[system-administrators-guide] Update chapter for Fedora 20
by stephenw
commit 2b9972ef9f282e79aaed1122ded7be0cd4337e7c
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Wed Dec 3 23:44:37 2014 +0100
Update chapter for Fedora 20
changes to remove outdated GUI description and screenshots
en-US/Managing_Users_and_Groups.xml | 559 +++++++----------------------------
1 files changed, 104 insertions(+), 455 deletions(-)
---
diff --git a/en-US/Managing_Users_and_Groups.xml b/en-US/Managing_Users_and_Groups.xml
index cfafab9..d4ad691 100644
--- a/en-US/Managing_Users_and_Groups.xml
+++ b/en-US/Managing_Users_and_Groups.xml
@@ -31,7 +31,7 @@
Each user is associated with a unique numerical identification number called a <firstterm>user ID</firstterm> (<acronym>UID</acronym>). Likewise, each group is associated with a <firstterm>group ID</firstterm> (<acronym>GID</acronym>). A user who creates a file is also the owner and group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The file owner can be changed only by <systemitem class="username">root</systemitem>, and access permissions can be changed by both the <systemitem class="username">root</systemitem> user and file owner.
</para>
<para>
- Additionally, &MAJOROS; supports <firstterm>access control lists</firstterm> (<acronym>ACLs</acronym>) for files and directories which allow permissions for specific users outside of the owner to be set. See For more information about this feature, refer to the <ulink url="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage..."><citetitle pubwork="chapter">Access Control Lists</citetitle></ulink> chapter of the <ulink url="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage..."><citetitle pubwork="book">Storage Administration Guide</citetitle></ulink>.
+ Additionally, &MAJOROS; supports <firstterm>access control lists</firstterm> (<acronym>ACLs</acronym>) for files and directories which allow permissions for specific users outside of the owner to be set. For more information about this feature, see the <ulink url="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/..."><citetitle pubwork="chapter">Access Control Lists</citetitle></ulink> chapter of the <ulink url="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/..."><citetitle pubwork="book">Storage Administration Guide</citetitle></ulink>.
</para>
<section id="s2-users-groups-private-groups">
<title>User Private Groups</title>
@@ -74,7 +74,7 @@
<secondary>overview of</secondary>
</indexterm>
<para>
- Especially in environments with multiple users, it is very important to use <firstterm>shadow passwords</firstterm> provided by the <package>shadow-utils</package> package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default.
+ In environments with multiple users, it is very important to use <firstterm>shadow passwords</firstterm> provided by the <package>shadow-utils</package> package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default.
</para>
<para>
The following is a list of the advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems:
@@ -123,160 +123,6 @@
</itemizedlist>
</section>
</section>
- <section id="sect-Managing_Users_and_Groups-User_Accounts">
- <title>Using the User Accounts Tool</title>
- <indexterm>
- <primary>users</primary>
- <see>user configuration</see>
- </indexterm>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>viewing list of users</secondary>
- </indexterm>
- <indexterm>
- <primary><application>User Accounts</application></primary>
- <see>user configuration</see>
- </indexterm>
- <para>
- The <application>User Accounts</application> configuration tool allows you to view, modify, add, and delete local users. To run the tool, select <menuchoice><guimenu>Applications</guimenu><guisubmenu>System Tools</guisubmenu><guimenuitem>System Settings</guimenuitem></menuchoice> from the <guimenu>Activities</guimenu> menu and click the <guimenu>User Accounts</guimenu> icon.
- </para>
- <figure id="fig-Managing_Users_and_Groups-User_Accounts">
- <title>The User Accounts configuration tool</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-accounts.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- The User Accounts configuration tool
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- By default, the tool only allows you to change certain settings regarding your account. This is because only the <systemitem class="username">root</systemitem> user is allowed to configure users and groups. To unlock the configuration tool for all kinds of changes, click the <guibutton>Unlock</guibutton> button in the top-right corner of the window, and provide the correct password when prompted.
- </para>
- <section id="sect-Managing_Users_and_Groups-User_Accounts-Configuring_an_Account">
- <title>Configuring an Account</title>
- <para>
- To change the image associated with an account, click the icon next to the account name and either select a picture from the pulldown list, or click <guimenuitem>Browse for more pictures...</guimenuitem> to use an image from your local drive.
- </para>
- <para>
- To change the name associated with an account, click the name next to the icon to edit it.
- </para>
- <para>
- To change the account type, click the text next to the <guimenu>Account type</guimenu> label. Note that this change requires the configuration tool to be unlocked even if you are changing your own account.
- </para>
- <para>
- To change the default language for an account, click the text next to the <guilabel>Language</guilabel> label and select a language from the list.
- </para>
- <para>
- To change the password, click the field next to the <guilabel>Password</guilabel> label. A dialog box appears, allowing you to set the new password. Note that the current password must be provided in order to confirm the change. Once done, click the <guibutton>Change</guibutton> button to save the change.
- </para>
- <figure id="fig-Managing_Users_and_Groups-User_Accounts-Changing_Password">
- <title>Changing the password</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-accounts-password-change.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Changing the password
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <note>
- <title>Password security advice</title>
- <para>
- It is advisable to use a much longer password, as this makes it more difficult for an intruder to guess it and access the account without permission. It is also recommended that the password not be based on a dictionary term: use a combination of letters, numbers and special characters.
- </para>
- </note>
- <para>
- Finally, to set up automatic login for a particular account, enable the <guilabel>Automatic Login</guilabel> switch. The configuration tool must be unlocked to make this change.
- </para>
- </section>
- <section id="sect-Managing_Users_and_Groups-User_Accounts-Adding_a_New_User">
- <title>Adding a New User</title>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>adding users</secondary>
- </indexterm>
- <para>
- To add a new user, make sure the configuration tool is unlocked, and click the <guibutton>+</guibutton> button (that is, the plus sign) below the account list. A dialog window appears, allowing you to supply user details.
- </para>
- <figure id="fig-Managing_Users_and_Groups-User_Accounts-Adding_an_Account">
- <title>Creating a new account</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-accounts-create.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Creating a new account
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- Take the following steps to create an account:
- </para>
- <procedure>
- <step>
- <para>
- Select an account type from the <guimenu>Account type</guimenu> pulldown list. Available account types are <option>Administrator</option> and <option>Standard</option> (the default option).
- </para>
- </step>
- <step>
- <para>
- Fill in the <guilabel>Full name</guilabel> input field to set the name associated with the account. This name will be used by the login manager, and will be displayed on the panel.
- </para>
- </step>
- <step>
- <para>
- Either select a suggested username from the <guilabel>Username</guilabel> pulldown list, or fill in the corresponding input field.
- </para>
- </step>
- <step>
- <para>
- Click the <guibutton>Create</guibutton> button to confirm the settings.
- </para>
- </step>
- </procedure>
- <para>
- &MAJOROS; uses a <firstterm>user private group</firstterm> (UPG) scheme. The UPG scheme does not add or change anything in the standard UNIX way of handling groups; it offers a new convention. Whenever you create a new user, a unique group with the same name as the user is created.
- </para>
- <para>
- When a new account is created, default configuration files are copied from the <filename class="directory">/etc/skel/</filename> directory into the new home directory.
- </para>
- </section>
- <section id="sect-Managing_Users_and_Groups-User_Accounts-Removing_a_User">
- <title>Removing a User</title>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>removing users</secondary>
- </indexterm>
- <para>
- To remove a user, make sure the configuration tool is unlocked, select the desired account from the account list, and click the <guibutton>−</guibutton> button (that is, the minus sign) below the account list. A dialog window appears, allowing you to confirm or cancel the change.
- </para>
- <figure id="fig-Managing_Users_and_Groups-User_Accounts-Removing_an_Account">
- <title>Removing an account</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-accounts-remove.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Removing an account
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- To delete files and directories that belong to the user (that is, the home directory, mail spool, and temporary files), click the <guibutton>Delete Files</guibutton> button. To keep these files intact and only delete the user account, click <guibutton>Keep Files</guibutton>. To abort the deletion, click <guibutton>Cancel</guibutton>.
- </para>
- </section>
- </section>
<section id="s1-users-configui">
<title>Using the User Manager Tool</title>
<indexterm>
@@ -304,211 +150,19 @@
<see>user configuration</see>
</indexterm>
<para>
- The <application>User Manager</application> application allows you to view, modify, add, and delete local users and groups in the graphical user interface. To start the application, either select <menuchoice><guimenu>Applications</guimenu><guisubmenu>Other</guisubmenu><guimenuitem>Users and Groups</guimenuitem></menuchoice> from the <guimenu>Activities</guimenu> menu, or type <command>system-config-users</command> at a shell prompt. Note that unless you have superuser privileges, the application will prompt you to authenticate as <systemitem class="username">root</systemitem>.
- </para>
+ The <application>User</application> utility allows you to view, modify, add, and delete local users in the graphical user interface.</para>
<section id="s2-redhat-config-users-list">
<title>Viewing Users and Groups</title>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>filtering list of users</secondary>
- </indexterm>
- <indexterm>
- <primary>group configuration</primary>
- <secondary>filtering list of groups</secondary>
- </indexterm>
- <para>
- The main window of the <application>User Manager</application> is divided into two tabs: The <guilabel>Users</guilabel> tab provides a list of local users along with additional information about their user ID, primary group, home directory, login shell, and full name. The <guilabel>Groups</guilabel> tab provides a list of local groups with information about their group ID and group members.
- </para>
- <figure id="fig-Users_Groups-User_Manager">
- <title>Viewing users and groups</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-manager.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Viewing users and groups
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- To find a specific user or group, type the first few letters of the name in the <guilabel>Search filter</guilabel> field and either press <keycap>Enter</keycap>, or click the <guibutton>Apply filter</guibutton> button. You can also sort the items according to any of the available columns by clicking the column header.
- </para>
- <para>
- &MAJOROS; reserves user and group IDs below 1000 for system users and groups. By default, the <application>User Manager</application> does not display the system users. To view all users and groups, select <menuchoice><guimenu>Edit</guimenu><guimenuitem>Preferences</guimenuitem></menuchoice> to open the <guilabel>Preferences</guilabel> dialog box, and clear the <guilabel>Hide system users and groups</guilabel> check box.
- </para>
- </section>
- <section id="s2-redhat-config-users-user-new">
- <title>Adding a New User</title>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>adding users</secondary>
- </indexterm>
- <para>
- To add a new user, click the <guibutton>Add User</guibutton> button. A window as shown in <xref linkend="user-new-fig" /> appears.
- </para>
- <figure id="user-new-fig">
- <title>Adding a new user</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-manager-add-user.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Adding a new user
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- The <guilabel>Add New User</guilabel> dialog box allows you to provide information about the newly created user. In order to create a user, enter the username and full name in the appropriate fields and then type the user's password in the <guilabel>Password</guilabel> and <guilabel>Confirm Password</guilabel> fields. The password must be at least six characters long.
- </para>
- <note>
- <title>Password security advice</title>
- <para>
- It is advisable to use a much longer password, as this makes it more difficult for an intruder to guess it and access the account without permission. It is also recommended that the password not be based on a dictionary term: use a combination of letters, numbers and special characters.
- </para>
- </note>
- <para>
- The <guilabel>Login Shell</guilabel> pulldown list allows you to select a login shell for the user. If you are not sure which shell to select, accept the default value of <guimenuitem>/bin/bash</guimenuitem>.
- </para>
- <para>
- By default, the <application>User Manager</application> application creates the home directory for a new user in <filename class="directory">/home/<replaceable>username</replaceable>/</filename>. You can choose not to create the home directory by clearing the <guilabel>Create home directory</guilabel> check box, or change this directory by editing the content of the <guilabel>Home Directory</guilabel> text box. Note that when the home directory is created, default configuration files are copied into it from the <filename class="directory">/etc/skel/</filename> directory.
- </para>
- <para>
- &MAJOROS; uses a user private group (UPG) scheme. Whenever you create a new user, a unique group with the same name as the user is created by default. If you do not want to create this group, clear the <guilabel>Create a private group for the user</guilabel> check box.
- </para>
- <para>
- To specify a user ID for the user, select <guilabel>Specify user ID manually</guilabel>. If the option is not selected, the next available user ID above 1000 is assigned to the new user. Because &MAJOROS; reserves user IDs below 1000 for system users, it is not advisable to manually assign user IDs 1–999.
- </para>
- <para>
- Clicking the <guibutton>OK</guibutton> button creates the new user. To configure more advanced user properties, such as password expiration, modify the user's properties after adding the user.
- </para>
- </section>
- <section id="s2-redhat-config-users-group-new">
- <title>Adding a New Group</title>
- <indexterm>
- <primary>group configuration</primary>
- <secondary>adding groups</secondary>
- </indexterm>
- <para>
- To add a new user group, select <guibutton>Add Group</guibutton> from the toolbar. A window similar to <xref linkend="group-new-fig" /> appears. Type the name of the new group. To specify a group ID for the new group, select <guilabel>Specify group ID manually</guilabel> and select the GID. Note that &MAJOROS; also reserves group IDs lower than 1000 for system groups.
- </para>
- <figure id="group-new-fig">
- <title>New Group</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-manager-add-group.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Creating a new group
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- Click <guibutton>OK</guibutton> to create the group. The new group appears in the group list.
- </para>
- </section>
- <section id="s2-redhat-config-users-user-properties">
- <title>Modifying User Properties</title>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>modifying users</secondary>
- </indexterm>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>modify groups for a user</secondary>
- </indexterm>
- <para>
- To view the properties of an existing user, click on the <guilabel>Users</guilabel> tab, select the user from the user list, and click <guimenuitem>Properties</guimenuitem> from the menu (or choose <menuchoice><guimenu>File</guimenu><guimenuitem>Properties</guimenuitem></menuchoice> from the pulldown menu). A window similar to <xref linkend="user-properties-fig" /> appears.
- </para>
- <figure id="user-properties-fig">
- <title>User Properties</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-manager-edit-user.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Modifying user properties
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <para>
- The <guilabel>User Properties</guilabel> window is divided into multiple tabbed pages:
- </para>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>changing password</secondary>
- </indexterm>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>changing login shell</secondary>
- </indexterm>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>changing full name</secondary>
- </indexterm>
- <indexterm>
- <primary>user configuration</primary>
- <secondary>changing home directory</secondary>
- </indexterm>
- <itemizedlist>
- <listitem>
- <para>
- <guilabel>User Data</guilabel> — Shows the basic user information configured when you added the user. Use this tab to change the user's full name, password, home directory, or login shell.
- </para>
- </listitem>
- <listitem>
- <para>
- <guilabel>Account Info</guilabel> — Select <guilabel>Enable account expiration</guilabel> if you want the account to expire on a certain date. Enter the date in the provided fields. Select <guilabel>Local password is locked</guilabel> to lock the user account and prevent the user from logging into the system.
- </para>
- </listitem>
- <listitem>
- <para>
- <guilabel>Password Info</guilabel> — Displays the date that the user's password last changed. To force the user to change passwords after a certain number of days, select <guilabel>Enable password expiration</guilabel> and enter a desired value in the <guilabel>Days before change required:</guilabel> field. The number of days before the user's password expires, the number of days before the user is warned to change passwords, and days before the account becomes inactive can also be changed.
- </para>
- </listitem>
- <listitem>
- <para>
- <guilabel>Groups</guilabel> — Allows you to view and configure the Primary Group of the user, as well as other groups that you want the user to be a member of.
- </para>
- </listitem>
- </itemizedlist>
- </section>
- <section id="s2-redhat-config-users-group-properties">
- <title>Modifying Group Properties</title>
- <indexterm>
- <primary>group configuration</primary>
- <secondary>modifying group properties</secondary>
- </indexterm>
- <para>
- To view the properties of an existing group, select the group from the group list and click <guimenuitem>Properties</guimenuitem> from the menu (or choose <menuchoice><guimenu>File</guimenu><guimenuitem>Properties</guimenuitem></menuchoice> from the pulldown menu). A window similar to <xref linkend="group-properties-fig" /> appears.
- </para>
- <figure id="group-properties-fig">
- <title>Group Properties</title>
- <mediaobject>
- <imageobject>
- <imagedata fileref="images/user-manager-edit-group.png" format="PNG" scalefit="0" />
- </imageobject>
- <textobject>
- <para>
- Modifying group properties
- </para>
- </textobject>
- </mediaobject>
- </figure>
- <indexterm>
- <primary>group configuration</primary>
- <secondary>modify users in groups</secondary>
- </indexterm>
- <para>
- The <guilabel>Group Users</guilabel> tab displays which users are members of the group. Use this tab to add or remove users from the group. Click <guibutton>OK</guibutton> to save your changes.
- </para>
+
+<!-- changes to remove outdated GUI description and screenshots -->
+<para>Press the <keycap>Super</keycap> key to enter the Activities Overview, type <command>Users</command> and then press <keycap>Enter</keycap>. The <application>Users</application> utility appears. The <keycap>Super</keycap> key appears in a variety of guises, depending on the keyboard and other hardware, but often as either the Windows or Command key, and typically to the left of the Spacebar.</para>
+
+<para>
+ To make changes to the user accounts first select the <guibutton>Unlock</guibutton> button and authenticate yourself as indicated by the dialog box that appears. Note that unless you have superuser privileges, the application will prompt you to authenticate as <systemitem class="username">root</systemitem>. To add and remove users select the <guibutton>+</guibutton> and <guibutton>-</guibutton> button respectively. To edit a users language setting, select the language and a drop-down menu appears.
+</para>
+
+
+
</section>
</section>
<section id="s1-users-tools">
@@ -534,7 +188,7 @@
<tertiary><command>groupadd</command></tertiary>
</indexterm>
<para>
- The easiest say to manage users and groups on &MAJOROS; is to use the <application>User Manager</application> application as described in <xref linkend="s1-users-configui" />. However, if you prefer command line tools or do not have the X Window System installed, you can use command line utilities that are listed in <xref linkend="table-users-tools" />.
+ The easiest way to manage users and groups on &MAJOROS; is to use the <application>User Manager</application> application as described in <xref linkend="s1-users-configui" />. However, if you prefer command line tools or do not have the X Window System installed, you can use command line utilities that are listed in <xref linkend="table-users-tools" />.
</para>
<table id="table-users-tools">
<title>Command line utilities for managing users and groups</title>
@@ -763,14 +417,14 @@
<para>
A new line for <systemitem class="username">juan</systemitem> is created in <filename>/etc/passwd</filename>:
</para>
- <programlisting>juan:x:501:501::/home/juan:/bin/bash</programlisting>
+ <programlisting>juan:x:1001:1001::/home/juan:/bin/bash</programlisting>
<para>
The line has the following characteristics:
</para>
<itemizedlist>
<listitem>
<para>
- It begins with the username <systemitem class="username">juan</systemitem>.
+ It begins with the user name <systemitem class="username">juan</systemitem>.
</para>
</listitem>
<listitem>
@@ -790,7 +444,7 @@
</listitem>
<listitem>
<para>
- The optional <firstterm>GECOS</firstterm> information is left blank.
+ The optional <firstterm>GECOS</firstterm> information is left blank. The GECOS field can be used to provide additional information about the user, such as their full name or phone number.
</para>
</listitem>
<listitem>
@@ -841,9 +495,9 @@
<para>
A new line for a group named <systemitem class="groupname">juan</systemitem> is created in <filename>/etc/group</filename>:
</para>
- <programlisting>juan:x:501:</programlisting>
+ <programlisting>juan:x:1001:</programlisting>
<para>
- A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, refer to <xref linkend="s2-users-groups-private-groups" />.
+ A group with the same name as a user is called a <firstterm>user private group</firstterm>. For more information on user private groups, see <xref linkend="s2-users-groups-private-groups" />.
</para>
<para>
The line created in <filename>/etc/group</filename> has the following characteristics:
@@ -1266,7 +920,7 @@ autodetach off</programlisting>
<para>
At this point, all members of the <systemitem class="groupname">myproject</systemitem> group can create and edit files in the <filename class="directory">/opt/myproject/</filename> directory without the administrator having to change file permissions every time users write new files. To verify that the permissions have been set correctly, run the following command:
</para>
- <screen>~]# <command>ls -l /opt</command>
+ <screen>~]# <command>ls -l /opt</command>
total 4
drwxrwsr-x. 3 root myproject 4096 Mar 3 18:31 myproject</screen>
</section>
@@ -1282,10 +936,9 @@ drwxrwsr-x. 3 root myproject 4096 Mar 3 18:31 myproject</screen>
<secondary>additional resources</secondary>
</indexterm>
<para>
- See the following resources for more information about managing users and groups.
+ For more information on how to manage users and groups on Fedora, see the resources listed below.
</para>
- <section id="s2-users-groups-documentation">
- <title>Installed Documentation</title>
+ <bridgehead id="sect-Users_and_Groups-Resources-Installed">Installed Documentation</bridgehead>
<indexterm>
<primary>groups</primary>
<secondary>additional resources</secondary>
@@ -1296,91 +949,87 @@ drwxrwsr-x. 3 root myproject 4096 Mar 3 18:31 myproject</screen>
<secondary>additional resources</secondary>
<tertiary>installed documentation</tertiary>
</indexterm>
- <para>
- For information about various utilities for managing users and groups, refer to the following manual pages:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <emphasis role="bold">chage</emphasis>(1) — A command to modify password aging policies and account expiration.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">gpasswd</emphasis>(1) — A command to administer the <filename>/etc/group</filename> file.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">groupadd</emphasis>(8) — A command to add groups.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">grpck</emphasis>(8) — A command to verify the <filename>/etc/group</filename> file.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">groupdel</emphasis>(8) — A command to remove groups.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">groupmod</emphasis>(8) — A command to modify group membership.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">pwck</emphasis>(8) — A command to verify the <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> files.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">pwconv</emphasis>(8) — A tool to convert standard passwords to shadow passwords.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">pwunconv</emphasis>(8) — A tool to convert shadow passwords to standard passwords.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">useradd</emphasis>(8) — A command to add users.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">userdel</emphasis>(8) — A command to remove users.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">usermod</emphasis>(8) — A command to modify users.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- For information about related configuration files, see:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- <emphasis role="bold">group</emphasis>(5) — The file containing group information for the system.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">passwd</emphasis>(5) — The file containing user information for the system.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">shadow</emphasis>(5) — The file containing passwords and account expiration information for the system.
- </para>
- </listitem>
- </itemizedlist>
- </section>
+ <para>
+ For information about various utilities for managing users and groups, see the following manual pages:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <systemitem>useradd</systemitem>(8) — The manual page for the <command>useradd</command> command documents how to use it to create new users.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>userdel</systemitem>(8) — The manual page for the <command>userdel</command> command documents how to use it to delete users.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>usermod</systemitem>(8) — The manual page for the <command>usermod</command> command documents how to use it to modify users.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>groupadd</systemitem>(8) — The manual page for the <command>groupadd</command> command documents how to use it to create new groups.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>groupdel</systemitem>(8) — The manual page for the <command>groupdel</command> command documents how to use it to delete groups.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>groupmod</systemitem>(8) — The manual page for the <command>groupmod</command> command documents how to use it to modify group membership.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>gpasswd</systemitem>(1) — The manual page for the <command>gpasswd</command> command documents how to manage the <filename>/etc/group</filename> file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>grpck</systemitem>(8) — The manual page for the <command>grpck</command> command documents how to use it to verify the integrity of the <filename>/etc/group</filename> file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>pwck</systemitem>(8) — The manual page for the <command>pwck</command> command documents how to use it to verify the integrity of the <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> files.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>pwconv</systemitem>(8) — The manual page for the <command>pwconv</command> command documents how to use it to convert standard passwords to shadow passwords.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>pwunconv</systemitem>(8) — The manual page for the <command>pwunconv</command> command documents how to use it to convert shadow passwords to standard passwords.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ For information about related configuration files, see:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <systemitem>group</systemitem>(5) — The manual page for the <filename>/etc/group</filename> file documents how to use this file to define system groups.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>passwd</systemitem>(5) — The manual page for the <filename>/etc/passwd</filename> file documents how to use this file to define user information.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <systemitem>shadow</systemitem>(5) — The manual page for the <filename>/etc/shadow</filename> file documents how to use this file to set passwords and account expiration information for the system.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+
</section>
</chapter>
9 years, 5 months
[install-guide/f21-branch] Small fixes in NetworkSpoke
by pbokoc
commit 6c83cc7d59a1a1803efc609b7c9a377b6b0a7e8a
Author: Petr Bokoc <pbokoc(a)redhat.com>
Date: Wed Dec 3 14:52:01 2014 +0100
Small fixes in NetworkSpoke
en-US/NetworkSpoke_EditConnection.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/NetworkSpoke_EditConnection.xml b/en-US/NetworkSpoke_EditConnection.xml
index bddf74d..c260489 100644
--- a/en-US/NetworkSpoke_EditConnection.xml
+++ b/en-US/NetworkSpoke_EditConnection.xml
@@ -22,7 +22,7 @@
In the <guilabel>General</guilabel> tab of the configuration dialog, you can select or unselect the <guilabel>Automatically connect to this network when it is available</guilabel> check box to allow or disallow this connection to connect by default. When enabled on a wired connection, this means the system will typically connect during startup (unless you unplug the network cable); on a wireless connection, it means that the interface will attempt to connect to any known wireless networks in range.
</para>
<para>
- Additionally, you can allow or disallow all users on the system from connecting to this network using the <guilabel>All users may connect to this network</guilabel> tab. If you disable this option, only <systemitem class="username">root</systemitem> will be able to connect to this network.
+ Additionally, you can allow or disallow all users on the system from connecting to this network using the <guilabel>All users may connect to this network</guilabel> option. If you disable this option, only <systemitem class="username">root</systemitem> will be able to connect to this network.
</para>
<note>
<para>
@@ -35,7 +35,7 @@
<term>Set up static IPv4 or IPv6 settings</term>
<listitem>
<para>
- By default, both <systemitem class="protocol">IPv4</systemitem> and <systemitem class="protocol">IPv6</systemitem> are set to automatic configuration depending on current network settings. This means that addresses such as the local IP address, DNS address, and other settings will be detected automatically each time the interface connects to a network. In many cases, this is sufficient, but you can also provide static configuration in the <guilabel>IPv4 Settings</guilabel> and <guilabel>IPv6</guilabel> settings, respectively.
+ By default, both <systemitem class="protocol">IPv4</systemitem> and <systemitem class="protocol">IPv6</systemitem> are set to automatic configuration depending on current network settings. This means that addresses such as the local IP address, DNS address, and other settings will be detected automatically each time the interface connects to a network. In many cases, this is sufficient, but you can also provide static configuration in the <guilabel>IPv4 Settings</guilabel> and <guilabel>IPv6 Settings</guilabel>, respectively.
</para>
<para>
To set static network configuration, navigate to one of the settings tabs and select a method other than <guilabel>Automatic</guilabel> (for example, <guilabel>Manual</guilabel>) from the <guilabel>Method</guilabel> drop-down menu. This will enable the <guilabel>Addresses</guilabel> field below.
9 years, 5 months
[system-administrators-guide] markup and article usage
by stephenw
commit 743e5a86b7fc891d441711f175d85aab3ddb6eed
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Mon Dec 1 23:07:04 2014 +0100
markup and article usage
en-US/The_Apache_HTTP_Server.xml | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 87cc712..f77adec 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -319,11 +319,11 @@ ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.ta
<para>
To stop the running <systemitem class="service">httpd</systemitem> service, type the following at a shell prompt as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>systemctl stop httpd.service</command></screen>
+ <screen>~]# <command>systemctl stop httpd.service</command></screen>
<para>
- To prevent the service from starting automatically at the boot time, type:
+ To prevent the service from starting automatically at boot time, type:
</para>
- <screen>~]# <command>systemctl disable httpd.service</command>
+ <screen>~]# <command>systemctl disable httpd.service</command>
rm '/etc/systemd/system/multi-user.target.wants/httpd.service'</screen>
</section>
<section id="s3-apache-running-restarting">
9 years, 5 months
[system-administrators-guide] Update the resources section to new style
by stephenw
commit f7fe3f2860da9b622cba7d678fabac787482be39
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Mon Dec 1 22:54:22 2014 +0100
Update the resources section to new style
en-US/The_Apache_HTTP_Server.xml | 93 +++++++++++++++-----------------------
1 files changed, 37 insertions(+), 56 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index fe684eb..87cc712 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -101,7 +101,7 @@ Some additional configuration files are provided by the <package>httpd</package>
<term>Default Configuration</term>
<listitem>
<para>
-A minimal <filename>httpd.conf</filename> file is now provided by default. Many common configuration settings, such as <literal>Timeout</literal> or <literal>KeepAlive</literal> are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See <xref linkend="s3-apache-resources-installed" /> for more information.
+A minimal <filename>httpd.conf</filename> file is now provided by default. Many common configuration settings, such as <literal>Timeout</literal> or <literal>KeepAlive</literal> are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See <xref linkend="bh-The_Apache_HTTP_Server-Installable_Documentation" /> for more information.
</para>
</listitem>
</varlistentry>
@@ -4220,95 +4220,76 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
<para>
To learn more about the Apache HTTP Server, see the following resources.
</para>
- <section id="s3-apache-resources-installed">
- <title>Installed Documentation</title>
+
+ <bridgehead
+ id="bh-The_Apache_HTTP_Server-Installed_Documentation">Installed Documentation</bridgehead>
<indexterm>
<primary><application>Apache HTTP Server</application></primary>
<secondary>additional resources</secondary>
<tertiary>installed documentation</tertiary>
</indexterm>
- <variablelist>
- <varlistentry>
- <term><ulink url="http://localhost/manual/" /></term>
+ <itemizedlist>
<listitem>
<para>
- The official documentation for the Apache HTTP Server with the full description of its directives and available modules. Note that in order to access this documentation, you must have the <package>httpd-manual</package> package installed, and the web server must be running.
+ <filename>httpd(8)</filename> — The manual page for the <systemitem class="service">httpd</systemitem> service containing the complete list of its command-line options.
</para>
</listitem>
- </varlistentry>
- <varlistentry>
- <term><filename>/usr/share/doc/httpd/</filename></term>
<listitem>
<para>
- The directory containing a number of example configurations files.
+ <filename>genkey(1)</filename> — The manual page for <command>genkey</command> utility, provided by the <package>crypto-utils</package> package.
</para>
</listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>man httpd</command>
- </term>
<listitem>
<para>
- The manual page for the <systemitem class="service">httpd</systemitem> service containing the complete list of its command line options.
+ <filename>apachectl(8)</filename> — The manual page for the Apache HTTP Server Control Interface.
</para>
</listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>man apachectl</command>
- </term>
- <listitem>
- <para>
- The manual page for the Apache HTTP Server Control Interface.
+ </itemizedlist>
+
+ <bridgehead
+ id="bh-The_Apache_HTTP_Server-Installable_Documentation">Installable Documentation</bridgehead>
+ <indexterm>
+ <primary>
+ <application>Apache HTTP Server</application>
+ </primary>
+ <secondary>additional resources</secondary>
+ <tertiary>installable documentation</tertiary>
+ </indexterm>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <ulink url="http://localhost/manual/"/> — The official documentation for the Apache HTTP Server with the full description of its directives and available modules. Note that in order to access this documentation, you must have the <package>httpd-manual</package> package installed, and the web server must be running.
</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <command>man genkey</command>
- </term>
- <listitem>
<para>
- The manual page for <command>genkey</command> containing the full documentation on its usage.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </section>
- <section id="s3-apache-resources-web">
- <title>Useful Websites</title>
+ Before accessing the documentation, issue the following commands as <systemitem class="username">root</systemitem>:</para>
+ <screen>~]# <command>yum install httpd-manual</command>
+~]# <command>apachectl graceful</command></screen>
+ </listitem>
+ </itemizedlist>
+
+ <bridgehead
+ id="bh-The_Apache_HTTP_Server-Online_Documentation">Online Documentation</bridgehead>
<indexterm>
<primary><application>Apache HTTP Server</application></primary>
<secondary>additional resources</secondary>
<tertiary>useful websites</tertiary>
</indexterm>
- <variablelist>
- <varlistentry>
- <term><ulink url="http://httpd.apache.org/" /></term>
- <listitem>
+ <itemizedlist>
+ <listitem>
<para>
- The official website for the Apache HTTP Server with documentation on all the directives and default modules.
+ <ulink url="http://httpd.apache.org/"/> — The official website for the Apache HTTP Server with documentation on all the directives and default modules.
</para>
</listitem>
- </varlistentry>
- <varlistentry>
- <term><ulink url="http://www.modssl.org/" /></term>
<listitem>
<para>
- The official website for the <application>mod_ssl</application> module.
+ ulink url="http://www.modssl.org/" /> — The official website for the <application>mod_ssl</application> module.
</para>
</listitem>
- </varlistentry>
- <varlistentry>
- <term><ulink url="http://www.openssl.org/" /></term>
<listitem>
<para>
- The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources.
+ <ulink url="http://www.openssl.org/"/> — The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources.
</para>
</listitem>
- </varlistentry>
- </variablelist>
- </section>
+ </itemizedlist>
</section>
</section>
9 years, 5 months
[system-administrators-guide] Update after chapter review
by stephenw
commit c10fa36bc5fe6ade9e68b2e27b81bb78aa1f4ddc
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Mon Dec 1 22:31:33 2014 +0100
Update after chapter review
thank you Laura Bailey
en-US/The_Apache_HTTP_Server.xml | 128 +++++++++++++++++++-------------------
1 files changed, 63 insertions(+), 65 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 4ae24a3..fe684eb 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -21,7 +21,7 @@
<tertiary>changes</tertiary>
</indexterm>
<para>
- The Apache HTTP Server version 2.4 has the following changes:
+ The Apache HTTP Server version 2.4 has the following changes compared to version 2.2:
</para>
<variablelist>
@@ -29,15 +29,13 @@
<term>httpd Service Control</term>
<listitem>
<para>
-With the migration away from SysV init scripts, server administrators should switch to using the <command>apachectl</command> and <command>systemctl</command> commands to control the service, in place of the <command>service</command> command. The following examples are specific to the <systemitem class="daemon">httpd</systemitem> service.
+With the migration away from SysV init scripts, server administrators should switch to using the <command>apachectl</command> and <command>systemctl</command> commands to control the service, in place of the <command>service</command> command. The following examples are specific to the <systemitem class="daemon">httpd</systemitem> service.</para>
+<para>
The command:
<synopsis>service httpd graceful</synopsis>
is replaced by
<synopsis>apachectl graceful</synopsis>
-The command:
-<synopsis>service httpd configtest</synopsis>
- is replaced by
- <synopsis>apachectl configtest</synopsis>
+
The <systemitem class="daemon">systemd</systemitem> unit file for <systemitem class="daemon">httpd</systemitem> has different behavior from the init script as follows:
<itemizedlist>
<listitem>
@@ -51,7 +49,13 @@ The <systemitem class="daemon">systemd</systemitem> unit file for <systemitem cl
</para>
</listitem>
</itemizedlist>
-
+
+The command:
+<synopsis>service httpd configtest</synopsis>
+ is replaced by
+ <synopsis>apachectl configtest</synopsis>
+
+
</para>
</listitem>
</varlistentry>
@@ -69,26 +73,23 @@ To enhance system security, the <systemitem class="daemon">systemd</systemitem>
<term>Configuration Layout</term>
<listitem>
<para>
-Configuration files which load modules are now placed in the <filename class="directory">/etc/httpd/conf.modules.d</filename> directory. Packages, such as <package>php</package>, which provide additional loadable modules for <systemitem class="daemon">httpd</systemitem> will place a file in this directory. Any configuration files in the <filename class="directory">conf.modules.d</filename> are processed before the main body of <filename>httpd.conf</filename>. Configuration files in the <filename class="directory">/etc/httpd/conf.d</filename> directory are now processed after the main body of <filename>httpd.conf</filename>.</para>
+Configuration files which load modules are now placed in the <filename class="directory">/etc/httpd/conf.modules.d</filename> directory. Packages that provide additional loadable modules for <systemitem class="daemon">httpd</systemitem>, such as <package>php</package>, will place a file in this directory. Any configuration files in the <filename class="directory">conf.modules.d</filename> directory are processed before the main body of <filename>httpd.conf</filename>. Configuration files in the <filename class="directory">/etc/httpd/conf.d</filename> directory are now processed after the main body of <filename>httpd.conf</filename>.</para>
<para>
Some additional configuration files are provided by the <package>httpd</package> package itself:</para>
<itemizedlist>
<listitem>
<para>
- <synopsis>/etc/httpd/conf.d/autoindex.conf</synopsis>
- This configures mod_autoindex directory indexing.
+ <filename>/etc/httpd/conf.d/autoindex.conf</filename> — This configures mod_autoindex directory indexing.
</para>
</listitem>
<listitem>
<para>
- <synopsis>/etc/httpd/conf.d/userdir.conf</synopsis>
- This configures access to user directories, for example, <literal>http://example.com/~username/</literal>; such access is disabled by default for security reasons.
- </para>
+ <filename>/etc/httpd/conf.d/userdir.conf</filename> — This configures access to user directories, for example, <literal>http://example.com/~username/</literal>; such access is disabled by default for security reasons.
+ </para>
</listitem>
<listitem>
<para>
-<synopsis>/etc/httpd/conf.d/welcome.conf</synopsis>
- As in previous releases, this configures the welcome page displayed for <literal>http://localhost/</literal> when no content is present.
+<filename>/etc/httpd/conf.d/welcome.conf</filename> — As in previous releases, this configures the welcome page displayed for <literal>http://localhost/</literal> when no content is present.
</para>
</listitem>
@@ -100,16 +101,16 @@ Some additional configuration files are provided by the <package>httpd</package>
<term>Default Configuration</term>
<listitem>
<para>
-A minimal default <filename>httpd.conf</filename> is now provided by default. Many common configuration settings, such as <literal>Timeout</literal> or <literal>KeepAlive</literal> are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See <xref linkend="s3-apache-resources-installed" /> for more information.
+A minimal <filename>httpd.conf</filename> file is now provided by default. Many common configuration settings, such as <literal>Timeout</literal> or <literal>KeepAlive</literal> are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See <xref linkend="s3-apache-resources-installed" /> for more information.
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>Configuration Changes</term>
+ <term>Incompatible Syntax Changes</term>
<listitem>
<para>
-A number of backwards-incompatible changes to the <systemitem class="daemon">httpd</systemitem> configuration syntax were made which will require changes if migrating an existing configuration from <application>httpd 2.2</application> to <application>httpd 2.4</application>. See the following Apache document for more information on upgrading <ulink url="http://httpd.apache.org/docs/2.4/upgrading.html" />
+If migrating an existing configuration from <application>httpd 2.2</application> to <application>httpd 2.4</application>, a number of backwards-incompatible changes to the <systemitem class="daemon">httpd</systemitem> configuration syntax were made which will require changes. See the following Apache document for more information on upgrading <ulink url="http://httpd.apache.org/docs/2.4/upgrading.html" />
</para>
</listitem>
</varlistentry>
@@ -121,14 +122,14 @@ A number of backwards-incompatible changes to the <systemitem class="daemon">htt
<para>
In previous releases of &MAJOROS;, different <firstterm>multi-processing models</firstterm> (<acronym>MPM</acronym>) were made available as different <systemitem class="daemon">httpd</systemitem> binaries: the forked model, <quote>prefork</quote>, as <filename>/usr/sbin/httpd</filename>, and the thread-based model <quote>worker</quote> as <filename>/usr/sbin/httpd.worker</filename>.</para>
<para>
-In &MAJOROSVER;, only a single <systemitem class="daemon">httpd</systemitem> binary is used, and three MPMs are available as loadable modules: worker, prefork (default), and event. The configuration file <filename>/etc/httpd/conf.modules.d/00-mpm.conf</filename> can be changed to select which of the three MPM modules is loaded.</para>
+In &MAJOROSVER;, only a single <systemitem class="daemon">httpd</systemitem> binary is used, and three MPMs are available as loadable modules: worker, prefork (default), and event. Edit the configuration file <filename>/etc/httpd/conf.modules.d/00-mpm.conf</filename> as required, by adding and removing the comment character <literal>#</literal> so that only one of the three MPM modules is loaded.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Packaging Changes</term>
<listitem>
<para>
-The LDAP authentication and authorization modules are now provided in a separate sub-package <package>mod_ldap</package>. The new module <application>mod_session</application> and associated helper modules are provided in a new sub-package, <package>mod_session</package>. The new modules <application>mod_proxy_html</application> and <application>mod_xml2enc</application> are provided in a new sub-package, <package>mod_proxy_html</package>.
+The LDAP authentication and authorization modules are now provided in a separate sub-package, <package>mod_ldap</package>. The new module <application>mod_session</application> and associated helper modules are provided in a new sub-package, <package>mod_session</package>. The new modules <application>mod_proxy_html</application> and <application>mod_xml2enc</application> are provided in a new sub-package, <package>mod_proxy_html</package>.
</para>
</listitem>
</varlistentry>
@@ -136,27 +137,24 @@ The LDAP authentication and authorization modules are now provided in a separate
<term>Packaging Filesystem Layout</term>
<listitem>
<para>
-The <filename class="directory">/var/cache/mod_proxy</filename> directory is no longer provided; instead, the <filename class="directory">/var/cache/httpd/</filename> directory is packaged with a <literal>proxy</literal> and <literal>ssl</literal> subdirectory.
+The <filename class="directory">/var/cache/mod_proxy/</filename> directory is no longer provided; instead, the <filename class="directory">/var/cache/httpd/</filename> directory is packaged with a <literal>proxy</literal> and <literal>ssl</literal> subdirectory.
</para>
<para>
Packaged content provided with <systemitem class="daemon">httpd</systemitem> has been moved from <filename class="directory">/var/www/</filename> to <filename class="directory">/usr/share/httpd/</filename>:
<itemizedlist>
<listitem>
<para>
- <synopsis>/usr/share/httpd/icons/</synopsis>
- The <filename class="directory">/var/www/icons/</filename> has moved to <filename class="directory">/usr/share/httpd/icons</filename>. This directory contains a set of icons used with directory indices. Available at <literal>http://localhost/icons/</literal> in the default configuration, via <filename>/etc/httpd/conf.d/autoindex.conf</filename>.
+ <filename>/usr/share/httpd/icons/</filename> — The directory containing a set of icons used with directory indices, previously contained in <filename class="directory">/var/www/icons/</filename>, has moved to <filename class="directory">/usr/share/httpd/icons</filename>. Available at <literal>http://localhost/icons/</literal> in the default configuration; the location and the availability of the icons is configurable in the <filename>/etc/httpd/conf.d/autoindex.conf</filename> file.
</para>
</listitem>
<listitem>
<para>
- <synopsis>/usr/share/httpd/manual/</synopsis>
- The <filename class="directory">/var/www/manual/</filename> has moved to <filename class="directory">/usr/share/httpd/manual/</filename>. This directory, contained in the <package>httpd-manual</package> package, contains the HTML version of the manual for <systemitem class="daemon">httpd</systemitem>. Available at <literal>http://localhost/manual/</literal> if the package is installed, via <literal>/etc/httpd/conf.d/manual.conf</literal>.</para>
+ <filename>/usr/share/httpd/manual/</filename> — The <filename class="directory">/var/www/manual/</filename> has moved to <filename class="directory">/usr/share/httpd/manual/</filename>. This directory, contained in the <package>httpd-manual</package> package, contains the HTML version of the manual for <systemitem class="daemon">httpd</systemitem>. Available at <literal>http://localhost/manual/</literal> if the package is installed, the location and the availability of the manual is configurable in the <literal>/etc/httpd/conf.d/manual.conf</literal> file.</para>
</listitem>
<listitem>
<para>
- <synopsis>/usr/share/httpd/error/</synopsis>
- The <filename class="directory">/var/www/error/</filename> has moved to <filename class="directory">/usr/share/httpd/error/</filename>. Custom multi-language HTTP error pages. Not configured by default, the example configuration file is provided at <filename>/usr/share/doc/httpd-<replaceable>VERSION</replaceable>/httpd-multilang-errordoc.conf</filename>.
+ <filename>/usr/share/httpd/error/</filename> — The <filename class="directory">/var/www/error/</filename> has moved to <filename class="directory">/usr/share/httpd/error/</filename>. Custom multi-language HTTP error pages. Not configured by default, the example configuration file is provided at <filename>/usr/share/doc/httpd-<replaceable>VERSION</replaceable>/httpd-multilang-errordoc.conf</filename>.
</para>
</listitem>
@@ -182,7 +180,7 @@ The configuration directives used to control authentication, authorization and a
<term>suexec</term>
<listitem>
<para>
-To improve system security, the <application>suexec</application> binary is no longer installed <literal>setuid root</literal>; instead, it has file system capability bits set which allow a more restrictive set of permissions. In conjunction with this change, the <application>suexec</application> binary no longer uses the <filename>/var/log/httpd/suexec.log</filename> logfile. Instead, log messages are sent to <application>syslog</application>; by default these will appear in the <filename>/var/log/secure</filename> log file.
+To improve system security, the <application>suexec</application> binary is no longer installed as if by the <systemitem class="username">root</systemitem> user; instead, it has file system capability bits set which allow a more restrictive set of permissions. In conjunction with this change, the <application>suexec</application> binary no longer uses the <filename>/var/log/httpd/suexec.log</filename> logfile. Instead, log messages are sent to <application>syslog</application>; by default these will appear in the <filename>/var/log/secure</filename> log file.
</para>
</listitem>
</varlistentry>
@@ -190,7 +188,7 @@ To improve system security, the <application>suexec</application> binary is no l
<term>Module Interface</term>
<listitem>
<para>
-Due to changes to the <systemitem class="daemon">httpd</systemitem> module interface, <application>httpd 2.4</application> is not compatible with third-party binary modules built against <application>httpd 2.2</application>. Such modules will need to be adjusted as necessary for the <application>httpd 2.4</application> module interface, and then rebuilt. A detailed list of the API changes in version <literal>2.4</literal> is available here: <ulink url="http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html" />.
+Third-party binary modules built against <application>httpd 2.2</application> are not compatible with <application>httpd 2.4</application> due to changes to the <systemitem class="daemon">httpd</systemitem> module interface. Such modules will need to be adjusted as necessary for the <application>httpd 2.4</application> module interface, and then rebuilt. A detailed list of the API changes in version <literal>2.4</literal> is available here: <ulink url="http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html" />.
</para>
<para>
The <application>apxs</application> binary used to build modules from source has moved from <filename>/usr/sbin/apxs</filename> to <filename>/usr/bin/apxs</filename>.
@@ -204,7 +202,7 @@ The <application>apxs</application> binary used to build modules from source has
List of <systemitem class="daemon">httpd</systemitem> modules removed in &MAJOROSVER;:
<variablelist>
<varlistentry>
- <term>mod_auth_mysql, mod_auth_pgsql</term>
+ <term>mod_auth_mysql, mod_auth_pgsql</term>
<listitem>
<para>
<application>httpd 2.4</application> provides SQL database authentication support internally in the <application>mod_authn_dbd</application> module.
@@ -212,7 +210,7 @@ List of <systemitem class="daemon">httpd</systemitem> modules removed in &MAJORO
</listitem>
</varlistentry>
<varlistentry>
- <term>mod_perl</term>
+ <term>mod_perl</term>
<listitem>
<para>
<application>mod_perl</application> is not officially supported with <application>httpd 2.4</application> by upstream.
@@ -220,10 +218,10 @@ List of <systemitem class="daemon">httpd</systemitem> modules removed in &MAJORO
</listitem>
</varlistentry>
<varlistentry>
- <term>mod_authz_ldap</term>
+ <term>mod_authz_ldap</term>
<listitem>
<para>
- <application>httpd 2.4</application> provides LDAP support internally using <application>mod_authnz_ldap</application>.
+ <application>httpd 2.4</application> provides LDAP support in sub-package <package>mod_ldap</package> using <application>mod_authnz_ldap</application>.
</para>
</listitem>
</varlistentry>
@@ -275,7 +273,7 @@ List of <systemitem class="daemon">httpd</systemitem> modules removed in &MAJORO
<para>
Note that you can check the configuration for possible errors by using the following command:
</para>
- <screen>~]# <command>apachectl configtest</command>
+ <screen>~]# <command>apachectl configtest</command>
Syntax OK</screen>
<para>
For more information on upgrading the Apache HTTP Server configuration from version 2.2 to 2.4, see <ulink url="http://httpd.apache.org/docs/2.4/upgrading.html"/>.
@@ -286,7 +284,7 @@ Syntax OK</screen>
<para>
This section describes how to start, stop, restart, and check the current status of the Apache HTTP Server. To be able to use the <systemitem class="service">httpd</systemitem> service, make sure you have the <package>httpd</package> installed. You can do so by using the following command:
</para>
- <screen>~]# <command>yum install httpd</command></screen>
+ <screen>~]# <command>yum install httpd</command></screen>
<para>
For more information on the concept of targets and how to manage system services in &MAJOROS; in general, see <remark>link to systemd section when ready</remark> <xref linkend="ch-Services_and_Daemons" />.
</para>
@@ -299,11 +297,11 @@ Syntax OK</screen>
<para>
To run the <systemitem class="service">httpd</systemitem> service, type the following at a shell prompt as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>systemctl start httpd.service</command></screen>
+ <screen>~]# <command>systemctl start httpd.service</command></screen>
<para>
- If you want the service to start automatically at the boot time, use the following command:
+ If you want the service to start automatically at boot time, use the following command:
</para>
- <screen>~]# <command>systemctl enable httpd.service</command>
+ <screen>~]# <command>systemctl enable httpd.service</command>
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'</screen>
<note>
<title>Using the secure server</title>
@@ -342,7 +340,7 @@ rm '/etc/systemd/system/multi-user.target.wants/httpd.service'</screen>
<para>
To restart the service completely, enter the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>systemctl restart httpd.service</command></screen>
+ <screen>~]# <command>systemctl restart httpd.service</command></screen>
<para>
This stops the running <systemitem class="service">httpd</systemitem> service and immediately starts it again. Use this command after installing or removing a dynamically loaded module such as PHP.
</para>
@@ -351,18 +349,18 @@ rm '/etc/systemd/system/multi-user.target.wants/httpd.service'</screen>
<para>
To only reload the configuration, as <systemitem class="username">root</systemitem>, type:
</para>
- <screen>~]# <command>systemctl reload httpd.service</command></screen>
+ <screen>~]# <command>systemctl reload httpd.service</command></screen>
<para>
- This causes the running <systemitem class="service">httpd</systemitem> service to reload its configuration file. Any requests being currently processed will be interrupted, which may cause a client browser to display an error message or render a partial page.
+ This causes the running <systemitem class="service">httpd</systemitem> service to reload its configuration file. Any requests currently being processed will be interrupted, which may cause a client browser to display an error message or render a partial page.
</para>
</listitem>
<listitem>
<para>
To reload the configuration without affecting active requests, enter the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>service httpd graceful</command></screen>
+ <screen>~]# <command>apachectl graceful</command></screen>
<para>
- This cause the running <systemitem class="service">httpd</systemitem> service to reload its configuration file. Any requests being currently processed will use the old configuration.
+ This causes the running <systemitem class="service">httpd</systemitem> service to reload its configuration file. Any requests currently being processed will continue to use the old configuration.
</para>
</listitem>
</orderedlist>
@@ -379,7 +377,7 @@ rm '/etc/systemd/system/multi-user.target.wants/httpd.service'</screen>
<para>
To verify that the <systemitem class="service">httpd</systemitem> service is running, type the following at a shell prompt:
</para>
- <screen>~]# <command>systemctl is-active httpd.service</command>
+ <screen>~]# <command>systemctl is-active httpd.service</command>
active</screen>
</section>
</section>
@@ -443,7 +441,7 @@ active</screen>
<para>
To check the configuration for possible errors, type the following at a shell prompt:
</para>
- <screen>~]# <command>apachectl configtest</command>
+ <screen>~]# <command>apachectl configtest</command>
Syntax OK</screen>
<para>
To make the recovery from mistakes easier, it is recommended that you make a copy of the original file before editing it.
@@ -3767,14 +3765,14 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<para>
If you intend to create a new DSO module, make sure you have the <package>httpd-devel</package> package installed. To do so, enter the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>yum install httpd-devel</command></screen>
+ <screen>~]# <command>yum install httpd-devel</command></screen>
<para>
This package contains the include files, the header files, and the <application>APache eXtenSion</application> (<command>apxs</command>) utility required to compile a module.
</para>
<para>
Once written, you can build the module with the following command:
</para>
- <screen>~]# <command>apxs -i -a -c <replaceable>module_name</replaceable>.c</command></screen>
+ <screen>~]# <command>apxs -i -a -c <replaceable>module_name</replaceable>.c</command></screen>
<para>
If the build was successful, you should be able to load the module the same way as any other module that is distributed with the Apache HTTP Server.
</para>
@@ -3791,7 +3789,7 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<see><application>Apache HTTP Server</application></see>
</indexterm>
<para>
- The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, hostname, or port is being requested.
+ The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, host name, or port is being requested.
</para>
<para>
To create a name-based virtual host, copy the example configuration file <filename>/usr/share/doc/httpd-<replaceable>VERSION</replaceable>/httpd-vhosts.conf</filename> into the <filename class="directory">/etc/httpd/conf.d/</filename> directory, and replace the <literal>@@Port@@</literal> and <literal>@@ServerRoot@@</literal> placeholder values. Customize the options according to your requirements as shown in <xref linkend="example-apache-virtualhosts-config"/>.
@@ -3882,10 +3880,10 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<tertiary>certificate authority</tertiary>
</indexterm>
<para>
- To provide secure communications using SSL, an SSL server must use a digital certificate signed by a <firstterm>Certificate Authority</firstterm> (<acronym>CA</acronym>). The certificate lists various attributes of the server (that is, the server hostname, the name of the company, its location, etc.), and the signature produced using the CA's private key. This signature ensures that a particular certificate authority has issued the certificate, and that the certificate has not been modified in any way.
+ To provide secure communications using SSL, an SSL server must use a digital certificate signed by a <firstterm>Certificate Authority</firstterm> (<acronym>CA</acronym>). The certificate lists various attributes of the server (that is, the server host name, the name of the company, its location, etc.), and the signature produced using the CA's private key. This signature ensures that a particular certificate authority has signed the certificate, and that the certificate has not been modified in any way.
</para>
<para>
- When a web browser establishes a new SSL connection, it checks the certificate provided by the web server. If the certificate does not have a signature from a trusted CA, or if the hostname listed in the certificate does not match the hostname used to establish the connection, it refuses to communicate with the server and usually presents a user with an appropriate error message.
+ When a web browser establishes a new SSL connection, it checks the certificate provided by the web server. If the certificate does not have a signature from a trusted CA, or if the host name listed in the certificate does not match the host name used to establish the connection, it refuses to communicate with the server and usually presents a user with an appropriate error message.
</para>
<para>
By default, most web browsers are configured to trust a set of widely used certificate authorities. Because of this, an appropriate CA should be chosen when setting up a secure server, so that target users can trust the connection, otherwise they will be presented with an error message, and will have to accept the certificate manually. Since encouraging users to override certificate errors can allow an attacker to intercept the connection, you should use a trusted CA whenever possible. For more information on this, see <xref linkend="table-apache-mod_ssl-certificates-authorities" />.
@@ -3947,7 +3945,7 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<para>
If you intend to set up an SSL server, make sure you have the <package>mod_ssl</package> (the <systemitem class="resource">mod_ssl</systemitem> module) and <package>openssl</package> (the OpenSSL toolkit) packages installed. To do so, enter the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>yum install mod_ssl openssl</command></screen>
+ <screen>~]# <command>yum install mod_ssl openssl</command></screen>
<indexterm>
<primary><application>Apache HTTP Server</application></primary>
<secondary>files</secondary>
@@ -3996,8 +3994,8 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<para>
If you want to use an existing key and certificate, move the relevant files to the <filename class="directory">/etc/pki/tls/private/</filename> and <filename class="directory">/etc/pki/tls/certs/</filename> directories respectively. You can do so by issuing the following commands as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>mv</command> <filename><replaceable>key_file</replaceable>.key</filename> <filename>/etc/pki/tls/private/<replaceable>hostname</replaceable>.key</filename>
-~]# <command>mv</command> <filename><replaceable>certificate</replaceable>.crt</filename> <filename>/etc/pki/tls/certs/<replaceable>hostname</replaceable>.crt</filename></screen>
+ <screen>~]# <command>mv</command> <filename><replaceable>key_file</replaceable>.key</filename> <filename>/etc/pki/tls/private/<replaceable>hostname</replaceable>.key</filename>
+~]# <command>mv</command> <filename><replaceable>certificate</replaceable>.crt</filename> <filename>/etc/pki/tls/certs/<replaceable>hostname</replaceable>.crt</filename></screen>
<para>
Then add the following lines to the <filename>/etc/httpd/conf.d/ssl.conf</filename> configuration file:
</para>
@@ -4007,9 +4005,9 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
To load the updated configuration, restart the <systemitem class="service">httpd</systemitem> service as described in <xref linkend="s3-apache-running-restarting" />.
</para>
<example id="example-apache-mod_ssl-keypair">
- <title>Using a key and certificate from the Red Hat Secure Web Server</title>
- <screen>~]# <command>mv /etc/httpd/conf/httpsd.key /etc/pki/tls/private/penguin.example.com.key</command>
-~]# <command>mv /etc/httpd/conf/httpsd.crt /etc/pki/tls/certs/penguin.example.com.crt</command></screen>
+ <title>Using a key and certificate from the Red Hat Secure Web Server</title>
+ <screen>~]# <command>mv /etc/httpd/conf/httpsd.key /etc/pki/tls/private/penguin.example.com.key</command>
+~]# <command>mv /etc/httpd/conf/httpsd.crt /etc/pki/tls/certs/penguin.example.com.crt</command></screen>
</example>
</section>
<section id="s3-apache-mod_ssl-genkey">
@@ -4025,30 +4023,30 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
<tertiary>certificate</tertiary>
</indexterm>
<para>
- In order to generate a new key and certificate pair, you must to have the <package>crypto-utils</package> package installed on your system. As <systemitem class="username">root</systemitem>, it can be installed by entering the following command:
+ In order to generate a new key and certificate pair, the <package>crypto-utils</package> package must be installed on the system. To install it, enter the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>yum install crypto-utils</command></screen>
+ <screen>~]# <command>yum install crypto-utils</command></screen>
<para>
- This package provides a set of tools to generate and manage SSL certificates and private keys, and includes <application>genkey</application>, the Red Hat Keypair Generation utility that will guide you through the key generation process.
+ This package provides a set of tools to generate and manage SSL certificates and private keys, and includes <application>genkey</application>, the Red Hat Keypair Generation utility that will guide you through the key generation process.
</para>
<important>
<title>Replacing an existing certificate</title>
<para>
If the server already has a valid certificate and you are replacing it with a new one, specify a different serial number. This ensures that client browsers are notified of this change, update to this new certificate as expected, and do not fail to access the page. To create a new certificate with a custom serial number, use the following command instead of <application>genkey</application>:
</para>
- <screen>~]# <command>openssl req -x509 -new -set_serial <replaceable>number</replaceable> -key <replaceable>hostname</replaceable>.key -out <replaceable>hostname</replaceable>.crt</command></screen>
+ <screen>~]# <command>openssl req -x509 -new -set_serial <replaceable>number</replaceable> -key <replaceable>hostname</replaceable>.key -out <replaceable>hostname</replaceable>.crt</command></screen>
</important>
<note>
<title>Remove a previously created key</title>
<para>
- If there already is a key file for a particular host name on your system, <application>genkey</application> will refuse to start. In this case, remove the existing file using the following command as <systemitem class="username">root</systemitem>:
+ If there already is a key file for a particular host name in your system, <application>genkey</application> will refuse to start. In this case, remove the existing file using the following command as <systemitem class="username">root</systemitem>:
</para>
- <screen>~]# <command>rm /etc/pki/tls/private/<replaceable>hostname</replaceable>.key</command></screen>
+ <screen>~]# <command>rm /etc/pki/tls/private/<replaceable>hostname</replaceable>.key</command></screen>
</note>
<para>
- To run the utility, as <systemitem class="username">root</systemitem>, enter the <command>genkey</command> command followed by the appropriate host name (for example, <systemitem class="domainname">penguin.example.com</systemitem>):
+ To run the utility, use the <command>genkey</command> command followed by the appropriate host name (for example, <systemitem class="domainname">penguin.example.com</systemitem>):
</para>
- <screen>~]# <command>genkey</command> <replaceable>hostname</replaceable></screen>
+ <screen>~]# <command>genkey</command> <replaceable>hostname</replaceable></screen>
<para>
To complete the key and certificate creation, take the following steps:
</para>
@@ -4076,7 +4074,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
</step>
<step>
<para>
- Using the <keycap>Up</keycap> and <keycap>down</keycap> arrow keys, select the suitable key size. Note that while the large key increases the security, it also increases the response time of your server. The NIST recommends using <literal>2048 bits</literal>. See <ulink url="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf"><citetitle pubwork="book">NIST Special Publication 800-131A</citetitle></ulink>.
+ Using the <keycap>up</keycap> and <keycap>down</keycap> arrow keys, select a suitable key size. Note that while a larger key increases the security, it also increases the response time of your server. The NIST recommends using <literal>2048 bits</literal>. See <ulink url="http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf"><citetitle pubwork="book">NIST Special Publication 800-131A</citetitle></ulink>.
</para>
<figure id="figure-apache-mod_ssl-genkey-02">
<title>Selecting the key size</title>
9 years, 5 months
[system-administrators-guide] Information about CA lists
by stephenw
commit 60fdea8dc95090a478408c687fe94b316307a9d4
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Mon Dec 1 22:26:22 2014 +0100
Information about CA lists
en-US/The_Apache_HTTP_Server.xml | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index f5436d8..4ae24a3 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -3891,7 +3891,7 @@ ErrorDocument 404 /404-not_found.html</programlisting>
By default, most web browsers are configured to trust a set of widely used certificate authorities. Because of this, an appropriate CA should be chosen when setting up a secure server, so that target users can trust the connection, otherwise they will be presented with an error message, and will have to accept the certificate manually. Since encouraging users to override certificate errors can allow an attacker to intercept the connection, you should use a trusted CA whenever possible. For more information on this, see <xref linkend="table-apache-mod_ssl-certificates-authorities" />.
</para>
<table id="table-apache-mod_ssl-certificates-authorities">
- <title>CA lists for most common web browsers</title>
+ <title>Information about CA lists used by common web browsers</title>
<tgroup cols="2">
<colspec colname="option" colnum="1" colwidth="20*" />
<colspec colname="description" colnum="2" colwidth="60*" />
@@ -3918,15 +3918,21 @@ ErrorDocument 404 /404-not_found.html</programlisting>
<entry>
<application>Opera</application>
</entry>
- <entry><ulink url="http://www.opera.com/docs/ca/">Root certificates used by Opera</ulink>.
+ <entry><ulink url="http://www.opera.com/docs/ca/">Information on root certificates used by Opera</ulink>.
</entry>
</row>
<row>
<entry>
<application>Internet Explorer</application>
</entry>
+ <entry><ulink url="http://support.microsoft.com/kb/931125">Information on root certificates used by Microsoft Windows</ulink>.
+ </entry>
+ </row>
+ <row>
<entry>
- <ulink url="http://support.microsoft.com/kb/931125">Windows root certificate program members</ulink>.
+ <application>Chromium</application>
+ </entry>
+ <entry><ulink url="http://www.chromium.org/Home/chromium-security/root-ca-policy">Information on root certificates used by the Chromium project</ulink>.
</entry>
</row>
</tbody>
9 years, 5 months
[system-administrators-guide] Apache version is 2.4 since Fedora 19
by stephenw
commit 861f132bf7ce07d75278333366c993d549dcf6bf
Author: Stephen Wadeley <swadeley(a)redhat.com>
Date: Mon Dec 1 22:22:30 2014 +0100
Apache version is 2.4 since Fedora 19
thank you Jan Kaluza for the review
en-US/The_Apache_HTTP_Server.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 0b3ff4d..f5436d8 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -8,10 +8,10 @@
<see><application>Apache HTTP Server</application></see>
</indexterm>
<para>
- The web server available in &MAJOROSVER; is the Apache HTTP server daemon, <systemitem class="daemon">httpd</systemitem>, an open source web server developed by the <ulink url="http://www.apache.org/">Apache Software Foundation</ulink>. In &MAJOROSVER; the Apache server has been updated to <application>Apache HTTP Server 2.4</application>. This section describes the basic configuration of the <systemitem class="service">httpd</systemitem> service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server.
+ The web server available in &MAJOROS; is the Apache HTTP server daemon, <systemitem class="daemon">httpd</systemitem>, an open source web server developed by the <ulink url="http://www.apache.org/">Apache Software Foundation</ulink>. In Fedora 19 the Apache server was updated to <application>Apache HTTP Server 2.4</application>. This section describes the basic configuration of the <systemitem class="service">httpd</systemitem> service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server.
</para>
<para>
- There are important differences between the Apache HTTP Server 2.4 and version 2.2, and if you are upgrading from a previous release of &MAJOROS;, you will need to update the <systemitem class="service">httpd</systemitem> service configuration accordingly. This section reviews some of the newly added features, outlines important changes, and guides you through the update of older configuration files.
+ There are important differences between the Apache HTTP Server 2.4 and version 2.2, and if you are upgrading from a release prior to Fedora 19, you will need to update the <systemitem class="service">httpd</systemitem> service configuration accordingly. This section reviews some of the newly added features, outlines important changes, and guides you through the update of older configuration files.
</para>
<section id="s2-apache-changes">
<title>Notable Changes</title>
9 years, 5 months
[uefi-secure-boot-guide] master: List steps which may allow switching Secure Boot status in the firmware (bb1bf13)
by fweimer@fedoraproject.org
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit bb1bf13a819a558ea3c275d0e1fe39022ed8594d
Author: Florian Weimer <fweimer(a)redhat.com>
Date: Mon Dec 1 20:07:50 2014 +0100
List steps which may allow switching Secure Boot status in the firmware
>---------------------------------------------------------------
en-US/System_Configuration.xml | 84 ++++++++++++++++++++++++++++++++++++++++
1 files changed, 84 insertions(+), 0 deletions(-)
diff --git a/en-US/System_Configuration.xml b/en-US/System_Configuration.xml
index 2488485..5345022 100644
--- a/en-US/System_Configuration.xml
+++ b/en-US/System_Configuration.xml
@@ -314,6 +314,90 @@ enabled.
</para>
</section>
+<section id="sect-UEFI_Secure_Boot_Guide-System_Configuration-Additional">
+<title>Additional steps to enable the Secure Boot firmware option</title>
+<para>
+On some systems, the firmware option to switch the Secure Boot state
+is not always active and cannot be selected. The following additional
+measures are worth a try.
+</para>
+<itemizedlist>
+ <listitem>
+ <para>
+ Set a non-empty supervisor password in the firmware. This may
+ enable the Secure Boot option. After toggling this option, you
+ can remove the supervsior password again. Depending on the
+ firmware, you may have to set the password to an empty string to
+ disable it.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Firmware may only allow changing the Secure Boot settings after
+ a physical presence check. The following keyboard options may
+ not pass the physical presence check:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ a USB keyboard connected to a laptop
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ a Bluetooth keyboard
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ a serial console
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ an IP KVM solution or other remote management facility
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ You can try the following options instead where applicable:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ a built-in keyboard or touch screen
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ a USB keyboard connected to a docking system, which in turn
+ is connected to a laptop
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ a PS/2 keyboard
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ a keyboard directly connected to a server (and not a remote
+ KVM solution)
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>
+ The Secure Boot option might be protected, but access to the
+ Secure Boot key store is not. Removing all keys in the key
+ store can disable Secure Boot even if the separate option for
+ this purpose cannot be switched off.
+ </para>
+ </listitem>
+</itemizedlist>
+</section>
+
<section>
<title>Known issues</title>
<para>
9 years, 5 months
[uefi-secure-boot-guide] master: With (U)EFI, third-party boot loaders reside in the EFI System partition (bf549a1)
by fweimer@fedoraproject.org
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit bf549a1e5fe85a912d58b33bf00936fc17543f2e
Author: Florian Weimer <fweimer(a)redhat.com>
Date: Mon Dec 1 19:49:27 2014 +0100
With (U)EFI, third-party boot loaders reside in the EFI System partition
>---------------------------------------------------------------
en-US/System_Configuration.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/en-US/System_Configuration.xml b/en-US/System_Configuration.xml
index bc58d36..2488485 100644
--- a/en-US/System_Configuration.xml
+++ b/en-US/System_Configuration.xml
@@ -318,7 +318,7 @@ enabled.
<title>Known issues</title>
<para>
When &PRODUCT; is installed on an UEFI system, existing boot loaders
-(for example, the code found in the Master Boot Record) are not
+(for example, the code found in the EFI System partition) are not
overwritten. Therefore, &PRODUCT; has considerably less control over
the boot process. In some cases, systems cannot dual-boot between
&PRODUCT; and other operating systems. Even if &PRODUCT; is selected
9 years, 5 months