svn commit: r40777 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/users
Dru Lavigne
dru at FreeBSD.org
Mon Jan 28 15:00:59 UTC 2013
Author: dru
Date: Mon Jan 28 15:00:58 2013
New Revision: 40777
URL: http://svnweb.freebsd.org/changeset/doc/40777
Log:
White space fix only. Translators can ignore.
Approved by: bcr (mentor)
Modified:
projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/users/chapter.xml
Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/users/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 14:42:15 2013 (r40776)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/users/chapter.xml Mon Jan 28 15:00:58 2013 (r40777)
@@ -9,7 +9,7 @@
<chapterinfo>
<authorgroup>
<author>
- <firstname>Neil</firstname>
+ <firstname>Neil</firstname>
<surname>Blakey-Milner</surname>
<contrib>Contributed by </contrib>
</author>
@@ -22,22 +22,21 @@
<sect1 id="users-synopsis">
<title>Synopsis</title>
- <para>FreeBSD allows multiple users to use the computer at the same time.
- Obviously, only one of those users can be sitting in front of the screen and
- keyboard at any one time
- <footnote>
- <para>Well, unless you hook up multiple terminals, but we will
- save that for <xref linkend="serialcomms"/>.</para>
- </footnote>, but any number of users can log in through the
- network to get their work done. To use the system every user must have
- an account.</para>
+ <para>FreeBSD allows multiple users to use the computer at the
+ same time. Obviously, only one of those users can be sitting in
+ front of the screen and keyboard at any one time
+ <footnote><para>Well, unless you hook up multiple terminals, but
+ we will save that for <xref linkend="serialcomms"/>.</para>
+ </footnote>, but any number of users can log in through the
+ network to get their work done. To use the system every user
+ must have an account.</para>
<para>After reading this chapter, you will know:</para>
<itemizedlist>
<listitem>
- <para>The differences between the various user accounts on a FreeBSD
- system.</para>
+ <para>The differences between the various user accounts on a
+ FreeBSD system.</para>
</listitem>
<listitem>
@@ -49,18 +48,19 @@
</listitem>
<listitem>
- <para>How to change account details, such as the user's full name, or
- preferred shell.</para>
+ <para>How to change account details, such as the user's full
+ name, or preferred shell.</para>
</listitem>
<listitem>
<para>How to set limits on a per-account basis, to control the
- resources such as memory and CPU time that accounts and groups of
- accounts are allowed to access.</para>
+ resources such as memory and CPU time that accounts and
+ groups of accounts are allowed to access.</para>
</listitem>
<listitem>
- <para>How to use groups to make account management easier.</para>
+ <para>How to use groups to make account management
+ easier.</para>
</listitem>
</itemizedlist>
@@ -81,8 +81,8 @@
processes are run by users, so user and account management are
of integral importance on FreeBSD systems.</para>
- <para>Every account on a FreeBSD system has certain information associated
- with it to identify the account.</para>
+ <para>Every account on a FreeBSD system has certain information
+ associated with it to identify the account.</para>
<variablelist>
<varlistentry>
@@ -90,12 +90,12 @@
<listitem>
<para>The user name as it would be typed at the
- <prompt>login:</prompt> prompt. User names must be unique across
- the computer; you may not have two users with the same
- user name. There are a number of rules for creating valid user
- names, documented in &man.passwd.5;; you would typically use user
- names that consist of eight or fewer all lower case
- characters.</para>
+ <prompt>login:</prompt> prompt. User names must be unique
+ across the computer; you may not have two users with the
+ same user name. There are a number of rules for creating
+ valid user names, documented in &man.passwd.5;; you would
+ typically use user names that consist of eight or fewer
+ all lower case characters.</para>
</listitem>
</varlistentry>
@@ -103,10 +103,10 @@
<term>Password</term>
<listitem>
- <para>Each account has a password associated with it. The password
- may be blank, in which case no password will be required to access
- the system. This is normally a very bad idea; every account
- should have a password.</para>
+ <para>Each account has a password associated with it. The
+ password may be blank, in which case no password will be
+ required to access the system. This is normally a very
+ bad idea; every account should have a password.</para>
</listitem>
</varlistentry>
@@ -114,19 +114,21 @@
<term>User ID (UID)</term>
<listitem>
- <para>The UID is a number, traditionally from 0 to 65535<footnote id="users-largeuidgid">
+ <para>The UID is a number, traditionally from 0 to
+ 65535<footnote id="users-largeuidgid">
<para>It is possible to use UID/GIDs as large as
4294967295, but such IDs can cause serious problems
with software that makes assumptions about the values
of IDs.</para>
- </footnote>, used to uniquely identify
- the user to the system. Internally, FreeBSD uses the UID to
- identify users—any FreeBSD commands that allow you to
- specify a user name will convert it to the UID before working with
- it. This means that you can have several accounts with different
- user names but the same UID. As far as FreeBSD is concerned these
- accounts are one user. It is unlikely you will ever need to do
- this.</para>
+ </footnote>, used to uniquely identify the user to the
+ system. Internally, FreeBSD uses the UID to
+ identify users—any FreeBSD commands that allow
+ you to specify a user name will convert it to the UID
+ before working with it. This means that you can have
+ several accounts with different user names but the
+ same UID. As far as FreeBSD is concerned these
+ accounts are one user. It is unlikely you will ever
+ need to do this.</para>
</listitem>
</varlistentry>
@@ -134,11 +136,13 @@
<term>Group ID (GID)</term>
<listitem>
- <para>The GID is a number, traditionally from 0 to 65535<footnoteref linkend="users-largeuidgid"/>, used to uniquely identify
- the primary group that the user belongs to. Groups are a
- mechanism for controlling access to resources based on a user's
- GID rather than their UID. This can significantly reduce the size
- of some configuration files. A user may also be in more than one
+ <para>The GID is a number, traditionally from 0 to
+ 65535<footnoteref linkend="users-largeuidgid"/>, used to
+ uniquely identify the primary group that the user belongs
+ to. Groups are a mechanism for controlling access to
+ resources based on a user's GID rather than their UID.
+ This can significantly reduce the size of some
+ configuration files. A user may also be in more than one
group.</para>
</listitem>
</varlistentry>
@@ -147,9 +151,9 @@
<term>Login class</term>
<listitem>
- <para>Login classes are an extension to the group mechanism that
- provide additional flexibility when tailoring the system to
- different users.</para>
+ <para>Login classes are an extension to the group mechanism
+ that provide additional flexibility when tailoring the
+ system to different users.</para>
</listitem>
</varlistentry>
@@ -157,10 +161,11 @@
<term>Password change time</term>
<listitem>
- <para>By default FreeBSD does not force users to change their
- passwords periodically. You can enforce this on a per-user basis,
- forcing some or all of your users to change their passwords after
- a certain amount of time has elapsed.</para>
+ <para>By default FreeBSD does not force users to change
+ their passwords periodically. You can enforce this on a
+ per-user basis, forcing some or all of your users to
+ change their passwords after a certain amount of time has
+ elapsed.</para>
</listitem>
</varlistentry>
@@ -168,13 +173,13 @@
<term>Account expiry time</term>
<listitem>
- <para>By default FreeBSD does not expire accounts. If you are
- creating accounts that you know have a limited lifespan, for
- example, in a school where you have accounts for the students,
- then you can specify when the account expires. After the expiry
- time has elapsed the account cannot be used to log in to the
- system, although the account's directories and files will
- remain.</para>
+ <para>By default FreeBSD does not expire accounts. If you
+ are creating accounts that you know have a limited
+ lifespan, for example, in a school where you have accounts
+ for the students, then you can specify when the account
+ expires. After the expiry time has elapsed the account
+ cannot be used to log in to the system, although the
+ account's directories and files will remain.</para>
</listitem>
</varlistentry>
@@ -182,9 +187,10 @@
<term>User's full name</term>
<listitem>
- <para>The user name uniquely identifies the account to FreeBSD, but
- does not necessarily reflect the user's real name. This
- information can be associated with the account.</para>
+ <para>The user name uniquely identifies the account to
+ FreeBSD, but does not necessarily reflect the user's real
+ name. This information can be associated with the
+ account.</para>
</listitem>
</varlistentry>
@@ -192,14 +198,16 @@
<term>Home directory</term>
<listitem>
- <para>The home directory is the full path to a directory on the
- system in which the user will start when logging on to the
- system. A common convention is to put all user home directories
- under
+ <para>The home directory is the full path to a directory on
+ the system in which the user will start when logging on to
+ the system. A common convention is to put all user home
+ directories under
<filename>/home/<replaceable>username</replaceable></filename>
- or <filename>/usr/home/<replaceable>username</replaceable></filename>.
- The user would store their personal files in their home directory,
- and any directories they may create in there.</para>
+ or
+ <filename>/usr/home/<replaceable>username</replaceable></filename>.
+ The user would store their personal files in their home
+ directory, and any directories they may create in
+ there.</para>
</listitem>
</varlistentry>
@@ -207,10 +215,11 @@
<term>User shell</term>
<listitem>
- <para>The shell provides the default environment users use to
- interact with the system. There are many different kinds of
- shells, and experienced users will have their own preferences,
- which can be reflected in their account settings.</para>
+ <para>The shell provides the default environment users use
+ to interact with the system. There are many different
+ kinds of shells, and experienced users will have their own
+ preferences, which can be reflected in their account
+ settings.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -345,26 +354,31 @@
<row>
<entry>&man.adduser.8;</entry>
<entry>The recommended command-line application for adding
- new users.</entry>
+ new users.</entry>
</row>
+
<row>
<entry>&man.rmuser.8;</entry>
<entry>The recommended command-line application for
- removing users.</entry>
+ removing users.</entry>
</row>
+
<row>
<entry>&man.chpass.1;</entry>
- <entry>A flexible tool to change user database information.</entry>
+ <entry>A flexible tool to change user database
+ information.</entry>
</row>
+
<row>
<entry>&man.passwd.1;</entry>
<entry>The simple command-line tool to change user
- passwords.</entry>
+ passwords.</entry>
</row>
+
<row>
<entry>&man.pw.8;</entry>
<entry>A powerful and flexible tool to modify all aspects
- of user accounts.</entry>
+ of user accounts.</entry>
</row>
</tbody>
</tgroup>
@@ -374,21 +388,23 @@
<title><command>adduser</command></title>
<indexterm>
- <primary>accounts</primary>
- <secondary>adding</secondary>
+ <primary>accounts</primary>
+ <secondary>adding</secondary>
</indexterm>
<indexterm>
- <primary><command>adduser</command></primary>
+ <primary><command>adduser</command></primary>
</indexterm>
<indexterm>
- <primary><filename class="directory">/usr/share/skel</filename></primary>
+ <primary><filename
+ class="directory">/usr/share/skel</filename></primary>
</indexterm>
<indexterm><primary>skeleton directory</primary></indexterm>
<para>&man.adduser.8; is a simple program for
adding new users. It creates entries in the system
<filename>passwd</filename> and <filename>group</filename>
files. It will also create a home directory for the new user,
- copy in the default configuration files (<quote>dotfiles</quote>) from
+ copy in the default configuration files
+ (<quote>dotfiles</quote>) from
<filename>/usr/share/skel</filename>, and can optionally mail
the new user a welcome message.</para>
@@ -428,9 +444,9 @@ Goodbye!
</example>
<note>
- <para>The password you type in is not echoed, nor are asterisks
- displayed. Make sure that you do not mistype the password.
- </para>
+ <para>The password you type in is not echoed, nor are
+ asterisks displayed. Make sure that you do not mistype the
+ password.</para>
</note>
</sect2>
@@ -439,13 +455,12 @@ Goodbye!
<indexterm><primary><command>rmuser</command></primary></indexterm>
<indexterm>
- <primary>accounts</primary>
- <secondary>removing</secondary>
+ <primary>accounts</primary>
+ <secondary>removing</secondary>
</indexterm>
- <para>You can use &man.rmuser.8; to
- completely remove a user from the system.
- &man.rmuser.8; performs the following
+ <para>You can use &man.rmuser.8; to completely remove a user
+ from the system. &man.rmuser.8; performs the following
steps:</para>
<procedure>
@@ -453,51 +468,60 @@ Goodbye!
<para>Removes the user's &man.crontab.1; entry (if
any).</para>
</step>
+
<step>
<para>Removes any &man.at.1; jobs belonging to the
user.</para>
</step>
+
<step>
<para>Kills all processes owned by the user.</para>
</step>
+
<step>
<para>Removes the user from the system's local password
file.</para>
</step>
+
<step>
<para>Removes the user's home directory (if it is owned by
the user).</para>
</step>
+
<step>
<para>Removes the incoming mail files belonging to the user
from <filename>/var/mail</filename>.</para>
</step>
+
<step>
<para>Removes all files owned by the user from temporary
- file storage areas such as <filename>/tmp</filename>.</para>
+ file storage areas such as
+ <filename>/tmp</filename>.</para>
</step>
+
<step>
<para>Finally, removes the username from all groups to which
it belongs in <filename>/etc/group</filename>.</para>
- <note>
- <para>If a group becomes empty and the group name is the
- same as the username, the group is removed; this
- complements the per-user unique groups created by
- &man.adduser.8;.</para>
- </note>
+ <note>
+ <para>If a group becomes empty and the group name is the
+ same as the username, the group is removed; this
+ complements the per-user unique groups created by
+ &man.adduser.8;.</para>
+ </note>
</step>
</procedure>
- <para>&man.rmuser.8; cannot be used to remove
- superuser accounts, since that is almost always an indication
- of massive destruction.</para>
+ <para>&man.rmuser.8; cannot be used to remove superuser
+ accounts, since that is almost always an indication of massive
+ destruction.</para>
<para>By default, an interactive mode is used, which attempts to
make sure you know what you are doing.</para>
<example>
- <title><command>rmuser</command> Interactive Account Removal</title>
+ <title><command>rmuser</command> Interactive Account
+ Removal</title>
<screen>&prompt.root; <userinput>rmuser jru</userinput>
Matching password entry:
@@ -534,11 +558,13 @@ Removing files belonging to jru from /va
<note>
<para>You will be asked for your password
- after exiting the editor if you are not the superuser.</para>
+ after exiting the editor if you are not the
+ superuser.</para>
</note>
<example>
- <title>Interactive <command>chpass</command> by Superuser</title>
+ <title>Interactive <command>chpass</command> by
+ Superuser</title>
<screen>#Changing user database information for jru.
Login: jru
@@ -561,7 +587,8 @@ Other information:</screen>
information, and only for themselves.</para>
<example>
- <title>Interactive <command>chpass</command> by Normal User</title>
+ <title>Interactive <command>chpass</command> by Normal
+ User</title>
<screen>#Changing user database information for jru.
Shell: /usr/local/bin/zsh
@@ -579,8 +606,9 @@ Other information:</screen>
&man.ypchfn.1;, and
&man.ypchsh.1;. NIS support is automatic, so
specifying the <literal>yp</literal> before the command is
- not necessary. If this is confusing to you, do not worry, NIS will
- be covered in <xref linkend="network-servers"/>.</para>
+ not necessary. If this is confusing to you, do not worry,
+ NIS will be covered in <xref
+ linkend="network-servers"/>.</para>
</note>
</sect2>
<sect2 id="users-passwd">
@@ -588,16 +616,17 @@ Other information:</screen>
<indexterm><primary><command>passwd</command></primary></indexterm>
<indexterm>
- <primary>accounts</primary>
- <secondary>changing password</secondary>
+ <primary>accounts</primary>
+ <secondary>changing password</secondary>
</indexterm>
<para>&man.passwd.1; is the usual way to
change your own password as a user, or another user's password
as the superuser.</para>
<note>
- <para>To prevent accidental or unauthorized changes, the original
- password must be entered before a new password can be set.</para>
+ <para>To prevent accidental or unauthorized changes, the
+ original password must be entered before a new password can
+ be set.</para>
</note>
<example>
@@ -613,7 +642,8 @@ passwd: done</screen>
</example>
<example>
- <title>Changing Another User's Password as the Superuser</title>
+ <title>Changing Another User's Password as the
+ Superuser</title>
<screen>&prompt.root; <userinput>passwd jru</userinput>
Changing local password for jru.
@@ -634,6 +664,7 @@ passwd: done</screen>
<sect2 id="users-pw">
<title><command>pw</command></title>
+
<indexterm><primary><command>pw</command></primary></indexterm>
<para>&man.pw.8; is a command line utility to create, remove,
@@ -673,35 +704,36 @@ passwd: done</screen>
they
provide a way to quickly check that usage without
calculating it every time. Quotas are discussed in <xref
- linkend="quotas"/>.</para>
+ linkend="quotas"/>.</para>
- <para>The other resource limits include ways to limit the amount of
- CPU, memory, and other resources a user may consume. These are
- defined using login classes and are discussed here.</para>
+ <para>The other resource limits include ways to limit the amount
+ of CPU, memory, and other resources a user may consume. These
+ are defined using login classes and are discussed here.</para>
<indexterm>
<primary><filename>/etc/login.conf</filename></primary>
</indexterm>
<para>Login classes are defined in
<filename>/etc/login.conf</filename>. The precise semantics are
- beyond the scope of this section, but are described in detail in the
- &man.login.conf.5; manual page. It is sufficient to say that each
- user is assigned to a login class (<literal>default</literal> by
- default), and that each login class has a set of login capabilities
- associated with it. A login capability is a
+ beyond the scope of this section, but are described in detail in
+ the &man.login.conf.5; manual page. It is sufficient to say
+ that each user is assigned to a login class
+ (<literal>default</literal> by default), and that each login
+ class has a set of login capabilities associated with it. A
+ login capability is a
<literal><replaceable>name</replaceable>=<replaceable>value</replaceable></literal>
pair, where <replaceable>name</replaceable> is a well-known
identifier and <replaceable>value</replaceable> is an arbitrary
- string processed accordingly depending on the name. Setting up login
- classes and capabilities is rather straight-forward and is also
- described in &man.login.conf.5;.</para>
+ string processed accordingly depending on the name. Setting up
+ login classes and capabilities is rather straight-forward and is
+ also described in &man.login.conf.5;.</para>
<note>
<para>The system does not normally read the configuration in
- <filename>/etc/login.conf</filename> directly, but reads the database
- file <filename>/etc/login.conf.db</filename> which provides
- faster lookups.
- To generate <filename>/etc/login.conf.db</filename> from
+ <filename>/etc/login.conf</filename> directly, but reads the
+ database file <filename>/etc/login.conf.db</filename> which
+ provides faster lookups. To generate
+ <filename>/etc/login.conf.db</filename> from
<filename>/etc/login.conf</filename>, execute the following
command:</para>
@@ -709,230 +741,230 @@ passwd: done</screen>
</note>
<para>Resource limits are different from plain vanilla login
- capabilities in two ways. First, for every limit, there is a soft
- (current) and hard limit. A soft limit may be adjusted by the user
- or application, but may be no higher than the hard limit. The latter
- may be lowered by the user, but never raised. Second, most resource
- limits apply per process to a specific user, not the user as a whole.
- Note, however, that these differences are mandated by the specific
- handling of the limits, not by the implementation of the login
- capability framework (i.e., they are not <emphasis>really</emphasis>
- a special case of login capabilities).</para>
+ capabilities in two ways. First, for every limit, there is a
+ soft (current) and hard limit. A soft limit may be adjusted by
+ the user or application, but may be no higher than the hard
+ limit. The latter may be lowered by the user, but never raised.
+ Second, most resource limits apply per process to a specific
+ user, not the user as a whole. Note, however, that these
+ differences are mandated by the specific handling of the limits,
+ not by the implementation of the login capability framework
+ (i.e., they are not <emphasis>really</emphasis> a special case
+ of login capabilities).</para>
- <para>And so, without further ado, below are the most commonly used
- resource limits (the rest, along with all the other login
+ <para>And so, without further ado, below are the most commonly
+ used resource limits (the rest, along with all the other login
capabilities, may be found in &man.login.conf.5;).</para>
<variablelist>
<varlistentry>
- <term><literal>coredumpsize</literal></term>
+ <term><literal>coredumpsize</literal></term>
<listitem>
- <indexterm><primary>coredumpsize</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>coredumpsize</secondary>
- </indexterm>
- <para>The limit on the size of a core file generated by a program
- is, for obvious reasons, subordinate to other limits on disk
- usage (e.g., <literal>filesize</literal>, or disk quotas).
- Nevertheless, it is often used as a less-severe method of
- controlling disk space consumption: since users do not generate
- core files themselves, and often do not delete them, setting this
- may save them from running out of disk space should a large
- program (e.g., <application>emacs</application>) crash.</para>
+ <indexterm><primary>coredumpsize</primary></indexterm>
+ <indexterm><primary>limiting users</primary>
+ <secondary>coredumpsize</secondary>
+ </indexterm>
+ <para>The limit on the size of a core file generated by a
+ program is, for obvious reasons, subordinate to other
+ limits on disk usage (e.g., <literal>filesize</literal>,
+ or disk quotas). Nevertheless, it is often used as a
+ less-severe method of controlling disk space consumption:
+ since users do not generate core files themselves, and
+ often do not delete them, setting this may save them from
+ running out of disk space should a large program (e.g.,
+ <application>emacs</application>) crash.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>cputime</literal></term>
+ <term><literal>cputime</literal></term>
<listitem>
- <indexterm><primary>cputime</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>cputime</secondary>
- </indexterm>
- <para>This is the maximum amount of CPU time a user's process may
- consume. Offending processes will be killed by the kernel.</para>
-
- <note>
- <para>This is a limit on CPU <emphasis>time</emphasis>
- consumed, not percentage of the CPU as displayed in some
- fields by &man.top.1; and &man.ps.1;. A limit on the
- latter is, at the time of this writing, not possible, and
- would be rather useless: a compiler—probably a
- legitimate task—can easily use almost 100% of a CPU
- for some time.</para>
- </note>
+ <indexterm><primary>cputime</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>cputime</secondary>
+ </indexterm>
+ <para>This is the maximum amount of CPU time a user's
+ process may consume. Offending processes will be killed
+ by the kernel.</para>
+
+ <note>
+ <para>This is a limit on CPU <emphasis>time</emphasis>
+ consumed, not percentage of the CPU as displayed in
+ some fields by &man.top.1; and &man.ps.1;. A limit on
+ the latter is, at the time of this writing, not
+ possible, and would be rather useless: a
+ compiler—probably a legitimate task—can
+ easily use almost 100% of a CPU for some time.</para>
+ </note>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>filesize</literal></term>
+ <term><literal>filesize</literal></term>
<listitem>
- <indexterm><primary>filesize</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>filesize</secondary>
- </indexterm>
- <para>This is the maximum size of a file the user may possess.
- Unlike <link linkend="quotas">disk quotas</link>, this limit is
- enforced on individual files, not the set of all files a user
- owns.</para>
+ <indexterm><primary>filesize</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>filesize</secondary>
+ </indexterm>
+ <para>This is the maximum size of a file the user may
+ possess. Unlike <link linkend="quotas">disk
+ quotas</link>, this limit is enforced on individual
+ files, not the set of all files a user owns.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>maxproc</literal></term>
+ <term><literal>maxproc</literal></term>
<listitem>
- <indexterm><primary>maxproc</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>maxproc</secondary>
- </indexterm>
+ <indexterm><primary>maxproc</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>maxproc</secondary>
+ </indexterm>
<para>This is the maximum number of processes a user may be
- running. This includes foreground and background processes
- alike. For obvious reasons, this may not be larger than the
- system limit specified by the <varname>kern.maxproc</varname>
- &man.sysctl.8;. Also note that setting this
- too small may hinder a
- user's productivity: it is often useful to be logged in
- multiple times or execute pipelines. Some tasks, such as
- compiling a large program, also spawn multiple processes (e.g.,
- &man.make.1;, &man.cc.1;, and other intermediate
+ running. This includes foreground and background
+ processes alike. For obvious reasons, this may not be
+ larger than the system limit specified by the
+ <varname>kern.maxproc</varname> &man.sysctl.8;. Also note
+ that setting this too small may hinder a user's
+ productivity: it is often useful to be logged in multiple
+ times or execute pipelines. Some tasks, such as
+ compiling a large program, also spawn multiple processes
+ (e.g., &man.make.1;, &man.cc.1;, and other intermediate
preprocessors).</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>memorylocked</literal></term>
+ <term><literal>memorylocked</literal></term>
<listitem>
- <indexterm><primary>memorylocked</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>memorylocked</secondary>
- </indexterm>
+ <indexterm><primary>memorylocked</primary></indexterm>
+ <indexterm>
+ <primary>limiting users</primary>
+ <secondary>memorylocked</secondary>
+ </indexterm>
<para>This is the maximum amount a memory a process may have
requested to be locked into main memory (e.g., see
&man.mlock.2;). Some system-critical programs, such as
- &man.amd.8;, lock into main memory such that in the event
+ &man.amd.8;, lock into main memory such that in the event
of being swapped out, they do not contribute to
a system's thrashing in time of trouble.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>memoryuse</literal></term>
+ <term><literal>memoryuse</literal></term>
<listitem>
- <indexterm><primary>memoryuse</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>memoryuse</secondary>
- </indexterm>
- <para>This is the maximum amount of memory a process may consume
- at any given time. It includes both core memory and swap
- usage. This is not a catch-all limit for restricting memory
- consumption, but it is a good start.</para>
+ <indexterm><primary>memoryuse</primary></indexterm>
+ <indexterm><primary>limiting users</primary>
+ <secondary>memoryuse</secondary>
+ </indexterm>
+ <para>This is the maximum amount of memory a process may
+ consume at any given time. It includes both core memory and
+ swap usage. This is not a catch-all limit for restricting
+ memory consumption, but it is a good start.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>openfiles</literal></term>
+ <term><literal>openfiles</literal></term>
<listitem>
- <indexterm><primary>openfiles</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>openfiles</secondary>
- </indexterm>
+ <indexterm><primary>openfiles</primary></indexterm>
+ <indexterm><primary>limiting users</primary>
+ <secondary>openfiles</secondary>
+ </indexterm>
<para>This is the maximum amount of files a process may have
- open. In FreeBSD, files are also used to represent sockets and
- IPC channels; thus, be careful not to set this too low. The
- system-wide limit for this is defined by the
+ open. In FreeBSD, files are also used to represent
+ sockets and IPC channels; thus, be careful not to set this
+ too low. The system-wide limit for this is defined by the
<varname>kern.maxfiles</varname> &man.sysctl.8;.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>sbsize</literal></term>
+ <term><literal>sbsize</literal></term>
<listitem>
- <indexterm><primary>sbsize</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>sbsize</secondary>
- </indexterm>
- <para>This is the limit on the amount of network memory, and thus
- mbufs, a user may consume. This originated as a response to an
- old DoS attack by creating a lot of sockets, but can be
- generally used to limit network communications.</para>
+ <indexterm><primary>sbsize</primary></indexterm>
+ <indexterm><primary>limiting users</primary>
+ <secondary>sbsize</secondary>
+ </indexterm>
+ <para>This is the limit on the amount of network memory, and
+ thus mbufs, a user may consume. This originated as a
+ response to an old DoS attack by creating a lot of
+ sockets, but can be generally used to limit network
+ communications.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><literal>stacksize</literal></term>
+ <term><literal>stacksize</literal></term>
<listitem>
- <indexterm><primary>stacksize</primary></indexterm>
- <indexterm>
- <primary>limiting users</primary>
- <secondary>stacksize</secondary>
- </indexterm>
+ <indexterm><primary>stacksize</primary></indexterm>
+ <indexterm><primary>limiting users</primary>
+ <secondary>stacksize</secondary>
+ </indexterm>
<para>This is the maximum size a process' stack may grow to.
- This alone is not sufficient to limit the amount of memory a
- program may use; consequently, it should be used in conjunction
- with other limits.</para>
+ This alone is not sufficient to limit the amount of memory
+ a program may use; consequently, it should be used in
+ conjunction with other limits.</para>
</listitem>
</varlistentry>
</variablelist>
- <para>There are a few other things to remember when setting resource
- limits. Following are some general tips, suggestions, and
- miscellaneous comments.</para>
+ <para>There are a few other things to remember when setting
+ resource limits. Following are some general tips, suggestions,
+ and miscellaneous comments.</para>
<itemizedlist>
<listitem>
- <para>Processes started at system startup by
- <filename>/etc/rc</filename> are assigned to the
- <literal>daemon</literal> login class.</para>
+ <para>Processes started at system startup by
+ <filename>/etc/rc</filename> are assigned to the
+ <literal>daemon</literal> login class.</para>
</listitem>
<listitem>
- <para>Although the <filename>/etc/login.conf</filename> that comes
- with the system is a good source of reasonable values for most
- limits, only you, the administrator, can know what is appropriate
- for your system. Setting a limit too high may open your system
- up to abuse, while setting it too low may put a strain on
- productivity.</para>
+ <para>Although the <filename>/etc/login.conf</filename> that
+ comes with the system is a good source of reasonable values
+ for most limits, only you, the administrator, can know what
+ is appropriate for your system. Setting a limit too high
+ may open your system up to abuse, while setting it too low
+ may put a strain on productivity.</para>
</listitem>
<listitem>
- <para>Users of the X Window System (X11) should probably be granted
- more resources than other users. X11 by itself takes a lot of
- resources, but it also encourages users to run more programs
- simultaneously.</para>
+ <para>Users of the X Window System (X11) should probably be
+ granted more resources than other users. X11 by itself
+ takes a lot of resources, but it also encourages users to
+ run more programs simultaneously.</para>
</listitem>
<listitem>
- <para>Remember that many limits apply to individual processes, not
- the user as a whole. For example, setting
- <varname>openfiles</varname> to 50 means
- that each process the user runs may open up to 50 files. Thus,
- the gross amount of files a user may open is the value of
- <literal>openfiles</literal> multiplied by the value of
- <literal>maxproc</literal>. This also applies to memory
- consumption.</para>
+ <para>Remember that many limits apply to individual processes,
+ not the user as a whole. For example, setting
+ <varname>openfiles</varname> to 50 means that each process
+ the user runs may open up to 50 files. Thus, the gross
+ amount of files a user may open is the value of
+ <literal>openfiles</literal> multiplied by the value of
+ <literal>maxproc</literal>. This also applies to memory
+ consumption.</para>
</listitem>
</itemizedlist>
- <para>For further information on resource limits and login classes and
- capabilities in general, please consult the relevant manual pages:
- &man.cap.mkdb.1;, &man.getrlimit.2;, &man.login.conf.5;.</para>
+ <para>For further information on resource limits and login classes
+ and capabilities in general, please consult the relevant manual
+ pages: &man.cap.mkdb.1;, &man.getrlimit.2;,
+ &man.login.conf.5;.</para>
</sect1>
<sect1 id="users-groups">
@@ -947,27 +979,28 @@ passwd: done</screen>
<secondary>groups</secondary>
</indexterm>
<para>A group is simply a list of users. Groups are identified by
- their group name and GID (Group ID). In FreeBSD (and most other &unix; like
- systems), the two factors the kernel uses to decide whether a process
- is allowed to do something is its user ID and list of groups it
- belongs to. Unlike a user ID, a process has a list of groups
- associated with it. You may hear some things refer to the <quote>group ID</quote>
- of a user or process; most of the time, this just means the first
- group in the list.</para>
+ their group name and GID (Group ID). In FreeBSD (and most other
+ &unix; like systems), the two factors the kernel uses to decide
+ whether a process is allowed to do something is its user ID and
+ list of groups it belongs to. Unlike a user ID, a process has a
+ list of groups associated with it. You may hear some things
+ refer to the <quote>group ID</quote> of a user or process; most
+ of the time, this just means the first group in the list.</para>
<para>The group name to group ID map is in
- <filename>/etc/group</filename>. This is a plain text file with four
- colon-delimited fields. The first field is the group name, the
- second is the encrypted password, the third the group ID, and the
- fourth the comma-delimited list of members. It can safely be edited
- by hand (assuming, of course, that you do not make any syntax
- errors!). For a more complete description of the syntax, see the
- &man.group.5; manual page.</para>
+ <filename>/etc/group</filename>. This is a plain text file with
+ four colon-delimited fields. The first field is the group name,
+ the second is the encrypted password, the third the group ID,
+ and the fourth the comma-delimited list of members. It can
+ safely be edited by hand (assuming, of course, that you do not
+ make any syntax errors!). For a more complete description of
+ the syntax, see the &man.group.5; manual page.</para>
<para>If you do not want to edit <filename>/etc/group</filename>
- manually, you can use the &man.pw.8; command to add and edit groups.
- For example, to add a group called <groupname>teamtwo</groupname> and
- then confirm that it exists you can use:</para>
+ manually, you can use the &man.pw.8; command to add and edit
+ groups. For example, to add a group called
+ <groupname>teamtwo</groupname> and then confirm that it exists
+ you can use:</para>
<example>
<title>Adding a Group Using &man.pw.8;</title>
@@ -977,14 +1010,16 @@ passwd: done</screen>
teamtwo:*:1100:</screen>
</example>
- <para>The number <literal>1100</literal> above is the group ID of the
- group <groupname>teamtwo</groupname>. Right now,
- <groupname>teamtwo</groupname> has no members, and is thus rather
- useless. Let's change that by inviting <username>jru</username> to
- the <groupname>teamtwo</groupname> group.</para>
+ <para>The number <literal>1100</literal> above is the group ID of
+ the group <groupname>teamtwo</groupname>. Right now,
+ <groupname>teamtwo</groupname> has no members, and is thus
+ rather useless. Let's change that by inviting
+ <username>jru</username> to the <groupname>teamtwo</groupname>
+ group.</para>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-projects
mailing list