------------------------------------------------------------
revno: 3652
committer: Jim Campbell <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Wed 2008-01-23 18:30:59 -0600
message:
update from several other contributors
modified:
generic/server/C/security.xml
ubuntu/config-desktop/C/config-desktop.xml
ubuntu/desktop-effects/C/desktop-effects.xml
ubuntu/hardware/C/hardware.xml
ubuntu/libs/gnome-menus-C.ent
------------------------------------------------------------
revno: 3651.1.3
committer: Adam Sommer <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Mon 2008-01-21 12:38:35 -0500
message:
Patch by Gilbert Mendoza.
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.3.2
committer: Gilbert Mendoza <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 21:00:30 -0800
message:
Updated new sections with a status of review
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.3.1
committer: Gilbert Mendoza <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 20:54:49 -0800
message:
Added Console Security section, and corrected minor typo
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.1.2
committer: Adam Sommer <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 17:49:51 -0500
message:
Patch by Gilbert Mendoza.
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.2.2
committer: Gilbert Mendoza <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 09:38:16 -0800
message:
Added Security narrative and user management section
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.2.1
committer: Gilbert Mendoza <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 09:04:56 -0800
message:
Added Security narrative and user management section
modified:
generic/server/C/security.xml
------------------------------------------------------------
revno: 3651.1.1
committer: Phil Bull <[EMAIL PROTECTED]>
branch nick: ubuntu-hardy
timestamp: Sun 2008-01-20 13:22:51 +0000
message:
Applied patch from Joel Goguen (closes #150641). Made other small
improvements to visual effects docs
modified:
ubuntu/config-desktop/C/config-desktop.xml
ubuntu/desktop-effects/C/desktop-effects.xml
ubuntu/hardware/C/hardware.xml
ubuntu/libs/gnome-menus-C.ent
=== modified file 'generic/server/C/security.xml'
--- a/generic/server/C/security.xml 2007-12-20 19:34:16 +0000
+++ b/generic/server/C/security.xml 2008-01-21 05:00:30 +0000
@@ -13,17 +13,322 @@
%xinclude;
<!ENTITY language "&EnglishAmerican;">
]>
- <chapter id="security" status="complete">
- <title>Security</title>
+<chapter id="security" status="review">
+ <title>Security</title>
+ <para>
+ Security should always be considered when installing, deploying, and
using any type of computer system. Although a fresh installation of Ubuntu is
relatively safe for immediate use on the Internet, it is important to have a
balanced understanding of your systems security posture based on how it will be
used after deployment.
+ </para>
+ <para>
+ This chapter provides an overview of security related topics as they
pertain to Ubuntu 8.04 Server Edition, and outlines simple measures you may use
to protect your server and network from any number of potential security
threats.
+ </para>
+ <sect1 id="user-management" status="review">
+ <title>User Management</title>
+ <para>
+ User management is a critical part of maintaining a secure system.
Ineffective user and privilege management often lead many systems into being
compromised. Therefore, it is important that you understand how you can
protect your server through simple and effective user account management
techniques.
+ </para>
+ <sect2 id="where-is-root" status="review">
+ <title>Where is root?</title>
+ <para>
+ Ubuntu developers made a conscientious decision to disable the
administrative root account by default in all Ubuntu installations. This does
not mean that the root account has been deleted or that it may not be accessed.
It merely has been given a password which matches no possible encrypted value,
therefore may not log in directly by itself.
+ </para>
+ <para>
+ Instead, users are encouraged to make use of a tool by the name of
<application>sudo</application> to carry out system administrative duties.
<application>Sudo</application> allows an authorized user to temporarily
elevate their privileges using their own password instead of having to know the
password belonging to the root account. This simple yet effective methodology
provides accountability for all user actions, and gives the administrator
granular control over which actions a user can perform with said privileges.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ If for some reason you wish to enable the root account, simply
give it a password:
+ </para>
+<screen><command>$ sudo passwd
+[sudo] password for username: (enter your own password)
+Enter new UNIX password: (enter a new password for root)
+Retype new UNIX password: (repeat new password for root)
+passwd: password updated successfully</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To disable the root account, use the following passwd syntax:
+ </para>
+<screen><command>$ sudo passwd -l root
+Password changed.</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ You should read more on <application>Sudo</application> by
checking out it's man page:
+ </para>
+<screen><command>$ man sudo</command></screen>
+ </listitem>
+ </itemizedlist>
+ <para>
+ By default, the initial user created by the Ubuntu installer is
a member of the group "admin" which is added to /etc/sudoers as an authorized
sudo user. If you wish to give any other account full root access through
sudo, simply add them to the admin group.
+ </para>
+ </sect2>
+
+ <sect2 id="adding-deleting-users" status="review">
+ <title>Adding and Deleting Users</title>
+ <para>
+ The process for managing local users and groups is straight forward and
differs very little from most other GNU/Linux operating systems. Ubuntu and
other Debian based distributions, encourage the use of the "adduser" package
for account management.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ To add a user account, use the following syntax, and follow the
prompts to give the account a password and identifiable characteristics such as
a full name, phone number, etc.
+ </para>
+<screen><command>$ sudo adduser username</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To delete a user account and its primary group, use the
following syntax:
+ </para>
+<screen><command>$ sudo deluser username</command></screen>
+ <para>
+ Deleting an account does not remove their respective home
folder. It is up to you whether or not you wish to delete the folder manually
or keep it according to your desired retention policies.
+ </para>
+ <para>
+ Remember, any user added later on with the same UID/GID as the
previous owner will now have access to this folder if you have not taken the
necessary precautions.
+ </para>
+ <para>
+ You may want to change these UID/GID values to something more
appropriate, such as the root account, and perhaps even relocate the folder to
avoid future conflicts:
+ </para>
+<screen><command>$ sudo chown -R root:root /home/username/
+$ sudo mkdir /home/archived_users/
+$ sudo mv /home/username /home/archived_users/</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To temporarily lock or unlock a user account, use the following
syntax, respectively:
+ </para>
+<screen><command>$ sudo passwd -l username
+$ sudo passwd -u username</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To add or delete a personalized group, use the following
syntax, respectively:
+ </para>
+<screen><command>$ sudo addgroup groupname
+$ sudo delgroup groupname</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To add a user to a group, use the following syntax:
+ </para>
+<screen><command>$ sudo usermod -a -G groupname username</command></screen>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2 id="user-profile-security" status="review">
+ <title>User Profile Security</title>
+ <para>
+ When a new user is created, the adduser utility creates a brand new
home directory named <emphasis>/home/username</emphasis>, respectively. The
default profile is modeled after the contents found in
<emphasis>/etc/skel</emphasis>, which includes all profile basics.
+ </para>
+ <para>
+ If your server will be home to multiple users, you should pay close
attention to the user home directory permissions to ensure confidentiality. By
default, user home directories in Ubuntu are created with world read/execute
permissions. This means that all users can browse and access the contents of
other users home directories. This may not be suitable for your environment.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ To verify your current users home directory permissions, use
the following syntax:
+ </para>
+<screen><command>$ ls -ld /home/username
+drwxr-xr-x 2 username username 4096 2007-10-02 20:03
username</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To properly correct the above permissions, remove world
readable permissions from the users parent directory using the following syntax:
+ </para>
+<screen><command>$ sudo chmod 0750 /home/username</command></screen>
+ <note>
+ <para>
+ Some people tend to use the recursive option (-R)
indiscriminately which modifies all child folders and files, but this is not
necessary, and may yield other undesirable results. The parent directory alone
is sufficient for preventing unauthorized access to anything below the parent.
+ </para>
+ </note>
+ <para>
+ A much more efficient approach to the matter would be to modify
the <application>adduser</application> global default permissions when creating
user home folders. Simply edit the file /etc/adduser.conf and modify the
DIR_MODE variable to something appropriate, so that all new home directories
will receive the correct permissions.
+ </para>
+<screen><command>DIR_MODE=0750</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ After correcting the directory permissions using any of the
previously mentioned techniques, verify the permissions using the following
syntax:
+ </para>
+<screen><command>$ ls -ld /home/username
+drwxr-x--- 2 username username 4096 2007-10-02 20:03
username</command></screen>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+
+ <sect2 id="password-policy" status="review">
+ <title>Password Policy</title>
+ <para>
+ A strong password policy is one of the most important aspects of your
security posture. Many successful security breaches involve simple brute force
and dictionary attacks against weak passwords. If you intend to offer any form
of remote access involving your local password system, make sure you adequately
address minimum password complexity requirements, maximum password lifetimes,
and frequent audits of your authentication systems.
+ </para>
+ <sect3 id="minimum-password-length" status="review">
+ <title>Minimum Password Length</title>
+ <para>
+ By default, Ubuntu requires a minimum password length of 4 characters,
as well as some basic entropy checks. These values are controlled in the file
/etc/pam.d/common-password, which is outlined below.
+ </para>
+<screen><command>password required pam_unix.so nullok obscure min=4 max=8
md5</command></screen>
+ <para>
+If you would like to adjust the minimum length to 6 characters, change the
appropriate variable to min=6. The modification is outlined below.
+ </para>
+<screen><command>password required pam_unix.so nullok obscure min=6 max=8
md5</command></screen>
+ <note>
+ <para>
+ The max=8 variable does not represent the maximum length of a password.
It only means that complexity requirements will not be checked on passwords
over 8 characters. You may want to look at the
<application>libpam-cracklib</application> package for additional password
entropy assistance.
+ </para>
+ </note>
+ </sect3>
+ <sect3 id="password-expiration" status="review">
+ <title>Password Expiration</title>
+ <para>
+ When creating user accounts, you should make it a policy to have a
minimum and maximum password age forcing users to change their passwords when
they expire.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ To easily view the current status of a user account, use the
following syntax:
+ </para>
+<screen><command>$ sudo chage -l username
+Last password change : Jan 20, 2008
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 99999
+Number of days of warning before password expires : 7</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To set any of these values, simply use the following syntax,
and follow the interactive prompts:
+ </para>
+<screen><command>$ sudo chage username</command></screen>
+ <para>
+ The following is an example of how you can change an accounts
explicit expiration date (-E) to 01/31/2008, minimum passsword age (-m) of 5
days, maximum password age (-M) of 90 days, inactivity period (-I) of 5 days
after password expiration, and a warning time period (-W) of 14 days before
password expiration.
+ </para>
+<screen><command>$ sudo chage -E 01/31/2008 -m 5 -M 90 -I 30 -W 14
username</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To verify changes, use the same syntax as mentioned previously:
+ </para>
+<screen><command>$ sudo chage -l username
+Last password change : Jan 20, 2008
+Password expires : Apr 19, 2008
+Password inactive : May 19, 2008
+Account expires : Jan 31, 2008
+Minimum number of days between password change : 5
+Maximum number of days between password change : 90
+Number of days of warning before password expires : 14</command></screen>
+ </listitem>
+ </itemizedlist>
+ </sect3>
+
+ </sect2>
+
+
+ <sect2 id="other-security-considerations" status="review">
+ <title>Other Security Considerations</title>
+ <para>
+ Many applications use alternate authentication mechanisms that can be
easily overlooked by even experienced system administrators. Therefore, it is
important to understand and control how users authenticate and gain access to
services and applications on your server.
+ </para>
+
+ <sect3 id="ssh-access-by-disabled-users" status="review">
+ <title>SSH Access by Disabled Users</title>
+ <para>
+ Simply disabling/locking a user account will not prevent a user from
logging into your server remotely if they have previously set up RSA public key
authentication. They will still be able to gain shell access to the server,
without the need for any password. Remember to check the users home directory
for files that will allow for this type of authenticated SSH access. e.g.
/home/username/.ssh/authorized_keys.
+ </para>
+ <para>
+ Remove or rename the .ssh directory of the user to prevent further SSH
authentication.
+ </para>
+ <para>
+ Be sure to check for any established SSH connections by the disabled
user, as it is possible they may have existing inbound or outbound connections.
Kill any that are found.
+ </para>
+ <para>
+ Restrict SSH access to only user accounts that should have it. You
might want to create a group called "sshlogin" and add it to the value
associated with the "AllowGroups" variable in /etc/ssh/sshd_config. Then add
your permitted SSH users to this group using the steps outlined earlier in this
document.
+ </para>
+ </sect3>
+ <sect3 id="external-db-auth" status="review">
+ <title>External User Database Authentication</title>
+ <para>
+ Most enterprise networks require centralized authentication and access
controls for all system resources. If you have configured your server to
authenticate users against external databases, be sure to disable the user
accounts both externally and locally, this way you ensure that local fallback
authentication is not possible.
+ </para>
+ </sect3>
+ </sect2>
+ </sect1>
+
+
+ <sect1 id="console-security" status="review">
+ <title>Console Security</title>
+ <para>
+ As with any other security barrier you put in place to protect your
server, it is pretty tough to defend against untold damage caused by someone
with physical access to your environment. e.g. Theft of hard drives, power or
service disruption, etc. Therefore, console security should be addressed
merely as one component of your overall physical security strategy. A locked
"screen door" may deter a casual criminal, or at the very least slow down a
determined one, so it is still advisable to perform basic precautions with
regard to console security.
+ </para>
+ <para>
+ The following sections will limit a persons ability to perform some
fairly simple attacks against your server that could yield very serious
consequences.
+ </para>
+
+ <sect2 id="disable-ctrl-alt-delete" status="review">
+ <title>Disable CTRL+ALT+Delete</title>
+ <para>
+ First and foremost, anyone that has physical access to the keyboard can
simply use the Ctrl+Alt+Delete key combination to reboot the server without
having to log on. Sure, someone could simply unplug the power source, but you
should still prevent the use of this key combination on a production server.
This forces an attacker to take more drastic measures to reboot the server, and
will prevent accidental reboots at the same time.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ To disable the reboot action taken by pressing the
Ctrl+Alt+Delete key combination, comment out the following line in the file
<emphasis>/etc/event.d/control-alt-delete</emphasis>.
+ </para>
+<screen><command>#exec /sbin/shutdown -r now "Control-Alt-Delete
pressed"</command></screen>
+ </listitem>
+ </itemizedlist>
+ </sect2>
+ <sect2 id="grub-password-security" status="review">
+ <title>GRUB Password Security</title>
+ <para>
+ Ubuntu installs GNU GRUB as its default boot loader, which allows for
great flexibility and recovery options. For example, when you install
additional kernel images, these are automatically added as available boot
options in the grub menu. Also, by default, alternate boot options are
available for each kernel entry that may be used for system recovery, aptly
labeled (recovery mode). Recovery mode simply boots the corresponding kernel
image into single user mode (init 1), which lands the administrator at a root
prompt without the need for any password.
+ </para>
+ <para>
+ Therefore, it is important to control who may edit the grub menu items
to, <emphasis>(a)</emphasis> pass kernel options at boot up, and
<emphasis>(b)</emphasis> boot the server into single user mode. You can do
this by simply adding a password to grubs configuration file
<emphasis>/boot/grub/menu.lst</emphasis>, which will be required to unlock
grubs more advanced features prior to use.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ To add a password for use with grub, first you must generate an
md5 password hash using the <application>grub-md5-crypt</application> utility:
+ </para>
+<screen><command>$ grub-md5-crypt
+Password: (enter new password)
+Retype password: (repeat password)
+$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ Add the resulting hash value to
<emphasis>/etc/grub/menu.lst</emphasis> in the following format:
+ </para>
+<screen><command>password --md5
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0</command></screen>
+ </listitem>
+ <listitem>
+ <para>
+ To require the use of the password for entering single user
mode, change the <emphasis>"lockalterntive"</emphasis> value in
<emphasis>/boot/grub/menu.lst</emphasis> to <emphasis>"true"</emphasis>.
+ </para>
+<screen><command># lockalternative=true</command></screen>
+ </listitem>
+ </itemizedlist>
+ <note>
+ <para>
+ This does not prevent someone from booting the server from alternate
media. A determined attacker would simply boot into an alternate environment,
overwrite your master boot record, mount or copy your physical volumes, destroy
your data, or anything else they can imagine. Please explore other
countermeasures that may help you with these types of attacks.
+ </para>
+ </note>
+ </sect2>
+ </sect1>
+
+ <sect1 id="firewall" status="review">
+ <title>Firewall</title>
+ <sect2 id="firewall-introduction" status="review">
+ <title>Firewall Introduction</title>
<para>
The Linux kernel includes the <emphasis>Netfilter</emphasis>
subsystem,
which is used to manipulate or decide the fate of
network traffic headed into or through
your server. All modern Linux firewall solutions use
this system for packet filtering.
</para>
- <sect1 id="firewall" status="review">
- <title>Firewall</title>
- <sect2 id="firewall-introduction" status="complete">
- <title>Firewall Introduction</title>
<para>
The kernel's packet filtering system would be of little use to
administrators without
a userspace interface to manage it. This is the
purpose of iptables. When a packet
=== modified file 'ubuntu/config-desktop/C/config-desktop.xml'
--- a/ubuntu/config-desktop/C/config-desktop.xml 2007-08-17 22:47:28
+0000
+++ b/ubuntu/config-desktop/C/config-desktop.xml 2008-01-20 13:22:51
+0000
@@ -41,7 +41,7 @@
<listitem>
<para>
<ulink type="help" url="ghelp:desktop-effects">
- Desktop Effects
+ Visual Effects
</ulink>
</para>
</listitem>
=== modified file 'ubuntu/desktop-effects/C/desktop-effects.xml'
--- a/ubuntu/desktop-effects/C/desktop-effects.xml 2007-08-19 11:10:10
+0000
+++ b/ubuntu/desktop-effects/C/desktop-effects.xml 2008-01-20 13:22:51
+0000
@@ -14,12 +14,12 @@
]>
<article id="desktop-effects" status="complete">
<articleinfo>
- <title>Desktop Effects</title>
+ <title>Visual Effects</title>
&legalnotice;
</articleinfo>
<sect1 id="compiz-intro" status="review">
- <title>What are Desktop Effects?</title>
- <para>Ubuntu includes special desktop effects, which
are intended to make your desktop more fun and easier to use. These
include:</para>
+ <title>What are visual effects?</title>
+ <para>Ubuntu includes special visual effects which are
intended to make your desktop more fun and easier to use. These include:</para>
<itemizedlist>
<listitem>
<para>Translucent windows</para>
@@ -34,27 +34,27 @@
<para>Motion effects and
animations</para>
</listitem>
</itemizedlist>
- <para>Desktop effects are enabled by default, but it is
not necessary to have them turned on. In addition, users of computers with
certain graphics cards may find that desktop effects do not work well on their
computer, or cause the computer to operate more slowly than it would with the
effects turned off.</para>
+ <para>Visual effects are enabled by default, but it is
not necessary to have them turned on. In addition, users of computers with
certain graphics cards may find that visual effects do not work well on their
computer, or cause the computer to operate more slowly than it would with the
effects turned off.</para>
</sect1>
<sect1 id="compiz-configure" status="review">
- <title>Configuring Desktop Effects</title>
- <para>Press &desktop-effects; to change basic options relating
to desktop effects.</para>
+ <title>Configuring visual effects</title>
+ <para>Press &desktop-effects; to change basic options relating
to visual effects.</para>
<itemizedlist>
<listitem>
- <para>Select <guilabel>No effects</guilabel> to disable
desktop effects.</para>
- </listitem>
- <listitem>
- <para>Select <guilabel>Normal effects</guilabel> to
enable basic desktop effects.</para>
- </listitem>
- <listitem>
- <para>Select <guilabel>Extra effects</guilabel> to
enable all desktop effects.</para>
+ <para>Select <guilabel>No effects</guilabel> to disable
visual effects.</para>
+ </listitem>
+ <listitem>
+ <para>Select <guilabel>Normal effects</guilabel> to
enable basic visual effects.</para>
+ </listitem>
+ <listitem>
+ <para>Select <guilabel>Extra effects</guilabel> to
enable more advanced visual effects.</para>
</listitem>
</itemizedlist>
<para>When you select a new option, it may take several seconds
for the change to be applied automatically. During this time, your screen may
flicker briefly.</para>
</sect1>
<sect1 id="compiz-configure-advanced" status="complete">
- <title>Enable extra Desktop Effects</title>
- <para>As well as the desktop effects which are available by
default, a large collection of additional effects is available. These range
from effects intended to make it easier to use your computer, to ones which are
just for fun.</para>
+ <title>Enabling extra effects</title>
+ <para>As well as the visual effects which are available by
default, a large collection of additional effects is available. These range
from effects intended to make it easier to use your computer, to ones which are
just for fun.</para>
<para>To enable additional effects:</para>
<procedure>
<step>
@@ -73,16 +73,16 @@
</sect1>
<sect1 id="compiz-problems" status="review">
- <title>Problems with Desktop Effects</title>
- <para>If you experience problems when using desktop effects, it
is advisable to disable them by pressing &desktop-effects; and selecting
<guilabel>No effects</guilabel>.</para>
+ <title>Common problems</title>
+ <para>If you experience problems when using visual effects, it
is advisable to disable them by opening &desktop-effects; and selecting
<guilabel>No effects</guilabel>.</para>
<itemizedlist>
<listitem>
- <para>If you receive the following error
message, it is likely that your graphics card does not currently support
desktop effects:</para>
- <para><guilabel>Desktop effects could not be
enabled</guilabel></para>
- <para>In this case, you will not be able to use
desktop effects.</para>
+ <para>If you receive the following error
message, it is likely that your graphics driver does not currently support
visual effects:</para>
+ <para><guilabel>Visual effects could not be
enabled</guilabel></para>
+ <para>In this case, you will not be able to use
visual effects with your default graphics driver. However, you may be able to
use a <ulink type='help' url='ghelp:hardware#restricted-manager'>restricted
driver</ulink> instead.</para>
</listitem>
<listitem>
- <para>If your computer runs slowly, disabling
desktop effects may improve performance. Desktop effects require more system
resources, and so older or less powerful computers may not be able to cope with
the extra load.</para>
+ <para>If your computer runs slowly, disabling
visual effects may improve performance. Visual effects require more system
resources, and so older or less powerful computers may not be able to cope with
the extra load.</para>
</listitem>
</itemizedlist>
</sect1>
@@ -91,10 +91,10 @@
<title>Further information</title>
<itemizedlist>
<listitem>
- <para>See the <ulink
url='https://help.ubuntu.com/community/CompositeManager'>Ubuntu Community
Support pages</ulink> for more information on desktop effects in Ubuntu. </para>
+ <para>See the <ulink
url='https://help.ubuntu.com/community/CompositeManager'>Ubuntu Community
Support pages</ulink> for more information on visual effects in Ubuntu. </para>
</listitem>
<listitem>
- <para>See the <ulink
url='http://compiz.org/Documentation/Documentation'>Compiz documentation
website</ulink> for more information on advanced configuration of desktop
effects.</para>
+ <para>See the <ulink
url='http://compiz.org/Documentation/Documentation'>Compiz documentation
website</ulink> for more information on advanced configuration of visual
effects.</para>
</listitem>
</itemizedlist>
</sect1>
=== modified file 'ubuntu/hardware/C/hardware.xml'
--- a/ubuntu/hardware/C/hardware.xml 2007-11-06 19:49:00 +0000
+++ b/ubuntu/hardware/C/hardware.xml 2008-01-20 13:22:51 +0000
@@ -31,7 +31,7 @@
<title>Why are some drivers restricted?</title>
<para>Most of the devices (hardware) attached to your
computer should function properly in Ubuntu. These devices are likely to have
<emphasis>unrestricted</emphasis> drivers, which means that the drivers can be
modified by the Ubuntu developers and problems with them can be fixed.</para>
<para>Some hardware does not have unrestricted drivers,
usually because the hardware manufacturer has not released details of their
hardware which would make it possible to create such a driver. These devices
may have limited functionality or may not work at all.</para>
- <para>If a <emphasis>restricted driver</emphasis> is
available for a certain device, you can install it in order to allow your
device to function properly, or to add new features. For example, installing a
restricted driver for certain graphics cards may allow you to use more advanced
<ulink type='help' url='ghelp:desktop-effects'>desktop effects</ulink>.</para>
+ <para>If a <emphasis>restricted driver</emphasis> is
available for a certain device, you can install it in order to allow your
device to function properly, or to add new features. For example, installing a
restricted driver for certain graphics cards may allow you to use more advanced
<ulink type='help' url='ghelp:desktop-effects'>visual effects</ulink>.</para>
<para>Some computers may not have any devices which can
use restricted drivers, either because all of the devices are fully supported
by unrestricted drivers or because no restricted drivers are yet available for
the device.</para>
<caution>
<para>Restricted drivers are often maintained
by the hardware manufacturer, and so cannot be modified by Ubuntu developers if
there is a problem.</para>
=== modified file 'ubuntu/libs/gnome-menus-C.ent'
--- a/ubuntu/libs/gnome-menus-C.ent 2007-11-11 00:48:28 +0000
+++ b/ubuntu/libs/gnome-menus-C.ent 2008-01-20 13:22:51 +0000
@@ -24,7 +24,7 @@
<!ENTITY cowbell '<menuchoice><guimenu>Applications</guimenu><guisubmenu>Sound
& Video</guisubmenu><guimenuitem>Cowbell Music Organizer</guimenuitem>
</menuchoice>'>
<!ENTITY chromium
'<menuchoice><guimenu>Applications</guimenu><guisubmenu>Games</guisubmenu><guisubmenu>Chromium</guisubmenu></menuchoice>'>
<!ENTITY desktop-background
'<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Desktop
Background</guimenuitem></menuchoice>'>
-<!ENTITY desktop-effects
'<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Appearance</guimenuitem><guimenuitem>Desktop
Effects</guimenuitem></menuchoice>'>
+<!ENTITY desktop-effects
'<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Appearance</guimenuitem><guimenuitem>Visual
Effects</guimenuitem></menuchoice>'>
<!ENTITY desktop-preferences
'<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem></menuchoice>'>
<!ENTITY devhelp
'<menuchoice><guimenu>Applications</guimenu><guisubmenu>Programming</guisubmenu><guimenuitem>Devhelp</guimenuitem></menuchoice>'>
<!ENTITY device-manager
'<menuchoice><guimenu>System</guimenu><guimenuitem>Preferences</guimenuitem><guimenuitem>Hardware
Information</guimenuitem></menuchoice>'>
--
https://code.launchpad.net/~ubuntu-core-doc/ubuntu-doc/ubuntu-hardy
You are receiving this branch notification because you are subscribed to it.
--
ubuntu-doc-commits mailing list
ubuntu-doc-commits@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc-commits
