On Thu, Nov 28, 2013 at 04:59:30PM -0700, Warren Block wrote:
> ...
> > ...
> > So, next, I am to adapt current two patches to the new location:
> > basics chapter :-/
>
> I thought some of that looked familiar. My apologies, I just did a big
> whitespace cleanup to the basics chapter.
/* Well, a $subject was changed a bit... */
I'd like to introduce some corrections to "Users and Basic Account
Management" subchapter of "UNIX Basics" chapter of our Handbook.
Patches, that follow, summarize all the previous discussion and add
lost chunk of text ("Becoming Superuser") to handbook/basics chapter.
--
WBR, Taras Korenko
Index: en_US.ISO8859-1/books/handbook/basics/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/basics/chapter.xml (revision 43259)
+++ en_US.ISO8859-1/books/handbook/basics/chapter.xml (working copy)
@@ -428,8 +428,7 @@
<listitem>
<para>The user name is typed at the
- <prompt>login:</prompt> prompt. User names must be
- unique on the system as no two users can have the same
+ <prompt>login:</prompt> prompt. Each user must have a unique
user name. There are a number of rules for creating
valid user names which are documented in
&man.passwd.5;. It is recommended to use user names
@@ -443,9 +442,7 @@
<term>Password</term>
<listitem>
- <para>Each user account should have an associated
- password. While the password can be blank, this is
- highly discouraged.</para>
+ <para>Each account has an associated password.</para>
</listitem>
</varlistentry>
@@ -496,9 +493,8 @@
<term>Password change time</term>
<listitem>
- <para>By default, &os; does not force users to change
- their passwords periodically. Password expiration can
- be enforced on a per-user basis using &man.pw.8;,
+ <para>By default, passwords do not expire. However, password
+ expiration can be enabled on a per-user basis,
forcing some or all users to change their passwords
after a certain amount of time has elapsed.</para>
</listitem>
@@ -868,7 +864,7 @@
<para>When passed no options, aside from an optional username,
&man.chpass.1; displays an editor containing user
- information. When the user exists from the editor, the user
+ information. When the user exits from the editor, the user
database is updated with the new information.</para>
<note>
@@ -1165,8 +1161,8 @@
&man.sysctl.8;. Setting this limit too small may hinder
a user's productivity as it is often useful to be logged
in multiple times or to execute pipelines. Some tasks,
- such as compiling a large program, spawn multiple
- processes and other intermediate preprocessors.</para>
+ such as compiling a large program, start lots of
+ processes.</para>
</listitem>
</varlistentry>
@@ -1241,7 +1237,7 @@
<primary>limiting users</primary>
<secondary>sbsize</secondary>
</indexterm>,
- a user may consume in order to limit network
+ a user may consume. This can be generally used to limit network
communications.</para>
</listitem>
</varlistentry>
@@ -1395,7 +1391,7 @@
<para>In this example, the argument to <option>-m</option> is a
comma-delimited list of users who are to be added to the
group. Unlike the previous example, these users are appended
- to the group list and do not replace the list of existing
+ to the group and do not replace existing
users in the group.</para>
<example>
Index: en_US.ISO8859-1/books/handbook/basics/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/basics/chapter.xml (revision 43259)
+++ en_US.ISO8859-1/books/handbook/basics/chapter.xml (working copy)
@@ -1410,6 +1410,50 @@
<filename>/etc/group</filename>, refer to &man.pw.8; and
&man.group.5;.</para>
</sect2>
+
+ <sect2 xml:id="users-becomesuper">
+ <title>Becoming Superuser</title>
+
+ <para>There are several ways to do things as the superuser. The
+ worst way is to log in as <systemitem class="username">root</systemitem>
+ directly. Very little activity requires superuser privileges,
+ so logging off and logging in as <systemitem class="username">root</systemitem>,
+ performing tasks, then logging off and on again as a normal user
+ is a waste of time.</para>
+
+ <para>A better way is to use &man.su.1; without providing a login
+ but using <literal>-</literal> to inherit the root environment.
+ Not providing a user name will imply superuser. For this to work
+ the current user must belong to the <systemitem class="groupname">wheel</systemitem> group.
+ An example of a typical software installation would involve the
+ administrator unpacking the software as a normal user and then
+ elevating their privileges for the build and installation of
+ the software.</para>
+
+ <example>
+ <title>Install a Program As The Superuser</title>
+
+ <screen>&prompt.user; <userinput>configure</userinput>
+&prompt.user; <userinput>make</userinput>
+&prompt.user; <userinput>su -</userinput>
+Password:
+&prompt.root; <userinput>make install</userinput>
+&prompt.root; <userinput>exit</userinput>
+&prompt.user;</screen>
+ </example>
+
+ <para>Note in this example the transition to
+ <systemitem class="username">root</systemitem> is less painful than
+ logging off and back on twice.</para>
+
+ <para>&man.su.1; works well for single systems or small networks with
+ just one system administrator. For more complex environments,
+ <command>sudo</command> is useful. It is available as a
+ <package>security/sudo</package> package or port.
+ <command>sudo</command> provides activity logging, granting users
+ the ability to only run certain commands as the superuser, and several
+ other options.</para>
+ </sect2>
</sect1>
<sect1 xml:id="permissions">
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "[email protected]"
