doc-el commit 849:182487419650 - Merge from keramida
freebsd-doc-el at lists.hellug.gr
freebsd-doc-el at lists.hellug.gr
Mon Sep 29 12:03:03 EEST 2008
changeset: 849:182487419650
user: Manolis Kiagias <sonicy at otenet.gr>
date: 2008-09-29 00:24 +0300
details: http://hg.hellug.gr/freebsd/doc-el/?cmd=changeset;node=182487419650
description:
Merge from keramida
diffs (truncated from 2809 to 300 lines):
diff -r 66b227e7d2de -r 182487419650 el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml
--- a/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml Sun Sep 28 17:57:51 2008 +0300
+++ b/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml Mon Sep 29 00:24:10 2008 +0300
@@ -32,7 +32,7 @@
<holder role="mailto:manolis at FreeBSD.org">Μανώλης Κιαγιάς</holder>
</copyright>
- <releaseinfo>$FreeBSD: doc/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml,v 1.2 2008/06/14 16:53:45 keramida Exp $</releaseinfo>
+ <releaseinfo>$FreeBSD: doc/el_GR.ISO8859-7/articles/gjournal-desktop/article.sgml,v 1.3 2008/09/27 21:55:16 manolis Exp $</releaseinfo>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
diff -r 66b227e7d2de -r 182487419650 el_GR.ISO8859-7/books/handbook/eresources/chapter.sgml
--- a/el_GR.ISO8859-7/books/handbook/eresources/chapter.sgml Sun Sep 28 17:57:51 2008 +0300
+++ b/el_GR.ISO8859-7/books/handbook/eresources/chapter.sgml Mon Sep 29 00:24:10 2008 +0300
@@ -958,7 +958,7 @@
να γράφουμε με κεφαλαία, ποιος πίνει πολύ καφέ, που φτιάχνεται η
καλύτερη μπύρα, ποιος φτιάχνει μπύρα στο υπόγειο του, και άλλα.
Περιστασιακές ανακοινώσεις σημαντικών γεγονότων (όπως
- πάρτυ, γάμοι, γεννήσεις, καινούργιες δουλείες κλπ) μπορούν να
+ πάρτυ, γάμοι, γεννήσεις, καινούργιες δουλειές κλπ) μπορούν να
γίνουν στις τεχνικές λίστες, αλλά οι απαντήσεις τους πρέπει να
στέλνονται στην λίστα -chat.</para>
</listitem>
@@ -1120,7 +1120,7 @@
υλοποίησης ενός υποσυστήματος &firewire; (γνωστό και ως
IEEE 1394 ή iLink) για το &os;. Σχετικά θέματα
είναι τα πρότυπα, οι συσκευές διαύλου και τα
- πρωτόκολλα τους, κάρτες, προσαρμογείς και chipsets, και
+ πρωτόκολλά τους, κάρτες, προσαρμογείς και chipsets, και
η αρχιτεκτονική και η υλοποίηση του κώδικα για την
σωστή υποστήριξη τους.</para>
</listitem>
diff -r 66b227e7d2de -r 182487419650 en_US.ISO8859-1/books/handbook/Makefile
--- a/en_US.ISO8859-1/books/handbook/Makefile Sun Sep 28 17:57:51 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/Makefile Mon Sep 29 00:24:10 2008 +0300
@@ -1,5 +1,5 @@
#
-# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.109 2008/03/03 11:07:37 brd Exp $
+# $FreeBSD: doc/en_US.ISO8859-1/books/handbook/Makefile,v 1.110 2008/09/28 12:54:12 trhodes Exp $
#
# Build the FreeBSD Handbook.
#
@@ -198,6 +198,7 @@
SRCS+= audit/chapter.sgml
SRCS+= book.sgml
SRCS+= colophon.sgml
+SRCS+= dtrace/chapter.sgml
SRCS+= freebsd-glossary.sgml
SRCS+= advanced-networking/chapter.sgml
SRCS+= basics/chapter.sgml
@@ -209,6 +210,7 @@
SRCS+= disks/chapter.sgml
SRCS+= eresources/chapter.sgml
SRCS+= firewalls/chapter.sgml
+SRCS+= filesystems/chapter.sgml
SRCS+= geom/chapter.sgml
SRCS+= install/chapter.sgml
SRCS+= introduction/chapter.sgml
@@ -228,6 +230,7 @@
SRCS+= printing/chapter.sgml
SRCS+= security/chapter.sgml
SRCS+= serialcomms/chapter.sgml
+SRCS+= updating/chapter.sgml
SRCS+= users/chapter.sgml
SRCS+= vinum/chapter.sgml
SRCS+= virtualization/chapter.sgml
diff -r 66b227e7d2de -r 182487419650 en_US.ISO8859-1/books/handbook/basics/chapter.sgml
--- a/en_US.ISO8859-1/books/handbook/basics/chapter.sgml Sun Sep 28 17:57:51 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/basics/chapter.sgml Mon Sep 29 00:24:10 2008 +0300
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.153 2008/03/02 22:02:36 brd Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/basics/chapter.sgml,v 1.154 2008/09/28 11:56:09 trhodes Exp $
-->
<chapter id="basics">
@@ -652,6 +652,145 @@
may set these flags. It is recommended that administrators read
over the &man.chflags.1; and &man.chflags.2; manual pages for
more information.</para>
+ </sect2>
+
+ <sect2>
+ <sect2info>
+ <authorgroup>
+ <author>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ <contrib>Contributed by </contrib>
+ </author>
+ </authorgroup>
+ </sect2info>
+
+ <title>The setuid, setgid, and sticky Permissions</title>
+
+ <para>Other than the permissions already discussed, there are
+ three other specific settings that all administrators should
+ know about. They are the <literal>setuid</literal>,
+ <literal>setgid</literal> and <literal>sticky</literal>
+ permissions.</para>
+
+ <para>These settings are important for some &unix; operations
+ as they provide functionality not normally granted to normal
+ users. To understand them, the difference between the real
+ user ID and effective user ID must also be noted.</para>
+
+ <para>The real user ID is the <acronym>UID</acronym> who owns
+ or starts the process. The effective <acronym>UID</acronym>
+ is the user ID the process runs as. As an example, the
+ &man.passwd.1; utility runs with the real user ID as the
+ user changing their password; however, to manipulate the
+ password database, it runs as the effective ID of the
+ <username>root</username> user. This is what allows normal
+ users to change their passwords without seeing a
+ <errorname>Permission Denied</errorname> error.</para>
+
+ <note>
+ <para>The <literal>nosuid</literal> &man.mount.8; option will
+ cause these binaries to silently fail. That is, they will
+ fail to execute without ever alerting the user. That option
+ is also not completely reliable as a <literal>nosuid</literal>
+ wrapper may be able to circumvent it; according to the
+ &man.mount.8; manual page.</para>
+ </note>
+
+ <para>The setuid permission may be set by prefixing a permission
+ set with the number four (4) as shown in the following
+ example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 4755 suidexample.sh</userinput></screen>
+
+ <para>The permissions on the
+ <filename><replaceable>suidexample.sh</replaceable></filename>
+ file should now look like the following:</para>
+
+ <programlisting>-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh</programlisting>
+
+ <para>It should be noticeable from this example that an
+ <literal>s</literal> is now part of the permission set
+ designated for the file owner, replacing the executable
+ bit. This allows utilities which need elevated permissions,
+ such as <command>passwd</command>.</para>
+
+ <para>To view this in real time, open two terminals. On
+ one, start the <command>passwd</command> process as a normal
+ user. While it waits for a new password, check the process
+ table and look at the user information of the
+ <command>passwd</command> command.</para>
+
+ <para>In terminal A:</para>
+
+ <screen>Changing local password for trhodes
+Old Password:</screen>
+
+ <para>In terminal B:</para>
+
+ <screen>&prompt.root; <userinput>ps aux | grep passwd</userinput></screen>
+
+ <screen>trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd
+root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd</screen>
+
+ <para>As stated above, the <command>passwd</command> is run
+ by a normal user, but is using the effective
+ <acronym>UID</acronym> of <username>root</username>.</para>
+
+ <para>The <literal>setgid</literal> permission performs the
+ same function as the <literal>setuid</literal> permission;
+ except that it alters the group settings. When an application
+ or utility is ran with this setting, it will be granted the
+ permissions based on the group that owns the file, not
+ the user who started the process.</para>
+
+ <para>To set the <literal>setgid</literal> permission on a
+ file, provide the <command>chmod</command> command with a
+ leading two (2) as in the following example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 2755 suidexample.sh</userinput></screen>
+
+ <para>The new setting may be viewed as before, notice the
+ <literal>s</literal> is now in the field designated for the
+ group permission settings:<para>
+
+ <screen>-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 suidexample.sh</screen>
+
+ <note>
+ <para>In these examples, even though the shell script in
+ question is an executable file, it will not run with
+ a different <acronym>EUID</acronym> or effective user ID.
+ This is because shell scripts may not access the
+ &man.setuid.2; system calls.</para>
+ </note>
+
+ <para>The first two special permission bits we discussed
+ (the <literal>setuid</literal> and <literal>setgid</literal>
+ permission bits) may lower system security, by allowing for
+ elevated permissions. There is a third special permission bit
+ that can strengthen the security of a system: the
+ <literal>sticky bit</literal>.</para>
+
+ <para>The <literal>sticky bit</literal>, when set on a directory,
+ allows file deletion only by the file owner. This
+ permission set is useful to prevent file deletion in public
+ directories, such as
+ <filename class="directory">/tmp</filename>, by users who do
+ not own the file. To utilize this permission, prefix the
+ permission with a one (1). For example:</para>
+
+ <screen>&prompt.root; <userinput>chmod 1777 /tmp</userinput></screen>
+
+ <para>Now, it is possible to see the effect by using the
+ <command>ls</command> command:</para>
+
+ <screen>&prompt.root; <userinput>ls -al / | grep tmp</userinput></screen>
+
+ <screen>drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp</screen>
+
+ <para>The <literal>sticky bit</literal> permission is
+ distinguishable from the <literal>t</literal> at the very
+ end of the set.</para>
</sect2>
</sect1>
diff -r 66b227e7d2de -r 182487419650 en_US.ISO8859-1/books/handbook/book.sgml
--- a/en_US.ISO8859-1/books/handbook/book.sgml Sun Sep 28 17:57:51 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/book.sgml Mon Sep 29 00:24:10 2008 +0300
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.172 2008/01/06 13:49:29 danger Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/book.sgml,v 1.173 2008/09/28 12:54:12 trhodes Exp $
-->
<!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
@@ -48,6 +48,9 @@
<!ENTITY % chap.freebsd-glossary "IGNORE">
<!ENTITY % chap.mac "IGNORE">
<!ENTITY % chap.audit "IGNORE">
+<!ENTITY % chap.filesystems "IGNORE">
+<!ENTITY % chap.dtrace "IGNORE">
+<!ENTITY % chap.updating "IGNORE">
<!ENTITY % pgpkeys SYSTEM "../../../share/pgpkeys/pgpkeys.ent"> %pgpkeys;
]>
@@ -270,10 +273,12 @@
<![ %chap.audit; [ &chap.audit; ]]>
<![ %chap.disks; [ &chap.disks; ]]>
<![ %chap.geom; [ &chap.geom; ]]>
+ <![ %chap.filesystems; [ &chap.filesystems; ]]>
<![ %chap.vinum; [ &chap.vinum; ]]>
<![ %chap.virtualization; [ &chap.virtualization; ]]>
<![ %chap.l10n; [ &chap.l10n; ]]>
<![ %chap.cutting-edge; [ &chap.cutting-edge; ]]>
+ <![ %chap.dtrace; [ &chap.dtrace; ]]>
</part>
<part id="network-communication">
@@ -316,6 +321,7 @@
can begin using FreeBSD in a network environment.</para>
</partintro>
+ <![ %chap.updating; [ &chap.updating; ]]>
<![ %chap.serialcomms; [ &chap.serialcomms; ]]>
<![ %chap.ppp-and-slip; [ &chap.ppp-and-slip; ]]>
<![ %chap.mail; [ &chap.mail; ]]>
diff -r 66b227e7d2de -r 182487419650 en_US.ISO8859-1/books/handbook/chapters.ent
--- a/en_US.ISO8859-1/books/handbook/chapters.ent Sun Sep 28 17:57:51 2008 +0300
+++ b/en_US.ISO8859-1/books/handbook/chapters.ent Mon Sep 29 00:24:10 2008 +0300
@@ -6,7 +6,7 @@
Chapters should be listed in the order in which they are referenced.
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.37 2007/04/06 07:38:50 murray Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/chapters.ent,v 1.38 2008/09/28 12:54:12 trhodes Exp $
-->
<!ENTITY chap.preface SYSTEM "preface/preface.sgml">
@@ -35,12 +35,15 @@
<!ENTITY chap.audit SYSTEM "audit/chapter.sgml">
<!ENTITY chap.disks SYSTEM "disks/chapter.sgml">
<!ENTITY chap.geom SYSTEM "geom/chapter.sgml">
+<!ENTITY chap.filesystems SYSTEM "filesystems/chapter.sgml">
<!ENTITY chap.vinum SYSTEM "vinum/chapter.sgml">
<!ENTITY chap.virtualization SYSTEM "virtualization/chapter.sgml">
<!ENTITY chap.l10n SYSTEM "l10n/chapter.sgml">
<!ENTITY chap.cutting-edge SYSTEM "cutting-edge/chapter.sgml">
+<!ENTITY chap.dtrace SYSTEM "dtrace/chapter.sgml">
<!-- Part four -->
+<!ENTITY chap.updating SYSTEM "updating/chapter.sgml">
<!ENTITY chap.serialcomms SYSTEM "serialcomms/chapter.sgml">
<!ENTITY chap.ppp-and-slip SYSTEM "ppp-and-slip/chapter.sgml">
<!ENTITY chap.mail SYSTEM "mail/chapter.sgml">
diff -r 66b227e7d2de -r 182487419650 en_US.ISO8859-1/books/handbook/dtrace/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/en_US.ISO8859-1/books/handbook/dtrace/Makefile Mon Sep 29 00:24:10 2008 +0300
@@ -0,0 +1,15 @@
More information about the Freebsd-doc-el
mailing list