<qandaentry>

      <qandaentry>

	<question id="su-wheel-group">

	<question id="su-wheel-group">

	  <para>Why do I get the error, <errorname>you are not in the correct

	  <para>Why do I get the error, <errorname>you are not in the correct

	</question>

	</question>

	<answer>

	<answer>

      <qandaentry>

      <qandaentry>

        <question id="forgot-root-pw">

        <question id="forgot-root-pw">

        </question><answer>

        </question><answer>

          <para>Do not Panic!  Simply restart the system, type

          <para>Do not Panic!  Simply restart the system, type

            <command>mount -u /</command> to remount your root filesystem

            <command>mount -u /</command> to remount your root filesystem

            read/write, then run <command>mount -a</command> to remount all

            read/write, then run <command>mount -a</command> to remount all

            the filesystems. Run <command>passwd root</command> to change

            the filesystems. Run <command>passwd root</command> to change

            booting.</para>

            booting.</para>

        </answer>

        </answer>

      </qandaentry>

      </qandaentry>

                <para>Take the <literal>ntalk</literal> service, for

                <para>Take the <literal>ntalk</literal> service, for

                  example (see /etc/inetd.conf). This service used to run

                  example (see /etc/inetd.conf). This service used to run

                  is a sandbox designed to make it more difficult for

                  is a sandbox designed to make it more difficult for

                  someone who has successfully hacked into the system via

                  someone who has successfully hacked into the system via

                  ntalk from being able to hack beyond that user id.</para>

                  ntalk from being able to hack beyond that user id.</para>

	  <para>The reason why <filename>.shosts</filename>

	  <para>The reason why <filename>.shosts</filename>

	    authentication does not work by default in more recent

	    authentication does not work by default in more recent

	    versions of FreeBSD is because &man.ssh.1; 

	    versions of FreeBSD is because &man.ssh.1; 

	    <quote>fix</quote> this, you can do one of the

	    <quote>fix</quote> this, you can do one of the

	    following:</para>

	    following:</para>

            Newer versions of XFree86 do not install the servers setuid to

            Newer versions of XFree86 do not install the servers setuid to

            <username>root</username> for just this reason.</para>

            <username>root</username> for just this reason.</para>

            acceptable, nor a good idea security-wise.  There are two ways

            acceptable, nor a good idea security-wise.  There are two ways

            to be able to use X as a regular user.  The first is to use

            to be able to use X as a regular user.  The first is to use

            <command>xdm</command> or another display manager

            <command>xdm</command> or another display manager

            you will be prompted for the path to a shell).</para>

            you will be prompted for the path to a shell).</para>

          <para>Some people use <username>toor</username> for

          <para>Some people use <username>toor</username> for

            <username>root</username>, with a standard shell, for

            <username>root</username>, with a standard shell, for

            single user mode or emergencies. By default you cannot log

            single user mode or emergencies. By default you cannot log

            in using <username>toor</username> as it does not have a

            in using <username>toor</username> as it does not have a

            <filename>/etc/gettytab</filename>, see &man.gettytab.5;).

            <filename>/etc/gettytab</filename>, see &man.gettytab.5;).

            The terminal type for this port is <literal>dialup</literal>.

            The terminal type for this port is <literal>dialup</literal>.

            The port is <literal>on</literal> and is

            The port is <literal>on</literal> and is

            are not allowed. For dialin ports like this one, use the

            are not allowed. For dialin ports like this one, use the

            <devicename>ttyd<replaceable>X</replaceable></devicename> entry.</para>

            <devicename>ttyd<replaceable>X</replaceable></devicename> entry.</para>

            the terminal type. Many users set up in their <filename>.profile</filename> or

            the terminal type. Many users set up in their <filename>.profile</filename> or

            <filename>.login</filename> files a prompt for the actual terminal type if the

            <filename>.login</filename> files a prompt for the actual terminal type if the

            starting type is dialup. The example shows the port as

            starting type is dialup. The example shows the port as

            regular user, then &man.su.1; to become

            regular user, then &man.su.1; to become

            <username>root</username>. If you use <literal>secure</literal>

            <username>root</username>. If you use <literal>secure</literal>

            then <username>root</username> can login in directly.</para>

            then <username>root</username> can login in directly.</para>

            <filename>/etc</filename> directory of the NIS master, with one

            <filename>/etc</filename> directory of the NIS master, with one

            exception: the <filename>/etc/master.passwd</filename> file.

            exception: the <filename>/etc/master.passwd</filename> file.

            This is for a good reason; you do not want to propagate

            This is for a good reason; you do not want to propagate

            all the servers in the NIS domain.  Therefore, before we

            all the servers in the NIS domain.  Therefore, before we

            initialize the NIS maps, you should:</para>

            initialize the NIS maps, you should:</para>

            (<username>bin</username>, <username>tty</username>, <username>kmem</username>, 

            (<username>bin</username>, <username>tty</username>, <username>kmem</username>, 

	      <username>games</username>, etc), as well as any accounts that you

	      <username>games</username>, etc), as well as any accounts that you

            do not want to be propagated to the NIS clients (for example

            do not want to be propagated to the NIS clients (for example

          <note><para>Make sure the

          <note><para>Make sure the

            <filename>/var/yp/master.passwd</filename> is neither group

            <filename>/var/yp/master.passwd</filename> is neither group

	        you should be warned that <devicename>bpf</devicename>

	        you should be warned that <devicename>bpf</devicename>

		is also the device that allows packet sniffers to work

		is also the device that allows packet sniffers to work

		correctly (although they still have to be run as

		correctly (although they still have to be run as

		<emphasis>is</emphasis> required to use DHCP, but if

		<emphasis>is</emphasis> required to use DHCP, but if

		you are very sensitive about security, you probably

		you are very sensitive about security, you probably

		should not add <devicename>bpf</devicename> to your

		should not add <devicename>bpf</devicename> to your

	following checklist, it is assumed that the path to the sandbox

	following checklist, it is assumed that the path to the sandbox

	is <filename>/etc/namedb</filename> and that you have made no

	is <filename>/etc/namedb</filename> and that you have made no

	prior modifications to the contents of this directory. Perform

	prior modifications to the contents of this directory. Perform

      <itemizedlist>

      <itemizedlist>

	<listitem>

	<listitem>

	both computers.</para>

	both computers.</para>

      <para>Configure the network interface parameters for lp0 on both

      <para>Configure the network interface parameters for lp0 on both

	with host2</para>

	with host2</para>

      <programlisting>                 host1 &lt;-----&gt; host2

      <programlisting>                 host1 &lt;-----&gt; host2

	floppies.</para>

	floppies.</para>

      <para>To backup all the files in the current directory and sub-directory

      <para>To backup all the files in the current directory and sub-directory

      <screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>

      <screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>

      <para>If the system <literal>console</literal> is set

      <para>If the system <literal>console</literal> is set

	to <literal>insecure</literal> in

	to <literal>insecure</literal> in

	<filename>/etc/ttys</filename>, then the system prompts for

	<filename>/etc/ttys</filename>, then the system prompts for

      <example id="boot-insecure-console">

      <example id="boot-insecure-console">

	<title>An Insecure Console in /etc/ttys</title>

	<title>An Insecure Console in /etc/ttys</title>

	<para>An <literal>insecure</literal> console means that you

	<para>An <literal>insecure</literal> console means that you

	  consider your physical security to the console to be

	  consider your physical security to the console to be

	  insecure, and want to make sure only someone who knows the

	  insecure, and want to make sure only someone who knows the

	  mean that you want to run your console insecurely.  Thus,

	  mean that you want to run your console insecurely.  Thus,

	  if you want security, choose <literal>insecure</literal>,

	  if you want security, choose <literal>insecure</literal>,

	  not <literal>secure</literal>.</para>

	  not <literal>secure</literal>.</para>

    <para>The startup scripts of FreeBSD will look in

    <para>The startup scripts of FreeBSD will look in

      <filename>/usr/local/etc/rc.d</filename> for scripts that have an

      <filename>/usr/local/etc/rc.d</filename> for scripts that have an

      scripts that are found are called with an option <option>start</option>

      scripts that are found are called with an option <option>start</option>

      at startup, and <option>stop</option> at shutdown to allow them to carry

      at startup, and <option>stop</option> at shutdown to allow them to carry

      out their purpose.  So if you wanted the above sample script to be

      out their purpose.  So if you wanted the above sample script to be

	then set up <filename>/etc/make.conf</filename> properly to share

	then set up <filename>/etc/make.conf</filename> properly to share

	distfiles.  You should set <makevar>DISTDIR</makevar> to a

	distfiles.  You should set <makevar>DISTDIR</makevar> to a

	common shared directory that is writable by whichever user

	common shared directory that is writable by whichever user

	machine should set <makevar>WRKDIRPREFIX</makevar> to a

	machine should set <makevar>WRKDIRPREFIX</makevar> to a

	local build directory.  Finally, if you are going to be

	local build directory.  Finally, if you are going to be

	building and distributing packages, you should set

	building and distributing packages, you should set

      <title>Add User/Groups</title>

      <title>Add User/Groups</title>

      <para>You should add at least one user during the installation so

      <para>You should add at least one user during the installation so

	root partition is generally small and running applications as

	root partition is generally small and running applications as

      <screen>                     User Confirmation Requested

      <screen>                     User Confirmation Requested

 Would you like to add any initial user accounts to the system? Adding

 Would you like to add any initial user accounts to the system? Adding

	login.</para>

	login.</para>

      <para>The user was also added to the group <groupname>wheel</groupname> to be able to

      <para>The user was also added to the group <groupname>wheel</groupname> to be able to

      <para>When you are satisfied, press &gui.ok; and

      <para>When you are satisfied, press &gui.ok; and

	the User and Group Management menu will redisplay.</para>

	the User and Group Management menu will redisplay.</para>

               [ Press enter to continue ]</screen>

               [ Press enter to continue ]</screen>

      <para>The password will need to be typed in twice

      <para>The password will need to be typed in twice

	correctly. Needless to say, make sure you have a way of finding

	correctly. Needless to say, make sure you have a way of finding

	<command>dmesg</command> at the prompt.</para>

	<command>dmesg</command> at the prompt.</para>

      <para>Login using the username/password you set during installation

      <para>Login using the username/password you set during installation

	necessary.</para>

	necessary.</para>

      <para>Typical boot messages:</para>

      <para>Typical boot messages:</para>

      <para>It is important to properly shutdown the operating

      <para>It is important to properly shutdown the operating

	system.  Do not just turn off power.  First, become a superuser by

	system.  Do not just turn off power.  First, become a superuser by

	typing <command>su</command> at the command line and entering the

	typing <command>su</command> at the command line and entering the

	<command>shutdown -h now</command>.</para>

	<command>shutdown -h now</command>.</para>

      <screen>The operating system has halted. 

      <screen>The operating system has halted. 

	  libraries?  How do you know which shared libraries Linux

	  libraries?  How do you know which shared libraries Linux

	  binaries need, and where to get them?  Basically, there are 2

	  binaries need, and where to get them?  Basically, there are 2

	  possibilities (when following these instructions you will need

	  possibilities (when following these instructions you will need

	<para>If you have access to a Linux system, see what shared

	<para>If you have access to a Linux system, see what shared

	  libraries the application needs, and copy them to your FreeBSD

	  libraries the application needs, and copy them to your FreeBSD

        <title><command>make world</command> and a New Kernel</title>

        <title><command>make world</command> and a New Kernel</title>

        <para>The first thing to do is to install the sources.

        <para>The first thing to do is to install the sources.

        <screen>&prompt.root; <userinput>cd /usr/src</userinput>

        <screen>&prompt.root; <userinput>cd /usr/src</userinput>

&prompt.root; <userinput>make world</userinput> </screen>

&prompt.root; <userinput>make world</userinput> </screen>

      <sect3 id="installinglinuxbase-system">

      <sect3 id="installinglinuxbase-system">

        <title>Installing Linux Base-system</title>

        <title>Installing Linux Base-system</title>

        <screen>&prompt.root; <userinput>cd /usr/ports/emulators/linux_base</userinput>

        <screen>&prompt.root; <userinput>cd /usr/ports/emulators/linux_base</userinput>

&prompt.root; <userinput>make package</userinput> </screen></para>

&prompt.root; <userinput>make package</userinput> </screen></para>

      </sect3>

      </sect3>

        <screen>&prompt.root; <userinput>export LD_LIBRARY_PATH=/oracle/IDS/lib:/sapmnt/IDS/exe:/oracle/805_32/lib</userinput> </screen>

        <screen>&prompt.root; <userinput>export LD_LIBRARY_PATH=/oracle/IDS/lib:/sapmnt/IDS/exe:/oracle/805_32/lib</userinput> </screen>

        directory:</para>

        directory:</para>

        <screen>&prompt.root; <userinput>cd /oracle/IDS/sapreorg/install</userinput>

        <screen>&prompt.root; <userinput>cd /oracle/IDS/sapreorg/install</userinput>

	<para>Add a script to

	<para>Add a script to

	  <filename>/usr/local/etc/rc.d/</filename> that

	  <filename>/usr/local/etc/rc.d/</filename> that

	  ends in <filename>.sh</filename> and is executable by

	  ends in <filename>.sh</filename> and is executable by

	  or 'stop'.  So that you could, for example, execute

	  or 'stop'.  So that you could, for example, execute

	  <filename>/usr/local/etc/rc.d/supermailer.sh start</filename>

	  <filename>/usr/local/etc/rc.d/supermailer.sh start</filename>

	  or <filename>/usr/local/etc/rc.d/supermailer.sh stop</filename>.

	  or <filename>/usr/local/etc/rc.d/supermailer.sh stop</filename>.

	directory status files untouched when run this way.  The new

	directory status files untouched when run this way.  The new

	versions of those files will be written into the specified

	versions of those files will be written into the specified

	directory.  As long as you have read access to

	directory.  As long as you have read access to

	to perform this kind of trial run.</para>

	to perform this kind of trial run.</para>

      <para>If you are not running X11 or if you just do not like GUIs,

      <para>If you are not running X11 or if you just do not like GUIs,

    <sect2>

    <sect2>

      <title>Running <application>PPP</application></title>

      <title>Running <application>PPP</application></title>

      <screen>&prompt.root; <userinput>ppp -ddial name_of_service_provider</userinput></screen>

      <screen>&prompt.root; <userinput>ppp -ddial name_of_service_provider</userinput></screen>

	      <keycombo>

	      <keycombo>

		<keycap>Ctrl</keycap>

		<keycap>Ctrl</keycap>

		<keycap>z</keycap>

		<keycap>z</keycap>

	    <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>

	    <screen>&prompt.root; <userinput>slattach -h -c -s 115200 /dev/modem</userinput></screen>

	<procedure>

	<procedure>

	  <step>

	  <step>

	  </step>

	  </step>

	  <step>

	  <step>

	    <procedure>

	    <procedure>

	      <step>

	      <step>

	      </step>

	      </step>

	      <step>

	      <step>

	    <procedure>

	    <procedure>

	      <step>

	      <step>

	      </step>

	      </step>

	      <step>

	      <step>

          to have access to a printer in a certain group, and then name that

          to have access to a printer in a certain group, and then name that

          group in the <literal>rg</literal> capability.</para>

          group in the <literal>rg</literal> capability.</para>

          <errorname>lpr: Not a member of the restricted group</errorname>

          <errorname>lpr: Not a member of the restricted group</errorname>

	printer is <emphasis>started</emphasis> or the queue is

	printer is <emphasis>started</emphasis> or the queue is

	cleared.</para>

	cleared.</para>

	can submit jobs for the printer.  An <emphasis>enabled</emphasis>

	can submit jobs for the printer.  An <emphasis>enabled</emphasis>

	queue allows jobs to be submitted.  A printer can be

	queue allows jobs to be submitted.  A printer can be

	<emphasis>started</emphasis> for a disabled queue, in which case it

	<emphasis>started</emphasis> for a disabled queue, in which case it

	will continue to print jobs in the queue until the queue is

	will continue to print jobs in the queue until the queue is

	empty.</para>

	empty.</para>

	  &man.lpc.8; command.  Ordinary users can use the &man.lpc.8; command

	  &man.lpc.8; command.  Ordinary users can use the &man.lpc.8; command

	to get printer status and to restart a hung printer only.</para>

	to get printer status and to restart a hung printer only.</para>

	  <listitem>

	  <listitem>

	    <para>Disable queuing of new jobs.  If the printer is running, it

	    <para>Disable queuing of new jobs.  If the printer is running, it

	      will continue to print any jobs remaining in the queue.  The

	      will continue to print any jobs remaining in the queue.  The

	      queue.</para>

	      queue.</para>

	    <para>This command is useful while you are testing a new printer

	    <para>This command is useful while you are testing a new printer

	      or filter installation: disable the queue and submit jobs as

	      or filter installation: disable the queue and submit jobs as

	      complete your testing and re-enable the queue with the

	      complete your testing and re-enable the queue with the

	      <command>enable</command> command.</para>

	      <command>enable</command> command.</para>

	  </listitem>

	  </listitem>

      <screen>&prompt.root; <userinput>cd /dev</userinput>

      <screen>&prompt.root; <userinput>cd /dev</userinput>

&prompt.root; <userinput>sh MAKEDEV cuaa0</userinput></screen>

&prompt.root; <userinput>sh MAKEDEV cuaa0</userinput></screen>

	command:</para>

	command:</para>

      <screen>&prompt.root; <userinput>cu -l<replaceable>line</replaceable> -s<replaceable>speed</replaceable></userinput></screen>

      <screen>&prompt.root; <userinput>cu -l<replaceable>line</replaceable> -s<replaceable>speed</replaceable></userinput></screen>

    <para>If the previous command returned

    <para>If the previous command returned

      <devicename>pcm0</devicename>, you will have to run the

      <devicename>pcm0</devicename>, you will have to run the

    <screen>&prompt.root; cd /dev

    <screen>&prompt.root; cd /dev

&prompt.root; sh MAKEDEV snd0</screen>

&prompt.root; sh MAKEDEV snd0</screen>