* Sync in a few changes from OpenBSD's latest version of this file

* Add licence by Marshall M. Midden
 * Various minor edits and additions.
This commit is contained in:
hubertf 2005-05-04 20:54:25 +00:00
parent 71be6dfd96
commit 4e39658f8e

View File

@ -1,6 +1,11 @@
.\" $NetBSD: afterboot.8,v 1.13 2004/07/22 03:44:12 atatat Exp $
.\" $NetBSD: afterboot.8,v 1.14 2005/05/04 20:54:25 hubertf Exp $
.\" $OpenBSD: afterboot.8,v 1.72 2002/02/22 02:02:33 miod Exp $
.\"
.\" Copyright (c) 2002-2003 The NetBSD Foundation, Inc.
.\" Originally created by Marshall M. Midden -- 1997-10-20, m4@umn.edu
.\" Adapted to NetBSD by Julio Merino -- 2002-05-10, jmmv@hispabsd.org
.\"
.\"
.\" Copyright (c) 2002-2005 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -31,12 +36,37 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: afterboot.8,v 1.72 2002/02/22 02:02:33 miod Exp $
.\"
.\" Originally created by Marshall M. Midden -- 1997-10-20, m4@umn.edu
.\" Adapted to NetBSD by Julio Merino -- 2002-05-10, jmmv@hispabsd.org
.\" Copyright (c) 1997 Marshall M. Midden
.\" All rights reserved.
.\"
.Dd July 21, 2004
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by Marshall M. Midden.
.\" 4. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd May 4, 2005
.Dt AFTERBOOT 8
.Os
.Sh NAME
@ -76,8 +106,8 @@ Login as
.Dq Ic root .
You can do so on the console, or over the network using
.Xr ssh 1 .
If you wish to allow root logins over the network (if you have
enabled the ssh daemon), edit the
If you have enabled the ssh daemon and wish to allow root logins over
the network, edit the
.Pa /etc/ssh/sshd_config
file and set
.Cm PermitRootLogin
@ -88,7 +118,6 @@ to
The default is to not permit root logins over the network
after fresh install in
.Nx .
Note defaults on other operating systems might be different.
.Pp
Upon successful login on the console, you may see the message
.Dq We recommend creating a non-root account... .
@ -99,10 +128,8 @@ Instead, administrators are encouraged to add a
user, add said user to the
.Dq wheel
group, then use the
.Ic su
and
.Ic sudo
commands when root privileges are required.
.Xr su 1
command when root privileges are required.
This process is described in more detail later.
.Ss Root password
Change the password for the root user.
@ -135,7 +162,7 @@ Check the system date with the
command.
If needed, change the date, and/or change the symbolic link of
.Pa /etc/localtime
to appropriate time zone in the
to the correct time zone in the
.Pa /usr/share/zoneinfo
directory.
.Pp
@ -169,10 +196,9 @@ variable in
.Pa /etc/rc.conf
or edit the
.Pa /etc/myname
file
to have it stick around for the next reboot.
Note that hostname is supposed to be FQDN commonly and should
not be confused with YP
file to have it stick around for the next reboot.
Note that hostname is supposed include a domainname, and that this should
not be confused with YP (NIS)
.Xr domainname 1 .
.Ss Verify network interface configuration
The first thing to do is an
@ -180,6 +206,10 @@ The first thing to do is an
to see if the network interfaces are properly configured.
Correct by editing
.Pa /etc/ifconfig. Ns Ar interface
or the corresponding
.Dq Va ifconfig_ Ns Ar interface
variable in
.Xr rc.conf 5
(where
.Ar interface
is the interface name, e.g.,
@ -188,6 +218,11 @@ and then using
.Xr ifconfig 8
to manually configure it
if you do not wish to reboot.
.Pp
You can add new
.Dq virtual interfaces
by adding the required entries to
.Pa /etc/ifconfig. Ns Ar interface .
Read the
.Xr ifconfig.if 5
man page for more information on the format of
@ -208,7 +243,7 @@ le0: flags=9863\*[Lt]UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST\*[Gt]
inet6 fe80::5ef0:f0f0%le0 prefixlen 64 scopeid 0x1
.Ed
.Pp
and, a PPP interface something like:
and a PPP interface something like:
.Bd -literal -offset indent
ppp0: flags=8051\*[Lt]UP,POINTOPOINT,RUNNING,MULTICAST\*[Gt]
inet 203.3.131.108 --\*[Gt] 198.181.0.253 netmask 0xffff0000
@ -250,12 +285,11 @@ fe80::%lo0/64 fe80::1%lo0 U 0 0 32972 lo0
ff01::/32 ::1 U 0 0 32972 lo0
ff02::%le0/32 link#1 UC 0 0 1500 le0
ff02::%lo0/32 fe80::1%lo0 UC 0 0 32972 lo0
.Ed
.Pp
The default gateway address is stored in the
.Dq Va defaultroute
variable
variable in
.Pa /etc/rc.conf ,
or in the file
.Pa /etc/mygate .
@ -280,26 +314,26 @@ you will have to kill it by running
.Ed
after you flush the routes.
.Pp
If you wish to route packets between interfaces, add the directive
If you wish to route packets between interfaces, add one or both
of the following directives (depending on whether IPv4 or IPv6 routing
is required) to
.Pa /etc/sysctl.conf :
.Pp
.Dl net.inet.ip.forwarding=1
and/or
.Dl net.inet6.ip6.forwarding=1
.Pp
to
.Pa /etc/sysctl.conf ,
or compile a new kernel with the
As an alternative, compile a new kernel with the
.Cm GATEWAY
option.
Packets are not forwarded by default, due to RFC requirements.
.Pp
You can add new
.Dq virtual interfaces
by adding the required entries to
.Pa /etc/ifconfig.if .
.Ss Secure Shell (ssh)
By default, all services are disabled (and ssh is no exception).
By default, all services are disabled in a fresh
.Nx
installation, and ssh is no exception.
You may wish to enable it so you can remotely control your system.
Set "sshd=yes" in
Set
.Dq Va sshd=yes
in
.Pa /etc/rc.conf
and then starting the server with the command
.Bd -literal -offset indent
@ -343,7 +377,19 @@ In both these cases, make sure that
.Xr named 8
is running
(otherwise there are long waits for resolver timeouts).
.Ss YP Setup
.Ss RPC-based network services
Several services depend on the RPC portmapper
.Xr rpcbind 8
- formerly known as
.Xr portmap 8 -
being running for proper operation.
This includes YP (NIS) and NFS exports, among other services.
To get the RPC portmapper to start automatically on boot,
you will need to have this line in
.Pa /etc/rc.conf :
.Pp
.Dl portmap=YES
.Ss YP (NIS) Setup
Check the YP domain name with the
.Xr domainname 1
command.
@ -367,13 +413,15 @@ YP activation as described in
and
.Xr group 5 .
.Pp
In particular, to enable YP passwd support, you'd need to update
In particular, to enable YP passwd support, you'll need to update
.Pa /etc/nsswitch.conf
to include
.Dq nis
for the
.Dq passwd
entry.
and
.Dq group
entries.
A traditional way to accomplish the same thing is to
add following entry to local passwd database via
.Xr vipw 8 :
@ -389,6 +437,7 @@ setting of
which is
.Dq compat .
.Pp
There are many more YP man pages available to help you.
You can find more information by starting with
.Xr yp 8 .
.Ss Check disk mounts
@ -404,17 +453,19 @@ Example:
.Bd -literal -offset indent
.Li # Ic cat /etc/fstab
/dev/sd0a / ffs rw 1 1
/dev/sd0b none swap sw 0 0
/dev/sd0e /usr ffs rw 1 2
/dev/sd0f /var ffs rw 1 3
/dev/sd0g /tmp ffs rw 1 4
/dev/sd0h /home ffs rw 1 5
/dev/sd0b none swap sw
/dev/sd0e /usr ffs rw,nodev 1 2
/dev/sd0f /var ffs rw,nodev,nosuid 1 3
/dev/sd0g /tmp ffs rw,nodev,nosuid 1 4
/dev/sd0h /home ffs rw,nodev,nosuid 1 5
.Li # Ic mount
/dev/sd0a on / type ffs (local)
/dev/sd0e on /usr type ffs (local)
/dev/sd0f on /var type ffs (local)
/dev/sd0g on /tmp type ffs (local)
/dev/sd0h on /home type ffs (local)
/dev/sd0e on /usr type ffs (local, nodev)
/dev/sd0f on /var type ffs (local, nodev, nosuid)
/dev/sd0g on /tmp type ffs (local, nodev, nosuid)
/dev/sd0h on /home type ffs (local, nodev, nosuid)
.Li # Ic df
Filesystem 1024-blocks Used Avail Capacity Mounted on
/dev/sd0a 22311 14589 6606 69% /
@ -422,6 +473,7 @@ Filesystem 1024-blocks Used Avail Capacity Mounted on
/dev/sd0f 10447 682 9242 7% /var
/dev/sd0g 18823 2 17879 0% /tmp
/dev/sd0h 7519 5255 1888 74% /home
.Li # Ic pstat -s
Device 512-blocks Used Avail Capacity Priority
/dev/sd0b 131072 84656 46416 65% 0
@ -458,9 +510,38 @@ You then
and edit
.Pa /etc/fstab
as needed.
.Ss CHANGING /etc FILES
The system should be usable now, but you may wish to do more
customization, such as adding users, etc.
.Ss Automounter daemon (AMD)
To use the
.Xr amd 8
automounter, create the
.Pa /etc/amd
directory, copy example config files from
.Pa /usr/share/examples/amd
to
.Pa /etc/amd
and customize them as needed.
Alternatively, you can get your maps with YP.
.Ss Clock synchronisation
In order to make sure the system clock is synchronised
to that of a publicly accessible NTP server,
make sure that
.Pa /etc/rc.conf
contains the following:
.Pp
.Dl ntpdate=yes
.Dl ntpd=yes
.Pp
See
.Xr date 1 ,
.Xr ntpdate 8 ,
.Xr ntpd 8 ,
.Xr rdate 8 ,
and
.Xr timed 8
for more information on setting the system's date.
.Sh CHANGING /etc FILES
The system should be usable now, but you may wish to do more customizing,
such as adding users, etc.
Many of the following sections may be skipped
if you are not using that package (for example, skip the
.Sx Kerberos
@ -477,23 +558,21 @@ whenever the system is booted.
To keep any custom message intact, ensure that you leave two blank lines
at the top, or your message will be overwritten.
.Ss Sushi
Since
.Nx 1.6 ,
a new tool for configuring the system has been
included, called
.Xr sushi 8 .
It will allow you to set up many aspects of the
system from interactive menus.
.Xr sushi 8
is a tool for configuring the system. It will allow you to set up many
aspects of the system from interactive menus.
You can launch it typing:
.Bd -literal -offset indent
.Ic sushi
.Ed
.Ss Add new users
There are
To add new users and groups, there are
.Xr useradd 8
and
.Xr groupadd 8
scripts.
.Xr groupadd 8 ,
see also
.Xr user 8
for forther programs for user and group manipulation.
You may use
.Xr vipw 8
to add users to the
@ -518,21 +597,33 @@ Follow instructions for
if using
Kerberos
for authentication.
.Ss rc.conf, rc.local
Check for any local changes needed in the files
.Pa /etc/rc.conf ,
and
.Pa /etc/rc.local .
.Ss System boot scripts and /etc/rc.local
.Pa /etc/rc
and the
.Pa /etc/rc.d/*\&
scripts are invoked at boot time after single user mode has exited,
and at shutdown.
The whole process is controlled, by the master script
.Pa /etc/rc .
This script should not be changed by administrators.
.Pp
.Xr rc.conf 5
contains configuration for various daemons included with
the system.
Script
The directory
.Pa /etc/rc.d
contains a serie of scripts used at startup/shutdown, called by
.Pa /etc/rc .
.Pa /etc/rc
is in turn influenced by the configuration variables present in
.Pa /etc/rc.conf .
.Pp
The script
.Pa /etc/rc.local
is run as the last thing during multiuser boot, and is provided
to allow any other local hooks necessary for the system.
.Pp
You can take a look to
.Ss rc.conf
To enable or disable various services on system startup,
corresponding entries can be made in
.Pa /etc/rc.conf .
You can take a look at
.Pa /etc/defaults/rc.conf
to see a list of default system variables, which you can override in
.Pa /etc/rc.conf .
@ -546,16 +637,14 @@ See
.Xr rc.conf 5
for further information.
.Pp
The directory
.Pa /etc/rc.d
contains a serie of scripts used at startup/shutdown, called by
.Pa /etc/rc .
.Pp
If you've installed X, you may want to turn on
.Xr xdm 1 ,
the X Display Manager.
To do this, set the variable xdm to yes, i.e., "xdm=yes", in
.Pa /etc/rc.conf .
To do this, set the variable
.Dq xdm
to yes in
.Pa /etc/rc.conf, i.e.:
.Dq xdm=yes
.Ss Printers
Edit
.Pa /etc/printcap
@ -574,10 +663,12 @@ comment out any extra entries you do not need, and only add things
that are really needed.
Note that by default all services are disabled for security reasons.
.Ss Kerberos
If you are going to use
If you are going to use Kerberos for authentication,
see
.Xr kerberos 8
for authentication, and you already have a
Kerberos
and
.Dq info heimdal
for more information. If you already have a Kerberos
master, change directory to
.Pa /etc/kerberosIV
or
@ -611,6 +702,7 @@ Please see
.Pa /usr/share/sendmail/README
and
.Pa /usr/share/doc/smm/08.sendmailop/op.me
(run "make" to produce a PostScript version)
for information on generating your own sendmail configuration files.
.Pa /etc/mailer.conf
is configured to use Sendmail binaries by default and
@ -671,6 +763,8 @@ Edit
and get it correct.
After this, you can start the server by issuing:
.Bd -literal -offset indent
.Ic /etc/rc.d/rpcbind start
.Ic /etc/rc.d/mountd start
.Ic /etc/rc.d/nfsd start
.Ed
which will also start dependancies.
@ -716,7 +810,7 @@ as root
and see if anything unexpected is present.
Do you need anything else?
Do you wish to change things?
e.g., if you do not
For example, if you do not
like root getting standard output of the daily scripts, and want only
the security scripts that are mailed internally, you can type
.Ic crontab -e
@ -759,13 +853,13 @@ as needed.
Install your own packages.
The
.Nx
package collection includes a large set of Third-Party software.
packages collection, pkgsrc, includes a large set of third-party software.
A lot of it is available as binary packages that you can download from
.Pa ftp://ftp.NetBSD.org/
.Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/
or a mirror, and install using
.Xr pkg_add 1 .
See
.Pa http://www.NetBSD.org/Documentation/software/
.Pa http://www.NetBSD.org/Documentation/pkgsrc/
and
.Xr packages 7
for more details.
@ -776,16 +870,33 @@ You will need to install any shared libraries, etc.
.Ic man -k compat
to find out how to install and use compatibility mode.)
.Pp
There is also other Third-Party Software that is available
There is also other third-party software that is available
in source form only, either because it has not been ported to
.Nx
yet, because licensing restrictions make binary redistribution
impossible, or simply because you want to build your own binaries.
This group is called pkgsrc.
Sometimes checking the mailing lists for
past problems that people have encountered will result in a fix posted.
.Ss COMPILING A KERNEL
First, review the system message buffer using the
.Ss Check the running system
You can use
.Xr ps 1 ,
.Xr netstat 1 ,
and
.Xr fstat 1
to check on running processes, network connections, and opened files,
respectively. Other tools you may find useful are
.Xr systat 1
and
.Xr top 1 .
.Sh COMPILING A KERNEL
Note:
The standard
.Ox
kernel configuration (GENERIC) is suitable for most purposes.
.Pp
First, review the system message buffer in
.Pa /var/run/dmesg.boot
and by using the
.Xr dmesg 8
command to find out information on your system's devices as probed by the
kernel at boot.
@ -794,13 +905,13 @@ This information will prove useful when editing kernel configuration files.
.Pp
To compile a kernel inside a writable source tree, do the following:
.Bd -literal -offset indent
# cd /usr/src/sys/arch/SOMEARCH/conf
# cp GENERIC SOMEFILE (only the first time)
# vi SOMEFILE (adapt to your needs)
# config SOMEFILE
# cd ../compile/SOMEFILE
# make depend
# make
$ cd /usr/src/sys/arch/SOMEARCH/conf
$ cp GENERIC SOMEFILE (only the first time)
$ vi SOMEFILE (adapt to your needs)
$ config SOMEFILE
$ cd ../compile/SOMEFILE
$ make depend
$ make
.Ed
.Pp
where
@ -831,10 +942,16 @@ so you can boot it in case of failure.
.Pp
If you are using toolchain to build your kernel, you will also need to
build a new set of toolchain binaries.
You can do it by entering
You can do it by changing into
.Pa /usr/src
and issuing
.Ic ./build.sh tools
and issuing:
.Bd -literal -offset indent
$ cd /usr/src
$ K=sys/arch/`uname -m`/conf
$ cp $K/GENERIC $K/SOMEFILE
$ ./build.sh tools
$ ./build.sh kernel=SOMEFILE
.Ed
.Sh SEE ALSO
.Xr chgrp 1 ,
.Xr chmod 1 ,