doc-el commit 846:ee0f462c5e4f - Merge from ncvs
freebsd-doc-el at lists.hellug.gr
freebsd-doc-el at lists.hellug.gr
Sun Sep 28 17:12:00 EEST 2008
changeset: 846:ee0f462c5e4f
user: keramida
date: 2008-09-28 17:11 +0300
details: http://hg.hellug.gr/freebsd/doc-el/?cmd=changeset;node=ee0f462c5e4f
description:
Merge from ncvs
diffs (truncated from 2788 to 300 lines):
diff -r 173dbb3990cd -r ee0f462c5e4f el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml
--- a/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml Sun Sep 28 14:49:23 2008 +0300
+++ b/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml Sun Sep 28 17:11:20 2008 +0300
@@ -32,7 +32,7 @@
<holder role="mailto:manolis at FreeBSD.org">Μανώλης Κιαγιάς</holder>
</copyright>
- <releaseinfo>$FreeBSD: doc/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml,v 1.2 2008/06/14 16:53:45 keramida Exp $</releaseinfo>
+ <releaseinfo>$FreeBSD: doc/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml,v 1.3 2008/09/27 21:55:16 manolis Exp $</releaseinfo>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/Makefile
--- a/en_US.ISO8859-1/books/handbook/Makefile Sun Sep 28 14:49:23 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/Makefile Sun Sep 28 17:11:20 2008 +0300
@@ -1,5 +1,5 @@
#
-# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.109 2008/03/03 11:07:37 brd Exp $
+# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.110 2008/09/28 12:54:12 trhodes Exp $
#
# Build the FreeBSD Handbook.
#
@@ -198,6 +198,7 @@
SRCS+= audit/chapter.sgml
SRCS+= book.sgml
SRCS+= colophon.sgml
+SRCS+= dtrace/chapter.sgml
SRCS+= freebsd-glossary.sgml
SRCS+= advanced-networking/chapter.sgml
SRCS+= basics/chapter.sgml
@@ -209,6 +210,7 @@
SRCS+= disks/chapter.sgml
SRCS+= eresources/chapter.sgml
SRCS+= firewalls/chapter.sgml
+SRCS+= filesystems/chapter.sgml
SRCS+= geom/chapter.sgml
SRCS+= install/chapter.sgml
SRCS+= introduction/chapter.sgml
@@ -228,6 +230,7 @@
SRCS+= printing/chapter.sgml
SRCS+= security/chapter.sgml
SRCS+= serialcomms/chapter.sgml
+SRCS+= updating/chapter.sgml
SRCS+= users/chapter.sgml
SRCS+= vinum/chapter.sgml
SRCS+= virtualization/chapter.sgml
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/basics/chapter.sgml
--- a/en_US.ISO8859-1/books/handbook/basics/chapter.sgml Sun Sep 28 14:49:23 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/basics/chapter.sgml Sun Sep 28 17:11:20 2008 +0300
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.153 2008/03/02 22:02:36 brd Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.154 2008/09/28 11:56:09 trhodes Exp $
-->
<chapter id="basics">
@@ -652,6 +652,145 @@
may set these flags. It is recommended that administrators read
over the &man.chflags.1; and &man.chflags.2; manual pages for
more information.</para>
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>The setuid, setgid, and sticky Permissions</title>
+
+ <para>Other than the permissions already discussed, there are
+ three other specific settings that all administrators should
+ know about. They are the <literal>setuid</literal>,
+ <literal>setgid</literal> and <literal>sticky</literal>
+ permissions.</para>
+
+ <para>These settings are important for some &unix; operations
+ as they provide functionality not normally granted to normal
+ users. To understand them, the difference between the real
+ user ID and effective user ID must also be noted.</para>
+
+ <para>The real user ID is the <acronym>UID</acronym> who owns
+ or starts the process. The effective <acronym>UID</acronym>
+ is the user ID the process runs as. As an example, the
+ &man.passwd.1; utility runs with the real user ID as the
+ user changing their password; however, to manipulate the
+ password database, it runs as the effective ID of the
+ <username>root</username> user. This is what allows normal
+ users to change their passwords without seeing a
+ <errorname>Permission Denied</errorname> error.</para>
+
+ <note>
+ <para>The <literal>nosuid</literal> &man.mount.8; option will
+ cause these binaries to silently fail. That is, they will
+ fail to execute without ever alerting the user. That option
+ is also not completely reliable as a <literal>nosuid</literal>
+ wrapper may be able to circumvent it; according to the
+ &man.mount.8; manual page.</para>
+ </note>
+
+ <para>The setuid permission may be set by prefixing a permission
+ set with the number four (4) as shown in the following
+ example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen>
+
+ <para>The permissions on the
+ <filename><replaceable>suidexample.sh</replaceable></filename>
+ file should now look like the following:</para>
+
+ <programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting>
+
+ <para>It should be noticeable from this example that an
+ <literal>s</literal> is now part of the permission set
+ designated for the file owner, replacing the executable
+ bit. This allows utilities which need elevated permissions,
+ such as <command>passwd</command>.</para>
+
+ <para>To view this in real time, open two terminals. On
+ one, start the <command>passwd</command> process as a normal
+ user. While it waits for a new password, check the process
+ table and look at the user information of the
+ <command>passwd</command> command.</para>
+
+ <para>In terminal A:</para>
+
+ <screen>Changing local password for trhodes
+Old Password:</screen>
+
+ <para>In terminal B:</para>
+
+ <screen>&prompt.root; <userinput>ps aux | grep passwd</userinput></screen>
+
+ <screen>trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd
+root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
+
+ <para>As stated above, the <command>passwd</command> is run
+ by a normal user, but is using the effective
+ <acronym>UID</acronym> of <username>root</username>.</para>
+
+ <para>The <literal>setgid</literal> permission performs the
+ same function as the <literal>setuid</literal> permission;
+ except that it alters the group settings. When an application
+ or utility is ran with this setting, it will be granted the
+ permissions based on the group that owns the file, not
+ the user who started the process.</para>
+
+ <para>To set the <literal>setgid</literal> permission on a
+ file, provide the <command>chmod</command> command with a
+ leading two (2) as in the following example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 2755 suidexample.sh</userinput></screen>
+
+ <para>The new setting may be viewed as before, notice the
+ <literal>s</literal> is now in the field designated for the
+ group permission settings:<para>
+
+ <screen>-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 suidexample.sh</screen>
+
+ <note>
+ <para>In these examples, even though the shell script in
+ question is an executable file, it will not run with
+ a different <acronym>EUID</acronym> or effective user ID.
+ This is because shell scripts may not access the
+ &man.setuid.2; system calls.</para>
+ </note>
+
+ <para>The first two special permission bits we discussed
+ (the <literal>setuid</literal> and <literal>setgid</literal>
+ permission bits) may lower system security, by allowing for
+ elevated permissions. There is a third special permission bit
+ that can strengthen the security of a system: the
+ <literal>sticky bit</literal>.</para>
+
+ <para>The <literal>sticky bit</literal>, when set on a directory,
+ allows file deletion only by the file owner. This
+ permission set is useful to prevent file deletion in public
+ directories, such as
+ <filename class="directory">/tmp</filename>, by users who do
+ not own the file. To utilize this permission, prefix the
+ permission with a one (1). For example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen>
+
+ <para>Now, it is possible to see the effect by using the
+ <command>ls</command> command:</para>
+
+ <screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen>
+
+ <screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen>
+
+ <para>The <literal>sticky bit</literal> permission is
+ distinguishable from the <literal>t</literal> at the very
+ end of the set.</para>
</sect2>
</sect1>
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/book.sgml
--- a/en_US.ISO8859-1/books/handbook/book.sgml Sun Sep 28 14:49:23 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/book.sgml Sun Sep 28 17:11:20 2008 +0300
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.172 2008/01/06 13:49:29 danger Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.173 2008/09/28 12:54:12 trhodes Exp $
-->
<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
@@ -48,6 +48,9 @@
<!ENTITY % chap.freebsd-glossary "IGNORE">
<!ENTITY % chap.mac "IGNORE">
<!ENTITY % chap.audit "IGNORE">
+<!ENTITY % chap.filesystems "IGNORE">
+<!ENTITY % chap.dtrace "IGNORE">
+<!ENTITY % chap.updating "IGNORE">
<!ENTITY % pgpkeys SYSTEM "../../../share/pgpkeys/pgpkeys.ent"> %pgpkeys;
]>
@@ -270,10 +273,12 @@
<![ %chap.audit; [ &chap.audit; ]]>
<![ %chap.disks; [ &chap.disks; ]]>
<![ %chap.geom; [ &chap.geom; ]]>
+ <![ %chap.filesystems; [ &chap.filesystems; ]]>
<![ %chap.vinum; [ &chap.vinum; ]]>
<![ %chap.virtualization; [ &chap.virtualization; ]]>
<![ %chap.l10n; [ &chap.l10n; ]]>
<![ %chap.cutting-edge; [ &chap.cutting-edge; ]]>
+ <![ %chap.dtrace; [ &chap.dtrace; ]]>
</part>
<part id="network-communication">
@@ -316,6 +321,7 @@
can begin using FreeBSD in a network environment.</para>
</partintro>
+ <![ %chap.updating; [ &chap.updating; ]]>
<![ %chap.serialcomms; [ &chap.serialcomms; ]]>
<![ %chap.ppp-and-slip; [ &chap.ppp-and-slip; ]]>
<![ %chap.mail; [ &chap.mail; ]]>
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/chapters.ent
--- a/en_US.ISO8859-1/books/handbook/chapters.ent Sun Sep 28 14:49:23 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/chapters.ent Sun Sep 28 17:11:20 2008 +0300
@@ -6,7 +6,7 @@
Chapters should be listed in the order in which they are referenced.
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.37 2007/04/06 07:38:50 murray Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.38 2008/09/28 12:54:12 trhodes Exp $
-->
<!ENTITY chap.preface SYSTEM "preface/preface.sgml">
@@ -35,12 +35,15 @@
<!ENTITY chap.audit SYSTEM "audit/chapter.sgml">
<!ENTITY chap.disks SYSTEM "disks/chapter.sgml">
<!ENTITY chap.geom SYSTEM "geom/chapter.sgml">
+<!ENTITY chap.filesystems SYSTEM "filesystems/chapter.sgml">
<!ENTITY chap.vinum SYSTEM "vinum/chapter.sgml">
<!ENTITY chap.virtualization SYSTEM "virtualization/chapter.sgml">
<!ENTITY chap.l10n SYSTEM "l10n/chapter.sgml">
<!ENTITY chap.cutting-edge SYSTEM "cutting-edge/chapter.sgml">
+<!ENTITY chap.dtrace SYSTEM "dtrace/chapter.sgml">
<!-- Part four -->
+<!ENTITY chap.updating SYSTEM "updating/chapter.sgml">
<!ENTITY chap.serialcomms SYSTEM "serialcomms/chapter.sgml">
<!ENTITY chap.ppp-and-slip SYSTEM "ppp-and-slip/chapter.sgml">
<!ENTITY chap.mail SYSTEM "mail/chapter.sgml">
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/dtrace/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/en_US.ISO8859-1/books/handbook/dtrace/Makefile Sun Sep 28 17:11:20 2008 +0300
@@ -0,0 +1,15 @@
+#
+# Build the Handbook with just the content from this chapter.
+#
+# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/dtrace/Makefile,v 1.1 2008/09/28 12:03:05 trhodes Exp $
+#
+
+CHAPTERS= dtrace/chapter.sgml
+
+VPATH= ..
+
+MASTERDOC= ${.CURDIR}/../${DOC}.${DOCBOOKSUFFIX}
+
+DOC_PREFIX?= ${.CURDIR}/../../../..
+
+.include "../Makefile"
diff -r 173dbb3990cd -r ee0f462c5e4f en_US.ISO8859-1/books/handbook/dtrace/chapter.sgml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/en_US.ISO8859-1/books/handbook/dtrace/chapter.sgml Sun Sep 28 17:11:20 2008 +0300
@@ -0,0 +1,385 @@
+<!--
+Recently I suggested to myself that this should become a profiling
More information about the Freebsd-doc-el
mailing list