FreeBSD Handbook

The FreeBSD Documentation Project

Welcome to FreeBSD! This handbook covers the installation and day to day use of FreeBSD 7.3-RELEASE and FreeBSD 8.1-RELEASE. This manual is a work in progress and is the work of many individuals. As such, some sections may become dated and require updating. If you are interested in helping out with this project, send email to the FreeBSD documentation project mailing list. The latest version of this document is always available from the FreeBSD web site (previous versions of this handbook can be obtained from http://docs.FreeBSD.org/doc/). It may also be downloaded in a variety of formats and compression options from the FreeBSD FTP server or one of the numerous mirror sites. If you would prefer to have a hard copy of the handbook, you can purchase one at the FreeBSD Mall. You may also want to search the handbook.


Table of Contents
Preface
I. Getting Started
1 Introduction
1.1 Synopsis
1.2 Welcome to FreeBSD!
1.3 About the FreeBSD Project
2 Installing FreeBSD
2.1 Synopsis
2.2 Hardware Requirements
2.3 Pre-installation Tasks
2.4 Starting the Installation
2.5 Introducing Sysinstall
2.6 Allocating Disk Space
2.7 Choosing What to Install
2.8 Choosing Your Installation Media
2.9 Committing to the Installation
2.10 Post-installation
2.11 Troubleshooting
2.12 Advanced Installation Guide
2.13 Preparing Your Own Installation Media
3 UNIX Basics
3.1 Synopsis
3.2 Virtual Consoles and Terminals
3.3 Permissions
3.4 Directory Structure
3.5 Disk Organization
3.6 Mounting and Unmounting File Systems
3.7 Processes
3.8 Daemons, Signals, and Killing Processes
3.9 Shells
3.10 Text Editors
3.11 Devices and Device Nodes
3.12 Binary Formats
3.13 For More Information
4 Installing Applications: Packages and Ports
4.1 Synopsis
4.2 Overview of Software Installation
4.3 Finding Your Application
4.4 Using the Packages System
4.5 Using the Ports Collection
4.6 Post-installation Activities
4.7 Dealing with Broken Ports
5 The X Window System
5.1 Synopsis
5.2 Understanding X
5.3 Installing X11
5.4 X11 Configuration
5.5 Using Fonts in X11
5.6 The X Display Manager
5.7 Desktop Environments
II. Common Tasks
6 Desktop Applications
6.1 Synopsis
6.2 Browsers
6.3 Productivity
6.4 Document Viewers
6.5 Finance
6.6 Summary
7 Multimedia
7.1 Synopsis
7.2 Setting Up the Sound Card
7.3 MP3 Audio
7.4 Video Playback
7.5 Setting Up TV Cards
7.6 Image Scanners
8 Configuring the FreeBSD Kernel
8.1 Synopsis
8.2 Why Build a Custom Kernel?
8.3 Finding the System Hardware
8.4 Kernel Drivers, Subsystems, and Modules
8.5 Building and Installing a Custom Kernel
8.6 The Configuration File
8.7 If Something Goes Wrong
9 Printing
9.1 Synopsis
9.2 Introduction
9.3 Basic Setup
9.4 Advanced Printer Setup
9.5 Using Printers
9.6 Alternatives to the Standard Spooler
9.7 Troubleshooting
10 Linux Binary Compatibility
10.1 Synopsis
10.2 Installation
10.3 Installing Mathematica®
10.4 Installing Maple
10.5 Installing MATLAB®
10.6 Installing Oracle®
10.7 Advanced Topics
III. System Administration
11 Configuration and Tuning
11.1 Synopsis
11.2 Initial Configuration
11.3 Core Configuration
11.4 Application Configuration
11.5 Starting Services
11.6 Configuring the cron Utility
11.7 Using rc under FreeBSD
11.8 Setting Up Network Interface Cards
11.9 Virtual Hosts
11.10 Configuration Files
11.11 Tuning with sysctl
11.12 Tuning Disks
11.13 Tuning Kernel Limits
11.14 Adding Swap Space
11.15 Power and Resource Management
11.16 Using and Debugging FreeBSD ACPI
12 The FreeBSD Booting Process
12.1 Synopsis
12.2 The Booting Problem
12.3 The Boot Manager and Boot Stages
12.4 Kernel Interaction During Boot
12.5 Device Hints
12.6 Init: Process Control Initialization
12.7 Shutdown Sequence
13 Users and Basic Account Management
13.1 Synopsis
13.2 Introduction
13.3 The Superuser Account
13.4 System Accounts
13.5 User Accounts
13.6 Modifying Accounts
13.7 Limiting Users
13.8 Groups
14 Security
14.1 Synopsis
14.2 Introduction
14.3 Securing FreeBSD
14.4 DES, Blowfish, MD5, and Crypt
14.5 One-time Passwords
14.6 TCP Wrappers
14.7 Kerberos5
14.8 OpenSSL
14.9 VPN over IPsec
14.10 OpenSSH
14.11 File System Access Control Lists
14.12 Monitoring Third Party Security Issues
14.13 FreeBSD Security Advisories
14.14 Process Accounting
15 Jails
15.1 Synopsis
15.2 Terms Related to Jails
15.3 Introduction
15.4 Creating and Controlling Jails
15.5 Fine Tuning and Administration
15.6 Application of Jails
16 Mandatory Access Control
16.1 Synopsis
16.2 Key Terms in this Chapter
16.3 Explanation of MAC
16.4 Understanding MAC Labels
16.5 Planning the Security Configuration
16.6 Module Configuration
16.7 The MAC seeotheruids Module
16.8 The MAC bsdextended Module
16.9 The MAC ifoff Module
16.10 The MAC portacl Module
16.11 The MAC partition Module
16.12 The MAC Multi-Level Security Module
16.13 The MAC Biba Module
16.14 The MAC LOMAC Module
16.15 Nagios in a MAC Jail
16.16 User Lock Down
16.17 Troubleshooting the MAC Framework
17 Security Event Auditing
17.1 Synopsis
17.2 Key Terms in this Chapter
17.3 Installing Audit Support
17.4 Audit Configuration
17.5 Administering the Audit Subsystem
18 Storage
18.1 Synopsis
18.2 Device Names
18.3 Adding Disks
18.4 RAID
18.5 USB Storage Devices
18.6 Creating and Using Optical Media (CDs)
18.7 Creating and Using Optical Media (DVDs)
18.8 Creating and Using Floppy Disks
18.9 Creating and Using Data Tapes
18.10 Backups to Floppies
18.11 Backup Strategies
18.12 Backup Basics
18.13 Network, Memory, and File-Backed File Systems
18.14 File System Snapshots
18.15 File System Quotas
18.16 Encrypting Disk Partitions
18.17 Encrypting Swap Space
19 GEOM: Modular Disk Transformation Framework
19.1 Synopsis
19.2 GEOM Introduction
19.3 RAID0 - Striping
19.4 RAID1 - Mirroring
19.5 GEOM Gate Network Devices
19.6 Labeling Disk Devices
19.7 UFS Journaling Through GEOM
20 File Systems Support
20.1 Synopsis
20.2 The Z File System (ZFS)
21 The Vinum Volume Manager
21.1 Synopsis
21.2 Disks Are Too Small
21.3 Access Bottlenecks
21.4 Data Integrity
21.5 Vinum Objects
21.6 Some Examples
21.7 Object Naming
21.8 Configuring Vinum
21.9 Using Vinum for the Root Filesystem
22 Virtualization
22.1 Synopsis
22.2 FreeBSD as a Guest OS
22.3 FreeBSD as a Host OS
23 Localization - I18N/L10N Usage and Setup
23.1 Synopsis
23.2 The Basics
23.3 Using Localization
23.4 Compiling I18N Programs
23.5 Localizing FreeBSD to Specific Languages
24 Updating and Upgrading FreeBSD
24.1 Synopsis
24.2 FreeBSD Update
24.3 Portsnap: A Ports Collection Update Tool
24.4 Updating the Documentation Set
24.5 Tracking a Development Branch
24.6 Synchronizing Your Source
24.7 Rebuilding “world”
24.8 Deleting obsolete files, directories and libraries
24.9 Tracking for Multiple Machines
25 DTrace
25.1 Synopsis
25.2 Implementation Differences
25.3 Enabling DTrace Support
25.4 Using DTrace
25.5 The D Language
IV. Network Communication
26 Serial Communications
26.1 Synopsis
26.2 Introduction
26.3 Terminals
26.4 Dial-in Service
26.5 Dial-out Service
26.6 Setting Up the Serial Console
27 PPP and SLIP
27.1 Synopsis
27.2 Using User PPP
27.3 Using Kernel PPP
27.4 Troubleshooting PPP Connections
27.5 Using PPP over Ethernet (PPPoE)
27.6 Using PPP over ATM (PPPoA)
27.7 Using SLIP
28 Electronic Mail
28.1 Synopsis
28.2 Using Electronic Mail
28.3 sendmail Configuration
28.4 Changing Your Mail Transfer Agent
28.5 Troubleshooting
28.6 Advanced Topics
28.7 SMTP with UUCP
28.8 Setting Up to Send Only
28.9 Using Mail with a Dialup Connection
28.10 SMTP Authentication
28.11 Mail User Agents
28.12 Using fetchmail
28.13 Using procmail
29 Network Servers
29.1 Synopsis
29.2 The inetd “Super-Server”
29.3 Network File System (NFS)
29.4 Network Information System (NIS/YP)
29.5 Automatic Network Configuration (DHCP)
29.6 Domain Name System (DNS)
29.7 Apache HTTP Server
29.8 File Transfer Protocol (FTP)
29.9 File and Print Services for Microsoft® Windows® clients (Samba)
29.10 Clock Synchronization with NTP
29.11 Remote Host Logging with syslogd
30 Firewalls
30.1 Introduction
30.2 Firewall Concepts
30.3 Firewall Packages
30.4 The OpenBSD Packet Filter (PF) and ALTQ
30.5 The IPFILTER (IPF) Firewall
30.6 IPFW
31 Advanced Networking
31.1 Synopsis
31.2 Gateways and Routes
31.3 Wireless Networking
31.4 Bluetooth
31.5 Bridging
31.6 Link Aggregation and Failover
31.7 Diskless Operation
31.8 ISDN
31.9 Network Address Translation
31.10 Parallel Line IP (PLIP)
31.11 IPv6
31.12 Asynchronous Transfer Mode (ATM)
31.13 Common Address Redundancy Protocol (CARP)
V. Appendices
A. Obtaining FreeBSD
A.1 CDROM and DVD Publishers
A.2 FTP Sites
A.3 BitTorrent
A.4 Anonymous CVS
A.5 Using CTM
A.6 Using CVSup
A.7 CVS Tags
A.8 AFS Sites
A.9 rsync Sites
B. Bibliography
B.1 Books & Magazines Specific to FreeBSD
B.2 Users' Guides
B.3 Administrators' Guides
B.4 Programmers' Guides
B.5 Operating System Internals
B.6 Security Reference
B.7 Hardware Reference
B.8 UNIX® History
B.9 Magazines and Journals
C. Resources on the Internet
C.1 Mailing Lists
C.2 Usenet Newsgroups
C.3 World Wide Web Servers
C.4 Email Addresses
D. PGP Keys
D.1 Officers
D.2 Core Team Members
D.3 Developers
FreeBSD Glossary
Colophon
List of Tables
2-1. Sample Device Inventory
2-2. Partition Layout for First Disk
2-3. Partition Layout for Subsequent Disks
2-4. FreeBSD 7.X and 8.X ISO Image Names and Meanings
3-1. Disk Device Codes
18-1. Physical Disk Naming Conventions
21-1. Vinum Plex Organizations
26-1. DB-25 to DB-25 Null-Modem Cable
26-2. DB-9 to DB-9 Null-Modem Cable
26-3. DB-9 to DB-25 Null-Modem Cable
26-4. Signal Names
31-1. Wiring a Parallel Cable for Networking
31-2. Reserved IPv6 addresses
List of Figures
2-1. FreeBSD Boot Loader Menu
2-2. Typical Device Probe Results
2-3. Selecting Country Menu
2-4. Selecting Keyboard Menu
2-5. Selecting Usage from Sysinstall Main Menu
2-6. Selecting Documentation Menu
2-7. Sysinstall Documentation Menu
2-8. Sysinstall Main Menu
2-9. Sysinstall Keymap Menu
2-10. Sysinstall Main Menu
2-11. Sysinstall Options
2-12. Begin Standard Installation
2-13. Select Drive for FDisk
2-14. Typical Fdisk Partitions before Editing
2-15. Fdisk Partition Using Entire Disk
2-16. Sysinstall Boot Manager Menu
2-17. Exit Select Drive
2-18. Sysinstall Disklabel Editor
2-19. Sysinstall Disklabel Editor with Auto Defaults
2-20. Free Space for Root Partition
2-21. Edit Root Partition Size
2-22. Choose the Root Partition Type
2-23. Choose the Root Mount Point
2-24. Sysinstall Disklabel Editor
2-25. Choose Distributions
2-26. Confirm Distributions
2-27. Choose Installation Media
2-28. Selecting an Ethernet Device
2-29. Set Network Configuration for ed0
2-30. Editing inetd.conf
2-31. Default Anonymous FTP Configuration
2-32. Edit the FTP Welcome Message
2-33. Editing exports
2-34. System Console Configuration Options
2-35. Screen Saver Options
2-36. Screen Saver Timeout
2-37. System Console Configuration Exit
2-38. Select Your Region
2-39. Select Your Country
2-40. Select Your Time Zone
2-41. Select Mouse Protocol Type
2-42. Set Mouse Protocol
2-43. Configure Mouse Port
2-44. Setting the Mouse Port
2-45. Enable the Mouse Daemon
2-46. Test the Mouse Daemon
2-47. Select Package Category
2-48. Select Packages
2-49. Install Packages
2-50. Confirm Package Installation
2-51. Select User
2-52. Add User Information
2-53. Exit User and Group Management
2-54. Exit Install
2-55. Network Configuration Upper-level
2-56. Select a default MTA
2-57. Ntpdate Configuration
2-58. Network Configuration Lower-level
21-1. Concatenated Organization
21-2. Striped Organization
21-3. RAID-5 Organization
21-4. A Simple Vinum Volume
21-5. A Mirrored Vinum Volume
21-6. A Striped Vinum Volume
21-7. A Mirrored, Striped Vinum Volume
List of Examples
2-1. Using an Existing Partition Unchanged
2-2. Shrinking an Existing Partition
3-1. Sample Disk, Slice, and Partition Names
3-2. Conceptual Model of a Disk
4-1. Downloading a Package Manually and Installing It Locally
11-1. Creating a Swapfile on FreeBSD
12-1. boot0 Screenshot
12-2. boot2 Screenshot
12-3. An Insecure Console in /etc/ttys
13-1. Adding a user on FreeBSD
13-2. rmuser Interactive Account Removal
13-3. Interactive chpass by Superuser
13-4. Interactive chpass by Normal User
13-5. Changing Your Password
13-6. Changing Another User's Password as the Superuser
13-7. Adding a Group Using pw(8)
13-8. Setting the List of Members of a Group Using pw(8)
13-9. Adding a New Member to a Group Using pw(8)
13-10. Using id(1) to Determine Group Membership
14-1. Using SSH to Create a Secure Tunnel for SMTP
18-1. Using dump over ssh
18-2. Using dump over ssh with RSH set
18-3. Using mdconfig to Mount an Existing File System Image
18-4. Creating a New File-Backed Disk with mdconfig
18-5. Configure and Mount a File-Backed Disk with mdmfs
18-6. Creating a New Memory-Based Disk with mdconfig
18-7. Creating a New Memory-Based Disk with mdmfs
19-1. Labeling Partitions on the Boot Disk
26-1. Adding Terminal Entries to /etc/ttys
28-1. Configuring the sendmail Access Database
28-2. Mail Aliases
28-3. Example Virtual Domain Mail Map
29-1. Reloading the inetd configuration file
29-2. Mounting an Export with amd
29-3. Installing Django with Apache2, mod_python3, and PostgreSQL
29-4. Apache Configuration for Django/mod_python
31-1. LACP aggregation with a Cisco® Switch
31-2. Failover mode
31-3. Failover mode between wired and wireless interfaces
31-4. Branch Office or Home Network
31-5. Head Office or Other LAN
A-1. Checking Out Something from -CURRENT (ls(1)):
A-2. Using SSH to check out the src/ tree:
A-3. Checking Out the Version of ls(1) in the 8-STABLE Branch:
A-4. Creating a List of Changes (as Unified Diffs) to ls(1)
A-5. Finding Out What Other Module Names Can Be Used: