diff options
author | ru <ru@FreeBSD.org> | 2004-07-03 18:29:24 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2004-07-03 18:29:24 +0000 |
commit | 1cf159866714352fd8d7789b97068220cbb5a1a4 (patch) | |
tree | 5526e5113f4e9589bb734483867453b89a7ca4e6 /share/man/man7 | |
parent | bf15efbfc56854d6fb20bb4ff7801d7549fe2bfd (diff) | |
download | FreeBSD-src-1cf159866714352fd8d7789b97068220cbb5a1a4.zip FreeBSD-src-1cf159866714352fd8d7789b97068220cbb5a1a4.tar.gz |
Mechanically kill hard sentence breaks and double whitespaces.
Diffstat (limited to 'share/man/man7')
-rw-r--r-- | share/man/man7/development.7 | 41 | ||||
-rw-r--r-- | share/man/man7/environ.7 | 50 | ||||
-rw-r--r-- | share/man/man7/firewall.7 | 110 | ||||
-rw-r--r-- | share/man/man7/hier.7 | 23 | ||||
-rw-r--r-- | share/man/man7/hostname.7 | 6 | ||||
-rw-r--r-- | share/man/man7/maclabel.7 | 2 | ||||
-rw-r--r-- | share/man/man7/mailaddr.7 | 30 | ||||
-rw-r--r-- | share/man/man7/sdoc.7 | 2 | ||||
-rw-r--r-- | share/man/man7/security.7 | 2 | ||||
-rw-r--r-- | share/man/man7/tuning.7 | 4 |
10 files changed, 168 insertions, 102 deletions
diff --git a/share/man/man7/development.7 b/share/man/man7/development.7 index 4f03342..9986d09 100644 --- a/share/man/man7/development.7 +++ b/share/man/man7/development.7 @@ -30,8 +30,10 @@ conveniently. .Sh SETTING UP THE ENVIRONMENT ON THE MASTER SERVER Your master server should always run a stable, production version of the .Fx -operating system. This does not prevent you from doing -CURRENT -builds or development. The last thing you want to do is to run an +operating system. +This does not prevent you from doing -CURRENT +builds or development. +The last thing you want to do is to run an unstable environment on your master server which could lead to a situation where you lose the environment and/or cannot recover from a mistake. .Pp @@ -52,7 +54,8 @@ in or you can make .Pa /usr/obj its own partition. -I recommend making it a separate partition for several reasons. First, +I recommend making it a separate partition for several reasons. +First, as a safety measure since this partition is written to a great deal. Second, because you typically do not have to back it up. Third, because it makes it far easier to mix and match the development @@ -64,7 +67,8 @@ partition of at least 5GB. On the master server, use cvsup to automatically pull down and maintain the .Fx -CVS archive once a day. The first pull will take a long time, +CVS archive once a day. +The first pull will take a long time, it is several gigabytes, but once you have it the daily syncs will be quite small. .Bd -literal -offset 4n @@ -82,7 +86,8 @@ to cvsup. 33 6 * * * /usr/local/bin/cvsup -g -r 20 -L 2 -h cvsup.freebsd.org /usr/share/examples/cvsup/cvs-supfile .Ed .Pp -Run the cvsup manually the first time to pull down the archive. It could take +Run the cvsup manually the first time to pull down the archive. +It could take all day depending on how fast your connection is! You will run all cvsup and cvs operations as root and you need to set up a ~/.cvsrc (/root/.cvsrc) file, as shown below, for proper cvs operation. @@ -116,7 +121,8 @@ cvs -d /home/ncvs checkout doc .Pp Now create a softlink for /usr/src and /usr/src2. On the main server I always point /usr/src at -STABLE and /usr/src2 at --CURRENT. On client machines I usually do not have a /usr/src2 and I make +-CURRENT. +On client machines I usually do not have a /usr/src2 and I make /usr/src point at whatever version of FreeBSD the client box is intended to run. .Bd -literal -offset 4n @@ -127,7 +133,8 @@ ln -s /FreeBSD/FreeBSD-current/src src2 (MASTER SERVER ONLY) .Ed .Pp Now you have to make a choice for /usr/obj. -Well, hopefully you made it already and chose the partition method. If you +Well, hopefully you made it already and chose the partition method. +If you chose poorly you probably intend to put it in /FreeBSD and, if so, this is what you want to do: .Bd -literal -offset 4n @@ -138,7 +145,8 @@ rm -rf obj ln -s /FreeBSD/obj obj .Ed .Pp -Alternatively you may chose simply to leave /usr/obj in /usr. If your +Alternatively you may chose simply to leave /usr/obj in /usr. +If your /usr is large enough this will work, but I do not recommend it for safety reasons (/usr/obj is constantly being modified, /usr is not). .Pp @@ -157,7 +165,8 @@ to check it out (see above). With some fancy softlinks you can make the ports tree available both on your master server and on all of your other machines. Note that the ports tree exists only on the HEAD cvs branch, so its always --CURRENT even on a -STABLE box. This is what you do: +-CURRENT even on a -STABLE box. +This is what you do: .Bd -literal -offset 4n (THESE COMMANDS ON THE MASTER SERVER AND ON ALL CLIENTS) cd /usr @@ -228,7 +237,8 @@ into the NFS-mounted environment. If a particular client is running -CURRENT, /usr/src should be a softlink to /FreeBSD/FreeBSD-current/src. If it is running -STABLE, /usr/src should be a softlink to -/FreeBSD/FreeBSD-4.x/src. I do not usually create a /usr/src2 softlink on +/FreeBSD/FreeBSD-4.x/src. +I do not usually create a /usr/src2 softlink on clients, that is used as a convenient shortcut when working on the source code on the master server only and could create massive confusion (of the human variety) on a client. @@ -305,7 +315,8 @@ make buildworld .Pp If you are on the master server you are running in a -STABLE environment, but that does not prevent you from building the -CURRENT world. -Just cd into the appropriate source directory and you are set. Do not +Just cd into the appropriate source directory and you are set. +Do not accidentally install it on your master server though! .Bd -literal -offset 4n cd /usr/src2 @@ -393,7 +404,8 @@ version of CVS examines a custom environmental variable, CVS_LOCAL_BRANCH_NUM, which specifies an integer to use when doing a cvs tag/rtag. Set this number to something high (say 1000) to avoid colliding -with potential future branches of the main repository. For example, +with potential future branches of the main repository. +For example, branching a file with version 1.4 produces 1.4.1000. Future commits to this branch will produce revisions 1.4.1000.1, 1.4.1000.2, etc. @@ -448,7 +460,8 @@ This is a good time to also remind you that most of the cvs operations you do will be done as root, and that certain options are required for CVS to operate properly on the .Fx -repository. For example, +repository. +For example, .Fl Pd is necessary when running "cvs update". These options are typically placed in your ~/.cvsrc (as already described) @@ -462,7 +475,7 @@ If you can make it 15GB I would do it. I generally do not cvs update via a cron job. This is because I generally want the source to not change out from under me when I am developing code. -Instead I manually update the source every so often... when I feel it is +Instead I manually update the source every so often...\& when I feel it is a good time. My recommendation is to only keep the cvs repository synchronized via cron. .Sh SEE ALSO diff --git a/share/man/man7/environ.7 b/share/man/man7/environ.7 index 4fc29b6..d4987a6 100644 --- a/share/man/man7/environ.7 +++ b/share/man/man7/environ.7 @@ -44,8 +44,9 @@ An array of strings called the .Ar environment is made available by -.Xr execve 2 -when a process begins. By convention these strings have the form +.Xr execve 2 +when a process begins. +By convention these strings have the form .Dq Ar name=value . The following names are used by various commands: .Bl -tag -width LC_MONETARY @@ -76,14 +77,14 @@ call to ask the terminal driver for the width. Default editor name. .It Ev EXINIT A startup list of commands read by -.Xr ex 1 +.Xr ex 1 and -.Xr vi 1 . +.Xr vi 1 . .It Ev HOME A user's login directory, set by -.Xr login 1 +.Xr login 1 from the password file -.Xr passwd 5 . +.Xr passwd 5 . .It Ev LANG This variable configures all programs which use .Xr setlocale 3 @@ -121,7 +122,7 @@ for formatting output. The location of the user's mailbox instead of the default in /var/mail, used by -.Xr mail 1 , +.Xr mail 1 , .Xr sh 1 , and many other mailclients. .It Ev NLSPATH @@ -130,27 +131,28 @@ List of directories to be searched for the message catalog referred to by See .Xr catopen 3 . .It Ev PAGER -Default paginator program. The program specified by this variable is used by +Default paginator program. +The program specified by this variable is used by .Xr mail 1 , .Xr man 1 , .Xr ftp 1 , etc, to display information which is longer than the current display. .It Ev PATH The sequence of directories, separated by colons, searched by -.Xr csh 1 , -.Xr sh 1 , -.Xr system 3 , -.Xr execvp 3 , +.Xr csh 1 , +.Xr sh 1 , +.Xr system 3 , +.Xr execvp 3 , etc, when looking for an executable file. .Ev PATH is set to ``/usr/bin:/bin'' initially by -.Xr login 1 . +.Xr login 1 . .It Ev PRINTER The name of the default printer to be used by -.Xr lpr 1 , -.Xr lpq 1 , +.Xr lpr 1 , +.Xr lpq 1 , and -.Xr lprm 1 . +.Xr lprm 1 . .It Ev PWD The current directory pathname. .It Ev SHELL @@ -158,10 +160,11 @@ The full pathname of the user's login shell. .It Ev TERM The kind of terminal for which output is to be prepared. This information is used by commands, such as -.Xr nroff 1 +.Xr nroff 1 or .Xr plot 1 -which may exploit special terminal capabilities. See +which may exploit special terminal capabilities. +See .Pa /usr/share/misc/termcap .Pq Xr termcap 5 for a list of terminal types. @@ -173,10 +176,11 @@ it begins with a '/', the name of the termcap file. See .Ev TERMPATH below, and -.Xr termcap 5 . +.Xr termcap 5 . .It Ev TERMPATH A sequence of pathnames of termcap files, separated by colons or spaces, -which are searched for terminal descriptions in the order listed. Having +which are searched for terminal descriptions in the order listed. +Having no .Ev TERMPATH is equivalent to a @@ -213,13 +217,13 @@ Further names may be placed in the environment by the command and .Ar name=value arguments in -.Xr sh 1 , +.Xr sh 1 , or by the .Ic setenv command if you use -.Xr csh 1 . +.Xr csh 1 . It is unwise to change certain -.Xr sh 1 +.Xr sh 1 variables that are frequently exported by .Pa .profile files, such as diff --git a/share/man/man7/firewall.7 b/share/man/man7/firewall.7 index ecb38b7..c78b699 100644 --- a/share/man/man7/firewall.7 +++ b/share/man/man7/firewall.7 @@ -13,7 +13,8 @@ .Sh FIREWALL BASICS A Firewall is most commonly used to protect an internal network from an outside network by preventing the outside network from -making arbitrary connections into the internal network. Firewalls +making arbitrary connections into the internal network. +Firewalls are also used to prevent outside entities from spoofing internal IP addresses and to isolate services such as NFS or SMBFS (Windows file sharing) within LAN segments. @@ -23,11 +24,13 @@ The firewalling system also has the capability to limit bandwidth using .Xr dummynet 4 . This feature can be useful when you need to guarantee a certain -amount of bandwidth for a critical purpose. For example, if you +amount of bandwidth for a critical purpose. +For example, if you are doing video conferencing over the Internet via your office T1 (1.5 MBits/s), you may wish to bandwidth-limit all other T1 traffic to 1 MBit/s in order to reserve at least 0.5 MBits -for your video conferencing connections. Similarly if you are +for your video conferencing connections. +Similarly if you are running a popular web or ftp site from a colocation facility you might want to limit bandwidth to prevent excessive bandwidth charges from your provider. @@ -42,22 +45,29 @@ a private IP space to make connections to the outside for browsing or other purposes. .Pp Constructing a firewall may appear to be trivial, but most people -get them wrong. The most common mistake is to create an exclusive -firewall rather than an inclusive firewall. An exclusive firewall +get them wrong. +The most common mistake is to create an exclusive +firewall rather than an inclusive firewall. +An exclusive firewall allows all packets through except for those matching a set of rules. An inclusive firewall allows only packets matching the ruleset -through. Inclusive firewalls are much, much safer than exclusive -firewalls but a tad more difficult to build properly. The +through. +Inclusive firewalls are much, much safer than exclusive +firewalls but a tad more difficult to build properly. +The second most common mistake is to blackhole everything except the -particular port you want to let through. TCP/IP needs to be able +particular port you want to let through. +TCP/IP needs to be able to get certain types of ICMP errors to function properly - for -example, to implement MTU discovery. Also, a number of common +example, to implement MTU discovery. +Also, a number of common system daemons make reverse connections to the .Sy auth service in an attempt to authenticate the user making a connection. Auth is rather dangerous but the proper implementation is to return a TCP reset for the connection attempt rather than simply blackholing -the packet. We cover these and other quirks involved with constructing +the packet. +We cover these and other quirks involved with constructing a firewall in the sample firewall section below. .Sh IPFW KERNEL CONFIGURATION You do not need to create a custom kernel to use the IP firewalling features. @@ -70,15 +80,18 @@ if you are paranoid you can compile IPFW directly into the .Fx kernel by using the .Sy IPFIREWALL -option set. If compiled in the kernel, ipfw denies all +option set. +If compiled in the kernel, ipfw denies all packets by default, which means that, if you do not load in a permissive ruleset via .Em /etc/rc.conf , rebooting into your new kernel will take the network offline. This can prevent you from being able to access your system if you -are not sitting at the console. It is also quite common to +are not sitting at the console. +It is also quite common to update a kernel to a new release and reboot before updating -the binaries. This can result in an incompatibility between +the binaries. +This can result in an incompatibility between the .Xr ipfw 8 program and the kernel which prevents it from running in the @@ -86,13 +99,17 @@ boot sequence, also resulting in an inaccessible machine. Because of these problems the .Sy IPFIREWALL_DEFAULT_TO_ACCEPT kernel option is also available which changes the default firewall -to pass through all packets. Note, however, that using this option +to pass through all packets. +Note, however, that using this option may open a small window of opportunity during booting where your -firewall passes all packets. Still, it's a good option to use +firewall passes all packets. +Still, it's a good option to use while getting up to speed with .Fx -firewalling. Get rid of it once you understand how it all works -to close the loophole, though. There is a third option called +firewalling. +Get rid of it once you understand how it all works +to close the loophole, though. +There is a third option called .Sy IPDIVERT which allows you to use the firewall to divert packets to a user program and is necessary if you wish to use @@ -106,42 +123,54 @@ option must be used to enable rules. .Sh SAMPLE IPFW-BASED FIREWALL Here is an example ipfw-based firewall taken from a machine with three -interface cards. fxp0 is connected to the 'exposed' LAN. Machines -on this LAN are dual-homed with both internal 10. IP addresses and -Internet-routed IP addresses. In our example, 192.100.5.x represents +interface cards. +fxp0 is connected to the 'exposed' LAN. +Machines +on this LAN are dual-homed with both internal 10.\& IP addresses and +Internet-routed IP addresses. +In our example, 192.100.5.x represents the Internet-routed IP block while 10.x.x.x represents the internal -networks. While it isn't relevant to the example, 10.0.1.x is +networks. +While it isn't relevant to the example, 10.0.1.x is assigned as the internal address block for the LAN on fxp0, 10.0.2.x for the LAN on fxp1, and 10.0.3.x for the LAN on fxp2. .Pp In this example we want to isolate all three LANs from the Internet as well as isolate them from each other, and we want to give all internal addresses access to the Internet through a NAT gateway running -on this machine. To make the NAT gateway work, the firewall machine +on this machine. +To make the NAT gateway work, the firewall machine is given two Internet-exposed addresses on fxp0 in addition to an -internal 10. address on fxp0: one exposed address (not shown) +internal 10.\& address on fxp0: one exposed address (not shown) represents the machine's official address, and the second exposed address (192.100.5.5 in our example) represents the NAT gateway -rendezvous IP. We make the example more complex by giving the machines +rendezvous IP. +We make the example more complex by giving the machines on the exposed LAN internal 10.0.0.x addresses as well as exposed -addresses. The idea here is that you can bind internal services +addresses. +The idea here is that you can bind internal services to internal addresses even on exposed machines and still protect -those services from the Internet. The only services you run on +those services from the Internet. +The only services you run on exposed IP addresses would be the ones you wish to expose to the Internet. .Pp It is important to note that the 10.0.0.x network in our example -is not protected by our firewall. You must make sure that your +is not protected by our firewall. +You must make sure that your Internet router protects this network from outside spoofing. Also, in our example, we pretty much give the exposed hosts free reign on our internal network when operating services through -internal IP addresses (10.0.0.x). This is somewhat of security -risk... what if an exposed host is compromised? To remove the +internal IP addresses (10.0.0.x). +This is somewhat of security +risk: what if an exposed host is compromised? +To remove the risk and force everything coming in via LAN0 to go through the firewall, remove rules 01010 and 01011. .Pp Finally, note that the use of internal addresses represents a -big piece of our firewall protection mechanism. With proper +big piece of our firewall protection mechanism. +With proper spoofing safeguards in place, nothing outside can directly access an internal (LAN1 or LAN2) host. .Bd -literal @@ -337,19 +366,26 @@ add 06000 deny all from any to any .Ed .Sh PORT BINDING INTERNAL AND EXTERNAL SERVICES We've mentioned multi-homing hosts and binding services to internal or -external addresses but we haven't really explained it. When you have a +external addresses but we haven't really explained it. +When you have a host with multiple IP addresses assigned to it, you can bind services run -on that host to specific IPs or interfaces rather than all IPs. Take -the firewall machine for example: With three interfaces +on that host to specific IPs or interfaces rather than all IPs. +Take +the firewall machine for example: with three interfaces and two exposed IP addresses on one of those interfaces, the firewall machine is known by 5 different IP addresses (10.0.0.1, 10.0.1.1, 10.0.2.1, 192.100.5.5, and say -192.100.5.1). If the firewall is providing file sharing services to the +192.100.5.1). +If the firewall is providing file sharing services to the windows LAN segment (say it is LAN1), you can use samba's 'bind interfaces' -directive to specifically bind it to just the LAN1 IP address. That +directive to specifically bind it to just the LAN1 IP address. +That way the file sharing services will not be made available to other LAN -segments. The same goes for NFS. If LAN2 has your UNIX engineering -workstations, you can tell nfsd to bind specifically to 10.0.2.1. You +segments. +The same goes for NFS. +If LAN2 has your UNIX engineering +workstations, you can tell nfsd to bind specifically to 10.0.2.1. +You can specify how to bind virtually every service on the machine and you can use a light .Xr jail 8 diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7 index 5b5da5a..cd4a931 100644 --- a/share/man/man7/hier.7 +++ b/share/man/man7/hier.7 @@ -285,7 +285,7 @@ mail filter API .It Pa machine/ machine-specific C include files .It Pa net/ -misc network C include files +miscellaneous network C include files .It Pa netatalk/ Appletalk protocol .It Pa netatm/ @@ -378,7 +378,7 @@ a.out backward compatibility libraries .El .Pp .It Pa libdata/ -misc. utility data files +miscellaneous utility data files .Bl -tag -width Fl -compact .It Pa gcc/ .Xr gcc 1 @@ -425,7 +425,8 @@ ports framework. Within local/, the general layout sketched out by .Nm for /usr -should be used. Exceptions are the man directory (directly under local/ +should be used. +Exceptions are the man directory (directly under local/ rather than under local/share/), ports documentation (in share/doc/<port>/), and /usr/local/etc (mimics /etc). .It Pa obj/ @@ -529,7 +530,7 @@ macros for use with the me macro package; see .Xr me 7 .It Pa misc/ -misc system-wide ASCII text files +miscellaneous system-wide ASCII text files .Bl -tag -width Fl -compact .It Pa fonts/ ??? @@ -561,7 +562,9 @@ data files for security policies such as .Xr sendmail 8 configuration files .It Pa skel/ -example . (dot) files for new accounts +example +.Pa .\& +(dot) files for new accounts .It Pa snmp/ MIBs, example files and tree definitions for the SNMP daemon. .Bl -tag -width Fl -compact @@ -699,7 +702,7 @@ directory containing output spool files .El .Pp .It Pa backups/ -misc. backup files +miscellaneous backup files .It Pa crash/ default directory to store kernel crash dumps; see .Xr crash 8 @@ -717,19 +720,19 @@ see .El .Pp .It Pa db/ -misc. automatically generated system-specific database files +miscellaneous automatically generated system-specific database files .It Pa empty/ empty directory for use by programs that need a specifically empty directory. Used for instance by .Xr sshd 8 for privilege separation. .It Pa games/ -misc. game status and score files +miscellaneous game status and score files .It Pa heimdal/ kerberos server databases; see .Xr kdc 8 .It Pa log/ -misc. system log files +miscellaneous system log files .Pp .Bl -tag -width Fl -compact .It Pa wtmp @@ -780,7 +783,7 @@ see and .Xr ruptime 1 .It Pa spool/ -misc. printer and mail system spooling directories +miscellaneous printer and mail system spooling directories .Pp .Bl -tag -width Fl -compact .It Pa clientmqueue/ diff --git a/share/man/man7/hostname.7 b/share/man/man7/hostname.7 index 7722922..713a8b1 100644 --- a/share/man/man7/hostname.7 +++ b/share/man/man7/hostname.7 @@ -50,11 +50,11 @@ subdomain of the EDU subdomain of the Internet would be represented as Hostnames are often used with network client and server programs, which must generally translate the name to an address for use. (This function is generally performed by the library routine -.Xr gethostbyname 3 . ) +.Xr gethostbyname 3 . ) Hostnames are resolved by the Internet name resolver in the following fashion. .Pp -If the name consists of a single component, i.e. contains no dot, +If the name consists of a single component, i.e., contains no dot, and if the environment variable .Dq Ev HOSTALIASES is set to the name of a file, @@ -82,7 +82,7 @@ Lithium.CChem.EDU will not be tried, as there is only one component remaining from the local domain. The search path can be changed from the default by a system-wide configuration file (see -.Xr resolver 5 ) . +.Xr resolver 5 ) . .Sh SEE ALSO .Xr gethostbyname 3 , .Xr resolver 5 , diff --git a/share/man/man7/maclabel.7 b/share/man/man7/maclabel.7 index 9f8cada..05c3654 100644 --- a/share/man/man7/maclabel.7 +++ b/share/man/man7/maclabel.7 @@ -93,6 +93,6 @@ MAC first appeared in This software was contributed to the .Fx Project by NAI Labs, the Security Research Division of Network Associates -Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. diff --git a/share/man/man7/mailaddr.7 b/share/man/man7/mailaddr.7 index 2f5b240..07370fb 100644 --- a/share/man/man7/mailaddr.7 +++ b/share/man/man7/mailaddr.7 @@ -40,11 +40,13 @@ .Nd mail addressing description .Sh DESCRIPTION Mail addresses are based on the Internet protocol listed at the end of this -manual page. These addresses are in the general format +manual page. +These addresses are in the general format .Pp .Dl user@domain .Pp -where a domain is a hierarchical dot separated list of subdomains. For +where a domain is a hierarchical dot separated list of subdomains. +For example, a valid address is: .Pp .Dl eric@CS.Berkeley.EDU @@ -57,7 +59,8 @@ to CS over the Ethernet rather than going via the Berkeley Internet gateway. .Ss Abbreviation. Under certain circumstances it may not be necessary to type the entire -domain name. In general, anything following the first dot may be omitted +domain name. +In general, anything following the first dot may be omitted if it is the same as the domain from which you are sending the message. For example, a user on ``calder.berkeley.edu'' could send to ``eric@CS'' without adding the ``berkeley.edu'' since it is the same on both sending @@ -65,7 +68,8 @@ and receiving hosts. .Ss Compatibility. .Pp Certain old address formats are converted to the new format to provide -compatibility with the previous mail system. In particular, +compatibility with the previous mail system. +In particular, .Pp .Dl user@host .Pp @@ -94,25 +98,30 @@ on for compatibility with older UUCP hosts. .Ss Case Distinctions. .Pp Domain names (i.e., anything after the ``@'' sign) may be given in any mixture -of upper and lower case with the exception of UUCP hostnames. Most hosts +of upper and lower case with the exception of UUCP hostnames. +Most hosts accept any combination of case in user names, with the notable exception of MULTICS sites. .Ss Route-addrs. .Pp Under some circumstances it may be necessary to route a message through -several hosts to get it to the final destination. Normally this routing +several hosts to get it to the final destination. +Normally this routing is done automatically, but sometimes it is desirable to route the message -manually. Addresses which show these relays are termed ``route-addrs.'' +manually. +Addresses which show these relays are termed ``route-addrs.'' These use the syntax: .Pp .Dl <@hosta,@hostb:user@hostc> .Pp This specifies that the message should be sent to hosta, from there to hostb, -and finally to hostc. This path is forced even if there is a more efficient +and finally to hostc. +This path is forced even if there is a more efficient path to hostc. .Pp Route-addrs occur frequently on return addresses, since these are generally -augmented by the software at each host. It is generally possible to ignore +augmented by the software at each host. +It is generally possible to ignore all but the ``user@hostc'' part of the address to determine the actual sender. .Pp @@ -134,7 +143,8 @@ Some other networks can be reached by giving the name of the network as the last component of the domain. .Em This is not a standard feature and may -not be supported at all sites. For example, messages to CSNET or BITNET sites +not be supported at all sites. +For example, messages to CSNET or BITNET sites can often be sent to ``user@host.CSNET'' or ``user@host.BITNET'' respectively. .Sh SEE ALSO .Xr mail 1 , diff --git a/share/man/man7/sdoc.7 b/share/man/man7/sdoc.7 index 28dc628..bbbc84b 100644 --- a/share/man/man7/sdoc.7 +++ b/share/man/man7/sdoc.7 @@ -268,7 +268,7 @@ to link in shared libraries of unknown pedigree. .Xr security 7 , .Xr sprog 7 .Rs -.%T "The FreeBSD Security Architecture" +.%T "The FreeBSD Security Architecture" .%J file:///usr/share/doc/{to be determined} .Re .Rs diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 97434e8..c483361 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -606,7 +606,7 @@ lot harder to deal with. A good security script will also check for changes to user and staff members access configuration files: .Pa .rhosts , .shosts , .ssh/authorized_keys -and so forth... files that might fall outside the purview of the MD5 check. +and so forth, files that might fall outside the purview of the MD5 check. .Pp If you have a huge amount of user disk space it may take too long to run through every file on those partitions. diff --git a/share/man/man7/tuning.7 b/share/man/man7/tuning.7 index f8ef784..dfe5ac6 100644 --- a/share/man/man7/tuning.7 +++ b/share/man/man7/tuning.7 @@ -168,7 +168,7 @@ partitioning your system fragmentation introduced in the smaller more heavily write-loaded partitions will not bleed over into the mostly-read partitions. Additionally, keeping the write-loaded partitions closer to -the edge of the disk (i.e. before the really big partitions instead of after +the edge of the disk (i.e., before the really big partitions instead of after in the partition table) will increase I/O performance in the partitions where you need it the most. Now it is true that you might also need I/O @@ -538,7 +538,7 @@ With delayed acks turned off, the acknowledgement may be sent in its own packet, before the remote service has a chance to echo the data it just received. This same concept also -applies to any interactive protocol (e.g. SMTP, WWW, POP3), and can cut the +applies to any interactive protocol (e.g.\& SMTP, WWW, POP3), and can cut the number of tiny packets flowing across the network in half. The .Fx |