PRAISEFORABSOLUTEFREEBSD
“Even longtime users of FreeBSD may be surprised at the power andfeatures it can bring to bear as a server platform, andAbsolute BSD is anexcellentguidetoharnessingthatpower.”—UNIXREVIEW.COM
“...providesbeautifullywrittentutorialsandreferencematerialtohelpyoumakethemostofthestrengthsofthisOS.”—LINUXUSER&DEVELOPERMAGAZINE
“...packedwithalotofinformation.”—DAEMONNEWS
“Whenwas the last timeyoucouldphysically feelyourselfgetting smarterwhile reading a book? If you are a beginning to average FreeBSD user,AbsoluteFreeBSD...willdeliverthatsensationinspades.”—RICHARDBEJTLICH,TAOSECURITY
“ByfarthebestFreeBSDbookIhaveeverownedisAbsoluteFreeBSD,2ndEditionbyNoStarchPress.”—BSDZEALOT
“MasterpractitionerLucasorganizesfeaturesandfunctionstomakesenseinthe development environment, and so provides aid and comfort to newusers,novices,andthosewithsignificantexperiencealike.”—SCITECHBOOKNEWS
http://UNIXREVIEW.COM
ABSOLUTEFREEBSD®
3RDEDITION
TheCompleteGuidetoFreeBSD
byMichaelW.Lucas
SanFrancisco
ABSOLUTEFREEBSD®,3RDEDITION.Copyright©2019byMichaelW.Lucas.
Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronicormechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withoutthepriorwrittenpermissionofthecopyrightownerandthepublisher.
ISBN-10:1-59327-892-6ISBN-13:978-1-59327-892-2
Publisher:WilliamPollockProductionEditor:JanelleLudowiseCoverandInteriorDesign:OctopodStudiosDevelopmentalEditor:WilliamPollockTechnicalReviewers:JohnBaldwin,BennoRice,andGeorgeV.Neville-NeilCopyeditor:JulianneJigourCompositor:SusanGlinertStevensProofreader:JamesFraleighIndexer:NancyGuenther
Forinformationondistribution,translations,orbulksales,pleasecontactNoStarchPress,Inc.directly:NoStarchPress,Inc.2458thStreet,SanFrancisco,CA94103phone:1.415.863.9900;[email protected]
LibraryofCongressCataloging-in-PublicationData
Lucas, Michael, 1967- Absolute FreeBSD : the complete guide to FreeBSD / Michael W. Lucas. -- 2nd ed. p. cm. Includes index. ISBN-13: 978-1-59327-151-0 ISBN-10: 1-59327-151-4 1. FreeBSD. 2. UNIX (Computer file) 3. Internet service providers--Computerprograms. 4. Web servers--Computer programs. 5. Client/server computing. I. Title.QA76.76.O63L83 2007004'.36--dc22 2007036190
NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductandcompanynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademarksymbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.
Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeentakeninthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoanypersonorentitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinformationcontainedinit.
mailto:[email protected]://www.nostarch.com
AbouttheAuthor
After using Unix since the late ’80s and spending twenty-odd years as anetwork and sytem administrator specializing in building andmaintaininghigh-availability systems,MichaelW. Lucas now writes about them for aliving.He’s writtenmore than 30 books, which have been translated intoninelanguages.HiscriticallyacclaimedtitlesincludeAbsoluteOpenBSD,CiscoRoutersfortheDesperate,andPGP&GPG,allfromNoStarchPress.Learnmoreathttps://mwl.io/.
https://mwl.io/
AbouttheTechnicalReviewers
JohnBaldwin joinedtheFreeBSDProjectasacommitterin1999.Hehasworked in several areas of the system, including SMP infrastructure, thenetwork stack, virtualmemory, anddevicedriver support. Johnhas servedontheCoreandReleaseEngineeringteamsandorganizedseveralFreeBSDdevelopersummits.
BennoRicehasbeenusingFreeBSDsince1995andhasbeenacommittersince2000whenhestartedthePowerPCport.SincethenhehasworkedinavarietyofareasandforanumberofFreeBSD-usingcompanies.Hehasalsoserved on the Core Team and presented on FreeBSD-related topics atseveralconferences.
GeorgeV.Neville-Neilworksonnetworking andoperating systemcodefor fun and profit. His areas of interest are code spelunking, operatingsystems,networking,andtimeprotocols.Heistheco-authorwithMarshallKirkMcKusickandRobertN.M.WatsonofTheDesignandImplementationoftheFreeBSDOperatingSystem(Addison-WesleyProfessional,2004).
BRIEFCONTENTS
ForewordbyMarshallKirkMcKusick
Acknowledgments
Introduction
Chapter1:GettingMoreHelp
Chapter2:BeforeYouInstall
Chapter3:Installing
Chapter4:StartMeUp!TheBootProcess
Chapter5:ReadThisBeforeYouBreakSomethingElse!(BackupandRecovery)
Chapter6:KernelGames
Chapter7:TheNetwork
Chapter8:ConfiguringNetworking
Chapter9:SecuringYourSystem
Chapter10:Disks,Partitioning,andGEOM
Chapter11:TheUnixFileSystem
Chapter12:TheZFileSystem
Chapter13:ForeignFilesystems
Chapter14:Exploring/etc
Chapter15:MakingYourSystemUseful
Chapter16:CustomizingSoftwarewithPorts
Chapter17:AdvancedSoftwareManagement
Chapter18:UpgradingFreeBSD
Chapter19:AdvancedSecurityFeatures
Chapter20:SmallSystemServices
Chapter21:SystemPerformanceandMonitoring
Chapter22:Jails
Chapter23:TheFringeofFreeBSD
Chapter24:ProblemReportsandPanics
Afterword
Bibliography
Index
CONTENTSINDETAIL
FOREWORDbyMarshallKirkMcKusick
ACKNOWLEDGMENTS
INTRODUCTIONWhatIsFreeBSD?
BSD:FreeBSD’sGranddaddyTheBSDLicenseTheAT&T/CSRG/BSDiIronCageMatchTheBirthofFreeBSD
FreeBSDDevelopmentCommittersContributorsUsers
OtherBSDsNetBSDOpenBSDDragonFlyBSDmacOSFreeBSD’sChildren
OtherUnixesSolarisillumosAIXLinuxOtherUnixes
FreeBSD’sStrengthsPortabilityPowerSimplifiedSoftwareManagementCustomizableBuilds
AdvancedFilesystemsWhoShouldUseFreeBSD?WhoShouldRunAnotherBSD?WhoShouldRunaProprietaryOperatingSystem?HowtoReadThisBookWhatMustYouKnow?FortheNewSystemAdministrator
DesktopFreeBSDHowtoThinkAboutUnix
NotesontheThirdEditionContentsofThisBook
1GETTINGMOREHELPWhyNotBegforHelp?
TheFreeBSDAttitudeSupportOptions
ManPagesManualSectionsNavigatingManPagesFindingManPagesSectionNumbersandManManPageContents
FreeBSD.orgWebDocumentsTheMailingListArchivesTheForums
OtherWebsitesUsingFreeBSDProblem-SolvingResources
CheckingtheHandbookandFAQCheckingtheManPagesMailingListsArchivesandForumsUsingYourAnswer
AskingforHelp
ComposingYourMessageRespondingtoEmailTheInternetIsForever
2BEFOREYOUINSTALLDefaultFilesConfigurationwithUCLFreeBSDHardware
ProprietaryHardwareHardwareRequirementsBIOSversusEFI
DisksandFilesystemsFreeBSDFilesystemsFilesystemEncryptionDiskPartitioningMethodsPartitioningwithUFSMultipleOperatingSystemsMultipleHardDrivesSwapSpace
GettingFreeBSDFreeBSDVersionsChoosingInstallationImages
NetworkInstalls
3INSTALLINGCoreSettingsDistributionSelectionDiskPartitioning
UFSInstallsZFSInstalls
NetworkandServiceConfigurationFinishingtheInstall
4STARTMEUP!THEBOOTPROCESSPower-On
UnifiedExtensibleFirmwareInterfaceBasicInput/OutputSystem
TheLoaderBootMultiUser[Enter]BootFreeBSDinSingle-UserModeEscapetoLoaderPromptReboot
Single-UserModeDisksinSingle-UserModeProgramsAvailableinSingle-UserModeTheNetworkinSingle-UserModeUsesforSingle-UserMode
TheLoaderPromptViewingDisksLoaderVariablesRebootBootingfromtheLoader
LoaderConfigurationBootOptionsStartupMessagesMultiuserStartup
/etc/rc.conf,/etc/rc.conf.d,and/etc/defaults/rc.confTherc.dStartupSystem
Theservice(8)CommandSystemShutdown
SerialConsolesSerialProtocolPhysicalSerialConsoleSetupIPMISerialConsoleSetupConfiguringFreeBSD’sSerialConsoleUsingSerialConsoles
WorkingattheConsole
5READTHISBEFOREYOUBREAKSOMETHINGELSE!(BACKUPANDRECOVERY)SystemBackupsBackupTapes
TapeDriveDeviceNodes,Rewinding,andEjectingThe$TAPEVariableTapeStatuswithmt(1)OtherTapeDriveCommands
BSDtar(1)tarModesOthertarFeaturesCompressionPermissionsRestoreAndMore,More,More...
RecordingWhatHappenedRepairingaBrokenSystem
6KERNELGAMESWhatIstheKernel?KernelState:sysctl
sysctlMIBssysctlValuesandDefinitionsViewingsysctlsChangingsysctlsSettingsysctlsAutomatically
TheKernelEnvironmentViewingtheKernelEnvironmentDroppingHintstoDeviceDrivers
KernelModulesViewingLoadedModules
LoadingandUnloadingModulesLoadingModulesatBoot
BuildYourOwnKernelPreparationsBusesandAttachmentsBackUpYourWorkingKernelConfigurationFileFormatConfigurationFiles
BuildingaKernelBootinganAlternateKernel
CustomKernelConfigurationTrimmingaKernelTroubleshootingKernelBuilds
Inclusions,Exclusions,andExpandingtheKernelNOTESInclusionsandExclusionsSkippingModules
7THENETWORKNetworkLayers
ThePhysicalLayerDatalink:ThePhysicalProtocolTheNetworkLayerHeavyLifting:TheTransportLayerApplications
TheNetworkinPracticeGettingBitsandHexesNetworkStacksIPv4AddressesandNetmasks
ComputingNetmasksinDecimalUnusableIPAddressesAssigningIPv4Addresses
IPv6AddressesandSubnets
IPv6BasicsUnderstandingIPv6AddressesIPv6SubnetsLink-LocalAddressesAssigningIPv6Addresses
TCP/IPBasicsICMPUDPTCPHowProtocolsFitTogetherTransportProtocolPorts
UnderstandingEthernetProtocolandHardwareMACAddresses
8CONFIGURINGNETWORKINGNetworkPrerequisites
ConfiguringChangeswithifconfig(8)AddinganIPtoanInterfaceTestingYourInterfaceSetDefaultRouteMultipleIPAddressesonOneInterfaceRenamingInterfacesDHCPReboot!
TheDomainNameServiceHost/IPInformationSourcesLocalNameswith/etc/hostsConfiguringNameserviceCachingNameserver
NetworkActivityCurrentNetworkActivityWhat’sListeningonWhichPort?
PortListenersinDetailNetworkCapacityintheKernel
OptimizingNetworkPerformanceOptimizingNetworkHardwareMemoryUsageMaximumIncomingConnectionsPollingOtherOptimizations
NetworkAdapterTeamingAggregationProtocolsConfiguringlagg(4)
VirtualLANsConfiguringVLANDevicesConfiguringVLANsatBoot
9SECURINGYOURSYSTEMWhoIstheEnemy?
ScriptKiddiesDisaffectedUsersBotnetsMotivatedSkilledAttackers
FreeBSDSecurityAnnouncementsUserSecurity
CreatingUserAccountsConfiguringAdduser:/etc/adduser.confEditingUsers
Shellsand/etc/shellsroot,Groups,andManagement
TherootPasswordGroupsofUsersUsingGroupstoAvoidRoot
TweakingUserSecurityRestrictingLoginAbility
RestrictingSystemUsageFileFlags
SettingandViewingFileFlagsSecurelevels
SecurelevelDefinitionsWhichSecurelevelDoYouNeed?WhatWon’tSecurelevelsandFileFlagsAccomplish?LivingwithSecurelevels
NetworkTargetsPuttingItAllTogether
10DISKS,PARTITIONING,ANDGEOMDisksLieDeviceNodesTheCommonAccessMethod
WhatDisksDoYouHave?Non-CAMDevices
TheGEOMStorageArchitectureGEOMAutoconfigurationGEOMvs.VolumeManagersProviders,Consumers,andSlicersGEOMControlProgramsGEOMDeviceNodesandStacks
HardDisks,Partitions,andSchemesTheFilesystemTable:/etc/fstabWhat’sMountedNow?DiskLabeling
ViewingLabelsSampleLabels
GEOMWitheringThegpart(8)Command
ViewingPartitionsOtherViews
RemovingPartitionsSchemingDisks
RemovingtheDiskPartitioningSchemeAssigningthePartitioningScheme
TheGPTPartitioningSchemeGPTDeviceNodesGPTPartitionTypesCreatingGPTPartitionsResizingGPTPartitionsChangingLabelsandTypesBootingonLegacyHardwareUnifiedExtensibleFirmwareInterfaceandGPTExpandingGPTDisks
TheMBRPartitioningSchemeWhatIstheMasterBootRecord?BSDLabelsMBRDeviceNodesMBRandDisklabelAlignmentCreatingSlicesRemovingSlicesActivatingSlices
BSDLabelsCreatingaBSDLabelCreatingBSDLabelPartitionsAssigningSpecificPartitionLetters
11THEUNIXFILESYSTEMUFSComponents
TheFastFileSystemHowUFSUsesFFSVnodes
MountingandUnmountingFilesystemsMountingStandardFilesystems
SpecialMountsUnmountingaPartitionUFSMountOptions
UFSResiliencySoftUpdatesSoftUpdatesJournalingGEOMJournaling
CreatingandTuningUFSFilesystemsUFSLabelingBlockandFragmentSizeUsingGEOMJournalingTuningUFSExpandingUFSFilesystems
UFSSnapshotsTakingandDestroyingSnapshotsFindingSnapshotsSnapshotDiskUsage
UFSRecoveryandRepairSystemShutdown:TheSyncerDirtyFilesystemsFileSystemChecking:fsck(8)ForcingRead-WriteMountsonDirtyDisksBackgroundfsck,fsck-y,Foregroundfsck,OyVey!
UFSSpaceReservationsHowFullIsaPartition?AddingNewUFSstorage
PartitioningtheDiskConfiguring/etc/fstabInstallingExistingFilesontoNewDisksStackableMounts
12THEZFILESYSTEMDatasets
DatasetPropertiesManagingDatasets
ZFSPoolsPoolDetailsPoolPropertiesViewingPoolProperties
VirtualDevicesVDEVTypesandRedundancy
ManagingPoolsZFSandDiskBlockSizeCreatingandViewingPoolsMulti-VDEVPoolsDestroyingPoolsErrorsand-f
Copy-On-WriteSnapshots
CreatingSnapshotsAccessingSnapshotsDestroyingSnapshots
CompressionPoolIntegrityandRepair
IntegrityVerificationRepairingPoolsPoolStatus
BootEnvironmentsViewingBootEnvironmentsCreatingandAccessingBootEnvironmentsActivatingBootEnvironmentsRemovingBootEnvironmentsBootEnvironmentsatBootBootEnvironmentsandApplications
13FOREIGNFILESYSTEMS
FreeBSDMountCommandsSupportedForeignFilesystemsPermissionsandForeignFilesystems
UsingRemovableMediaEjectingRemovableMediaRemovableMediaand/etc/fstabFormattingFAT32MediaCreatingOpticalMediaWritingImagestoThumbDrives
MemoryFilesystemstmpfsMemoryDisksMountingDiskImagesFilesystemsinFiles
devfs/devatBootGlobaldevfsRulesDynamicDeviceManagementwithdevd(8)
MiscellaneousFilesystemsTheNetworkFileSystem
NFSVersionsConfiguringtheNFSServerConfiguringNFSExportsEnablingtheNFSClient
TheCommonInternetFileSystemPrerequisitesKernelSupportConfiguringCIFSnsmb.confKeywordsCIFSNameResolutionOthersmbutil(1)FunctionsMountingaShareOthermount_smbfsOptionsnsmb.confOptions
CIFSFileOwnershipServingCIFSShares
14EXPLORING/ETC/etcAcrossUnixSpecies/etc/adduser.conf/etc/aliases/etc/amd.map/etc/auto_master/etc/blacklistd.conf/etc/bluetooth,/etc/bluetooth.device.conf,and
/etc/defaults/bluetooth.device.conf/etc/casper/etc/crontaband/etc/cron.d/etc/csh.*/etc/ddb.conf/etc/devd.conf/etc/devfs.conf,/etc/devfs.rules,and/etc/defaults/devfs.rules/etc/dhclient.conf/etc/disktab/etc/dma//etc/freebsd-update.conf/etc/fstab/etc/ftp.*/etc/group/etc/hostid/etc/hosts/etc/hosts.allow/etc/hosts.equiv/etc/hosts.lpd/etc/inetd.conf/etc/libmap.conf/etc/localtime
/etc/locate.rc/etc/login.*/etc/mail/etc/mail.rc/etc/mail/mailer.conf/etc/make.conf
CFLAGSCOPTFLAGSCXXFLAGS
/etc/master.passwd/etc/motd/etc/mtree/etc/netconfig/etc/netstart/etc/network.subr/etc/newsyslog.conf/etc/nscd.conf/etc/nsmb.conf/etc/nsswitch.conf/etc/ntp/,/etc/ntp.conf/etc/opie*/etc/pam.d/*/etc/passwd/etc/pccard_ether/etc/periodic.confand/etc/defaults/periodic.conf
daily_output=”root”daily_show_success=”YES”daily_show_info=”YES”daily_show_badconfig=”NO”daily_local=”/etc/daily.local”
/etc/pf.conf,/etc/pf.os/etc/phones/etc/portsnap.conf/etc/ppp/
/etc/printcap/etc/profile/etc/protocols/etc/pwd.db/etc/rc*/et/regdomain.xml/etc/remote/etc/resolv.conf/etc/rpc/etc/security//etc/services/etc/shells/etc/skel//etc/snmpd.config/etc/spwd.db/etc/src.conf/etc/ssh//etc/ssl//etc/sysctl.conf/etc/syslog.conf,/etc/syslog.conf.d//etc/termcap,/etc/termcap.small/etc/ttys/etc/unbound//etc/wall_cmos_clock/etc/zfs/
15MAKINGYOURSYSTEMUSEFULPortsandPackagesPackages
PackageFilesIntroducingpkg(8)Installingpkg(8)CommonpkgOptions
Configuringpkg(8)FindingPackagesInstallingSoftwareThePackageCachePackageInformationandAutomaticInstallsUninstallingPackagesChangingthePackageDatabaseLockingPackagesPackageFilesPackageIntegrityPackageMaintenancePackageNetworkingandEnvironment
PackageRepositoriesRepositoryConfigurationRepositoryCustomizationRepositoryInheritance
PackageBranchesUpgradingPackages
16CUSTOMIZINGSOFTWAREWITHPORTSMakingSoftwareSourceCodeandSoftwareThePortsCollection
PortsThePortsIndex
SearchingtheIndexLegalRestrictions
What’sInaPort?InstallingaPortPortCustomizationOptionsBuildingPackagesUninstallingandReinstallingPortsTrackingPortBuildStatus
CleaningUpPortsRead-OnlyPortsTreeChangingtheInstallPath
PrivatePackageRepositoriesPoudriereResourcesInstallingandConfiguringPoudrierePoudriereJailCreationInstallaPoudrierePortsTreeConfiguringPoudrierePortsRunningPoudriereUsingthePrivateRepository
AllPoudrieres,LargeandSmallSmallSystemsLargeSystems
UpdatingPoudriereMorePoudriere
17ADVANCEDSOFTWAREMANAGEMENTUsingMultipleProcessors:SMP
KernelAssumptionsSMP:TheFirstTryToday’sSMPProcessorsandSMP
Threads,Threads,andMoreThreadsStartupandShutdownScripts
rcScriptOrderingATypicalrcScriptSpecialrcScriptProvidersVendorStartup/ShutdownScriptsDebuggingCustomrcScripts
ManagingSharedLibrariesSharedLibraryVersionsandFilesAttachingSharedLibrariestoPrograms
LD_LIBRARY_PATHandLD_PRELOADWhataProgramWants
RemappingSharedLibrariesRunningSoftwarefromtheWrongOS
RecompilationEmulationABIReimplementationBinaryBrandingSupportedABIsInstallingandConfiguringtheLinuxulator
UsingLinuxModeDebuggingLinuxMode
RunningSoftwarefromtheWrongArchitectureorRelease
18UPGRADINGFREEBSDFreeBSDVersions
ReleasesFreeBSD-currentFreeBSD-stableSnapshotsFreeBSDSupportModelTestingFreeBSDWhichVersionShouldYouUse?
UpgradeMethodsBinaryUpdates
/etc/freebsd-update.confRunningfreebsd-update(8)RevertingUpdatesSchedulingBinaryUpdatesOptimizingandCustomizingFreeBSDUpdate
UpgradingviaSourceWhichSourceCode?UpdatingSourceCode
BuildingFreeBSDfromSourceBuildtheWorldBuild,Install,andTestaKernelPreparetoInstalltheNewWorldInstallingtheWorldCustomizingMergemasterUpgradesandSingle-UserMode
ShrinkingFreeBSDPackagesandSystemUpgradesUpdatingInstalledPorts
19ADVANCEDSECURITYFEATURESUnprivilegedUsers
ThenobodyAccountASampleUnprivilegedUser
NetworkTrafficControlDefaultAcceptvs.DefaultDenyTCPWrappers
ConfiguringWrappersWrappingUpWrappers
PacketFilteringEnablingPFDefaultAcceptandDefaultDenyinPacketFilteringBasicPacketFilteringandStatefulInspectionConfiguringPFSmall-ServerPFRuleSampleManagingPF
Blacklistd(8)PFandBlacklistdConfiguringBlacklistdConfiguringBlacklistdClientsManagingBlacklistdDe-Blacklisting
Public-KeyEncryptionOpenSSLCertificatesTLSTrick:ConnectingtoTLS-ProtectedPorts
GlobalSecuritySettingsInstall-TimeOptionsSecureConsoleNonexecutableStackandStackGuardOtherSecuritySettings
PreparingforIntrusionswithmtree(1)Runningmtree(1)mtree(1)Output:TheSpecFileTheExclusionFileSavingtheSpecFileFindingSystemDifferences
MonitoringSystemSecurityPackageSecurityIfYou’reHacked
20SMALLSYSTEMSERVICESSecureShell
TheSSHServer:sshd(8)SSHKeysandFingerprintsConfiguringtheSSHDaemonManagingSSHUserAccessSSHClients
Emailmailwrapper(8)TheDragonflyMailAgentTheAliasesFileandDMA
NetworkTimeSettingtheTimeZoneNetworkTimeProtocol
NameServiceSwitchinginetd
/etc/inetd.confConfiguringinetdServersStartinginetd(8)Changinginetd’sBehavior
DHCPHowDHCPWorksConfiguringdhcpd(8)Managingdhcpd(8)
PrintingandPrintServers/etc/printcapEnablingLPD
TFTPRootDirectorytftpdandFilesFileOwnershiptftpd(8)Configuration
SchedulingTaskscron(8)periodic(8)
21SYSTEMPERFORMANCEANDMONITORINGComputerResourcesCheckingtheNetworkGeneralBottleneckAnalysiswithvmstat(8)
ProcessesMemoryPagingDisksFaultsCPUUsingvmstat
ContinuousvmstatDiskI/OCPU,Memory,andI/Owithtop(1)
UFSandtop(1)ZFSandtop(1)ProcessListtop(1)andI/O
FollowingProcessesPagingandSwapping
PagingSwapping
PerformanceTuningMemoryUsageSwapSpaceUsageCPUUsageReschedulingReprioritizingwithNiceness
StatusMailLoggingwithsyslogd
FacilitiesLevelsProcessingMessageswithsyslogd(8)syslogdCustomization
LogFileManagementLogFilePathOwnerandGroupPermissionsCountSizeTimeFlagsPidfileSignalSamplenewsyslog.confEntry
FreeBSDandSNMPSNMP101Configuringbsnmpd
22JAILSJailBasicsJailHostServerSetup
JailHostStorageJailNetworkingJailsatBoot
JailSetupJailUserland/etc/jail.confTestingandConfiguringaJailJailStartupandShutdownJailDependencies
ManagingJailsViewingJailsandJailIDsJailedProcessesRunningCommandsinJailsInstallingJailPackagesUpdatingJails
MoreJailOptionsJailingAncientFreeBSDLastJailNotes
23THEFRINGEOFFREEBSDTerminals
/etc/ttysFormatInsecureConsole
ManagingCloudyFreeBSDLibXo
UniversalConfigurationLanguageDisklessFreeBSD
DisklessClientsDHCPServerSetuptftpdandtheBootLoaderDisklessSecurityTheNFSServerandtheDisklessClientUserland
DisklessFarmConfigurationConfigurationHierarchyDisklessRemounting/etc
FinalizingSetupInstallingPackagesSSHKeys
StorageEncryptionGeneratingandUsingaCryptographicKeyFilesystemsonEncryptedDevices
24PROBLEMREPORTSANDPANICSBugReports
BeforeFilingaBugBadBugReportsTheFixFilingBugsAfterSubmitting
SystemPanicsRecognizingPanicsRespondingtoaPanic
PreparationsTheCrashDumpinActionTestingCrashDumpsCrashDumpTypesTextdumpsDumpsandSecurity
AFTERWORDTheFreeBSDCommunityWhyDoWeDoIt?WhatCanYouDo?IfNothingElseGettingThingsDone
BIBLIOGRAPHYReferencesBooksI'veWritten
INDEX
FOREWORD
IamhappytowritetheforewordtoMichaelLucas’sthirdeditionofAbsoluteFreeBSD.For15years,Michael’sAbsoluteserieshasprovidedthedefinitiveguidetoBSDsoftware,fillinginthewhatsandwhysleftunexplainedbythedetailed but largely factual documentation. And, as its name implies, itdistills to its essence the enormous volume of FreeBSDdocumentation sothatthosenewtothesystemcangetuptospeedquickly.
MichaelisanimportantcontributortotheFreeBSDcommunity.Hehasfilled many of the roles that contributors can take: answering questions,filling inpiecesofmissingdocumentation,helping tomakeconnections inthe community, and generally identifying and facilitating the things thatneedtobedone.Michaelhasinteractedwiththousandsofpeople:hobbyists,professional software developers, system administrators, and universityprofessors.Much of his real-world experience and understanding of whatpeoplearetryingtogetdonehasbeendistilledintothisbook.
IhavebeeninvolvedwiththeBSDsoftwaresinceitsbeginningin1977asastudentprojectofmyofficemate,BillJoy,attheUniversityofCaliforniaatBerkeley.By1980,theBSDdistributionshadgrownfromafewprogramsthat could be added to an AT&T UNIX system to a complete systemcoordinated by four people who called themselves the Computer SystemsResearchGroup (CRSG).By1983, the socket interfacehadbeendesignedandTCP/IPhadbeen implementedunderneath it, allowing a small set oftrustedexternal contributors to log into theCSRGdevelopmentmachinesovertheARPAnet(whichlaterbecametheinternet)anddirectlyupdatethesources using SCCS, a very early source code control system.TheCSRGstaff could then use SCCS to track changes and verify them before doingdistributions. This structure formed the basis for the current BSD-basedprojectsonceBSDwasspunofffromtheuniversityasopensourcein1992.
Startingwiththeopen-sourcedistribution,FreeBSDinitiallyranononlythe early PC computers. Over the past quarter century, thousands ofdevelopershavecontributedtoFreeBSDtomakeitintoapowerfulnetwork
operatingsystemwithstate-of-the-art features that runsonall themoderncomputingplatforms.FreeBSDpowerscoreinternetcompaniesworldwide.From Netflix movie distribution toWhatsApp messaging, from NetworkAppliance and Dell/Isilon storage products to Juniper routers, from thefoundation of Apple’s iOS to the base libraries and services of Google’sAndroid,itishardtothrowarockattheinternetwithouthittingFreeBSD.However,FreeBSD isnot theproductof anyonecompany,butof a largeopensourcecommunity:theFreeBSDProject,madeupofdevelopers,users,andcountlesssupportersandadvocates.Whileyoucan,asmanypeopledo,useFreeBSDsimplyasapieceofsoftwarewithouteverinteractingwiththatcommunity, you can significantly enrich your FreeBSD experience bybecomingapartofthatcommunity.
Whether you are a first-time user or a kernel hacker, the resourcesavailable via the http://www.freebsd.org/ website, countless mailing lists,regional user groups, and conferences canbe invaluable.Have a question?Just email [email protected], and one or more of the hundreds ofvolunteers will undoubtedly answer it. Want to learn more about theexcitingnewfeaturescominginfutureFreeBSDversions?ReadtheProject’squarterly status reports or developmentmailing lists, or attend one of themanyregionalBSDconferencestakingplacearoundtheworld.
These resources are a product of the FreeBSD Project and itscommunity, a largenumberof collaborating individuals and companies, aswell as the FreeBSD Foundation, a nonprofit organization coordinatingfunding,legalresources,andsupportfordevelopmentworkandcommunityactivities. Michael’s easy-to-use book provides a gateway for newbies tobenefit from this community’s expertise and to become active users ofFreeBSDthemselves.
FreeBSDisopensourcesoftware,availableforyoutouseanddistributeat no charge. By helping to support, advocate, or even develop FreeBSD,youcangivebacktotheFreeBSDProjectandhelpthiscommunitygrow.
Whether you are a new user of FreeBSD or an experienced one, I amconfidentyouwillfindAbsoluteFreeBSDabookyouwanttokeepcloseathand.
MarshallKirkMcKusickFreeBSDCommitterTreasurer,FreeBSDFoundation
http://www.freebsd.org/mailto:[email protected]
Berkeley,CaliforniaJanuary2018
ACKNOWLEDGMENTS
This bookwould not existwithout decades of support from the FreeBSDcommunity.Manypeoplehavetoldmethattheyreachformybookstolearnhowtoaccomplishsomething.Whattheydon’tseeishowmanytimesI’vereachedouttomailinglists,forums,andusergroupstogetthatsamesortofhelp—not to mention all the times I’ve used other people’s archiveddiscussions to figure out where I went horribly wrong. In addition to allthose folks who’ve gone before me, though, I need to name those whohelpedmeonthisparticularbook.
GavinAtkinson,DianeBruce,JulianElischer,LarsEngels,AlexKozlov,StevenKreuzer,Ganael Laplanche,Greg “Groggy”Lehey,WarnerLosh,RemkoLodder,RuslanMakhmatkhanov,HirenPanchasara,ColinPercival,Matthew Seaman, Lev Serebryakov, Carlo Strub, Romain Tartière, andThomasZanderallprovidedvitalfeedbackonearlierversionsofthisbook.Some of them read individual chapters that they have special expertise in,while others read thewhole blasted bookwhether they knew the topic ornot.Bothkindsof feedbackare invaluable. JohnBaldwin,BennoRice,andGeorge Neville-Neil collaborated on performing a final technical review,catching errors that ranged from the subtly horrific to the blatantlyappalling.Any errors that remain in this bookwere introduced bymyself,despiteallthesepeople’sbestefforts.
I’ve also received years of support from Allan Jude and BenedictReuschling of the BSDNow (https://www.bsdnow.tv/) podcast, along withalumnusKrisMoore.They’vebackedmyworkevenwhentheyhadnoideawhat the heck I was doing. Their show is a great source of BSD-relatednews,education,andgossip.(It’sacommunity.There’salwaysgossip.)Justthisweek, theywalkedmethroughunderstandingthescheduler inawayIneverhavebefore.
Bert JW Regeer donated $800 to the FreeBSD Foundation for thedubious privilege of being abused in this book. I sincerely thank Bert forbeing a good sport, andhandling all the indignities Iheapuponhimwith
https://www.bsdnow.tv/
graceandaplomb.OfallthefolkswhobackmeonPatreon,ImustespeciallythankStefan
JohnsonandKateEbneter.Becausethat’swhattheirPatreonrewardlevelssayI’lldo.So:thankyou!
Janelle over atNo Starch Press had the unenviable job of shepherdingthisbookthroughproduction,whichiskindoflikeherdingcatsexceptthecats are angry and have switchblades. Thank you for dragging this tomeacross the finish line. I alsoneed to thank the rest of theNoStarch staff,who suffered through transforming my meandering babblings into a realbook.
Andasalways,mygratitudetomyamazingwifeLiz.
INTRODUCTION
Welcome to Absolute FreeBSD! This book is a one-stop shop for systemadministratorswhowanttobuild,configure,andmanageFreeBSDservers.It will also be useful for those folks who want to run FreeBSD on theirdesktops,embeddeddevices,serverfarms,andsoon.Bythetimeyoufinishthisbook,youshouldbeabletouseFreeBSDtoprovidenetworkservices.You should also understand how to manage, patch, and maintain yourFreeBSD systems and have a basic understanding of networking, systemsecurity,andsoftwaremanagement.We’lldiscussFreeBSDversions11and12, which are the most recent versions at the time this book is beingreleased;however,mostof thisbookappliestoearlierandlaterversionsaswell.
WhatIsFreeBSD?FreeBSD is a freely available Unix-like operating system popular withinternet service providers, in appliances and embedded systems, andanywherethatreliabilityoncommodityhardwareisparamount.Onedaylastweek, FreeBSD miraculously appeared on the internet, fully formed,extrudeddirectlyfromthemutantbrainofitsheroiccreator’sloftyintellect.Justkidding—thetruthisfarmoreimpressive.FreeBSDisaresultofalmostfour decades of continuous development, research, and refinement. ThestoryofFreeBSDbeginsin1979,withBSD.
BSD:FreeBSD’sGranddaddyMany years ago, AT&T needed a lot of specialized, custom-written
computer software to run itsbusiness. Itwasn’t allowed to compete in thecomputerindustry,however,soitcouldn’tsellitssoftware.Instead,AT&Tlicensedvariouspiecesofsoftwareandthesourcecodeforthatsoftwaretouniversities at low, lowprices.Theuniversities could savemoneybyusingthis software instead of commercial equivalents with pricey licenses, anduniversitystudentswithaccesstothisniftytechnologycouldreadthesourcecode to seehoweverythingworked. In return,AT&Tgot exposure, somepocket change, and a generation of computer scientists who had cut theirteethonAT&Ttechnology.Everyonegotsomethingoutof thedeal.Thebest-knownsoftwaredistributedunderthislicensingplanwasUnix.
Comparedwithmodernoperatingsystems,theoriginalUnixhadalotofproblems.Thousandsofstudentshadaccesstoitssourcecode,however,andhundreds of teachers needed interesting projects for their students. If aprogrambehavedoddly,oriftheoperatingsystemitselfhadaproblem,thepeoplewholivedwiththesystemonaday-to-daybasishadthetoolsandthemotivationtofix it.TheireffortsquicklyimprovedUnixandcreatedmanyfeatures we now take for granted. Students added the ability to controlrunningprocesses,alsoknownasjobcontrol.TheUnixS51Kfilesystemmadesystemadministratorsbawllikeexhaustedtoddlers,sotheyreplaceditwiththeFastFileSystem (FFS),whose featureshave spread intoeverymodernfilesystem. Many small, useful programs were written over the years,graduallyreplacingentireswathsofUnix.
The Computer Systems Research Group (CSRG) at the University ofCalifornia,Berkeley,participatedintheseimprovementsandalsoactedasacentralclearinghouseforUnixcodeimprovements.CSRGcollectedchangesfromotheruniversities,evaluatedthem,packagedthem,anddistributedthecompilation for free to anyone with a valid AT&T UNIX license. TheCSRGalsocontractedwiththeDefenseAdvancedResearchProjectsAgency(DARPA) to implement various features in Unix, such as TCP/IP. Theresulting collection of software came to be known as theBerkeley SoftwareDistribution,orBSD.
BSD users took the software, improved it further, and then fed theirenhancementsbackintoBSD.Today,weconsiderthistobeafairlystandardwayforanopensourceprojecttorun,butin1979itwasrevolutionary.BSDwas also quite successful; if you check the copyright statement on an oldBSDsystem,you’llseethis:
Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved.
Yep, 15 years ofwork—a lifetime in softwaredevelopment.Howmanyother pieces of software are not only still in use, but still in activedevelopment,15yearsafterworkbegan?Infact,somanyenhancementsandimprovementswent intoBSDthat theCSRGfound thatover theyears, ithadreplacedalmostalloftheoriginalUnixwithcodecreatedbytheCSRGanditscontributors.YouhadtolookhardtofindanyoriginalAT&Tcode.
Eventually,theCSRG’sfundingebbed,anditbecameclearthattheBSDprojectwouldend.After somepoliticalwranglingwithin theUniversityofCalifornia, in1992theBSDcodewasreleasedto thegeneralpublicunderwhatbecameknownastheBSDlicense.
TheBSDLicenseBSD code is available for anyone to use underwhat is probably themostliberal license in the history of software development. The license can besummarizedasfollows:
Don’tclaimyouwrotethis.Don’tblameusifitbreaks.Don’tuseournametopromoteyourproduct.
Thismeans that youcandoalmost anythingyouwantwithBSDcode.(The original BSD license did require that users be notified if a softwareproduct included BSD-licensed code, but that requirement was laterdropped.)There’snotevenarequirementthatyoushareyourchangeswiththe original authors! People were free to take BSD and include it inproprietary products, open source products, or free products—they couldevenprintitoutonpunchcardsandcoverthelawnwithit.Youwanttorunoff10,000BSDCDsanddistributethemtoyourfriends?Enjoy.Insteadofcopyright, theBSD license is sometimes referred to as copycenter, as inTakethis down to the copy center and run off a few for yourself. Not surprisingly,companies such as Sun Microsystems jumped right on it: it was free, itworked,andplentyofnewgraduateshadexperiencewiththetechnology—includingBillJoy,oneofSun’sfounders.Onecompany,BSDi,wasformed
specificallytotakeadvantageofBSDUnix.
TheAT&T/CSRG/BSDiIronCageMatchAt AT&T, UNIX work continued apace even as the CSRG went on itsmerryway.AT&TtookpartsoftheBSDUnixdistribution,integratedthemwith itsUNIX, and then relicensed the resultback to theuniversities thatprovided those improvements. This worked well for AT&T until thecompany was broken up and the resulting companies were permitted tocompete in the computer software business. AT&T had one particularlyvaluable property: a high-end operating system that had been extensivelydebugged by thousands of people.This operating systemhadmany usefulfeatures, such as a variety of small but powerful commands, a modernfilesystem, job control, and TCP/IP. AT&T started a subsidiary, UnixSystems Laboratories (USL), which happily started selling Unix toenterprisesandchargingveryhighfeesforit,allthewhilemaintainingtheuniversityrelationshipthathadgivenitsuchanadvancedoperatingsysteminthefirstplace.
Berkeley’s public release of the BSD code in 1992 wasmet with greatdispleasurefromUSL.Almostimmediately,USLsuedtheuniversityandthesoftware companies that had taken advantage of the software, particularlyBSDi.TheUniversity ofCalifornia claimed that theCSRGhad compiledBSDfromthousandsofthird-partycontributorsunrelatedtoAT&T,andsoitwastheCSRG’sintellectualpropertytodisposeofasitsawfit.
ThislawsuitmotivatedmanypeopletograbacopyofBSDtoseewhatallthefusswasabout,whileothersstartedbuildingproductsontopofit.Oneoftheseproductswas386BSD,whichwouldeventuallybeusedasthecoreofFreeBSD1.0.
In1994,after twoyearsof legalwrangling, theUniversityofCalifornialawyersprovedthat themajorityofAT&TUNIXwasactually taken in itsentirety from BSD, rather than the other way around. To add insult toinjury,AT&ThadactuallyviolatedtheBSDlicensebystrippingtheCSRGcopyright from files it had assimilated. (Only a very special company canviolatetheworld’smostgeneroussoftwarelicense!)Ahalf-dozenfilesweretheonlysourcesofcontention,andtoresolvetheseoutstandingissues,USLdonated some of them to BSD while retaining some as proprietaryinformation.
Once the dust settled, a new version of BSDUnixwas released to theworld as BSD 4.4-Lite. A subsequent update, BSD 4.4-Lite2, is thegrandfatherofthecurrentFreeBSD,aswellasancestortoeveryotherBSDvariantinusetoday.
TheBirthofFreeBSDOneearlyresultofBSDwas386BSD,aversionofBSDdesignedtorunonthecheap386processor.1The386BSDprojectsuccessfullyportedBSDtoIntel’s 386 processor, but it stalled. After a period of neglect, a group of386BSDusersdecided tobranchouton theirownandcreateFreeBSDsothey could keep the operating system up to date. (Several other groupsstarted theirownbranchesoffof386BSDaround the same time,ofwhichonlyNetBSDremains.)
386BSD and FreeBSD 1 were derived from 1992’s BSD release, thesubjectofAT&T’swrath.Asaresultofthelawsuit,allusersoftheoriginalBSDwererequestedtobaseanyfurtherworkonBSD4.4-Lite2.BSD4.4-Lite2 was not a complete operating system—in particular, those few filesAT&Thadretainedasproprietarywerevitaltothesystem’sfunction.(Afterall, if those files hadn’t been vital, AT&T wouldn’t have bothered!) TheFreeBSDdevelopmentteamworkedfranticallytoreplacethosemissingfiles,and FreeBSD 2.0 was released shortly afterward. Development hascontinuedeversince.
Today,FreeBSDisusedacrosstheinternetbysomeofthemostvitalandvisible internet-oriented companies.Netflix’s content delivery system runsentirely on FreeBSD. IBM,Dell/EMC, Juniper,NetApp, Sony andmanyotherhardwarecompaniesuseFreeBSDinembeddedsystemswhereyou’dneverevenknowitunlesssomeonetoldyou.Thefactis,ifacompanyneedstopumpseriousinternetbandwidth,it’sprobablyrunningFreeBSDoroneofitsBSDrelatives.
FreeBSD also finds its way into all sorts of embedded and dedicated-purpose devices. Do you have a PlayStation 4? Congratulations, you’rerunningFreeBSD.Iheararootshellishardtogetononeofthem,though.
Like smog, spiders, and corn syrup, FreeBSD is all around you; yousimply don’t see it because FreeBSD just works. The key to FreeBSD’sreliability is the development team and user community—which are really
thesamething.
FreeBSDDevelopmentThere’s an old saying that managing programmers is like herding cats.DespitethefactthattheFreeBSDdevelopmentteamisscatteredacrosstheworldandspeaksdozensoflanguages,forthemostpart,themembersworkwelltogetheraspartsoftheFreeBSDcommunity.They’remorelikeaprideof lions than a collection of house cats. Unlike some other projects, allFreeBSD development happens in public. Three groups of people areresponsibleforFreeBSD’sprogress:committers,contributors,andusers.
CommittersFreeBSD has about 500 developers, or committers.Committers have read-and-write access to the FreeBSD master source code repository and candevelop, debug, or enhance any piece of the system. (The term committercomes from their ability to commit changes to the source code.) Becausethese commits can break the operating system in both subtle and obviousways, committers carry a heavy responsibility.Committers are responsibleforkeepingFreeBSDworkingor,atworst,notbreakingitastheyaddnewfeatures and evaluate patches from contributors.Most of these developersarevolunteers;onlyahandfulareactuallypaidtodothispainstakingwork,and most of those people are paid only as it relates to other work. Forexample, Intel employs committers to ensure that FreeBSD properlysupports its network cards. FreeBSD has a high profile in the internet’sheavy-liftingcrowd,soIntelneedsitscardstoworkonFreeBSD.
To plug yourself into the beehive of FreeBSD development, [email protected],whichcontainsmost of the technical discussion. Some of the technical talk is broken outintomorespecificmailinglists—forexample,finedetailsofthenetworkingimplementationarediscussedinFreeBSD-net@FreeBSD.org.
Every few years, the committer team elects a small number of itsmembers to serve as a core team, orCore. Core’s work is simultaneouslyvital, underrated, andmisunderstood. Core is theoretically responsible fortheoverallmanagementofFreeBSD,butinpractice,itmanageslittleother
than resolving personality disputes and procedural conflicts amongcommitters.Corealsoapprovesnewcommittersanddelegatesresponsibilityfor large parts of FreeBSD to individuals or groups. For example, itdelegates authority over the ports and packages system to the portsmanagement team.Coredoesnot set architectural direction forFreeBSD,nordoesitdictateprocessesorprocedures;that’suptothecommitters,whomust agree en masse. Core does suggest, cajole, mediate, and inspire,however.
Core also experiences theworst part ofmanagement. Some of the keyfunctions of management in a company are oversight, motivation, andhandlingproblemsbetweenpeople.Oversightisprovidedbythemillionsofusers who will complain loudly when anything breaks or behavesunexpectedly,andFreeBSDcommittersareself-motivated.Theuglypartofmanagement is settling squabbles between two people, and that’s the partCoregets stuckwith.The statusonegets fromsaying“I’m inCore” is aninsufficient reward forhaving tomanage theoccasional argumentbetweentwo talenteddeveloperswho’vegottenon eachother’snerves.Fortunatelysuchdisagreementsarerareandusuallyresolvedquickly.
ContributorsInadditiontothecommitterteam,FreeBSDhasthousandsofcontributors.Contributorsdon’thave toworryaboutbreakingthemainoperatingsystemsource code repository; they submit their patches for consideration bycommitters.Committers evaluate contributor submissions anddecidewhattoacceptandwhattoreject.Acontributorwhosubmitsmanyhigh-qualitypatchesisoftenaskedtobecomeacommitterthemselves.
Forexample,IspentseveralyearscontributingtoFreeBSDwhenevertheurge struckme.Any time I feel that I’vewastedmy life, I can look at theFreeBSDwebsite and seewheremyworkwas acceptedby the committersanddistributedtothousandsofpeople.AfterIsubmittedthefirsteditionofthisbooktothepublisher,IspentmysparetimesubmittingpatchestotheFreeBSDFAQ.Eventually,somemembersoftheFreeBSDDocumentationProjectapproachedmeandaskedmetobecomeacommitter.Asareward,Igot an email address and the opportunity to humiliate myself beforethousands of people, once again demonstrating that no good deed goesunpunished.
IfIhadnevercontributedanything,I’dremainauser.Nothing’swrongwiththat,either.
UsersUsers are the people who run FreeBSD systems. It’s impossible torealistically estimate the number of FreeBSD users. While organizationssuchas theBSDstatsProject (http://www.bsdstats.org/)makeaneffort, theseprojects are opt-in.Theymeasure only folks who have installed FreeBSDand then installed the software that adds their system to the count.MostusersdownloadthewholeofFreeBSDforfreeandneverregister,upgrade,oremailamailinglist.WehavenoideahowmanyFreeBSDusersareintheworld.
SinceFreeBSDisbyfarthemostpopularopensourceBSD,that’snotaninconsiderable number of machines. And since one FreeBSD server canhandle hundreds of thousands of internet domains, a disproportionatenumber of sites use FreeBSD as their supporting operating system. Thismeans that there are hundreds of thousands, if not millions, of FreeBSDsystemadministratorsoutintheworldtoday.
OtherBSDsFreeBSDmightbe themostpopularBSD,but it’snot theonlyone.BSD4.4-Lite2 spawned several different projects, each with its own focus andpurpose.Those projects in turn had their own offspring, several of whichthrivetoday.
NetBSDNetBSD is similar toFreeBSD inmanyways, andNetBSDandFreeBSDsharedevelopersandcode.NetBSD’smaingoal is toprovidea secureandreliableoperatingsystemthatcanbeportedtoanyhardwareplatformwithminimal effort. As such,NetBSD runs on Vixens, PocketPC devices, andhigh-end SPARC and Alpha servers. I ran NetBSD on my HP Jornadahandheldcomputer.2
http://www.bsdstats.org/
OpenBSDOpenBSDbranchedoff fromNetBSD in1996with thegoal of becomingthe most secure BSD. OpenBSD was the first to support hardware-acceleratedcryptography,anditsdevelopersarerightfullyproudofthefactthat their default installation was largely immune to remote exploits forseveralyears.TheOpenBSDteamhascontributedseveralvaluablepiecesofsoftware to the world, including the LibreSSL TLS library and theOpenSSHsuiteusedbyalmosteveryonefromLinuxtoMicrosoft.
DragonFlyBSDDragonFlyBSDforkedfromFreeBSD4in2003.Itdevelopedinadifferentdirection than FreeBSD, with a new kernelmessaging system.DragonFlyBSD has very high performance and its HAMMER filesystem supportssnapshots and fine-grained history. Check out http://www.dragonflybsd.org/formoreinformation.
macOSApple’smacOS?That’sright.Appleincorporates largechunksofFreeBSDintoitsmacOSonanongoingbasis.Ifyou’relookingforastableoperatingsystemwithafriendlyfaceandapowerfulcore,macOSisunquestionablyforyou. While FreeBSD makes an excellent desktop for a computerprofessional,Iwouldn’tputitinfrontofarandomuser.IwouldputmacOSinfrontofthatsamerandomuserwithoutasecondthought,however,andI’d even feel that I was doing the right thing. ButmacOS includesmanythingsthataren’tatallnecessaryforaninternetserver,anditrunsonlyonApplehardware,soIdon’trecommenditasaninexpensivegeneral-purposeserver.
FreeBSD’sChildrenSeveralprojectshavetakenFreeBSDandbuiltotherprojectsorproductsontopofit.Theaward-winningFreeNAStransformsacommoditysystemintoa network fileserver. The pfSense project transforms your system into afirewall with a nice webmanagement interface.TrueOS gives FreeBSD afriendly face while supporting resource-intensive advanced features, like
http://www.dragonflybsd.org/
ZFS, while GhostBSD puts a friendly face on equipment with lesscomputingoomph.Otherprojectslikethisappearfromtimetotime;whilenotallaresuccessful, I’msurebythetimethisbookcomesout,we’llhaveoneortwomoresolidmembersofthisgroup.
OtherUnixesSeveralotheroperatingsystemsderivefromoremulateprimordialUnixinonewayoranother.Thislistisbynomeansexhaustive,butI’lltouchonthehighpoints.
SolarisThe best-known Unix might be Oracle Solaris. Solaris runs on high-endhardwarethatsupportsdozensofprocessorsandgobsofdisk.(Yes,gobsisatechnicalterm,meaningmorethanyoucouldpossiblyeverneed,andIknowverywell that you need more disk than I think you need.) Solaris, especially earlyversionsofSolaris,hadstrongBSDroots.Manyenterprise-levelapplicationsrun on Solaris. Solaris runs mainly on the SPARC hardware platformmanufacturedbySun,whichallowsSuntosupportinterestingfeatures,suchashot-swappablememoryandmainboards.
The Oracle Corporation acquired Solaris when they bought SunMicrosystems in 2009.Oracle ceased Solaris development in 2016.Whilethere’sstillanextensiveinstalledbaseofSolarissystemsandyoucanstillgetSolarisfromOracle,asoftoday,OracleSolarishasnofuture.
illumosSeveralyearsbeforeOraclepurchasedSunMicrosystems,Sunopensourcedthemajority of Solaris and sponsored theOpenSolaris project to improvethat codebase.OpenSolaris ran successfully untilOracle shut down sourceaccessandreclaimedalloftheOpenSolarisresources.
The OpenSolaris code was still available, though. The OpenSolariscommunityforkedOpenSolarisintoillumos(http://illumos.org/).IfyoumissSolaris, you can still use a free, modern, Solaris-like operating system.FreeBSD includes two important features fromOpenSolaris, theZetabyte
http://illumos.org/
Filesystem(ZFS)andDTrace,afull-systemtracingsystem.
AIXAnotherUnixcontenderisIBM’sentry,AIX.AIX’smainclaimtofameisitsjournalingfilesystem,whichrecordsalldisktransactionsastheyhappenandallows for fast recovery from a crash. Itwas also IBM’s standardUnix formanyyears, and anythingbackedbyBigBlue showsup all over theplace.AIX started life based on BSD, but AT&T has twiddled just abouteverythingsothatyouwon’tfindmuchBSDtoday.
LinuxLinuxisaclosecousinofUnix,writtenfromthegroundup.LinuxissimilartoFreeBSDinmanyways,thoughFreeBSDhasamuchlongerheritageandis friendlier to commercial use than Linux. Linux includes a requirementthatanyuserwhodistributesLinuxmustmakehisorherchangesavailabletotheenduser,whileBSDhasnosuchrestriction.Ofcourse,aLinuxfanwould say, “FreeBSD is more vulnerable to commercial exploitation thanLinux.” Linux developers believe in share-and-share-alike, while BSDdevelopers offer a no-strings-attached gift to everyone. It all depends onwhat’simportanttoyou.
ManynewUnixusershaveaperceptionofconflictbetweentheBSDandLinuxcamps.Ifyoudigalittledeeper,however,you’llfindthatmostofthedevelopers of these operating systems communicate and cooperate in afriendlyandopenmanner.It’sjustahardfringeofusersanddevelopersthatgenerate friction, much like different soccer teams’ hooligans or differentStarTrekseries’fans.3
OtherUnixesManyUnixeshavecomeandgone,whileothersstaggeron.Pastcontendersinclude Silicon Graphics’ IRIX, Hewlett-Packard’s HP/UX, Tru64 Unix,andthesuicidalSCOGroup’sUnixWare.Digfurtherandyou’llfindoldercastoffs,includingApple’sA/UXandMicrosoft’sXenix.(Yes,Microsoftwasa licensedUnixvendor,back in thatagewhendinosaurswatched theskiesnervously and my dad hunted mammoth for all the tribal rituals.) Many
high-end applications are designed to run best on one particular flavor ofUnix. AllmodernUnixes have learned lessons from these older operatingsystems,andtoday’sUnixesandUnix-likeoperatingsystemsareremarkablysimilar.
WHYUNIX-LIKE?
One thing to note is that FreeBSD, Linux, and so on arecalled Unix-like instead of Unix. The term Unix is atrademarkofTheOpenGroup.For anoperating system toreceive the right to call itself Unix, the vendor must provethat theOS complieswith the current versionof theSingleUnix Specification. While FreeBSD generally meets thestandard, continuous testing and recertification costmoney,which the FreeBSD Project doesn’t have to spare.CertificationasUnixalsorequiresthatsomeonesignapaperstatingnot only thatheor she is responsible forFreeBSD’sconformance to theSingleUnixSpecificationbut thatheorshewillfixanydeviationsfromthestandardthatarefoundinthe future. FreeBSD’s development model makes this evenmore difficult—bugs are found and deviations are fixed, butthere’snobodywhocansignapieceofpaperthatguarantees100percentstandardscompliance.
FreeBSD’sStrengthsAfterallthis,whatmakesFreeBSDunique?
PortabilityTheFreeBSDProject’sgoalistoprovideafreelyredistributable,stable,andsecureoperatingsystemthatrunsonthecomputerhardwarethatpeoplearemostlikelytohaveaccessto.PeoplehaveportedFreeBSDtoavarietyofless
popularplatformsaswell.The best supportedFreeBSDplatform is the common 64-bit hardware
developed by AMD, used by almost everyone, and even copied by Intel.FreeBSDalsofullysupportstheolder32-bitcomputers,suchas486sandallthe flavors of Pentiums. This book uses 64-bit commodity hardware, oramd64,asareferenceplatform.
FreeBSD runs well on several other hardware architectures but is notcompletely supported yet. These include 32-bit ARM processors andPowerPC. While these other platforms are not afterthoughts, they don’treceivethesamelevelofattentionthatx86andamd64do.The64-bitARMplatform is expected to becomeTier 1 shortly after this book comes out,however.
YoucanalsoloadFreeBSDoncertainolderarchitectures,suchas64-bitSPARC.Theseplatformswereoncewellsupportedbutareontheirwayout.
PowerSinceFreeBSDrunsadequatelyon486processors,itrunsextremelywellonmoderncomputers.It’srathernicetohaveanoperatingsystemthatdoesn’tdemand 8 cores and 12 gigs of RAM just to run the user interface. As aresult,youcanactuallydedicateyourhardware toaccomplishingrealworkrather than tasks you don’t care about. If you choose to run a prettygraphical interface with all sorts of spinning gewgaws and fancy whistles,FreeBSD will support you, and it won’t penalize you if you chooseotherwise.FreeBSDwillalsosupportyouonthelatestn-CPUhardware.
SimplifiedSoftwareManagementFreeBSD also simplifies software management through the packagingsystemandthePortsCollection.Traditionally,runningsoftwareonaUnix-like system required a great deal of expertise. Packages and ports simplifythisconsiderablybyautomatinganddocumentingtheinstall,uninstall,andconfigurationprocessesforthousandsofsoftwarepackages.
WediscusspackagesinChapter15andportsinChapter16.
CustomizableBuilds
FreeBSDprovidesapainlessupgradeprocedure,butitalsoletsyoupreciselycustomizetheoperatingsystemforyourhardware.CompanieslikeAppledoexactlythis,buttheycontrolboththehardwareandthesoftware;FreeBSDpullsoffthesametrickoncommodityhardware.
AdvancedFilesystemsAfilesystemishowinformationisstoredonthephysicaldisk—it’swhatmapsthe fileMyResume toa seriesofzerosandonesonaharddrive.FreeBSDincludes two well-supported filesystems, UFS (Chapter 11) and ZFS(Chapter 12). UFS has been around for multiple decades and is highlydamage-resistant. ZFS is younger but includes features such as networkreplicationandself-healing.
WhoShouldUseFreeBSD?WhileFreeBSDcanbeusedasapowerfuldesktopordevelopmentmachine,itshistoryshowsastrongbiastowardnetworkservices:web,mail, file,andancillary applications. FreeBSD is most famous for its strengths as aninternetserver,andit’sanexcellentchoiceasanunderlyingplatformforanynetworkservice.IfmajorfirmssuchasNetflixcountonFreeBSDtoprovidereliableservice,itwillworkaswellforyou.
If you’re thinking of runningFreeBSD (or anyUnix) on your desktop,you’llneedtounderstandhowyourcomputerworks.FreeBSDisnotyourbestchoice ifyouneedpoint-and-clicksimplicity. If that’syourgoal,getaMac so you can use the power of Unix when you need it and not worryaboutittherestofthetime.IfyouwanttolearnFreeBSD,though,runningitonyourdesktopisthebestway—aswe’lldiscusslater.
WhoShouldRunAnotherBSD?NetBSD and OpenBSD are FreeBSD’s closest competitors. Unlikecompetitors in the commercial world, this competition is mostly friendly.FreeBSD,NetBSD,andOpenBSDfreelysharecodeanddevelopers; somepeopleevenmaintainthesamesubsystemsinmultipleoperatingsystems.
Ifyouwanttouseoldoroddballhardware,NetBSDisagoodchoicefor
you.Forseveralyears,IranNetBSDonanancientSGIworkstationthatIused as aDomainNameSystem (DNS) and fileserver. It did the jobwelluntilthehardwarefinallyreleasedacloudofsmokeandstoppedworking.
OpenBSD has implemented an impressive variety of security features.Some of the tools are eventually integrated into FreeBSD, but that takesmonths or years. Some of the tools can never be duplicated in FreeBSD,however.IfyouhaverealsecurityconcernsandcanuseaUnix-likesystemwithoutthefeaturesetFreeBSDprovides,considerOpenBSD.TakealookatmybookAbsoluteOpenBSD(NoStarchPress,2013)foranintroduction.
Ifyou’rejustexperimentingtoseewhat’soutthere,anyBSDisgood!
WhoShouldRunaProprietaryOperatingSystem?Operating systems such as macOS,Windows, AIX, and their ilk are stillquite popular, despite the open source operating systems gnawing at theirmarket share. High-end enterprises are pretty tightly shackled tocommercial operating systems. While this is slowly changing, you’reprobably stuck with commercial operating systems in such environments.But slipping in an occasional FreeBSD machine to handle basic services,such asmonitoring and department file serving, canmake your lifemucheasieratmuchlowercost.CompanieslikeDell/EMC/IsilonhavebuiltentirebusinessesusingFreeBSDinsteadofcommercialoperatingsystems.
Ofcourse,ifthesoftwareyouneedrunsonlyonaproprietaryoperatingsystem, your choice is pretty clear. Still, always ask a vendor whether aFreeBSDversionisavailable;youmightbepleasantlysurprised.
HowtoReadThisBookManycomputerbooksarethickandheavyenoughtostunanox,ifyouhavethe strength to lift themhigh enough.Plus, they’re either encyclopedic inscopeorsopainfullydetailedthatthey’redifficult toactuallyread.Doyoureallyneedtoreferenceascreenshotwhenyou’retoldtoclickOKoracceptthelicenseagreement?Andwhenwasthelasttimeyouactuallysatdowntoreadtheencyclopedia?
AbsoluteFreeBSD isa littledifferent.It’sdesignedtobereadonce,from
fronttoback.Youcanskiparoundifyouwantto,buteachchapterbuildsonwhatcomesbefore it.While this isn’ta smallbook, it’s smaller thanmanypopular computer books. After you’ve read it once, it makes a decentreference.
Ifyou’reafrequentbuyerofcomputerbooks,pleasefeelfreetoinsertallthatusualcrudabout“readachapteratatimeforbestlearning”andsoon.I’mnot going to coddle you—if youpicked up this book, you either havetwobraincellstorubtogetheroryou’revisitingsomeonewhodoes.(Ifit’sthelatter,hopefullyyourhostissmartenoughtotakethisbookawayfromyoubeforeyoulearnenoughtobecomedangerous.)
WhatMustYouKnow?ThisbookisaimedatthenewUnixadministrator.Threedecadesago,theaverage Unix administrator had kernel programming experience and wasworkingon theirmaster’sdegree in computer science.Evenadecade ago,theywerealreadyaskilledUnixuserwithrealprogrammingskillsandmostofabachelor’sdegree incompsci.Today,Unix-likeoperatingsystemsarefreely available, computers are cheaper than food, and even 12-year-oldchildrencanrunUnix,readthesourcecode,andlearnenoughtointimidateolderfolks.Assuch,Idon’texpectyoutoknowahugeamountaboutUnixbeforefiringitup.
Touse thisbook to its full potential, youneed tohave familiaritywithsomebasictasks,suchashowtochangedirectories, listfilesinadirectory,and log inwithausernameandpassword. Ifyou’renot familiarwithbasiccommands and the Unix shell, I recommend you begin with a book likeUNIXSystemAdministrationHandbookbyEviNemethandfriends(PrenticeHallPTR,2017).Tomakethingseasieronnewersystemadministrators,Iinclude the exact commands needed to produce the desired results. If youlearnbestbyexample,youshouldhaveeverythingyouneedrighthere.
You’ll also need to know something about computer hardware—not ahugeamount,mindyou,butsomething.IthelpstoknowhowtorecognizeaSATAcable.Yourneedforthisknowledgedependsonthehardwareyou’reusing,butifyou’reinterestedenoughtopickupthisbookandreadthisfar,youprobablyknowenough.
FortheNewSystemAdministratorIfyou’renewtoUnix,thebestwaytolearnistoeatyourowndogfood.No,I’mnotsuggestingthatyoudinewithRover.Ifyouranadogfoodcompany,you’dwant tomakeaproduct thatyourowndogeatshappily. Ifyourdogturnshisnoseupatyourlatestrecipe,youhaveaproblem.Thepointhereisthatifyouworkwithatoolorcreatesomething,youshouldactuallyuseit.The same thing applies to any Unix-like operating system, includingFreeBSD.
DesktopFreeBSDIfyou’reseriousaboutlearningFreeBSD,Isuggestwipingouttheoperatingsystem on yourmain computer and running FreeBSD instead.No, not adesktop-oriented FreeBSDderivative likeTrueOS orGhostBSD: run rawFreeBSD. Yes, I know, now that dog food doesn’t sound so bad. Butlearninganoperatingsystemis like learninga language; total immersionisthequickestandmostpowerfulwaytolearn.That’swhatIdid,andtodayIcanmakeaUnix-likesystemdoanythingIwant.I’vewrittenentirebooksona FreeBSD laptop, using the open source text editor XEmacs and theLibreOffice.orgbusinesssuite.I’vealsousedFreeBSDtowatchmovies,ripand listen toMP3s,balancemybankaccounts,processmyemail, and surfthe web. The desktop in my lab has a dozen animated BSD daemonsrunningaroundthewindowmanager,andIoccasionallytakeabreaktozapthemwithmymouse.Ifthisdoesn’tcountasaStupidDesktopTrick,Idon’tknowwhatdoes.4
Many Unix system administrators these days come from a Windowsbackground. They’re beavering away in their little world when theirmanagerswoopsbyandsays,“Youcanhandleonemoresystem,can’tyou?Glad to hear it! It’s aUnix box, by the way,” and then vanishes into themanagerialether.OncethenewUnixadministratordecidesnottoquitherjobandstartafreshandexcitingcareerasawhalenecropsytechnician,shetentativelypokesatthesystem.Shelearnsthatlsislikedirandthatcdisthesameonbothplatforms.Shecanlearnthecommandsbyrote,reading,andexperience.What she can’t learn, coming from this background, is how aUnix machine thinks. Unix will not adjust to you; you must adjust to it.Windows andmacOS require similar adjustments but hide thembehind a
glitteringfacade.Withthatinmind,let’sspendalittletimelearninghowtothinkaboutUnix.
HowtoThinkAboutUnixThesedays,mostUnixsystemscomewithprettyGUIsoutofthebox,butthey’re just eye candy. No matter how graphically delicious the desktoplooks,therealworkhappensonthecommandline.TheUnixcommandlineis actually one ofUnix’s strengths, and it’s responsible for its unparalleledflexibility.
Unix’sunderlyingphilosophyismanysmalltools,eachofwhichdoesasinglejob well. My mail server’s local programs directory (/usr/local/bin) has 262programs in it. I installed every one of them, either directly or indirectly.Mostaresmall,simpleprogramsthatdoonlyonetask.Thisarrayofsmalltools makes Unix extremely flexible and adaptable. Many commercialsoftware packages try to do everything; they wind up with all sorts ofcapabilities but only mediocre performance in their core functions.Remember, at one time you needed to be a programmer to use a Unixsystem,letalonerunone.Programmersdon’tmindbuildingtheirowntools.TheUnixconceptofpipesencouragedthis.
PipesPeople used to GUI environments, such as Windows and macOS, areprobablyunfamiliarwithhowUnixhandlesoutputandinput.They’reusedtoclickingsomethingandseeingeitheranOKmessage,anerror,nothing,or(alltoooften)aprettybluescreenwithniftyhigh-techlettersexplaininginthelanguagecalledGeekwhythesystemcrashed.Unixdoesthingsalittledifferently.
Unixprogramshavethreechannelsofcommunication,orpipes:standardinput,standardoutput,andstandarderror.Onceyouunderstandhoweachof thesepipesworks,you’reagoodwayalong tounderstanding thewholesystem.
Standard input is thesourceof information.Whenyou’reat theconsoletypingacommand,thestandardinputisthedatacomingfromthekeyboard.Ifaprogramis listeningtothenetwork,thestandardinputisthenetwork.Many programs can rearrange standard input to accept data from the
network,afile,anotherprogram,thekeyboard,oranyothersource.The standard output iswhere the program’s output is displayed.This is
frequently the console (screen). Network programs usually return theiroutput to the network. Programs might send their output to a file, toanother program, over the network, or anywhere else available to thecomputer.
Finally, standard error is where the program sends its error messages.Frequently,consoleprogramsreturntheirerrorstotheconsole;others logerrorsinafile.Ifyousetupaprogramincorrectly,itjustmightdiscardallerrorinformation.
These three pipes can be arbitrarily arranged, a concept that’s perhapsthe biggest hurdle for newUnix users and administrators. For example, ifyoudon’tliketheerrormessagesappearingontheterminal,youcanredirectthemtoafile.Ifyoudon’twanttorepeatedlytypealotofinformationintoacommand,youcanputtheinformationintoafile(soyoucanreuseit)anddump the file into the command’s standard input.Or,better still, you canrunacommandtogeneratethatinformationandputitinafile,orjustpipe(send)theoutputofthefirstcommanddirectlytothesecond,withoutevenbotheringwithafile.
SmallPrograms,Pipes,andtheCommandLineTaken to their logicalextreme, these input/outputpipesand thevarietyoftools seemoverwhelming.WhenI sawa sysadmin typesomething like thefollowing during my initial Unix training session, I gave seriousconsiderationtochangingcareers.
$ tail -f /var/log/messages | grep -v popper | grep -v named &
Linesofincomprehensibletextbeganspillingacrossthescreen,andtheykept coming. Andworse still,mymentor kept typing as gibberish pouredout!Ifyou’refromapoint-and-clickcomputingenvironment,alongstringof commands like this is definitely intimidating.What do all those funkywordsmean?Andanampersand?Youwantmetolearnwhat?
Thinkoflearningtousethecommandlineaslearningalanguage.Whenlearning a language, we start with simple words. As we increase ourvocabulary,we also learnhow to string thewords together.We learn thatplacing words in a certain order makes sense, and that a different order
makes no sense at all. You didn’t speak that well at three years old—giveyourselfsomeslackandyou’llgetthere.
Small, simple programs and pipes provide almost unlimited flexibility.Haveyoueverwishedyoucoulduseafunctionfromoneprograminanotherprogram?Byusing a varietyof smallerprograms and arranging the inputsandoutputsasyoulike,youcanmakeaUnixsystembehaveinanymannerthat amuses you.Eventually, you’ll feel positively hogtied if you can’t justrunacommand’soutputthrough| sort -rnk 6 | less.5
EverythingIsaFileYoucan’tbearoundUnixforverylongbeforehearingthateverythingisafile.Programs,accountinformation,andsystemconfigurationareallstoredin files.Unix has noWindows-style registry; if you back up the files, youhavethewholesystem.
What’smore, the system identifies systemhardware as files!YourCD-ROMdriveisafile,/dev/cd0.Serialportsappearasfileslike/dev/cuaa0.Evenvirtualdevices,suchaspacketsniffersandpartitionsonharddrives,arefiles.
Whenyouhaveaproblem,keepthisfactinmind.Everythingisafile,orisinafile,somewhereonyoursystem.Allyouhavetodoisfindit!
NotesontheThirdEditionAbsoluteBSD(NoStarchPress,2002)wasmyfirsttechnologybookandwaswrittenwhenthevariousBSDoperatingsystemshadmoreincommonthanthey wanted to admit. The second edition, Absolute FreeBSD (No StarchPress,2007),cameoutaftertheBSDshaddiverged,anddetailedFreeBSD’sadvances in the previous five years. With another decade of growth,FreeBSD has evolved to compete with the best commercial operatingsystems. You’ll find multiple top-tier filesystems. Disk management haschangedtoaccommodatenewpartitioningmethods.Virtualizationisnowathing,andFreeBSDsupportsitaseitheraclientorahost.
Thisgrowthhasdrivenchangesinthisbook.Wewon’tdiscussconfiguringmail,DNS,orwebservers.Youhavemore
software choices for these tasks than ever before. Entire books have beenwrittenaboutthosechoicesandhowtousethem.I’vewrittensomeofthose
books.ThosetopicshavebeendroppedtomakespaceforFreeBSD-specificmaterial,likeZFSandjails.
Some of these new features are hugely complex.Complete coverage ofZFSwouldfillentirebooks—Iknow,becauseI’vewrittenthosebooks,too.FreeBSD supports a whole bunch of special-purpose filesystems, eachincrediblyusefultothefolkswhoneedthemandtotallyirrelevanttothosewho don’t. Rather thanwrite amonster tome that nobodywould actuallyread, I’ve elected to cover thematerial that everyFreeBSD sysadminmustknow. If you’re interested in deeper coverage of a particular topic, it’savailable.
Some subsystems are undergoing radical revision. I couldwait towritethisbookuntileveryFreeBSDsubsystemhasastable interface,butthenitwouldcomeoutabout . . .never.AsIwrite this, thebhyvedevelopersareactively rototilling their entire configuration system. Given the choicebetween glossing over a topic and providing flat-out wrongmaterial, I’vechosen to skip detail on bhyve. I hope to be able to delete this paragraphbeforethisbookgoestopress.
I’ve ruthlessly excised obsolete information from this edition. Forexample, modern disk drives don’t generally have to worry about writecaching.Ifyoudiscoverthatapieceofadviceyourememberusingdoesn’tappear in this book, please check FreeBSD’s information resources to seewhetherthatadviceisstillapplicable.
ContentsofThisBookAbsoluteFreeBSD,3rdEditioncontainsthefollowingchapters.
Chapter1:GettingMoreHelpThis chapter discusses the information resources the FreeBSD Projectand its devotees provide for users.No one book can cover everything,but knowing how to use themany FreeBSD resources on the internethelpsfillanygapsyoufindhere.
Chapter2:BeforeYouInstallGettingFreeBSDinstalledisn’tthathard.Makepoorchoicesduringtheinstall,though,andyou’llhaveasystemthatisn’tsuitedforyourneeds.
Thebestway to avoid reinstalling is to think about your requirementsandmake all thedecisionsbeforehand so that the actual install doesn’trequireanythought.
Chapter3:InstallingThischaptergivesyouanoverviewofinstallingFreeBSDusingdifferentpartitioningschemesandfilesystems.
Chapter4:StartMeUp!TheBootProcessThis chapter teaches you about theFreeBSDbootprocess andhow tomakeyoursystemstart,stop,andrebootindifferentconfigurations.
Chapter5:ReadThisBeforeYouBreakSomethingElse!(BackupandRecovery)
Herewediscusshowtobackupyourdataonbothasystem-wideandafile-by-filelevel,andhowtomakeyourchangessothattheycanbeeasilyundone.
Chapter6:KernelGamesThis chapter describes configuring the FreeBSD kernel. Unlike someother operating systems, you’re expected to tune FreeBSD’s kernel tobest suit your purposes. This gives you tremendous flexibility and letsyouoptimizeyourhardware’spotential.
Chapter7:TheNetworkHere we discuss the TCP/IP protocol that underlies the moderninternet,bothversion4andversion6.
Chapter8:ConfiguringtheNetworkFreeBSD doesn’t only shuffle packets crazy fast, but it also supportsvirtual LANs, link aggregation, and more.We’ll configure all of thathere.
Chapter9:SecuringYourSystemThischapterteachesyouhowtomakeyourcomputerresistattackersandintruders.
Chapter10:Disks,Partitioning,andGEOMThis chapter covers someof thedetails ofworkingwithharddrives inFreeBSD. Working with modern hardware means understandingmultiple partitioning schemes, disk alignment, and FreeBSD’s diskmanagementinfrastructure.
Chapter11:TheUnixFileSystemUFS has been FreeBSD’s standard filesystem for decades, and theconcepts of UFS pervade the whole operating system. Whether youintendtouseUFSornot,youmustunderstanditsessentials.
Chapter12:TheZFileSystemZFS is a newer filesystem very popular on larger systems. If you’remanaginglargeamountsofdata,you’llwantZFS.
Chapter13:ForeignFilesystemsEvery sysadmin needs to mount disks over the network or use ISOswithout burning them to CD. This chapter takes you through thoseduties,aswellasintroducingFreeBSD-specificfilesystemslikedevfs.
Chapter14:Exploring/etcThischapterdescribesthemanyconfigurationfilesinFreeBSDandhowtheyoperate.
Chapter15:MakingYourSystemUsefulHereIdescribethepackagessystemthatFreeBSDusestomanageadd-onsoftware.
Chapter16:CustomizingSoftwarewithPortsSometimestheprebuiltpackageswon’tcovereverythingyouneed.Youcan leverage FreeBSD’s package-building system to create your ownsoftwarepackages,tunedtomeetyourexactneeds.
Chapter17:AdvancedSoftwareManagementThis chapterdiscusses someof the finerpointsof running softwareonFreeBSDsystems.
Chapter18:UpgradingFreeBSDThis chapter teaches you how to use FreeBSD’s upgrade process.Theupgrade system is among the most remarkable and smooth of anyoperatingsystem.
Chapter19:AdvancedSecurityFeaturesHerewediscusssomeofthemoreinterestingsecurityfeaturesfoundinFreeBSD.
Chapter20:SmallSystemServicesHerewe discuss someof the small programs you’ll need tomanage inordertouseFreeBSDproperly.
Chapter21:SystemPerformanceandMonitoringThis chapter covers some of FreeBSD’s performance-testing andtroubleshooting tools and shows you how to interpret the results.WealsodiscussloggingandFreeBSD’sSNMPimplementation.
Chapter22:JailsFreeBSDhasaprocess-isolationsubsystem,muchlikeLinuxandSolariscontainers, called jails. We’ll cover the jail system and how you canleverageitforsystemsecurity.
Chapter23:TheFringeofFreeBSDThischapterteachesyousomeofthemoreinterestingtricksyoucandowithFreeBSD,suchasrunningsystemswithoutdisksandwithtinydisks,aswellascloud-friendlyfeatures,likelibxo.
Chapter24:ProblemReportsandPanicsThischapter teachesyouhowtodealwiththoserareoccasionswhenaFreeBSDsystemfails,howtodebugproblems,andhowtocreateausefulproblemreport.
You’ll also find an annotated bibliography, an afterword, and a reallyspiffyprofessionallypreparedindex.
Okay,enoughintroductorystuff.Onward!
1GETTINGMOREHELP
Asthickasthisbookis,itstillcan’tpossiblycovereverythingyoumustknowabout FreeBSD. After all, Unix has been kicking around for close to 50years,BSDispushing40,andFreeBSDisoldenoughtohaveitsdoctorate.Even if youmemorize this book, itwon’t cover every situation youmightencounter. The FreeBSD Project supports a huge variety of informationresources,includingnumerousmailinglistsandtheFreeBSDwebsite,nottomention the officialmanual andHandbook. Its usersmaintain evenmoredocumentation on even more sites. The flood of information can beoverwhelminginitself,anditcanmakeyouwanttojustemailtheworldandbeg for help. But before you send a question to a mailing list or forum,confirmthattheinformationyouneedisn’talreadyavailable.
WhyNotBegforHelp?FreeBSD provides two popular resources for assistance: mailing lists andforums.Manyparticipantsonbothareveryknowledgeableandcananswerquestions veryquickly.Butwhenyou sendaquestion to these communitysupport resources, you’re asking tens of thousands of people all over theworldtotakeamomenttoreadyourmessage.You’realsoaskingthatoneormoreofthemtakethetimetohelpyouinsteadofwatchingafavoritemovie,enjoyingdinnerwiththeirfamilies,orcatchinguponsleep.Problemsarisewhen these experts answer the same question 10, 50, or even hundreds oftimes.Theybecomegrumpy.Somegetdownrighttetchy.
Whatmakesmattersworseisthatmanyofthesesamepeoplehavespent
agreatdealoftimeandeffortmakingtheanswerstomostofthesequestionsavailable elsewhere. If you make it clear that you’ve already searched theresources and your answer really doesn’t appear therein, you’ll probablyreceive a polite, helpful answer. If you ask a question that’s already beenaskedseveralhundredtimes,however,theexpertonthatsubjectjustmightsnapandgoballisticonyou.Doyourhomework,andchancesareyou’llgetananswermorequicklythanafreshcallforassistancecouldprovide.
TheFreeBSDAttitude“Homework?Whatdoyoumean?AmIbackinschool?Whatdoyouwant,burntofferingsonbendedknee?”Yes,youare in school.The informationtechnologybusinessisnothingbutlifelong,self-guidedlearning.Getusedtoitorgetout.Burntofferings,ontheotherhand,aredifficulttotransmitviaemailandaren’tquitesousefultoday.
Most commercial software conceals its innerworkings.Theonly accessyouhave to them is through theoptionspresentedby thevendor.Even ifyou want to learn how something works, you probably can’t. Whensomethingbreaks,youhavenochoicebuttocallthevendorandgrovelforhelp.Worse, thepeoplepaid tohelpyou frequentlyknowlittlemore thanyoudo.
If you’ve never worked with open source software vendors, FreeBSD’ssupportmechanismmightsurpriseyou.Thereisnotoll-freenumbertocallandnovendortoescalatewithin.No,youmaynotspeaktoamanagerandfor a good reason: you are the manager. Congratulations on yourpromotion!
SupportOptionsThatbeingsaid,you’renotentirelyonyourown.TheFreeBSDcommunityincludesnumerousdevelopers,contributors,anduserswhocareverydeeplyabout FreeBSD’s quality, and they’re happy to work with users who arewilling to do their share of the labor. FreeBSD provides everything youneed:completeaccesstothesourcecodeusedtocreatethesystem,thetoolsneededtoturnthatsourcecodeintoprograms,andthesamedebuggersusedbythedevelopers.Nothingishidden;youcanseetheinnards,wartsandall.YoucanviewFreeBSD’sdevelopmenthistorysincethebeginning,including
everychangeevermadeandthereasonforit.Thesetoolsmightbebeyondyour abilities, but that’s not the Project’s problem. Various communitymembersareevenhappytoprovideguidanceasyoudevelopyourownskillsso you canuse those tools yourself.You’ll have lots ofhelp fulfilling yourresponsibilities.
As a grossly overgeneralized rule, people help those like themselves. Ifyouwant touseFreeBSD, youmustmake the jump fromeatingwhat thevendorgivesyou to learninghowtocook.Everymemberof theFreeBSDuser community learned how to use it, and they welcome interested newuserswithopenarms.Ifyoujustwanttoknowwhattotypewithoutreallyunderstanding what’s going on behind the scenes, you’ll be better offreading the documentation; the general FreeBSD support communitysimplyisn’tmotivatedtohelpthosewhowon’thelpthemselvesorwhocan’tfollowinstructions.
IfyouwanttouseFreeBSDbuthaveneitherthetimenortheinclinationtolearnmore,investinacommercialsupportcontract.ItmightnotbeabletoputyouintouchwithFreeBSD’sowner,butatleastyou’llhavesomeoneto yell at. You’ll find several commercial support providers listed on theFreeBSDwebsite.
It’salsoimportanttorememberthattheFreeBSDProjectmaintainsonlyFreeBSD. If you’re having trouble with some other piece of software, aFreeBSDmailing list isnot theplace to ask forhelp.FreeBSDdevelopersaregenerallyproficientinavarietyofsoftware,butthatdoesn’tmeantheywanttohelpyou,say,configureKDE.
The first part of your homework, then, is to learn about the resourcesavailable beyond this book. These include the integrated manual, theFreeBSDwebsite,themailinglistarchives,andotherwebsites.
ManPagesManpages(shortformanualpages)aretheprimordialwayofpresentingUnixdocumentation. While man pages have a reputation for being obtuse,difficult, or even incomprehensible, they’re actually quite friendly—forparticular users. When man pages were first created, the average systemadministratorwasaCprogrammerand,asaresult, thepageswerewrittenbyprogrammers,forprogrammers.Ifyoucanthinklikeaprogrammer,man
pages are perfect for you. I’ve tried thinking like a programmer, but Iachievedrealsuccessonlyafterremainingawakefortwodaysstraight.(Lotsofcaffeineandahighfeverhelp.)
Over the last several years, the skill level required for systemadministrationhasdropped;nolongermustyoubeaprogrammer.Similarly,man pages have become more and more readable. Man pages are nottutorials,however;theyexplainthebehaviorofoneparticularprogram,nothow to achieve a desired effect. While they’re neither friendly norcomforting,theyshouldbeyourfirstlineofdefense.Ifyousendaquestiontoamailinglistwithoutcheckingthemanual,you’relikelytogetatersemanwhateverinresponse.
ManualSectionsTheFreeBSDmanual is divided intonine sections.Roughly speaking, thesectionsare:
1. Generalusercommands2. Systemcallsanderrornumbers3. Cprogramminglibraries4. Devicesanddevicedrivers5. Fileformats6. Gameinstructions7. Miscellaneousinformation8. Systemmaintenancecommands9. Kernelinterfaces
Each man page starts with the name of the command it documentsfollowed by its section number in parentheses, like this: reboot(8).Whenyouseesomethinginthisformatinotherdocuments,it’stellingyoutoreadthatmanpageinthatsectionofthemanual.Almosteverytopichasamanpage.Forexample,toseethemanpagefortheeditorvi,typethiscommand:
$ man vi
Inresponse,youshouldseethefollowing:
VI(1) FreeBSD General Commands Manual VI(1)
NAME ex, vi, view - text editors
SYNOPSIS ex [-FRrSsv] [-c cmd] [-t tag] [-w size] [file ...] vi [-eFRrS] [-c cmd] [-t tag] [-w size] [file ...] view [-eFrS] [-c cmd] [-t tag] [-w size] [file ...]
DESCRIPTION vi is a screen-oriented text editor. ex is a line-oriented text editor. ex and vi are different interfaces to the same program, and it is possible to switch back and forth during an edit session. view is the equivalent of using the -R (read-only) option of vi.:
Thepagestartswiththetitleofthemanpage(vi)andthesectionnumber(1), and then itgives thenameof thepage.Thisparticularpagehas threenames:ex,vi,andview.Typingman exorman viewwouldtakeyoutothissamepage.
NavigatingManPagesOnceyou’reinamanpage,pressingthespacebarorthePGDNkeytakesyouforwardonefullscreen.Ifyoudon’twanttogothatfar,pressingENTERorthedownarrowscrollsdownone line.Typingborpressing thePGUP keytakesyoubackonescreen.Tosearchwithinamanpage,type/followedbythewordyou’researchingfor.You’ll jumpdowntothefirstappearanceoftheword,whichwillbehighlighted.Typingnsubsequentlytakesyoutothenextoccurrenceoftheword.
Thisassumesthatyou’reusingthedefaultBSDpager,more(1).Ifyou’reusing a different pager, use that pager’s syntax.Of course, if you know somuchaboutUnixthatyou’vealreadysetyourpreferreddefaultpager,you’veprobablyskippedthispartofthebook.
FindingManPagesNewusersoftensaythatthey’dbehappytoreadthemanpagesiftheycouldfind the right one. You can perform basic keyword searches on the manpages with apropos(1) and whatis(1). To search any man page name ordescription that includes the word you specify, use apropos(1). Tomatch
onlywholewords,usewhatis(1).Forexample, ifyou’re interestedinthevicommand,youmighttrythefollowing:
$ apropos viunvis(1) - revert a visual representation of data back to original formvidcontrol(1) - system console control and configuration utilityvis(1) - display non-printable characters in a visual formatmadvise, posix_madvise(2) - give advice about use of memoryposix_fadvise(2) - give advice about use of file data--snip--
Thiscontinuesforatotalof581entries,whichisprobablyfarmorethanyouwanttolookat.Mostofthesehavenothingtodowithvi(1),however;thelettersvi justappearinthenameordescription.Devicedriver isafairlycommon term in themanual, so that’s not surprising.On the other hand,whatis(1)givesmoreusefulresultsinthiscase.
$ whatis vivi, ex, view, nex, nvi, nview(1) - text editors$
Wegetonlyoneresult,clearlywithrelevancetovi(1).Onothersearches,apropos(1) gives better results than whatis(1). Experiment with both andyou’llquicklylearnhowtheyfityourstyle.
Theman -kcommandemulatesapropos(1),whileman -femulateswhatis(1).
SectionNumbersandManYoumight findcaseswhereasinglecommandappears inmultiplepartsofthemanual.Forexample,everymansectionhasan introductorymanpagethatexplainsthecontentsofthesection.Tospecifyasectiontosearchforamanpage,givethenumberimmediatelyafterthemancommand.
$ man 3 intro
Thispullsuptheintroductiontosection3ofthemanual.Irecommendyoureadthe intropagestoeachsectionofthemanual, ifonlytohelpyouunderstandthebreadthanddepthofinformationavailable.
ManPageContentsManpagesaredividedintosections.Whiletheauthorcanputjustaboutany
headingheorshe likes intoamanpage, severalarestandard.Seemdoc(7)forapartiallistoftheseheadingsaswellasothermanpagestandards:
NAMEgivesthename(s)ofaprogramorutility.Someprogramshavemultiple names—for example, the vi(1) text editor is also available asex(1)andview(1).SYNOPSIS lists the possible command line options and theirarguments,orhowalibrarycallisaccessed.IfI’malreadyfamiliarwitha programbut just can’t remember the option I’m looking for, I findthatthisheaderissufficienttoremindmeofwhatIneed.DESCRIPTIONcontainsabriefdescriptionoftheprogram,library,orfeature. The contents of this section vary widely depending on thetopic, as programs, files, and libraries all have very differentdocumentationrequirements.OPTIONSgivesaprogram’scommandlineoptionsandtheireffects.BUGSdescribesknownproblemswiththecodeandcanfrequentlysavealotofheadaches.Howmanytimeshaveyouwrestledwithacomputerproblemonlytolearnthatitdoesn’tworkthewayyou’dexpectunderthosecircumstances?ThegoaloftheBUGSsectionistosaveyoutimebydescribingknownerrorsandotherweirdnesses.1
EXAMPLES gives sample uses of the program. Many programs areverycomplicated,andacouplesamplesofhowthey’reusedclarifymorethananylistofoptionspossiblycan.HISTORYshowswhenthecommandorcodewasaddedtothesystemand,ifitisnotoriginaltoFreeBSD,whereitwasdrawnfrom.SEEALSO is traditionally the last sectionof amanpage.Rememberthat Unix is like a language and the system is an interrelated whole.Likeducttape,theSEEALSOlinksholdeverythingtogether.
If you don’t have access to the manual pages at the moment, manywebsitesofferthem.AmongthemisthemainFreeBSDwebsite.
FreeBSD.orgThe FreeBSD website (http://www.freebsd.org/) contains a variety ofinformation about general FreeBSD administration, installation, and
http://www.freebsd.org/
management.ThemostusefulportionsaretheHandbook,theFAQ,andthemailinglistarchives,butyou’llalsofindawidenumberofarticlesondozensoftopics.InadditiontodocumentsaboutFreeBSD,thewebsitecontainsagreatdealofinformationabouttheFreeBSDProject’sinternalmanagementandthestatusofvariouspartsoftheProject.
WebDocumentsThe FreeBSD documentation is divided into articles and books. Thedifference between the two is highly arbitrary: as a rule, books are longerthanarticlesandcoverbroadertopics,whilearticlesareshortandfocusonasingle topic. The two books that should most interest new users are theHandbookandtheFrequentlyAskedQuestions(FAQ).
The Handbook is the FreeBSD Project’s tutorial-style manual. It iscontinuouslyupdated,describeshowtoperformbasicsystemtasks,andisanexcellentreferencewhenyou’re first startingaproject. IdeliberatelychosenottoincludesometopicsinthisbookbecausetheyhaveadequatecoverageintheHandbook.
The FAQ is designed to provide quick answers to the questions mostfrequentlyaskedon theFreeBSDmailing lists.Someof theanswersaren’tsuitableforinclusionintheHandbook,whileothersjustpointtotheproperHandbookchapterorarticle.
Several other books cover a variety of topics, such as The FreeBSDDevelopers’ Handbook, The Porter’s Handbook, and The FreeBSDArchitectureHandbook.
Ofthe50orsoarticlesavailable,somearekeptonlyforhistoricalreasons(such as the original BSD 4.4 documentation), while others discuss thesubtleties of specific parts of the system, such as serial ports or buildingfilteringbridges.
On the other hand, the official documentation is also pruned. TheHandbook and FAQ cover the current FreeBSD releases, and thedocumentationteammercilesslyprunesobsoleteinformation.IfyouwanttoknowexactlywhatworkswithcurrentFreeBSD,gototheHandbook.
Thesedocumentsareveryformal,andtheyrequirepreparation.Assuch,theyalwayslagabitbehindtherealworld.Whenanewfeatureisfirstrolledout,theappropriateHandbookentrymightnotappearforweeksormonths.
If thewebdocumentationseemsoutofdate,yourbest resource forup-to-the-minuteanswersisthemailinglistarchive.
TheMailingListArchivesUnlessyou’rereallyonthebleedingedge,someonehasprobablystruggledwithyourproblembeforeandpostedaquestionaboutittothemailinglists.Afterall,thearchivesgobackto1994andcontainmillionsofmessages.Theonlyproblemisthattherearemillionsofpiecesofemail,anyoneofwhichmightcontaintheansweryouseek.WhiletheFreeBSD.orgwebsitehasitsown search engine, you can also use any other search engine that indexeshttps://lists.FreeBSD.org/.
Whenreviewingthemailinglistarchives,besuretocheckthedate.Themailinglist isforever.Adiscussionofhardwareproblemsfrom1995mighthelp you feel that you’re part of a long history of sysadmins that havestruggledwithcruddymainboards,2butitprobablywon’thelpyousolvetheissue with your brand new server. These ancient messages are basicallyundeaddocumentation,risingfromthegravetogiveyoufalsehope.They’repartoftheProject’shistory,though,andwon’tbepurged.
TheForumsLike many other open source projects, FreeBSD has an online forum,https://forums.FreeBSD.org/.Aforumismuchlikeamailinglistdesignedfortheweb,exceptthatquiteafewofusoldgeezersdon’tmuchcareforthem.You can find many good discussions and instructions on the forums,however,andthey’reavaluableinformationsource.
Manypeople have also posted lengthy tutorials on the forums.Forum-basedtutorialsshouldproperlygointheHandbookoranofficialarticle,butnobody’sdonetheworktomovethemoveryet.Readthediscussionaboutsuch tutorials before following them;peoplewill oftenpoint out errors orexceptions, or comment that the whole tutorial is obsolete with a newerversion of FreeBSD. If you want to get involved in FreeBSD, convertingthesetutorialsintoofficialdocumentationwouldbeagreatplacetostart.
Theforumshave lessofaproblemwithtrulyold information,butonlybecause they became official in 2009.When the forums reach a quarter-century old, they’ll have the same amount of undeaddocuments.By then,
https://lists.FreeBSD.org/https://forums.FreeBSD.org/
though,anevenmorewhiz-bangdiscussionsystemwillhavecomealong—or maybe, just maybe, we’ll have a better way of indexing and retrievingusefulinformationfromonlinediscussions.
OtherWebsitesFreeBSD’susershavebuiltaplethoraofwebsitesthatyoumightcheckforanswers, help, education, products, and general hobnobbing.Almost everyaggregation site such as lobste.rs andReddit has aFreeBSD section,whereyoucangetlinkstonewpostsandarticles.Followingthoselinkstakesyoutoa whole world of blogs. Also, many hosting companies include extensiveFreeBSD tutorials. While these are meant for the company’s customers,they’remostoftenperfectlyusefulforeveryone.
One of the m