Index: head/en_US.ISO8859-1/books/faq/book.xml
===================================================================
--- head/en_US.ISO8859-1/books/faq/book.xml (revision 53945)
+++ head/en_US.ISO8859-1/books/faq/book.xml (revision 53946)
@@ -1,6460 +1,6461 @@
13-CURRENT">
X">
head/">
X">
12-STABLE">
stable/12/">
X">
11-STABLE">
stable/11/">
]>
Frequently Asked Questions for &os;
&rel2.relx; and &rel.relx;The &os; Documentation Project19951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020The &os; Documentation Project
&legalnotice;
&tm-attrib.freebsd;
&tm-attrib.adobe;
&tm-attrib.ibm;
&tm-attrib.ieee;
&tm-attrib.intel;
&tm-attrib.linux;
&tm-attrib.microsoft;
&tm-attrib.netbsd;
&tm-attrib.opengroup;
&tm-attrib.sgi;
&tm-attrib.sun;
&tm-attrib.general;
$FreeBSD$This is the Frequently Asked Questions
(FAQ) for &os; versions
&rel.relx; and &rel2.relx;. Every effort has been made to
make this FAQ as informative as possible;
if you have any suggestions as to how it may be improved, send
them to the &a.doc;.The latest version of this document is always available
from the &os;
website. It may also be downloaded as one large
HTML file with HTTP or as
a variety of other formats from the &os; FTP
server.IntroductionWhat is &os;?&os; is a modern operating system for desktops,
laptops, servers, and embedded systems with support for a
large number of platforms.It is based on U.C. Berkeley's
4.4BSD-Lite release, with some
4.4BSD-Lite2 enhancements. It is also
based indirectly on William Jolitz's port of U.C.
Berkeley's Net/2 to the &i386;, known as
386BSD, though very little of the 386BSD
code remains.&os; is used by companies, Internet Service Providers,
researchers, computer professionals, students and home
users all over the world in their work, education and
recreation.For more detailed information on &os;, refer to the
&os;
Handbook.What is the goal of the &os; Project?The goal of the &os; Project is to provide a stable
and fast general purpose operating system that may be used
for any purpose without strings attached.Does the &os; license have any restrictions?Yes. Those restrictions do not control how the code
is used, but how to treat the &os; Project itself.
The license itself is available at
license
and can be summarized like this:Do not claim that you wrote this.Do not sue us if it breaks.Do not remove or modify the license.Many of us have a significant investment in the
project and would certainly not mind a little financial
compensation now and then, but we definitely do not insist
on it. We believe that our first and foremost
mission is to provide code to any and all
comers, and for whatever purpose, so that the code gets
the widest possible use and provides the widest possible
benefit. This, we believe, is one of the most fundamental
goals of Free Software and one that we enthusiastically
support.Code in our source tree which falls under the GNU
General Public License (GPL) or GNU
Library General Public License (LGPL) comes with
slightly more strings attached, though at least on the
side of enforced access rather than the usual opposite.
Due to the additional complexities that can evolve in the
commercial use of GPL software, we do, however, endeavor
to replace such software with submissions under the more
relaxed &os;
license whenever possible.Can &os; replace my current operating system?For most people, yes. But this question is not quite
that cut-and-dried.Most people do not actually use an operating system.
They use applications. The applications are what really
use the operating system. &os; is designed to provide a
robust and full-featured environment for applications. It
supports a wide variety of web browsers, office suites,
email readers, graphics programs, programming
environments, network servers, and much more.
Most of these applications can be
managed through the Ports
Collection.If an application is only available on one operating
system, that operating system cannot just be replaced.
Chances are, there is a very similar application on &os;,
however. As a solid office or Internet server or a
reliable workstation, &os; will almost certainly do
everything you need. Many computer users across the
world, including both novices and experienced &unix;
administrators, use &os; as their only desktop operating
system.Users migrating to &os; from another &unix;-like
environment will find &os; to be similar.
&windows; and &macos; users may be interested in instead
using FuryBSD,
GhostBSD
or MidnightBSD
three &os;-based desktop distributions. Non-&unix; users
should expect to invest some additional time learning the
&unix; way of doing things. This FAQ
and the &os;
Handbook are excellent places to start.Why is it called &os;?It may be used free of charge, even by commercial
users.Full source for the operating system is freely
available, and the minimum possible restrictions have
been placed upon its use, distribution and
incorporation into other work (commercial or
non-commercial).Anyone who has an improvement or bug fix is free
to submit their code and have it added to the source
tree (subject to one or two obvious
provisions).It is worth pointing out that the word
free is being used in two ways here: one
meaning at no cost and the other meaning
do whatever you like. Apart from
one or two things you cannot do with
the &os; code, for example pretending you wrote it, you
can really do whatever you like with it.What are the differences between &os; and NetBSD,
OpenBSD, and other open source BSD operating
systems?James Howard wrote a good explanation of the history
and differences between the various projects, called The
BSD Family Tree which goes a fair way to
answering this question. Some of the information is out
of date, but the history portion in particular remains
accurate.Most of the BSDs share patches and code, even today.
All of the BSDs have common ancestry.The design goals of &os; are described in , above. The design goals of
the other most popular BSDs may be summarized as
follows:OpenBSD aims for operating system security above
all else. The OpenBSD team wrote &man.ssh.1; and
&man.pf.4;, which have both been ported to
&os;.NetBSD aims to be easily ported to other hardware
platforms.DragonFly BSD is a fork of &os; 4.8 that
has since developed many interesting features of its
own, including the HAMMER file system and support for
user-mode vkernels.What is the latest version of &os;?At any point in the development of &os;, there can be
multiple parallel branches. &rel.relx; releases are made
from the &rel.stable; branch, and &rel2.relx; releases are
made from the &rel2.stable; branch.Up until the release of 12.0, the &rel2.relx; series
was the one known as -STABLE.
However, as of &rel.head.relx;, the &rel2.relx; branch
will be designated for an extended support
status and receive only fixes for major problems, such as
security-related fixes.
Releases are made every
few months. While many people stay more
up-to-date with the &os; sources (see the questions on
&os.current; and &os.stable;) than that, doing so
is more of a commitment, as the sources are a moving
target.More information on &os; releases can be found on the
Release
Engineering page and in &man.release.7;.What is &os;-CURRENT?&os.current;
is the development version of the operating system, which
will in due course become the new &os.stable; branch. As
such, it is really only of interest to developers working
on the system and die-hard hobbyists. See the relevant
section in the Handbook
for details on running
-CURRENT.Users not familiar with &os; should not use
&os.current;. This branch sometimes evolves quite quickly
and due to mistake can be un-buildable at times. People
that use &os.current; are expected to be able to analyze,
debug, and report problems.What is the &os;-STABLE
concept?&os;-STABLE is the development branch
from which major releases are made. Changes go into this
branch at a slower pace and with the general assumption
that they have first been tested in &os;-CURRENT.
However, at any given time, the sources for &os;-STABLE
may or may not be suitable for general use, as it may
uncover bugs and corner cases that were not yet found in
&os;-CURRENT. Users who do not have the resources to
perform testing should instead run the most recent release
of &os;.
&os;-CURRENT, on the other hand, has
been one unbroken line since 2.0 was released.For more
detailed information on branches see &os;
Release Engineering: Creating the Release
Branch, the status of the branches and
the upcoming release schedule can be found on the Release
Engineering Information page.Version &rel121.current;
is the latest release from the &rel.stable; branch; it was
released in &rel121.current.date;. Version &rel1.current;
is the latest release from the &rel2.stable; branch; it
was released in &rel1.current.date;.When are &os; releases made?The &a.re; releases a new major version of &os; about
every 18 months and a new minor version about every 8
months, on average. Release dates are announced well in
advance, so that the people working on the system know
when their projects need to be finished and tested. A
testing period precedes each release, to ensure that the
addition of new features does not compromise the stability
of the release. Many users regard this caution as one of
the best things about &os;, even though waiting for all
the latest goodies to reach -STABLE
can be a little frustrating.More information on the release engineering process
(including a schedule of upcoming releases) can be found
on the release
engineering pages on the &os; Web site.For people who need or want a little more excitement,
binary snapshots are made weekly as discussed
above.When are &os; snapshots made?&os; snapshot
releases are made based on the current state of the
-CURRENT and
-STABLE branches. The goals behind
each snapshot release are:To test the latest version of the installation
software.To give people who would like to run
-CURRENT or
-STABLE but who do not have the
time or bandwidth to follow it on a day-to-day basis
an easy way of bootstrapping it onto their
systems.To preserve a fixed reference point for the code
in question, just in case we break something really
badly later. (Although Subversion normally prevents
anything horrible like this happening.)To ensure that all new features and fixes in need
of testing have the greatest possible number of
potential testers.No claims are made that any
-CURRENT snapshot can be considered
production quality for any purpose.
If a stable and fully tested system is needed,
stick to full releases.Snapshot releases are directly available from snapshot.Official snapshots are generated on a regular
basis for all actively developed branches.Who is responsible for &os;?The key decisions concerning the &os; project, such as
the overall direction of the project and who is allowed to
add code to the source tree, are made by a core
team of 9 people. There is a much larger team of
more than 350 committers
who are authorized to make changes directly to the &os;
source tree.However, most non-trivial changes are discussed in
advance in the mailing
lists, and there are no restrictions on who may
take part in the discussion.Where can I get &os;?Every significant release of &os; is available via
anonymous FTP from the &os;
FTP site:The latest &rel.stable; release,
&rel121.current;-RELEASE can be found in the &rel121.current;-RELEASE
directory.Snapshot
releases are made monthly for the -CURRENT and -STABLE branch, these being
of service purely to bleeding-edge testers and
developers.The latest &rel2.stable; release,
&rel1.current;-RELEASE can be found in the &rel1.current;-RELEASE
directory.Information about obtaining &os; on CD, DVD, and other
media can be found in the
Handbook.How do I access the Problem Report database?The Problem Report database of all user change
requests may be queried by using our web-based PR query
interface.The web-based
problem report submission interface can be used
to submit problem reports through a web browser.Before submitting a problem report, read Writing
&os; Problem Reports, an article on how to write
good problem reports.Documentation and SupportWhat good books are there about &os;?The project produces a wide range of documentation,
available online from this link: https://www.FreeBSD.org/docs.html.
Is the documentation available in other formats, such
as plain text (ASCII), or &postscript;?Yes. The documentation is available in a number of
different formats and compression schemes on the &os; FTP
site, in the /pub/FreeBSD/doc/
directory.The documentation is categorized in a number of
different ways. These include:The document's name, such as
faq, or
handbook.The document's language and encoding. These are
based on the locale names found under
/usr/share/locale on a &os;
system. The current languages and encodings
are as follows:NameMeaningen_US.ISO8859-1English (United States)bn_BD.ISO10646-1Bengali or Bangla (Bangladesh)da_DK.ISO8859-1Danish (Denmark)de_DE.ISO8859-1German (Germany)el_GR.ISO8859-7Greek (Greece)es_ES.ISO8859-1Spanish (Spain)fr_FR.ISO8859-1French (France)hu_HU.ISO8859-2Hungarian (Hungary)it_IT.ISO8859-15Italian (Italy)ja_JP.eucJPJapanese (Japan, EUC encoding)ko_KR.UTF-8Korean (Korea, UTF-8 encoding)mn_MN.UTF-8Mongolian (Mongolia, UTF-8
encoding)nl_NL.ISO8859-1Dutch (Netherlands)pl_PL.ISO8859-2Polish (Poland)pt_BR.ISO8859-1Portuguese (Brazil)ru_RU.KOI8-RRussian (Russia, KOI8-R encoding)tr_TR.ISO8859-9Turkish (Turkey)zh_CN.UTF-8Simplified Chinese (China, UTF-8
encoding)zh_TW.UTF-8Traditional Chinese (Taiwan, UTF-8
encoding)Some documents may not be available in all
languages.The document's format. We produce the
documentation in a number of different output formats.
Each format has its own advantages and disadvantages.
Some formats are better suited for online reading,
while others are meant to be aesthetically pleasing
when printed on paper. Having the documentation
available in any of these formats ensures that our
readers will be able to read the parts they are
interested in, either on their monitor, or on paper
after printing the documents. The currently available
formats are:FormatMeaninghtml-splitA collection of small, linked, HTML
files.htmlOne large HTML file containing the entire
documentpdfAdobe's Portable Document Formatps&postscript;rtfµsoft;'s Rich Text FormattxtPlain textPage numbers are not automatically updated when
loading Rich Text Format into Word. Press CtrlA,
CtrlEnd,
F9 after loading the document, to
update the page numbers.The compression and packaging scheme.Where the format is
html-split, the files are
bundled up using &man.tar.1;. The resulting
.tar is then compressed
using the compression schemes detailed in the next
point.All the other formats generate one file. For
example,
article.pdf,
book.html, and so on.These files are then compressed using either
the zip or
bz2 compression schemes.
&man.tar.1; can be used to uncompress these
files.So the &postscript; version of the Handbook,
compressed using bzip2 will be
stored in a file called
book.ps.bz2 in the
handbook/ directory.After choosing the format and compression mechanism,
download the
compressed files, uncompress them, and then copy
the appropriate documents into place.For example, the split HTML version of the
FAQ, compressed using &man.bzip2.1;,
can be found in
doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2
To download and uncompress that file, type:&prompt.root; fetch https://download.freebsd.org/ftp/doc/en_US.ISO8859-1/books/faq/book.html-split.tar.bz2
&prompt.root; tar xvf book.html-split.tar.bz2If the file is compressed,
tar will automatically
detect the appropriate format and decompress it correctly,
resulting in a collection of
.html files. The main one is called
index.html, which will contain the
table of contents, introductory material, and links to the
other parts of the document.Where do I find info on the &os; mailing lists? What
&os; news groups are available?Refer to the Handbook
entry on mailing-lists and the Handbook
entry on newsgroups.Are there &os; IRC (Internet Relay Chat)
channels?Yes, most major IRC networks host a &os; chat
channel:Channel #FreeBSDhelp on EFNet
is a channel dedicated to helping &os; users.Channel #FreeBSD on Freenode is
a general help channel with many users at any time.
The conversations have been known to run off-topic for
a while, but priority is given to users with &os;
questions. Other users can help with
the basics, referring to the Handbook whenever
possible and providing links for learning more about
a particular topic. This is primarily an English
speaking channel, though it does have users from all
over the world. Non-native English speakers should
try to ask the question in English first and then
relocate to ##freebsd-lang as
appropriate.Channel #FreeBSD on DALNET is
available at irc.dal.net in
the US and irc.eu.dal.net in
Europe.Channel #FreeBSD on UNDERNET
is available at
us.undernet.org in the US and
eu.undernet.org in Europe.
Since it is a help channel, be prepared to read the
documents you are referred to.Channel #FreeBSD on RUSNET
is a Russian language channel dedicated to
helping &os; users. This is also a good place for
non-technical discussions.Channel #bsdchat on Freenode is
a Traditional Chinese (UTF-8 encoding) language
channel dedicated to helping &os; users.
This is also a good place for non-technical
discussions.The &os; wiki has a good
list of IRC channels.Each of these channels are distinct and are not
connected to each other. Since their chat styles differ,
try each to find one suited to your
chat style.Are there any web based forums to discuss &os;?The official &os; forums are located at https://forums.FreeBSD.org/.Where can I get commercial &os; training and
support?iXsystems,
Inc., parent company of the &os;
Mall, provides commercial &os; and TrueOS
software support,
in addition to &os; development and tuning
solutions.BSD Certification Group, Inc. provides system
administration certifications for DragonFly BSD,
&os;, NetBSD, and OpenBSD. Refer to their
site for more information.Any other organizations providing training and support
should contact the Project to be listed here.InstallationNikClaytonnik@FreeBSD.orgWhich platform should I download? I have a 64
bit capable &intel; CPU,
but I only see amd64.&arch.amd64; is the term &os; uses for 64-bit
compatible x86 architectures (also known as "x86-64" or
"x64"). Most modern computers should use &arch.amd64;.
Older hardware should use &arch.i386;. When installing
on a non-x86-compatible architecture, select the
platform which best matches the hardware.Which file do I download to get &os;?On the Getting
&os; page, select [iso] next
to the architecture that matches the hardware.Any of the following can be used:filedescriptiondisc1.isoContains enough to install &os; and
a minimal set of packages.dvd1.isoSimilar to disc1.iso
but with additional packages.memstick.imgA bootable image sufficient for writing to a
USB stick.bootonly.isoA minimal image that requires network access
during installation to completely install
&os;.Full instructions on this procedure and a little bit
more about installation issues in general can be found in
the Handbook
entry on installing &os;.What do I do if the install image does not
boot?This can be caused by not downloading the image in
binary mode when using
FTP.Some FTP clients default their transfer mode to
ascii and attempt to change any
end-of-line characters received to match the
conventions used by the client's system. This will
almost invariably corrupt the boot image. Check the
SHA-256 checksum of the downloaded boot image: if it
is not exactly that on the
server, then the download process is suspect.When using a command line FTP client, type
binary at the FTP command prompt
after getting connected to the server and before
starting the download of the image.Where are the instructions for installing &os;?Installation instructions
can be found at Handbook
entry on installing &os;.How can I make my own custom release or install
disk?Customized &os; installation media can be created by
building a custom release. Follow the instructions in the
Release
Engineering article.Can &windows; co-exist with &os;? (x86-specific)If &windows; is installed first, then yes. &os;'s
boot manager will then manage to boot &windows; and &os;.
If &windows; is installed afterwards, it will
overwrite the boot manager. If that
happens, see the next section.Another operating system destroyed my Boot Manager.
How do I get it back? (x86-specific)This depends upon the boot manager.
The &os; boot selection menu can be reinstalled using
&man.boot0cfg.8;. For example, to restore the boot menu
onto the disk ada0:&prompt.root; boot0cfg -B ada0The non-interactive MBR bootloader can be installed
using &man.gpart.8;:&prompt.root; gpart bootcode -b /boot/mbr ada0For more complex situations, including GPT disks, see
&man.gpart.8;.Do I need to install the source?In general, no. There is nothing in the base system
which requires the presence of the source to operate.
Some ports, like sysutils/lsof, will
not build unless the source is installed. In particular,
if the port builds a kernel module or directly operates on
kernel structures, the source must be installed.Do I need to build a kernel?Usually not. The supplied GENERIC
kernel contains the drivers an ordinary computer will
need. &man.freebsd-update.8;, the &os; binary upgrade
tool, cannot upgrade custom kernels, another reason to
stick with the GENERIC kernel when
possible. For computers with very limited RAM, such as
embedded systems, it may be worthwhile to build a smaller
custom kernel containing just the required drivers.Should I use DES, Blowfish, or MD5 passwords and how
do I specify which form my users receive?&os; uses
SHA512 by
default. DES
passwords are still available for backwards compatibility
with operating systems that still
use the less secure password format. &os; also supports
the Blowfish and MD5 password formats. Which
password format to use for new passwords is controlled by
the passwd_format login capability in
/etc/login.conf, which takes values
of des, blf (if
these are available) or md5. See the
&man.login.conf.5; manual page for more information about
login capabilities.What are the limits for FFS file systems?For FFS file systems, the largest file system is
practically limited by the amount of memory required to
&man.fsck.8; the file system. &man.fsck.8; requires one
bit per fragment, which with the default fragment size of
4 KB equates to 32 MB of memory per TB of disk.
This does mean that on architectures which limit userland
processes to 2 GB (e.g., &i386;), the maximum
&man.fsck.8;'able filesystem is ~60 TB.If there was not a &man.fsck.8; memory limit the
maximum filesystem size would be 2 ^ 64 (blocks)
* 32 KB => 16 Exa * 32 KB => 512
ZettaBytes.The maximum size of a single FFS file is approximately
2 PB with the default block size of 32 KB. Each
32 KB block can point to 4096 blocks. With triple
indirect blocks, the calculation is 32 KB * 12 +
32 KB * 4096 + 32 KB * 4096^2 + 32 KB *
4096^3. Increasing the block size to 64 KB will
increase the max file size by a factor of 16.Why do I get an error message, readin
failed after compiling and booting a new
kernel?The world and kernel are out of sync. This
is not supported. Be sure to use make
buildworld and make
buildkernel to update the kernel.Boot the system by specifying the kernel directly at
the second stage, pressing any key when the
| shows up before loader is
started.Is there a tool to perform post-installation
configuration tasks?Yes. bsdconfig provides a
nice interface to configure &os; post-installation.Hardware CompatibilityGeneralI want to get a piece of hardware for my &os;
system. Which model/brand/type is best?This is discussed continually on the &os; mailing
lists but is to be expected since hardware changes so
quickly. Read through the Hardware Notes
for &os; &rel121.current;
or &rel1.current;
and search the mailing list archives
before asking about the latest and greatest hardware.
Chances are a discussion about that type of hardware
took place just last week.Before purchasing a laptop, check the archives for
&a.questions;, or possibly a specific
mailing list for a particular hardware type.What are the limits for memory?&os; as an operating system generally supports
as much physical memory (RAM) as the platform it is
running on does. Keep in mind that different platforms
have different limits for memory; for example &i386;
without PAE supports at most
4 GB of memory (and usually less than that because
of PCI address space) and &i386; with PAE supports at
most 64 GB memory. As of &os; 10, AMD64
platforms support up to 4 TB of physical
memory.Why does &os; report less than 4 GB memory when
installed on an &i386; machine?The total address space on &i386; machines is
32-bit, meaning that at most 4 GB of memory is
addressable (can be accessed). Furthermore, some
addresses in this range are reserved by hardware for
different purposes, for example for using and
controlling PCI devices, for accessing video memory, and
so on. Therefore, the total amount of memory usable by
the operating system for its kernel and applications is
limited to significantly less than 4 GB. Usually,
3.2 GB to 3.7 GB is the maximum usable
physical memory in this configuration.To access more than 3.2 GB to 3.7 GB of
installed memory (meaning up to 4 GB but also more
than 4 GB), a special tweak called
PAE must be used. PAE stands for
Physical Address Extension and is a way for 32-bit x86
CPUs to address more than 4 GB of memory. It
remaps the memory that would otherwise be overlaid by
address reservations for hardware devices above the
4 GB range and uses it as additional physical
memory (see &man.pae.4;). Using PAE has some drawbacks;
this mode of memory access is a little bit slower than
the normal (without PAE) mode and loadable modules (see
&man.kld.4;) are not supported. This means all drivers
must be compiled into the kernel.The most common way to enable PAE is to build a new
kernel with the special ready-provided kernel
configuration file called PAE,
which is already configured to build a safe kernel.
Note that some entries in this kernel configuration file
are too conservative and some drivers marked as unready
to be used with PAE are actually usable. A rule of
thumb is that if the driver is usable on 64-bit
architectures (like AMD64), it is also usable with PAE.
When creating a custom kernel configuration
file, PAE can be enabled by adding the following
line:options PAEPAE is not much used nowadays because most new x86
hardware also supports running in 64-bit mode, known as
AMD64 or &intel; 64. It has a much larger address
space and does not need such tweaks. &os; supports
AMD64 and it is recommended that this version of &os; be
used instead of the &i386; version if 4 GB or more
memory is required.Architectures and ProcessorsDoes &os; support architectures other than the
x86?Yes. &os; divides support into multiple tiers.
Tier 1 architectures, such as i386 or amd64; are fully
supported. Tiers 2 and 3 are supported on a
best-effort basis. A full explanation of the tier
system is available in the Committer's
Guide.A complete list of supported architectures can be
found on the platforms
page.Does &os; support Symmetric Multiprocessing
(SMP)?&os; supports symmetric multi-processor (SMP) on all
non-embedded platforms (e.g, &arch.i386;, &arch.amd64;,
etc.). SMP is also supported in arm and MIPS kernels,
although some CPUs may not support this. &os;'s SMP
implementation uses fine-grained locking, and
performance scales nearly linearly with number of
CPUs.&man.smp.4; has more details.What is microcode?
How do I install &intel; CPU microcode updates?Microcode is a method of programmatically
implementing hardware level instructions. This allows
for CPU bugs to be fixed without replacing the on board
chip.Install sysutils/devcpu-data,
then add:microcode_update_enable="YES"to /etc/rc.confPeripheralsWhat kind of peripherals does &os; support?See the complete list in the Hardware Notes for &os;
&rel121.current;
or &rel1.current;.Keyboards and MiceIs it possible to use a mouse outside the
X Window system?The default console driver,
&man.vt.4;, provides the ability to use a mouse
pointer in text consoles to cut & paste text. Run
the mouse daemon, &man.moused.8;, and turn on the mouse
pointer in the virtual console:&prompt.root; moused -p /dev/xxxx -t yyyy
&prompt.root; vidcontrol -m onWhere xxxx is the mouse
device name and yyyy is a
protocol type for the mouse. The mouse daemon can
automatically determine the protocol type of most mice,
except old serial mice. Specify the
auto protocol to invoke automatic
detection. If automatic detection does not work, see
the &man.moused.8; manual page for a list of supported
protocol types.For a PS/2 mouse, add
moused_enable="YES" to
/etc/rc.conf to start the mouse
daemon at boot time. Additionally, to
use the mouse daemon on all virtual terminals instead of
just the console, add allscreens_flags="-m
on" to
/etc/rc.conf.When the mouse daemon is running, access to the
mouse must be coordinated between the mouse daemon and
other programs such as X Windows. Refer to the
FAQ
Why does my mouse not work
with X? for more details on this issue.How do I cut and paste text with a mouse in the text
console?It is not possible to remove data using the mouse.
However, it is possible to copy and paste. Once the
mouse daemon is running as described in the previous question, hold down
button 1 (left button) and move the mouse to select a
region of text. Then, press button 2 (middle button) to
paste it at the text cursor. Pressing button 3 (right
button) will extend the selected region
of text.If the mouse does not have a middle button, it is
possible to emulate one or remap buttons using mouse
daemon options. See the &man.moused.8; manual page for
details.My mouse has a fancy wheel and buttons. Can I use
them in &os;?The answer is, unfortunately, It
depends. These mice with additional features
require specialized driver in most cases. Unless the
mouse device driver or the user program has specific
support for the mouse, it will act just like a standard
two, or three button mouse.For the possible usage of wheels in the X Window
environment, refer to that section.How do I use my delete key in sh
and csh?For the Bourne Shell, add
the following lines to ~/.shrc.
See &man.sh.1; and &man.editrc.5;.bind ^[[3~ ed-delete-next-char # for xtermFor the C Shell, add the
following lines to ~/.cshrc.
See &man.csh.1;.bindkey ^[[3~ delete-char # for xtermOther HardwareWorkarounds for no sound from my &man.pcm.4; sound
card?Some sound cards set their output volume to 0 at
every boot. Run the following command every time the
machine boots:&prompt.root; mixer pcm 100 vol 100 cd 100Does &os; support power management on my
laptop?&os; supports the ACPI features
found in modern hardware. Further information can be
found in &man.acpi.4;.TroubleshootingWhy is &os; finding the wrong amount of memory on
&i386; hardware?The most likely reason is the difference between
physical memory addresses and virtual addresses.The convention for most PC hardware is to use the
memory area between 3.5 GB and 4 GB for a
special purpose (usually for PCI). This address space is
used to access PCI hardware. As a result real, physical
memory cannot be accessed by that address space.What happens to the memory that should appear in that
location is hardware dependent. Unfortunately,
some hardware does nothing and the ability to use that
last 500 MB of RAM is entirely lost.Luckily, most hardware remaps the memory to a higher
location so that it can still be used. However, this can
cause some confusion when watching the boot
messages.On a 32-bit version of &os;, the memory appears lost,
since it will be remapped above 4 GB, which a 32-bit
kernel is unable to access. In this case, the solution is
to build a PAE enabled kernel. See the entry on memory
limits for more information.On a 64-bit version of &os;, or when running a
PAE-enabled kernel, &os; will correctly detect and remap
the memory so it is usable. During boot, however, it may
seem as if &os; is detecting more memory than the system
really has, due to the described remapping. This is
normal and the available memory will be corrected as the
boot process completes.Why do my programs occasionally die with
Signal 11 errors?Signal 11 errors are caused when a process has
attempted to access memory which the operating system has
not granted it access to. If something like this is
happening at seemingly random intervals,
start investigating the cause.These problems can usually be attributed to
either:If the problem is occurring only in a specific
custom application, it is
probably a bug in the code.If it is a problem with part of the base &os;
system, it may also be buggy code, but more often than
not these problems are found and fixed long before us
general FAQ readers get to use
these bits of code (that is what -CURRENT is
for).It is probably
not a &os; bug if the
problem occurs compiling a program, but the activity
that the compiler is carrying out changes each
time.For example, if make
buildworld fails while trying
to compile ls.c into
ls.o and, when run again, it fails
in the same place, this is a broken build. Try
updating source and try again. If the compile fails
elsewhere, it is almost certainly due to hardware.In the first case, use a debugger such as
&man.gdb.1; to find the point in the program which is
attempting to access a bogus address and fix
it.In the second case, verify which piece of
hardware is at fault.Common causes of this include:The hard disks might be overheating: Check that
the fans are still working, as the disk and
other hardware might be overheating.The processor running is overheating: This might
be because the processor has been overclocked, or the
fan on the processor might have died. In either case,
ensure that the hardware is running at
what it is specified to run at, at least while trying
to solve this problem. If it is not, clock it back
to the default settings.)Regarding overclocking, it is far
cheaper to have a slow system than a fried system that
needs replacing! Also the community is not
sympathetic to problems on overclocked systems.Dodgy memory: if multiple memory
SIMMS/DIMMS are installed, pull them all out and try
running the machine with each SIMM or DIMM
individually to narrow the problem down to either the
problematic DIMM/SIMM or perhaps even a
combination.Over-optimistic motherboard settings: the BIOS
settings, and some motherboard jumpers, provide
options to set various timings. The defaults
are often sufficient, but sometimes setting the wait
states on RAM too low, or setting the RAM
Speed: Turbo option
will cause strange behavior. A possible idea is to
set to BIOS defaults, after noting
the current settings first.Unclean or insufficient power to the motherboard.
Remove any unused I/O boards, hard disks, or
CD-ROMs,
or disconnect the power cable from them, to see if
the power supply can manage a smaller load. Or try
another power supply, preferably one with a little
more power. For instance, if the current power supply
is rated at 250 Watts, try one rated at
300 Watts.Read the section on
Signal 11 for a further
explanation and a discussion on how memory testing
software or hardware can still pass faulty memory. There
is an extensive FAQ on this at the SIG11
problem FAQ.Finally, if none of this has helped, it is possibly
a bug in &os;.
Follow these instructions
to send a problem report.My system crashes with either Fatal trap
12: page fault in kernel mode, or
panic:, and spits out a bunch of
information. What should I do?The &os; developers are interested in these
errors, but need more information than just the error
message. Copy the full crash message. Then consult the
FAQ section on kernel
panics, build a debugging kernel, and get a
backtrace. This might sound difficult, but does not
require any programming skills. Just follow the
instructions.What is the meaning of the error maxproc
limit exceeded by uid %i, please see tuning(7) and
login.conf(5)?The &os; kernel will only allow a certain number of
processes to exist at one time. The number is based on
the kern.maxusers &man.sysctl.8;
variable. kern.maxusers also affects
various other in-kernel limits, such as network buffers.
If the machine is heavily loaded,
increase kern.maxusers. This will
increase these other system limits in addition to the
maximum number of processes.To adjust the kern.maxusers value,
see the File/Process
Limits section of the Handbook. While that
section refers to open files, the same limits apply to
processes.If the machine is lightly loaded but running a very
large number of processes, adjust the
kern.maxproc tunable by defining it in
/boot/loader.conf. The tunable will
not get adjusted until the system is rebooted. For more
information about tuning tunables, see
&man.loader.conf.5;. If these processes are being run by
a single user, adjust
kern.maxprocperuid to be one less than
the new kern.maxproc value. It must
be at least one less because one system program,
&man.init.8;, must always be running.Why do full screen applications on remote machines
misbehave?The remote machine may be setting the terminal type to
something other than xterm which is
required by the &os; console. Alternatively the kernel
may have the wrong values for the width and height of the
terminal.Check the value of the TERM
environment variable is xterm. If the
remote machine does not support that try
vt100.Run stty -a to check what the
kernel thinks the terminal dimensions are. If they are
incorrect, they can be changed by running
stty rows RR cols
CC.Alternatively, if the client machine has
x11/xterm installed, then running
resize will query the terminal for the
correct dimensions and set them.Why does it take so long to connect to my computer via
ssh or
telnet?The symptom: there is a long delay between the time
the TCP connection is established and the time when the
client software asks for a password (or, in
&man.telnet.1;'s case, when a login prompt
appears).The problem: more likely than not, the delay is caused
by the server software trying to resolve the client's IP
address into a hostname. Many servers, including the
Telnet and
SSH servers that come with
&os;, do this to store the hostname in a log file for
future reference by the administrator.The remedy: if the problem occurs whenever connecting
the client computer to any server, the problem
is with the client. If the problem only occurs
when someone connects to the server computer, the
problem is with the server.If the problem is with the client, the only remedy is
to fix the DNS so the server can resolve it. If this is
on a local network, consider it a server problem and keep
reading. If this is on the Internet,
contact your ISP.If the problem is with the server on a
local network, configure the server
to resolve address-to-hostname queries for the local
address range. See &man.hosts.5; and &man.named.8;
for more information. If this is on the
Internet, the problem may be that the local server's
resolver is not functioning correctly. To check, try to
look up another host such as
www.yahoo.com. If it does not
work, that is the problem.Following a fresh install of &os;, it is also possible
that domain and name server information is missing from
/etc/resolv.conf. This will often
cause a delay in SSH, as the
option UseDNS is set to
yes by default in
/etc/ssh/sshd_config. If this is
causing the problem, either fill in the
missing information in
/etc/resolv.conf or set
UseDNS to no in
sshd_config as a temporary
workaround.Why does file: table is full
show up repeatedly in &man.dmesg.8;?This error message indicates that the number of
available file descriptors have been exhausted on the
system. Refer to the kern.maxfiles
section of the Tuning
Kernel Limits section of the Handbook for a
discussion and solution.Why does the clock on my computer keep incorrect
time?The computer has two or more clocks, and &os; has
chosen to use the wrong one.Run &man.dmesg.8;, and check for lines that contain
Timecounter. The one with the highest
quality value that &os; chose.&prompt.root; dmesg | grep Timecounter
Timecounter "i8254" frequency 1193182 Hz quality 0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
Timecounter "TSC" frequency 2998570050 Hz quality 800
Timecounters tick every 1.000 msecConfirm this by checking the
kern.timecounter.hardware
&man.sysctl.3;.&prompt.root; sysctl kern.timecounter.hardware
kern.timecounter.hardware: ACPI-fastIt may be a broken ACPI timer. The simplest solution
is to disable the ACPI timer in
/boot/loader.conf:debug.acpi.disabled="timer"Or the BIOS may modify the TSC clock—perhaps to
change the speed of the processor when running from
batteries, or going into a power saving mode, but &os; is
unaware of these adjustments, and appears to gain or lose
time.In this example, the i8254 clock is
also available, and can be selected by writing its name to
the kern.timecounter.hardware
&man.sysctl.3;.&prompt.root; sysctl kern.timecounter.hardware=i8254
kern.timecounter.hardware: TSC -> i8254The computer should now start keeping more accurate
time.To have this change automatically run at boot time,
add the following line to
/etc/sysctl.conf:kern.timecounter.hardware=i8254What does the error swap_pager: indefinite
wait buffer: mean?This means that a process is trying to page memory
from
disk, and the page attempt has hung trying to access the
disk for more than 20 seconds. It might be caused by bad
blocks on the disk drive, disk wiring, cables, or any
other disk I/O-related hardware. If the drive itself is
bad, disk errors will appear in
/var/log/messages and in the output
of dmesg. Otherwise, check the cables
and connections.What is a lock order
reversal?The &os; kernel uses a number of resource locks to
arbitrate contention for certain resources. When multiple
kernel threads try to obtain multiple resource locks,
there's always the potential for a deadlock, where two
threads have each obtained one of the locks and blocks
forever waiting for the other thread to release one of the
other locks. This sort of locking problem can be avoided
if all threads obtain the locks in the same order.A run-time lock diagnostic system called
&man.witness.4;, enabled in &os.current; and disabled by
default for stable branches and releases, detects the
potential for deadlocks due to locking errors, including
errors caused by obtaining multiple resource locks with a
different order from different parts of the kernel. The
&man.witness.4; framework tries to detect this problem as
it happens, and reports it by printing a message to the
system console about a lock order
reversal (often referred to also as
LOR).It is possible to get false positives, as
&man.witness.4; is conservative. A true positive report
does not mean that a system is
dead-locked; instead it should be understood as a warning
that a deadlock could have happened here.Problematic LORs tend to get
fixed quickly, so check the &a.current; before posting
to it.What does Called ... with the following
non-sleepable locks held mean?This means that a function that may sleep was called
while a mutex (or other unsleepable) lock was held.The reason this is an error is because mutexes are not
intended to be held for long periods of time; they are
supposed to only be held to maintain short periods of
synchronization. This programming contract allows device
drivers to use mutexes to synchronize with the rest of the
kernel during interrupts. Interrupts (under &os;) may not
sleep. Hence it is imperative that no subsystem in the
kernel block for an extended period while holding a
mutex.To catch such errors, assertions may be added to the
kernel that interact with the &man.witness.4; subsystem to
emit a warning or fatal error (depending on the system
configuration) when a potentially blocking call is made
while holding a mutex.In summary, such warnings are non-fatal, however with
unfortunate timing they could cause undesirable effects
ranging from a minor blip in the system's responsiveness
to a complete system lockup.For additional information about locking in &os; see
&man.locking.9;.Why does
buildworld/installworld
die with the message touch: not
found?This error does not mean that the &man.touch.1;
utility is missing. The error is instead probably due to
the dates of the files being set sometime in the future.
If the CMOS clock is set to local time, run
adjkerntz -i to adjust
the kernel clock when booting into single-user
mode.User ApplicationsWhere are all the user applications?Refer to the ports
page for info on software packages ported to
&os;.Most ports should work on all supported versions of
&os;. Those that do not are specifically marked as such.
Each time a &os; release is made, a snapshot of the ports
tree at the time of release is also included in the
ports/ directory.&os; supports compressed binary packages to easily
install and uninstall ports. Use &man.pkg.7; to control
the installation of packages.How do I download the Ports tree? Should I be using
Subversion?Any of the methods listed here work:Use portsnap for most use cases. Refer to Using
the Ports Collection for instructions on how to
use this tool.Use Subversion if custom patches to the
ports tree are needed. Refer to Using
Subversion for details.Why can I not build this port on my
&rel2.relx; -, or
&rel.relx; -STABLE machine?If the installed &os; version lags significantly
behind -CURRENT or
-STABLE, update the Ports Collection
using the instructions in Using
the Ports Collection. If the system is
up-to-date, someone might have committed a change to the
port which works for -CURRENT but
which broke the port for -STABLE.
Submit
a bug report, since the Ports Collection is supposed to
work for both the -CURRENT and
-STABLE branches.I just tried to build INDEX using
make index, and it failed. Why?First, make sure that the Ports Collection is
up-to-date. Errors that affect building
INDEX from an up-to-date copy of the
Ports Collection are high-visibility and are thus almost
always fixed immediately.There are rare cases where INDEX
will not build due to odd cases involving
OPTIONS_SET
being set in make.conf. If
you suspect that this is the case, try to make
INDEX with those variables
turned off before reporting it to &a.ports;.I updated the sources, now how do I update my
installed ports?&os; does not include a port upgrading tool, but it
does have some tools to make the upgrade process somewhat
easier. Additional tools are available to simplify
port handling and are described the Upgrading
Ports section in the &os; Handbook.Do I need to recompile every port each time I perform
a major version update?Yes! While a recent system will run with
software compiled under an older release,
things will randomly crash and fail to work once
other ports are installed or updated.When the system is upgraded, various shared libraries,
loadable modules, and other parts of the system will be
replaced with newer versions. Applications linked against
the older versions may fail to start or, in other cases,
fail to function properly.For more information, see the
section on upgrades in the &os; Handbook.Do I need to recompile every port each time I perform
a minor version update?In general, no. &os; developers do their utmost to
guarantee binary compatibility across all releases with
the same major version number. Any exceptions will be
documented in the Release Notes, and advice given there
should be followed.Why is /bin/sh so minimal? Why
does &os; not use bash or another
shell?Many people need to write shell scripts which will be
portable across many systems. That is why &posix;
specifies the shell and utility commands in great detail.
Most scripts are written in Bourne shell (&man.sh.1;), and
because several important programming interfaces
(&man.make.1;, &man.system.3;, &man.popen.3;, and
analogues in higher-level scripting languages like Perl
and Tcl) are specified to use the Bourne shell to
interpret commands. Because the Bourne shell is so often
and widely used, it is important for it to be quick to
start, be deterministic in its behavior, and have a small
memory footprint.The existing implementation is our best effort at
meeting as many of these requirements simultaneously as we
can. To keep /bin/sh small, we have
not provided many of the convenience features that other
shells have. That is why other more featureful shells
like bash, scsh,
&man.tcsh.1;, and zsh are available.
Compare the memory utilization of
these shells by looking at the VSZ and
RSS columns in a ps -u
listing.Kernel ConfigurationI would like to customize my kernel. Is it
difficult?Not at all! Check out the kernel
config section of the Handbook.The new kernel will be
installed to the /boot/kernel
directory along with its modules, while the old kernel
and its modules will be moved to the
/boot/kernel.old directory. If
a mistake is made in the
configuration, simply boot the previous version of the
kernel.Why is my kernel so big?GENERIC kernels shipped with &os;
are compiled in debug mode.
Kernels built in debug mode contain debug data in
separate files that are used for debugging.
&os; releases prior to 11.0 store these debug files in
the same directory as the kernel itself,
/boot/kernel/.
In &os; 11.0 and later the debug files are stored in
/usr/lib/debug/boot/kernel/.
Note that there will be little or no performance loss from
running a debug kernel, and it is useful to keep one
around in case of a system panic.When running low on disk space, there
are different options to reduce the size of
/boot/kernel/ and
/usr/lib/debug/.To not install the symbol files,
make sure the following line exists in
/etc/src.conf:WITHOUT_KERNEL_SYMBOLS=yesFor more information see &man.src.conf.5;.If you want to avoid building debug files altogether,
make sure that both of the following are true:This line does not exist in the kernel
configuration file:makeoptions DEBUG=-gDo not run &man.config.8; with
.Either of the above settings will cause the kernel to
be built in debug mode.To build and install only the specified modules, list
them in
/etc/make.conf:MODULES_OVERRIDE= accf_http ipfwReplace accf_httpd ipfw with a
list of needed modules. Only the listed modules will be
built. This reduces the size of the kernel
directory and decreases the amount of time needed to
build the kernel. For more information, read
/usr/share/examples/etc/make.conf.Unneeded devices can be removed from the kernel
to further reduce the size. See for more information.To put any of these options into effect, follow the
instructions to build
and install the new kernel.For reference, the &os; 11 &arch.amd64; kernel
(/boot/kernel/kernel) is
approximately 25 MB.Why does every kernel I try to build fail to compile,
even GENERIC?There are a number of possible causes for this
problem:The source
tree is different from the one used to build the
currently running system. When attempting an upgrade,
read /usr/src/UPDATING, paying
particular attention to the COMMON
ITEMS section at the end.The make buildkernel did not
complete successfully. The make
buildkernel target relies on files
generated by the make buildworld
target to complete its job correctly.Even when building &os;-STABLE, it is possible
that the source tree was fetched at a time when it was
either being modified or it was broken.
Only releases are guaranteed to be
buildable, although &os;-STABLE builds fine the
majority of the time. Try re-fetching the source tree
and see if the problem goes away. Try using a
different mirror in case the previous one is having
problems.Which scheduler is in use on a
running system?The name of the scheduler currently being used is
directly available as the value of the
kern.sched.name sysctl:&prompt.user; sysctl kern.sched.name
kern.sched.name: ULEWhat is kern.sched.quantum?kern.sched.quantum is the maximum
number of ticks a process can run without being preempted
in the 4BSD scheduler.Disks, File Systems, and Boot LoadersHow can I add my new hard disk to my &os;
system?See the Adding
Disks section in the &os; Handbook.How do I move my system over to my huge new
disk?The best way is to reinstall the operating system on
the new disk, then move the user data over. This is
highly recommended when tracking
-STABLE for more than one release or
when updating a release instead of installing a new one.
Install booteasy on both disks with &man.boot0cfg.8; and
dual boot until you are happy with the new configuration.
Skip the next paragraph to find out how to move the data
after doing this.Alternatively, partition and label the new disk with
either &man.sade.8; or &man.gpart.8;. If the disks are
MBR-formatted, booteasy can be installed on both disks
with &man.boot0cfg.8; so that the computer can dual boot
to the old or new system after the copying is done.Once the new disk set up,
the data cannot just be copied. Instead, use tools that
understand device files and system flags, such as
&man.dump.8;. Although it is recommended
to move the data while in single-user mode, it
is not required.When the disks are formatted with
UFS, never use anything but
&man.dump.8; and &man.restore.8; to move the root file
system. These commands should also be used when moving a
single partition to another empty partition. The sequence
of steps to use dump to move the data
from one UFS partitions to a new
partition is:newfs the new partition.mount it on a temporary mount
point.cd to that directory.dump the old partition, piping
output to the new one.For example, to move
/dev/ada1s1a with
/mnt as the temporary mount point,
type:&prompt.root; newfs /dev/ada1s1a
&prompt.root; mount /dev/ada1s1a /mnt
&prompt.root; cd /mnt
&prompt.root; dump 0af - / | restore rf -Rearranging partitions with
dump takes a bit more work. To merge a
partition like /var into its parent,
create the new partition large enough for both, move the
parent partition as described above, then move the child
partition into the empty directory that the first move
created:&prompt.root; newfs /dev/ada1s1a
&prompt.root; mount /dev/ada1s1a /mnt
&prompt.root; cd /mnt
&prompt.root; dump 0af - / | restore rf -
&prompt.root; cd var
&prompt.root; dump 0af - /var | restore rf -To split a directory from its parent, say putting
/var on its own partition when it was
not before, create both partitions, then mount the child
partition on the appropriate directory in the temporary
mount point, then move the old single partition:&prompt.root; newfs /dev/ada1s1a
&prompt.root; newfs /dev/ada1s1d
&prompt.root; mount /dev/ada1s1a /mnt
&prompt.root; mkdir /mnt/var
&prompt.root; mount /dev/ada1s1d /mnt/var
&prompt.root; cd /mnt
&prompt.root; dump 0af - / | restore rf -The &man.cpio.1; and &man.pax.1; utilities are also
available for moving user data. These are known to lose
file flag information, so use them with caution.Which partitions can safely use Soft Updates? I have
heard that Soft Updates on / can
cause problems. What about Journaled Soft Updates?Short answer: Soft Updates can usually be safely used
on all partitions.Long answer: Soft Updates has two characteristics
that may be undesirable on certain partitions. First, a
Soft Updates partition has a small chance of losing data
during a system crash. The partition will not be
corrupted as the data will simply be lost. Second, Soft
Updates can cause temporary space shortages.When using Soft Updates, the kernel can take up to
thirty seconds to write changes to the physical disk.
When a large file is deleted the file still resides on
disk until the kernel actually performs the deletion.
This can cause a very simple race condition. Suppose
one large file is deleted and another large file is
immediately created. The first large file is not yet
actually removed from the physical disk, so the disk might
not have enough room for the second large file. This will
produce an error that the partition does not have enough
space, even though a large chunk of space has just been
released. A few seconds later, the file creation works as
expected.If a system should crash after the kernel accepts a
chunk of data for writing to disk, but before that data is
actually written out, data could be lost. This risk is
extremely small, but generally manageable.These issues affect all partitions using Soft Updates.
So, what does this mean for the root partition?Vital information on the root partition changes very
rarely. If the system crashed during the thirty-second
window after such a change is made, it is possible that
data could be lost. This risk is negligible for most
applications, but be aware that it exists. If
the system cannot tolerate this much risk, do not use
Soft Updates on the root file system!/ is traditionally one of the
smallest partitions. If
/tmp is on
/, there may be intermittent
space problems. Symlinking /tmp to
/var/tmp will solve this
problem.Finally, &man.dump.8; does not work in live mode (-L)
on a filesystem, with Journaled Soft Updates
(SU+J).Can I mount other foreign file systems under
&os;?&os; supports a variety of other file systems.UFSUFS CD-ROMs can be mounted directly on &os;.
Mounting disk partitions from Digital UNIX and other
systems that support UFS may be more complex,
depending on the details of the disk partitioning
for the operating system in question.ext2/ext3&os; supports ext2fs and
ext3fs partitions. See
&man.ext2fs.5; for more information.NTFSFUSE based NTFS support is available as a port
(sysutils/fusefs-ntfs). For more
information see ntfs-3g.FAT&os; includes a read-write FAT driver. For more
information, see &man.mount.msdosfs.8;.ZFS&os; includes a port of &sun;'s ZFS driver. The
current recommendation is to use it only on
&arch.amd64; platforms with sufficient memory. For
more information, see &man.zfs.8;.&os; includes the Network File System
NFS and the &os; Ports Collection
provides several FUSE applications to support many other
file systems.How do I mount a secondary DOS partition?The secondary DOS partitions are found after
all the primary partitions. For
example, if E is the
second DOS partition on the second SCSI drive, there will
be a device file for slice 5 in
/dev. To mount it:&prompt.root; mount -t msdosfs /dev/da1s5 /dos/eIs there a cryptographic file system for &os;?Yes, &man.gbde.8; and &man.geli.8;.
See the Encrypting
Disk Partitions section of the &os;
Handbook.How do I boot &os; and &linux; using
GRUB?To boot &os; using GRUB,
add the following to either
/boot/grub/menu.lst or
/boot/grub/grub.conf, depending upon
which is used by the &linux; distribution.title &os; 9.1
root (hd0,a)
kernel /boot/loaderWhere hd0,a points to the
root partition on the first disk. To specify
the slice number, use something like this
(hd0,2,a). By default, if the
slice number is omitted, GRUB
searches the first slice
which has the a partition.How do I boot &os; and &linux; using
BootEasy?Install LILO at the start of the &linux; boot
partition instead of in the Master Boot Record. Then boot
LILO from BootEasy.This is recommended when running &windows; and &linux;
as it makes it simpler to get &linux; booting again if
&windows; is reinstalled.How do I change the boot prompt from
??? to something more
meaningful?This cannot be accomplished with the standard boot
manager without rewriting it. There are a number of other
boot managers in the sysutils
category of the Ports Collection.How do I use a new removable drive?If the drive already has a file system on it,
use a command like this:&prompt.root; mount -t msdosfs /dev/da0s1 /mntIf the drive will only be used with &os; systems,
partition it with UFS or
ZFS. This will provide long filename
support, improvement in performance, and stability. If
the drive will be used by other operating systems, a more
portable choice, such as msdosfs, is better.&prompt.root; dd if=/dev/zero of=/dev/da0 count=2
&prompt.root; gpart create -s GPT /dev/da0
&prompt.root; gpart add -t freebsd-ufs /dev/da0Finally, create a new file system:&prompt.root; newfs /dev/da0p1and mount it:&prompt.root; mount /dev/da0s1 /mntIt is a good idea to add a line to
/etc/fstab (see &man.fstab.5;) so you
can just type mount /mnt in the
future:/dev/da0p1 /mnt ufs rw,noauto 0 0Why do I get Incorrect super
block when mounting a CD?The type of device to mount must be specified. This
is described in the Handbook section on Using
Data CDs.Why do I get Device not
configured when mounting a CD?This generally means that there is no CD in the
drive, or the drive is not visible on the bus.
Refer to the Using
Data CDs section of the Handbook for a detailed
discussion of this issue.Why do all non-English characters in filenames show up
as ? on my CDs when mounted in &os;?The CD probably uses the Joliet
extension for storing information about files and
directories. This is discussed in the Handbook section on
Using
Data CD-ROMs.A CD burned under &os; cannot be read
under any other operating system. Why?This means a raw file was burned to the CD, rather
than creating an ISO 9660 file system. Take a look
at the Handbook section on Using
Data CDs.How can I create an image of a data CD?This is discussed in the Handbook section on Writing
Data to an ISO File System.
For more on working with CD-ROMs, see the Creating
CDs Section in the Storage chapter in the
Handbook.Why can I not mount an audio
CD?Trying to mount an audio CD will produce an error
like cd9660: /dev/cd0: Invalid
argument. This is because
mount only works on file systems.
Audio CDs do not have file systems; they just have data.
Instead, use a program that reads audio CDs, such as the
audio/xmcd package or port.How do I mount a multi-session
CD?By default, &man.mount.8; will attempt to mount the
last data track (session) of a CD. To
load an earlier session, use the
command line argument. Refer to
&man.mount.cd9660.8; for specific examples.How do I let ordinary users mount CD-ROMs, DVDs,
USB drives, and other removable media?As root set
the sysctl variable vfs.usermount to
1.&prompt.root; sysctl vfs.usermount=1To make this persist across reboots, add the line
vfs.usermount=1 to
/etc/sysctl.conf so that it is reset
at system boot time.Users can only mount devices they have read
permissions to. To allow users to mount a device
permissions must be set in
/etc/devfs.conf.For example, to allow users to mount the first USB
drive add:# Allow all users to mount a USB drive.
own /dev/da0 root:operator
perm /dev/da0 0666All users can now mount devices they could read onto a
directory that they own:&prompt.user; mkdir ~/my-mount-point
&prompt.user; mount -t msdosfs /dev/da0 ~/my-mount-pointUnmounting the device is simple:&prompt.user; umount ~/my-mount-pointEnabling vfs.usermount, however,
has negative security implications. A better way to
access &ms-dos; formatted media is to use the
emulators/mtools package in the Ports
Collection.The device name used in the previous examples must
be changed according to the configuration.The du and df
commands show different amounts of disk space available.
What is going on?This is due to how these commands actually work.
du goes through the directory tree,
measures how large each file is, and presents the totals.
df just asks the file system how much
space it has left. They seem to be the same thing, but a
file without a directory entry will affect
df but not
du.When a program is using a file, and the file is
deleted, the file is not really removed from the file
system until the program stops using it. The file is
immediately deleted from the directory listing, however.
As an example, consider a file large enough
to affect the output of
du and df. A
file being viewed with more can be
deleted wihout causing an error.
The entry is
removed from the directory so no other program or user can
access it. However, du shows that it
is gone as it has walked the directory tree and the
file is not listed. df shows that it
is still there, as the file system knows that
more is still using that space. Once
the more session ends,
du and df will
agree.This situation is common on web servers. Many people
set up a &os; web server and forget to rotate the log
files. The access log fills up /var.
The new administrator deletes the file, but the system
still complains that the partition is full. Stopping and
restarting the web server program would free the file,
allowing the system to release the disk space. To prevent
this from happening, set up &man.newsyslog.8;.Note that Soft Updates can delay the freeing of disk
space and it can take up to 30 seconds for the
change to be visible.How can I add more swap space?This section of
the Handbook describes how to do this.Why does &os; see my disk as smaller than the
manufacturer says it is?Disk manufacturers calculate gigabytes as a billion
bytes each, whereas &os; calculates them as
1,073,741,824 bytes each. This explains why, for
example, &os;'s boot messages will report a disk that
supposedly has 80 GB as holding
76,319 MB.Also note that &os; will (by default) reserve 8% of the
disk space.How is it possible for a partition to be more than
100% full?A portion of each UFS partition (8%, by default) is
reserved for use by the operating system and the
root user.
&man.df.1; does not count that space when calculating the
Capacity column, so it can exceed 100%.
Notice that the Blocks
column is always greater than the sum of the
Used and Avail
columns, usually by a factor of 8%.For more details, look up in
&man.tunefs.8;.ZFSWhat is the minimum amount of RAM one should have to
run ZFS?A minimum of 4GB of RAM is required for comfortable
usage, but individual workloads can vary widely.What is the ZIL and when does it get used?The ZIL (ZFS
intent log) is a write log used to implement posix write
commitment semantics across crashes. Normally writes are
bundled up into transaction groups and written to disk
when filled (Transaction Group Commit).
However syscalls like &man.fsync.2; require a commitment
that the data is written to stable storage before
returning. The ZIL is needed for writes that have been
acknowledged as written but which are not yet on disk as
part of a transaction. The transaction groups are
timestamped. In the event of a crash the last valid
timestamp is found and missing data is merged in from the
ZIL.Do I need a SSD for ZIL?By default, ZFS stores the ZIL in the pool with all
the data. If an application has a heavy write load,
storing the ZIL in a separate device that has very fast
synchronous, sequential write performance can improve
overall system performance. For other workloads, a SSD
is unlikely to make much of an improvement.What is the L2ARC?The L2ARC is a read cache stored on
a fast device such as an SSD. This
cache is not persistent across reboots. Note that RAM is
used as the first layer of cache and the L2ARC is only
needed if there is insufficient RAM.L2ARC needs space in the ARC to index it. So,
perversely, a working set that fits perfectly in the ARC
will not fit perfectly any more if a L2ARC is used because
part of the ARC is holding the L2ARC index, pushing part
of the working set into the L2ARC which is slower than
RAM.Is enabling deduplication advisable?Generally speaking, no.Deduplication takes up a significant amount of RAM and
may slow down read and write disk access times. Unless
one is storing data that is very heavily duplicated, such
as virtual machine images or user backups, it is possible
that deduplication will do more harm than good. Another
consideration is the inability to revert deduplication
status. If data is written when deduplication is enabled,
disabling dedup will not cause those blocks which were
deduplicated to be replicated until they are next
modified.Deduplication can also lead to some unexpected
situations. In particular, deleting files may become much
slower.I cannot delete or create files on my ZFS pool. How
can I fix this?This could happen because the pool is 100% full. ZFS
requires space on the disk to write transaction metadata.
To restore the pool to a usable state, truncate the file
to delete:&prompt.user; truncate -s 0 unimportant-fileFile truncation works because a new transaction is not
started, new spare blocks are created instead.On systems with additional ZFS dataset tuning, such
as deduplication, the space may not be immediately
availableDoes ZFS support TRIM for Solid State Drives?ZFS TRIM support was added to &os; 10-CURRENT
with revision r240868. ZFS TRIM
support was added to all &os;-STABLE branches in
r252162 and
r251419, respectively.ZFS TRIM is enabled by default, and can be turned off
by adding this line to
/etc/sysctl.conf:vfs.zfs.trim.enabled=0
- ZFS TRIM may not work with all configurations, such
- as a ZFS filesystem on a GELI-backed device.
+ ZFS TRIM support was added to GELI as of
+ r286444. Please see
+ &man.geli.8; and the switch.System AdministrationWhere are the system start-up configuration
files?The primary configuration file is
/etc/defaults/rc.conf which is
described in &man.rc.conf.5;. System startup scripts
such as /etc/rc and
/etc/rc.d, which are described in
&man.rc.8;, include this file. Do not edit this
file! Instead, to edit an entry in
/etc/defaults/rc.conf, copy the line
into /etc/rc.conf and change it
there.For example, if to start &man.named.8;, the
included DNS server:&prompt.root; echo 'named_enable="YES"' >> /etc/rc.confTo start up local services, place shell scripts in the
/usr/local/etc/rc.d directory. These
shell scripts should be set executable, the default file
mode is 555.How do I add a user easily?Use the &man.adduser.8; command, or the &man.pw.8;
command for more complicated situations.To remove the user, use the &man.rmuser.8; command or,
if necessary, &man.pw.8;.Why do I keep getting messages like root:
not found after editing
/etc/crontab?This is normally caused by editing the system crontab.
This is not the correct way to do things as the system
crontab has a different format to the per-user crontabs.
The system
crontab has an extra field, specifying which user to run
the command as. &man.cron.8; assumes this user is the
first word of the command to execute. Since no such
command exists, this error message is displayed.To delete the extra, incorrect crontab:&prompt.root; crontab -rWhy do I get the error, you are not in the
correct group to su root when I try to
su to root?This is a security feature. In order to
su to
root, or any
other account with superuser privileges, the user account
must be a member of the
wheel group.
If this feature were not there, anybody with an
account on a system who also found out root's password would be
able to gain superuser level access to the system.To allow someone to su to
root, put
them in the wheel group using
pw:&prompt.root; pw groupmod wheel -m lisaThe above example will add user lisa to the group
wheel.I made a mistake in rc.conf, or
another startup file, and now I cannot edit it because the
file system is read-only. What should I do?Restart the system using boot
-s at the loader prompt to enter single-user
mode. When prompted for a shell pathname, press
Enter and run mount -urw
/ to re-mount the root file system in
read/write mode. You may also need to run mount
-a -t ufs to mount the file system where your
favorite editor is defined. If that editor is on a
network file system, either configure the network manually
before mounting the network file systems, or use an editor
which resides on a local file system, such as
&man.ed.1;.In order to use a full screen editor such as
&man.vi.1; or &man.emacs.1;, run
export TERM=xterm
so that these editors can load the correct data from the
&man.termcap.5; database.After performing these steps, edit
/etc/rc.conf to
fix the syntax error. The error message displayed
immediately after the kernel boot messages should indicate
the number of the line in the file which is at
fault.Why am I having trouble setting up my printer?See the Handbook
entry on printing for troubleshooting
tips.How can I correct the keyboard mappings for my
system?Refer to the Handbook section on using
localization, specifically the section on console
setup.Why can I not get user quotas to work properly?It is possible that the kernel is not configured
to use quotas. In this case,
add the following line to the kernel configuration
file and recompile the kernel:options QUOTARefer to the Handbook
entry on quotas for full details.Do not turn on quotas on
/.Put the quota file on the file system that the
quotas are to be enforced on:File SystemQuota file/usr/usr/admin/quotas/home/home/admin/quotas……Does &os; support System V IPC primitives?Yes, &os; supports System V-style IPC, including
shared memory, messages and semaphores, in the
GENERIC kernel. With a custom
kernel, support may be loaded with the
sysvshm.ko,
sysvsem.ko and
sysvmsg.ko kernel modules, or
enabled in the custom kernel by adding the following lines
to the kernel configuration file:options SYSVSHM # enable shared memory
options SYSVSEM # enable for semaphores
options SYSVMSG # enable for messagingRecompile and install the kernel.What other mail-server software can I use instead of
Sendmail?The Sendmail
server is the default mail-server software for &os;, but
it can be replaced with another
MTA installed from the Ports Collection. Available ports
include mail/exim,
mail/postfix, and
mail/qmail. Search the mailing lists
for discussions regarding the advantages and disadvantages
of the available MTAs.I have forgotten the root password! What do I
do?Do not panic! Restart the system, type
boot -s at the
Boot: prompt to enter single-user mode.
At the question about the shell to use, hit
Enter which will display a
&prompt.root; prompt. Enter mount
-urw / to remount the root file system
read/write, then run mount -a to
remount all the file systems. Run passwd
root to change the root password then run
&man.exit.1; to continue booting.If you are still prompted to give the root password when
entering the single-user mode, it means that the console
has been marked as insecure in
/etc/ttys. In this case, it will
be required to boot from a &os; installation disk,
choose the Live CD or
Shell at the beginning of the
install process and issue the commands mentioned above.
Mount the specific partition in this
case and then chroot to it. For example, replace
mount -urw / with
mount /dev/ada0p1 /mnt; chroot /mnt
for a system on
ada0p1.If the root partition cannot be mounted from
single-user mode, it is possible that the partitions are
encrypted and it is impossible to mount them without the
access keys. For more information see the section
about encrypted disks in the &os; Handbook.How do I keep ControlAltDelete
from rebooting the system?When using &man.vt.4;, the default console
driver, this can be done by setting the following
&man.sysctl.8;:&prompt.root; sysctl kern.vt.kbd_reboot=0How do I reformat DOS text files to &unix;
ones?Use this &man.perl.1; command:&prompt.user; perl -i.bak -npe 's/\r\n/\n/g' file(s)where file(s) is one or
more files to process. The modification is done in-place,
with the original file stored with a
.bak extension.Alternatively, use &man.tr.1;:&prompt.user; tr -d '\r' < dos-text-file > unix-filedos-text-file is the file
containing DOS text while
unix-file will contain the
converted output. This can be quite a bit faster than
using perl.Yet another way to reformat DOS text files is to use
the converters/dosunix port from the
Ports Collection. Consult its documentation about the
details.How do I re-read /etc/rc.conf and
re-start /etc/rc without a
reboot?Go into single-user mode and then back to multi-user
mode:&prompt.root; shutdown now
&prompt.root; return
&prompt.root; exitI tried to update my system to the latest
-STABLE, but got
-BETAx,
-RC or
-PRERELEASE! What is going
on?Short answer: it is just a name.
RC stands for Release
Candidate. It signifies that a release is
imminent. In &os;, -PRERELEASE is
typically synonymous with the code freeze before a
release. (For some releases, the
-BETA label was used in the same way
as -PRERELEASE.)Long answer: &os; derives its releases from one of two
places. Major, dot-zero, releases, such as 9.0-RELEASE
are branched from the head of the development stream,
commonly referred to as -CURRENT. Minor releases, such
as 6.3-RELEASE or 5.2-RELEASE, have been snapshots of the
active -STABLE branch.
Starting with 4.3-RELEASE, each release also now has its
own branch which can be tracked by people requiring an
extremely conservative rate of development (typically only
security advisories).When a release is about to be made, the branch from
which it will be derived from has to undergo a certain
process. Part of this process is a code freeze. When a
code freeze is initiated, the name of the branch is
changed to reflect that it is about to become a release.
For example, if the branch used to be called 6.2-STABLE,
its name will be changed to 6.3-PRERELEASE to signify the
code freeze and signify that extra pre-release testing
should be happening. Bug fixes can still be committed to
be part of the release. When the source code is in shape
for the release the name will be changed to 6.3-RC to
signify that a release is about to be made from it. Once
in the RC stage, only the most critical bugs found can be
fixed. Once the release (6.3-RELEASE in this example) and
release branch have been made, the branch will be renamed
to 6.3-STABLE.For more information on version numbers and the
various Subversion branches, refer to the Release
Engineering article.I tried to install a new kernel, and the
&man.chflags.1; failed. How do I get around this?Short answer: the security level is
greater than 0. Reboot directly to single-user mode to
install the kernel.Long answer: &os; disallows changing system flags at
security levels greater than 0. To check the current
security level:&prompt.root; sysctl kern.securelevelThe security level cannot be lowered in multi-user
mode, so boot to single-user mode to install the kernel,
or change the security level in
/etc/rc.conf then reboot. See the
&man.init.8; manual page for details on
securelevel, and see
/etc/defaults/rc.conf and the
&man.rc.conf.5; manual page for more information on
rc.conf.I cannot change the time on my system by more than one
second! How do I get around this?Short answer: the system is at a security level
greater than 1. Reboot directly to single-user mode to
change the date.Long answer: &os; disallows changing the time by more
that one second at security levels greater than 1. To
check the security level:&prompt.root; sysctl kern.securelevelThe security level cannot be lowered in multi-user
mode. Either boot to single-user mode to change the date
or change the security level in
/etc/rc.conf and reboot. See the
&man.init.8; manual page for details on
securelevel, and see
/etc/defaults/rc.conf and the
&man.rc.conf.5; manual page for more information on
rc.conf.Why is rpc.statd using 256 MB
of memory?No, there is no memory leak, and it is not using
256 MB of memory. For convenience,
rpc.statd maps an obscene amount of
memory into its address space. There is nothing terribly
wrong with this from a technical standpoint; it just
throws off things like &man.top.1; and &man.ps.1;.&man.rpc.statd.8; maps its status file (resident on
/var) into its address space; to save
worrying about remapping the status file later when it
needs to grow, it maps the status file with a generous
size. This is very evident from the source code, where
one can see that the length argument to &man.mmap.2; is
0x10000000, or one sixteenth of the
address space on an IA32, or exactly 256 MB.Why can I not unset the schg file
flag?The system is running at securelevel greater than 0.
Lower the securelevel and try again. For more
information, see the
FAQ entry on securelevel and
the &man.init.8; manual page.What is vnlru?vnlru flushes and frees vnodes when
the system hits the kern.maxvnodes
limit. This kernel thread sits mostly idle, and only
activates when there is a huge amount of RAM and users are
accessing tens of thousands of tiny files.What do the various memory states displayed by
top mean?Active: pages recently
statistically used.Inactive: pages recently
statistically unused.Cache: (most often) pages that
have percolated from inactive to a status where they
maintain their data, but can often be immediately
reused (either with their old association, or reused
with a new association). There can be certain
immediate transitions from active
to cache state if the page is known
to be clean (unmodified), but that transition is a
matter of policy, depending upon the algorithm choice
of the VM system maintainer.Free: pages without data
content, and can be immediately used in certain
circumstances where cache pages might be ineligible.
Free pages can be reused at interrupt or process
state.Wired: pages that are fixed
into memory, usually for kernel purposes, but also
sometimes for special use in processes.Pages are most often written to disk (sort of a VM
sync) when they are in the inactive state, but active
pages can also be synced. This depends upon the CPU
tracking of the modified bit being available, and in
certain situations there can be an advantage for a block
of VM pages to be synced, whether they are active or
inactive. In most common cases, it is best to think of
the inactive queue to be a queue of relatively unused
pages that might or might not be in the process of being
written to disk. Cached pages are already synced, not
mapped, but available for immediate process use with their
old association or with a new association. Free pages are
available at interrupt level, but cached or free pages can
be used at process state for reuse. Cache pages are not
adequately locked to be available at interrupt
level.There are some other flags (e.g., busy flag or busy
count) that might modify some of the described
rules.How much free memory is available?There are a couple of kinds of free
memory. One kind is the amount of memory
immediately available without paging anything else out.
That is approximately the size of cache queue + size of
free queue (with a derating factor, depending upon system
tuning). Another kind of free memory is
the total amount of VM space. That can
be complex, but is dependent upon the amount of swap space
and memory. Other kinds of free memory
descriptions are also possible, but it is relatively
useless to define these, but rather it is important to
make sure that the paging rate is kept low, and to avoid
running out of swap space.What is /var/empty?/var/empty is a directory that
the &man.sshd.8; program uses when performing privilege
separation. The /var/empty
directory is empty, owned by root and has the
schg flag set. This directory should
not be deleted.I just changed
/etc/newsyslog.conf. How can I check
if it does what I expect?To see what &man.newsyslog.8; will do, use the
following:&prompt.user; newsyslog -nrvvMy time is wrong, how can I change the
timezone?Use &man.tzsetup.8;.The X Window System and Virtual ConsolesWhat is the X Window System?The X Window System (commonly X11)
is the most widely available windowing system capable of
running on &unix; or &unix; like systems, including
&os;. The X.Org
Foundation administers the X
protocol standards, with the current reference
implementation, version 11 release &xorg.version;, so
references are often shortened to
X11.Many implementations are available for different
architectures and operating systems. An implementation of
the server-side code is properly known as an X
server.I want to run &xorg;, how do I go about it?To install &xorg; do one of the following:Use the x11/xorg
meta-port, which builds and installs every &xorg;
component.Use x11/xorg-minimal, which builds
and installs only the necessary &xorg; components.Install &xorg; from &os; packages:&prompt.root; pkg install xorgAfter the installation of &xorg;, follow the
instructions from the X11
Configuration section of the &os;
Handbook.I tried to run X, but I get a
No devices detected. error when I
type startx. What do I do now?The system is probably running at a raised
securelevel. It is not possible to
start X at a raised securelevel because
X requires write access to &man.io.4;. For more
information, see at the &man.init.8; manual page.There are two solutions to the problem: set the
securelevel back down to zero or run
&man.xdm.1; (or an alternative display manager) at boot
time before the securelevel is
raised.See for more information
about running &man.xdm.1; at boot time.Why does my mouse not work with X?When using &man.vt.4;, the default console
driver, &os; can be configured to support a mouse pointer
on each virtual screen. To avoid conflicting with X,
&man.vt.4; supports a virtual device called
/dev/sysmouse. All mouse events
received from the real mouse device are written to the
&man.sysmouse.4; device via &man.moused.8;. To use the
mouse on one or more virtual consoles,
and use X, see and set up
&man.moused.8;.Then edit /etc/X11/xorg.conf and
make sure the following lines exist:Section "InputDevice"
Option "Protocol" "SysMouse"
Option "Device" "/dev/sysmouse"
.....Starting with &xorg; version 7.4, the
InputDevice sections in
xorg.conf are ignored in favor of
autodetected devices. To restore the old behavior, add
the following line to the ServerLayout
or ServerFlags section:Option "AutoAddDevices" "false"Some people prefer to use
/dev/mouse under X. To make this
work, /dev/mouse should be linked
to /dev/sysmouse (see
&man.sysmouse.4;) by adding the following line to
/etc/devfs.conf (see
&man.devfs.conf.5;):link sysmouse mouseThis link can be created by restarting &man.devfs.5;
with the following command (as root):&prompt.root; service devfs restartMy mouse has a fancy wheel. Can I use it in X?Yes, if X is configured for a 5 button mouse. To
do this, add the lines Buttons 5
and ZAxisMapping 4 5 to the
InputDevice section of
/etc/X11/xorg.conf, as seen in this
example:Section "InputDevice"
Identifier "Mouse1"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/sysmouse"
Option "Buttons" "5"
Option "ZAxisMapping" "4 5"
EndSectionThe mouse can be enabled in
Emacsby adding these
lines to ~/.emacs:;; wheel mouse
(global-set-key [mouse-4] 'scroll-down)
(global-set-key [mouse-5] 'scroll-up)My laptop has a Synaptics touchpad. Can I use it in
X?Yes, after configuring a few things to make
it work.In order to use the Xorg synaptics driver,
first remove moused_enable from
rc.conf.To enable synaptics, add the following line to
/boot/loader.conf:hw.psm.synaptics_support="1"Add the following to
/etc/X11/xorg.conf:Section "InputDevice"
Identifier "Touchpad0"
Driver "synaptics"
Option "Protocol" "psm"
Option "Device" "/dev/psm0"
EndSectionAnd be sure to add the following into the
ServerLayout section:InputDevice "Touchpad0" "SendCoreEvents"How do I use remote X displays?For security reasons, the default setting is to not
allow a machine to remotely open a window.To enable this feature, start
X with the optional
argument:&prompt.user; startx -listen_tcpWhat is a virtual console and how do I make
more?Virtual consoles provide
several simultaneous sessions on the same machine without
doing anything complicated like setting up a network or
running X.When the system starts, it will display a login prompt
on the monitor after displaying all the boot messages.
Type in your login name and password to
start working on the first virtual
console.To start another
session, perhaps to look at documentation for a program
or to read mail while waiting for an
FTP transfer to finish,
hold down Alt and press
F2. This will display the login prompt
for the second virtual
console. To go back to the
original session, press AltF1.The default &os; installation has eight virtual
consoles enabled. AltF1,
AltF2,
AltF3,
and so on will switch between these virtual
consoles.To enable more of virtual consoles, edit
/etc/ttys (see &man.ttys.5;) and add
entries for ttyv8 to
ttyvc, after the comment on
Virtual terminals:# Edit the existing entry for ttyv8 in /etc/ttys and change
# "off" to "on".
ttyv8 "/usr/libexec/getty Pc" xterm on secure
ttyv9 "/usr/libexec/getty Pc" xterm on secure
ttyva "/usr/libexec/getty Pc" xterm on secure
ttyvb "/usr/libexec/getty Pc" xterm on secureThe more virtual
terminals, the more resources that are used. This can be
problematic on systems with 8 MB RAM or less.
Consider changing secure to
insecure.In order to run an X server, at least one virtual
terminal must be left to off for it
to use. This means that only eleven of the Alt-function
keys can be used as virtual consoles so that one is left
for the X server.For example, to run X and eleven virtual consoles, the
setting for virtual terminal 12 should be:ttyvb "/usr/libexec/getty Pc" xterm off secureThe easiest way to activate the
virtual consoles is to reboot.How do I access the virtual consoles from X?Use CtrlAltFn
to switch back to a virtual console. Press CtrlAltF1
to return to the first virtual console.Once at a text console, use
AltFn
to move between them.To return to the X session, switch to the
virtual console running X. If X was started from the
command line using startx,
the X session will attach to the next unused virtual
console, not the text console from which it was invoked.
For eight active virtual terminals, X will
run on the ninth, so use AltF9.How do I start XDM on
boot?There are two schools of thought on how to start
&man.xdm.1;. One school starts xdm
from /etc/ttys (see &man.ttys.5;)
using the supplied example, while the other runs
xdm from
rc.local (see &man.rc.8;) or from an
X script in
/usr/local/etc/rc.d. Both are
equally valid, and one may work in situations where the
other does not. In both cases the result is the same: X
will pop up a graphical login prompt.The &man.ttys.5; method has the advantage of
documenting which vty X will start on and passing the
responsibility of restarting the X server on logout to
&man.init.8;. The &man.rc.8; method makes it easy to
killxdm if there is
a problem starting the X server.If loaded from &man.rc.8;, xdm
should be started without any arguments.
xdm must start
after &man.getty.8; runs, or else
getty and xdm will
conflict, locking out the console. The best way around
this is to have the script sleep 10 seconds or so then
launch xdm.When starting xdm from
/etc/ttys, there still is a chance of
conflict between xdm and &man.getty.8;.
One way to avoid this is to add the vt
number in
/usr/local/lib/X11/xdm/Xservers::0 local /usr/local/bin/X vt4The above example will direct the X server to run in
/dev/ttyv3. Note the number is
offset by one. The X server counts the vty from one,
whereas the &os; kernel numbers the vty from zero.Why do I get Couldn't open
console when I run
xconsole?When X is started with
startx, the permissions on
/dev/console will
not get changed, resulting in things
like xterm -C and
xconsole not working.This is because of the way console permissions are set
by default. On a multi-user system, one does not
necessarily want just any user to be able to write on the
system console. For users who are logging directly onto a
machine with a VTY, the &man.fbtab.5; file exists to solve
such problems.In a nutshell, make sure an uncommented line of the
form is in /etc/fbtab (see
&man.fbtab.5;):/dev/ttyv0 0600 /dev/consoleIt will ensure that whomever logs in on
/dev/ttyv0 will own the
console.Why does my PS/2 mouse misbehave under X?The mouse and the mouse driver may have become out of
synchronization. In rare cases, the driver may also
erroneously report synchronization errors:psmintr: out of sync (xxxx != yyyy)If this happens, disable the synchronization check
code by setting the driver flags for the PS/2 mouse driver
to 0x100. This can be easiest achieved
by adding hint.psm.0.flags="0x100" to
/boot/loader.conf and
rebooting.How do I reverse the mouse buttons?Type
xmodmap -e "pointer = 3 2 1". Add this
command to ~/.xinitrc or
~/.xsession to make it happen
automatically.How do I install a splash screen and where do I find
them?The detailed answer for this question can be found in
the Boot
Time Splash Screens section of the &os;
Handbook.Can I use the Windows keys on my
keyboard in X?Yes. Use &man.xmodmap.1; to
define which functions the keys should perform.Assuming all Windows keyboards are
standard, the keycodes for these three keys are the
following:115 —
Windows key, between the left-hand
Ctrl and Alt
keys116 —
Windows key, to the right of
AltGr117 —
Menu, to the left of the right-hand
CtrlTo have the left Windows key print a
comma, try this.&prompt.root; xmodmap -e "keycode 115 = comma"To have the Windows key-mappings
enabled automatically every time X is started, either put
the xmodmap commands in
~/.xinitrc or, preferably, create
a ~/.xmodmaprc and include the
xmodmap options, one per line, then add
the following line to
~/.xinitrc:xmodmap $HOME/.xmodmaprcFor example, to map the 3 keys to be
F13, F14, and
F15, respectively. This would make it
easy to map them to useful functions within applications
or the window manager.To do this, put the following in
~/.xmodmaprc.keycode 115 = F13
keycode 116 = F14
keycode 117 = F15For the x11-wm/fvwm2 desktop
manager, one could map the keys so that
F13 iconifies or de-iconifies the
window the cursor is in, F14 brings the
window the cursor is in to the front or, if it is already
at the front, pushes it to the back, and
F15 pops up the main Workplace
menu even if the cursor is not on the
desktop, which is useful when no part of
the desktop is visible.The following entries in
~/.fvwmrc implement the
aforementioned setup:Key F13 FTIWS A Iconify
Key F14 FTIWS A RaiseLower
Key F15 A A Menu Workplace NopHow can I get 3D hardware acceleration for
&opengl;?The availability of 3D acceleration depends on the
version of &xorg; and the type of video
chip. For an nVidia chip, use
the binary drivers provided for &os; by installing one of
the following ports:The latest versions of nVidia cards are supported
by the x11/nvidia-driver
port.Older drivers are available as
x11/nvidia-driver-###nVidia provides detailed information on which
card is supported by which driver on their web site: http://www.nvidia.com/object/IO_32667.html.For Matrox G200/G400, check the
x11-drivers/xf86-video-mga
port.For ATI Rage 128 and Radeon see
&man.ati.4x;, &man.r128.4x; and &man.radeon.4x;.NetworkingWhere can I get information on diskless
booting?Diskless booting means that the &os;
box is booted over a network, and reads the necessary
files from a server instead of its hard disk. For full
details, see the
Handbook entry on diskless booting.Can a &os; box be used as a dedicated network
router?Yes. Refer to the Handbook entry on advanced
networking, specifically the section on routing
and gateways.Does &os; support NAT or Masquerading?Yes. For instructions on how to use NAT over a PPP
connection, see the Handbook
entry on PPP. To use NAT over
some other sort of network connection, look at the
natd
section of the Handbook.How can I set up Ethernet aliases?If the alias is on the same subnet as an address
already configured on the interface, add
netmask 0xffffffff to this
command:&prompt.root; ifconfig ed0 alias 192.0.2.2 netmask 0xffffffffOtherwise, specify the network address and
netmask as usual:&prompt.root; ifconfig ed0 alias 172.16.141.5 netmask 0xffffff00More information can be found in the &os; Handbook.Why can I not NFS-mount from a &linux; box?Some versions of the &linux; NFS code only accept
mount requests from a privileged port; try to issue the
following command:&prompt.root; mount -o -P linuxbox:/blah /mntWhy does mountd keep telling me it
can't change attributes and that I
have a bad exports list on my &os;
NFS server?The most frequent problem is not understanding the
correct format of /etc/exports.
Review &man.exports.5; and the NFS
entry in the Handbook, especially the section on configuring
NFS.How do I enable IP multicast support?Install the net/mrouted package
or port and add
mrouted_enable="YES" to
/etc/rc.conf start this service at
boot time.Why do I have to use the FQDN for hosts on my
site?See the answer in the &os; Handbook.Why do I get an error, Permission
denied, for all networking
operations?If the kernel is compiled with the
IPFIREWALL option, be aware
that the default policy is to deny all packets that are
not explicitly allowed.If the firewall is unintentionally misconfigured,
restore network operability by
typing the following as root:&prompt.root; ipfw add 65534 allow all from any to anyConsider setting
firewall_type="open" in
/etc/rc.conf.For further information on configuring this
firewall, see the Handbook
chapter.Why is my ipfwfwd
rule to redirect a service to another machine not
working?Possibly because network address translation (NAT) is
needed instead of just forwarding packets. A
fwd rule only forwards packets, it does not
actually change the data inside the packet. Consider this
rule:01000 fwd 10.0.0.1 from any to foo 21When a packet with a destination address of
foo arrives at the machine with
this rule, the packet is forwarded to
10.0.0.1, but it still has the
destination address of foo.
The destination address of the packet is
not changed to
10.0.0.1. Most machines would
probably drop a packet that they receive with a
destination address that is not their own. Therefore,
using a fwd rule does not often work the
way the user expects. This behavior is a feature and not
a bug.See the FAQ about
redirecting services, the &man.natd.8; manual, or
one of the several port redirecting utilities in the Ports
Collection for a correct way to do this.How can I redirect service requests from one machine
to another?FTP and other service requests can be redirected with
the sysutils/socket package or port.
Replace the entry for the service in
/etc/inetd.conf to call
socket, as seen in this example for
ftpd:ftp stream tcp nowait nobody /usr/local/bin/socket socket ftp.example.comftpwhere ftp.example.com and
ftp are the host and port to
redirect to, respectively.Where can I get a bandwidth management tool?There are three bandwidth management tools available
for &os;. &man.dummynet.4; is integrated into &os; as
part of &man.ipfw.4;. ALTQ
has been integrated into &os; as part of &man.pf.4;.
Bandwidth Manager from Emerging
Technologies is a commercial product.Why do I get /dev/bpf0: device not
configured?The running application requires the Berkeley
Packet Filter (&man.bpf.4;), but it was removed from a
custom kernel. Add this to the kernel config file and
build a new kernel:device bpf # Berkeley Packet FilterHow do I mount a disk from a &windows; machine that is
on my network, like smbmount in &linux;?Use the SMBFS toolset. It
includes a set of kernel modifications and a set of
userland programs. The programs and information are
available as &man.mount.smbfs.8; in the base
system.What are these messages about: Limiting
icmp/open port/closed port response in my
log files?This kernel message indicates that some activity is
provoking it to send a large amount of ICMP or TCP reset
(RST) responses. ICMP responses are
often generated as a result of attempted connections to
unused UDP ports. TCP resets are generated as a result of
attempted connections to unopened TCP ports. Among
others, these are the kinds of activities which may cause
these messages:Brute-force denial of service (DoS) attacks (as
opposed to single-packet attacks which exploit a
specific vulnerability).Port scans which attempt to connect to a large
number of ports (as opposed to only trying a few
well-known ports).The first number in the message indicates how many
packets the kernel would have sent if the limit was not in
place, and the second indicates the limit. This limit
is controlled using
net.inet.icmp.icmplim. This example
sets the limit to 300
packets per second:&prompt.root; sysctl net.inet.icmp.icmplim=300To disable these messages
without disabling response
limiting, use
net.inet.icmp.icmplim_output
to disable the output:&prompt.root; sysctl net.inet.icmp.icmplim_output=0Finally, to disable response limiting completely,
set net.inet.icmp.icmplim to
0. Disabling response limiting is
discouraged for the reasons listed above.What are these arp: unknown hardware
address format error messages?This means that some device on the local Ethernet is
using a MAC address in a format that &os; does not
recognize. This is probably caused by someone
experimenting with an Ethernet card somewhere else on the
network. This is most commonly seen on cable modem
networks. It is harmless, and should not affect the
performance of the &os; system.Why do I keep seeing messages like:
192.168.0.10 is on
fxp1 but got reply from 00:15:17:67:cf:82 on
rl0, and how do I disable it?Because a packet is coming from outside the network
unexpectedly. To disable them, set
net.link.ether.inet.log_arp_wrong_iface
to 0.How do I compile an IPv6 only kernel?Configure your kernel with these settings:
include GENERIC
ident GENERIC-IPV6ONLY
makeoptions MKMODULESENV+="WITHOUT_INET_SUPPORT="
nooptions INET
nodevice greSecurityWhat is a sandbox?Sandbox is a security term. It can
mean two things:A process which is placed inside a set of virtual
walls that are designed to prevent someone who breaks
into the process from being able to break into the
wider system.The process is only able to run inside the walls.
Since nothing the process does in regards to executing
code is supposed to be able to breach the walls, a
detailed audit of its code is not needed in order to
be able to say certain things about its
security.The walls might be a user ID, for example.
This is the definition used in the &man.security.7;
and &man.named.8; man pages.Take the ntalk service, for
example (see &man.inetd.8;). This service used to run
as user ID root. Now it runs as
user ID tty. The tty user is a sandbox
designed to make it more difficult for someone who has
successfully hacked into the system via
ntalk from being able to hack
beyond that user ID.A process which is placed inside a simulation of
the machine. It means that someone who is able to
break into the process may believe that he can break
into the wider machine but is, in fact, only breaking
into a simulation of that machine and not modifying
any real data.The most common way to accomplish this is to build
a simulated environment in a subdirectory and then run
the processes in that directory chrooted so that
/ for that process is this
directory, not the real / of the
system).Another common use is to mount an underlying file
system read-only and then create a file system layer
on top of it that gives a process a seemingly
writeable view into that file system. The process may
believe it is able to write to those files, but only
the process sees the effects — other processes
in the system do not, necessarily.An attempt is made to make this sort of sandbox so
transparent that the user (or hacker) does not realize
that he is sitting in it.&unix; implements two core sandboxes. One is at the
process level, and one is at the userid level.Every &unix; process is completely firewalled off from
every other &unix; process. One process cannot modify the
address space of another.A &unix; process is owned by a particular userid. If
the user ID is not the root user, it serves to
firewall the process off from processes owned by other
users. The user ID is also used to firewall off
on-disk data.What is securelevel?securelevel is a security
mechanism implemented in the kernel. When the securelevel
is positive, the kernel restricts certain tasks; not even
the superuser (root) is allowed to do
them. The securelevel mechanism limits the ability
to:Unset certain file flags, such as
schg (the system immutable
flag).Write to kernel memory via
/dev/mem and
/dev/kmem.Load kernel modules.Alter firewall rules.To check the status of the securelevel on a running
system:&prompt.root; sysctl -n kern.securelevelThe output contains the current value of the
securelevel. If it is greater than 0, at
least some of the securelevel's protections are
enabled.The securelevel of a running system cannot be lowered
as this would defeat its purpose. If a task requires that
the securelevel be non-positive, change the
kern_securelevel and
kern_securelevel_enable variables in
/etc/rc.conf and reboot.For more information on securelevel and the specific
things all the levels do, consult &man.init.8;.Securelevel is not a silver bullet; it has many
known deficiencies. More often than not, it provides a
false sense of security.One of its biggest problems is that in order for it
to be at all effective, all files used in the boot
process up until the securelevel is set must be
protected. If an attacker can get the system to execute
their code prior to the securelevel being set (which
happens quite late in the boot process since some things
the system must do at start-up cannot be done at an
elevated securelevel), its protections are invalidated.
While this task of protecting all files used in the boot
process is not technically impossible, if it is
achieved, system maintenance will become a nightmare
since one would have to take the system down, at least
to single-user mode, to modify a configuration
file.This point and others are often discussed on the
mailing lists, particularly the &a.security;.
Search the archives here
for an extensive discussion. A more fine-grained
mechanism is preferred.What is this UID 0 toor account? Have I been
compromised?Do not worry. toor is an
alternative superuser account, where toor
is root spelled backwards. It is intended to be used with
a non-standard shell so the default shell for root does not need to
change. This is important as shells which are not part of
the base distribution, but are instead installed from
ports or packages, are installed in
/usr/local/bin which, by default,
resides on a different file system. If root's shell is located in
/usr/local/bin and the
file system
containing /usr/local/bin) is not
mounted, root will not be able to
log in to fix a problem and will have to reboot into
single-user mode in order to enter the path to a
shell.Some people use toor for day-to-day
root tasks with
a non-standard shell, leaving root, with a standard
shell, for single-user mode or emergencies. By default, a
user cannot log in using toor as it does not have a
password, so log in as root and set a password
for toor before
using it to login.Serial CommunicationsThis section answers common questions about serial
communications with &os;.How do I get the boot: prompt to show on the serial
console?See this
section of the Handbook.How do I tell if &os; found my serial ports or modem
cards?As the &os; kernel boots, it will probe for the serial
ports for which the kernel is configured.
Either watch the boot messages closely
or run this command after the system is up and
running:&prompt.user; grep -E '^(sio|uart)[0-9]' < /var/run/dmesg.boot
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550AThis example shows two serial ports. The first is on
IRQ4, port address
0x3f8, and has a 16550A-type UART chip.
The second uses the same kind of chip but is on
IRQ3 and is at port address
0x2f8. Internal modem cards are
treated just like serial ports, except that they
always have a modem attached to the
port.The GENERIC kernel includes
support for two serial ports using the same IRQ and port
address settings in the above example. If these settings
are not right for the system, or if there are more modem
cards or serial ports than the kernel is
configured for, reconfigure using the instructions in
building a kernel
for more details.How do I access the serial ports on &os;? (x86-specific)The third serial port, sio2,
or COM3,
is on /dev/cuad2 for dial-out
devices, and on /dev/ttyd2 for
dial-in devices. What is the difference between these two
classes of devices?When
opening /dev/ttydX in blocking mode,
a process will wait for the corresponding
cuadX device to become inactive, and
then wait for the carrier detect line to go active. When
the cuadX device is opened, it makes
sure the serial port is not already in use by the
ttydX device. If the port is
available, it steals it from the
ttydX device. Also, the
cuadX device does not care about
carrier detect. With this scheme and an auto-answer
modem, remote users can log in and local users can still
dial out with the same modem and the system will take care
of all the conflicts.How do I enable support for a multi-port serial
card?The section on kernel configuration provides
information about configuring the kernel. For a
multi-port serial card, place an &man.sio.4; line for each
serial port on the card in the &man.device.hints.5; file.
But place the IRQ specifiers on only one of the entries.
All of the ports on the card should share one IRQ. For
consistency, use the last serial port to specify the IRQ.
Also, specify the following option in the kernel
configuration file:options COM_MULTIPORTThe following /boot/device.hints
example is for an AST 4-port serial card on
IRQ 12:hint.sio.4.at="isa"
hint.sio.4.port="0x2a0"
hint.sio.4.flags="0x701"
hint.sio.5.at="isa"
hint.sio.5.port="0x2a8"
hint.sio.5.flags="0x701"
hint.sio.6.at="isa"
hint.sio.6.port="0x2b0"
hint.sio.6.flags="0x701"
hint.sio.7.at="isa"
hint.sio.7.port="0x2b8"
hint.sio.7.flags="0x701"
hint.sio.7.irq="12"The flags indicate that the master port has minor
number 7 (0x700),
and all the ports share an IRQ
(0x001).Can I set the default serial parameters for a
port?See the Serial
Communications section in the &os;
Handbook.Why can I not run tip or
cu?The built-in &man.tip.1; and
&man.cu.1; utilities can only access the
/var/spool/lock directory via user
uucp and group
dialer.
Use the dialer group to control
who has access to the modem or remote systems by adding
user accounts to dialer.Alternatively, everyone can be configured to run
&man.tip.1; and &man.cu.1; by typing:&prompt.root; chmod 4511 /usr/bin/cu
&prompt.root; chmod 4511 /usr/bin/tipMiscellaneous Questions&os; uses a lot of swap space even when the computer
has free memory left. Why?&os; will proactively move entirely idle, unused pages
of main memory into swap in order to make more main memory
available for active use. This heavy use of swap is
balanced by using the extra free memory for
caching.Note that while &os; is proactive in this regard, it
does not arbitrarily decide to swap pages when the system
is truly idle. Thus, the system will not be all
paged out after leaving it
idle overnight.Why does top show very little free
memory even when I have very few programs running?The simple answer is that free memory is wasted
memory. Any memory that programs do not actively
allocate is used within the &os; kernel as disk cache.
The values shown by &man.top.1; labeled as
Inact and Laundry
are cached data at different
aging levels. This cached data means the system does not
have to access a slow disk again for data it has accessed
recently, thus increasing overall performance. In
general, a low value shown for Free
memory in &man.top.1; is good, provided it is not
very low.Why will chmod not change the
permissions on symlinks?Symlinks do not have permissions, and by default,
&man.chmod.1; will follow symlinks to change the
permissions on the source file, if possible. For
the file, foo with a symlink named
bar, this command
will always succeed.&prompt.user; chmod g-w barHowever, the permissions on bar
will not have changed.When changing modes of the file hierarchies rooted in
the files instead of the files themselves, use
either or together
with to make this work. See
&man.chmod.1; and &man.symlink.7; for more
information. does a
recursive &man.chmod.1;. Be
careful about specifying directories or symlinks to
directories to &man.chmod.1;. To change the
permissions of a directory referenced by a symlink, use
&man.chmod.1; without any options and follow the symlink
with a trailing slash (/). For
example, if foo is a symlink to
directory bar, to
change the permissions of foo
(actually bar), do
something like:&prompt.user; chmod 555 foo/With the trailing slash, &man.chmod.1; will follow
the symlink, foo, to change the
permissions of the directory,
bar.Can I run DOS binaries under &os;?Yes. A DOS emulation program,
emulators/doscmd, is available in the
&os; Ports Collection.If doscmd will not suffice,
emulators/pcemu
emulates an 8088 and enough BIOS services to run many DOS
text-mode applications. It requires the X Window
System.The Ports Collection also has
emulators/dosbox. The main focus of
this application is emulating old DOS games using the
local file system for files.What do I need to do to translate a &os; document into
my native language?See the Translation
FAQ in the &os; Documentation
Project Primer.Why does my email to any address at FreeBSD.org
bounce?The FreeBSD.org mail
system implements some Postfix
checks on incoming mail and rejects mail that is either
from misconfigured relays or otherwise appears likely to
be spam. Some of the specific requirements are:The IP address of the SMTP client must
"reverse-resolve" to a forward confirmed
hostname.The fully-qualified hostname given in the
SMTP conversation (either HELO or EHLO) must resolve
to the IP address of the client.Other advice to help mail reach its destination
include:Mail should be sent in plain text, and messages
sent to mailing lists should generally be no more than
200KB in length.Avoid excessive cross posting. Choose
one mailing list which seems most
relevant and send it there.If you still have trouble with email infrastructure at
FreeBSD.org,
send a note with the details to
postmaster@freebsd.org; Include a
date/time interval so that logs may be reviewed —
and note that we only keep one week's worth of mail logs.
(Be sure to specify the time zone or offset from
UTC.)Where can I find a free &os; account?While &os; does not provide open access to any of
their servers, others do provide open access &unix;
systems. The charge varies and limited services may be
available.Arbornet,
Inc, also known as M-Net,
has been providing open access to &unix; systems since
1983. Starting on an Altos running System III, the site
switched to BSD/OS in 1991. In June of 2000, the site
switched again to &os;. M-Net can be
accessed via telnet and
SSH and provides basic access
to the entire &os; software suite. However, network
access is limited to members and patrons who donate to the
system, which is run as a non-profit organization.
M-Net also provides an bulletin board
system and interactive chat.What is the cute little red guy's name?He does not have one, and is just called the
BSD daemon. If you insist upon using a name,
call him beastie. Note that
beastie is pronounced
BSD.More about the BSD daemon is available on his home
page.Can I use the BSD daemon image?Perhaps. The BSD daemon is copyrighted by Marshall
Kirk McKusick. Check his Statement
on the Use of the BSD Daemon Figure for detailed
usage terms.In summary, the image can be used in a tasteful
manner, for personal use, so long as appropriate credit
is given. Before using the logo commercially, contact
&a.mckusick.email; for permission. More details are
available on the BSD
Daemon's home page.Do you have any BSD daemon images I could use?Xfig and eps drawings are available under
/usr/share/examples/BSD_daemon/.I have seen an acronym or other term on the mailing
lists and I do not understand what it means. Where should
I look?Refer to the &os;
Glossary.Why should I care what color the bikeshed is?The really, really short answer is that you should
not. The somewhat longer answer is that just because you
are capable of building a bikeshed does not mean you
should stop others from building one just because you do
not like the color they plan to paint it. This is a
metaphor indicating that you need not argue about every
little feature just because you know enough to do so.
Some people have commented that the amount of noise
generated by a change is inversely proportional to the
complexity of the change.The longer and more complete answer is that after a
very long argument about whether &man.sleep.1; should take
fractional second arguments, &a.phk.email; posted a long
message entitled A
bike shed (any color will do) on greener
grass.... The appropriate portions of
that message are quoted below.
&a.phk.email; on &a.hackers.name;, October 2,
1999What is it about this bike shed?
Some of you have asked me.It is a long story, or rather it is an old story,
but it is quite short actually. C. Northcote Parkinson
wrote a book in the early 1960s, called
Parkinson's Law, which contains a lot of
insight into the dynamics of management.[snip a bit of commentary on the
book]In the specific example involving the bike shed, the
other vital component is an atomic power-plant, I guess
that illustrates the age of the book.Parkinson shows how you can go into the board of
directors and get approval for building a multi-million
or even billion dollar atomic power plant, but if you
want to build a bike shed you will be tangled up in
endless discussions.Parkinson explains that this is because an atomic
plant is so vast, so expensive and so complicated that
people cannot grasp it, and rather than try, they fall
back on the assumption that somebody else checked all
the details before it got this far. Richard P. Feynmann
gives a couple of interesting, and very much to the
point, examples relating to Los Alamos in his
books.A bike shed on the other hand. Anyone can build one
of those over a weekend, and still have time to watch
the game on TV. So no matter how well prepared, no
matter how reasonable you are with your proposal,
somebody will seize the chance to show that he is doing
his job, that he is paying attention, that he is
here.In Denmark we call it setting your
fingerprint. It is about personal pride and
prestige, it is about being able to point somewhere and
say There! I did
that. It is a strong trait in politicians, but
present in most people given the chance. Just think
about footsteps in wet cement.
The &os; FunniesHow cool is &os;?Q. Has anyone done any temperature testing while
running &os;? I know &linux; runs cooler than DOS, but
have never seen a mention of &os;. It seems to run really
hot.A. No, but we have done numerous taste tests on
blindfolded volunteers who have also had 250 micrograms of
LSD-25 administered beforehand. 35% of the volunteers
said that &os; tasted sort of orange, whereas &linux;
tasted like purple haze. Neither group mentioned any
significant variances in temperature. We eventually had
to throw the results of this survey out entirely anyway
when we found that too many volunteers were wandering out
of the room during the tests, thus skewing the results.
We think most of the volunteers are at Apple now, working
on their new scratch and sniff GUI. It is
a funny old business we are in!Seriously, &os; uses the HLT (halt)
instruction when the system is idle thus lowering its
energy consumption and therefore the heat it generates.
Also if you have ACPI (Advanced
Configuration and Power Interface) configured, then &os;
can also put the CPU into a low power mode.Who is scratching in my memory banks??Q. Is there anything odd that &os;
does when compiling the kernel which would cause the
memory to make a scratchy sound? When compiling (and for
a brief moment after recognizing the floppy drive upon
startup, as well), a strange scratchy sound emanates from
what appears to be the memory banks.A. Yes! You will see frequent references to
daemons in the BSD documentation, and what
most people do not know is that this refers to genuine,
non-corporeal entities that now possess your computer.
The scratchy sound coming from your memory is actually
high-pitched whispering exchanged among the daemons as
they best decide how to deal with various system
administration tasks.If the noise gets to you, a good fdisk
/mbr from DOS will get rid of them, but do not
be surprised if they react adversely and try to stop you.
In fact, if at any point during the exercise you hear the
satanic voice of Bill Gates coming from the built-in
speaker, take off running and do not ever look back!
Freed from the counterbalancing influence of the BSD
daemons, the twin demons of DOS and &windows; are often
able to re-assert total control over your machine to the
eternal damnation of your soul. Now that you know, given
a choice you would probably prefer to get used to the
scratchy noises, no?How many &os; hackers does it take to change a
lightbulb?One thousand, one hundred and sixty-nine:Twenty-three to complain to -CURRENT about the lights
being out;Four to claim that it is a configuration problem, and
that such matters really belong on -questions;Three to submit PRs about it, one of which is misfiled
under doc and consists only of it's
dark;One to commit an untested lightbulb which breaks
buildworld, then back it out five minutes later;Eight to flame the PR originators for not including
patches in their PRs;Five to complain about buildworld being broken;Thirty-one to answer that it works for them, and they
must have updated at a bad time;One to post a patch for a new lightbulb to
-hackers;One to complain that he had patches for this three
years ago, but when he sent them to -CURRENT they were
just ignored, and he has had bad experiences with the PR
system; besides, the proposed new lightbulb is
non-reflexive;Thirty-seven to scream that lightbulbs do not belong
in the base system, that committers have no right to do
things like this without consulting the Community, and
WHAT IS -CORE DOING ABOUT IT!?Two hundred to complain about the color of the bicycle
shed;Three to point out that the patch breaks
&man.style.9;;Seventeen to complain that the proposed new lightbulb
is under GPL;Five hundred and eighty-six to engage in a flame war
about the comparative advantages of the GPL, the BSD
license, the MIT license, the NPL, and the personal
hygiene of unnamed FSF founders;Seven to move various portions of the thread to -chat
and -advocacy;One to commit the suggested lightbulb, even though it
shines dimmer than the old one;Two to back it out with a furious flame of a commit
message, arguing that &os; is better off in the dark than
with a dim lightbulb;Forty-six to argue vociferously about the backing out
of the dim lightbulb and demanding a statement from
-core;Eleven to request a smaller lightbulb so it will fit
their Tamagotchi if we ever decide to port &os; to that
platform;Seventy-three to complain about the SNR on -hackers
and -chat and unsubscribe in protest;Thirteen to post unsubscribe,
How do I unsubscribe?, or Please
remove me from the list, followed by the usual
footer;One to commit a working lightbulb while everybody is
too busy flaming everybody else to notice;Thirty-one to point out that the new lightbulb would
shine 0.364% brighter if compiled with TenDRA (although it
will have to be reshaped into a cube), and that &os;
should therefore switch to TenDRA instead of GCC;One to complain that the new lightbulb lacks
fairings;Nine (including the PR originators) to ask what
is MFC?;Fifty-seven to complain about the lights being out two
weeks after the bulb has been changed.&a.nik.email; adds:I was laughing quite hard at
this.And then I thought, Hang on,
shouldn't there be '1 to document it.' in that list
somewhere?And then I was enlightened
:-)&a.tabthorpe.email; says:
None, real &os; hackers are
not afraid of the dark!Where does data written to
/dev/null go?It goes into a special data sink in the CPU where it
is converted to heat which is vented through the heatsink
/ fan assembly. This is why CPU cooling is increasingly
important; as people get used to faster processors, they
become careless with their data and more and more of it
ends up in /dev/null, overheating
their CPUs. If you delete /dev/null
(which effectively disables the CPU data sink) your CPU
may run cooler but your system will quickly become
constipated with all that excess data and start to behave
erratically. If you have a fast network connection you
can cool down your CPU by reading data out of
/dev/random and sending it off
somewhere; however you run the risk of overheating your
network connection and / or angering
your ISP, as most of the data will end up getting
converted to heat by their equipment, but they generally
have good cooling, so if you do not overdo it you should
be OK.Paul Robinson adds:There are other methods. As every good sysadmin
knows, it is part of standard practice to send data to the
screen of interesting variety to keep all the pixies that
make up your picture happy. Screen pixies (commonly
mis-typed or re-named as pixels) are
categorized by the type of hat they wear (red, green or
blue) and will hide or appear (thereby showing the color
of their hat) whenever they receive a little piece of
food. Video cards turn data into pixie-food, and then
send them to the pixies — the more expensive the
card, the better the food, so the better behaved the
pixies are. They also need constant stimulation —
this is why screen savers exist.To take your suggestions further, you could just throw
the random data to console, thereby letting the pixies
consume it. This causes no heat to be produced at all,
keeps the pixies happy and gets rid of your data quite
quickly, even if it does make things look a bit messy on
your screen.Incidentally, as an ex-admin of a large ISP who
experienced many problems attempting to maintain a stable
temperature in a server room, I would strongly discourage
people sending the data they do not want out to the
network. The fairies who do the packet switching and
routing get annoyed by it as well.My colleague sits at the computer too much, how
can I prank her?Install games/sl and
wait for her to mistype sl for
ls.Advanced TopicsHow can I learn more about &os;'s internals?See the &os;
Architecture Handbook.Additionally, much general &unix; knowledge is
directly applicable to &os;.How can I contribute to &os;? What can I do to
help?We accept all types of contributions: documentation,
code, and even art. See the article on Contributing
to &os; for specific advice on how to do
this.And thanks for the thought!What are snapshots and releases?There are currently &rel.numbranch; active/semi-active
branches in the &os; Subversion
Repository. (Earlier branches are only changed
very rarely, which is why there are only &rel.numbranch;
active branches of development):&rel2.releng; AKA
&rel2.stable;&rel.releng; AKA
&rel.stable;&rel.head.releng; AKA
-CURRENT AKA
&rel.head;HEAD is not an actual branch tag.
It is a symbolic constant for
the current, non-branched development
stream known as
-CURRENT.Right now, -CURRENT is the
&rel.head.relx; development stream; the &rel.stable;
branch, &rel.releng;, forked off from
-CURRENT in &rel.relengdate; and the
&rel2.stable; branch, &rel2.releng;, forked off from
-CURRENT in &rel2.relengdate;.How can I make the most of the data I see when my
kernel panics?Here is typical kernel panic:Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x40
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf014a7e5
stack pointer = 0x10:0xf4ed6f24
frame pointer = 0x10:0xf4ed6f28
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 80 (mount)
interrupt mask =
trap number = 12
panic: page faultThis message is not enough. While the instruction
pointer value is important, it is also configuration
dependent as it varies depending on the kernel image.
If it is a GENERIC kernel
image from one of the snapshots, it is possible for
somebody else to track down the offending function, but
for a custom kernel, only you can tell us where the fault
occurred.To proceed:Write down the instruction pointer value. Note
that the 0x8: part at the beginning
is not significant in this case: it is the
0xf0xxxxxx part that we
want.When the system reboots, do the following:&prompt.user; nm -n kernel.that.caused.the.panic | grep f0xxxxxxwhere f0xxxxxx is the
instruction pointer value. The odds are you will not
get an exact match since the symbols in the kernel
symbol table are for the entry points of functions and
the instruction pointer address will be somewhere
inside a function, not at the start. If you do not
get an exact match, omit the last digit from the
instruction pointer value and try again:&prompt.user; nm -n kernel.that.caused.the.panic | grep f0xxxxxIf that does not yield any results, chop off
another digit. Repeat until there is some sort of
output. The result will be a possible list of
functions which caused the panic. This is a less than
exact mechanism for tracking down the point of
failure, but it is better than nothing.However, the best way to track down the cause of a
panic is by capturing a crash dump, then using
&man.kgdb.1; to generate a stack trace on the crash
dump.In any case, the method is this:Make sure that the following line is included in
the kernel configuration file:makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbolsChange to the /usr/src
directory:&prompt.root; cd /usr/srcCompile the kernel:&prompt.root; make buildkernel KERNCONF=MYKERNELWait for &man.make.1; to finish compiling.&prompt.root; make installkernel KERNCONF=MYKERNELReboot.If KERNCONF is not included,
the GENERIC kernel will instead
be built and installed.The &man.make.1; process will have built two kernels.
/usr/obj/usr/src/sys/MYKERNEL/kernel
and
/usr/obj/usr/src/sys/MYKERNEL/kernel.debug.
kernel was installed as
/boot/kernel/kernel, while
kernel.debug can be used as the
source of debugging symbols for &man.kgdb.1;.To capture a crash dump, edit
/etc/rc.conf and set
dumpdev to point to either the swap
partition or AUTO. This will cause the
&man.rc.8; scripts to use the &man.dumpon.8; command to
enable crash dumps. This command can also be run
manually. After a panic, the crash dump can be recovered
using &man.savecore.8;; if dumpdev is
set in /etc/rc.conf, the &man.rc.8;
scripts will run &man.savecore.8; automatically and put
the crash dump in /var/crash.&os; crash dumps are usually the same size as
physical RAM. Therefore, make sure there is enough
space in /var/crash to hold the
dump. Alternatively, run &man.savecore.8; manually
and have it recover the crash dump to another directory
with more room. It is possible to limit the
size of the crash dump by using options
MAXMEM=N where
N is the size of kernel's
memory usage in KBs. For example, for 1 GB
of RAM, limit the kernel's memory usage to
128 MB, so that the crash dump size
will be 128 MB instead of 1 GB.Once the crash dump has been recovered , get a
stack trace as follows:&prompt.user; kgdb /usr/obj/usr/src/sys/MYKERNEL/kernel.debug /var/crash/vmcore.0(kgdb)backtraceNote that there may be several screens worth of
information. Ideally, use &man.script.1; to
capture all of them. Using the unstripped kernel image
with all the debug symbols should show the exact line of
kernel source code where the panic occurred. The stack
trace is usually read from the bottom up to trace
the exact sequence of events that lead to the crash.
&man.kgdb.1; can also be used to print out the contents of
various variables or structures to examine the system
state at the time of the crash.If a second computer is available, &man.kgdb.1; can
be configured to do remote debugging, including setting
breakpoints and single-stepping through the kernel
code.If DDB is enabled and the
kernel drops into the debugger, a panic
and a crash dump can be forced by typing
panic at the ddb
prompt. It may stop in the debugger again during the
panic phase. If it does, type
continue and it will finish the crash
dump.Why has dlsym() stopped working
for ELF executables?The ELF toolchain does not, by default, make the
symbols defined in an executable visible to the dynamic
linker. Consequently dlsym()
searches on handles obtained from calls to
dlopen(NULL, flags) will fail to find
such symbols.To search, using
dlsym(), for symbols present in the
main executable of a process, link the
executable using the
option to the ELF linker (&man.ld.1;).How can I increase or reduce the kernel address space
on i386?By default, the kernel address space is 1 GB
(2 GB for PAE) for i386. When running a
network-intensive server or using
ZFS, this will probably not be
enough.Add the following line to the kernel configuration
file to increase available space and rebuild the
kernel:options KVA_PAGES=NTo find the correct value of
N, divide the desired address
space size (in megabytes) by four. (For example, it is
512 for 2 GB.)AcknowledgmentsThis innocent little Frequently Asked Questions document has
been written, rewritten, edited, folded, spindled, mutilated,
eviscerated, contemplated, discombobulated, cogitated,
regurgitated, rebuilt, castigated, and reinvigorated over the
last decade, by a cast of hundreds if not thousands.
Repeatedly.We wish to thank every one of the people responsible, and we
encourage you to join
them in making this FAQ even
better.
Index: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
===================================================================
--- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml (revision 53945)
+++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml (revision 53946)
@@ -1,3409 +1,3417 @@
&os; BasicsSynopsisThis chapter covers the basic commands and functionality of
the &os; operating system. Much of this material is relevant
for any &unix;-like operating system. New &os; users are
encouraged to read through this chapter carefully.After reading this chapter, you will know:How to use and configure virtual consoles.How to create and manage users and groups on
&os;.How &unix; file permissions and &os; file flags
work.The default &os; file system layout.The &os; disk organization.How to mount and unmount file systems.What processes, daemons, and signals are.What a shell is, and how to change the default login
environment.How to use basic text editors.What devices and device nodes are.How to read manual pages for more information.Virtual Consoles and Terminalsvirtual consolesterminalsconsoleUnless &os; has been configured to automatically start a
graphical environment during startup, the system will boot
into a command line login prompt, as seen in this
example:FreeBSD/amd64 (pc3.example.org) (ttyv0)
login:The first line contains some information about the system.
The amd64 indicates that the system in this
example is running a 64-bit version of &os;. The hostname is
pc3.example.org, and
ttyv0 indicates that this is the
system console. The second line is the login
prompt.Since &os; is a multiuser system, it needs some way to
distinguish between different users. This is accomplished by
requiring every user to log into the system before gaining
access to the programs on the system. Every user has a
unique name username and a personal
password.To log into the system console, type the username that
was configured during system installation, as described in
, and press
Enter. Then enter the password associated
with the username and press Enter. The
password is not echoed for security
reasons.Once the correct password is input, the message of the
day (MOTD) will be displayed followed
by a command prompt. Depending upon the shell that was
selected when the user was created, this prompt will be a
#, $, or
% character. The prompt indicates that
the user is now logged into the &os; system console and ready
to try the available commands.Virtual ConsolesWhile the system console can be used to interact with
the system, a user working from the command line at the
keyboard of a &os; system will typically instead log into a
virtual console. This is because system messages are
configured by default to display on the system console.
These messages will appear over the command or file that the
user is working on, making it difficult to concentrate on
the work at hand.By default, &os; is configured to provide several virtual
consoles for inputting commands. Each virtual console has
its own login prompt and shell and it is easy to switch
between virtual consoles. This essentially provides the
command line equivalent of having several windows open at the
same time in a graphical environment.The key combinations
AltF1
through
AltF8
have been reserved by &os; for switching between virtual
consoles. Use
AltF1
to switch to the system console
(ttyv0),
AltF2
to access the first virtual console
(ttyv1),
AltF3
to access the second virtual console
(ttyv2), and so on.
When using &xorg; as a graphical
console, the combination becomes CtrlAltF1 to return to a text-based virtual console.When switching from one console to the next, &os;
manages the screen output. The result is an illusion of
having multiple virtual screens and keyboards that can be used
to type commands for &os; to run. The programs that are
launched in one virtual console do not stop running when
the user switches to a different virtual console.Refer to &man.kbdcontrol.1;, &man.vidcontrol.1;,
&man.atkbd.4;, &man.syscons.4;, and &man.vt.4; for a more
technical description of the &os; console and its keyboard
drivers.In &os;, the number of available virtual consoles is
configured in this section of
/etc/ttys:# name getty type status comments
#
ttyv0 "/usr/libexec/getty Pc" xterm on secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" xterm on secure
ttyv2 "/usr/libexec/getty Pc" xterm on secure
ttyv3 "/usr/libexec/getty Pc" xterm on secure
ttyv4 "/usr/libexec/getty Pc" xterm on secure
ttyv5 "/usr/libexec/getty Pc" xterm on secure
ttyv6 "/usr/libexec/getty Pc" xterm on secure
ttyv7 "/usr/libexec/getty Pc" xterm on secure
ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secureTo disable a virtual console, put a comment symbol
(#) at the beginning of the line
representing that virtual console. For example, to reduce the
number of available virtual consoles from eight to four, put a
# in front of the last four lines
representing virtual consoles ttyv5
through ttyv8.
Do not comment out the line for the
system console ttyv0. Note that the last
virtual console (ttyv8) is used to access
the graphical environment if &xorg;
has been installed and configured as described in
.For a detailed description of every column in this file
and the available options for the virtual consoles, refer to
&man.ttys.5;.Single User ModeThe &os; boot menu provides an option labelled as
Boot Single User. If this option is selected,
the system will boot into a special mode known as
single user mode. This mode is typically used
to repair a system that will not boot or to reset the
root password when
it is not known. While in single user mode, networking and
other virtual consoles are not available. However, full
root access to the
system is available, and by default, the
root password is not
needed. For these reasons, physical access to the keyboard is
needed to boot into this mode and determining who has physical
access to the keyboard is something to consider when securing
a &os; system.The settings which control single user mode are found in
this section of /etc/ttys:# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secureBy default, the status is set to
secure. This assumes that who has physical
access to the keyboard is either not important or it is
controlled by a physical security policy. If this setting is
changed to insecure, the assumption is that
the environment itself is insecure because anyone can access
the keyboard. When this line is changed to
insecure, &os; will prompt for the
root password when a
user selects to boot into single user mode.Be careful when changing this setting to
insecure! If the
root password is
forgotten, booting into single user mode is still possible,
but may be difficult for someone who is not familiar with
the &os; booting process.Changing Console Video ModesThe &os; console default video mode may be adjusted to
1024x768, 1280x1024, or any other size supported by the
graphics chip and monitor. To use a different video mode
load the VESA module:&prompt.root; kldload vesaTo determine which video modes are supported by the
hardware, use &man.vidcontrol.1;. To get a list of supported
video modes issue the following:&prompt.root; vidcontrol -i modeThe output of this command lists the video modes that are
supported by the hardware. To select a new video mode,
specify the mode using &man.vidcontrol.1; as the
root user:&prompt.root; vidcontrol MODE_279If the new video mode is acceptable, it can be permanently
set on boot by adding it to
/etc/rc.conf:allscreens_flags="MODE_279"Users and Basic Account Management&os; allows multiple users to use the computer at the same
time. While only one user can sit in front of the screen and
use the keyboard at any one time, any number of users can log
in to the system through the network. To use the system, each
user should have their own user account.This chapter describes:The different types of user accounts on a
&os; system.How to add, remove, and modify user accounts.How to set limits to control the
resources that users and
groups are allowed to access.How to create groups and add users as members of a
group.Account TypesSince all access to the &os; system is achieved using
accounts and all processes are run by users, user and account
management is important.There are three main types of accounts: system accounts,
user accounts, and the superuser account.System AccountsaccountssystemSystem accounts are used to run services such as DNS,
mail, and web servers. The reason for this is security; if
all services ran as the superuser, they could act without
restriction.accountsdaemonaccountsoperatorExamples of system accounts are
daemon,
operator,
bind,
news, and
www.
+
+ Care must be taken when using the operator group, as
+ unintended superuser-like access privileges may be
+ granted, including but not limited to shutdown, reboot,
+ and access to all items in /dev
+ in the group.
+
+
accountsnobodynobody is the
generic unprivileged system account. However, the more
services that use
nobody, the more
files and processes that user will become associated with,
and hence the more privileged that user becomes.User AccountsaccountsuserUser accounts are assigned to real people and are used
to log in and use the system. Every person accessing the
system should have a unique user account. This allows the
administrator to find out who is doing what and prevents
users from clobbering the settings of other users.Each user can set up their own environment to
accommodate their use of the system, by configuring their
default shell, editor, key bindings, and language
settings.Every user account on a &os; system has certain
information associated with it:User nameThe user name is typed at the
login: prompt. Each user must have
a unique user name. There are a number of rules for
creating valid user names which are documented in
&man.passwd.5;. It is recommended to use user names
that consist of eight or fewer, all lower case
characters in order to maintain backwards
compatibility with applications.PasswordEach account has an associated password.User ID (UID)The User ID (UID) is a number
used to uniquely identify the user to the &os; system.
Commands that allow a user name to be specified will
first convert it to the UID. It is
recommended to use a UID less than 65535, since higher
values may cause compatibility issues with some
software.Group ID (GID)The Group ID (GID) is a number
used to uniquely identify the primary group that the
user belongs to. Groups are a mechanism for
controlling access to resources based on a user's
GID rather than their
UID. This can significantly reduce
the size of some configuration files and allows users
to be members of more than one group. It is
recommended to use a GID of 65535 or lower as higher
GIDs may break some software.Login classLogin classes are an extension to the group
mechanism that provide additional flexibility when
tailoring the system to different users. Login
classes are discussed further in
.Password change timeBy default, passwords do not expire. However,
password expiration can be enabled on a per-user
basis, forcing some or all users to change their
passwords after a certain amount of time has
elapsed.Account expiration timeBy default, &os; does not expire accounts. When
creating accounts that need a limited lifespan, such
as student accounts in a school, specify the account
expiry date using &man.pw.8;. After the expiry time
has elapsed, the account cannot be used to log in to
the system, although the account's directories and
files will remain.User's full nameThe user name uniquely identifies the account to
&os;, but does not necessarily reflect the user's real
name. Similar to a comment, this information can
contain spaces, uppercase characters, and be more
than 8 characters long.Home directoryThe home directory is the full path to a directory
on the system. This is the user's starting directory
when the user logs in. A common convention is to put
all user home directories under /home/username
or /usr/home/username.
Each user stores their personal files and
subdirectories in their own home directory.User shellThe shell provides the user's default environment
for interacting with the system. There are many
different kinds of shells and experienced users will
have their own preferences, which can be reflected in
their account settings.The Superuser Accountaccountssuperuser (root)The superuser account, usually called
root, is used to
manage the system with no limitations on privileges. For
this reason, it should not be used for day-to-day tasks like
sending and receiving mail, general exploration of the
system, or programming.The superuser, unlike other user accounts, can operate
without limits, and misuse of the superuser account may
result in spectacular disasters. User accounts are unable
to destroy the operating system by mistake, so it is
recommended to login as a user account and to only become
the superuser when a command requires extra
privilege.Always double and triple-check any commands issued as
the superuser, since an extra space or missing character can
mean irreparable data loss.There are several ways to gain superuser privilege.
While one can log in as
root, this is
highly discouraged.Instead, use &man.su.1; to become the superuser. If
- is specified when running this command,
the user will also inherit the root user's environment. The
user running this command must be in the
wheel group or
else the command will fail. The user must also know the
password for the
root user
account.In this example, the user only becomes superuser in
order to run make install as this step
requires superuser privilege. Once the command completes,
the user types exit to leave the
superuser account and return to the privilege of their user
account.Install a Program As the Superuser&prompt.user; configure
&prompt.user; make
&prompt.user; su -
Password:
&prompt.root; make install
&prompt.root; exit
&prompt.user;The built-in &man.su.1; framework works well for single
systems or small networks with just one system
administrator. An alternative is to install the
security/sudo package or port. This
software provides activity logging and allows the
administrator to configure which users can run which
commands as the superuser.Managing Accountsaccountsmodifying&os; provides a variety of different commands to manage
user accounts. The most common commands are summarized in
, followed by some
examples of their usage. See the manual page for each utility
for more details and usage examples.
Utilities for Managing User AccountsCommandSummary&man.adduser.8;The recommended command-line application for
adding new users.&man.rmuser.8;The recommended command-line application for
removing users.&man.chpass.1;A flexible tool for changing user database
information.&man.passwd.1;The command-line tool to change user
passwords.&man.pw.8;A powerful and flexible tool for modifying all
aspects of user accounts.
adduseraccountsaddingadduser/usr/share/skelskeleton directoryThe recommended program for adding new users is
&man.adduser.8;. When a new user is added, this program
automatically updates /etc/passwd and
/etc/group. It also creates a home
directory for the new user, copies in the default
configuration files from
/usr/share/skel, and can optionally
mail the new user a welcome message. This utility must be
run as the superuser.The &man.adduser.8; utility is interactive and walks
through the steps for creating a new user account. As seen
in , either input
the required information or press Return
to accept the default value shown in square brackets.
In this example, the user has been invited into the
wheel group,
allowing them to become the superuser with &man.su.1;.
When finished, the utility will prompt to either
create another user or to exit.Adding a User on &os;&prompt.root; adduser
Username: jru
Full name: J. Random User
Uid (Leave empty for default):
Login group [jru]:
Login group is jru. Invite jru into other groups? []: wheel
Login class [default]:
Shell (sh csh tcsh zsh nologin) [sh]: zsh
Home directory [/home/jru]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : jru
Password : ****
Full Name : J. Random User
Uid : 1001
Class :
Groups : jru wheel
Home : /home/jru
Shell : /usr/local/bin/zsh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (jru) to the user database.
Add another user? (yes/no): no
Goodbye!
&prompt.root;Since the password is not echoed when typed, be
careful to not mistype the password when creating the user
account.rmuserrmuseraccountsremovingTo completely remove a user from the system, run
&man.rmuser.8; as the superuser. This command performs the
following steps:Removes the user's &man.crontab.1; entry, if one
exists.Removes any &man.at.1; jobs belonging to the
user.Kills all processes owned by the user.Removes the user from the system's local password
file.Optionally removes the user's home directory, if it
is owned by the user.Removes the incoming mail files belonging to the
user from /var/mail.Removes all files owned by the user from temporary
file storage areas such as
/tmp.Finally, removes the username from all groups to
which it belongs in /etc/group. If
a group becomes empty and the group name is the same as
the username, the group is removed. This complements
the per-user unique groups created by
&man.adduser.8;.&man.rmuser.8; cannot be used to remove superuser
accounts since that is almost always an indication of
massive destruction.By default, an interactive mode is used, as shown
in the following example.rmuser Interactive Account
Removal&prompt.root; rmuser jru
Matching password entry:
jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh
Is this the entry you wish to remove? y
Remove user's home directory (/home/jru)? y
Removing user (jru): mailspool home passwd.
&prompt.root;chpasschpassAny user can use &man.chpass.1; to change their default
shell and personal information associated with their user
account. The superuser can use this utility to change
additional account information for any user.When passed no options, aside from an optional username,
&man.chpass.1; displays an editor containing user
information. When the user exits from the editor, the user
database is updated with the new information.This utility will prompt for the user's password when
exiting the editor, unless the utility is run as the
superuser.In , the
superuser has typed chpass jru and is
now viewing the fields that can be changed for this user.
If jru runs this
command instead, only the last six fields will be displayed
and available for editing. This is shown in
.Using chpass as
Superuser#Changing user database information for jru.
Login: jru
Password: *
Uid [#]: 1001
Gid [# or name]: 1001
Change [month day year]:
Expire [month day year]:
Class:
Home directory: /home/jru
Shell: /usr/local/bin/zsh
Full Name: J. Random User
Office Location:
Office Phone:
Home Phone:
Other information:Using chpass as Regular
User#Changing user database information for jru.
Shell: /usr/local/bin/zsh
Full Name: J. Random User
Office Location:
Office Phone:
Home Phone:
Other information:The commands &man.chfn.1; and &man.chsh.1; are links
to &man.chpass.1;, as are &man.ypchpass.1;,
&man.ypchfn.1;, and &man.ypchsh.1;. Since
NIS support is automatic, specifying
the yp before the command is not
necessary. How to configure NIS is covered in .passwdpasswdaccountschanging passwordAny user can easily change their password using
&man.passwd.1;. To prevent accidental or unauthorized
changes, this command will prompt for the user's original
password before a new password can be set:Changing Your Password&prompt.user; passwd
Changing local password for jru.
Old password:
New password:
Retype new password:
passwd: updating the database...
passwd: doneThe superuser can change any user's password by
specifying the username when running &man.passwd.1;. When
this utility is run as the superuser, it will not prompt for
the user's current password. This allows the password to be
changed when a user cannot remember the original
password.Changing Another User's Password as the
Superuser&prompt.root; passwd jru
Changing local password for jru.
New password:
Retype new password:
passwd: updating the database...
passwd: doneAs with &man.chpass.1;, &man.yppasswd.1; is a link to
&man.passwd.1;, so NIS works with
either command.pwpwThe &man.pw.8; utility can create, remove,
modify, and display users and groups. It functions as a
front end to the system user and group files. &man.pw.8;
has a very powerful set of command line options that make it
suitable for use in shell scripts, but new users may find it
more complicated than the other commands presented in this
section.Managing Groupsgroups/etc/groupsaccountsgroupsA group is a list of users. A group is identified by its
group name and GID. In &os;, the kernel
uses the UID of a process, and the list of
groups it belongs to, to determine what the process is allowed
to do. Most of the time, the GID of a user
or process usually means the first group in the list.The group name to GID mapping is listed
in /etc/group. This is a plain text file
with four colon-delimited fields. The first field is the
group name, the second is the encrypted password, the third
the GID, and the fourth the comma-delimited
list of members. For a more complete description of the
syntax, refer to &man.group.5;.The superuser can modify /etc/group
using a text editor. Alternatively, &man.pw.8; can be used to
add and edit groups. For example, to add a group called
teamtwo and then
confirm that it exists:Adding a Group Using &man.pw.8;&prompt.root; pw groupadd teamtwo
&prompt.root; pw groupshow teamtwo
teamtwo:*:1100:In this example, 1100 is the
GID of
teamtwo. Right
now, teamtwo has no
members. This command will add
jru as a member of
teamtwo.Adding User Accounts to a New Group Using
&man.pw.8;&prompt.root; pw groupmod teamtwo -M jru
&prompt.root; pw groupshow teamtwo
teamtwo:*:1100:jruThe argument to is a comma-delimited
list of users to be added to a new (empty) group or to replace
the members of an existing group. To the user, this group
membership is different from (and in addition to) the user's
primary group listed in the password file. This means that
the user will not show up as a member when using
with &man.pw.8;, but will show up
when the information is queried via &man.id.1; or a similar
tool. When &man.pw.8; is used to add a user to a group, it
only manipulates /etc/group and does not
attempt to read additional data from
/etc/passwd.Adding a New Member to a Group Using &man.pw.8;&prompt.root; pw groupmod teamtwo -m db
&prompt.root; pw groupshow teamtwo
teamtwo:*:1100:jru,dbIn this example, the argument to is a
comma-delimited list of users who are to be added to the
group. Unlike the previous example, these users are appended
to the group and do not replace existing users in the
group.Using &man.id.1; to Determine Group Membership&prompt.user; id jru
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)In this example,
jru is a member of
the groups jru and
teamtwo.For more information about this command and the format of
/etc/group, refer to &man.pw.8; and
&man.group.5;.PermissionsUNIXIn &os;, every file and directory has an associated set of
permissions and several utilities are available for viewing
and modifying these permissions. Understanding how permissions
work is necessary to make sure that users are able to access
the files that they need and are unable to improperly access
the files used by the operating system or owned by other
users.This section discusses the traditional &unix; permissions
used in &os;. For finer grained file system access control,
refer to .In &unix;, basic permissions are assigned using
three types of access: read, write, and execute. These access
types are used to determine file access to the file's owner,
group, and others (everyone else). The read, write, and execute
permissions can be represented as the letters
r, w, and
x. They can also be represented as binary
numbers as each permission is either on or off
(0). When represented as a number, the
order is always read as rwx, where
r has an on value of 4,
w has an on value of 2
and x has an on value of
1.Table 4.1 summarizes the possible numeric and alphabetic
possibilities. When reading the Directory
Listing column, a - is used to
represent a permission that is set to off.permissionsfile permissions
&unix; PermissionsValuePermissionDirectory Listing0No read, no write, no execute---1No read, no write, execute--x2No read, write, no execute-w-3No read, write, execute-wx4Read, no write, no executer--5Read, no write, executer-x6Read, write, no executerw-7Read, write, executerwx
&man.ls.1;directoriesUse the argument to &man.ls.1; to view a
long directory listing that includes a column of information
about a file's permissions for the owner, group, and everyone
else. For example, a ls -l in an arbitrary
directory may show:&prompt.user; ls -l
total 530
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile
-rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile
-rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txtThe first (leftmost) character in the first column indicates
whether this file is a regular file, a directory, a special
character device, a socket, or any other special pseudo-file
device. In this example, the - indicates a
regular file. The next three characters, rw-
in this example, give the permissions for the owner of the file.
The next three characters, r--, give the
permissions for the group that the file belongs to. The final
three characters, r--, give the permissions
for the rest of the world. A dash means that the permission is
turned off. In this example, the permissions are set so the
owner can read and write to the file, the group can read the
file, and the rest of the world can only read the file.
According to the table above, the permissions for this file
would be 644, where each digit represents the
three parts of the file's permission.How does the system control permissions on devices? &os;
treats most hardware devices as a file that programs can open,
read, and write data to. These special device files are
stored in /dev/.Directories are also treated as files. They have read,
write, and execute permissions. The executable bit for a
directory has a slightly different meaning than that of files.
When a directory is marked executable, it means it is possible
to change into that directory using &man.cd.1;. This also
means that it is possible to access the files within that
directory, subject to the permissions on the files
themselves.In order to perform a directory listing, the read permission
must be set on the directory. In order to delete a file that
one knows the name of, it is necessary to have write
and execute permissions to the directory
containing the file.There are more permission bits, but they are primarily used
in special circumstances such as setuid binaries and sticky
directories. For more information on file permissions and how
to set them, refer to &man.chmod.1;.Symbolic PermissionsTomRhodesContributed by permissionssymbolicSymbolic permissions use characters instead of octal
values to assign permissions to files or directories.
Symbolic permissions use the syntax of (who) (action)
(permissions), where the following values are
available:OptionLetterRepresents(who)uUser(who)gGroup owner(who)oOther(who)aAll (world)(action)+Adding permissions(action)-Removing permissions(action)=Explicitly set permissions(permissions)rRead(permissions)wWrite(permissions)xExecute(permissions)tSticky bit(permissions)sSet UID or GIDThese values are used with &man.chmod.1;, but with
letters instead of numbers. For example, the following
command would block other users from accessing
FILE:&prompt.user; chmod go= FILEA comma separated list can be provided when more than one
set of changes to a file must be made. For example, the
following command removes the group and
world write permission on
FILE, and adds the execute
permissions for everyone:&prompt.user; chmod go-w,a+x FILE&os; File FlagsTomRhodesContributed by In addition to file permissions, &os; supports the use of
file flags. These flags add an additional
level of security and control over files, but not directories.
With file flags, even
root can be
prevented from removing or altering files.File flags are modified using &man.chflags.1;. For
example, to enable the system undeletable flag on the file
file1, issue the following
command:&prompt.root; chflags sunlink file1To disable the system undeletable flag, put a
no in front of the
:&prompt.root; chflags nosunlink file1To view the flags of a file, use with
&man.ls.1;:&prompt.root; ls -lo file1-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1Several file flags may only be added or removed by the
root user. In other
cases, the file owner may set its file flags. Refer to
&man.chflags.1; and &man.chflags.2; for more
information.The setuid,
setgid, and sticky
PermissionsTomRhodesContributed by Other than the permissions already discussed, there are
three other specific settings that all administrators should
know about. They are the setuid,
setgid, and sticky
permissions.These settings are important for some &unix; operations
as they provide functionality not normally granted to normal
users. To understand them, the difference between the real
user ID and effective user ID must be noted.The real user ID is the UID who owns
or starts the process. The effective UID
is the user ID the process runs as. As an example,
&man.passwd.1; runs with the real user ID when a user changes
their password. However, in order to update the password
database, the command runs as the effective ID of the
root user. This
allows users to change their passwords without seeing a
Permission Denied error.The setuid permission may be set by prefixing a permission
set with the number four (4) as shown in the following
example:&prompt.root; chmod 4755 suidexample.shThe permissions on
suidexample.sh
now look like the following:-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.shNote that a s is now part of the
permission set designated for the file owner, replacing the
executable bit. This allows utilities which need elevated
permissions, such as &man.passwd.1;.The nosuid &man.mount.8; option will
cause such binaries to silently fail without alerting
the user. That option is not completely reliable as a
nosuid wrapper may be able to circumvent
it.To view this in real time, open two terminals. On
one, type passwd as a normal user.
While it waits for a new password, check the process
table and look at the user information for
&man.passwd.1;:In terminal A:Changing local password for trhodes
Old Password:In terminal B:&prompt.root; ps aux | grep passwdtrhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd
root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwdAlthough &man.passwd.1; is run as a normal user, it is
using the effective UID of
root.The setgid permission performs the
same function as the setuid permission;
except that it alters the group settings. When an application
or utility executes with this setting, it will be granted the
permissions based on the group that owns the file, not the
user who started the process.To set the setgid permission on a
file, provide &man.chmod.1; with a leading two (2):&prompt.root; chmod 2755 sgidexample.shIn the following listing, notice that the
s is now in the field designated for the
group permission settings:-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.shIn these examples, even though the shell script in
question is an executable file, it will not run with
a different EUID or effective user ID.
This is because shell scripts may not access the
&man.setuid.2; system calls.The setuid and
setgid permission bits may lower system
security, by allowing for elevated permissions. The third
special permission, the sticky bit, can
strengthen the security of a system.When the sticky bit is set on a
directory, it allows file deletion only by the file owner.
This is useful to prevent file deletion in public directories,
such as /tmp, by users
who do not own the file. To utilize this permission, prefix
the permission set with a one (1):&prompt.root; chmod 1777 /tmpThe sticky bit permission will display
as a t at the very end of the permission
set:&prompt.root; ls -al / | grep tmpdrwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmpDirectory Structuredirectory hierarchyThe &os; directory hierarchy is fundamental to obtaining
an overall understanding of the system. The most important
directory is root or, /. This directory is the
first one mounted at boot time and it contains the base system
necessary to prepare the operating system for multi-user
operation. The root directory also contains mount points for
other file systems that are mounted during the transition to
multi-user operation.A mount point is a directory where additional file systems
can be grafted onto a parent file system (usually the root file
system). This is further described in
. Standard mount points
include /usr/, /var/,
/tmp/, /mnt/, and
/cdrom/. These directories are usually
referenced to entries in /etc/fstab. This
file is a table of various file systems and mount points and is
read by the system. Most of the file systems in
/etc/fstab are mounted automatically at
boot time from the script &man.rc.8; unless their entry includes
. Details can be found in
.A complete description of the file system hierarchy is
available in &man.hier.7;. The following table provides a brief
overview of the most common directories.DirectoryDescription/Root directory of the file system./bin/User utilities fundamental to both single-user
and multi-user environments./boot/Programs and configuration files used during
operating system bootstrap./boot/defaults/Default boot configuration files. Refer to
&man.loader.conf.5; for details./dev/Device nodes. Refer to &man.intro.4; for
details./etc/System configuration files and scripts./etc/defaults/Default system configuration files. Refer to
&man.rc.8; for details./etc/mail/Configuration files for mail transport agents
such as &man.sendmail.8;./etc/periodic/Scripts that run daily, weekly, and monthly,
via &man.cron.8;. Refer to &man.periodic.8; for
details./etc/ppp/&man.ppp.8; configuration files./mnt/Empty directory commonly used by system
administrators as a temporary mount point./proc/Process file system. Refer to &man.procfs.5;,
&man.mount.procfs.8; for details./rescue/Statically linked programs for emergency
recovery as described in &man.rescue.8;./root/Home directory for the
root
account./sbin/System programs and administration utilities
fundamental to both single-user and multi-user
environments./tmp/Temporary files which are usually
not preserved across a system
reboot. A memory-based file system is often mounted
at /tmp. This can be automated
using the tmpmfs-related variables of &man.rc.conf.5;
or with an entry in /etc/fstab;
refer to &man.mdmfs.8; for details./usr/The majority of user utilities and
applications./usr/bin/Common utilities, programming tools, and
applications./usr/include/Standard C include files./usr/lib/Archive libraries./usr/libdata/Miscellaneous utility data files./usr/libexec/System daemons and system utilities executed
by other programs./usr/local/Local executables and libraries. Also used as
the default destination for the &os; ports framework.
Within
/usr/local, the
general layout sketched out by &man.hier.7; for
/usr should be
used. Exceptions are the man directory, which is
directly under /usr/local rather than
under /usr/local/share, and
the ports documentation is in share/doc/port./usr/obj/Architecture-specific target tree produced by
building the /usr/src
tree./usr/ports/The &os; Ports Collection (optional)./usr/sbin/System daemons and system utilities executed
by users./usr/share/Architecture-independent files./usr/src/BSD and/or local source files./var/Multi-purpose log, temporary, transient, and
spool files. A memory-based file system is sometimes
mounted at
/var. This can
be automated using the varmfs-related variables in
&man.rc.conf.5; or with an entry in
/etc/fstab; refer to
&man.mdmfs.8; for details./var/log/Miscellaneous system log files./var/mail/User mailbox files./var/spool/Miscellaneous printer and mail system spooling
directories./var/tmp/Temporary files which are usually preserved
across a system reboot, unless
/var is a
memory-based file system./var/yp/NIS maps.Disk OrganizationThe smallest unit of organization that &os; uses to find
files is the filename. Filenames are case-sensitive, which
means that readme.txt and
README.TXT are two separate files. &os;
does not use the extension of a file to determine whether the
file is a program, document, or some other form of data.Files are stored in directories. A directory may contain no
files, or it may contain many hundreds of files. A directory
can also contain other directories, allowing a hierarchy of
directories within one another in order to organize
data.Files and directories are referenced by giving the file or
directory name, followed by a forward slash,
/, followed by any other directory names that
are necessary. For example, if the directory
foo contains a directory
bar which contains the
file readme.txt, the full name, or
path, to the file is
foo/bar/readme.txt. Note that this is
different from &windows; which uses \ to
separate file and directory names. &os; does not use drive
letters, or other drive names in the path. For example, one
would not type c:\foo\bar\readme.txt on
&os;.Directories and files are stored in a file system. Each
file system contains exactly one directory at the very top
level, called the root directory for that
file system. This root directory can contain other directories.
One file system is designated the
root file system or /.
Every other file system is mounted under
the root file system. No matter how many disks are on the &os;
system, every directory appears to be part of the same
disk.Consider three file systems, called A,
B, and C. Each file
system has one root directory, which contains two other
directories, called A1, A2
(and likewise B1, B2 and
C1, C2).Call A the root file system. If
&man.ls.1; is used to view the contents of this directory,
it will show two subdirectories, A1 and
A2. The directory tree looks like
this: /
|
+--- A1
|
`--- A2A file system must be mounted on to a directory in another
file system. When mounting file system B
on to the directory A1, the root directory
of B replaces A1, and
the directories in B appear
accordingly: /
|
+--- A1
| |
| +--- B1
| |
| `--- B2
|
`--- A2Any files that are in the B1 or
B2 directories can be reached with the path
/A1/B1 or
/A1/B2 as necessary. Any
files that were in /A1
have been temporarily hidden. They will reappear if
B is unmounted from
A.If B had been mounted on
A2 then the diagram would look like
this: /
|
+--- A1
|
`--- A2
|
+--- B1
|
`--- B2and the paths would be
/A2/B1 and
/A2/B2
respectively.File systems can be mounted on top of one another.
Continuing the last example, the C file
system could be mounted on top of the B1
directory in the B file system, leading to
this arrangement: /
|
+--- A1
|
`--- A2
|
+--- B1
| |
| +--- C1
| |
| `--- C2
|
`--- B2Or C could be mounted directly on to the
A file system, under the
A1 directory: /
|
+--- A1
| |
| +--- C1
| |
| `--- C2
|
`--- A2
|
+--- B1
|
`--- B2It is entirely possible to have one large root file system,
and not need to create any others. There are some drawbacks to
this approach, and one advantage.Benefits of Multiple File SystemsDifferent file systems can have different
mount options. For example, the root
file system can be mounted read-only, making it impossible
for users to inadvertently delete or edit a critical file.
Separating user-writable file systems, such as
/home, from other
file systems allows them to be mounted
nosuid. This option prevents the
suid/guid bits
on executables stored on the file system from taking effect,
possibly improving security.&os; automatically optimizes the layout of files on a
file system, depending on how the file system is being used.
So a file system that contains many small files that are
written frequently will have a different optimization to one
that contains fewer, larger files. By having one big file
system this optimization breaks down.&os;'s file systems are robust if power is lost.
However, a power loss at a critical point could still damage
the structure of the file system. By splitting data over
multiple file systems it is more likely that the system will
still come up, making it easier to restore from backup as
necessary.Benefit of a Single File SystemFile systems are a fixed size. If you create a file
system when you install &os; and give it a specific size,
you may later discover that you need to make the partition
bigger. This is not easily accomplished without backing up,
recreating the file system with the new size, and then
restoring the backed up data.&os; features the &man.growfs.8; command, which makes
it possible to increase the size of file system on the
fly, removing this limitation.File systems are contained in partitions. This does not
have the same meaning as the common usage of the term partition
(for example, &ms-dos; partition), because of &os;'s &unix;
heritage. Each partition is identified by a letter from
a through to h. Each
partition can contain only one file system, which means that
file systems are often described by either their typical mount
point in the file system hierarchy, or the letter of the
partition they are contained in.&os; also uses disk space for
swap space to provide
virtual memory. This allows your
computer to behave as though it has much more memory than it
actually does. When &os; runs out of memory, it moves some of
the data that is not currently being used to the swap space, and
moves it back in (moving something else out) when it needs
it.Some partitions have certain conventions associated with
them.PartitionConventionaNormally contains the root file system.bNormally contains swap space.cNormally the same size as the enclosing slice.
This allows utilities that need to work on the entire
slice, such as a bad block scanner, to work on the
c partition. A file system would not
normally be created on this partition.dPartition d used to have a
special meaning associated with it, although that is now
gone and d may work as any normal
partition.Disks in &os; are divided into slices, referred to in
&windows; as partitions, which are numbered from 1 to 4. These
are then divided into partitions, which contain file systems,
and are labeled using letters.slicespartitionsdangerously dedicatedSlice numbers follow the device name, prefixed with an
s, starting at 1. So
da0s1 is the first slice on
the first SCSI drive. There can only be four physical slices on
a disk, but there can be logical slices inside physical slices
of the appropriate type. These extended slices are numbered
starting at 5, so ada0s5 is
the first extended slice on the first SATA disk. These devices
are used by file systems that expect to occupy a slice.Slices, dangerously dedicated physical
drives, and other drives contain
partitions, which are represented as
letters from a to h. This
letter is appended to the device name, so
da0a is the
a partition on the first
da drive, which is
dangerously dedicated.
ada1s3e is the fifth
partition in the third slice of the second SATA disk
drive.Finally, each disk on the system is identified. A disk name
starts with a code that indicates the type of disk, and then a
number, indicating which disk it is. Unlike slices, disk
numbering starts at 0. Common codes are listed in
.When referring to a partition, include the disk name,
s, the slice number, and then the partition
letter. Examples are shown in
. shows a
conceptual model of a disk layout.When installing &os;, configure the disk slices, create
partitions within the slice to be used for &os;, create a file
system or swap space in each partition, and decide where each
file system will be mounted.
Disk Device NamesDrive TypeDrive Device NameSATA and IDE
hard drivesada or
adSCSI hard drives and
USB storage devicesdaSATA and IDE
CD-ROM drivescd or
acdSCSI CD-ROM
drivescdFloppy drivesfdAssorted non-standard CD-ROM
drivesmcd for Mitsumi
CD-ROM and scd for
Sony CD-ROM devicesSCSI tape drivessaIDE tape drivesastRAID drivesExamples include aacd for
&adaptec; AdvancedRAID, mlxd and
mlyd for &mylex;,
amrd for AMI &megaraid;,
idad for Compaq Smart RAID,
twed for &tm.3ware; RAID.
Sample Disk, Slice, and Partition NamesNameMeaningada0s1aThe first partition (a) on the
first slice (s1) on the first
SATA
disk (ada0).da1s2eThe fifth partition (e) on the
second slice (s2) on the second
SCSI disk (da1).Conceptual Model of a DiskThis diagram shows &os;'s view of the first
SATA disk attached to the system. Assume
that the disk is 250 GB in size, and contains an
80 GB slice and a 170 GB slice (&ms-dos;
partitions). The first slice contains a &windows;
NTFS file system, C:,
and the second slice contains a &os; installation. This
example &os; installation has four data partitions and a swap
partition.The four partitions each hold a file system. Partition
a is used for the root file system,
d for /var/,
e for /tmp/, and
f for /usr/.
Partition letter c refers to the entire
slice, and so is not used for ordinary partitions.Mounting and Unmounting File SystemsThe file system is best visualized as a tree, rooted, as it
were, at /.
/dev,
/usr, and the other
directories in the root directory are branches, which may have
their own branches, such as
/usr/local, and so
on.root file systemThere are various reasons to house some of these
directories on separate file systems.
/var contains the
directories log/,
spool/, and various types
of temporary files, and as such, may get filled up. Filling up
the root file system is not a good idea, so splitting
/var from
/ is often
favorable.Another common reason to contain certain directory trees on
other file systems is if they are to be housed on separate
physical disks, or are separate virtual disks, such as Network
File System mounts, described in ,
or CDROM drives.The fstab Filefile systemsmounted with fstabDuring the boot process (), file
systems listed in /etc/fstab are
automatically mounted except for the entries containing
. This file contains entries in the
following format:device/mount-pointfstypeoptionsdumpfreqpassnodeviceAn existing device name as explained in
.mount-pointAn existing directory on which to mount the file
system.fstypeThe file system type to pass to &man.mount.8;. The
default &os; file system is
ufs.optionsEither for read-write file
systems, or for read-only file
systems, followed by any other options that may be
needed. A common option is for
file systems not normally mounted during the boot
sequence. Other options are listed in
&man.mount.8;.dumpfreqUsed by &man.dump.8; to determine which file systems
require dumping. If the field is missing, a value of
zero is assumed.passnoDetermines the order in which file systems should be
checked. File systems that should be skipped should
have their passno set to zero. The
root file system needs to be checked before everything
else and should have its passno set
to one. The other file systems should be set to
values greater than one. If more than one file system
has the same passno, &man.fsck.8;
will attempt to check file systems in parallel if
possible.Refer to &man.fstab.5; for more information on the format
of /etc/fstab and its options.Using &man.mount.8;file systemsmountingFile systems are mounted using &man.mount.8;. The most
basic syntax is as follows:&prompt.root; mount devicemountpointThis command provides many options which are described in
&man.mount.8;, The most commonly used options include:Mount OptionsMount all the file systems listed in
/etc/fstab, except those marked as
noauto, excluded by the
flag, or those that are already
mounted.Do everything except for the actual mount system
call. This option is useful in conjunction with the
flag to determine what &man.mount.8;
is actually trying to do.Force the mount of an unclean file system
(dangerous), or the revocation of write access when
downgrading a file system's mount status from read-write
to read-only.Mount the file system read-only. This is identical
to using .fstypeMount the specified file system type or mount only
file systems of the given type, if
is included. ufs is the default file
system type.Update mount options on the file system.Be verbose.Mount the file system read-write.The following options can be passed to
as a comma-separated list:nosuidDo not interpret setuid or setgid flags on the
file system. This is also a useful security
option.Using &man.umount.8;file systemsunmountingTo unmount a file system use &man.umount.8;. This command
takes one parameter which can be a mountpoint, device name,
or .All forms take to force unmounting,
and for verbosity. Be warned that
is not generally a good idea as it might
crash the computer or damage data on the file system.To unmount all mounted file systems, or just the file
system types listed after , use
or . Note that
does not attempt to unmount the root file
system.Processes and Daemons&os; is a multi-tasking operating system. Each program
running at any one time is called a
process. Every running command starts
at least one new process and there are a number of system
processes that are run by &os;.Each process is uniquely identified by a number called a
process ID (PID).
Similar to files, each process has one owner and group, and
the owner and group permissions are used to determine which
files and devices the process can open. Most processes also
have a parent process that started them. For example, the
shell is a process, and any command started in the shell is a
process which has the shell as its parent process. The
exception is a special process called &man.init.8; which is
always the first process to start at boot time and which always
has a PID of 1.Some programs are not designed to be run with continuous
user input and disconnect from the terminal at the first
opportunity. For example, a web server responds to web
requests, rather than user input. Mail servers are another
example of this type of application. These types of programs
are known as daemons. The term daemon
comes from Greek mythology and represents an entity that is
neither good nor evil, and which invisibly performs useful
tasks. This is why the BSD mascot is the cheerful-looking
daemon with sneakers and a pitchfork.There is a convention to name programs that normally run as
daemons with a trailing d. For example,
BIND is the Berkeley Internet Name
Domain, but the actual program that executes is
named. The
Apache web server program is
httpd and the line printer spooling daemon
is lpd. This is only a naming convention.
For example, the main mail daemon for the
Sendmail application is
sendmail, and not
maild.Viewing ProcessesTo see the processes running on the system, use &man.ps.1;
or &man.top.1;. To display a static list of the currently
running processes, their PIDs, how much
memory they are using, and the command they were started with,
use &man.ps.1;. To display all the running processes and
update the display every few seconds in order to interactively
see what the computer is doing, use &man.top.1;.By default, &man.ps.1; only shows the commands that are
running and owned by the user. For example:&prompt.user; ps
PID TT STAT TIME COMMAND
8203 0 Ss 0:00.59 /bin/csh
8895 0 R+ 0:00.00 psThe output from &man.ps.1; is organized into a number of
columns. The PID column displays the
process ID. PIDs are assigned starting at
1, go up to 99999, then wrap around back to the beginning.
However, a PID is not reassigned if it is
already in use. The TT column shows the
tty the program is running on and STAT
shows the program's state. TIME is the
amount of time the program has been running on the CPU. This
is usually not the elapsed time since the program was started,
as most programs spend a lot of time waiting for things to
happen before they need to spend time on the CPU. Finally,
COMMAND is the command that was used to
start the program.A number of different options are available to change the
information that is displayed. One of the most useful sets is
auxww, where displays
information about all the running processes of all users,
displays the username and memory usage of
the process' owner, displays
information about daemon processes, and
causes &man.ps.1; to display the full command line for each
process, rather than truncating it once it gets too long to
fit on the screen.The output from &man.top.1; is similar:&prompt.user; top
last pid: 9609; load averages: 0.56, 0.45, 0.36 up 0+00:20:03 10:21:46
107 processes: 2 running, 104 sleeping, 1 zombie
CPU: 6.2% user, 0.1% nice, 8.2% system, 0.4% interrupt, 85.1% idle
Mem: 541M Active, 450M Inact, 1333M Wired, 4064K Cache, 1498M Free
ARC: 992M Total, 377M MFU, 589M MRU, 250K Anon, 5280K Header, 21M Other
Swap: 2048M Total, 2048M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
557 root 1 -21 r31 136M 42296K select 0 2:20 9.96% Xorg
8198 dru 2 52 0 449M 82736K select 3 0:08 5.96% kdeinit4
8311 dru 27 30 0 1150M 187M uwait 1 1:37 0.98% firefox
431 root 1 20 0 14268K 1728K select 0 0:06 0.98% moused
9551 dru 1 21 0 16600K 2660K CPU3 3 0:01 0.98% top
2357 dru 4 37 0 718M 141M select 0 0:21 0.00% kdeinit4
8705 dru 4 35 0 480M 98M select 2 0:20 0.00% kdeinit4
8076 dru 6 20 0 552M 113M uwait 0 0:12 0.00% soffice.bin
2623 root 1 30 10 12088K 1636K select 3 0:09 0.00% powerd
2338 dru 1 20 0 440M 84532K select 1 0:06 0.00% kwin
1427 dru 5 22 0 605M 86412K select 1 0:05 0.00% kdeinit4The output is split into two sections. The header (the
first five or six lines) shows the PID of
the last process to run, the system load averages (which are a
measure of how busy the system is), the system uptime (time
since the last reboot) and the current time. The other
figures in the header relate to how many processes are
running, how much memory and swap space has been used, and how
much time the system is spending in different CPU states. If
the ZFS file system module has been loaded,
an ARC line indicates how much data was
read from the memory cache instead of from disk.Below the header is a series of columns containing similar
information to the output from &man.ps.1;, such as the
PID, username, amount of CPU time, and the
command that started the process. By default, &man.top.1;
also displays the amount of memory space taken by the process.
This is split into two columns: one for total size and one for
resident size. Total size is how much memory the application
has needed and the resident size is how much it is actually
using now.&man.top.1; automatically updates the display every two
seconds. A different interval can be specified with
.Killing ProcessesOne way to communicate with any running process or daemon
is to send a signal using &man.kill.1;.
There are a number of different signals; some have a specific
meaning while others are described in the application's
documentation. A user can only send a signal to a process
they own and sending a signal to someone else's process will
result in a permission denied error. The exception is the
root user, who can
send signals to anyone's processes.The operating system can also send a signal to a process.
If an application is badly written and tries to access memory
that it is not supposed to, &os; will send the process the
Segmentation Violation signal
(SIGSEGV). If an application has been
written to use the &man.alarm.3; system call to be alerted
after a period of time has elapsed, it will be sent the
Alarm signal
(SIGALRM).Two signals can be used to stop a process:
SIGTERM and SIGKILL.
SIGTERM is the polite way to kill a process
as the process can read the signal, close any log files it may
have open, and attempt to finish what it is doing before
shutting down. In some cases, a process may ignore
SIGTERM if it is in the middle of some task
that cannot be interrupted.SIGKILL cannot be ignored by a
process. Sending a SIGKILL to a
process will usually stop that process there and then.
There are a few tasks that cannot be
interrupted. For example, if the process is trying to
read from a file that is on another computer on the
network, and the other computer is unavailable, the
process is said to be uninterruptible.
Eventually the process will time out, typically after two
minutes. As soon as this time out occurs the process will
be killed..Other commonly used signals are SIGHUP,
SIGUSR1, and SIGUSR2.
Since these are general purpose signals, different
applications will respond differently.For example, after changing a web server's configuration
file, the web server needs to be told to re-read its
configuration. Restarting httpd would
result in a brief outage period on the web server. Instead,
send the daemon the SIGHUP signal. Be
aware that different daemons will have different behavior, so
refer to the documentation for the daemon to determine if
SIGHUP will achieve the desired
results.Sending a Signal to a ProcessThis example shows how to send a signal to
&man.inetd.8;. The &man.inetd.8; configuration file is
/etc/inetd.conf, and &man.inetd.8; will
re-read this configuration file when it is sent a
SIGHUP.Find the PID of the process to send
the signal to using &man.pgrep.1;. In this example, the
PID for &man.inetd.8; is 198:&prompt.user; pgrep -l inetd
198 inetd -wWUse &man.kill.1; to send the signal. Because
&man.inetd.8; is owned by
root, use
&man.su.1; to become
root
first.&prompt.user; suPassword:
&prompt.root; /bin/kill -s HUP 198Like most &unix; commands, &man.kill.1; will not print
any output if it is successful. If a signal is sent to a
process not owned by that user, the message
kill: PID: Operation
not permitted will be displayed. Mistyping
the PID will either send the signal to
the wrong process, which could have negative results, or
will send the signal to a PID that is
not currently in use, resulting in the error
kill: PID: No such
process.Why Use /bin/kill?Many shells provide kill as a
built in command, meaning that the shell will send the
signal directly, rather than running
/bin/kill. Be aware that different
shells have a different syntax for specifying the name
of the signal to send. Rather than try to learn all of
them, it can be simpler to specify
/bin/kill.When sending other signals, substitute
TERM or KILL with the
name of the signal.Killing a random process on the system is a bad idea.
In particular, &man.init.8;, PID 1, is
special. Running /bin/kill -s KILL 1 is
a quick, and unrecommended, way to shutdown the system.
Always double check the arguments to
&man.kill.1; before pressing
Return.Shellsshellscommand lineA shell provides a command line
interface for interacting with the operating system. A shell
receives commands from the input channel and executes them.
Many shells provide built in functions to help with everyday
tasks such as file management, file globbing, command line
editing, command macros, and environment variables. &os; comes
with several shells, including the Bourne shell (&man.sh.1;) and
the extended C shell (&man.tcsh.1;). Other shells are available
from the &os; Ports Collection, such as
zsh and bash.The shell that is used is really a matter of taste. A C
programmer might feel more comfortable with a C-like shell such
as &man.tcsh.1;. A &linux; user might prefer
bash. Each shell has unique properties that
may or may not work with a user's preferred working environment,
which is why there is a choice of which shell to use.One common shell feature is filename completion. After a
user types the first few letters of a command or filename and
presses Tab, the shell completes the rest of
the command or filename. Consider two files called
foobar and football.
To delete foobar, the user might type
rm foo and press Tab to
complete the filename.But the shell only shows rm foo. It was
unable to complete the filename because both
foobar and football
start with foo. Some shells sound a beep or
show all the choices if more than one name matches. The user
must then type more characters to identify the desired filename.
Typing a t and pressing Tab
again is enough to let the shell determine which filename is
desired and fill in the rest.environment variablesAnother feature of the shell is the use of environment
variables. Environment variables are a variable/key pair stored
in the shell's environment. This environment can be read by any
program invoked by the shell, and thus contains a lot of program
configuration. provides a list
of common environment variables and their meanings. Note that
the names of environment variables are always in
uppercase.
Common Environment VariablesVariableDescriptionUSERCurrent logged in user's name.PATHColon-separated list of directories to search for
binaries.DISPLAYNetwork name of the
&xorg;
display to connect to, if available.SHELLThe current shell.TERMThe name of the user's type of terminal. Used to
determine the capabilities of the terminal.TERMCAPDatabase entry of the terminal escape codes to
perform various terminal functions.OSTYPEType of operating system.MACHTYPEThe system's CPU architecture.EDITORThe user's preferred text editor.PAGERThe user's preferred utility for viewing text one
page at a time.MANPATHColon-separated list of directories to search for
manual pages.
Bourne shellsHow to set an environment variable differs between shells.
In &man.tcsh.1; and &man.csh.1;, use
setenv to set environment variables. In
&man.sh.1; and bash, use
export to set the current environment
variables. This example sets the default EDITOR
to /usr/local/bin/emacs for the
&man.tcsh.1; shell:&prompt.user; setenv EDITOR /usr/local/bin/emacsThe equivalent command for bash
would be:&prompt.user; export EDITOR="/usr/local/bin/emacs"To expand an environment variable in order to see its
current setting, type a $ character in front
of its name on the command line. For example,
echo $TERM displays the current
$TERM setting.Shells treat special characters, known as meta-characters,
as special representations of data. The most common
meta-character is *, which represents any
number of characters in a filename. Meta-characters can be used
to perform filename globbing. For example, echo
* is equivalent to ls because
the shell takes all the files that match *
and echo lists them on the command
line.To prevent the shell from interpreting a special character,
escape it from the shell by starting it with a backslash
(\). For example, echo
$TERM prints the terminal setting whereas
echo \$TERM literally prints the string
$TERM.Changing the ShellThe easiest way to permanently change the default shell is
to use chsh. Running this command will
open the editor that is configured in the
EDITOR environment variable, which by default
is set to &man.vi.1;. Change the Shell:
line to the full path of the new shell.Alternately, use chsh -s which will set
the specified shell without opening an editor. For example,
to change the shell to bash:&prompt.user; chsh -s /usr/local/bin/bashThe new shell must be present in
/etc/shells. If the shell was
installed from the &os; Ports Collection as described in
, it should be automatically added
to this file. If it is missing, add it using this command,
replacing the path with the path of the shell:&prompt.root; echo /usr/local/bin/bash >> /etc/shellsThen, rerun &man.chsh.1;.Advanced Shell TechniquesTomRhodesWritten by The &unix; shell is not just a command interpreter, it
acts as a powerful tool which allows users to execute
commands, redirect their output, redirect their input and
chain commands together to improve the final command output.
When this functionality is mixed with built in commands, the
user is provided with an environment that can maximize
efficiency.Shell redirection is the action of sending the output or
the input of a command into another command or into a file.
To capture the output of the &man.ls.1; command, for example,
into a file, redirect the output:&prompt.user; ls > directory_listing.txtThe directory contents will now be listed in
directory_listing.txt. Some commands can
be used to read input, such as &man.sort.1;. To sort this
listing, redirect the input:&prompt.user; sort < directory_listing.txtThe input will be sorted and placed on the screen. To
redirect that input into another file, one could redirect the
output of &man.sort.1; by mixing the direction:&prompt.user; sort < directory_listing.txt > sorted.txtIn all of the previous examples, the commands are
performing redirection using file descriptors. Every &unix;
system has file descriptors, which include standard input
(stdin), standard output (stdout), and standard error
(stderr). Each one has a purpose, where input could be a
keyboard or a mouse, something that provides input. Output
could be a screen or paper in a printer. And error would be
anything that is used for diagnostic or error messages. All
three are considered I/O based file
descriptors and sometimes considered streams.Through the use of these descriptors, the shell allows
output and input to be passed around through various commands
and redirected to or from a file. Another method of
redirection is the pipe operator.The &unix; pipe operator, | allows the
output of one command to be directly passed or directed to
another program. Basically, a pipe allows the standard
output of a command to be passed as standard input to another
command, for example:&prompt.user; cat directory_listing.txt | sort | lessIn that example, the contents of
directory_listing.txt will be sorted and
the output passed to &man.less.1;. This allows the user to
scroll through the output at their own pace and prevent it
from scrolling off the screen.Text Editorstext editorseditorsMost &os; configuration is done by editing text files.
Because of this, it is a good idea to become familiar with a
text editor. &os; comes with a few as part of the base system,
and many more are available in the Ports Collection.eeeditors&man.ee.1;A simple editor to learn is &man.ee.1;, which stands for
easy editor. To start this editor, type ee
filename where
filename is the name of the file to
be edited. Once inside the editor, all of the commands for
manipulating the editor's functions are listed at the top of the
display. The caret (^) represents
Ctrl, so ^e expands to
Ctrle. To leave &man.ee.1;, press Esc,
then choose the leave editor option from the main
menu. The editor will prompt to save any changes if the file
has been modified.vieditorsemacs&os; also comes with more powerful text editors, such as
&man.vi.1;, as part of the base system. Other editors, like
editors/emacs and
editors/vim, are part of the
&os; Ports Collection. These editors offer more functionality
at the expense of being more complicated to learn. Learning a
more powerful editor such as vim or
Emacs can save more time in the long
run.Many applications which modify files or require typed input
will automatically open a text editor. To change the default
editor, set the EDITOR environment
variable as described in .Devices and Device NodesA device is a term used mostly for hardware-related
activities in a system, including disks, printers, graphics
cards, and keyboards. When &os; boots, the majority of the boot
messages refer to devices being detected. A copy of the boot
messages are saved to
/var/run/dmesg.boot.Each device has a device name and number. For example,
ada0 is the first SATA hard drive,
while kbd0 represents the
keyboard.Most devices in &os; must be accessed through special
files called device nodes, which are located in
/dev.Manual Pagesmanual pagesThe most comprehensive documentation on &os; is in the form
of manual pages. Nearly every program on the system comes with
a short reference manual explaining the basic operation and
available arguments. These manuals can be viewed using
man:&prompt.user; man commandwhere command is the name of the
command to learn about. For example, to learn more about
&man.ls.1;, type:&prompt.user; man lsManual pages are divided into sections which represent the
type of topic. In &os;, the following sections are
available:User commands.System calls and error numbers.Functions in the C libraries.Device drivers.File formats.Games and other diversions.Miscellaneous information.System maintenance and operation commands.System kernel interfaces.In some cases, the same topic may appear in more than one
section of the online manual. For example, there is a
chmod user command and a
chmod() system call. To tell &man.man.1;
which section to display, specify the section number:&prompt.user; man 1 chmodThis will display the manual page for the user command
&man.chmod.1;. References to a particular section of the
online manual are traditionally placed in parenthesis in
written documentation, so &man.chmod.1; refers to the user
command and &man.chmod.2; refers to the system call.If the name of the manual page is unknown, use man
-k to search for keywords in the manual page
descriptions:&prompt.user; man -k mailThis command displays a list of commands that have the
keyword mail in their descriptions. This is
equivalent to using &man.apropos.1;.To read the descriptions for all of the commands in
/usr/bin, type:&prompt.user; cd /usr/bin
&prompt.user; man -f * | moreor&prompt.user; cd /usr/bin
&prompt.user; whatis * |moreGNU Info FilesFree Software Foundation&os; includes several applications and utilities produced
by the Free Software Foundation (FSF). In addition to manual
pages, these programs may include hypertext documents called
info files. These can be viewed using
&man.info.1; or, if editors/emacs is
installed, the info mode of
emacs.To use &man.info.1;, type:&prompt.user; infoFor a brief introduction, type h. For
a quick command reference, type ?.