[deployment-guide/comm-rel: 481/727] minor bug fixes and implementing updates
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:05:19 UTC 2010
commit 039c0a0e9fd3dd21a62d4ae81a61ed61d011d37a
Author: Martin Prpic <mprpic at redhat.com>
Date: Wed Aug 25 13:56:33 2010 +0200
minor bug fixes and implementing updates
en-US/Authentication_Configuration.xml | 4 +-
en-US/FTP.xml | 101 ++++++++++++++++----------------
en-US/Samba.xml | 2 +-
3 files changed, 53 insertions(+), 54 deletions(-)
---
diff --git a/en-US/Authentication_Configuration.xml b/en-US/Authentication_Configuration.xml
index ae3f161..750c470 100644
--- a/en-US/Authentication_Configuration.xml
+++ b/en-US/Authentication_Configuration.xml
@@ -135,7 +135,7 @@
The <guimenu>Kerberos Settings</guimenu> dialog also allows you to use DNS to resolve hosts to realms and locate KDCs for realms.
</para>
<para>
- The <filename>krb5-libs</filename> and <filename>krb5-workstation</filename> packages must be installed for this option to work. For more information about Kerberos, refer to section<citetitle pubwork="section"> "Using Kerberos"</citetitle> of the &MAJOROSVER; <citetitle>Managing Smart Cards</citetitle> guide<!-- TBD6: link -->.
+ The <filename>krb5-libs</filename> and <filename>krb5-workstation</filename> packages must be installed for this option to work. For more information about Kerberos, refer to section <citetitle pubwork="section">Using Kerberos</citetitle> of the &MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle> guide<!-- TBD6: link to Managing Single Sign-On and Smart Cards guide -->.
</para>
</listitem>
<listitem>
@@ -344,7 +344,7 @@
</itemizedlist>
</para>
<para>
- The <package>pam_pkcs11</package> and the <package>coolkey</package> packages must be installed for this option to work. For more information about smart cards, refer to the &MAJOROSVER; <citetitle>Managing Smart Cards</citetitle> guide. <!-- TBD6: link to: section "4.1. Enabling Smart Card Login on Red Hat Enterprise Linux" of the "Managing Smart Cards with the Enterprise Security Client" guide found on http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/Using_Enterprise_Security_Client_Keys_for_SSL_Client_Authentication_and_SMIME.html#enabling-smart-card-login OR section "2.3.2. Getting Started with your new Smart Card" of the "Security Guide" found on http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/#sect-Security_Guide-Single_Sign_on_SSO-->
+ The <package>pam_pkcs11</package> and the <package>coolkey</package> packages must be installed for this option to work. For more information about smart cards, refer to the &MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle> guide. <!-- TBD6: link to: section "4.1. Enabling Smart Card Login on Red Hat Enterprise Linux" of the "Managing Smart Cards with the Enterprise Security Client" guide found on http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards_with_the_Enterprise_Security_Client/Using_Enterprise_Security_Client_Keys_for_SSL_Client_Authentication_and_SMIME.html#enabling-smart-card-login OR section "2.3.2. Getting Started with your new Smart Card" of the "Security Guide" found on http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/#sect-Security_Guide-Single_Sign_on_SSO-->
<note>
<title>Note</title>
diff --git a/en-US/FTP.xml b/en-US/FTP.xml
index f94ba27..72bc139 100644
--- a/en-US/FTP.xml
+++ b/en-US/FTP.xml
@@ -16,8 +16,8 @@
<command>vsftpd</command>
</seealso>
</indexterm>
- <para>File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.</para>
- <para>This chapter outlines the basics of the FTP protocol, as well as configuration options for the primary FTP server shipped with &MAJOROS;, <command>vsftpd</command>.</para>
+ <para><firstterm>File Transfer Protocol</firstterm> (<systemitem class="protocol">FTP</systemitem>) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.</para>
+ <para>This chapter outlines the basics of the <systemitem class="protocol">FTP</systemitem> protocol, as well as configuration options for the primary <systemitem class="protocol">FTP</systemitem> server shipped with &MAJOROS;, <firstterm><command>vsftpd</command></firstterm>.</para>
<section
id="s1-ftp-protocol">
<title>The File Transfer Protocol</title>
@@ -37,7 +37,7 @@
linkend="ch-OpenSSH" />. For more information about the SSH
protocol, refer to <xref linkend="ch-OpenSSH"/>.</para>
-->
- <para>However, because FTP is so prevalent on the Internet, it is often required to share files to the public. System administrators, therefore, should be aware of the FTP protocol's unique characteristics.</para>
+ <para>However, because <systemitem class="protocol">FTP</systemitem> is so prevalent on the Internet, it is often required to share files to the public. System administrators, therefore, should be aware of the <systemitem class="protocol">FTP</systemitem> protocol's unique characteristics.</para>
<section
id="s2-ftp-protocol-multiport">
<title>Multiple Ports, Multiple Modes</title>
@@ -61,21 +61,21 @@
<primary>FTP</primary>
<secondary>passive mode</secondary>
</indexterm>
- <para>Unlike most protocols used on the Internet, FTP requires multiple network ports to work properly. When an FTP client application initiates a connection to an FTP server, it opens port 21 on the server — known as the <firstterm>command port</firstterm>. This port is used to issue all commands to the server. Any data requested from the server is returned to the client via a <firstterm>data port</firstterm>. The port number for data connections, and the way in which data connections are initialized, vary depending upon whether the client requests the data in <firstterm>active</firstterm> or <firstterm>passive</firstterm> mode.</para>
+ <para>Unlike most protocols used on the Internet, <systemitem class="protocol">FTP</systemitem> requires multiple network ports to work properly. When an <systemitem class="protocol">FTP</systemitem> client application initiates a connection to an <systemitem class="protocol">FTP</systemitem> server, it opens port <constant>21</constant> on the server — known as the <firstterm>command port</firstterm>. This port is used to issue all commands to the server. Any data requested from the server is returned to the client via a <firstterm>data port</firstterm>. The port number for data connections, and the way in which data connections are initialized, vary depending upon whether the client requests the data in <firstterm>active</firstterm> or <firstterm>passive</firstterm> mode.</para>
<para>The following defines these modes:</para>
<variablelist>
<varlistentry>
<term>active mode</term>
<listitem>
- <para>Active mode is the original method used by the FTP protocol for transferring data to the client application. When an active mode data transfer is initiated by the FTP client, the server opens a connection from port 20 on the server to the IP address and a random, unprivileged port (greater than 1024) specified by the client. This arrangement means that the client machine must be allowed to accept connections over any port above 1024. With the growth of insecure networks, such as the Internet, the use of firewalls to protect client machines is now prevalent. Because these client-side firewalls often deny incoming connections from active mode FTP servers, passive mode was devised.</para>
+ <para>Active mode is the original method used by the <systemitem class="protocol">FTP</systemitem> protocol for transferring data to the client application. When an active mode data transfer is initiated by the <systemitem class="protocol">FTP</systemitem> client, the server opens a connection from port <constant>20</constant> on the server to the <systemitem class="protocol">IP</systemitem> address and a random, unprivileged port (greater than <constant>1024</constant>) specified by the client. This arrangement means that the client machine must be allowed to accept connections over any port above <constant>1024</constant>. With the growth of insecure networks, such as the Internet, the use of firewalls to protect client machines is now prevalent. Because these client-side firewalls often deny incoming connections from active mode <systemitem class="protocol">FTP</systemitem> servers, passive mode was devised.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>passive mode</term>
<listitem>
- <para>Passive mode, like active mode, is initiated by the FTP client application. When requesting data from the server, the FTP client indicates it wants to access the data in passive mode and the server provides the IP address and a random, unprivileged port (greater than 1024) on the server. The client then connects to that port on the server to download the requested information.</para>
- <para>While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. You can reduce the number of open ports on a server by limiting the range of unprivileged ports on the FTP server. This also simplifies the process of configuring firewall rules for the server. Refer to <xref
- linkend="s2-ftp-vsftpd-conf-opt-net"/> for more about limiting passive ports.</para>
+ <para>Passive mode, like active mode, is initiated by the <systemitem class="protocol">FTP</systemitem> client application. When requesting data from the server, the <systemitem class="protocol">FTP</systemitem> client indicates it wants to access the data in passive mode and the server provides the <systemitem class="protocol">IP</systemitem> address and a random, unprivileged port (greater than <constant>1024</constant>) on the server. The client then connects to that port on the server to download the requested information.</para>
+ <para>While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. You can reduce the number of open ports on a server by limiting the range of unprivileged ports on the <systemitem class="protocol">FTP</systemitem> server. This also simplifies the process of configuring firewall rules for the server. Refer to <xref
+ linkend="s2-ftp-vsftpd-conf-opt-net"/> for more information about limiting passive ports.</para>
</listitem>
</varlistentry>
</variablelist>
@@ -114,16 +114,16 @@
</primary>
<secondary>security features</secondary>
</indexterm>
- <para>&MAJOROS; ships with two different FTP servers:</para>
+ <para>&MAJOROS; ships with two different <systemitem class="protocol">FTP</systemitem> servers:</para>
<itemizedlist>
<listitem>
<para>
- <application>Red Hat Content Accelerator</application> — A kernel-based Web server that delivers high performance Web server and FTP services. Since speed as its primary design goal, it has limited functionality and runs only as an anonymous FTP server. For more information about configuring and administering <application>Red Hat Content Accelerator</application>, consult the documentation available online at <ulink
+ <application>Red Hat Content Accelerator</application> — A kernel-based Web server that delivers high performance Web server and <systemitem class="protocol">FTP</systemitem> services. Since speed is its primary design goal, it has limited functionality and runs only as an anonymous <systemitem class="protocol">FTP</systemitem> server. For more information about configuring and administering <application>Red Hat Content Accelerator</application>, consult the documentation available online at <ulink
url="http://www.redhat.com/docs/manuals/tux/">http://www.redhat.com/docs/manuals/tux/</ulink>.</para>
</listitem>
<listitem>
<para>
- <command>vsftpd</command> — A fast, secure FTP daemon which is the preferred FTP server for &MAJOROS;. The remainder of this chapter focuses on <command>vsftpd</command>.</para>
+ <command>vsftpd</command> — A fast, secure <systemitem class="protocol">FTP</systemitem> daemon which is the preferred <systemitem class="protocol">FTP</systemitem> server for &MAJOROS;. The remainder of this chapter focuses on <command>vsftpd</command>.</para>
</listitem>
</itemizedlist>
<section
@@ -131,7 +131,7 @@
<title>
<command>vsftpd</command>
</title>
- <para>The Very Secure FTP Daemon (<command>vsftpd</command>) is designed from the ground up to be fast, stable, and, most importantly, secure. <command>vsftpd</command> is the only stand-alone FTP server distributed with &MAJOROS;, due to its ability to handle large numbers of connections efficiently and securely.</para>
+ <para><firstterm>The Very Secure FTP Daemon</firstterm> (<command>vsftpd</command>) is designed from the ground up to be fast, stable, and, most importantly, secure. <command>vsftpd</command> is the only stand-alone <systemitem class="protocol">FTP</systemitem> server distributed with &MAJOROS;, due to its ability to handle large numbers of connections efficiently and securely.</para>
<para>The security model used by <command>vsftpd</command> has three primary aspects:</para>
<itemizedlist>
<listitem>
@@ -151,7 +151,7 @@
<itemizedlist>
<listitem>
<para>
- <emphasis>The parent process runs with the least privileges required</emphasis> — The parent process dynamically calculates the level of privileges it requires to minimize the level of risk. Child processes handle direct interaction with the FTP clients and run with as close to no privileges as possible.</para>
+ <emphasis>The parent process runs with the least privileges required</emphasis> — The parent process dynamically calculates the level of privileges it requires to minimize the level of risk. Child processes handle direct interaction with the <systemitem class="protocol">FTP</systemitem> clients and run with as close to no privileges as possible.</para>
</listitem>
<listitem>
<para>
@@ -163,7 +163,7 @@
</listitem>
<listitem>
<para>
- <emphasis>Most interaction with FTP clients is handled by unprivileged child processes in a <command>chroot</command> jail</emphasis> — Because these child processes are unprivileged and only have access to the directory being shared, any crashed processes only allows the attacker access to the shared files.</para>
+ <emphasis>Most interaction with <systemitem class="protocol">FTP</systemitem> clients is handled by unprivileged child processes in a <command>chroot</command> jail</emphasis> — Because these child processes are unprivileged and only have access to the directory being shared, any crashed processes only allows the attacker access to the shared files.</para>
</listitem>
</itemizedlist>
</section>
@@ -180,7 +180,7 @@
<secondary>RPM</secondary>
<tertiary>files installed by</tertiary>
</indexterm>
- <para>The <filename>vsftpd</filename> RPM installs the daemon (<filename>/usr/sbin/vsftpd</filename>), its configuration and related files, as well as FTP directories onto the system. The following lists the files and directories related to <command>vsftpd</command> configuration:</para>
+ <para>The <filename>vsftpd</filename> RPM installs the daemon (<filename>/usr/sbin/vsftpd</filename>), its configuration and related files, as well as <systemitem class="protocol">FTP</systemitem> directories onto the system. The following lists the files and directories related to <command>vsftpd</command> configuration:</para>
<itemizedlist>
<listitem>
<para>
@@ -189,7 +189,7 @@
</listitem>
<listitem>
<para>
- <filename>/etc/pam.d/vsftpd</filename> — The Pluggable Authentication Modules (PAM) configuration file for <command>vsftpd</command>. This file specifies the requirements a user must meet to login to the FTP server. For more information on PAM, refer to the <citetitle pubwork="chapter">Pluggable Authentication Modules (PAM)</citetitle> chapter of the &MAJOROSVER; <citetitle>Security Guide</citetitle>.</para>
+ <filename>/etc/pam.d/vsftpd</filename> — The Pluggable Authentication Modules (PAM) configuration file for <command>vsftpd</command>. This file specifies the requirements a user must meet to login to the <systemitem class="protocol">FTP</systemitem> server. For more information on PAM, refer to the <citetitle pubwork="chapter">Using Pluggable Authentication Modules (PAM)</citetitle> chapter of the &MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle> guide. <!-- TBD6: link to the PAM chapter in the smart cards guide --></para>
</listitem>
<listitem>
<para>
@@ -289,20 +289,20 @@
</primary>
<secondary>multihome configuration</secondary>
</indexterm>
- <para>Sometimes one computer is used to serve multiple FTP domains. This is a technique called <firstterm>multihoming</firstterm>. One way to multihome using <command>vsftpd</command> is by running multiple copies of the daemon, each with its own configuration file.</para>
- <para>To do this, first assign all relevant IP addresses to network devices or alias network devices on the system. Refer to <xref
- linkend="ch-Network_Configuration"/> for more information about configuring network devices and device aliases. Additional information can be found about network configuration scripts in <xref
+ <para>Sometimes one computer is used to serve multiple <systemitem class="protocol">FTP</systemitem> domains. This is a technique called <firstterm>multihoming</firstterm>. One way to multihome using <command>vsftpd</command> is by running multiple copies of the daemon, each with its own configuration file.</para>
+ <para>To do this, first assign all relevant <systemitem class="protocol">IP</systemitem> addresses to network devices or alias network devices on the system. Refer to <xref
+ linkend="ch-Network_Configuration"/> for more information about configuring network devices and device aliases. Additional information about network configuration scripts can be found in <xref
linkend="ch-Network_Interfaces"/>.</para>
- <para>Next, the DNS server for the FTP domains must be configured to reference the correct machine. For information about BIND and its configuration files, refer to <xref
+ <para>Next, the DNS server for the <systemitem class="protocol">FTP</systemitem> domains must be configured to reference the correct machine. For information about BIND and its configuration files, refer to <xref
linkend="ch-The_BIND_DNS_Server"/>.</para>
- <para>For <command>vsftpd</command> to answer requests on different IP addresses, multiple copies of the daemon must be running. The first copy must be run using the <command>vsftpd</command> initscripts, as outlined in <xref
+ <para>For <command>vsftpd</command> to answer requests on different <systemitem class="protocol">IP</systemitem> addresses, multiple copies of the daemon must be running. The first copy must be run using the <command>vsftpd</command> initscripts, as outlined in <xref
linkend="s1-ftp-vsftpd-start"/>. This copy uses the standard configuration file, <filename>/etc/vsftpd/vsftpd.conf</filename>.</para>
- <para>Each additional FTP site must have a configuration file with a unique name in the <filename>/etc/vsftpd/</filename> directory, such as <filename>/etc/vsftpd/vsftpd-site-2.conf</filename>. Each configuration file must be readable and writable only by root. Within each configuration file for each FTP server listening on an IPv4 network, the following directive must be unique:</para>
+ <para>Each additional <systemitem class="protocol">FTP</systemitem> site must have a configuration file with a unique name in the <filename>/etc/vsftpd/</filename> directory, such as <filename>/etc/vsftpd/vsftpd-site-2.conf</filename>. Each configuration file must be readable and writable only by root. Within each configuration file for each <systemitem class="protocol">FTP</systemitem> server listening on an <systemitem class="protocol">IPv4</systemitem> network, the following directive must be unique:</para>
<screen>
-<command>listen_address=<replaceable>N.N.N.N</replaceable>
+<command>listen_address=<replaceable><N.N.N.N></replaceable>
</command>
</screen>
- <para>Replace <replaceable>N.N.N.N</replaceable> with the <emphasis>unique</emphasis> IP address for the FTP site being served. If the site is using IPv6, use the <command>listen_address6</command> directive instead.</para>
+ <para>Replace <replaceable><N.N.N.N></replaceable> with a <emphasis>unique</emphasis> <systemitem class="protocol">IP</systemitem> address for the <systemitem class="protocol">FTP</systemitem> site being served. If the site is using <systemitem class="protocol">IPv6</systemitem>, use the <command>listen_address6</command> directive instead.</para>
<para>Once each additional server has a configuration file, the <command>vsftpd</command> daemon must be launched from a root shell prompt using the following command:</para>
<screen>
<command>vsftpd /etc/vsftpd/<replaceable><configuration-file></replaceable>
@@ -359,7 +359,7 @@
<filename>/etc/vsftpd/vsftpd.conf</filename>
</tertiary>
</indexterm>
- <para>Although <command>vsftpd</command> may not offer the level of customization other widely available FTP servers have, it offers enough options to fill most administrator's needs. The fact that it is not overly feature-laden limits configuration and programmatic errors.</para>
+ <para>Although <command>vsftpd</command> may not offer the level of customization other widely available <systemitem class="protocol">FTP</systemitem> servers have, it offers enough options to fill most administrator's needs. The fact that it is not overly feature-laden limits configuration and programmatic errors.</para>
<para>All configuration of <command>vsftpd</command> is handled by its configuration file, <filename>/etc/vsftpd/vsftpd.conf</filename>. Each directive is on its own line within the file and follows the following format:</para>
<screen>
<replaceable><directive></replaceable>=<replaceable><value></replaceable>
@@ -373,7 +373,7 @@
<para>For a complete list of all directives available, refer to the man page for <filename>vsftpd.conf</filename>.</para>
<important>
<title>Important</title>
- <para>For an overview of ways to secure <command>vsftpd</command>, refer to the &MAJOROSVER; <citetitle>Security Guide</citetitle>.</para>
+ <para>For an overview of ways to secure <command>vsftpd</command>, refer to the &MAJOROSVER; <citetitle>Security Guide</citetitle> <!-- TBD6: link to the Security Guide -->.</para>
</important>
<para>The following is a list of some of the more important directives within <filename>/etc/vsftpd/vsftpd.conf</filename>. All directives not explicitly found within <command>vsftpd</command>'s configuration file are set to their default value.</para>
<section
@@ -396,13 +396,12 @@
</listitem>
<listitem>
<para>
- <command>listen_ipv6</command> — When enabled, <command>vsftpd</command> runs in stand-alone mode, but listens only to IPv6 sockets. This directive cannot be used in conjunction with the <command>listen</command> directive.</para>
+ <command>listen_ipv6</command> — When enabled, <command>vsftpd</command> runs in stand-alone mode, but listens only to <systemitem class="protocol">IPv6</systemitem> sockets. This directive cannot be used in conjunction with the <command>listen</command> directive.</para>
<para>The default value is <command>NO</command>.</para>
</listitem>
<listitem>
<para>
- <command>session_support</command> — When enabled, <command>vsftpd</command> attempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). Refer to <!-- TBD6: <xref
- linkend="ch-pam"/> --> for more information. If session logging is not necessary, disabling this option allows <command>vsftpd</command> to run with less processes and lower privileges.</para>
+ <command>session_support</command> — When enabled, <command>vsftpd</command> attempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). For more information, refer to the <citetitle>Using Pluggable Authentication Modules (PAM)</citetitle> chapter of the &MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle> and the PAM man pages. <!-- TBD6: link to the Managing Single Sign-On and Smart Cards guide-->. If session logging is not necessary, disabling this option allows <command>vsftpd</command> to run with less processes and lower privileges.</para>
<para>The default value is <command>YES</command>.</para>
</listitem>
</itemizedlist>
@@ -447,7 +446,7 @@
</listitem>
<listitem>
<para>
- <command>cmds_allowed</command> — Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.</para>
+ <command>cmds_allowed</command> — Specifies a comma-delimited list of <systemitem class="protocol">FTP</systemitem> commands allowed by the server. All other commands are rejected.</para>
<para>There is no default value for this directive.</para>
</listitem>
<listitem>
@@ -544,7 +543,7 @@
</listitem>
<listitem>
<para>
- <command>ftp_username</command> — Specifies the local user account (listed in <filename>/etc/passwd</filename>) used for the anonymous FTP user. The home directory specified in <filename>/etc/passwd</filename> for the user is the root directory of the anonymous FTP user.</para>
+ <command>ftp_username</command> — Specifies the local user account (listed in <filename>/etc/passwd</filename>) used for the anonymous <systemitem class="protocol">FTP</systemitem> user. The home directory specified in <filename>/etc/passwd</filename> for the user is the root directory of the anonymous <systemitem class="protocol">FTP</systemitem> user.</para>
<para>The default value is <command>ftp</command>.</para>
</listitem>
<listitem>
@@ -575,7 +574,7 @@
<itemizedlist>
<listitem>
<para>
- <command>chmod_enable</command> — When enabled, the FTP command <command>SITE CHMOD</command> is allowed for local users. This command allows the users to change the permissions on files.</para>
+ <command>chmod_enable</command> — When enabled, the <systemitem class="protocol">FTP</systemitem> command <command>SITE CHMOD</command> is allowed for local users. This command allows the users to change the permissions on files.</para>
<para>The default value is <command>YES</command>.</para>
</listitem>
<listitem>
@@ -710,7 +709,7 @@
</listitem>
<listitem>
<para>
- <command>write_enable</command> — When enabled, FTP commands which can change the file system are allowed, such as <command>DELE</command>, <command>RNFR</command>, and <command>STOR</command>.</para>
+ <command>write_enable</command> — When enabled, <systemitem class="protocol">FTP</systemitem> commands which can change the file system are allowed, such as <command>DELE</command>, <command>RNFR</command>, and <command>STOR</command>.</para>
<para>The default value is <command>YES</command>.</para>
</listitem>
</itemizedlist>
@@ -735,12 +734,12 @@
</listitem>
<listitem>
<para>
- <command>log_ftp_protocol</command> — When enabled in conjunction with <command>xferlog_enable</command> and with <command>xferlog_std_format</command> set to <command>NO</command>, all FTP commands and responses are logged. This directive is useful for debugging.</para>
+ <command>log_ftp_protocol</command> — When enabled in conjunction with <command>xferlog_enable</command> and with <command>xferlog_std_format</command> set to <command>NO</command>, all <systemitem class="protocol">FTP</systemitem> commands and responses are logged. This directive is useful for debugging.</para>
<para>The default value is <command>NO</command>.</para>
</listitem>
<listitem>
<para>
- <command>syslog_enable</command> — When enabled in conjunction with <command>xferlog_enable</command>, all logging normally written to the standard <command>vsftpd</command> log file specified in the <command>vsftpd_log_file</command> directive (<filename>/var/log/vsftpd.log</filename> by default) is sent to the system logger instead under the FTPD facility.</para>
+ <command>syslog_enable</command> — When enabled in conjunction with <command>xferlog_enable</command>, all logging normally written to the standard <command>vsftpd</command> log file specified in the <command>vsftpd_log_file</command> directive (<filename>/var/log/vsftpd.log</filename> by default) is sent to the system logger instead under the <systemitem class="daemon">FTPD</systemitem> facility.</para>
<para>The default value is <command>NO</command>.</para>
</listitem>
<listitem>
@@ -766,7 +765,7 @@
</itemizedlist>
<important>
<title>Important</title>
- <para>To maintain compatibility with log files written by the older <command>wu-ftpd</command> FTP server, the <command>xferlog_std_format</command> directive is set to <command>YES</command> under &MAJOROS;. However, this setting means that connections to the server are not logged.</para>
+ <para>To maintain compatibility with log files written by the older <command>wu-ftpd</command> <systemitem class="protocol">FTP</systemitem> server, the <command>xferlog_std_format</command> directive is set to <command>YES</command> under &MAJOROS;. However, this setting means that connections to the server are not logged.</para>
<para>To both log connections in <command>vsftpd</command> format and maintain a <command>wu-ftpd</command>-compatible file transfer log, set <command>dual_log_enable</command> to <command>YES</command>.</para>
<para>If maintaining a <command>wu-ftpd</command>-compatible file transfer log is not important, either set <command>xferlog_std_format</command> to <command>NO</command>, comment the line with a hash mark (<command>#</command>), or delete the line entirely.</para>
</important>
@@ -796,7 +795,7 @@
</listitem>
<listitem>
<para>
- <command>connect_from_port_20</command> When enabled, <command>vsftpd</command> runs with enough privileges to open port 20 on the server during active mode data transfers. Disabling this option allows <command>vsftpd</command> to run with less privileges, but may be incompatible with some FTP clients.</para>
+ <command>connect_from_port_20</command> When enabled, <command>vsftpd</command> runs with enough privileges to open port 20 on the server during active mode data transfers. Disabling this option allows <command>vsftpd</command> to run with less privileges, but may be incompatible with some <systemitem class="protocol">FTP</systemitem> clients.</para>
<para>The default value is <command>NO</command>. Note, in &MAJOROS;, the value is set to <command>YES</command>.</para>
</listitem>
<listitem>
@@ -821,22 +820,22 @@
</listitem>
<listitem>
<para>
- <command>listen_address</command> — Specifies the IP address on which <command>vsftpd</command> listens for network connections.</para>
+ <command>listen_address</command> — Specifies the <systemitem class="protocol">IP</systemitem> address on which <command>vsftpd</command> listens for network connections.</para>
<para>There is no default value for this directive.</para>
<note>
<title>Tip</title>
- <para>If running multiple copies of <command>vsftpd</command> serving different IP addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref
- linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed FTP servers.</para>
+ <para>If running multiple copies of <command>vsftpd</command> serving different <systemitem class="protocol">IP</systemitem> addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref
+ linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para>
</note>
</listitem>
<listitem>
<para>
- <command>listen_address6</command> — Specifies the IPv6 address on which <command>vsftpd</command> listens for network connections when <command>listen_ipv6</command> is set to <command>YES</command>.</para>
+ <command>listen_address6</command> — Specifies the <systemitem class="protocol">IPv6</systemitem> address on which <command>vsftpd</command> listens for network connections when <command>listen_ipv6</command> is set to <command>YES</command>.</para>
<para>There is no default value for this directive.</para>
<note>
<title>Tip</title>
- <para>If running multiple copies of <command>vsftpd</command> serving different IP addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref
- linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed FTP servers.</para>
+ <para>If running multiple copies of <command>vsftpd</command> serving different <systemitem class="protocol">IP</systemitem> addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref
+ linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para>
</note>
</listitem>
<listitem>
@@ -856,12 +855,12 @@
</listitem>
<listitem>
<para>
- <command>max_per_ip</command> — Specifies the maximum of clients allowed to connected from the same source IP address.</para>
+ <command>max_per_ip</command> — Specifies the maximum of clients allowed to connected from the same source <systemitem class="protocol">IP</systemitem> address.</para>
<para>The default value is <command>0</command>, which does not limit connections.</para>
</listitem>
<listitem>
<para>
- <command>pasv_address</command> — Specifies the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables <command>vsftpd</command> to hand out the correct return address for passive mode connections.</para>
+ <command>pasv_address</command> — Specifies the <systemitem class="protocol">IP</systemitem> address for the public facing <systemitem class="protocol">IP</systemitem> address of the server for servers behind Network Address Translation (NAT) firewalls. This enables <command>vsftpd</command> to hand out the correct return address for passive mode connections.</para>
<para>There is no default value for this directive.</para>
</listitem>
<listitem>
@@ -871,20 +870,20 @@
</listitem>
<listitem>
<para>
- <command>pasv_max_port</command> — Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.</para>
+ <command>pasv_max_port</command> — Specifies the highest possible port sent to the <systemitem class="protocol">FTP</systemitem> clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.</para>
<para>The default value is <command>0</command>, which does not limit the highest passive port range. The value must not exceed <command>65535</command>.</para>
</listitem>
<listitem>
<para>
- <command>pasv_min_port</command> — Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.</para>
+ <command>pasv_min_port</command> — Specifies the lowest possible port sent to the <systemitem class="protocol">FTP</systemitem> clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.</para>
<para>The default value is <command>0</command>, which does not limit the lowest passive port range. The value must not be lower <command>1024</command>.</para>
</listitem>
<listitem>
<para>
- <command>pasv_promiscuous</command> — When enabled, data connections are not checked to make sure they are originating from the same IP address. This setting is only useful for certain types of tunneling.</para>
+ <command>pasv_promiscuous</command> — When enabled, data connections are not checked to make sure they are originating from the same <systemitem class="protocol">IP</systemitem> address. This setting is only useful for certain types of tunneling.</para>
<warning>
<title>Caution</title>
- <para>Do not enable this option unless absolutely necessary as it disables an important security feature which verifies that passive mode connections originate from the same IP address as the control connection that initiates the data transfer.</para>
+ <para>Do not enable this option unless absolutely necessary as it disables an important security feature which verifies that passive mode connections originate from the same <systemitem class="protocol">IP</systemitem> address as the control connection that initiates the data transfer.</para>
</warning>
<para>The default value is <command>NO</command>.</para>
</listitem>
@@ -976,12 +975,12 @@
<listitem>
<para>
<ulink
- url="http://slacksite.com/other/ftp.html">http://slacksite.com/other/ftp.html</ulink> — This website provides a concise explanation of the differences between active and passive mode FTP.</para>
+ url="http://slacksite.com/other/ftp.html">http://slacksite.com/other/ftp.html</ulink> — This website provides a concise explanation of the differences between active and passive mode <systemitem class="protocol">FTP</systemitem>.</para>
</listitem>
<listitem>
<para>
<ulink
- url="http://www.ietf.org/rfc/rfc0959.txt">http://www.ietf.org/rfc/rfc0959.txt</ulink> — The original <firstterm>Request for Comments</firstterm> (<firstterm>RFC</firstterm>) of the FTP protocol from the IETF.</para>
+ url="http://www.ietf.org/rfc/rfc0959.txt">http://www.ietf.org/rfc/rfc0959.txt</ulink> — The original <firstterm>Request for Comments</firstterm> (<firstterm>RFC</firstterm>) of the <systemitem class="protocol">FTP</systemitem> protocol from the IETF.</para>
</listitem>
</itemizedlist>
</section>
diff --git a/en-US/Samba.xml b/en-US/Samba.xml
index 26c3723..3d5ad58 100644
--- a/en-US/Samba.xml
+++ b/en-US/Samba.xml
@@ -877,7 +877,7 @@ password server = kerberos.example.com
<screen>root# <userinput>kinit administrator at EXAMPLE.COM</userinput></screen>
-->
<para>
- The <command>kinit</command> command is a Kerberos initialization script that references the Active Directory administrator account and Kerberos realm. Since Active Directory requires Kerberos tickets, <command>kinit</command> obtains and caches a Kerberos ticket-granting ticket for client/server authentication. For more information on Kerberos, the <command>/etc/krb5.conf</command> file, and the <command>kinit</command> command, refer to the <citetitle pubwork="section">Using Kerberos</citetitle> section of the &MAJOROSVER; <citetitle>Managing Smart Cards</citetitle> guide.</para> <!-- TBD6: link to the Smart Cards Guide -->
+ The <command>kinit</command> command is a Kerberos initialization script that references the Active Directory administrator account and Kerberos realm. Since Active Directory requires Kerberos tickets, <command>kinit</command> obtains and caches a Kerberos ticket-granting ticket for client/server authentication. For more information on Kerberos, the <command>/etc/krb5.conf</command> file, and the <command>kinit</command> command, refer to the <citetitle pubwork="section">Using Kerberos</citetitle> section of the &MAJOROSVER; <citetitle>Managing Single Sign-On and Smart Cards</citetitle> guide.</para> <!-- TBD6: link to the Smart Cards Guide -->
<para>To join an Active Directory server (windows1.example.com), type the following command as root on the member server:</para>
<screen>
<userinput>net ads join -S windows1.example.com -U administrator%password</userinput>
More information about the docs-commits
mailing list