where <replaceable>username</replaceable> is the username of
a user to bar from logging in. The line with the blocked
user must be before the <literal>+</literal> line that
allows <acronym>NIS</acronym> users. In this example,
- <systemitem class="username">bill</systemitem> is barred from logging on to
- <systemitem>basie</systemitem>:</para>
+ <systemitem class="username">bill</systemitem> is barred
+ from logging on to <systemitem>basie</systemitem>:</para>
<screen>basie&prompt.root; <userinput>cat /etc/master.passwd</userinput>
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
@@ -1824,21 +1830,24 @@ basie&prompt.root;</screen>
</row>
<row>
- <entry><systemitem class="username">charlie</systemitem>,
- <systemitem class="username">delta</systemitem></entry>
+ <entry><systemitem
+ class="username">charlie</systemitem>, <systemitem
+ class="username">delta</systemitem></entry>
<entry>IT department apprentices</entry>
</row>
<row>
<entry><systemitem class="username">echo</systemitem>,
<systemitem class="username">foxtrott</systemitem>,
- <systemitem class="username">golf</systemitem>, ...</entry>
+ <systemitem class="username">golf</systemitem>,
+ ...</entry>
<entry>employees</entry>
</row>
<row>
<entry><systemitem class="username">able</systemitem>,
- <systemitem class="username">baker</systemitem>, ...</entry>
+ <systemitem class="username">baker</systemitem>,
+ ...</entry>
<entry>interns</entry>
</row>
</tbody>
@@ -1861,7 +1870,8 @@ basie&prompt.root;</screen>
<!-- Names taken from "Good Omens" by Neil Gaiman and Terry
Pratchett. Many thanks for a brilliant book. -->
<entry><systemitem>war</systemitem>,
- <systemitem>death</systemitem>, <systemitem>famine</systemitem>,
+ <systemitem>death</systemitem>,
+ <systemitem>famine</systemitem>,
<systemitem>pollution</systemitem></entry>
<entry>Only IT employees are allowed to log onto these
servers.</entry>
@@ -1869,16 +1879,21 @@ basie&prompt.root;</screen>
<row>
<!-- gluttony was omitted because it was too fat -->
- <entry><systemitem>pride</systemitem>, <systemitem>greed</systemitem>,
- <systemitem>envy</systemitem>, <systemitem>wrath</systemitem>,
- <systemitem>lust</systemitem>, <systemitem>sloth</systemitem></entry>
+ <entry><systemitem>pride</systemitem>,
+ <systemitem>greed</systemitem>,
+ <systemitem>envy</systemitem>,
+ <systemitem>wrath</systemitem>,
+ <systemitem>lust</systemitem>,
+ <systemitem>sloth</systemitem></entry>
<entry>All members of the IT department are allowed to
login onto these servers.</entry>
</row>
<row>
- <entry><systemitem>one</systemitem>, <systemitem>two</systemitem>,
- <systemitem>three</systemitem>, <systemitem>four</systemitem>,
+ <entry><systemitem>one</systemitem>,
+ <systemitem>two</systemitem>,
+ <systemitem>three</systemitem>,
+ <systemitem>four</systemitem>,
...</entry>
<entry>Ordinary workstations used by
employees.</entry>
@@ -2567,8 +2582,11 @@ result: 0 Success
by the client to obtain the addressing information. &os; does
not install a <acronym>DHCP</acronym> server, but several
servers are available in the &os; Ports Collection. The
- <acronym>DHCP</acronym> protocol is fully described in <link xlink:href="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</link>.
- Informational resources are also available at <link xlink:href="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</link>.</para>
+ <acronym>DHCP</acronym> protocol is fully described in <link
+ xlink:href="http://www.freesoft.org/CIE/RFC/2131/">RFC
+ 2131</link>.
+ Informational resources are also available at <link
+ xlink:href="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</link>.</para>
<para>This section describes how to use the built-in
<acronym>DHCP</acronym> client. It then describes how to
@@ -2706,7 +2724,8 @@ result: 0 Success
to act as a <acronym>DHCP</acronym> server using the Internet
Systems Consortium (<acronym>ISC</acronym>) implementation of
the <acronym>DHCP</acronym> server. This implementation and
- its documentation can be installed using the <package>net/isc-dhcp42-server</package> package or
+ its documentation can be installed using the
+ <package>net/isc-dhcp42-server</package> package or
port.</para>
<indexterm>
@@ -2719,8 +2738,9 @@ result: 0 Success
<secondary>installation</secondary>
</indexterm>
- <para>The installation of <package>net/isc-dhcp42-server</package> installs a
- sample configuration file. Copy
+ <para>The installation of
+ <package>net/isc-dhcp42-server</package> installs a sample
+ configuration file. Copy
<filename>/usr/local/etc/dhcpd.conf.example</filename> to
<filename>/usr/local/etc/dhcpd.conf</filename> and make any
edits to this new file.</para>
@@ -2898,9 +2918,10 @@ dhcpd_ifaces="dc0"</programlisting>
one <acronym>DHCP</acronym> server forwards a request
from a client to another <acronym>DHCP</acronym> server
on a separate network. If this functionality is
- required, install the <package>net/isc-dhcp42-relay</package>
- package or port. The installation includes dhcrelay(8)
- which provides more detail.</para>
+ required, install the
+ <package>net/isc-dhcp42-relay</package> package or port.
+ The installation includes dhcrelay(8) which provides
+ more detail.</para>
</listitem>
</itemizedlist>
</sect2>
@@ -2939,7 +2960,8 @@ dhcpd_ifaces="dc0"</programlisting>
is the most common implementation of the <acronym>DNS</acronym>
protocol. The &os; version provides enhanced security features,
a new file system layout, and automated &man.chroot.8;
- configuration. BIND is maintained by the <link xlink:href="https://www.isc.org/">isc.org</link>. It is not
+ configuration. BIND is maintained by the <link
+ xlink:href="https://www.isc.org/">isc.org</link>. It is not
necessary to run a name server to perform <acronym>DNS</acronym>
lookups on a system.</para>
@@ -3028,8 +3050,8 @@ dhcpd_ifaces="dc0"</programlisting>
<itemizedlist>
<listitem>
- <para><systemitem>.</systemitem> is how the root zone is usually
- referred to in documentation.</para>
+ <para><systemitem>.</systemitem> is how the root zone is
+ usually referred to in documentation.</para>
</listitem>
<listitem>
@@ -3038,24 +3060,28 @@ dhcpd_ifaces="dc0"</programlisting>
</listitem>
<listitem>
- <para><systemitem class="fqdomainname">example.org.</systemitem> is a
+ <para><systemitem
+ class="fqdomainname">example.org.</systemitem> is a
zone under the <systemitem>org.</systemitem>
<acronym>TLD</acronym>.</para>
</listitem>
<listitem>
- <para><systemitem>1.168.192.in-addr.arpa</systemitem> is a zone
- referencing all <acronym>IP</acronym> addresses which fall
- under the <systemitem class="ipaddress">192.168.1.*</systemitem>
+ <para><systemitem>1.168.192.in-addr.arpa</systemitem> is a
+ zone referencing all <acronym>IP</acronym> addresses which
+ fall under the <systemitem
+ class="ipaddress">192.168.1.*</systemitem>
<acronym>IP</acronym> address space.</para>
</listitem>
</itemizedlist>
<para>As one can see, the more specific part of a hostname
- appears to its left. For example, <systemitem class="fqdomainname">example.org.</systemitem> is more specific than
- <systemitem>org.</systemitem>, as <systemitem>org.</systemitem> is more specific
- than the root zone. The layout of each part of a hostname is
- much like a file system: the <filename>/dev</filename> directory falls within the
+ appears to its left. For example, <systemitem
+ class="fqdomainname">example.org.</systemitem> is more
+ specific than <systemitem>org.</systemitem>, as
+ <systemitem>org.</systemitem> is more specific than the root
+ zone. The layout of each part of a hostname is much like a file
+ system: the <filename>/dev</filename> directory falls within the
root, and so on.</para>
<sect2>
@@ -3074,8 +3100,8 @@ dhcpd_ifaces="dc0"</programlisting>
</listitem>
<listitem>
- <para>A domain, such as
- <systemitem class="fqdomainname">example.org</systemitem>, is
+ <para>A domain, such as <systemitem
+ class="fqdomainname">example.org</systemitem>, is
registered and <acronym>IP</acronym> addresses need to be
assigned to hostnames under it.</para>
</listitem>
@@ -3102,10 +3128,10 @@ dhcpd_ifaces="dc0"</programlisting>
</listitem>
</itemizedlist>
- <para>When one queries for
- <systemitem class="fqdomainname">www.FreeBSD.org</systemitem>, the resolver
- usually queries the uplink <acronym>ISP</acronym>'s name
- server, and retrieves the reply. With a local, caching
+ <para>When one queries for <systemitem
+ class="fqdomainname">www.FreeBSD.org</systemitem>, the
+ resolver usually queries the uplink <acronym>ISP</acronym>'s
+ name server, and retrieves the reply. With a local, caching
<acronym>DNS</acronym> server, the query only has to be made
once to the outside world by the caching
<acronym>DNS</acronym> server. Additional queries will not
@@ -3286,8 +3312,8 @@ options {
name server, enabling this may be worthwhile.</para>
<warning>
- <para><systemitem class="ipaddress">127.0.0.1</systemitem> will
- <emphasis>not</emphasis> work here. Change this
+ <para><systemitem class="ipaddress">127.0.0.1</systemitem>
+ will <emphasis>not</emphasis> work here. Change this
<acronym>IP</acronym> address to a name server at the
uplink.</para>
</warning>
@@ -3538,8 +3564,8 @@ zone "1.168.192.in-addr.arpa" {
to <filename>named.conf</filename>.</para>
<para>For example, the simplest zone entry for
- <systemitem class="fqdomainname">example.org</systemitem> can look
- like:</para>
+ <systemitem class="fqdomainname">example.org</systemitem>
+ can look like:</para>
<programlisting>zone "example.org" {
type master;
@@ -3573,8 +3599,8 @@ zone "1.168.192.in-addr.arpa" {
<secondary>zone files</secondary>
</indexterm>
- <para>An example master zone file for
- <systemitem class="fqdomainname">example.org</systemitem> (existing
+ <para>An example master zone file for <systemitem
+ class="fqdomainname">example.org</systemitem> (existing
within <filename>/etc/namedb/master/example.org</filename>)
is as follows:</para>
@@ -3677,7 +3703,8 @@ www IN CNAME example.
<variablelist>
<varlistentry>
- <term><systemitem class="fqdomainname">example.org.</systemitem></term>
+ <term><systemitem
+ class="fqdomainname">example.org.</systemitem></term>
<listitem>
<para>the domain name, also the origin for this
@@ -3686,7 +3713,8 @@ www IN CNAME example.
</varlistentry>
<varlistentry>
- <term><systemitem class="fqdomainname">ns1.example.org.</systemitem></term>
+ <term><systemitem
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-head
mailing list