PRAISEFORABSOLUTEFREEBSD

“Even longtime users of FreeBSD may be surprised at the power andfeatures it can bring to bear as a server platform, andAbsolute BSD is anexcellentguidetoharnessingthatpower.”—UNIXREVIEW.COM

“...providesbeautifullywrittentutorialsandreferencematerialtohelpyoumakethemostofthestrengthsofthisOS.”—LINUXUSER&DEVELOPERMAGAZINE

“...packedwithalotofinformation.”—DAEMONNEWS

“Whenwas the last timeyoucouldphysically feelyourselfgetting smarterwhile reading a book? If you are a beginning to average FreeBSD user,AbsoluteFreeBSD...willdeliverthatsensationinspades.”—RICHARDBEJTLICH,TAOSECURITY

“ByfarthebestFreeBSDbookIhaveeverownedisAbsoluteFreeBSD,2ndEditionbyNoStarchPress.”—BSDZEALOT

“MasterpractitionerLucasorganizesfeaturesandfunctionstomakesenseinthe development environment, and so provides aid and comfort to newusers,novices,andthosewithsignificantexperiencealike.”—SCITECHBOOKNEWS

http://UNIXREVIEW.COM

ABSOLUTEFREEBSD®

3RDEDITION

TheCompleteGuidetoFreeBSD

byMichaelW.Lucas

SanFrancisco

ABSOLUTEFREEBSD®,3RDEDITION.Copyright©2019byMichaelW.Lucas.

Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronicormechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withoutthepriorwrittenpermissionofthecopyrightownerandthepublisher.

ISBN-10:1-59327-892-6ISBN-13:978-1-59327-892-2

Publisher:WilliamPollockProductionEditor:JanelleLudowiseCoverandInteriorDesign:OctopodStudiosDevelopmentalEditor:WilliamPollockTechnicalReviewers:JohnBaldwin,BennoRice,andGeorgeV.Neville-NeilCopyeditor:JulianneJigourCompositor:SusanGlinertStevensProofreader:JamesFraleighIndexer:NancyGuenther

Forinformationondistribution,translations,orbulksales,pleasecontactNoStarchPress,Inc.directly:NoStarchPress,Inc.2458thStreet,SanFrancisco,CA94103phone:1.415.863.9900;info@nostarch.comwww.nostarch.com

LibraryofCongressCataloging-in-PublicationData

Lucas, Michael, 1967- Absolute FreeBSD : the complete guide to FreeBSD / Michael W. Lucas. -- 2nd ed. p. cm. Includes index. ISBN-13: 978-1-59327-151-0 ISBN-10: 1-59327-151-4 1. FreeBSD. 2. UNIX (Computer file) 3. Internet service providers--Computerprograms. 4. Web servers--Computer programs. 5. Client/server computing. I. Title.QA76.76.O63L83 2007004'.36--dc22 2007036190

NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductandcompanynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademarksymbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.

Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeentakeninthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoanypersonorentitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinformationcontainedinit.

mailto:info@nostarch.comhttp://www.nostarch.com

AbouttheAuthor

After using Unix since the late ’80s and spending twenty-odd years as anetwork and sytem administrator specializing in building andmaintaininghigh-availability systems,MichaelW. Lucas now writes about them for aliving.He’s writtenmore than 30 books, which have been translated intoninelanguages.HiscriticallyacclaimedtitlesincludeAbsoluteOpenBSD,CiscoRoutersfortheDesperate,andPGP&GPG,allfromNoStarchPress.Learnmoreathttps://mwl.io/.

https://mwl.io/

AbouttheTechnicalReviewers

JohnBaldwin joinedtheFreeBSDProjectasacommitterin1999.Hehasworked in several areas of the system, including SMP infrastructure, thenetwork stack, virtualmemory, anddevicedriver support. Johnhas servedontheCoreandReleaseEngineeringteamsandorganizedseveralFreeBSDdevelopersummits.

BennoRicehasbeenusingFreeBSDsince1995andhasbeenacommittersince2000whenhestartedthePowerPCport.SincethenhehasworkedinavarietyofareasandforanumberofFreeBSD-usingcompanies.Hehasalsoserved on the Core Team and presented on FreeBSD-related topics atseveralconferences.

GeorgeV.Neville-Neilworksonnetworking andoperating systemcodefor fun and profit. His areas of interest are code spelunking, operatingsystems,networking,andtimeprotocols.Heistheco-authorwithMarshallKirkMcKusickandRobertN.M.WatsonofTheDesignandImplementationoftheFreeBSDOperatingSystem(Addison-WesleyProfessional,2004).

BRIEFCONTENTS

ForewordbyMarshallKirkMcKusick

Acknowledgments

Introduction

Chapter1:GettingMoreHelp

Chapter2:BeforeYouInstall

Chapter3:Installing

Chapter4:StartMeUp!TheBootProcess

Chapter5:ReadThisBeforeYouBreakSomethingElse!(BackupandRecovery)

Chapter6:KernelGames

Chapter7:TheNetwork

Chapter8:ConfiguringNetworking

Chapter9:SecuringYourSystem

Chapter10:Disks,Partitioning,andGEOM

Chapter11:TheUnixFileSystem

Chapter12:TheZFileSystem

Chapter13:ForeignFilesystems

Chapter14:Exploring/etc

Chapter15:MakingYourSystemUseful

Chapter16:CustomizingSoftwarewithPorts

Chapter17:AdvancedSoftwareManagement

Chapter18:UpgradingFreeBSD

Chapter19:AdvancedSecurityFeatures

Chapter20:SmallSystemServices

Chapter21:SystemPerformanceandMonitoring

Chapter22:Jails

Chapter23:TheFringeofFreeBSD

Chapter24:ProblemReportsandPanics

Afterword

Bibliography

Index

CONTENTSINDETAIL

FOREWORDbyMarshallKirkMcKusick

ACKNOWLEDGMENTS

INTRODUCTIONWhatIsFreeBSD?

BSD:FreeBSD’sGranddaddyTheBSDLicenseTheAT&T/CSRG/BSDiIronCageMatchTheBirthofFreeBSD

FreeBSDDevelopmentCommittersContributorsUsers

OtherBSDsNetBSDOpenBSDDragonFlyBSDmacOSFreeBSD’sChildren

OtherUnixesSolarisillumosAIXLinuxOtherUnixes

FreeBSD’sStrengthsPortabilityPowerSimplifiedSoftwareManagementCustomizableBuilds

AdvancedFilesystemsWhoShouldUseFreeBSD?WhoShouldRunAnotherBSD?WhoShouldRunaProprietaryOperatingSystem?HowtoReadThisBookWhatMustYouKnow?FortheNewSystemAdministrator

DesktopFreeBSDHowtoThinkAboutUnix

NotesontheThirdEditionContentsofThisBook

1GETTINGMOREHELPWhyNotBegforHelp?

TheFreeBSDAttitudeSupportOptions

ManPagesManualSectionsNavigatingManPagesFindingManPagesSectionNumbersandManManPageContents

FreeBSD.orgWebDocumentsTheMailingListArchivesTheForums

OtherWebsitesUsingFreeBSDProblem-SolvingResources

CheckingtheHandbookandFAQCheckingtheManPagesMailingListsArchivesandForumsUsingYourAnswer

AskingforHelp

ComposingYourMessageRespondingtoEmailTheInternetIsForever

2BEFOREYOUINSTALLDefaultFilesConfigurationwithUCLFreeBSDHardware

ProprietaryHardwareHardwareRequirementsBIOSversusEFI

DisksandFilesystemsFreeBSDFilesystemsFilesystemEncryptionDiskPartitioningMethodsPartitioningwithUFSMultipleOperatingSystemsMultipleHardDrivesSwapSpace

GettingFreeBSDFreeBSDVersionsChoosingInstallationImages

NetworkInstalls

3INSTALLINGCoreSettingsDistributionSelectionDiskPartitioning

UFSInstallsZFSInstalls

NetworkandServiceConfigurationFinishingtheInstall

4STARTMEUP!THEBOOTPROCESSPower-On

UnifiedExtensibleFirmwareInterfaceBasicInput/OutputSystem

TheLoaderBootMultiUser[Enter]BootFreeBSDinSingle-UserModeEscapetoLoaderPromptReboot

Single-UserModeDisksinSingle-UserModeProgramsAvailableinSingle-UserModeTheNetworkinSingle-UserModeUsesforSingle-UserMode

TheLoaderPromptViewingDisksLoaderVariablesRebootBootingfromtheLoader

LoaderConfigurationBootOptionsStartupMessagesMultiuserStartup

/etc/rc.conf,/etc/rc.conf.d,and/etc/defaults/rc.confTherc.dStartupSystem

Theservice(8)CommandSystemShutdown

SerialConsolesSerialProtocolPhysicalSerialConsoleSetupIPMISerialConsoleSetupConfiguringFreeBSD’sSerialConsoleUsingSerialConsoles

WorkingattheConsole

5READTHISBEFOREYOUBREAKSOMETHINGELSE!(BACKUPANDRECOVERY)SystemBackupsBackupTapes

TapeDriveDeviceNodes,Rewinding,andEjectingThe$TAPEVariableTapeStatuswithmt(1)OtherTapeDriveCommands

BSDtar(1)tarModesOthertarFeaturesCompressionPermissionsRestoreAndMore,More,More...

RecordingWhatHappenedRepairingaBrokenSystem

6KERNELGAMESWhatIstheKernel?KernelState:sysctl

sysctlMIBssysctlValuesandDefinitionsViewingsysctlsChangingsysctlsSettingsysctlsAutomatically

TheKernelEnvironmentViewingtheKernelEnvironmentDroppingHintstoDeviceDrivers

KernelModulesViewingLoadedModules

LoadingandUnloadingModulesLoadingModulesatBoot

BuildYourOwnKernelPreparationsBusesandAttachmentsBackUpYourWorkingKernelConfigurationFileFormatConfigurationFiles

BuildingaKernelBootinganAlternateKernel

CustomKernelConfigurationTrimmingaKernelTroubleshootingKernelBuilds

Inclusions,Exclusions,andExpandingtheKernelNOTESInclusionsandExclusionsSkippingModules

7THENETWORKNetworkLayers

ThePhysicalLayerDatalink:ThePhysicalProtocolTheNetworkLayerHeavyLifting:TheTransportLayerApplications

TheNetworkinPracticeGettingBitsandHexesNetworkStacksIPv4AddressesandNetmasks

ComputingNetmasksinDecimalUnusableIPAddressesAssigningIPv4Addresses

IPv6AddressesandSubnets

IPv6BasicsUnderstandingIPv6AddressesIPv6SubnetsLink-LocalAddressesAssigningIPv6Addresses

TCP/IPBasicsICMPUDPTCPHowProtocolsFitTogetherTransportProtocolPorts

UnderstandingEthernetProtocolandHardwareMACAddresses

8CONFIGURINGNETWORKINGNetworkPrerequisites

ConfiguringChangeswithifconfig(8)AddinganIPtoanInterfaceTestingYourInterfaceSetDefaultRouteMultipleIPAddressesonOneInterfaceRenamingInterfacesDHCPReboot!

TheDomainNameServiceHost/IPInformationSourcesLocalNameswith/etc/hostsConfiguringNameserviceCachingNameserver

NetworkActivityCurrentNetworkActivityWhat’sListeningonWhichPort?

PortListenersinDetailNetworkCapacityintheKernel

OptimizingNetworkPerformanceOptimizingNetworkHardwareMemoryUsageMaximumIncomingConnectionsPollingOtherOptimizations

NetworkAdapterTeamingAggregationProtocolsConfiguringlagg(4)

VirtualLANsConfiguringVLANDevicesConfiguringVLANsatBoot

9SECURINGYOURSYSTEMWhoIstheEnemy?

ScriptKiddiesDisaffectedUsersBotnetsMotivatedSkilledAttackers

FreeBSDSecurityAnnouncementsUserSecurity

CreatingUserAccountsConfiguringAdduser:/etc/adduser.confEditingUsers

Shellsand/etc/shellsroot,Groups,andManagement

TherootPasswordGroupsofUsersUsingGroupstoAvoidRoot

TweakingUserSecurityRestrictingLoginAbility

RestrictingSystemUsageFileFlags

SettingandViewingFileFlagsSecurelevels

SecurelevelDefinitionsWhichSecurelevelDoYouNeed?WhatWon’tSecurelevelsandFileFlagsAccomplish?LivingwithSecurelevels

NetworkTargetsPuttingItAllTogether

10DISKS,PARTITIONING,ANDGEOMDisksLieDeviceNodesTheCommonAccessMethod

WhatDisksDoYouHave?Non-CAMDevices

TheGEOMStorageArchitectureGEOMAutoconfigurationGEOMvs.VolumeManagersProviders,Consumers,andSlicersGEOMControlProgramsGEOMDeviceNodesandStacks

HardDisks,Partitions,andSchemesTheFilesystemTable:/etc/fstabWhat’sMountedNow?DiskLabeling

ViewingLabelsSampleLabels

GEOMWitheringThegpart(8)Command

ViewingPartitionsOtherViews

RemovingPartitionsSchemingDisks

RemovingtheDiskPartitioningSchemeAssigningthePartitioningScheme

TheGPTPartitioningSchemeGPTDeviceNodesGPTPartitionTypesCreatingGPTPartitionsResizingGPTPartitionsChangingLabelsandTypesBootingonLegacyHardwareUnifiedExtensibleFirmwareInterfaceandGPTExpandingGPTDisks

TheMBRPartitioningSchemeWhatIstheMasterBootRecord?BSDLabelsMBRDeviceNodesMBRandDisklabelAlignmentCreatingSlicesRemovingSlicesActivatingSlices

BSDLabelsCreatingaBSDLabelCreatingBSDLabelPartitionsAssigningSpecificPartitionLetters

11THEUNIXFILESYSTEMUFSComponents

TheFastFileSystemHowUFSUsesFFSVnodes

MountingandUnmountingFilesystemsMountingStandardFilesystems

SpecialMountsUnmountingaPartitionUFSMountOptions

UFSResiliencySoftUpdatesSoftUpdatesJournalingGEOMJournaling

CreatingandTuningUFSFilesystemsUFSLabelingBlockandFragmentSizeUsingGEOMJournalingTuningUFSExpandingUFSFilesystems

UFSSnapshotsTakingandDestroyingSnapshotsFindingSnapshotsSnapshotDiskUsage

UFSRecoveryandRepairSystemShutdown:TheSyncerDirtyFilesystemsFileSystemChecking:fsck(8)ForcingRead-WriteMountsonDirtyDisksBackgroundfsck,fsck-y,Foregroundfsck,OyVey!

UFSSpaceReservationsHowFullIsaPartition?AddingNewUFSstorage

PartitioningtheDiskConfiguring/etc/fstabInstallingExistingFilesontoNewDisksStackableMounts

12THEZFILESYSTEMDatasets

DatasetPropertiesManagingDatasets

ZFSPoolsPoolDetailsPoolPropertiesViewingPoolProperties

VirtualDevicesVDEVTypesandRedundancy

ManagingPoolsZFSandDiskBlockSizeCreatingandViewingPoolsMulti-VDEVPoolsDestroyingPoolsErrorsand-f

Copy-On-WriteSnapshots

CreatingSnapshotsAccessingSnapshotsDestroyingSnapshots

CompressionPoolIntegrityandRepair

IntegrityVerificationRepairingPoolsPoolStatus

BootEnvironmentsViewingBootEnvironmentsCreatingandAccessingBootEnvironmentsActivatingBootEnvironmentsRemovingBootEnvironmentsBootEnvironmentsatBootBootEnvironmentsandApplications

13FOREIGNFILESYSTEMS

FreeBSDMountCommandsSupportedForeignFilesystemsPermissionsandForeignFilesystems

UsingRemovableMediaEjectingRemovableMediaRemovableMediaand/etc/fstabFormattingFAT32MediaCreatingOpticalMediaWritingImagestoThumbDrives

MemoryFilesystemstmpfsMemoryDisksMountingDiskImagesFilesystemsinFiles

devfs/devatBootGlobaldevfsRulesDynamicDeviceManagementwithdevd(8)

MiscellaneousFilesystemsTheNetworkFileSystem

NFSVersionsConfiguringtheNFSServerConfiguringNFSExportsEnablingtheNFSClient

TheCommonInternetFileSystemPrerequisitesKernelSupportConfiguringCIFSnsmb.confKeywordsCIFSNameResolutionOthersmbutil(1)FunctionsMountingaShareOthermount_smbfsOptionsnsmb.confOptions

CIFSFileOwnershipServingCIFSShares

14EXPLORING/ETC/etcAcrossUnixSpecies/etc/adduser.conf/etc/aliases/etc/amd.map/etc/auto_master/etc/blacklistd.conf/etc/bluetooth,/etc/bluetooth.device.conf,and

/etc/defaults/bluetooth.device.conf/etc/casper/etc/crontaband/etc/cron.d/etc/csh.*/etc/ddb.conf/etc/devd.conf/etc/devfs.conf,/etc/devfs.rules,and/etc/defaults/devfs.rules/etc/dhclient.conf/etc/disktab/etc/dma//etc/freebsd-update.conf/etc/fstab/etc/ftp.*/etc/group/etc/hostid/etc/hosts/etc/hosts.allow/etc/hosts.equiv/etc/hosts.lpd/etc/inetd.conf/etc/libmap.conf/etc/localtime

/etc/locate.rc/etc/login.*/etc/mail/etc/mail.rc/etc/mail/mailer.conf/etc/make.conf

CFLAGSCOPTFLAGSCXXFLAGS

/etc/master.passwd/etc/motd/etc/mtree/etc/netconfig/etc/netstart/etc/network.subr/etc/newsyslog.conf/etc/nscd.conf/etc/nsmb.conf/etc/nsswitch.conf/etc/ntp/,/etc/ntp.conf/etc/opie*/etc/pam.d/*/etc/passwd/etc/pccard_ether/etc/periodic.confand/etc/defaults/periodic.conf

daily_output=”root”daily_show_success=”YES”daily_show_info=”YES”daily_show_badconfig=”NO”daily_local=”/etc/daily.local”

/etc/pf.conf,/etc/pf.os/etc/phones/etc/portsnap.conf/etc/ppp/

/etc/printcap/etc/profile/etc/protocols/etc/pwd.db/etc/rc*/et/regdomain.xml/etc/remote/etc/resolv.conf/etc/rpc/etc/security//etc/services/etc/shells/etc/skel//etc/snmpd.config/etc/spwd.db/etc/src.conf/etc/ssh//etc/ssl//etc/sysctl.conf/etc/syslog.conf,/etc/syslog.conf.d//etc/termcap,/etc/termcap.small/etc/ttys/etc/unbound//etc/wall_cmos_clock/etc/zfs/

15MAKINGYOURSYSTEMUSEFULPortsandPackagesPackages

PackageFilesIntroducingpkg(8)Installingpkg(8)CommonpkgOptions

Configuringpkg(8)FindingPackagesInstallingSoftwareThePackageCachePackageInformationandAutomaticInstallsUninstallingPackagesChangingthePackageDatabaseLockingPackagesPackageFilesPackageIntegrityPackageMaintenancePackageNetworkingandEnvironment

PackageRepositoriesRepositoryConfigurationRepositoryCustomizationRepositoryInheritance

PackageBranchesUpgradingPackages

16CUSTOMIZINGSOFTWAREWITHPORTSMakingSoftwareSourceCodeandSoftwareThePortsCollection

PortsThePortsIndex

SearchingtheIndexLegalRestrictions

What’sInaPort?InstallingaPortPortCustomizationOptionsBuildingPackagesUninstallingandReinstallingPortsTrackingPortBuildStatus

CleaningUpPortsRead-OnlyPortsTreeChangingtheInstallPath

PrivatePackageRepositoriesPoudriereResourcesInstallingandConfiguringPoudrierePoudriereJailCreationInstallaPoudrierePortsTreeConfiguringPoudrierePortsRunningPoudriereUsingthePrivateRepository

AllPoudrieres,LargeandSmallSmallSystemsLargeSystems

UpdatingPoudriereMorePoudriere

17ADVANCEDSOFTWAREMANAGEMENTUsingMultipleProcessors:SMP

KernelAssumptionsSMP:TheFirstTryToday’sSMPProcessorsandSMP

Threads,Threads,andMoreThreadsStartupandShutdownScripts

rcScriptOrderingATypicalrcScriptSpecialrcScriptProvidersVendorStartup/ShutdownScriptsDebuggingCustomrcScripts

ManagingSharedLibrariesSharedLibraryVersionsandFilesAttachingSharedLibrariestoPrograms

LD_LIBRARY_PATHandLD_PRELOADWhataProgramWants

RemappingSharedLibrariesRunningSoftwarefromtheWrongOS

RecompilationEmulationABIReimplementationBinaryBrandingSupportedABIsInstallingandConfiguringtheLinuxulator

UsingLinuxModeDebuggingLinuxMode

RunningSoftwarefromtheWrongArchitectureorRelease

18UPGRADINGFREEBSDFreeBSDVersions

ReleasesFreeBSD-currentFreeBSD-stableSnapshotsFreeBSDSupportModelTestingFreeBSDWhichVersionShouldYouUse?

UpgradeMethodsBinaryUpdates

/etc/freebsd-update.confRunningfreebsd-update(8)RevertingUpdatesSchedulingBinaryUpdatesOptimizingandCustomizingFreeBSDUpdate

UpgradingviaSourceWhichSourceCode?UpdatingSourceCode

BuildingFreeBSDfromSourceBuildtheWorldBuild,Install,andTestaKernelPreparetoInstalltheNewWorldInstallingtheWorldCustomizingMergemasterUpgradesandSingle-UserMode

ShrinkingFreeBSDPackagesandSystemUpgradesUpdatingInstalledPorts

19ADVANCEDSECURITYFEATURESUnprivilegedUsers

ThenobodyAccountASampleUnprivilegedUser

NetworkTrafficControlDefaultAcceptvs.DefaultDenyTCPWrappers

ConfiguringWrappersWrappingUpWrappers

PacketFilteringEnablingPFDefaultAcceptandDefaultDenyinPacketFilteringBasicPacketFilteringandStatefulInspectionConfiguringPFSmall-ServerPFRuleSampleManagingPF

Blacklistd(8)PFandBlacklistdConfiguringBlacklistdConfiguringBlacklistdClientsManagingBlacklistdDe-Blacklisting

Public-KeyEncryptionOpenSSLCertificatesTLSTrick:ConnectingtoTLS-ProtectedPorts

GlobalSecuritySettingsInstall-TimeOptionsSecureConsoleNonexecutableStackandStackGuardOtherSecuritySettings

PreparingforIntrusionswithmtree(1)Runningmtree(1)mtree(1)Output:TheSpecFileTheExclusionFileSavingtheSpecFileFindingSystemDifferences

MonitoringSystemSecurityPackageSecurityIfYou’reHacked

20SMALLSYSTEMSERVICESSecureShell

TheSSHServer:sshd(8)SSHKeysandFingerprintsConfiguringtheSSHDaemonManagingSSHUserAccessSSHClients

Emailmailwrapper(8)TheDragonflyMailAgentTheAliasesFileandDMA

NetworkTimeSettingtheTimeZoneNetworkTimeProtocol

NameServiceSwitchinginetd

/etc/inetd.confConfiguringinetdServersStartinginetd(8)Changinginetd’sBehavior

DHCPHowDHCPWorksConfiguringdhcpd(8)Managingdhcpd(8)

PrintingandPrintServers/etc/printcapEnablingLPD

TFTPRootDirectorytftpdandFilesFileOwnershiptftpd(8)Configuration

SchedulingTaskscron(8)periodic(8)

21SYSTEMPERFORMANCEANDMONITORINGComputerResourcesCheckingtheNetworkGeneralBottleneckAnalysiswithvmstat(8)

ProcessesMemoryPagingDisksFaultsCPUUsingvmstat

ContinuousvmstatDiskI/OCPU,Memory,andI/Owithtop(1)

UFSandtop(1)ZFSandtop(1)ProcessListtop(1)andI/O

FollowingProcessesPagingandSwapping

PagingSwapping

PerformanceTuningMemoryUsageSwapSpaceUsageCPUUsageReschedulingReprioritizingwithNiceness

StatusMailLoggingwithsyslogd

FacilitiesLevelsProcessingMessageswithsyslogd(8)syslogdCustomization

LogFileManagementLogFilePathOwnerandGroupPermissionsCountSizeTimeFlagsPidfileSignalSamplenewsyslog.confEntry

FreeBSDandSNMPSNMP101Configuringbsnmpd

22JAILSJailBasicsJailHostServerSetup

JailHostStorageJailNetworkingJailsatBoot

JailSetupJailUserland/etc/jail.confTestingandConfiguringaJailJailStartupandShutdownJailDependencies

ManagingJailsViewingJailsandJailIDsJailedProcessesRunningCommandsinJailsInstallingJailPackagesUpdatingJails

MoreJailOptionsJailingAncientFreeBSDLastJailNotes

23THEFRINGEOFFREEBSDTerminals

/etc/ttysFormatInsecureConsole

ManagingCloudyFreeBSDLibXo

UniversalConfigurationLanguageDisklessFreeBSD

DisklessClientsDHCPServerSetuptftpdandtheBootLoaderDisklessSecurityTheNFSServerandtheDisklessClientUserland

DisklessFarmConfigurationConfigurationHierarchyDisklessRemounting/etc

FinalizingSetupInstallingPackagesSSHKeys

StorageEncryptionGeneratingandUsingaCryptographicKeyFilesystemsonEncryptedDevices

24PROBLEMREPORTSANDPANICSBugReports

BeforeFilingaBugBadBugReportsTheFixFilingBugsAfterSubmitting

SystemPanicsRecognizingPanicsRespondingtoaPanic

PreparationsTheCrashDumpinActionTestingCrashDumpsCrashDumpTypesTextdumpsDumpsandSecurity

AFTERWORDTheFreeBSDCommunityWhyDoWeDoIt?WhatCanYouDo?IfNothingElseGettingThingsDone

BIBLIOGRAPHYReferencesBooksI'veWritten

INDEX

FOREWORD

IamhappytowritetheforewordtoMichaelLucas’sthirdeditionofAbsoluteFreeBSD.For15years,Michael’sAbsoluteserieshasprovidedthedefinitiveguidetoBSDsoftware,fillinginthewhatsandwhysleftunexplainedbythedetailed but largely factual documentation. And, as its name implies, itdistills to its essence the enormous volume of FreeBSDdocumentation sothatthosenewtothesystemcangetuptospeedquickly.

MichaelisanimportantcontributortotheFreeBSDcommunity.Hehasfilled many of the roles that contributors can take: answering questions,filling inpiecesofmissingdocumentation,helping tomakeconnections inthe community, and generally identifying and facilitating the things thatneedtobedone.Michaelhasinteractedwiththousandsofpeople:hobbyists,professional software developers, system administrators, and universityprofessors.Much of his real-world experience and understanding of whatpeoplearetryingtogetdonehasbeendistilledintothisbook.

IhavebeeninvolvedwiththeBSDsoftwaresinceitsbeginningin1977asastudentprojectofmyofficemate,BillJoy,attheUniversityofCaliforniaatBerkeley.By1980,theBSDdistributionshadgrownfromafewprogramsthat could be added to an AT&T UNIX system to a complete systemcoordinated by four people who called themselves the Computer SystemsResearchGroup (CRSG).By1983, the socket interfacehadbeendesignedandTCP/IPhadbeen implementedunderneath it, allowing a small set oftrustedexternal contributors to log into theCSRGdevelopmentmachinesovertheARPAnet(whichlaterbecametheinternet)anddirectlyupdatethesources using SCCS, a very early source code control system.TheCSRGstaff could then use SCCS to track changes and verify them before doingdistributions. This structure formed the basis for the current BSD-basedprojectsonceBSDwasspunofffromtheuniversityasopensourcein1992.

Startingwiththeopen-sourcedistribution,FreeBSDinitiallyranononlythe early PC computers. Over the past quarter century, thousands ofdevelopershavecontributedtoFreeBSDtomakeitintoapowerfulnetwork

operatingsystemwithstate-of-the-art features that runsonall themoderncomputingplatforms.FreeBSDpowerscoreinternetcompaniesworldwide.From Netflix movie distribution toWhatsApp messaging, from NetworkAppliance and Dell/Isilon storage products to Juniper routers, from thefoundation of Apple’s iOS to the base libraries and services of Google’sAndroid,itishardtothrowarockattheinternetwithouthittingFreeBSD.However,FreeBSD isnot theproductof anyonecompany,butof a largeopensourcecommunity:theFreeBSDProject,madeupofdevelopers,users,andcountlesssupportersandadvocates.Whileyoucan,asmanypeopledo,useFreeBSDsimplyasapieceofsoftwarewithouteverinteractingwiththatcommunity, you can significantly enrich your FreeBSD experience bybecomingapartofthatcommunity.

Whether you are a first-time user or a kernel hacker, the resourcesavailable via the http://www.freebsd.org/ website, countless mailing lists,regional user groups, and conferences canbe invaluable.Have a question?Just email questions@FreeBSD.org, and one or more of the hundreds ofvolunteers will undoubtedly answer it. Want to learn more about theexcitingnewfeaturescominginfutureFreeBSDversions?ReadtheProject’squarterly status reports or developmentmailing lists, or attend one of themanyregionalBSDconferencestakingplacearoundtheworld.

These resources are a product of the FreeBSD Project and itscommunity, a largenumberof collaborating individuals and companies, aswell as the FreeBSD Foundation, a nonprofit organization coordinatingfunding,legalresources,andsupportfordevelopmentworkandcommunityactivities. Michael’s easy-to-use book provides a gateway for newbies tobenefit from this community’s expertise and to become active users ofFreeBSDthemselves.

FreeBSDisopensourcesoftware,availableforyoutouseanddistributeat no charge. By helping to support, advocate, or even develop FreeBSD,youcangivebacktotheFreeBSDProjectandhelpthiscommunitygrow.

Whether you are a new user of FreeBSD or an experienced one, I amconfidentyouwillfindAbsoluteFreeBSDabookyouwanttokeepcloseathand.

MarshallKirkMcKusickFreeBSDCommitterTreasurer,FreeBSDFoundation

http://www.freebsd.org/mailto:questions@FreeBSD.org

Berkeley,CaliforniaJanuary2018

ACKNOWLEDGMENTS

This bookwould not existwithout decades of support from the FreeBSDcommunity.Manypeoplehavetoldmethattheyreachformybookstolearnhowtoaccomplishsomething.Whattheydon’tseeishowmanytimesI’vereachedouttomailinglists,forums,andusergroupstogetthatsamesortofhelp—not to mention all the times I’ve used other people’s archiveddiscussions to figure out where I went horribly wrong. In addition to allthose folks who’ve gone before me, though, I need to name those whohelpedmeonthisparticularbook.

GavinAtkinson,DianeBruce,JulianElischer,LarsEngels,AlexKozlov,StevenKreuzer,Ganael Laplanche,Greg “Groggy”Lehey,WarnerLosh,RemkoLodder,RuslanMakhmatkhanov,HirenPanchasara,ColinPercival,Matthew Seaman, Lev Serebryakov, Carlo Strub, Romain Tartière, andThomasZanderallprovidedvitalfeedbackonearlierversionsofthisbook.Some of them read individual chapters that they have special expertise in,while others read thewhole blasted bookwhether they knew the topic ornot.Bothkindsof feedbackare invaluable. JohnBaldwin,BennoRice,andGeorge Neville-Neil collaborated on performing a final technical review,catching errors that ranged from the subtly horrific to the blatantlyappalling.Any errors that remain in this bookwere introduced bymyself,despiteallthesepeople’sbestefforts.

I’ve also received years of support from Allan Jude and BenedictReuschling of the BSDNow (https://www.bsdnow.tv/) podcast, along withalumnusKrisMoore.They’vebackedmyworkevenwhentheyhadnoideawhat the heck I was doing. Their show is a great source of BSD-relatednews,education,andgossip.(It’sacommunity.There’salwaysgossip.)Justthisweek, theywalkedmethroughunderstandingthescheduler inawayIneverhavebefore.

Bert JW Regeer donated $800 to the FreeBSD Foundation for thedubious privilege of being abused in this book. I sincerely thank Bert forbeing a good sport, andhandling all the indignities Iheapuponhimwith

https://www.bsdnow.tv/

graceandaplomb.OfallthefolkswhobackmeonPatreon,ImustespeciallythankStefan

JohnsonandKateEbneter.Becausethat’swhattheirPatreonrewardlevelssayI’lldo.So:thankyou!

Janelle over atNo Starch Press had the unenviable job of shepherdingthisbookthroughproduction,whichiskindoflikeherdingcatsexceptthecats are angry and have switchblades. Thank you for dragging this tomeacross the finish line. I alsoneed to thank the rest of theNoStarch staff,who suffered through transforming my meandering babblings into a realbook.

Andasalways,mygratitudetomyamazingwifeLiz.

INTRODUCTION

Welcome to Absolute FreeBSD! This book is a one-stop shop for systemadministratorswhowanttobuild,configure,andmanageFreeBSDservers.It will also be useful for those folks who want to run FreeBSD on theirdesktops,embeddeddevices,serverfarms,andsoon.Bythetimeyoufinishthisbook,youshouldbeabletouseFreeBSDtoprovidenetworkservices.You should also understand how to manage, patch, and maintain yourFreeBSD systems and have a basic understanding of networking, systemsecurity,andsoftwaremanagement.We’lldiscussFreeBSDversions11and12, which are the most recent versions at the time this book is beingreleased;however,mostof thisbookappliestoearlierandlaterversionsaswell.

WhatIsFreeBSD?FreeBSD is a freely available Unix-like operating system popular withinternet service providers, in appliances and embedded systems, andanywherethatreliabilityoncommodityhardwareisparamount.Onedaylastweek, FreeBSD miraculously appeared on the internet, fully formed,extrudeddirectlyfromthemutantbrainofitsheroiccreator’sloftyintellect.Justkidding—thetruthisfarmoreimpressive.FreeBSDisaresultofalmostfour decades of continuous development, research, and refinement. ThestoryofFreeBSDbeginsin1979,withBSD.

BSD:FreeBSD’sGranddaddyMany years ago, AT&T needed a lot of specialized, custom-written

computer software to run itsbusiness. Itwasn’t allowed to compete in thecomputerindustry,however,soitcouldn’tsellitssoftware.Instead,AT&Tlicensedvariouspiecesofsoftwareandthesourcecodeforthatsoftwaretouniversities at low, lowprices.Theuniversities could savemoneybyusingthis software instead of commercial equivalents with pricey licenses, anduniversitystudentswithaccesstothisniftytechnologycouldreadthesourcecode to seehoweverythingworked. In return,AT&Tgot exposure, somepocket change, and a generation of computer scientists who had cut theirteethonAT&Ttechnology.Everyonegotsomethingoutof thedeal.Thebest-knownsoftwaredistributedunderthislicensingplanwasUnix.

Comparedwithmodernoperatingsystems,theoriginalUnixhadalotofproblems.Thousandsofstudentshadaccesstoitssourcecode,however,andhundreds of teachers needed interesting projects for their students. If aprogrambehavedoddly,oriftheoperatingsystemitselfhadaproblem,thepeoplewholivedwiththesystemonaday-to-daybasishadthetoolsandthemotivationtofix it.TheireffortsquicklyimprovedUnixandcreatedmanyfeatures we now take for granted. Students added the ability to controlrunningprocesses,alsoknownasjobcontrol.TheUnixS51Kfilesystemmadesystemadministratorsbawllikeexhaustedtoddlers,sotheyreplaceditwiththeFastFileSystem (FFS),whose featureshave spread intoeverymodernfilesystem. Many small, useful programs were written over the years,graduallyreplacingentireswathsofUnix.

The Computer Systems Research Group (CSRG) at the University ofCalifornia,Berkeley,participatedintheseimprovementsandalsoactedasacentralclearinghouseforUnixcodeimprovements.CSRGcollectedchangesfromotheruniversities,evaluatedthem,packagedthem,anddistributedthecompilation for free to anyone with a valid AT&T UNIX license. TheCSRGalsocontractedwiththeDefenseAdvancedResearchProjectsAgency(DARPA) to implement various features in Unix, such as TCP/IP. Theresulting collection of software came to be known as theBerkeley SoftwareDistribution,orBSD.

BSD users took the software, improved it further, and then fed theirenhancementsbackintoBSD.Today,weconsiderthistobeafairlystandardwayforanopensourceprojecttorun,butin1979itwasrevolutionary.BSDwas also quite successful; if you check the copyright statement on an oldBSDsystem,you’llseethis:

Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved.

Yep, 15 years ofwork—a lifetime in softwaredevelopment.Howmanyother pieces of software are not only still in use, but still in activedevelopment,15yearsafterworkbegan?Infact,somanyenhancementsandimprovementswent intoBSDthat theCSRGfound thatover theyears, ithadreplacedalmostalloftheoriginalUnixwithcodecreatedbytheCSRGanditscontributors.YouhadtolookhardtofindanyoriginalAT&Tcode.

Eventually,theCSRG’sfundingebbed,anditbecameclearthattheBSDprojectwouldend.After somepoliticalwranglingwithin theUniversityofCalifornia, in1992theBSDcodewasreleasedto thegeneralpublicunderwhatbecameknownastheBSDlicense.

TheBSDLicenseBSD code is available for anyone to use underwhat is probably themostliberal license in the history of software development. The license can besummarizedasfollows:

Don’tclaimyouwrotethis.Don’tblameusifitbreaks.Don’tuseournametopromoteyourproduct.

Thismeans that youcandoalmost anythingyouwantwithBSDcode.(The original BSD license did require that users be notified if a softwareproduct included BSD-licensed code, but that requirement was laterdropped.)There’snotevenarequirementthatyoushareyourchangeswiththe original authors! People were free to take BSD and include it inproprietary products, open source products, or free products—they couldevenprintitoutonpunchcardsandcoverthelawnwithit.Youwanttorunoff10,000BSDCDsanddistributethemtoyourfriends?Enjoy.Insteadofcopyright, theBSD license is sometimes referred to as copycenter, as inTakethis down to the copy center and run off a few for yourself. Not surprisingly,companies such as Sun Microsystems jumped right on it: it was free, itworked,andplentyofnewgraduateshadexperiencewiththetechnology—includingBillJoy,oneofSun’sfounders.Onecompany,BSDi,wasformed

specificallytotakeadvantageofBSDUnix.

TheAT&T/CSRG/BSDiIronCageMatchAt AT&T, UNIX work continued apace even as the CSRG went on itsmerryway.AT&TtookpartsoftheBSDUnixdistribution,integratedthemwith itsUNIX, and then relicensed the resultback to theuniversities thatprovided those improvements. This worked well for AT&T until thecompany was broken up and the resulting companies were permitted tocompete in the computer software business. AT&T had one particularlyvaluable property: a high-end operating system that had been extensivelydebugged by thousands of people.This operating systemhadmany usefulfeatures, such as a variety of small but powerful commands, a modernfilesystem, job control, and TCP/IP. AT&T started a subsidiary, UnixSystems Laboratories (USL), which happily started selling Unix toenterprisesandchargingveryhighfeesforit,allthewhilemaintainingtheuniversityrelationshipthathadgivenitsuchanadvancedoperatingsysteminthefirstplace.

Berkeley’s public release of the BSD code in 1992 wasmet with greatdispleasurefromUSL.Almostimmediately,USLsuedtheuniversityandthesoftware companies that had taken advantage of the software, particularlyBSDi.TheUniversity ofCalifornia claimed that theCSRGhad compiledBSDfromthousandsofthird-partycontributorsunrelatedtoAT&T,andsoitwastheCSRG’sintellectualpropertytodisposeofasitsawfit.

ThislawsuitmotivatedmanypeopletograbacopyofBSDtoseewhatallthefusswasabout,whileothersstartedbuildingproductsontopofit.Oneoftheseproductswas386BSD,whichwouldeventuallybeusedasthecoreofFreeBSD1.0.

In1994,after twoyearsof legalwrangling, theUniversityofCalifornialawyersprovedthat themajorityofAT&TUNIXwasactually taken in itsentirety from BSD, rather than the other way around. To add insult toinjury,AT&ThadactuallyviolatedtheBSDlicensebystrippingtheCSRGcopyright from files it had assimilated. (Only a very special company canviolatetheworld’smostgeneroussoftwarelicense!)Ahalf-dozenfilesweretheonlysourcesofcontention,andtoresolvetheseoutstandingissues,USLdonated some of them to BSD while retaining some as proprietaryinformation.

Once the dust settled, a new version of BSDUnixwas released to theworld as BSD 4.4-Lite. A subsequent update, BSD 4.4-Lite2, is thegrandfatherofthecurrentFreeBSD,aswellasancestortoeveryotherBSDvariantinusetoday.

TheBirthofFreeBSDOneearlyresultofBSDwas386BSD,aversionofBSDdesignedtorunonthecheap386processor.1The386BSDprojectsuccessfullyportedBSDtoIntel’s 386 processor, but it stalled. After a period of neglect, a group of386BSDusersdecided tobranchouton theirownandcreateFreeBSDsothey could keep the operating system up to date. (Several other groupsstarted theirownbranchesoffof386BSDaround the same time,ofwhichonlyNetBSDremains.)

386BSD and FreeBSD 1 were derived from 1992’s BSD release, thesubjectofAT&T’swrath.Asaresultofthelawsuit,allusersoftheoriginalBSDwererequestedtobaseanyfurtherworkonBSD4.4-Lite2.BSD4.4-Lite2 was not a complete operating system—in particular, those few filesAT&Thadretainedasproprietarywerevitaltothesystem’sfunction.(Afterall, if those files hadn’t been vital, AT&T wouldn’t have bothered!) TheFreeBSDdevelopmentteamworkedfranticallytoreplacethosemissingfiles,and FreeBSD 2.0 was released shortly afterward. Development hascontinuedeversince.

Today,FreeBSDisusedacrosstheinternetbysomeofthemostvitalandvisible internet-oriented companies.Netflix’s content delivery system runsentirely on FreeBSD. IBM,Dell/EMC, Juniper,NetApp, Sony andmanyotherhardwarecompaniesuseFreeBSDinembeddedsystemswhereyou’dneverevenknowitunlesssomeonetoldyou.Thefactis,ifacompanyneedstopumpseriousinternetbandwidth,it’sprobablyrunningFreeBSDoroneofitsBSDrelatives.

FreeBSD also finds its way into all sorts of embedded and dedicated-purpose devices. Do you have a PlayStation 4? Congratulations, you’rerunningFreeBSD.Iheararootshellishardtogetononeofthem,though.

Like smog, spiders, and corn syrup, FreeBSD is all around you; yousimply don’t see it because FreeBSD just works. The key to FreeBSD’sreliability is the development team and user community—which are really

thesamething.

FreeBSDDevelopmentThere’s an old saying that managing programmers is like herding cats.DespitethefactthattheFreeBSDdevelopmentteamisscatteredacrosstheworldandspeaksdozensoflanguages,forthemostpart,themembersworkwelltogetheraspartsoftheFreeBSDcommunity.They’remorelikeaprideof lions than a collection of house cats. Unlike some other projects, allFreeBSD development happens in public. Three groups of people areresponsibleforFreeBSD’sprogress:committers,contributors,andusers.

CommittersFreeBSD has about 500 developers, or committers.Committers have read-and-write access to the FreeBSD master source code repository and candevelop, debug, or enhance any piece of the system. (The term committercomes from their ability to commit changes to the source code.) Becausethese commits can break the operating system in both subtle and obviousways, committers carry a heavy responsibility.Committers are responsibleforkeepingFreeBSDworkingor,atworst,notbreakingitastheyaddnewfeatures and evaluate patches from contributors.Most of these developersarevolunteers;onlyahandfulareactuallypaidtodothispainstakingwork,and most of those people are paid only as it relates to other work. Forexample, Intel employs committers to ensure that FreeBSD properlysupports its network cards. FreeBSD has a high profile in the internet’sheavy-liftingcrowd,soIntelneedsitscardstoworkonFreeBSD.

To plug yourself into the beehive of FreeBSD development, considersubscribingtothemailinglistFreeBSD-hackers@FreeBSD.org,whichcontainsmost of the technical discussion. Some of the technical talk is broken outintomorespecificmailinglists—forexample,finedetailsofthenetworkingimplementationarediscussedinFreeBSD-net@FreeBSD.org.

Every few years, the committer team elects a small number of itsmembers to serve as a core team, orCore. Core’s work is simultaneouslyvital, underrated, andmisunderstood. Core is theoretically responsible fortheoverallmanagementofFreeBSD,butinpractice,itmanageslittleother

mailto:FreeBSD-hackers@FreeBSD.orgmailto:FreeBSD-net@FreeBSD.org

than resolving personality disputes and procedural conflicts amongcommitters.Corealsoapprovesnewcommittersanddelegatesresponsibilityfor large parts of FreeBSD to individuals or groups. For example, itdelegates authority over the ports and packages system to the portsmanagement team.Coredoesnot set architectural direction forFreeBSD,nordoesitdictateprocessesorprocedures;that’suptothecommitters,whomust agree en masse. Core does suggest, cajole, mediate, and inspire,however.

Core also experiences theworst part ofmanagement. Some of the keyfunctions of management in a company are oversight, motivation, andhandlingproblemsbetweenpeople.Oversightisprovidedbythemillionsofusers who will complain loudly when anything breaks or behavesunexpectedly,andFreeBSDcommittersareself-motivated.Theuglypartofmanagement is settling squabbles between two people, and that’s the partCoregets stuckwith.The statusonegets fromsaying“I’m inCore” is aninsufficient reward forhaving tomanage theoccasional argumentbetweentwo talenteddeveloperswho’vegottenon eachother’snerves.Fortunatelysuchdisagreementsarerareandusuallyresolvedquickly.

ContributorsInadditiontothecommitterteam,FreeBSDhasthousandsofcontributors.Contributorsdon’thave toworryaboutbreakingthemainoperatingsystemsource code repository; they submit their patches for consideration bycommitters.Committers evaluate contributor submissions anddecidewhattoacceptandwhattoreject.Acontributorwhosubmitsmanyhigh-qualitypatchesisoftenaskedtobecomeacommitterthemselves.

Forexample,IspentseveralyearscontributingtoFreeBSDwhenevertheurge struckme.Any time I feel that I’vewastedmy life, I can look at theFreeBSDwebsite and seewheremyworkwas acceptedby the committersanddistributedtothousandsofpeople.AfterIsubmittedthefirsteditionofthisbooktothepublisher,IspentmysparetimesubmittingpatchestotheFreeBSDFAQ.Eventually,somemembersoftheFreeBSDDocumentationProjectapproachedmeandaskedmetobecomeacommitter.Asareward,Igot an email address and the opportunity to humiliate myself beforethousands of people, once again demonstrating that no good deed goesunpunished.

IfIhadnevercontributedanything,I’dremainauser.Nothing’swrongwiththat,either.

UsersUsers are the people who run FreeBSD systems. It’s impossible torealistically estimate the number of FreeBSD users. While organizationssuchas theBSDstatsProject (http://www.bsdstats.org/)makeaneffort, theseprojects are opt-in.Theymeasure only folks who have installed FreeBSDand then installed the software that adds their system to the count.MostusersdownloadthewholeofFreeBSDforfreeandneverregister,upgrade,oremailamailinglist.WehavenoideahowmanyFreeBSDusersareintheworld.

SinceFreeBSDisbyfarthemostpopularopensourceBSD,that’snotaninconsiderable number of machines. And since one FreeBSD server canhandle hundreds of thousands of internet domains, a disproportionatenumber of sites use FreeBSD as their supporting operating system. Thismeans that there are hundreds of thousands, if not millions, of FreeBSDsystemadministratorsoutintheworldtoday.

OtherBSDsFreeBSDmightbe themostpopularBSD,but it’snot theonlyone.BSD4.4-Lite2 spawned several different projects, each with its own focus andpurpose.Those projects in turn had their own offspring, several of whichthrivetoday.

NetBSDNetBSD is similar toFreeBSD inmanyways, andNetBSDandFreeBSDsharedevelopersandcode.NetBSD’smaingoal is toprovidea secureandreliableoperatingsystemthatcanbeportedtoanyhardwareplatformwithminimal effort. As such,NetBSD runs on Vixens, PocketPC devices, andhigh-end SPARC and Alpha servers. I ran NetBSD on my HP Jornadahandheldcomputer.2

http://www.bsdstats.org/

OpenBSDOpenBSDbranchedoff fromNetBSD in1996with thegoal of becomingthe most secure BSD. OpenBSD was the first to support hardware-acceleratedcryptography,anditsdevelopersarerightfullyproudofthefactthat their default installation was largely immune to remote exploits forseveralyears.TheOpenBSDteamhascontributedseveralvaluablepiecesofsoftware to the world, including the LibreSSL TLS library and theOpenSSHsuiteusedbyalmosteveryonefromLinuxtoMicrosoft.

DragonFlyBSDDragonFlyBSDforkedfromFreeBSD4in2003.Itdevelopedinadifferentdirection than FreeBSD, with a new kernelmessaging system.DragonFlyBSD has very high performance and its HAMMER filesystem supportssnapshots and fine-grained history. Check out http://www.dragonflybsd.org/formoreinformation.

macOSApple’smacOS?That’sright.Appleincorporates largechunksofFreeBSDintoitsmacOSonanongoingbasis.Ifyou’relookingforastableoperatingsystemwithafriendlyfaceandapowerfulcore,macOSisunquestionablyforyou. While FreeBSD makes an excellent desktop for a computerprofessional,Iwouldn’tputitinfrontofarandomuser.IwouldputmacOSinfrontofthatsamerandomuserwithoutasecondthought,however,andI’d even feel that I was doing the right thing. ButmacOS includesmanythingsthataren’tatallnecessaryforaninternetserver,anditrunsonlyonApplehardware,soIdon’trecommenditasaninexpensivegeneral-purposeserver.

FreeBSD’sChildrenSeveralprojectshavetakenFreeBSDandbuiltotherprojectsorproductsontopofit.Theaward-winningFreeNAStransformsacommoditysystemintoa network fileserver. The pfSense project transforms your system into afirewall with a nice webmanagement interface.TrueOS gives FreeBSD afriendly face while supporting resource-intensive advanced features, like

http://www.dragonflybsd.org/

ZFS, while GhostBSD puts a friendly face on equipment with lesscomputingoomph.Otherprojectslikethisappearfromtimetotime;whilenotallaresuccessful, I’msurebythetimethisbookcomesout,we’llhaveoneortwomoresolidmembersofthisgroup.

OtherUnixesSeveralotheroperatingsystemsderivefromoremulateprimordialUnixinonewayoranother.Thislistisbynomeansexhaustive,butI’lltouchonthehighpoints.

SolarisThe best-known Unix might be Oracle Solaris. Solaris runs on high-endhardwarethatsupportsdozensofprocessorsandgobsofdisk.(Yes,gobsisatechnicalterm,meaningmorethanyoucouldpossiblyeverneed,andIknowverywell that you need more disk than I think you need.) Solaris, especially earlyversionsofSolaris,hadstrongBSDroots.Manyenterprise-levelapplicationsrun on Solaris. Solaris runs mainly on the SPARC hardware platformmanufacturedbySun,whichallowsSuntosupportinterestingfeatures,suchashot-swappablememoryandmainboards.

The Oracle Corporation acquired Solaris when they bought SunMicrosystems in 2009.Oracle ceased Solaris development in 2016.Whilethere’sstillanextensiveinstalledbaseofSolarissystemsandyoucanstillgetSolarisfromOracle,asoftoday,OracleSolarishasnofuture.

illumosSeveralyearsbeforeOraclepurchasedSunMicrosystems,Sunopensourcedthemajority of Solaris and sponsored theOpenSolaris project to improvethat codebase.OpenSolaris ran successfully untilOracle shut down sourceaccessandreclaimedalloftheOpenSolarisresources.

The OpenSolaris code was still available, though. The OpenSolariscommunityforkedOpenSolarisintoillumos(http://illumos.org/).IfyoumissSolaris, you can still use a free, modern, Solaris-like operating system.FreeBSD includes two important features fromOpenSolaris, theZetabyte

http://illumos.org/

Filesystem(ZFS)andDTrace,afull-systemtracingsystem.

AIXAnotherUnixcontenderisIBM’sentry,AIX.AIX’smainclaimtofameisitsjournalingfilesystem,whichrecordsalldisktransactionsastheyhappenandallows for fast recovery from a crash. Itwas also IBM’s standardUnix formanyyears, and anythingbackedbyBigBlue showsup all over theplace.AIX started life based on BSD, but AT&T has twiddled just abouteverythingsothatyouwon’tfindmuchBSDtoday.

LinuxLinuxisaclosecousinofUnix,writtenfromthegroundup.LinuxissimilartoFreeBSDinmanyways,thoughFreeBSDhasamuchlongerheritageandis friendlier to commercial use than Linux. Linux includes a requirementthatanyuserwhodistributesLinuxmustmakehisorherchangesavailabletotheenduser,whileBSDhasnosuchrestriction.Ofcourse,aLinuxfanwould say, “FreeBSD is more vulnerable to commercial exploitation thanLinux.” Linux developers believe in share-and-share-alike, while BSDdevelopers offer a no-strings-attached gift to everyone. It all depends onwhat’simportanttoyou.

ManynewUnixusershaveaperceptionofconflictbetweentheBSDandLinuxcamps.Ifyoudigalittledeeper,however,you’llfindthatmostofthedevelopers of these operating systems communicate and cooperate in afriendlyandopenmanner.It’sjustahardfringeofusersanddevelopersthatgenerate friction, much like different soccer teams’ hooligans or differentStarTrekseries’fans.3

OtherUnixesManyUnixeshavecomeandgone,whileothersstaggeron.Pastcontendersinclude Silicon Graphics’ IRIX, Hewlett-Packard’s HP/UX, Tru64 Unix,andthesuicidalSCOGroup’sUnixWare.Digfurtherandyou’llfindoldercastoffs,includingApple’sA/UXandMicrosoft’sXenix.(Yes,Microsoftwasa licensedUnixvendor,back in thatagewhendinosaurswatched theskiesnervously and my dad hunted mammoth for all the tribal rituals.) Many

high-end applications are designed to run best on one particular flavor ofUnix. AllmodernUnixes have learned lessons from these older operatingsystems,andtoday’sUnixesandUnix-likeoperatingsystemsareremarkablysimilar.

WHYUNIX-LIKE?

One thing to note is that FreeBSD, Linux, and so on arecalled Unix-like instead of Unix. The term Unix is atrademarkofTheOpenGroup.For anoperating system toreceive the right to call itself Unix, the vendor must provethat theOS complieswith the current versionof theSingleUnix Specification. While FreeBSD generally meets thestandard, continuous testing and recertification costmoney,which the FreeBSD Project doesn’t have to spare.CertificationasUnixalsorequiresthatsomeonesignapaperstatingnot only thatheor she is responsible forFreeBSD’sconformance to theSingleUnixSpecificationbut thatheorshewillfixanydeviationsfromthestandardthatarefoundinthe future. FreeBSD’s development model makes this evenmore difficult—bugs are found and deviations are fixed, butthere’snobodywhocansignapieceofpaperthatguarantees100percentstandardscompliance.

FreeBSD’sStrengthsAfterallthis,whatmakesFreeBSDunique?

PortabilityTheFreeBSDProject’sgoalistoprovideafreelyredistributable,stable,andsecureoperatingsystemthatrunsonthecomputerhardwarethatpeoplearemostlikelytohaveaccessto.PeoplehaveportedFreeBSDtoavarietyofless

popularplatformsaswell.The best supportedFreeBSDplatform is the common 64-bit hardware

developed by AMD, used by almost everyone, and even copied by Intel.FreeBSDalsofullysupportstheolder32-bitcomputers,suchas486sandallthe flavors of Pentiums. This book uses 64-bit commodity hardware, oramd64,asareferenceplatform.

FreeBSD runs well on several other hardware architectures but is notcompletely supported yet. These include 32-bit ARM processors andPowerPC. While these other platforms are not afterthoughts, they don’treceivethesamelevelofattentionthatx86andamd64do.The64-bitARMplatform is expected to becomeTier 1 shortly after this book comes out,however.

YoucanalsoloadFreeBSDoncertainolderarchitectures,suchas64-bitSPARC.Theseplatformswereoncewellsupportedbutareontheirwayout.

PowerSinceFreeBSDrunsadequatelyon486processors,itrunsextremelywellonmoderncomputers.It’srathernicetohaveanoperatingsystemthatdoesn’tdemand 8 cores and 12 gigs of RAM just to run the user interface. As aresult,youcanactuallydedicateyourhardware toaccomplishingrealworkrather than tasks you don’t care about. If you choose to run a prettygraphical interface with all sorts of spinning gewgaws and fancy whistles,FreeBSD will support you, and it won’t penalize you if you chooseotherwise.FreeBSDwillalsosupportyouonthelatestn-CPUhardware.

SimplifiedSoftwareManagementFreeBSD also simplifies software management through the packagingsystemandthePortsCollection.Traditionally,runningsoftwareonaUnix-like system required a great deal of expertise. Packages and ports simplifythisconsiderablybyautomatinganddocumentingtheinstall,uninstall,andconfigurationprocessesforthousandsofsoftwarepackages.

WediscusspackagesinChapter15andportsinChapter16.

CustomizableBuilds

FreeBSDprovidesapainlessupgradeprocedure,butitalsoletsyoupreciselycustomizetheoperatingsystemforyourhardware.CompanieslikeAppledoexactlythis,buttheycontrolboththehardwareandthesoftware;FreeBSDpullsoffthesametrickoncommodityhardware.

AdvancedFilesystemsAfilesystemishowinformationisstoredonthephysicaldisk—it’swhatmapsthe fileMyResume toa seriesofzerosandonesonaharddrive.FreeBSDincludes two well-supported filesystems, UFS (Chapter 11) and ZFS(Chapter 12). UFS has been around for multiple decades and is highlydamage-resistant. ZFS is younger but includes features such as networkreplicationandself-healing.

WhoShouldUseFreeBSD?WhileFreeBSDcanbeusedasapowerfuldesktopordevelopmentmachine,itshistoryshowsastrongbiastowardnetworkservices:web,mail, file,andancillary applications. FreeBSD is most famous for its strengths as aninternetserver,andit’sanexcellentchoiceasanunderlyingplatformforanynetworkservice.IfmajorfirmssuchasNetflixcountonFreeBSDtoprovidereliableservice,itwillworkaswellforyou.

If you’re thinking of runningFreeBSD (or anyUnix) on your desktop,you’llneedtounderstandhowyourcomputerworks.FreeBSDisnotyourbestchoice ifyouneedpoint-and-clicksimplicity. If that’syourgoal,getaMac so you can use the power of Unix when you need it and not worryaboutittherestofthetime.IfyouwanttolearnFreeBSD,though,runningitonyourdesktopisthebestway—aswe’lldiscusslater.

WhoShouldRunAnotherBSD?NetBSD and OpenBSD are FreeBSD’s closest competitors. Unlikecompetitors in the commercial world, this competition is mostly friendly.FreeBSD,NetBSD,andOpenBSDfreelysharecodeanddevelopers; somepeopleevenmaintainthesamesubsystemsinmultipleoperatingsystems.

Ifyouwanttouseoldoroddballhardware,NetBSDisagoodchoicefor

you.Forseveralyears,IranNetBSDonanancientSGIworkstationthatIused as aDomainNameSystem (DNS) and fileserver. It did the jobwelluntilthehardwarefinallyreleasedacloudofsmokeandstoppedworking.

OpenBSD has implemented an impressive variety of security features.Some of the tools are eventually integrated into FreeBSD, but that takesmonths or years. Some of the tools can never be duplicated in FreeBSD,however.IfyouhaverealsecurityconcernsandcanuseaUnix-likesystemwithoutthefeaturesetFreeBSDprovides,considerOpenBSD.TakealookatmybookAbsoluteOpenBSD(NoStarchPress,2013)foranintroduction.

Ifyou’rejustexperimentingtoseewhat’soutthere,anyBSDisgood!

WhoShouldRunaProprietaryOperatingSystem?Operating systems such as macOS,Windows, AIX, and their ilk are stillquite popular, despite the open source operating systems gnawing at theirmarket share. High-end enterprises are pretty tightly shackled tocommercial operating systems. While this is slowly changing, you’reprobably stuck with commercial operating systems in such environments.But slipping in an occasional FreeBSD machine to handle basic services,such asmonitoring and department file serving, canmake your lifemucheasieratmuchlowercost.CompanieslikeDell/EMC/IsilonhavebuiltentirebusinessesusingFreeBSDinsteadofcommercialoperatingsystems.

Ofcourse,ifthesoftwareyouneedrunsonlyonaproprietaryoperatingsystem, your choice is pretty clear. Still, always ask a vendor whether aFreeBSDversionisavailable;youmightbepleasantlysurprised.

HowtoReadThisBookManycomputerbooksarethickandheavyenoughtostunanox,ifyouhavethe strength to lift themhigh enough.Plus, they’re either encyclopedic inscopeorsopainfullydetailedthatthey’redifficult toactuallyread.Doyoureallyneedtoreferenceascreenshotwhenyou’retoldtoclickOKoracceptthelicenseagreement?Andwhenwasthelasttimeyouactuallysatdowntoreadtheencyclopedia?

AbsoluteFreeBSD isa littledifferent.It’sdesignedtobereadonce,from

fronttoback.Youcanskiparoundifyouwantto,buteachchapterbuildsonwhatcomesbefore it.While this isn’ta smallbook, it’s smaller thanmanypopular computer books. After you’ve read it once, it makes a decentreference.

Ifyou’reafrequentbuyerofcomputerbooks,pleasefeelfreetoinsertallthatusualcrudabout“readachapteratatimeforbestlearning”andsoon.I’mnot going to coddle you—if youpicked up this book, you either havetwobraincellstorubtogetheroryou’revisitingsomeonewhodoes.(Ifit’sthelatter,hopefullyyourhostissmartenoughtotakethisbookawayfromyoubeforeyoulearnenoughtobecomedangerous.)

WhatMustYouKnow?ThisbookisaimedatthenewUnixadministrator.Threedecadesago,theaverage Unix administrator had kernel programming experience and wasworkingon theirmaster’sdegree in computer science.Evenadecade ago,theywerealreadyaskilledUnixuserwithrealprogrammingskillsandmostofabachelor’sdegree incompsci.Today,Unix-likeoperatingsystemsarefreely available, computers are cheaper than food, and even 12-year-oldchildrencanrunUnix,readthesourcecode,andlearnenoughtointimidateolderfolks.Assuch,Idon’texpectyoutoknowahugeamountaboutUnixbeforefiringitup.

Touse thisbook to its full potential, youneed tohave familiaritywithsomebasictasks,suchashowtochangedirectories, listfilesinadirectory,and log inwithausernameandpassword. Ifyou’renot familiarwithbasiccommands and the Unix shell, I recommend you begin with a book likeUNIXSystemAdministrationHandbookbyEviNemethandfriends(PrenticeHallPTR,2017).Tomakethingseasieronnewersystemadministrators,Iinclude the exact commands needed to produce the desired results. If youlearnbestbyexample,youshouldhaveeverythingyouneedrighthere.

You’ll also need to know something about computer hardware—not ahugeamount,mindyou,butsomething.IthelpstoknowhowtorecognizeaSATAcable.Yourneedforthisknowledgedependsonthehardwareyou’reusing,butifyou’reinterestedenoughtopickupthisbookandreadthisfar,youprobablyknowenough.

FortheNewSystemAdministratorIfyou’renewtoUnix,thebestwaytolearnistoeatyourowndogfood.No,I’mnotsuggestingthatyoudinewithRover.Ifyouranadogfoodcompany,you’dwant tomakeaproduct thatyourowndogeatshappily. Ifyourdogturnshisnoseupatyourlatestrecipe,youhaveaproblem.Thepointhereisthatifyouworkwithatoolorcreatesomething,youshouldactuallyuseit.The same thing applies to any Unix-like operating system, includingFreeBSD.

DesktopFreeBSDIfyou’reseriousaboutlearningFreeBSD,Isuggestwipingouttheoperatingsystem on yourmain computer and running FreeBSD instead.No, not adesktop-oriented FreeBSDderivative likeTrueOS orGhostBSD: run rawFreeBSD. Yes, I know, now that dog food doesn’t sound so bad. Butlearninganoperatingsystemis like learninga language; total immersionisthequickestandmostpowerfulwaytolearn.That’swhatIdid,andtodayIcanmakeaUnix-likesystemdoanythingIwant.I’vewrittenentirebooksona FreeBSD laptop, using the open source text editor XEmacs and theLibreOffice.orgbusinesssuite.I’vealsousedFreeBSDtowatchmovies,ripand listen toMP3s,balancemybankaccounts,processmyemail, and surfthe web. The desktop in my lab has a dozen animated BSD daemonsrunningaroundthewindowmanager,andIoccasionallytakeabreaktozapthemwithmymouse.Ifthisdoesn’tcountasaStupidDesktopTrick,Idon’tknowwhatdoes.4

Many Unix system administrators these days come from a Windowsbackground. They’re beavering away in their little world when theirmanagerswoopsbyandsays,“Youcanhandleonemoresystem,can’tyou?Glad to hear it! It’s aUnix box, by the way,” and then vanishes into themanagerialether.OncethenewUnixadministratordecidesnottoquitherjobandstartafreshandexcitingcareerasawhalenecropsytechnician,shetentativelypokesatthesystem.Shelearnsthatlsislikedirandthatcdisthesameonbothplatforms.Shecanlearnthecommandsbyrote,reading,andexperience.What she can’t learn, coming from this background, is how aUnix machine thinks. Unix will not adjust to you; you must adjust to it.Windows andmacOS require similar adjustments but hide thembehind a

glitteringfacade.Withthatinmind,let’sspendalittletimelearninghowtothinkaboutUnix.

HowtoThinkAboutUnixThesedays,mostUnixsystemscomewithprettyGUIsoutofthebox,butthey’re just eye candy. No matter how graphically delicious the desktoplooks,therealworkhappensonthecommandline.TheUnixcommandlineis actually one ofUnix’s strengths, and it’s responsible for its unparalleledflexibility.

Unix’sunderlyingphilosophyismanysmalltools,eachofwhichdoesasinglejob well. My mail server’s local programs directory (/usr/local/bin) has 262programs in it. I installed every one of them, either directly or indirectly.Mostaresmall,simpleprogramsthatdoonlyonetask.Thisarrayofsmalltools makes Unix extremely flexible and adaptable. Many commercialsoftware packages try to do everything; they wind up with all sorts ofcapabilities but only mediocre performance in their core functions.Remember, at one time you needed to be a programmer to use a Unixsystem,letalonerunone.Programmersdon’tmindbuildingtheirowntools.TheUnixconceptofpipesencouragedthis.

PipesPeople used to GUI environments, such as Windows and macOS, areprobablyunfamiliarwithhowUnixhandlesoutputandinput.They’reusedtoclickingsomethingandseeingeitheranOKmessage,anerror,nothing,or(alltoooften)aprettybluescreenwithniftyhigh-techlettersexplaininginthelanguagecalledGeekwhythesystemcrashed.Unixdoesthingsalittledifferently.

Unixprogramshavethreechannelsofcommunication,orpipes:standardinput,standardoutput,andstandarderror.Onceyouunderstandhoweachof thesepipesworks,you’reagoodwayalong tounderstanding thewholesystem.

Standard input is thesourceof information.Whenyou’reat theconsoletypingacommand,thestandardinputisthedatacomingfromthekeyboard.Ifaprogramis listeningtothenetwork,thestandardinputisthenetwork.Many programs can rearrange standard input to accept data from the

network,afile,anotherprogram,thekeyboard,oranyothersource.The standard output iswhere the program’s output is displayed.This is

frequently the console (screen). Network programs usually return theiroutput to the network. Programs might send their output to a file, toanother program, over the network, or anywhere else available to thecomputer.

Finally, standard error is where the program sends its error messages.Frequently,consoleprogramsreturntheirerrorstotheconsole;others logerrorsinafile.Ifyousetupaprogramincorrectly,itjustmightdiscardallerrorinformation.

These three pipes can be arbitrarily arranged, a concept that’s perhapsthe biggest hurdle for newUnix users and administrators. For example, ifyoudon’tliketheerrormessagesappearingontheterminal,youcanredirectthemtoafile.Ifyoudon’twanttorepeatedlytypealotofinformationintoacommand,youcanputtheinformationintoafile(soyoucanreuseit)anddump the file into the command’s standard input.Or,better still, you canrunacommandtogeneratethatinformationandputitinafile,orjustpipe(send)theoutputofthefirstcommanddirectlytothesecond,withoutevenbotheringwithafile.

SmallPrograms,Pipes,andtheCommandLineTaken to their logicalextreme, these input/outputpipesand thevarietyoftools seemoverwhelming.WhenI sawa sysadmin typesomething like thefollowing during my initial Unix training session, I gave seriousconsiderationtochangingcareers.

$ tail -f /var/log/messages | grep -v popper | grep -v named &

Linesofincomprehensibletextbeganspillingacrossthescreen,andtheykept coming. Andworse still,mymentor kept typing as gibberish pouredout!Ifyou’refromapoint-and-clickcomputingenvironment,alongstringof commands like this is definitely intimidating.What do all those funkywordsmean?Andanampersand?Youwantmetolearnwhat?

Thinkoflearningtousethecommandlineaslearningalanguage.Whenlearning a language, we start with simple words. As we increase ourvocabulary,we also learnhow to string thewords together.We learn thatplacing words in a certain order makes sense, and that a different order

makes no sense at all. You didn’t speak that well at three years old—giveyourselfsomeslackandyou’llgetthere.

Small, simple programs and pipes provide almost unlimited flexibility.Haveyoueverwishedyoucoulduseafunctionfromoneprograminanotherprogram?Byusing a varietyof smallerprograms and arranging the inputsandoutputsasyoulike,youcanmakeaUnixsystembehaveinanymannerthat amuses you.Eventually, you’ll feel positively hogtied if you can’t justrunacommand’soutputthrough| sort -rnk 6 | less.5

EverythingIsaFileYoucan’tbearoundUnixforverylongbeforehearingthateverythingisafile.Programs,accountinformation,andsystemconfigurationareallstoredin files.Unix has noWindows-style registry; if you back up the files, youhavethewholesystem.

What’smore, the system identifies systemhardware as files!YourCD-ROMdriveisafile,/dev/cd0.Serialportsappearasfileslike/dev/cuaa0.Evenvirtualdevices,suchaspacketsniffersandpartitionsonharddrives,arefiles.

Whenyouhaveaproblem,keepthisfactinmind.Everythingisafile,orisinafile,somewhereonyoursystem.Allyouhavetodoisfindit!

NotesontheThirdEditionAbsoluteBSD(NoStarchPress,2002)wasmyfirsttechnologybookandwaswrittenwhenthevariousBSDoperatingsystemshadmoreincommonthanthey wanted to admit. The second edition, Absolute FreeBSD (No StarchPress,2007),cameoutaftertheBSDshaddiverged,anddetailedFreeBSD’sadvances in the previous five years. With another decade of growth,FreeBSD has evolved to compete with the best commercial operatingsystems. You’ll find multiple top-tier filesystems. Disk management haschangedtoaccommodatenewpartitioningmethods.Virtualizationisnowathing,andFreeBSDsupportsitaseitheraclientorahost.

Thisgrowthhasdrivenchangesinthisbook.Wewon’tdiscussconfiguringmail,DNS,orwebservers.Youhavemore

software choices for these tasks than ever before. Entire books have beenwrittenaboutthosechoicesandhowtousethem.I’vewrittensomeofthose

books.ThosetopicshavebeendroppedtomakespaceforFreeBSD-specificmaterial,likeZFSandjails.

Some of these new features are hugely complex.Complete coverage ofZFSwouldfillentirebooks—Iknow,becauseI’vewrittenthosebooks,too.FreeBSD supports a whole bunch of special-purpose filesystems, eachincrediblyusefultothefolkswhoneedthemandtotallyirrelevanttothosewho don’t. Rather thanwrite amonster tome that nobodywould actuallyread, I’ve elected to cover thematerial that everyFreeBSD sysadminmustknow. If you’re interested in deeper coverage of a particular topic, it’savailable.

Some subsystems are undergoing radical revision. I couldwait towritethisbookuntileveryFreeBSDsubsystemhasastable interface,butthenitwouldcomeoutabout . . .never.AsIwrite this, thebhyvedevelopersareactively rototilling their entire configuration system. Given the choicebetween glossing over a topic and providing flat-out wrongmaterial, I’vechosen to skip detail on bhyve. I hope to be able to delete this paragraphbeforethisbookgoestopress.

I’ve ruthlessly excised obsolete information from this edition. Forexample, modern disk drives don’t generally have to worry about writecaching.Ifyoudiscoverthatapieceofadviceyourememberusingdoesn’tappear in this book, please check FreeBSD’s information resources to seewhetherthatadviceisstillapplicable.

ContentsofThisBookAbsoluteFreeBSD,3rdEditioncontainsthefollowingchapters.

Chapter1:GettingMoreHelpThis chapter discusses the information resources the FreeBSD Projectand its devotees provide for users.No one book can cover everything,but knowing how to use themany FreeBSD resources on the internethelpsfillanygapsyoufindhere.

Chapter2:BeforeYouInstallGettingFreeBSDinstalledisn’tthathard.Makepoorchoicesduringtheinstall,though,andyou’llhaveasystemthatisn’tsuitedforyourneeds.

Thebestway to avoid reinstalling is to think about your requirementsandmake all thedecisionsbeforehand so that the actual install doesn’trequireanythought.

Chapter3:InstallingThischaptergivesyouanoverviewofinstallingFreeBSDusingdifferentpartitioningschemesandfilesystems.

Chapter4:StartMeUp!TheBootProcessThis chapter teaches you about theFreeBSDbootprocess andhow tomakeyoursystemstart,stop,andrebootindifferentconfigurations.

Chapter5:ReadThisBeforeYouBreakSomethingElse!(BackupandRecovery)

Herewediscusshowtobackupyourdataonbothasystem-wideandafile-by-filelevel,andhowtomakeyourchangessothattheycanbeeasilyundone.

Chapter6:KernelGamesThis chapter describes configuring the FreeBSD kernel. Unlike someother operating systems, you’re expected to tune FreeBSD’s kernel tobest suit your purposes. This gives you tremendous flexibility and letsyouoptimizeyourhardware’spotential.

Chapter7:TheNetworkHere we discuss the TCP/IP protocol that underlies the moderninternet,bothversion4andversion6.

Chapter8:ConfiguringtheNetworkFreeBSD doesn’t only shuffle packets crazy fast, but it also supportsvirtual LANs, link aggregation, and more.We’ll configure all of thathere.

Chapter9:SecuringYourSystemThischapterteachesyouhowtomakeyourcomputerresistattackersandintruders.

Chapter10:Disks,Partitioning,andGEOMThis chapter covers someof thedetails ofworkingwithharddrives inFreeBSD. Working with modern hardware means understandingmultiple partitioning schemes, disk alignment, and FreeBSD’s diskmanagementinfrastructure.

Chapter11:TheUnixFileSystemUFS has been FreeBSD’s standard filesystem for decades, and theconcepts of UFS pervade the whole operating system. Whether youintendtouseUFSornot,youmustunderstanditsessentials.

Chapter12:TheZFileSystemZFS is a newer filesystem very popular on larger systems. If you’remanaginglargeamountsofdata,you’llwantZFS.

Chapter13:ForeignFilesystemsEvery sysadmin needs to mount disks over the network or use ISOswithout burning them to CD. This chapter takes you through thoseduties,aswellasintroducingFreeBSD-specificfilesystemslikedevfs.

Chapter14:Exploring/etcThischapterdescribesthemanyconfigurationfilesinFreeBSDandhowtheyoperate.

Chapter15:MakingYourSystemUsefulHereIdescribethepackagessystemthatFreeBSDusestomanageadd-onsoftware.

Chapter16:CustomizingSoftwarewithPortsSometimestheprebuiltpackageswon’tcovereverythingyouneed.Youcan leverage FreeBSD’s package-building system to create your ownsoftwarepackages,tunedtomeetyourexactneeds.

Chapter17:AdvancedSoftwareManagementThis chapterdiscusses someof the finerpointsof running softwareonFreeBSDsystems.

Chapter18:UpgradingFreeBSDThis chapter teaches you how to use FreeBSD’s upgrade process.Theupgrade system is among the most remarkable and smooth of anyoperatingsystem.

Chapter19:AdvancedSecurityFeaturesHerewediscusssomeofthemoreinterestingsecurityfeaturesfoundinFreeBSD.

Chapter20:SmallSystemServicesHerewe discuss someof the small programs you’ll need tomanage inordertouseFreeBSDproperly.

Chapter21:SystemPerformanceandMonitoringThis chapter covers some of FreeBSD’s performance-testing andtroubleshooting tools and shows you how to interpret the results.WealsodiscussloggingandFreeBSD’sSNMPimplementation.

Chapter22:JailsFreeBSDhasaprocess-isolationsubsystem,muchlikeLinuxandSolariscontainers, called jails. We’ll cover the jail system and how you canleverageitforsystemsecurity.

Chapter23:TheFringeofFreeBSDThischapterteachesyousomeofthemoreinterestingtricksyoucandowithFreeBSD,suchasrunningsystemswithoutdisksandwithtinydisks,aswellascloud-friendlyfeatures,likelibxo.

Chapter24:ProblemReportsandPanicsThischapter teachesyouhowtodealwiththoserareoccasionswhenaFreeBSDsystemfails,howtodebugproblems,andhowtocreateausefulproblemreport.

You’ll also find an annotated bibliography, an afterword, and a reallyspiffyprofessionallypreparedindex.

Okay,enoughintroductorystuff.Onward!

1GETTINGMOREHELP

Asthickasthisbookis,itstillcan’tpossiblycovereverythingyoumustknowabout FreeBSD. After all, Unix has been kicking around for close to 50years,BSDispushing40,andFreeBSDisoldenoughtohaveitsdoctorate.Even if youmemorize this book, itwon’t cover every situation youmightencounter. The FreeBSD Project supports a huge variety of informationresources,includingnumerousmailinglistsandtheFreeBSDwebsite,nottomention the officialmanual andHandbook. Its usersmaintain evenmoredocumentation on even more sites. The flood of information can beoverwhelminginitself,anditcanmakeyouwanttojustemailtheworldandbeg for help. But before you send a question to a mailing list or forum,confirmthattheinformationyouneedisn’talreadyavailable.

WhyNotBegforHelp?FreeBSD provides two popular resources for assistance: mailing lists andforums.Manyparticipantsonbothareveryknowledgeableandcananswerquestions veryquickly.Butwhenyou sendaquestion to these communitysupport resources, you’re asking tens of thousands of people all over theworldtotakeamomenttoreadyourmessage.You’realsoaskingthatoneormoreofthemtakethetimetohelpyouinsteadofwatchingafavoritemovie,enjoyingdinnerwiththeirfamilies,orcatchinguponsleep.Problemsarisewhen these experts answer the same question 10, 50, or even hundreds oftimes.Theybecomegrumpy.Somegetdownrighttetchy.

Whatmakesmattersworseisthatmanyofthesesamepeoplehavespent

agreatdealoftimeandeffortmakingtheanswerstomostofthesequestionsavailable elsewhere. If you make it clear that you’ve already searched theresources and your answer really doesn’t appear therein, you’ll probablyreceive a polite, helpful answer. If you ask a question that’s already beenaskedseveralhundredtimes,however,theexpertonthatsubjectjustmightsnapandgoballisticonyou.Doyourhomework,andchancesareyou’llgetananswermorequicklythanafreshcallforassistancecouldprovide.

TheFreeBSDAttitude“Homework?Whatdoyoumean?AmIbackinschool?Whatdoyouwant,burntofferingsonbendedknee?”Yes,youare in school.The informationtechnologybusinessisnothingbutlifelong,self-guidedlearning.Getusedtoitorgetout.Burntofferings,ontheotherhand,aredifficulttotransmitviaemailandaren’tquitesousefultoday.

Most commercial software conceals its innerworkings.Theonly accessyouhave to them is through theoptionspresentedby thevendor.Even ifyou want to learn how something works, you probably can’t. Whensomethingbreaks,youhavenochoicebuttocallthevendorandgrovelforhelp.Worse, thepeoplepaid tohelpyou frequentlyknowlittlemore thanyoudo.

If you’ve never worked with open source software vendors, FreeBSD’ssupportmechanismmightsurpriseyou.Thereisnotoll-freenumbertocallandnovendortoescalatewithin.No,youmaynotspeaktoamanagerandfor a good reason: you are the manager. Congratulations on yourpromotion!

SupportOptionsThatbeingsaid,you’renotentirelyonyourown.TheFreeBSDcommunityincludesnumerousdevelopers,contributors,anduserswhocareverydeeplyabout FreeBSD’s quality, and they’re happy to work with users who arewilling to do their share of the labor. FreeBSD provides everything youneed:completeaccesstothesourcecodeusedtocreatethesystem,thetoolsneededtoturnthatsourcecodeintoprograms,andthesamedebuggersusedbythedevelopers.Nothingishidden;youcanseetheinnards,wartsandall.YoucanviewFreeBSD’sdevelopmenthistorysincethebeginning,including

everychangeevermadeandthereasonforit.Thesetoolsmightbebeyondyour abilities, but that’s not the Project’s problem. Various communitymembersareevenhappytoprovideguidanceasyoudevelopyourownskillsso you canuse those tools yourself.You’ll have lots ofhelp fulfilling yourresponsibilities.

As a grossly overgeneralized rule, people help those like themselves. Ifyouwant touseFreeBSD, youmustmake the jump fromeatingwhat thevendorgivesyou to learninghowtocook.Everymemberof theFreeBSDuser community learned how to use it, and they welcome interested newuserswithopenarms.Ifyoujustwanttoknowwhattotypewithoutreallyunderstanding what’s going on behind the scenes, you’ll be better offreading the documentation; the general FreeBSD support communitysimplyisn’tmotivatedtohelpthosewhowon’thelpthemselvesorwhocan’tfollowinstructions.

IfyouwanttouseFreeBSDbuthaveneitherthetimenortheinclinationtolearnmore,investinacommercialsupportcontract.ItmightnotbeabletoputyouintouchwithFreeBSD’sowner,butatleastyou’llhavesomeoneto yell at. You’ll find several commercial support providers listed on theFreeBSDwebsite.

It’salsoimportanttorememberthattheFreeBSDProjectmaintainsonlyFreeBSD. If you’re having trouble with some other piece of software, aFreeBSDmailing list isnot theplace to ask forhelp.FreeBSDdevelopersaregenerallyproficientinavarietyofsoftware,butthatdoesn’tmeantheywanttohelpyou,say,configureKDE.

The first part of your homework, then, is to learn about the resourcesavailable beyond this book. These include the integrated manual, theFreeBSDwebsite,themailinglistarchives,andotherwebsites.

ManPagesManpages(shortformanualpages)aretheprimordialwayofpresentingUnixdocumentation. While man pages have a reputation for being obtuse,difficult, or even incomprehensible, they’re actually quite friendly—forparticular users. When man pages were first created, the average systemadministratorwasaCprogrammerand,asaresult, thepageswerewrittenbyprogrammers,forprogrammers.Ifyoucanthinklikeaprogrammer,man

pages are perfect for you. I’ve tried thinking like a programmer, but Iachievedrealsuccessonlyafterremainingawakefortwodaysstraight.(Lotsofcaffeineandahighfeverhelp.)

Over the last several years, the skill level required for systemadministrationhasdropped;nolongermustyoubeaprogrammer.Similarly,man pages have become more and more readable. Man pages are nottutorials,however;theyexplainthebehaviorofoneparticularprogram,nothow to achieve a desired effect. While they’re neither friendly norcomforting,theyshouldbeyourfirstlineofdefense.Ifyousendaquestiontoamailinglistwithoutcheckingthemanual,you’relikelytogetatersemanwhateverinresponse.

ManualSectionsTheFreeBSDmanual is divided intonine sections.Roughly speaking, thesectionsare:

1. Generalusercommands2. Systemcallsanderrornumbers3. Cprogramminglibraries4. Devicesanddevicedrivers5. Fileformats6. Gameinstructions7. Miscellaneousinformation8. Systemmaintenancecommands9. Kernelinterfaces

Each man page starts with the name of the command it documentsfollowed by its section number in parentheses, like this: reboot(8).Whenyouseesomethinginthisformatinotherdocuments,it’stellingyoutoreadthatmanpageinthatsectionofthemanual.Almosteverytopichasamanpage.Forexample,toseethemanpagefortheeditorvi,typethiscommand:

$ man vi

Inresponse,youshouldseethefollowing:

VI(1) FreeBSD General Commands Manual VI(1)

NAME ex, vi, view - text editors

SYNOPSIS ex [-FRrSsv] [-c cmd] [-t tag] [-w size] [file ...] vi [-eFRrS] [-c cmd] [-t tag] [-w size] [file ...] view [-eFrS] [-c cmd] [-t tag] [-w size] [file ...]

DESCRIPTION vi is a screen-oriented text editor. ex is a line-oriented text editor. ex and vi are different interfaces to the same program, and it is possible to switch back and forth during an edit session. view is the equivalent of using the -R (read-only) option of vi.:

Thepagestartswiththetitleofthemanpage(vi)andthesectionnumber(1), and then itgives thenameof thepage.Thisparticularpagehas threenames:ex,vi,andview.Typingman exorman viewwouldtakeyoutothissamepage.

NavigatingManPagesOnceyou’reinamanpage,pressingthespacebarorthePGDNkeytakesyouforwardonefullscreen.Ifyoudon’twanttogothatfar,pressingENTERorthedownarrowscrollsdownone line.Typingborpressing thePGUP keytakesyoubackonescreen.Tosearchwithinamanpage,type/followedbythewordyou’researchingfor.You’ll jumpdowntothefirstappearanceoftheword,whichwillbehighlighted.Typingnsubsequentlytakesyoutothenextoccurrenceoftheword.

Thisassumesthatyou’reusingthedefaultBSDpager,more(1).Ifyou’reusing a different pager, use that pager’s syntax.Of course, if you know somuchaboutUnixthatyou’vealreadysetyourpreferreddefaultpager,you’veprobablyskippedthispartofthebook.

FindingManPagesNewusersoftensaythatthey’dbehappytoreadthemanpagesiftheycouldfind the right one. You can perform basic keyword searches on the manpages with apropos(1) and whatis(1). To search any man page name ordescription that includes the word you specify, use apropos(1). Tomatch

onlywholewords,usewhatis(1).Forexample, ifyou’re interestedinthevicommand,youmighttrythefollowing:

$ apropos viunvis(1) - revert a visual representation of data back to original formvidcontrol(1) - system console control and configuration utilityvis(1) - display non-printable characters in a visual formatmadvise, posix_madvise(2) - give advice about use of memoryposix_fadvise(2) - give advice about use of file data--snip--

Thiscontinuesforatotalof581entries,whichisprobablyfarmorethanyouwanttolookat.Mostofthesehavenothingtodowithvi(1),however;thelettersvi justappearinthenameordescription.Devicedriver isafairlycommon term in themanual, so that’s not surprising.On the other hand,whatis(1)givesmoreusefulresultsinthiscase.

$ whatis vivi, ex, view, nex, nvi, nview(1) - text editors$

Wegetonlyoneresult,clearlywithrelevancetovi(1).Onothersearches,apropos(1) gives better results than whatis(1). Experiment with both andyou’llquicklylearnhowtheyfityourstyle.

Theman -kcommandemulatesapropos(1),whileman -femulateswhatis(1).

SectionNumbersandManYoumight findcaseswhereasinglecommandappears inmultiplepartsofthemanual.Forexample,everymansectionhasan introductorymanpagethatexplainsthecontentsofthesection.Tospecifyasectiontosearchforamanpage,givethenumberimmediatelyafterthemancommand.

$ man 3 intro

Thispullsuptheintroductiontosection3ofthemanual.Irecommendyoureadthe intropagestoeachsectionofthemanual, ifonlytohelpyouunderstandthebreadthanddepthofinformationavailable.

ManPageContentsManpagesaredividedintosections.Whiletheauthorcanputjustaboutany

headingheorshe likes intoamanpage, severalarestandard.Seemdoc(7)forapartiallistoftheseheadingsaswellasothermanpagestandards:

NAMEgivesthename(s)ofaprogramorutility.Someprogramshavemultiple names—for example, the vi(1) text editor is also available asex(1)andview(1).SYNOPSIS lists the possible command line options and theirarguments,orhowalibrarycallisaccessed.IfI’malreadyfamiliarwitha programbut just can’t remember the option I’m looking for, I findthatthisheaderissufficienttoremindmeofwhatIneed.DESCRIPTIONcontainsabriefdescriptionoftheprogram,library,orfeature. The contents of this section vary widely depending on thetopic, as programs, files, and libraries all have very differentdocumentationrequirements.OPTIONSgivesaprogram’scommandlineoptionsandtheireffects.BUGSdescribesknownproblemswiththecodeandcanfrequentlysavealotofheadaches.Howmanytimeshaveyouwrestledwithacomputerproblemonlytolearnthatitdoesn’tworkthewayyou’dexpectunderthosecircumstances?ThegoaloftheBUGSsectionistosaveyoutimebydescribingknownerrorsandotherweirdnesses.1

EXAMPLES gives sample uses of the program. Many programs areverycomplicated,andacouplesamplesofhowthey’reusedclarifymorethananylistofoptionspossiblycan.HISTORYshowswhenthecommandorcodewasaddedtothesystemand,ifitisnotoriginaltoFreeBSD,whereitwasdrawnfrom.SEEALSO is traditionally the last sectionof amanpage.Rememberthat Unix is like a language and the system is an interrelated whole.Likeducttape,theSEEALSOlinksholdeverythingtogether.

If you don’t have access to the manual pages at the moment, manywebsitesofferthem.AmongthemisthemainFreeBSDwebsite.

FreeBSD.orgThe FreeBSD website (http://www.freebsd.org/) contains a variety ofinformation about general FreeBSD administration, installation, and

http://www.freebsd.org/

management.ThemostusefulportionsaretheHandbook,theFAQ,andthemailinglistarchives,butyou’llalsofindawidenumberofarticlesondozensoftopics.InadditiontodocumentsaboutFreeBSD,thewebsitecontainsagreatdealofinformationabouttheFreeBSDProject’sinternalmanagementandthestatusofvariouspartsoftheProject.

WebDocumentsThe FreeBSD documentation is divided into articles and books. Thedifference between the two is highly arbitrary: as a rule, books are longerthanarticlesandcoverbroadertopics,whilearticlesareshortandfocusonasingle topic. The two books that should most interest new users are theHandbookandtheFrequentlyAskedQuestions(FAQ).

The Handbook is the FreeBSD Project’s tutorial-style manual. It iscontinuouslyupdated,describeshowtoperformbasicsystemtasks,andisanexcellentreferencewhenyou’re first startingaproject. IdeliberatelychosenottoincludesometopicsinthisbookbecausetheyhaveadequatecoverageintheHandbook.

The FAQ is designed to provide quick answers to the questions mostfrequentlyaskedon theFreeBSDmailing lists.Someof theanswersaren’tsuitableforinclusionintheHandbook,whileothersjustpointtotheproperHandbookchapterorarticle.

Several other books cover a variety of topics, such as The FreeBSDDevelopers’ Handbook, The Porter’s Handbook, and The FreeBSDArchitectureHandbook.

Ofthe50orsoarticlesavailable,somearekeptonlyforhistoricalreasons(such as the original BSD 4.4 documentation), while others discuss thesubtleties of specific parts of the system, such as serial ports or buildingfilteringbridges.

On the other hand, the official documentation is also pruned. TheHandbook and FAQ cover the current FreeBSD releases, and thedocumentationteammercilesslyprunesobsoleteinformation.IfyouwanttoknowexactlywhatworkswithcurrentFreeBSD,gototheHandbook.

Thesedocumentsareveryformal,andtheyrequirepreparation.Assuch,theyalwayslagabitbehindtherealworld.Whenanewfeatureisfirstrolledout,theappropriateHandbookentrymightnotappearforweeksormonths.

If thewebdocumentationseemsoutofdate,yourbest resource forup-to-the-minuteanswersisthemailinglistarchive.

TheMailingListArchivesUnlessyou’rereallyonthebleedingedge,someonehasprobablystruggledwithyourproblembeforeandpostedaquestionaboutittothemailinglists.Afterall,thearchivesgobackto1994andcontainmillionsofmessages.Theonlyproblemisthattherearemillionsofpiecesofemail,anyoneofwhichmightcontaintheansweryouseek.WhiletheFreeBSD.orgwebsitehasitsown search engine, you can also use any other search engine that indexeshttps://lists.FreeBSD.org/.

Whenreviewingthemailinglistarchives,besuretocheckthedate.Themailinglist isforever.Adiscussionofhardwareproblemsfrom1995mighthelp you feel that you’re part of a long history of sysadmins that havestruggledwithcruddymainboards,2butitprobablywon’thelpyousolvetheissue with your brand new server. These ancient messages are basicallyundeaddocumentation,risingfromthegravetogiveyoufalsehope.They’repartoftheProject’shistory,though,andwon’tbepurged.

TheForumsLike many other open source projects, FreeBSD has an online forum,https://forums.FreeBSD.org/.Aforumismuchlikeamailinglistdesignedfortheweb,exceptthatquiteafewofusoldgeezersdon’tmuchcareforthem.You can find many good discussions and instructions on the forums,however,andthey’reavaluableinformationsource.

Manypeople have also posted lengthy tutorials on the forums.Forum-basedtutorialsshouldproperlygointheHandbookoranofficialarticle,butnobody’sdonetheworktomovethemoveryet.Readthediscussionaboutsuch tutorials before following them;peoplewill oftenpoint out errors orexceptions, or comment that the whole tutorial is obsolete with a newerversion of FreeBSD. If you want to get involved in FreeBSD, convertingthesetutorialsintoofficialdocumentationwouldbeagreatplacetostart.

Theforumshave lessofaproblemwithtrulyold information,butonlybecause they became official in 2009.When the forums reach a quarter-century old, they’ll have the same amount of undeaddocuments.By then,

https://lists.FreeBSD.org/https://forums.FreeBSD.org/

though,anevenmorewhiz-bangdiscussionsystemwillhavecomealong—or maybe, just maybe, we’ll have a better way of indexing and retrievingusefulinformationfromonlinediscussions.

OtherWebsitesFreeBSD’susershavebuiltaplethoraofwebsitesthatyoumightcheckforanswers, help, education, products, and general hobnobbing.Almost everyaggregation site such as lobste.rs andReddit has aFreeBSD section,whereyoucangetlinkstonewpostsandarticles.Followingthoselinkstakesyoutoa whole world of blogs. Also, many hosting companies include extensiveFreeBSD tutorials. While these are meant for the company’s customers,they’remostoftenperfectlyusefulforeveryone.

One of the m