Copyright © 1995-2020 The FreeBSD Documentation Project
Copyright
Redistribution and use in source (XML DocBook) and 'compiled' forms (XML, HTML, PDF, PostScript, RTF and so forth) with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code (XML DocBook) must retain the above copyright notice, this list of conditions and the following disclaimer as the first lines of this file unmodified.
Redistributions in compiled form (transformed to other DTDs, converted to PDF, PostScript, RTF and other formats) must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD DOCUMENTATION PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FreeBSD is a registered trademark of the FreeBSD Foundation.
3Com and HomeConnect are registered trademarks of 3Com Corporation.
3ware is a registered trademark of 3ware Inc.
ARM is a registered trademark of ARM Limited.
Adaptec is a registered trademark of Adaptec, Inc.
Adobe, Acrobat, Acrobat Reader, Flash and PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Apple, AirPort, FireWire, iMac, iPhone, iPad, Mac, Macintosh, Mac OS, Quicktime, and TrueType are trademarks of Apple Inc., registered in the U.S. and other countries.
Android is a trademark of Google Inc.
Heidelberg, Helvetica, Palatino, and Times Roman are either registered trademarks or trademarks of Heidelberger Druckmaschinen AG in the U.S. and other countries.
IBM, AIX, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks of International Business Machines Corporation in the United States, other countries, or both.
IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States.
Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Intuit and Quicken are registered trademarks and/or registered service marks of Intuit Inc., or one of its subsidiaries, in the United States and other countries.
Linux is a registered trademark of Linus Torvalds.
LSI Logic, AcceleRAID, eXtremeRAID, MegaRAID and Mylex are trademarks or registered trademarks of LSI Logic Corp.
Microsoft, IntelliMouse, MS-DOS, Outlook, Windows, Windows Media and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries.
Oracle is a registered trademark of Oracle Corporation.
RealNetworks, RealPlayer, and RealAudio are the registered trademarks of RealNetworks, Inc.
Red Hat, RPM, are trademarks or registered trademarks of Red Hat, Inc. in the United States and other countries.
Sun, Sun Microsystems, Java, Java Virtual Machine, JDK, JRE, JSP, JVM, Netra, OpenJDK, Solaris, StarOffice, SunOS and VirtualBox are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
MATLAB is a registered trademark of The MathWorks, Inc.
SpeedTouch is a trademark of Thomson.
VMware is a trademark of VMware, Inc.
Mathematica is a registered trademark of Wolfram Research, Inc.
XFree86 is a trademark of The XFree86 Project, Inc.
Ogg Vorbis and Xiph.Org are trademarks of Xiph.Org.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol.
Welcome to FreeBSD! This handbook covers the installation and day to day use of FreeBSD 12.1-RELEASE and FreeBSD 11.4-RELEASE. This book is the result of ongoing work by many individuals. Some sections might be outdated. Those interested in helping to update and expand this document should send email to the FreeBSD documentation project mailing list.
The latest version of this book is available from the
FreeBSD web
site. Previous versions can be obtained from https://docs.FreeBSD.org/doc/
.
The book can be downloaded in a variety of formats and
compression options from the FreeBSD
FTP server or one of the numerous
mirror sites. Printed
copies can be purchased at the
FreeBSD
Mall. Searches can be performed on the handbook and
other documents on the
search
page.
root
Passwordpfctl
Optionsrmuser
Interactive Account
Removalchpass
as
Superuserchpass
as Regular
Userscfb
Video Driver in a
Fileboot0
Screenshotboot2
Screenshot/etc/ttys
dump
over
sshdump
over
ssh with RSH
Settar
tar
ls
and cpio
to Make a Recursive Backup of the Current Directorypax
/etc/ntp.conf
The FreeBSD newcomer will find that the first section of this book guides the user through the FreeBSD installation process and gently introduces the concepts and conventions that underpin UNIX®. Working through this section requires little more than the desire to explore, and the ability to take on board new concepts as they are introduced.
Once you have traveled this far, the second, far larger, section of the Handbook is a comprehensive reference to all manner of topics of interest to FreeBSD system administrators. Some of these chapters may recommend that you do some prior reading, and this is noted in the synopsis at the beginning of each chapter.
For a list of additional sources of information, please see Appendix B, Bibliography.
The current online version of the Handbook represents the cumulative effort of many hundreds of contributors over the past 10 years. The following are some of the significant changes since the two volume third edition was published in 2004:
Chapter 24, DTrace has been added with information about the powerful DTrace performance analysis tool.
Chapter 20, Other File Systems has been added with information about non-native file systems in FreeBSD, such as ZFS from Sun™.
Chapter 16, Security Event Auditing has been added to cover the new auditing capabilities in FreeBSD and explain its use.
Chapter 21, Virtualization has been added with information about installing FreeBSD on virtualization software.
Chapter 2, Installing FreeBSD has been added to cover installation of FreeBSD using the new installation utility, bsdinstall.
The third edition was the culmination of over two years of work by the dedicated members of the FreeBSD Documentation Project. The printed edition grew to such a size that it was necessary to publish as two separate volumes. The following are the major changes in this new edition:
Chapter 11, Configuration and Tuning has been expanded with new
information about the ACPI power and resource management, the
cron
system utility, and more kernel tuning
options.
Chapter 13, Security has been expanded with new information about virtual private networks (VPNs), file system access control lists (ACLs), and security advisories.
Chapter 15, Mandatory Access Control is a new chapter with this edition. It explains what MAC is and how this mechanism can be used to secure a FreeBSD system.
Chapter 17, Storage has been expanded with new information about USB storage devices, file system snapshots, file system quotas, file and network backed filesystems, and encrypted disk partitions.
A troubleshooting section has been added to Chapter 27, PPP.
Chapter 28, Electronic Mail has been expanded with new information about using alternative transport agents, SMTP authentication, UUCP, fetchmail, procmail, and other advanced topics.
Chapter 29, Network Servers is all new with this edition. This chapter includes information about setting up the Apache HTTP Server, ftpd, and setting up a server for Microsoft® Windows® clients with Samba. Some sections from Chapter 31, Advanced Networking were moved here to improve the presentation.
Chapter 31, Advanced Networking has been expanded with new information about using Bluetooth® devices with FreeBSD, setting up wireless networks, and Asynchronous Transfer Mode (ATM) networking.
A glossary has been added to provide a central location for the definitions of technical terms used throughout the book.
A number of aesthetic improvements have been made to the tables and figures throughout the book.
The second edition was the culmination of over two years of work by the dedicated members of the FreeBSD Documentation Project. The following were the major changes in this edition:
A complete Index has been added.
All ASCII figures have been replaced by graphical diagrams.
A standard synopsis has been added to each chapter to give a quick summary of what information the chapter contains, and what the reader is expected to know.
The content has been logically reorganized into three parts: “Getting Started”, “System Administration”, and “Appendices”.
Chapter 3, FreeBSD Basics has been expanded to contain additional information about processes, daemons, and signals.
Chapter 4, Installing Applications: Packages and Ports has been expanded to contain additional information about binary package management.
Chapter 5, The X Window System has been completely rewritten with an emphasis on using modern desktop technologies such as KDE and GNOME on XFree86™ 4.X.
Chapter 12, The FreeBSD Booting Process has been expanded.
Chapter 17, Storage has been written from what used to be two separate chapters on “Disks” and “Backups”. We feel that the topics are easier to comprehend when presented as a single chapter. A section on RAID (both hardware and software) has also been added.
Chapter 26, Serial Communications has been completely reorganized and updated for FreeBSD 4.X/5.X.
Chapter 27, PPP has been substantially updated.
Many new sections have been added to Chapter 31, Advanced Networking.
Chapter 28, Electronic Mail has been expanded to include more information about configuring sendmail.
Chapter 10, Linux® Binary Compatibility has been expanded to include information about installing Oracle® and SAP® R/3®.
The following new topics are covered in this second edition:
This book is split into five logically distinct sections. The first section, Getting Started, covers the installation and basic usage of FreeBSD. It is expected that the reader will follow these chapters in sequence, possibly skipping chapters covering familiar topics. The second section, Common Tasks, covers some frequently used features of FreeBSD. This section, and all subsequent sections, can be read out of order. Each chapter begins with a succinct synopsis that describes what the chapter covers and what the reader is expected to already know. This is meant to allow the casual reader to skip around to find chapters of interest. The third section, System Administration, covers administration topics. The fourth section, Network Communication, covers networking and server topics. The fifth section contains appendices of reference information.
Introduces FreeBSD to a new user. It describes the history of the FreeBSD Project, its goals and development model.
Walks a user through the entire installation process of
FreeBSD 9.x
and later using
bsdinstall.
Covers the basic commands and functionality of the FreeBSD operating system. If you are familiar with Linux® or another flavor of UNIX® then you can probably skip this chapter.
Covers the installation of third-party software with both FreeBSD's innovative “Ports Collection” and standard binary packages.
Describes the X Window System in general and using X11 on FreeBSD in particular. Also describes common desktop environments such as KDE and GNOME.
Lists some common desktop applications, such as web browsers and productivity suites, and describes how to install them on FreeBSD.
Shows how to set up sound and video playback support for your system. Also describes some sample audio and video applications.
Explains why you might need to configure a new kernel and provides detailed instructions for configuring, building, and installing a custom kernel.
Describes managing printers on FreeBSD, including information about banner pages, printer accounting, and initial setup.
Describes the Linux® compatibility features of FreeBSD. Also provides detailed installation instructions for many popular Linux® applications such as Oracle® and Mathematica®.
Describes the parameters available for system administrators to tune a FreeBSD system for optimum performance. Also describes the various configuration files used in FreeBSD and where to find them.
Describes the FreeBSD boot process and explains how to control this process with configuration options.
Describes many different tools available to help keep your FreeBSD system secure, including Kerberos, IPsec and OpenSSH.
Describes the jails framework, and the improvements of jails over the traditional chroot support of FreeBSD.
Explains what Mandatory Access Control (MAC) is and how this mechanism can be used to secure a FreeBSD system.
Describes what FreeBSD Event Auditing is, how it can be installed, configured, and how audit trails can be inspected or monitored.
Describes how to manage storage media and filesystems with FreeBSD. This includes physical disks, RAID arrays, optical and tape media, memory-backed disks, and network filesystems.
Describes what the GEOM framework in FreeBSD is and how to configure various supported RAID levels.
Examines support of non-native file systems in FreeBSD, like the Z File System from Sun™.
Describes what virtualization systems offer, and how they can be used with FreeBSD.
Describes how to use FreeBSD in languages other than English. Covers both system and application level localization.
Explains the differences between FreeBSD-STABLE, FreeBSD-CURRENT, and FreeBSD releases. Describes which users would benefit from tracking a development system and outlines that process. Covers the methods users may take to update their system to the latest security release.
Describes how to configure and use the DTrace tool from Sun™ in FreeBSD. Dynamic tracing can help locate performance issues, by performing real time system analysis.
Explains how to connect terminals and modems to your FreeBSD system for both dial in and dial out connections.
Describes how to use PPP to connect to remote systems with FreeBSD.
Explains the different components of an email server and dives into simple configuration topics for the most popular mail server software: sendmail.
Provides detailed instructions and example configuration files to set up your FreeBSD machine as a network filesystem server, domain name server, network information system server, or time synchronization server.
Explains the philosophy behind software-based firewalls and provides detailed information about the configuration of the different firewalls available for FreeBSD.
Describes many networking topics, including sharing an Internet connection with other computers on your LAN, advanced routing topics, wireless networking, Bluetooth®, ATM, IPv6, and much more.
Lists different sources for obtaining FreeBSD media on CDROM or DVD as well as different sites on the Internet that allow you to download and install FreeBSD.
This book touches on many different subjects that may leave you hungry for a more detailed explanation. The bibliography lists many excellent books that are referenced in the text.
Describes the many forums available for FreeBSD users to post questions and engage in technical conversations about FreeBSD.
Lists the PGP fingerprints of several FreeBSD Developers.
To provide a consistent and easy to read text, several conventions are followed throughout the book.
An italic font is used for filenames, URLs, emphasized text, and the first usage of technical terms.
Monospace
A monospaced
font is used for error
messages, commands, environment variables, names of ports,
hostnames, user names, group names, device names, variables,
and code fragments.
A bold font is used for applications, commands, and keys.
Keys are shown in bold to stand out from
other text. Key combinations that are meant to be typed
simultaneously are shown with `+
' between
the keys, such as:
Ctrl+Alt+Del
Meaning the user should type the Ctrl, Alt, and Del keys at the same time.
Keys that are meant to be typed in sequence will be separated with commas, for example:
Ctrl+X, Ctrl+S
Would mean that the user is expected to type the Ctrl and X keys simultaneously and then to type the Ctrl and S keys simultaneously.
Examples starting with C:\>
indicate a MS-DOS® command. Unless otherwise noted, these
commands may be executed from a “Command Prompt”
window in a modern Microsoft® Windows®
environment.
E:\>
tools\fdimage floppies\kern.flp A:
Examples starting with #
indicate a command that
must be invoked as the superuser in FreeBSD. You can login as
root
to type the
command, or login as your normal account and use su(1) to
gain superuser privileges.
#
dd if=kern.flp of=/dev/fd0
Examples starting with %
indicate a command that
should be invoked from a normal user account. Unless otherwise
noted, C-shell syntax is used for setting environment variables
and other shell commands.
%
top
The book you are holding represents the efforts of many hundreds of people around the world. Whether they sent in fixes for typos, or submitted complete chapters, all the contributions have been useful.
Several companies have supported the development of this document by paying authors to work on it full-time, paying for publication, etc. In particular, BSDi (subsequently acquired by Wind River Systems) paid members of the FreeBSD Documentation Project to work on improving this book full time leading up to the publication of the first printed edition in March 2000 (ISBN 1-57176-241-8). Wind River Systems then paid several additional authors to make a number of improvements to the print-output infrastructure and to add additional chapters to the text. This work culminated in the publication of the second printed edition in November 2001 (ISBN 1-57176-303-1). In 2003-2004, FreeBSD Mall, Inc, paid several contributors to improve the Handbook in preparation for the third printed edition.
This part of the handbook is for users and administrators who are new to FreeBSD. These chapters:
Introduce FreeBSD.
Guide readers through the installation process.
Teach UNIX® basics and fundamentals.
Show how to install the wealth of third party applications available for FreeBSD.
Introduce X, the UNIX® windowing system, and detail how to configure a desktop environment that makes users more productive.
The number of forward references in the text have been kept to a minimum so that this section can be read from front to back with minimal page flipping.
Thank you for your interest in FreeBSD! The following chapter covers various aspects of the FreeBSD Project, such as its history, goals, development model, and so on.
After reading this chapter you will know:
How FreeBSD relates to other computer operating systems.
The history of the FreeBSD Project.
The goals of the FreeBSD Project.
The basics of the FreeBSD open-source development model.
And of course: where the name “FreeBSD” comes from.
FreeBSD is an Open Source, standards-compliant Unix-like operating system for x86 (both 32 and 64 bit), ARM®, AArch64, RISC-V®, MIPS®, POWER®, PowerPC®, and Sun UltraSPARC® computers. It provides all the features that are nowadays taken for granted, such as preemptive multitasking, memory protection, virtual memory, multi-user facilities, SMP support, all the Open Source development tools for different languages and frameworks, and desktop features centered around X Window System, KDE, or GNOME. Its particular strengths are:
Liberal Open Source license, which grants you rights to freely modify and extend its source code and incorporate it in both Open Source projects and closed products without imposing restrictions typical to copyleft licenses, as well as avoiding potential license incompatibility problems.
Strong TCP/IP networking - FreeBSD implements industry standard protocols with ever increasing performance and scalability. This makes it a good match in both server, and routing/firewalling roles - and indeed many companies and vendors use it precisely for that purpose.
Fully integrated OpenZFS support, including root-on-ZFS, ZFS Boot Environments, fault management, administrative delegation, support for jails, FreeBSD specific documentation, and system installer support.
Extensive security features, from the Mandatory Access Control framework to Capsicum capability and sandbox mechanisms.
Over 30 thousand prebuilt packages for all supported architectures, and the Ports Collection which makes it easy to build your own, customized ones.
Documentation - in addition to Handbook and books from different authors that cover topics ranging from system administration to kernel internals, there are also the man(1) pages, not only for userspace daemons, utilities, and configuration files, but also for kernel driver APIs (section 9) and individual drivers (section 4).
Simple and consistent repository structure and build system - FreeBSD uses a single repository for all of its components, both kernel and userspace. This, along with an unified and easy to customize build system and a well thought out development process makes it easy to integrate FreeBSD with build infrastructure for your own product.
Staying true to Unix philosophy, preferring composability instead of monolithic “all in one” daemons with hardcoded behavior.
Binary compatibility with Linux, which makes it possible to run many Linux binaries without the need for virtualisation.
FreeBSD is based on the 4.4BSD-Lite release from Computer Systems Research Group (CSRG) at the University of California at Berkeley, and carries on the distinguished tradition of BSD systems development. In addition to the fine work provided by CSRG, the FreeBSD Project has put in many thousands of man-hours into extending the functionality and fine-tuning the system for maximum performance and reliability in real-life load situations. FreeBSD offers performance and reliability on par with other Open Source and commercial offerings, combined with cutting-edge features not available anywhere else.
The applications to which FreeBSD can be put are truly limited only by your own imagination. From software development to factory automation, inventory control to azimuth correction of remote satellite antennae; if it can be done with a commercial UNIX® product then it is more than likely that you can do it with FreeBSD too! FreeBSD also benefits significantly from literally thousands of high quality applications developed by research centers and universities around the world, often available at little to no cost.
Because the source code for FreeBSD itself is freely available, the system can also be customized to an almost unheard of degree for special applications or projects, and in ways not generally possible with operating systems from most major commercial vendors. Here is just a sampling of some of the applications in which people are currently using FreeBSD:
Internet Services: The robust TCP/IP networking built into FreeBSD makes it an ideal platform for a variety of Internet services such as:
Education: Are you a student of computer science or a related engineering field? There is no better way of learning about operating systems, computer architecture and networking than the hands on, under the hood experience that FreeBSD can provide. A number of freely available CAD, mathematical and graphic design packages also make it highly useful to those whose primary interest in a computer is to get other work done!
Research: With source code for the entire system available, FreeBSD is an excellent platform for research in operating systems as well as other branches of computer science. FreeBSD's freely available nature also makes it possible for remote groups to collaborate on ideas or shared development without having to worry about special licensing agreements or limitations on what may be discussed in open forums.
Networking: Need a new router? A name server (DNS)? A firewall to keep people out of your internal network? FreeBSD can easily turn that unused PC sitting in the corner into an advanced router with sophisticated packet-filtering capabilities.
Embedded: FreeBSD makes an excellent platform to build embedded systems upon. With support for the ARM®, MIPS® and PowerPC® platforms, coupled with a robust network stack, cutting edge features and the permissive BSD license FreeBSD makes an excellent foundation for building embedded routers, firewalls, and other devices.
Desktop: FreeBSD makes a fine choice for an inexpensive desktop solution using the freely available X11 server. FreeBSD offers a choice from many open-source desktop environments, including the standard GNOME and KDE graphical user interfaces. FreeBSD can even boot “diskless” from a central server, making individual workstations even cheaper and easier to administer.
Software Development: The basic FreeBSD system comes with a full suite of development tools including a full C/C++ compiler and debugger suite. Support for many other languages are also available through the ports and packages collection.
FreeBSD is available to download free of charge, or can be obtained on either CD-ROM or DVD. Please see Appendix A, Obtaining FreeBSD for more information about obtaining FreeBSD.
FreeBSD has been known for its web serving capabilities - sites that run on FreeBSD include Hacker News, Netcraft, NetEase, Netflix, Sina, Sony Japan, Rambler, Yahoo!, and Yandex.
FreeBSD's advanced features, proven security, predictable release cycle, and permissive license have led to its use as a platform for building many commercial and open source appliances, devices, and products. Many of the world's largest IT companies use FreeBSD:
Apache - The Apache Software Foundation runs most of its public facing infrastructure, including possibly one of the largest SVN repositories in the world with over 1.4 million commits, on FreeBSD.
Apple - OS X borrows heavily from FreeBSD for the network stack, virtual file system, and many userland components. Apple iOS also contains elements borrowed from FreeBSD.
Cisco - IronPort network security and anti-spam appliances run a modified FreeBSD kernel.
Citrix - The NetScaler line of security appliances provide layer 4-7 load balancing, content caching, application firewall, secure VPN, and mobile cloud network access, along with the power of a FreeBSD shell.
Dell EMC Isilon - Isilon's enterprise storage appliances are based on FreeBSD. The extremely liberal FreeBSD license allowed Isilon to integrate their intellectual property throughout the kernel and focus on building their product instead of an operating system.
Quest KACE - The KACE system management appliances run FreeBSD because of its reliability, scalability, and the community that supports its continued development.
iXsystems - The TrueNAS line of unified storage appliances is based on FreeBSD. In addition to their commercial products, iXsystems also manages development of the open source projects TrueOS and FreeNAS.
Juniper - The JunOS operating system that powers all Juniper networking gear (including routers, switches, security, and networking appliances) is based on FreeBSD. Juniper is one of many vendors that showcases the symbiotic relationship between the project and vendors of commercial products. Improvements generated at Juniper are upstreamed into FreeBSD to reduce the complexity of integrating new features from FreeBSD back into JunOS in the future.
McAfee - SecurOS, the basis of McAfee enterprise firewall products including Sidewinder is based on FreeBSD.
NetApp - The Data ONTAP GX line of storage appliances are based on FreeBSD. In addition, NetApp has contributed back many features, including the new BSD licensed hypervisor, bhyve.
Netflix - The OpenConnect appliance that Netflix uses to stream movies to its customers is based on FreeBSD. Netflix has made extensive contributions to the codebase and works to maintain a zero delta from mainline FreeBSD. Netflix OpenConnect appliances are responsible for delivering more than 32% of all Internet traffic in North America.
Sandvine - Sandvine uses FreeBSD as the basis of their high performance real-time network processing platforms that make up their intelligent network policy control products.
Sony - The PlayStation 4 gaming console runs a modified version of FreeBSD.
Sophos - The Sophos Email Appliance product is based on a hardened FreeBSD and scans inbound mail for spam and viruses, while also monitoring outbound mail for malware as well as the accidental loss of sensitive information.
Spectra Logic - The nTier line of archive grade storage appliances run FreeBSD and OpenZFS.
Stormshield - Stormshield Network Security appliances are based on a hardened version of FreeBSD. The BSD license allows them to integrate their own intellectual property with the system while returning a great deal of interesting development to the community.
The Weather Channel - The IntelliStar appliance that is installed at each local cable provider's headend and is responsible for injecting local weather forecasts into the cable TV network's programming runs FreeBSD.
Verisign - Verisign is responsible for operating the .com and .net root domain registries as well as the accompanying DNS infrastructure. They rely on a number of different network operating systems including FreeBSD to ensure there is no common point of failure in their infrastructure.
Voxer - Voxer powers their mobile voice messaging platform with ZFS on FreeBSD. Voxer switched from a Solaris derivative to FreeBSD because of its superior documentation, larger and more active community, and more developer friendly environment. In addition to critical features like ZFS and DTrace, FreeBSD also offers TRIM support for ZFS.
Fudo Security - The FUDO security appliance allows enterprises to monitor, control, record, and audit contractors and administrators who work on their systems. Based on all of the best security features of FreeBSD including ZFS, GELI, Capsicum, HAST, and auditdistd.
FreeBSD has also spawned a number of related open source projects:
BSD Router - A FreeBSD based replacement for large enterprise routers designed to run on standard PC hardware.
FreeNAS - A customized FreeBSD designed to be used as a network file server appliance. Provides a python based web interface to simplify the management of both the UFS and ZFS file systems. Includes support for NFS, SMB/CIFS, AFP, FTP, and iSCSI. Includes an extensible plugin system based on FreeBSD jails.
GhostBSD - is derived from FreeBSD, uses the GTK environment to provide a beautiful looks and comfortable experience on the modern BSD platform offering a natural and native UNIX® work environment.
mfsBSD - A toolkit for building a FreeBSD system image that runs entirely from memory.
NAS4Free - A file server distribution based on FreeBSD with a PHP powered web interface.
OPNSense - OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
TrueOS - TrueOS is based on the legendary security and stability of FreeBSD. TrueOS follows FreeBSD-CURRENT, with the latest drivers, security updates, and packages available.
FuryBSD - is a brand new, open source FreeBSD desktop. FuryBSD pays homage to desktop BSD projects of the past like PC-BSD and TrueOS with its graphical interface and adds additional tools like a live, hybrid USB/DVD image. FuryBSD is completely free to use and distributed under the BSD license.
MidnightBSD - is a FreeBSD derived operating system developed with desktop users in mind. It includes all the software you'd expect for your daily tasks: mail, web browsing, word processing, gaming, and much more.
pfSense - A firewall distribution based on FreeBSD with a huge array of features and extensive IPv6 support.
ZRouter - An open source alternative firmware for embedded devices based on FreeBSD. Designed to replace the proprietary firmware on off-the-shelf routers.
A list of testimonials from companies basing their products and services on FreeBSD can be found at the FreeBSD Foundation website. Wikipedia also maintains a list of products based on FreeBSD.
The following section provides some background information on the project, including a brief history, project goals, and the development model of the project.
The FreeBSD Project had its genesis in the early part of 1993, partially as the brainchild of the Unofficial 386BSDPatchkit's last 3 coordinators: Nate Williams, Rod Grimes and Jordan Hubbard.
The original goal was to produce an intermediate snapshot of 386BSD in order to fix a number of problems that the patchkit mechanism was just not capable of solving. The early working title for the project was 386BSD 0.5 or 386BSD Interim in reference of that fact.
386BSD was Bill Jolitz's operating system, which had been up to that point suffering rather severely from almost a year's worth of neglect. As the patchkit swelled ever more uncomfortably with each passing day, they decided to assist Bill by providing this interim “cleanup” snapshot. Those plans came to a rude halt when Bill Jolitz suddenly decided to withdraw his sanction from the project without any clear indication of what would be done instead.
The trio thought that the goal remained worthwhile, even without Bill's support, and so they adopted the name "FreeBSD" coined by David Greenman. The initial objectives were set after consulting with the system's current users and, once it became clear that the project was on the road to perhaps even becoming a reality, Jordan contacted Walnut Creek CDROM with an eye toward improving FreeBSD's distribution channels for those many unfortunates without easy access to the Internet. Walnut Creek CDROM not only supported the idea of distributing FreeBSD on CD but also went so far as to provide the project with a machine to work on and a fast Internet connection. Without Walnut Creek CDROM's almost unprecedented degree of faith in what was, at the time, a completely unknown project, it is quite unlikely that FreeBSD would have gotten as far, as fast, as it has today.
The first CD-ROM (and general net-wide) distribution was FreeBSD 1.0, released in December of 1993. This was based on the 4.3BSD-Lite (“Net/2”) tape from U.C. Berkeley, with many components also provided by 386BSD and the Free Software Foundation. It was a fairly reasonable success for a first offering, and they followed it with the highly successful FreeBSD 1.1 release in May of 1994.
Around this time, some rather unexpected storm clouds formed on the horizon as Novell and U.C. Berkeley settled their long-running lawsuit over the legal status of the Berkeley Net/2 tape. A condition of that settlement was U.C. Berkeley's concession that large parts of Net/2 were “encumbered” code and the property of Novell, who had in turn acquired it from AT&T some time previously. What Berkeley got in return was Novell's “blessing” that the 4.4BSD-Lite release, when it was finally released, would be declared unencumbered and all existing Net/2 users would be strongly encouraged to switch. This included FreeBSD, and the project was given until the end of July 1994 to stop shipping its own Net/2 based product. Under the terms of that agreement, the project was allowed one last release before the deadline, that release being FreeBSD 1.1.5.1.
FreeBSD then set about the arduous task of literally re-inventing itself from a completely new and rather incomplete set of 4.4BSD-Lite bits. The “Lite” releases were light in part because Berkeley's CSRG had removed large chunks of code required for actually constructing a bootable running system (due to various legal requirements) and the fact that the Intel port of 4.4 was highly incomplete. It took the project until November of 1994 to make this transition, and in December it released FreeBSD 2.0 to the world. Despite being still more than a little rough around the edges, the release was a significant success and was followed by the more robust and easier to install FreeBSD 2.0.5 release in June of 1995.
Since that time, FreeBSD has made a series of releases each time improving the stability, speed, and feature set of the previous version.
For now, long-term development projects continue to take place in the 10.X-CURRENT (trunk) branch, and snapshot releases of 10.X are continually made available from the snapshot server as work progresses.
The goals of the FreeBSD Project are to provide software that may be used for any purpose and without strings attached. Many of us have a significant investment in the code (and project) and would certainly not mind a little financial compensation now and then, but we are definitely not prepared to insist on it. We believe that our first and foremost “mission” is to provide code to any and all comers, and for whatever purpose, so that the code gets the widest possible use and provides the widest possible benefit. This is, I believe, one of the most fundamental goals of Free Software and one that we enthusiastically support.
That code in our source tree which falls under the GNU General Public License (GPL) or Library General Public License (LGPL) comes with slightly more strings attached, though at least on the side of enforced access rather than the usual opposite. Due to the additional complexities that can evolve in the commercial use of GPL software we do, however, prefer software submitted under the more relaxed BSD license when it is a reasonable option to do so.
The development of FreeBSD is a very open and flexible process, being literally built from the contributions of thousands of people around the world, as can be seen from our list of contributors. FreeBSD's development infrastructure allow these thousands of contributors to collaborate over the Internet. We are constantly on the lookout for new developers and ideas, and those interested in becoming more closely involved with the project need simply contact us at the FreeBSD technical discussions mailing list. The FreeBSD announcements mailing list is also available to those wishing to make other FreeBSD users aware of major areas of work.
Useful things to know about the FreeBSD Project and its development process, whether working independently or in close cooperation:
For several years, the central source tree for FreeBSD
was maintained by
CVS
(Concurrent Versions System), a freely available source
code control tool. In June 2008, the Project switched
to using SVN
(Subversion). The switch was deemed necessary, as the
technical limitations imposed by
CVS were becoming obvious due
to the rapid expansion of the source tree and the amount
of history already stored. The Documentation Project
and Ports Collection repositories also moved from
CVS to
SVN in May 2012 and July
2012, respectively. Please refer to the Obtaining the Source
section for more information on obtaining the
FreeBSD src/
repository and Using the Ports
Collection for details on obtaining the FreeBSD
Ports Collection.
The committers
are the people who have
write access to the Subversion
tree, and are authorized to make modifications to the
FreeBSD source (the term “committer” comes
from commit
, the source control
command which is used to bring new changes into the
repository). Anyone can submit a bug to the Bug
Database. Before submitting a bug report, the
FreeBSD mailing lists, IRC channels, or forums can be used to
help verify that an issue is actually a bug.
The FreeBSD core team would be equivalent to the board of directors if the FreeBSD Project were a company. The primary task of the core team is to make sure the project, as a whole, is in good shape and is heading in the right directions. Inviting dedicated and responsible developers to join our group of committers is one of the functions of the core team, as is the recruitment of new core team members as others move on. The current core team was elected from a pool of committer candidates in June 2020. Elections are held every 2 years.
Like most developers, most members of the core team are also volunteers when it comes to FreeBSD development and do not benefit from the project financially, so “commitment” should also not be misconstrued as meaning “guaranteed support.” The “board of directors” analogy above is not very accurate, and it may be more suitable to say that these are the people who gave up their lives in favor of FreeBSD against their better judgement!
Last, but definitely not least, the largest group of developers are the users themselves who provide feedback and bug fixes to us on an almost constant basis. The primary way of keeping in touch with FreeBSD's more non-centralized development is to subscribe to the FreeBSD technical discussions mailing list where such things are discussed. See Appendix C, Resources on the Internet for more information about the various FreeBSD mailing lists.
The FreeBSD Contributors List is a long and growing one, so why not join it by contributing something back to FreeBSD today?
Providing code is not the only way of contributing to the project; for a more complete list of things that need doing, please refer to the FreeBSD Project web site.
In summary, our development model is organized as a loose set of concentric circles. The centralized model is designed for the convenience of the users of FreeBSD, who are provided with an easy way of tracking one central code base, not to keep potential contributors out! Our desire is to present a stable operating system with a large set of coherent application programs that the users can easily install and use — this model works very well in accomplishing that.
All we ask of those who would join us as FreeBSD developers is some of the same dedication its current people have to its continued success!
In addition to the base distributions, FreeBSD offers a
ported software collection with thousands of commonly
sought-after programs. At the time of this writing, there
were over 24,000 ports! The list of ports ranges from
http servers, to games, languages, editors, and almost
everything in between. The entire Ports Collection requires
approximately 500 MB. To compile a port, you simply
change to the directory of the program you wish to install,
type make install
, and let the system do
the rest. The full original distribution for each port you
build is retrieved dynamically so you need only enough disk
space to build the ports you want. Almost every port is also
provided as a pre-compiled “package”, which can
be installed with a simple command
(pkg install
) by those who do not wish to
compile their own ports from source. More information on
packages and ports can be found in
Chapter 4, Installing Applications: Packages and Ports.
All supported FreeBSD versions provide an option in the
installer to
install additional documentation under
/usr/local/share/doc/freebsd
during the
initial system setup. Documentation may also be installed at
any later time using packages as described in
Section 23.3.2, “Updating Documentation from Ports”. You may view the
locally installed manuals with any HTML capable browser using
the following URLs:
You can also view the master (and most frequently updated)
copies at https://www.FreeBSD.org/
.
There are several different ways of getting FreeBSD to run, depending on the environment. Those are:
Virtual Machine images, to download and import on a virtual environment of choice. These can be downloaded from the Download FreeBSD page. There are images for KVM (“qcow2”), VMWare (“vmdk”), Hyper-V (“vhd”), and raw device images that are universally supported. These are not installation images, but rather the preconfigured (“already installed”) instances, ready to run and perform post-installation tasks.
Virtual Machine images available at Amazon's AWS Marketplace, Microsoft Azure Marketplace, and Google Cloud Platform, to run on their respective hosting services. For more information on deploying FreeBSD on Azure please consult the relevant chapter in the Azure Documentation.
SD card images, for embedded systems such as Raspberry Pi or BeagleBone Black. These can be downloaded from the Download FreeBSD page. These files must be uncompressed and written as a raw image to an SD card, from which the board will then boot.
Installation images, to install FreeBSD on a hard drive for the usual desktop, laptop, or server systems.
The rest of this chapter describes the fourth case, explaining how to install FreeBSD using the text-based installation program named bsdinstall.
In general, the installation instructions in this chapter are written for the i386™ and AMD64 architectures. Where applicable, instructions specific to other platforms will be listed. There may be minor differences between the installer and what is shown here, so use this chapter as a general guide rather than as a set of literal instructions.
Users who prefer to install FreeBSD using a graphical installer may be interested in FuryBSD, GhostBSD or MidnightBSD.
After reading this chapter, you will know:
The minimum hardware requirements and FreeBSD supported architectures.
How to create the FreeBSD installation media.
How to start bsdinstall.
The questions bsdinstall will ask, what they mean, and how to answer them.
How to troubleshoot a failed installation.
How to access a live version of FreeBSD before committing to an installation.
Before reading this chapter, you should:
Read the supported hardware list that shipped with the version of FreeBSD to be installed and verify that the system's hardware is supported.
The hardware requirements to install FreeBSD vary by architecture. Hardware architectures and devices supported by a FreeBSD release are listed on the FreeBSD Release Information page. The FreeBSD download page also has recommendations for choosing the correct image for different architectures.
A FreeBSD installation requires a minimum of 96 MB of RAM and 1.5 GB of free hard drive space. However, such small amounts of memory and disk space are really only suitable for custom applications like embedded appliances. General-purpose desktop systems need more resources. 2-4 GB RAM and at least 8 GB hard drive space is a good starting point.
These are the processor requirements for each architecture:
This is the most common desktop and laptop processor type, used in most modern systems. Intel® calls it Intel64. Other manufacturers sometimes call it x86-64.
Examples of amd64 compatible processors include: AMD Athlon™64, AMD Opteron™, multi-core Intel® Xeon™, and Intel® Core™ 2 and later processors.
Older desktops and laptops often use this 32-bit, x86 architecture.
Almost all i386-compatible processors with a floating point unit are supported. All Intel® processors 486 or higher are supported.
FreeBSD will take advantage of Physical Address Extensions (PAE) support on CPUs with this feature. A kernel with the PAE feature enabled will detect memory above 4 GB and allow it to be used by the system. However, using PAE places constraints on device drivers and other features of FreeBSD.
All New World ROM Apple® Mac® systems with built-in USB are supported. SMP is supported on machines with multiple CPUs.
A 32-bit kernel can only use the first 2 GB of RAM.
Systems supported by FreeBSD/sparc64 are listed at the FreeBSD/sparc64 Project.
SMP is supported on all systems with more than 1 processor. A dedicated disk is required as it is not possible to share a disk with another operating system at this time.
Once it has been determined that the system meets the minimum hardware requirements for installing FreeBSD, the installation file should be downloaded and the installation media prepared. Before doing this, check that the system is ready for an installation by verifying the items in this checklist:
Back Up Important Data
Before installing any operating system, always backup all important data first. Do not store the backup on the system being installed. Instead, save the data to a removable disk such as a USB drive, another system on the network, or an online backup service. Test the backup before starting the installation to make sure it contains all of the needed files. Once the installer formats the system's disk, all data stored on that disk will be lost.
Decide Where to Install FreeBSD
If FreeBSD will be the only operating system installed, this step can be skipped. But if FreeBSD will share the disk with another operating system, decide which disk or partition will be used for FreeBSD.
In the i386 and amd64 architectures, disks can be divided into multiple partitions using one of two partitioning schemes. A traditional Master Boot Record (MBR) holds a partition table defining up to four primary partitions. For historical reasons, FreeBSD calls these primary partition slices. One of these primary partitions can be made into an extended partition containing multiple logical partitions. The GUID Partition Table (GPT) is a newer and simpler method of partitioning a disk. Common GPT implementations allow up to 128 partitions per disk, eliminating the need for logical partitions.
The FreeBSD boot loader requires either a primary or GPT partition. If all of the primary or GPT partitions are already in use, one must be freed for FreeBSD. To create a partition without deleting existing data, use a partition resizing tool to shrink an existing partition and create a new partition using the freed space.
A variety of free and commercial partition resizing tools are listed at http://en.wikipedia.org/wiki/List_of_disk_partitioning_software. GParted Live (http://gparted.sourceforge.net/livecd.php) is a free live CD which includes the GParted partition editor. GParted is also included with many other Linux live CD distributions.
When used properly, disk shrinking utilities can safely create space for creating a new partition. Since the possibility of selecting the wrong partition exists, always backup any important data and verify the integrity of the backup before modifying disk partitions.
Disk partitions containing different operating systems make it possible to install multiple operating systems on one computer. An alternative is to use virtualization (Chapter 21, Virtualization) which allows multiple operating systems to run at the same time without modifying any disk partitions.
Collect Network Information
Some FreeBSD installation methods require a network connection in order to download the installation files. After any installation, the installer will offer to setup the system's network interfaces.
If the network has a DHCP server, it can be used to provide automatic network configuration. If DHCP is not available, the following network information for the system must be obtained from the local network administrator or Internet service provider:
Check for FreeBSD Errata
Although the FreeBSD Project strives to ensure that each release of FreeBSD is as stable as possible, bugs occasionally creep into the process. On very rare occasions those bugs affect the installation process. As these problems are discovered and fixed, they are noted in the FreeBSD Errata (https://www.freebsd.org/releases/12.1R/errata.html) on the FreeBSD web site. Check the errata before installing to make sure that there are no problems that might affect the installation.
Information and errata for all the releases can be found on the release information section of the FreeBSD web site (https://www.freebsd.org/releases/index.html).
The FreeBSD installer is not an application that can be run from within another operating system. Instead, download a FreeBSD installation file, burn it to the media associated with its file type and size (CD, DVD, or USB), and boot the system to install from the inserted media.
FreeBSD installation files are available at www.freebsd.org/where.html#download.
Each installation file's name includes the release version of
FreeBSD, the architecture, and the type of file. For example, to
install FreeBSD 12.1 on an amd64 system from a
DVD, download
FreeBSD-12.1-RELEASE-amd64-dvd1.iso
, burn
this file to a DVD, and boot the system
with the DVD inserted.
Installation files are available in several formats. The formats vary depending on computer architecture and media type.
Additional
installation files are included for computers that boot with
UEFI (Unified Extensible Firmware
Interface). The names of these files include the string
uefi
.
File types:
-bootonly.iso
: This is the smallest
installation file as it only contains the installer. A
working Internet connection is required during
installation as the installer will download the files it
needs to complete the FreeBSD installation. This file should
be burned to a CD using a
CD burning application.
-disc1.iso
: This file contains all
of the files needed to install FreeBSD, its source, and the
Ports Collection. It should be burned to a
CD using a CD
burning application.
-dvd1.iso
: This file contains all
of the files needed to install FreeBSD, its source, and the
Ports Collection. It also contains a set of popular
binary packages for installing a window manager and some
applications so that a complete system can be installed
from media without requiring a connection to the Internet.
This file should be burned to a DVD
using a DVD burning application.
-memstick.img
: This file contains
all of the files needed to install FreeBSD, its source, and
the Ports Collection. It should be burned to a
USB stick using the instructions
below.
-mini-memstick.img
: Like
-bootonly.iso
, does not include
installation files, but downloads them as needed. A
working internet connection is required during
installation. Write this file to a USB
stick as shown in Section 2.3.1.1, “Writing an Image File to USB”.
After downloading the image file, download
CHECKSUM.SHA256
from
the same directory. Calculate a
checksum for the image file.
FreeBSD provides sha256(1) for this, used as sha256
.
Other operating systems have similar programs.imagefilename
Compare the calculated checksum with the one shown in
CHECKSUM.SHA256
. The checksums must
match exactly. If the checksums do not match, the image file
is corrupt and must be downloaded again.
The *.img
file is an
image of the complete contents of a
memory stick. It cannot be copied to
the target device as a file. Several applications are
available for writing the *.img
to a
USB stick. This section describes two of
these utilities.
Before proceeding, back up any important data on the USB stick. This procedure will erase the existing data on the stick.
dd
to Write the
ImageThis example uses /dev/da0
as
the target device where the image will be written. Be
very careful that the correct
device is used as this command will destroy the existing
data on the specified target device.
The dd(1) command-line utility is
available on BSD, Linux®, and Mac OS® systems. To burn
the image using dd
, insert the
USB stick and determine its device
name. Then, specify the name of the downloaded
installation file and the device name for the
USB stick. This example burns the
amd64 installation image to the first
USB device on an existing FreeBSD
system.
#
dd if=
FreeBSD-12.1-RELEASE-amd64-memstick.img
of=/dev/da0
bs=1M conv=sync
If this command fails, verify that the
USB stick is not mounted and that the
device name is for the disk, not a partition. Some
operating systems might require this command to be run
with sudo(8). The dd(1) syntax varies slightly
across different platforms; for example, Mac OS® requires
a lower-case bs=1m
.
Systems like Linux® might buffer
writes. To force all writes to complete, use
sync(8).
Be sure to give the correct drive letter as the existing data on the specified drive will be overwritten and destroyed.
Obtaining Image Writer for Windows®
Image Writer for
Windows® is a free application that can
correctly write an image file to a memory stick.
Download it from https://sourceforge.net/projects/win32diskimager/
and extract it into a folder.
Writing the Image with Image Writer
Double-click the
Win32DiskImager icon to start
the program. Verify that the drive letter shown under
Device
is the drive
with the memory stick. Click the folder icon and select
the image to be written to the memory stick. Click
to accept the
image file name. Verify that everything is correct, and
that no folders on the memory stick are open in other
windows. When everything is ready, click
to write the
image file to the memory stick.
You are now ready to start installing FreeBSD.
By default, the installation will not make any changes to the disk(s) before the following message:
Your changes will now be written to disk. If you have chosen to overwrite existing data, it will be PERMANENTLY ERASED. Are you sure you want to commit your changes?
The install can be exited at any time prior to this warning. If there is a concern that something is incorrectly configured, just turn the computer off before this point and no changes will be made to the system's disks.
This section describes how to boot the system from the installation media which was prepared using the instructions in Section 2.3.1, “Prepare the Installation Media”. When using a bootable USB stick, plug in the USB stick before turning on the computer. When booting from CD or DVD, turn on the computer and insert the media at the first opportunity. How to configure the system to boot from the inserted media depends upon the architecture.
These architectures provide a BIOS menu for selecting the boot device. Depending upon the installation media being used, select the CD/DVD or USB device as the first boot device. Most systems also provide a key for selecting the boot device during startup without having to enter the BIOS. Typically, the key is either F10, F11, F12, or Escape.
If the computer loads the existing operating system instead of the FreeBSD installer, then either:
The installation media was not inserted early enough in the boot process. Leave the media inserted and try restarting the computer.
The BIOS changes were incorrect or not saved. Double-check that the right boot device is selected as the first boot device.
This system is too old to support booting from the chosen media. In this case, the Plop Boot Manager (http://www.plop.at/en/bootmanagers.html) can be used to boot the system from the selected media.
On most machines, holding C on the
keyboard during boot will boot from the CD.
Otherwise, hold Command+Option+O+F, or
Windows+Alt+O+F on non-Apple® keyboards. At the
0 >
prompt, enter
boot cd:,\ppc\loader cd:0
Once the system boots from the installation media, a menu similar to the following will be displayed:
By default, the menu will wait ten seconds for user input before booting into the FreeBSD installer or, if FreeBSD is already installed, before booting into FreeBSD. To pause the boot timer in order to review the selections, press Space. To select an option, press its highlighted number, character, or key. The following options are available.
Boot Multi User
: This will
continue the FreeBSD boot process. If the boot timer has
been paused, press 1, upper- or
lower-case B, or
Enter.
Boot Single User
: This mode can be
used to fix an existing FreeBSD installation as described in
Section 12.2.4.1, “Single-User Mode”. Press
2 or the upper- or lower-case
S to enter this mode.
Escape to loader prompt
: This will
boot the system into a repair prompt that contains a
limited number of low-level commands. This prompt is
described in Section 12.2.3, “Stage Three”. Press
3 or Esc to boot into
this prompt.
Reboot
: Reboots the system.
Kernel
: Loads a different
kernel.
Configure Boot Options
: Opens the
menu shown in, and described under, Figure 2.2, “FreeBSD Boot Options Menu”.
The boot options menu is divided into two sections. The first section can be used to either return to the main boot menu or to reset any toggled options back to their defaults.
The next section is used to toggle the available options
to On
or Off
by pressing
the option's highlighted number or character. The system will
always boot using the settings for these options until they
are modified. Several options can be toggled using this
menu:
ACPI Support
: If the system hangs
during boot, try toggling this option to
Off
.
Safe Mode
: If the system still
hangs during boot even with ACPI
Support
set to Off
, try
setting this option to On
.
Single User
: Toggle this option to
On
to fix an existing FreeBSD installation
as described in Section 12.2.4.1, “Single-User Mode”. Once
the problem is fixed, set it back to
Off
.
Verbose
: Toggle this option to
On
to see more detailed messages during
the boot process. This can be useful when troubleshooting
a piece of hardware.
After making the needed selections, press 1 or Backspace to return to the main boot menu, then press Enter to continue booting into FreeBSD. A series of boot messages will appear as FreeBSD carries out its hardware device probes and loads the installation program. Once the boot is complete, the welcome menu shown in Figure 2.3, “Welcome Menu” will be displayed.
Press Enter to select the default of to enter the installer. The rest of this chapter describes how to use this installer. Otherwise, use the right or left arrows or the colorized letter to select the desired menu item. The can be used to access a FreeBSD shell in order to use command line utilities to prepare the disks before installation. The option can be used to try out FreeBSD before installing it. The live version is described in Section 2.11, “Using the Live CD”.
To review the boot messages, including the hardware
device probe, press the upper- or lower-case
S and then Enter to access
a shell. At the shell prompt, type more
/var/run/dmesg.boot
and use the space bar to
scroll through the messages. When finished, type
exit
to return to the welcome
menu.
This section shows the order of the bsdinstall menus and the type of information that will be asked before the system is installed. Use the arrow keys to highlight a menu option, then Space to select or deselect that menu item. When finished, press Enter to save the selection and move onto the next screen.
Before starting the process, bsdinstall will load the keymap files as show in Figure 2.4, “Keymap Loading”.
After the keymaps have been loaded bsdinstall displays the menu shown in Figure 2.5, “Keymap Selection Menu”. Use the up and down arrows to select the keymap that most closely represents the mapping of the keyboard attached to the system. Press Enter to save the selection.
Pressing Esc will exit this menu and use the default keymap. If the choice of keymap is not clear, is also a safe option.
In addition, when selecting a different keymap, the user can try the keymap and ensure it is correct before proceeding as shown in Figure 2.6, “Keymap Testing Menu”.
The next bsdinstall menu is used to set the hostname for the newly installed system.
Type in a hostname that is unique for the network. It
should be a fully-qualified hostname, such as machine3.example.com
.
Next, bsdinstall will prompt to select optional components to install.
Deciding which components to install will depend largely on the intended use of the system and the amount of disk space available. The FreeBSD kernel and userland, collectively known as the base system, are always installed. Depending on the architecture, some of these components may not appear:
base-dbg
- Base tools like
cat,
ls among many others with
debug symbols activated.
kernel-dbg
- Kernel and modules with
debug symbols activated.
lib32-dbg
- Compatibility libraries
for running 32-bit applications on a 64-bit version of
FreeBSD with debug symbols activated.
lib32
- Compatibility libraries for
running 32-bit applications on a 64-bit version of
FreeBSD.
ports
- The FreeBSD Ports Collection
is a collection of files which automates the downloading,
compiling and installation of third-party software
packages. Chapter 4, Installing Applications: Packages and Ports discusses how to use
the Ports Collection.
The installation program does not check for adequate disk space. Select this option only if sufficient hard disk space is available. The FreeBSD Ports Collection takes up about 500 MB of disk space.
src
- The complete FreeBSD source code
for both the kernel and the userland. Although not
required for the majority of applications, it may be
required to build device drivers, kernel modules, or some
applications from the Ports Collection. It is also used
for developing FreeBSD itself. The full source tree requires
1 GB of disk space and recompiling the entire FreeBSD
system requires an additional 5 GB of space.
tests
- FreeBSD Test Suite.
The menu shown in
Figure 2.9, “Installing from the Network” only appears
when installing from a -bootonly.iso
or
-mini-memstick.img
as this installation
media does not hold copies of the installation files.
Since the installation files must be retrieved over a network
connection, this menu indicates that the network interface must
be configured first. If this menu is shown in any step of the
process remember to follow the instructions in
Section 2.9.1, “Configuring Network Interfaces”.
The next menu is used to determine the method for allocating disk space.
bsdinstall gives the user four methods for allocating disk space:
Auto (UFS)
partitioning
automatically sets up the disk partitions using the
UFS
file system.
Manual
partitioning allows
advanced users to create customized partitions from menu
options.
Shell
opens a shell prompt where
advanced users can create customized partitions using
command-line utilities like gpart(8), fdisk(8),
and bsdlabel(8).
Auto (ZFS)
partitioning creates a
root-on-ZFS system with optional GELI encryption support for
boot environments.
This section describes what to consider when laying out the disk partitions. It then demonstrates how to use the different partitioning methods.
When laying out file systems, remember that hard drives
transfer data faster from the outer tracks to the inner.
Thus, smaller and heavier-accessed file systems should be
closer to the outside of the drive, while larger partitions
like /usr
should be placed toward the
inner parts of the disk. It is a good idea to create
partitions in an order similar to: /
,
swap, /var
, and
/usr
.
The size of the /var
partition
reflects the intended machine's usage. This partition is
used to hold mailboxes, log files, and printer spools.
Mailboxes and log files can grow to unexpected sizes
depending on the number of users and how long log files are
kept. On average, most users rarely need more than about a
gigabyte of free disk space in
/var
.
Sometimes, a lot of disk space is required in
/var/tmp
. When new software is
installed, the packaging tools extract a temporary copy of
the packages under /var/tmp
. Large
software packages, like Firefox
or LibreOffice may be tricky to
install if there is not enough disk space under
/var/tmp
.
The /usr
partition holds many of the
files which support the system, including the FreeBSD Ports
Collection and system source code. At least 2 gigabytes of
space is recommended for this partition.
When selecting partition sizes, keep the space requirements in mind. Running out of space in one partition while barely using another can be a hassle.
As a rule of thumb, the swap partition should be about double the size of physical memory (RAM). Systems with minimal RAM may perform better with more swap. Configuring too little swap can lead to inefficiencies in the VM page scanning code and might create issues later if more memory is added.
On larger systems with multiple SCSI disks or multiple IDE disks operating on different controllers, it is recommended that swap be configured on each drive, up to four drives. The swap partitions should be approximately the same size. The kernel can handle arbitrary sizes but internal data structures scale to 4 times the largest swap partition. Keeping the swap partitions near the same size will allow the kernel to optimally stripe swap space across disks. Large swap sizes are fine, even if swap is not used much. It might be easier to recover from a runaway program before being forced to reboot.
By properly partitioning a system, fragmentation
introduced in the smaller write heavy partitions will not
bleed over into the mostly read partitions. Keeping the
write loaded partitions closer to the disk's edge will
increase I/O performance in the
partitions where it occurs the most. While
I/O performance in the larger partitions
may be needed, shifting them more toward the edge of the disk
will not lead to a significant performance improvement over
moving /var
to the edge.
When this method is selected, a menu will display the available disk(s). If multiple disks are connected, choose the one where FreeBSD is to be installed.
Once the disk is selected, the next menu prompts to install to either the entire disk or to create a partition using free space. If
is chosen, a general partition layout filling the whole disk is automatically created. Selecting creates a partition layout from the unused space on the disk.After bsdinstall displays a dialog indicating that the disk will be erased.
is chosenThe next menu shows a list with the partition schemes types. GPT is usually the most appropriate choice for amd64 computers. Older computers that are not compatible with GPT should use MBR. The other partition schemes are generally used for uncommon or older computers. More information is available in Table 2.1, “Partitioning Schemes”.
After the partition layout has been created, review it to ensure it meets the needs of the installation. Selecting
will reset the partitions to their original values and pressing will recreate the automatic FreeBSD partitions. Partitions can also be manually created, modified, or deleted. When the partitioning is correct, select to continue with the installation.Once the disks are configured, the next menu provides the last chance to make changes before the selected drives are formatted. If changes need to be made, select
to return to the main partitioning menu. exits the installer without making any changes to the drive. Select to start the installation process.To continue with the installation process go to Section 2.7, “Fetching Distribution Files”.
Selecting this method opens the partition editor:
Highlight the installation drive
(ada0
in this example) and select
to display a menu
of available partition schemes:
GPT is usually the most appropriate choice for amd64 computers. Older computers that are not compatible with GPT should use MBR. The other partition schemes are generally used for uncommon or older computers.
Abbreviation | Description |
---|---|
APM | Apple Partition Map, used by PowerPC®. |
BSD | BSD label without an MBR, sometimes called dangerously dedicated mode as non-BSD disk utilities may not recognize it. |
GPT | GUID Partition Table (http://en.wikipedia.org/wiki/GUID_Partition_Table). |
MBR | Master Boot Record (http://en.wikipedia.org/wiki/Master_boot_record). |
VTOC8 | Volume Table Of Contents used by Sun SPARC64 and UltraSPARC computers. |
After the partitioning scheme has been selected and created, select Tab key is used to move the cursor between fields.
again to create the partitions. TheA standard FreeBSD GPT installation uses at least three partitions:
freebsd-boot
- Holds the FreeBSD boot
code.
freebsd-ufs
- A FreeBSD
UFS file system.
freebsd-zfs
- A FreeBSD
ZFS file system. More information about
ZFS is available in Chapter 19, The Z File System (ZFS).
freebsd-swap
- FreeBSD swap
space.
Refer to gpart(8) for descriptions of the available GPT partition types.
Multiple file system partitions can be created and some
people prefer a traditional layout with separate partitions
for /
, /var
,
/tmp
, and /usr
. See
Example 2.1, “Creating Traditional Split File System
Partitions” for an
example.
The Size
may be entered with common
abbreviations: K for kilobytes,
M for megabytes, or
G for gigabytes.
Proper sector alignment provides the best performance, and making partition sizes even multiples of 4K bytes helps to ensure alignment on drives with either 512-byte or 4K-byte sectors. Generally, using partition sizes that are even multiples of 1M or 1G is the easiest way to make sure every partition starts at an even multiple of 4K. There is one exception: the freebsd-boot partition should be no larger than 512K due to current boot code limitations.
A Mountpoint
is needed if the partition
will contain a file system. If only a single
UFS partition will be created, the
mountpoint should be /
.
The Label
is a name by which the
partition will be known. Drive names or numbers can change if
the drive is connected to a different controller or port, but
the partition label does not change. Referring to labels
instead of drive names and partition numbers in files like
/etc/fstab
makes the system more tolerant
to hardware changes. GPT labels appear in
/dev/gpt/
when a disk is attached. Other
partitioning schemes have different label capabilities and
their labels appear in different directories in
/dev/
.
Use a unique label on every partition to avoid
conflicts from identical labels. A few letters from the
computer's name, use, or location can be added to the label.
For instance, use labroot
or
rootfslab
for the UFS
root partition on the computer named
lab
.
For a traditional partition layout where the
/
, /var
,
/tmp
, and /usr
directories are separate file systems on their own
partitions, create a GPT partitioning
scheme, then create the partitions as shown. Partition
sizes shown are typical for a 20G target disk. If more
space is available on the target disk, larger swap or
/var
partitions may be useful. Labels
shown here are prefixed with ex
for
“example”, but readers should use other unique
label values as described above.
By default, FreeBSD's gptboot
expects
the first UFS partition to be the
/
partition.
Partition Type | Size | Mountpoint | Label |
---|---|---|---|
freebsd-boot | 512K | ||
freebsd-ufs | 2G | / | exrootfs |
freebsd-swap | 4G | exswap | |
freebsd-ufs | 2G | /var | exvarfs |
freebsd-ufs | 1G | /tmp | extmpfs |
freebsd-ufs | accept the default (remainder of the disk) | /usr | exusrfs |
After the custom partitions have been created, select Section 2.7, “Fetching Distribution Files”.
to continue with the installation and go toThis partitioning mode only works with whole disks and will erase the contents of the entire disk. The main ZFS configuration menu offers a number of options to control the creation of the pool.
Here is a summary of the options which can be used in this menu:
Install
- Proceed with the
installation with the selected options.
Pool Type/Disks
- Allow to configure
the Pool Type
and the disk(s) that will
constitute the pool. The automatic ZFS
installer currently only supports the creation of a single top
level vdev, except in stripe mode. To create more complex
pools, use the instructions in Section 2.6.5, “Shell Mode Partitioning”
to create the pool.
Rescan Devices
- Repopulate the list
of available disks.
Disk Info
- Disk Info menu can be
used to inspect each disk, including its partition table and
various other information such as the device model number
and serial number, if available.
Pool Name
- Establish the name of the
pool. The default name is
zroot.
Force 4K Sectors?
- Force the use of
4K sectors. By default, the installer will automatically
create partitions aligned to 4K boundaries and force ZFS to
use 4K sectors. This is safe even with 512 byte sector
disks, and has the added benefit of ensuring that pools
created on 512 byte disks will be able to have 4K sector
disks added in the future, either as additional storage
space or as replacements for failed disks. Press the
Enter key to chose to activate it or
not.
Encrypt Disks?
- Encrypting the disks
allows the user to encrypt the disks using
GELI. More information about disk
encryption is available in Section 17.12.2, “Disk Encryption with geli
”.
Press the Enter key to chose activate it or
not.
Partition Scheme
- Allow to choose
the partition scheme. GPT is the recommended option in
most cases. Press the Enter key to chose
between the different options.
Swap Size
- Establish the amount of
swap space.
Mirror Swap?
- Allows the user to
mirror the swap between the disks. Be aware, enabling
mirror swap will break crash dumps. Press the
Enter key to activate it or not.
Encrypt Swap?
- Allow the user the
possibility to encrypt the swap. Encrypts the swap with a
temporary key each time that the system boots and discards
it on reboot. Press the Enter key to chose
activate it or not. More information about swap encryption
in Section 17.13, “Encrypting Swap”.
Select T to configure the Pool
Type
and the disk(s) that will constitute the
pool.
Here is a summary of the Pool Type
which can be selected in this menu:
stripe
- Striping provides maximum
storage of all connected devices, but no redundancy. If
just one disk fails the data on the pool is lost
irrevocably.
mirror
- Mirroring stores a complete
copy of all data on every disk. Mirroring provides a good
read perfomance because data is read from all disks in
parallel. Write performance is slower as the data must be
written to all disks in the pool. Allows all but one disk
to fail. This option requires at least two disks.
raid10
- Striped mirrors. Provides
the best performance, but the least storage. This option
needs at least an even number of disks and a minimum of four
disks.
raidz1
- Single Redundant RAID.
Allow one disk to fail concurrently. This option needs at
least three disks.
raidz2
- Double Redundant RAID.
Allows two disks to fail concurrently. This option needs
at least four disks.
raidz3
- Triple Redundant RAID.
Allows three disks to fail concurrently. This option needs
at least five disks.
Once a Pool Type
has been selected, a
list of available disks is displayed, and the user is prompted
to select one or more disks to make up the pool. The
configuration is then validated, to ensure enough disks are
selected. If not, select to return to the list of disks, or
to change the
Pool Type
.
If one or more disks are missing from the list, or if disks were attached after the installer was started, select
to repopulate the list of available disks.To avoid accidentally erasing the wrong disk, the
menu can be used to inspect each disk, including its partition table and various other information such as the device model number and serial number, if available.Select N to configure the
Pool Name
. Enter the desired name then
select to establish it or
to return to the
main menu and leave the default name.
Select S to set the amount of swap. Enter the desired amount of swap and then select to establish it or to return to the main menu and let the default amount.
Once all options have been set to the desired values, select the
option at the top of the menu. The installer then offers a last chance to cancel before the contents of the selected drives are destroyed to create the ZFS pool.If GELI disk encryption was enabled, the installer will prompt twice for the passphrase to be used to encrypt the disks. And after that the initializing of the encryption begins.
The installation then proceeds normally. To continue with the installation go to Section 2.7, “Fetching Distribution Files”.
When creating advanced installations, the
bsdinstall partitioning menus may
not provide the level of flexibility required. Advanced users
can select the option from the
partitioning menu in order to manually partition the drives,
create the file system(s), populate
/tmp/bsdinstall_etc/fstab
, and mount the
file systems under /mnt
. Once this is
done, type exit
to return to
bsdinstall and continue the
installation.
Installation time will vary depending on the distributions chosen, installation media, and speed of the computer. A series of messages will indicate the progress.
First, the installer formats the selected disk(s) and
initializes the partitions. Next, in the case of a
bootonly media
or
mini memstick
, it downloads the selected
components:
Next, the integrity of the distribution files is verified to ensure they have not been corrupted during download or misread from the installation media:
Finally, the verified distribution files are extracted to the disk:
Once all requested distribution files have been extracted, bsdinstall displays the first post-installation configuration screen. The available post-configuration options are described in the next section.
First, the root
password must be set. While entering the password, the
characters being typed are not displayed on the screen. After
the password has been entered, it must be entered again. This
helps prevent typing errors.
The next series of menus are used to determine the correct local time by selecting the geographic region, country, and time zone. Setting the time zone allows the system to automatically correct for regional time changes, such as daylight savings time, and perform other time zone related functions properly.
The example shown here is for a machine located in the mainland time zone of Spain, Europe. The selections will vary according to the geographical location.
The appropriate region is selected using the arrow keys and then pressing Enter.
Select the appropriate country using the arrow keys and press Enter.
The appropriate time zone is selected using the arrow keys and pressing Enter.
Confirm the abbreviation for the time zone is correct.
The appropriate date is selected using the arrow keys and then pressing
. Otherwise, the date selection can be skipped by pressing .The appropriate time is selected using the arrow keys and then pressing
. Otherwise, the time selection can be skipped by pressing .The next menu is used to configure which system services will be started whenever the system boots. All of these services are optional. Only start the services that are needed for the system to function.
Here is a summary of the services which can be enabled in this menu:
local_unbound
- Enable the DNS
local unbound. It is necessary to keep in mind that this
is the unbound of the base system and is only meant for
use as a local caching forwarding resolver. If the
objective is to set up a resolver for the entire network
install dns/unbound.
sshd
- The Secure Shell
(SSH) daemon is used to remotely access
a system over an encrypted connection. Only enable this
service if the system should be available for remote
logins.
moused
- Enable this service if the
mouse will be used from the command-line system
console.
ntpdate
- Enable the automatic
clock synchronization at boot time. The functionality of
this program is now available in the ntpd(8) daemon.
After a suitable period of mourning, the ntpdate(8)
utility will be retired.
ntpd
- The Network Time Protocol
(NTP) daemon for automatic clock
synchronization. Enable this service if there is a
Windows®, Kerberos, or LDAP server on
the network.
powerd
- System power control
utility for power control and energy saving.
dumpdev
- Enabling crash dumps is
useful in debugging issues with the system, so users are
encouraged to enable crash dumps.
The next menu is used to configure which security options will be enabled. All of these options are optional. But their use is encouraged.
Here is a summary of the options which can be enabled in this menu:
hide_uids
- Hide processes running
as other users to prevent the unprivileged users to see
other running processes in execution by other users (UID)
preventing information leakage.
hide_gids
- Hide processes running
as other groups to prevent the unprivileged users to see
other running processes in execution by other groups (GID)
preventing information leakage.
hide_jail
- Hide processes running
in jails to prevent the unprivileged users to see
processes running inside the jails.
read_msgbuf
- Disabling reading
kernel message buffer for unprivileged users prevent from
using dmesg(8) to view messages from the kernel's log
buffer.
proc_debug
- Disabling process
debugging facilities for unprivileged users disables
a variety of unprivileged inter-process debugging
services, including some procfs functionality, ptrace(),
and ktrace(). Please note that this will also prevent
debugging tools, for instance lldb(1), truss(1),
procstat(1), as well as some built-in debugging
facilities in certain scripting language like PHP, etc.,
from working for unprivileged users.
random_pid
- Randomize the PID of
newly created processes.
clear_tmp
- Clean
/tmp
when the system starts
up.
disable_syslogd
- Disable opening
syslogd network socket. By
default FreeBSD runs syslogd in a
secure way with -s
. That prevents the
daemon from listening for incoming UDP requests
at port 514. With this option enabled
syslogd will run with the flag
-ss
which prevents
syslogd from opening any port.
To get more information consult syslogd(8).
disable_sendmail
- Disable the
sendmail mail transport agent.
secure_console
- When this option
is enabled, the prompt requests the root
password when
entering single.
disable_ddtrace
- DTrace can run
in a mode that will actually affect the running kernel.
Destructive actions may not be used unless they have
been explicitly enabled. To enable this option when using
DTrace use -w
. To get more
information consult dtrace(1).
The next menu prompts to create at least one user account.
It is recommended to login to the system using a user account
rather than as root
.
When logged in as root
, there are essentially no
limits or protection on what can be done. Logging in as a
normal user is safer and more secure.
Select
to add new users.Follow the prompts and input the requested information for
the user account. The example shown in Figure 2.44, “Enter User Information” creates the asample
user account.
Here is a summary of the information to input:
Username
- The name the user will
enter to log in. A common convention is to use the first
letter of the first name combined with the last name, as
long as each username is unique for the system. The
username is case sensitive and should not contain any
spaces.
Full name
- The user's full name.
This can contain spaces and is used as a description for
the user account.
Uid
- User ID.
Typically, this is left blank so the system will assign a
value.
Login group
- The user's group.
Typically this is left blank to accept the default.
Invite
- Additional groups to which the
user will be added as a member. If the user needs
administrative access, type user
into
other groups?wheel
here.
Login class
- Typically left blank
for the default.
Shell
- Type in one of the listed
values to set the interactive shell for the user. Refer
to Section 3.9, “Shells” for more information about
shells.
Home directory
- The user's home
directory. The default is usually correct.
Home directory permissions
-
Permissions on the user's home directory. The default is
usually correct.
Use password-based authentication?
- Typically yes
so that the user is
prompted to input their password at login.
Use an empty password?
-
Typically no
as it is insecure to have
a blank password.
Use a random password?
- Typically
no
so that the user can set their own
password in the next prompt.
Enter password
- The password for
this user. Characters typed will not show on the
screen.
Enter password again
- The password
must be typed again for verification.
Lock out the account after
creation?
- Typically no
so
that the user can login.
After entering everything, a summary is shown for review.
If a mistake was made, enter no
and try
again. If everything is correct, enter yes
to create the new user.
If there are more users to add, answer the Add
another user?
question with
yes
. Enter no
to finish
adding users and continue the installation.
For more information on adding users and user management, see Section 3.3, “Users and Basic Account Management”.
After everything has been installed and configured, a final chance is provided to modify settings.
Use this menu to make any changes or do any additional configuration before completing the installation.
Add User
- Described in Section 2.8.5, “Add Users”.
Root Password
- Described in Section 2.8.1, “Setting the
root
Password”.
Hostname
- Described in Section 2.5.2, “Setting the Hostname”.
Network
- Described in Section 2.9.1, “Configuring Network Interfaces”.
Services
- Described in Section 2.8.3, “Enabling Services”.
System Hardening
- Described in
Section 2.8.4, “Enabling Hardening Security Options”.
Time Zone
- Described in Section 2.8.2, “Setting the Time Zone”.
Handbook
- Download and install the
FreeBSD Handbook.
After any final configuration is complete, select
.bsdinstall will prompt if there are any additional configuration that needs to be done before rebooting into the new system. Select to exit to a shell within the new system or to proceed to the last step of the installation.
If further configuration or special setup is needed, select
to boot the install media into Live CD mode.If the installation is complete, select
to reboot the computer and start the new FreeBSD system. Do not forget to remove the FreeBSD install media or the computer may boot from it again.As FreeBSD boots, informational messages are displayed.
After the system finishes booting, a login prompt is
displayed. At the login:
prompt, enter the
username added during the installation. Avoid logging in as
root
. Refer to
Section 3.3.1.3, “The Superuser Account” for instructions on how to
become the superuser when administrative access is
needed.
The messages that appeared during boot can be reviewed by
pressing Scroll-Lock to turn on the
scroll-back buffer. The PgUp,
PgDn, and arrow keys can be used to scroll
back through the messages. When finished, press
Scroll-Lock again to unlock the display and
return to the console. To review these messages once the
system has been up for some time, type less
/var/run/dmesg.boot
from a command prompt. Press
q to return to the command line after
viewing.
If sshd was enabled in Figure 2.41, “Selecting Additional Services to Enable”, the first boot may be a bit slower as the system will generate the RSA and DSA keys. Subsequent boots will be faster. The fingerprints of the keys will be displayed, as seen in this example:
Generating public/private rsa1 key pair. Your identification has been saved in /etc/ssh/ssh_host_key. Your public key has been saved in /etc/ssh/ssh_host_key.pub. The key fingerprint is: 10:a0:f5:af:93:ae:a3:1a:b2:bb:3c:35:d9:5a:b3:f3 root@machine3.example.com The key's randomart image is: +--[RSA1 1024]----+ | o.. | | o . . | | . o | | o | | o S | | + + o | |o . + * | |o+ ..+ . | |==o..o+E | +-----------------+ Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: 7e:1c:ce:dc:8a:3a:18:13:5b:34:b5:cf:d9:d1:47:b2 root@machine3.example.com The key's randomart image is: +--[ DSA 1024]----+ | .. . .| | o . . + | | . .. . E .| | . . o o . . | | + S = . | | + . = o | | + . * . | | . . o . | | .o. . | +-----------------+ Starting sshd.
Refer to Section 13.8, “OpenSSH” for more information about fingerprints and SSH.
FreeBSD does not install a graphical environment by default. Refer to Chapter 5, The X Window System for more information about installing and configuring a graphical window manager.
Proper shutdown of a FreeBSD computer helps protect data and
hardware from damage. Do not turn off the power
before the system has been properly shut down! If
the user is a member of the wheel
group, become the
superuser by typing su
at the command line
and entering the root
password. Then, type
shutdown -p now
and the system will shut
down cleanly, and if the hardware supports it, turn itself
off.
Next, a list of the network interfaces found on the computer is shown. Select the interface to configure.
If an Ethernet interface is selected, the installer will skip ahead to the menu shown in Figure 2.53, “Choose IPv4 Networking”. If a wireless network interface is chosen, the system will instead scan for wireless access points:
Wireless networks are identified by a Service Set Identifier (SSID), a short, unique name given to each network. SSIDs found during the scan are listed, followed by a description of the encryption types available for that network. If the desired SSID does not appear in the list, select
to scan again. If the desired network still does not appear, check for problems with antenna connections or try moving the computer closer to the access point. Rescan after each change is made.Next, enter the encryption information for connecting to the selected wireless network. WPA2 encryption is strongly recommended as older encryption types, like WEP, offer little security. If the network uses WPA2, input the password, also known as the Pre-Shared Key (PSK). For security reasons, the characters typed into the input box are displayed as asterisks.
Next, choose whether or not an IPv4 address should be configured on the Ethernet or wireless interface:
There are two methods of IPv4 configuration. DHCP will automatically configure the network interface correctly and should be used if the network provides a DHCP server. Otherwise, the addressing information needs to be input manually as a static configuration.
Do not enter random network information as it will not work. If a DHCP server is not available, obtain the information listed in Required Network Information from the network administrator or Internet service provider.
If a DHCP server is available, select
in the next menu to automatically configure the network interface. The installer will appear to pause for a minute or so as it finds the DHCP server and obtains the addressing information for the system.If a DHCP server is not available, select
and input the following addressing information in this menu:IP Address
- The
IPv4 address assigned to this computer.
The address must be unique and not already in use by
another piece of equipment on the local network.
Subnet Mask
- The subnet mask for
the network.
Default Router
- The
IP address of the network's default
gateway.
The next screen will ask if the interface should be configured for IPv6. If IPv6 is available and desired, choose
to select it.IPv6 also has two methods of configuration. StateLess Address AutoConfiguration (SLAAC) will automatically request the correct configuration information from a local router. Refer to rfc4862 for more information. Static configuration requires manual entry of network information.
If an IPv6 router is available, select
in the next menu to automatically configure the network interface. The installer will appear to pause for a minute or so as it finds the router and obtains the addressing information for the system.If an IPv6 router is not available, select
and input the following addressing information in this menu:IPv6 Address
- The
IPv6 address assigned to this computer.
The address must be unique and not already in use by
another piece of equipment on the local network.
Default Router
- The
IPv6 address of the network's default
gateway.
The last network configuration menu is used to configure
the Domain Name System (DNS) resolver,
which converts hostnames to and from network addresses. If
DHCP or SLAAC was used
to autoconfigure the network interface, the Resolver
Configuration
values may already be filled in.
Otherwise, enter the local network's domain name in the
Search
field. DNS #1
and DNS #2
are the IPv4
and/or IPv6 addresses of the
DNS servers. At least one
DNS server is required.
Once the interface is configured, select a mirror site that is located in the same region of the world as the computer on which FreeBSD is being installed. Files can be retrieved more quickly when the mirror is close to the target computer, reducing installation time.
This section covers basic installation troubleshooting, such as common problems people have reported.
Check the Hardware Notes (https://www.freebsd.org/releases/index.html)
document for the version of FreeBSD to make sure the hardware is
supported. If the hardware is supported and lock-ups or other
problems occur, build a custom kernel using the instructions in
Chapter 8, Configuring the FreeBSD Kernel to add support for devices which
are not present in the GENERIC
kernel. The
default kernel assumes that most hardware devices are in their
factory default configuration in terms of
IRQs, I/O addresses, and
DMA channels. If the hardware has been
reconfigured, a custom kernel configuration file can tell FreeBSD
where to find things.
Some installation problems can be avoided or alleviated by updating the firmware on various hardware components, most notably the motherboard. Motherboard firmware is usually referred to as the BIOS. Most motherboard and computer manufacturers have a website for upgrades and upgrade information.
Manufacturers generally advise against upgrading the motherboard BIOS unless there is a good reason for doing so, like a critical update. The upgrade process can go wrong, leaving the BIOS incomplete and the computer inoperative.
If the system hangs while probing hardware during boot, or
it behaves strangely during install, ACPI may
be the culprit. FreeBSD makes extensive use of the system
ACPI service on the i386 and
amd64 platforms to aid in system configuration
if it is detected during boot. Unfortunately, some bugs still
exist in both the ACPI driver and within
system motherboards and BIOS firmware.
ACPI can be disabled by setting the
hint.acpi.0.disabled
hint in the third stage
boot loader:
set hint.acpi.0.disabled="1"
This is reset each time the system is booted, so it is
necessary to add hint.acpi.0.disabled="1"
to
the file /boot/loader.conf
. More
information about the boot loader can be found in Section 12.1, “Synopsis”.
The welcome menu of bsdinstall, shown in Figure 2.3, “Welcome Menu”, provides a option. This is useful for those who are still wondering whether FreeBSD is the right operating system for them and want to test some of the features before installing.
The following points should be noted before using the
:To gain access to the system, authentication is
required. The username is root
and the password is
blank.
As the system runs directly from the installation media, performance will be significantly slower than that of a system installed on a hard disk.
This option only provides a command prompt and not a graphical interface.
This chapter covers the basic commands and functionality of the FreeBSD operating system. Much of this material is relevant for any UNIX®-like operating system. New FreeBSD users are encouraged to read through this chapter carefully.
After reading this chapter, you will know:
How to use and configure virtual consoles.
How to create and manage users and groups on FreeBSD.
How UNIX® file permissions and FreeBSD file flags work.
The default FreeBSD file system layout.
The FreeBSD disk organization.
How to mount and unmount file systems.
What processes, daemons, and signals are.
What a shell is, and how to change the default login environment.
How to use basic text editors.
What devices and device nodes are.
How to read manual pages for more information.
Unless FreeBSD has been configured to automatically start a graphical environment during startup, the system will boot into a command line login prompt, as seen in this example:
FreeBSD/amd64 (pc3.example.org) (ttyv0) login:
The first line contains some information about the system.
The amd64
indicates that the system in this
example is running a 64-bit version of FreeBSD. The hostname is
pc3.example.org
, and
ttyv0
indicates that this is the
“system console”. The second line is the login
prompt.
Since FreeBSD is a multiuser system, it needs some way to distinguish between different users. This is accomplished by requiring every user to log into the system before gaining access to the programs on the system. Every user has a unique name “username” and a personal “password”.
To log into the system console, type the username that was configured during system installation, as described in Section 2.8.5, “Add Users”, and press Enter. Then enter the password associated with the username and press Enter. The password is not echoed for security reasons.
Once the correct password is input, the message of the
day (MOTD) will be displayed followed
by a command prompt. Depending upon the shell that was
selected when the user was created, this prompt will be a
#
, $
, or
%
character. The prompt indicates that
the user is now logged into the FreeBSD system console and ready
to try the available commands.
While the system console can be used to interact with the system, a user working from the command line at the keyboard of a FreeBSD system will typically instead log into a virtual console. This is because system messages are configured by default to display on the system console. These messages will appear over the command or file that the user is working on, making it difficult to concentrate on the work at hand.
By default, FreeBSD is configured to provide several virtual consoles for inputting commands. Each virtual console has its own login prompt and shell and it is easy to switch between virtual consoles. This essentially provides the command line equivalent of having several windows open at the same time in a graphical environment.
The key combinations
Alt+F1
through
Alt+F8
have been reserved by FreeBSD for switching between virtual
consoles. Use
Alt+F1
to switch to the system console
(ttyv0
),
Alt+F2
to access the first virtual console
(ttyv1
),
Alt+F3
to access the second virtual console
(ttyv2
), and so on.
When using Xorg as a graphical
console, the combination becomes Ctrl+Alt+F1 to return to a text-based virtual console.
When switching from one console to the next, FreeBSD manages the screen output. The result is an illusion of having multiple virtual screens and keyboards that can be used to type commands for FreeBSD to run. The programs that are launched in one virtual console do not stop running when the user switches to a different virtual console.
Refer to kbdcontrol(1), vidcontrol(1), atkbd(4), syscons(4), and vt(4) for a more technical description of the FreeBSD console and its keyboard drivers.
In FreeBSD, the number of available virtual consoles is
configured in this section of
/etc/ttys
:
# name getty type status comments # ttyv0 "/usr/libexec/getty Pc" xterm on secure # Virtual terminals ttyv1 "/usr/libexec/getty Pc" xterm on secure ttyv2 "/usr/libexec/getty Pc" xterm on secure ttyv3 "/usr/libexec/getty Pc" xterm on secure ttyv4 "/usr/libexec/getty Pc" xterm on secure ttyv5 "/usr/libexec/getty Pc" xterm on secure ttyv6 "/usr/libexec/getty Pc" xterm on secure ttyv7 "/usr/libexec/getty Pc" xterm on secure ttyv8 "/usr/X11R6/bin/xdm -nodaemon" xterm off secure
To disable a virtual console, put a comment symbol
(#
) at the beginning of the line
representing that virtual console. For example, to reduce the
number of available virtual consoles from eight to four, put a
#
in front of the last four lines
representing virtual consoles ttyv5
through ttyv8
.
Do not comment out the line for the
system console ttyv0
. Note that the last
virtual console (ttyv8
) is used to access
the graphical environment if Xorg
has been installed and configured as described in
Chapter 5, The X Window System.
For a detailed description of every column in this file and the available options for the virtual consoles, refer to ttys(5).
The FreeBSD boot menu provides an option labelled as
“Boot Single User”. If this option is selected,
the system will boot into a special mode known as
“single user mode”. This mode is typically used
to repair a system that will not boot or to reset the
root
password when
it is not known. While in single user mode, networking and
other virtual consoles are not available. However, full
root
access to the
system is available, and by default, the
root
password is not
needed. For these reasons, physical access to the keyboard is
needed to boot into this mode and determining who has physical
access to the keyboard is something to consider when securing
a FreeBSD system.
The settings which control single user mode are found in
this section of /etc/ttys
:
# name getty type status comments # # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console none unknown off secure
By default, the status is set to
secure
. This assumes that who has physical
access to the keyboard is either not important or it is
controlled by a physical security policy. If this setting is
changed to insecure
, the assumption is that
the environment itself is insecure because anyone can access
the keyboard. When this line is changed to
insecure
, FreeBSD will prompt for the
root
password when a
user selects to boot into single user mode.
Be careful when changing this setting to
insecure
! If the
root
password is
forgotten, booting into single user mode is still possible,
but may be difficult for someone who is not familiar with
the FreeBSD booting process.
The FreeBSD console default video mode may be adjusted to
1024x768, 1280x1024, or any other size supported by the
graphics chip and monitor. To use a different video mode
load the VESA
module:
#
kldload vesa
To determine which video modes are supported by the hardware, use vidcontrol(1). To get a list of supported video modes issue the following:
#
vidcontrol -i mode
The output of this command lists the video modes that are
supported by the hardware. To select a new video mode,
specify the mode using vidcontrol(1) as the
root
user:
#
vidcontrol MODE_279
If the new video mode is acceptable, it can be permanently
set on boot by adding it to
/etc/rc.conf
:
allscreens_flags="MODE_279"
FreeBSD allows multiple users to use the computer at the same time. While only one user can sit in front of the screen and use the keyboard at any one time, any number of users can log in to the system through the network. To use the system, each user should have their own user account.
This chapter describes:
The different types of user accounts on a FreeBSD system.
How to add, remove, and modify user accounts.
How to set limits to control the resources that users and groups are allowed to access.
How to create groups and add users as members of a group.
Since all access to the FreeBSD system is achieved using accounts and all processes are run by users, user and account management is important.
There are three main types of accounts: system accounts, user accounts, and the superuser account.
System accounts are used to run services such as DNS, mail, and web servers. The reason for this is security; if all services ran as the superuser, they could act without restriction.
Examples of system accounts are
daemon
,
operator
,
bind
,
news
, and
www
.
Care must be taken when using the operator group, as
unintended superuser-like access privileges may be
granted, including but not limited to shutdown, reboot,
and access to all items in /dev
in the group.
nobody
is the
generic unprivileged system account. However, the more
services that use
nobody
, the more
files and processes that user will become associated with,
and hence the more privileged that user becomes.
User accounts are assigned to real people and are used to log in and use the system. Every person accessing the system should have a unique user account. This allows the administrator to find out who is doing what and prevents users from clobbering the settings of other users.
Each user can set up their own environment to accommodate their use of the system, by configuring their default shell, editor, key bindings, and language settings.
Every user account on a FreeBSD system has certain information associated with it:
The user name is typed at the
login:
prompt. Each user must have
a unique user name. There are a number of rules for
creating valid user names which are documented in
passwd(5). It is recommended to use user names
that consist of eight or fewer, all lower case
characters in order to maintain backwards
compatibility with applications.
Each account has an associated password.
The User ID (UID) is a number used to uniquely identify the user to the FreeBSD system. Commands that allow a user name to be specified will first convert it to the UID. It is recommended to use a UID less than 65535, since higher values may cause compatibility issues with some software.
The Group ID (GID) is a number used to uniquely identify the primary group that the user belongs to. Groups are a mechanism for controlling access to resources based on a user's GID rather than their UID. This can significantly reduce the size of some configuration files and allows users to be members of more than one group. It is recommended to use a GID of 65535 or lower as higher GIDs may break some software.
Login classes are an extension to the group mechanism that provide additional flexibility when tailoring the system to different users. Login classes are discussed further in Section 13.13.1, “Configuring Login Classes”.
By default, passwords do not expire. However, password expiration can be enabled on a per-user basis, forcing some or all users to change their passwords after a certain amount of time has elapsed.
By default, FreeBSD does not expire accounts. When creating accounts that need a limited lifespan, such as student accounts in a school, specify the account expiry date using pw(8). After the expiry time has elapsed, the account cannot be used to log in to the system, although the account's directories and files will remain.
The user name uniquely identifies the account to FreeBSD, but does not necessarily reflect the user's real name. Similar to a comment, this information can contain spaces, uppercase characters, and be more than 8 characters long.
The home directory is the full path to a directory
on the system. This is the user's starting directory
when the user logs in. A common convention is to put
all user home directories under
or /home/username
.
Each user stores their personal files and
subdirectories in their own home directory./usr/home/username
The shell provides the user's default environment for interacting with the system. There are many different kinds of shells and experienced users will have their own preferences, which can be reflected in their account settings.
The superuser account, usually called
root
, is used to
manage the system with no limitations on privileges. For
this reason, it should not be used for day-to-day tasks like
sending and receiving mail, general exploration of the
system, or programming.
The superuser, unlike other user accounts, can operate without limits, and misuse of the superuser account may result in spectacular disasters. User accounts are unable to destroy the operating system by mistake, so it is recommended to login as a user account and to only become the superuser when a command requires extra privilege.
Always double and triple-check any commands issued as the superuser, since an extra space or missing character can mean irreparable data loss.
There are several ways to gain superuser privilege.
While one can log in as
root
, this is
highly discouraged.
Instead, use su(1) to become the superuser. If
-
is specified when running this command,
the user will also inherit the root user's environment. The
user running this command must be in the
wheel
group or
else the command will fail. The user must also know the
password for the
root
user
account.
In this example, the user only becomes superuser in
order to run make install
as this step
requires superuser privilege. Once the command completes,
the user types exit
to leave the
superuser account and return to the privilege of their user
account.
%
configure
%
make
%
su -
Password:#
make install
#
exit
%
The built-in su(1) framework works well for single systems or small networks with just one system administrator. An alternative is to install the security/sudo package or port. This software provides activity logging and allows the administrator to configure which users can run which commands as the superuser.
FreeBSD provides a variety of different commands to manage user accounts. The most common commands are summarized in Table 3.1, “Utilities for Managing User Accounts”, followed by some examples of their usage. See the manual page for each utility for more details and usage examples.
Command | Summary |
---|---|
adduser(8) | The recommended command-line application for adding new users. |
rmuser(8) | The recommended command-line application for removing users. |
chpass(1) | A flexible tool for changing user database information. |
passwd(1) | The command-line tool to change user passwords. |
pw(8) | A powerful and flexible tool for modifying all aspects of user accounts. |
The recommended program for adding new users is
adduser(8). When a new user is added, this program
automatically updates /etc/passwd
and
/etc/group
. It also creates a home
directory for the new user, copies in the default
configuration files from
/usr/share/skel
, and can optionally
mail the new user a welcome message. This utility must be
run as the superuser.
The adduser(8) utility is interactive and walks
through the steps for creating a new user account. As seen
in Example 3.2, “Adding a User on FreeBSD”, either input
the required information or press Return
to accept the default value shown in square brackets.
In this example, the user has been invited into the
wheel
group,
allowing them to become the superuser with su(1).
When finished, the utility will prompt to either
create another user or to exit.
#
adduser
Username:jru
Full name:J. Random User
Uid (Leave empty for default): Login group [jru]: Login group is jru. Invite jru into other groups? []:wheel
Login class [default]: Shell (sh csh tcsh zsh nologin) [sh]:zsh
Home directory [/home/jru]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : jru Password : **** Full Name : J. Random User Uid : 1001 Class : Groups : jru wheel Home : /home/jru Shell : /usr/local/bin/zsh Locked : no OK? (yes/no):yes
adduser: INFO: Successfully added (jru) to the user database. Add another user? (yes/no):no
Goodbye!#
Since the password is not echoed when typed, be careful to not mistype the password when creating the user account.
To completely remove a user from the system, run rmuser(8) as the superuser. This command performs the following steps:
Removes the user's crontab(1) entry, if one exists.
Removes any at(1) jobs belonging to the user.
Kills all processes owned by the user.
Removes the user from the system's local password file.
Optionally removes the user's home directory, if it is owned by the user.
Removes the incoming mail files belonging to the
user from /var/mail
.
Removes all files owned by the user from temporary
file storage areas such as
/tmp
.
Finally, removes the username from all groups to
which it belongs in /etc/group
. If
a group becomes empty and the group name is the same as
the username, the group is removed. This complements
the per-user unique groups created by
adduser(8).
rmuser(8) cannot be used to remove superuser accounts since that is almost always an indication of massive destruction.
By default, an interactive mode is used, as shown in the following example.
rmuser
Interactive Account
Removal#
rmuser jru
Matching password entry: jru:*:1001:1001::0:0:J. Random User:/home/jru:/usr/local/bin/zsh Is this the entry you wish to remove?y
Remove user's home directory (/home/jru)?y
Removing user (jru): mailspool home passwd.#
Any user can use chpass(1) to change their default shell and personal information associated with their user account. The superuser can use this utility to change additional account information for any user.
When passed no options, aside from an optional username, chpass(1) displays an editor containing user information. When the user exits from the editor, the user database is updated with the new information.
This utility will prompt for the user's password when exiting the editor, unless the utility is run as the superuser.
In Example 3.4, “Using chpass
as
Superuser”, the
superuser has typed chpass jru
and is
now viewing the fields that can be changed for this user.
If jru
runs this
command instead, only the last six fields will be displayed
and available for editing. This is shown in
Example 3.5, “Using chpass
as Regular
User”.
chpass
as
Superuser#Changing user database information for jru. Login: jru Password: * Uid [#]: 1001 Gid [# or name]: 1001 Change [month day year]: Expire [month day year]: Class: Home directory: /home/jru Shell: /usr/local/bin/zsh Full Name: J. Random User Office Location: Office Phone: Home Phone: Other information:
chpass
as Regular
User#Changing user database information for jru. Shell: /usr/local/bin/zsh Full Name: J. Random User Office Location: Office Phone: Home Phone: Other information:
The commands chfn(1) and chsh(1) are links
to chpass(1), as are ypchpass(1),
ypchfn(1), and ypchsh(1). Since
NIS support is automatic, specifying
the yp
before the command is not
necessary. How to configure NIS is covered in Chapter 29, Network Servers.
Any user can easily change their password using passwd(1). To prevent accidental or unauthorized changes, this command will prompt for the user's original password before a new password can be set:
%
passwd
Changing local password for jru. Old password: New password: Retype new password: passwd: updating the database... passwd: done
The superuser can change any user's password by specifying the username when running passwd(1). When this utility is run as the superuser, it will not prompt for the user's current password. This allows the password to be changed when a user cannot remember the original password.
#
passwd jru
Changing local password for jru. New password: Retype new password: passwd: updating the database... passwd: done
As with chpass(1), yppasswd(1) is a link to passwd(1), so NIS works with either command.
The pw(8) utility can create, remove, modify, and display users and groups. It functions as a front end to the system user and group files. pw(8) has a very powerful set of command line options that make it suitable for use in shell scripts, but new users may find it more complicated than the other commands presented in this section.
A group is a list of users. A group is identified by its group name and GID. In FreeBSD, the kernel uses the UID of a process, and the list of groups it belongs to, to determine what the process is allowed to do. Most of the time, the GID of a user or process usually means the first group in the list.
The group name to GID mapping is listed
in /etc/group
. This is a plain text file
with four colon-delimited fields. The first field is the
group name, the second is the encrypted password, the third
the GID, and the fourth the comma-delimited
list of members. For a more complete description of the
syntax, refer to group(5).
The superuser can modify /etc/group
using a text editor. Alternatively, pw(8) can be used to
add and edit groups. For example, to add a group called
teamtwo
and then
confirm that it exists:
In this example, 1100
is the
GID of
teamtwo
. Right
now, teamtwo
has no
members. This command will add
jru
as a member of
teamtwo
.
#
pw groupmod teamtwo -M jru
#
pw groupshow teamtwo
teamtwo:*:1100:jru
The argument to -M
is a comma-delimited
list of users to be added to a new (empty) group or to replace
the members of an existing group. To the user, this group
membership is different from (and in addition to) the user's
primary group listed in the password file. This means that
the user will not show up as a member when using
groupshow
with pw(8), but will show up
when the information is queried via id(1) or a similar
tool. When pw(8) is used to add a user to a group, it
only manipulates /etc/group
and does not
attempt to read additional data from
/etc/passwd
.
#
pw groupmod teamtwo -m db
#
pw groupshow teamtwo
teamtwo:*:1100:jru,db
In this example, the argument to -m
is a
comma-delimited list of users who are to be added to the
group. Unlike the previous example, these users are appended
to the group and do not replace existing users in the
group.
%
id jru
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
In this example,
jru
is a member of
the groups jru
and
teamtwo
.
For more information about this command and the format of
/etc/group
, refer to pw(8) and
group(5).
In FreeBSD, every file and directory has an associated set of permissions and several utilities are available for viewing and modifying these permissions. Understanding how permissions work is necessary to make sure that users are able to access the files that they need and are unable to improperly access the files used by the operating system or owned by other users.
This section discusses the traditional UNIX® permissions used in FreeBSD. For finer grained file system access control, refer to Section 13.9, “Access Control Lists”.
In UNIX®, basic permissions are assigned using
three types of access: read, write, and execute. These access
types are used to determine file access to the file's owner,
group, and others (everyone else). The read, write, and execute
permissions can be represented as the letters
r
, w
, and
x
. They can also be represented as binary
numbers as each permission is either on or off
(0
). When represented as a number, the
order is always read as rwx
, where
r
has an on value of 4
,
w
has an on value of 2
and x
has an on value of
1
.
Table 4.1 summarizes the possible numeric and alphabetic
possibilities. When reading the “Directory
Listing” column, a -
is used to
represent a permission that is set to off.
Value | Permission | Directory Listing |
---|---|---|
0 | No read, no write, no execute | --- |
1 | No read, no write, execute | --x |
2 | No read, write, no execute | -w- |
3 | No read, write, execute | -wx |
4 | Read, no write, no execute | r-- |
5 | Read, no write, execute | r-x |
6 | Read, write, no execute | rw- |
7 | Read, write, execute | rwx |
Use the -l
argument to ls(1) to view a
long directory listing that includes a column of information
about a file's permissions for the owner, group, and everyone
else. For example, a ls -l
in an arbitrary
directory may show:
%
ls -l
total 530 -rw-r--r-- 1 root wheel 512 Sep 5 12:31 myfile -rw-r--r-- 1 root wheel 512 Sep 5 12:31 otherfile -rw-r--r-- 1 root wheel 7680 Sep 5 12:31 email.txt
The first (leftmost) character in the first column indicates
whether this file is a regular file, a directory, a special
character device, a socket, or any other special pseudo-file
device. In this example, the -
indicates a
regular file. The next three characters, rw-
in this example, give the permissions for the owner of the file.
The next three characters, r--
, give the
permissions for the group that the file belongs to. The final
three characters, r--
, give the permissions
for the rest of the world. A dash means that the permission is
turned off. In this example, the permissions are set so the
owner can read and write to the file, the group can read the
file, and the rest of the world can only read the file.
According to the table above, the permissions for this file
would be 644
, where each digit represents the
three parts of the file's permission.
How does the system control permissions on devices? FreeBSD
treats most hardware devices as a file that programs can open,
read, and write data to. These special device files are
stored in /dev/
.
Directories are also treated as files. They have read, write, and execute permissions. The executable bit for a directory has a slightly different meaning than that of files. When a directory is marked executable, it means it is possible to change into that directory using cd(1). This also means that it is possible to access the files within that directory, subject to the permissions on the files themselves.
In order to perform a directory listing, the read permission must be set on the directory. In order to delete a file that one knows the name of, it is necessary to have write and execute permissions to the directory containing the file.
There are more permission bits, but they are primarily used in special circumstances such as setuid binaries and sticky directories. For more information on file permissions and how to set them, refer to chmod(1).
Symbolic permissions use characters instead of octal values to assign permissions to files or directories. Symbolic permissions use the syntax of (who) (action) (permissions), where the following values are available:
Option | Letter | Represents |
---|---|---|
(who) | u | User |
(who) | g | Group owner |
(who) | o | Other |
(who) | a | All (“world”) |
(action) | + | Adding permissions |
(action) | - | Removing permissions |
(action) | = | Explicitly set permissions |
(permissions) | r | Read |
(permissions) | w | Write |
(permissions) | x | Execute |
(permissions) | t | Sticky bit |
(permissions) | s | Set UID or GID |
These values are used with chmod(1), but with
letters instead of numbers. For example, the following
command would block other users from accessing
FILE
:
%
chmod go= FILE
A comma separated list can be provided when more than one
set of changes to a file must be made. For example, the
following command removes the group and
“world” write permission on
FILE
, and adds the execute
permissions for everyone:
%
chmod go-w,a+x
FILE
In addition to file permissions, FreeBSD supports the use of
“file flags”. These flags add an additional
level of security and control over files, but not directories.
With file flags, even
root
can be
prevented from removing or altering files.
File flags are modified using chflags(1). For
example, to enable the system undeletable flag on the file
file1
, issue the following
command:
#
chflags sunlink file1
To disable the system undeletable flag, put a
“no” in front of the
sunlink
:
#
chflags nosunlink file1
To view the flags of a file, use -lo
with
ls(1):
#
ls -lo file1
-rw-r--r-- 1 trhodes trhodes sunlnk 0 Mar 1 05:54 file1
Several file flags may only be added or removed by the
root
user. In other
cases, the file owner may set its file flags. Refer to
chflags(1) and chflags(2) for more
information.
Other than the permissions already discussed, there are
three other specific settings that all administrators should
know about. They are the setuid
,
setgid
, and sticky
permissions.
These settings are important for some UNIX® operations as they provide functionality not normally granted to normal users. To understand them, the difference between the real user ID and effective user ID must be noted.
The real user ID is the UID who owns
or starts the process. The effective UID
is the user ID the process runs as. As an example,
passwd(1) runs with the real user ID when a user changes
their password. However, in order to update the password
database, the command runs as the effective ID of the
root
user. This
allows users to change their passwords without seeing a
Permission Denied error.
The setuid permission may be set by prefixing a permission set with the number four (4) as shown in the following example:
#
chmod 4755 suidexample.sh
The permissions on
now look like the following:suidexample.sh
-rwsr-xr-x 1 trhodes trhodes 63 Aug 29 06:36 suidexample.sh
Note that a s
is now part of the
permission set designated for the file owner, replacing the
executable bit. This allows utilities which need elevated
permissions, such as passwd(1).
The nosuid
mount(8) option will
cause such binaries to silently fail without alerting
the user. That option is not completely reliable as a
nosuid
wrapper may be able to circumvent
it.
To view this in real time, open two terminals. On
one, type passwd
as a normal user.
While it waits for a new password, check the process
table and look at the user information for
passwd(1):
In terminal A:
Changing local password for trhodes Old Password:
In terminal B:
#
ps aux | grep passwd
trhodes 5232 0.0 0.2 3420 1608 0 R+ 2:10AM 0:00.00 grep passwd root 5211 0.0 0.2 3620 1724 2 I+ 2:09AM 0:00.01 passwd
Although passwd(1) is run as a normal user, it is
using the effective UID of
root
.
The setgid
permission performs the
same function as the setuid
permission;
except that it alters the group settings. When an application
or utility executes with this setting, it will be granted the
permissions based on the group that owns the file, not the
user who started the process.
To set the setgid
permission on a
file, provide chmod(1) with a leading two (2):
#
chmod 2755 sgidexample.sh
In the following listing, notice that the
s
is now in the field designated for the
group permission settings:
-rwxr-sr-x 1 trhodes trhodes 44 Aug 31 01:49 sgidexample.sh
In these examples, even though the shell script in question is an executable file, it will not run with a different EUID or effective user ID. This is because shell scripts may not access the setuid(2) system calls.
The setuid
and
setgid
permission bits may lower system
security, by allowing for elevated permissions. The third
special permission, the sticky bit
, can
strengthen the security of a system.
When the sticky bit
is set on a
directory, it allows file deletion only by the file owner.
This is useful to prevent file deletion in public directories,
such as /tmp
, by users
who do not own the file. To utilize this permission, prefix
the permission set with a one (1):
#
chmod 1777 /tmp
The sticky bit
permission will display
as a t
at the very end of the permission
set:
#
ls -al / | grep tmp
drwxrwxrwt 10 root wheel 512 Aug 31 01:49 tmp
The FreeBSD directory hierarchy is fundamental to obtaining an overall understanding of the system. The most important directory is root or, “/”. This directory is the first one mounted at boot time and it contains the base system necessary to prepare the operating system for multi-user operation. The root directory also contains mount points for other file systems that are mounted during the transition to multi-user operation.
A mount point is a directory where additional file systems
can be grafted onto a parent file system (usually the root file
system). This is further described in
Section 3.6, “Disk Organization”. Standard mount points
include /usr/
, /var/
,
/tmp/
, /mnt/
, and
/cdrom/
. These directories are usually
referenced to entries in /etc/fstab
. This
file is a table of various file systems and mount points and is
read by the system. Most of the file systems in
/etc/fstab
are mounted automatically at
boot time from the script rc(8) unless their entry includes
noauto
. Details can be found in
Section 3.7.1, “The fstab
File”.
A complete description of the file system hierarchy is available in hier(7). The following table provides a brief overview of the most common directories.
Directory | Description |
---|---|
/ | Root directory of the file system. |
/bin/ | User utilities fundamental to both single-user and multi-user environments. |
/boot/ | Programs and configuration files used during operating system bootstrap. |
/boot/defaults/ | Default boot configuration files. Refer to loader.conf(5) for details. |
/dev/ | Device nodes. Refer to intro(4) for details. |
/etc/ | System configuration files and scripts. |
/etc/defaults/ | Default system configuration files. Refer to rc(8) for details. |
/etc/mail/ | Configuration files for mail transport agents such as sendmail(8). |
/etc/periodic/ | Scripts that run daily, weekly, and monthly, via cron(8). Refer to periodic(8) for details. |
/etc/ppp/ | ppp(8) configuration files. |
/mnt/ | Empty directory commonly used by system administrators as a temporary mount point. |
/proc/ | Process file system. Refer to procfs(5), mount_procfs(8) for details. |
/rescue/ | Statically linked programs for emergency recovery as described in rescue(8). |
/root/ | Home directory for the
root
account. |
/sbin/ | System programs and administration utilities fundamental to both single-user and multi-user environments. |
/tmp/ | Temporary files which are usually
not preserved across a system
reboot. A memory-based file system is often mounted
at /tmp . This can be automated
using the tmpmfs-related variables of rc.conf(5)
or with an entry in /etc/fstab ;
refer to mdmfs(8) for details. |
/usr/ | The majority of user utilities and applications. |
/usr/bin/ | Common utilities, programming tools, and applications. |
/usr/include/ | Standard C include files. |
/usr/lib/ | Archive libraries. |
/usr/libdata/ | Miscellaneous utility data files. |
/usr/libexec/ | System daemons and system utilities executed by other programs. |
/usr/local/ | Local executables and libraries. Also used as
the default destination for the FreeBSD ports framework.
Within
/usr/local , the
general layout sketched out by hier(7) for
/usr should be
used. Exceptions are the man directory, which is
directly under /usr/local rather than
under /usr/local/share , and
the ports documentation is in share/doc/ . |
/usr/obj/ | Architecture-specific target tree produced by
building the /usr/src
tree. |
/usr/ports/ | The FreeBSD Ports Collection (optional). |
/usr/sbin/ | System daemons and system utilities executed by users. |
/usr/share/ | Architecture-independent files. |
/usr/src/ | BSD and/or local source files. |
/var/ | Multi-purpose log, temporary, transient, and
spool files. A memory-based file system is sometimes
mounted at
/var . This can
be automated using the varmfs-related variables in
rc.conf(5) or with an entry in
/etc/fstab ; refer to
mdmfs(8) for details. |
/var/log/ | Miscellaneous system log files. |
/var/mail/ | User mailbox files. |
/var/spool/ | Miscellaneous printer and mail system spooling directories. |
/var/tmp/ | Temporary files which are usually preserved
across a system reboot, unless
/var is a
memory-based file system. |
/var/yp/ | NIS maps. |
The smallest unit of organization that FreeBSD uses to find
files is the filename. Filenames are case-sensitive, which
means that readme.txt
and
README.TXT
are two separate files. FreeBSD
does not use the extension of a file to determine whether the
file is a program, document, or some other form of data.
Files are stored in directories. A directory may contain no files, or it may contain many hundreds of files. A directory can also contain other directories, allowing a hierarchy of directories within one another in order to organize data.
Files and directories are referenced by giving the file or
directory name, followed by a forward slash,
/
, followed by any other directory names that
are necessary. For example, if the directory
foo
contains a directory
bar
which contains the
file readme.txt
, the full name, or
path, to the file is
foo/bar/readme.txt
. Note that this is
different from Windows® which uses \
to
separate file and directory names. FreeBSD does not use drive
letters, or other drive names in the path. For example, one
would not type c:\foo\bar\readme.txt
on
FreeBSD.
Directories and files are stored in a file system. Each
file system contains exactly one directory at the very top
level, called the root directory for that
file system. This root directory can contain other directories.
One file system is designated the
root file system or /
.
Every other file system is mounted under
the root file system. No matter how many disks are on the FreeBSD
system, every directory appears to be part of the same
disk.
Consider three file systems, called A
,
B
, and C
. Each file
system has one root directory, which contains two other
directories, called A1
, A2
(and likewise B1
, B2
and
C1
, C2
).
Call A
the root file system. If
ls(1) is used to view the contents of this directory,
it will show two subdirectories, A1
and
A2
. The directory tree looks like
this:
A file system must be mounted on to a directory in another
file system. When mounting file system B
on to the directory A1
, the root directory
of B
replaces A1
, and
the directories in B
appear
accordingly:
Any files that are in the B1
or
B2
directories can be reached with the path
/A1/B1
or
/A1/B2
as necessary. Any
files that were in /A1
have been temporarily hidden. They will reappear if
B
is unmounted from
A
.
If B
had been mounted on
A2
then the diagram would look like
this:
and the paths would be
/A2/B1
and
/A2/B2
respectively.
File systems can be mounted on top of one another.
Continuing the last example, the C
file
system could be mounted on top of the B1
directory in the B
file system, leading to
this arrangement:
Or C
could be mounted directly on to the
A
file system, under the
A1
directory:
It is entirely possible to have one large root file system, and not need to create any others. There are some drawbacks to this approach, and one advantage.
Different file systems can have different
mount options. For example, the root
file system can be mounted read-only, making it impossible
for users to inadvertently delete or edit a critical file.
Separating user-writable file systems, such as
/home
, from other
file systems allows them to be mounted
nosuid. This option prevents the
suid/guid bits
on executables stored on the file system from taking effect,
possibly improving security.
FreeBSD automatically optimizes the layout of files on a file system, depending on how the file system is being used. So a file system that contains many small files that are written frequently will have a different optimization to one that contains fewer, larger files. By having one big file system this optimization breaks down.
FreeBSD's file systems are robust if power is lost. However, a power loss at a critical point could still damage the structure of the file system. By splitting data over multiple file systems it is more likely that the system will still come up, making it easier to restore from backup as necessary.
File systems are a fixed size. If you create a file system when you install FreeBSD and give it a specific size, you may later discover that you need to make the partition bigger. This is not easily accomplished without backing up, recreating the file system with the new size, and then restoring the backed up data.
FreeBSD features the growfs(8) command, which makes it possible to increase the size of file system on the fly, removing this limitation.
File systems are contained in partitions. This does not
have the same meaning as the common usage of the term partition
(for example, MS-DOS® partition), because of FreeBSD's UNIX®
heritage. Each partition is identified by a letter from
a
through to h
. Each
partition can contain only one file system, which means that
file systems are often described by either their typical mount
point in the file system hierarchy, or the letter of the
partition they are contained in.
FreeBSD also uses disk space for swap space to provide virtual memory. This allows your computer to behave as though it has much more memory than it actually does. When FreeBSD runs out of memory, it moves some of the data that is not currently being used to the swap space, and moves it back in (moving something else out) when it needs it.
Some partitions have certain conventions associated with them.
Partition | Convention |
---|---|
a | Normally contains the root file system. |
b | Normally contains swap space. |
c | Normally the same size as the enclosing slice.
This allows utilities that need to work on the entire
slice, such as a bad block scanner, to work on the
c partition. A file system would not
normally be created on this partition. |
d | Partition d used to have a
special meaning associated with it, although that is now
gone and d may work as any normal
partition. |
Disks in FreeBSD are divided into slices, referred to in Windows® as partitions, which are numbered from 1 to 4. These are then divided into partitions, which contain file systems, and are labeled using letters.
Slice numbers follow the device name, prefixed with an
s
, starting at 1. So
“da0s1” is the first slice on
the first SCSI drive. There can only be four physical slices on
a disk, but there can be logical slices inside physical slices
of the appropriate type. These extended slices are numbered
starting at 5, so “ada0s5” is
the first extended slice on the first SATA disk. These devices
are used by file systems that expect to occupy a slice.
Slices, “dangerously dedicated” physical
drives, and other drives contain
partitions, which are represented as
letters from a
to h
. This
letter is appended to the device name, so
“da0a” is the
a
partition on the first
da
drive, which is
“dangerously dedicated”.
“ada1s3e” is the fifth
partition in the third slice of the second SATA disk
drive.
Finally, each disk on the system is identified. A disk name starts with a code that indicates the type of disk, and then a number, indicating which disk it is. Unlike slices, disk numbering starts at 0. Common codes are listed in Table 3.3, “Disk Device Names”.
When referring to a partition, include the disk name,
s
, the slice number, and then the partition
letter. Examples are shown in
Example 3.12, “Sample Disk, Slice, and Partition Names”.
Example 3.13, “Conceptual Model of a Disk” shows a conceptual model of a disk layout.
When installing FreeBSD, configure the disk slices, create partitions within the slice to be used for FreeBSD, create a file system or swap space in each partition, and decide where each file system will be mounted.
Drive Type | Drive Device Name |
---|---|
SATA and IDE hard drives | ada or
ad |
SCSI hard drives and USB storage devices | da |
SATA and IDE CD-ROM drives | cd or
acd |
SCSI CD-ROM drives | cd |
Floppy drives | fd |
Assorted non-standard CD-ROM drives | mcd for Mitsumi
CD-ROM and scd for
Sony CD-ROM devices |
SCSI tape drives | sa |
IDE tape drives | ast |
RAID drives | Examples include aacd for
Adaptec® AdvancedRAID, mlxd and
mlyd for Mylex®,
amrd for AMI MegaRAID®,
idad for Compaq Smart RAID,
twed for 3ware® RAID. |
Name | Meaning |
---|---|
ada0s1a | The first partition (a ) on the
first slice (s1 ) on the first
SATA
disk (ada0 ). |
da1s2e | The fifth partition (e ) on the
second slice (s2 ) on the second
SCSI disk (da1 ). |
This diagram shows FreeBSD's view of the first
SATA disk attached to the system. Assume
that the disk is 250 GB in size, and contains an
80 GB slice and a 170 GB slice (MS-DOS®
partitions). The first slice contains a Windows®
NTFS file system, C:
,
and the second slice contains a FreeBSD installation. This
example FreeBSD installation has four data partitions and a swap
partition.
The four partitions each hold a file system. Partition
a
is used for the root file system,
d
for /var/
,
e
for /tmp/
, and
f
for /usr/
.
Partition letter c
refers to the entire
slice, and so is not used for ordinary partitions.
The file system is best visualized as a tree, rooted, as it
were, at /
.
/dev
,
/usr
, and the other
directories in the root directory are branches, which may have
their own branches, such as
/usr/local
, and so
on.
There are various reasons to house some of these
directories on separate file systems.
/var
contains the
directories log/
,
spool/
, and various types
of temporary files, and as such, may get filled up. Filling up
the root file system is not a good idea, so splitting
/var
from
/
is often
favorable.
Another common reason to contain certain directory trees on other file systems is if they are to be housed on separate physical disks, or are separate virtual disks, such as Network File System mounts, described in Section 29.3, “Network File System (NFS)”, or CDROM drives.
During the boot process (Chapter 12, The FreeBSD Booting Process), file
systems listed in /etc/fstab
are
automatically mounted except for the entries containing
noauto
. This file contains entries in the
following format:
device
/mount-point
fstype
options
dumpfreq
passno
device
An existing device name as explained in Table 3.3, “Disk Device Names”.
mount-point
An existing directory on which to mount the file system.
fstype
The file system type to pass to mount(8). The
default FreeBSD file system is
ufs
.
options
Either rw
for read-write file
systems, or ro
for read-only file
systems, followed by any other options that may be
needed. A common option is noauto
for
file systems not normally mounted during the boot
sequence. Other options are listed in
mount(8).
dumpfreq
Used by dump(8) to determine which file systems require dumping. If the field is missing, a value of zero is assumed.
passno
Determines the order in which file systems should be
checked. File systems that should be skipped should
have their passno
set to zero. The
root file system needs to be checked before everything
else and should have its passno
set
to one. The other file systems should be set to
values greater than one. If more than one file system
has the same passno
, fsck(8)
will attempt to check file systems in parallel if
possible.
Refer to fstab(5) for more information on the format
of /etc/fstab
and its options.
File systems are mounted using mount(8). The most basic syntax is as follows:
#
mount
device
mountpoint
This command provides many options which are described in mount(8), The most commonly used options include:
-a
Mount all the file systems listed in
/etc/fstab
, except those marked as
“noauto”, excluded by the
-t
flag, or those that are already
mounted.
-d
Do everything except for the actual mount system
call. This option is useful in conjunction with the
-v
flag to determine what mount(8)
is actually trying to do.
-f
Force the mount of an unclean file system (dangerous), or the revocation of write access when downgrading a file system's mount status from read-write to read-only.
-r
Mount the file system read-only. This is identical
to using -o ro
.
-t
fstype
Mount the specified file system type or mount only
file systems of the given type, if -a
is included. “ufs” is the default file
system type.
-u
Update mount options on the file system.
-v
Be verbose.
-w
Mount the file system read-write.
The following options can be passed to -o
as a comma-separated list:
Do not interpret setuid or setgid flags on the file system. This is also a useful security option.
To unmount a file system use umount(8). This command
takes one parameter which can be a mountpoint, device name,
-a
or -A
.
All forms take -f
to force unmounting,
and -v
for verbosity. Be warned that
-f
is not generally a good idea as it might
crash the computer or damage data on the file system.
To unmount all mounted file systems, or just the file
system types listed after -t
, use
-a
or -A
. Note that
-A
does not attempt to unmount the root file
system.
FreeBSD is a multi-tasking operating system. Each program running at any one time is called a process. Every running command starts at least one new process and there are a number of system processes that are run by FreeBSD.
Each process is uniquely identified by a number called a
process ID (PID).
Similar to files, each process has one owner and group, and
the owner and group permissions are used to determine which
files and devices the process can open. Most processes also
have a parent process that started them. For example, the
shell is a process, and any command started in the shell is a
process which has the shell as its parent process. The
exception is a special process called init(8) which is
always the first process to start at boot time and which always
has a PID of 1
.
Some programs are not designed to be run with continuous user input and disconnect from the terminal at the first opportunity. For example, a web server responds to web requests, rather than user input. Mail servers are another example of this type of application. These types of programs are known as daemons. The term daemon comes from Greek mythology and represents an entity that is neither good nor evil, and which invisibly performs useful tasks. This is why the BSD mascot is the cheerful-looking daemon with sneakers and a pitchfork.
There is a convention to name programs that normally run as
daemons with a trailing “d”. For example,
BIND is the Berkeley Internet Name
Domain, but the actual program that executes is
named
. The
Apache web server program is
httpd
and the line printer spooling daemon
is lpd
. This is only a naming convention.
For example, the main mail daemon for the
Sendmail application is
sendmail
, and not
maild
.
To see the processes running on the system, use ps(1) or top(1). To display a static list of the currently running processes, their PIDs, how much memory they are using, and the command they were started with, use ps(1). To display all the running processes and update the display every few seconds in order to interactively see what the computer is doing, use top(1).
By default, ps(1) only shows the commands that are running and owned by the user. For example:
%
ps
PID TT STAT TIME COMMAND 8203 0 Ss 0:00.59 /bin/csh 8895 0 R+ 0:00.00 ps
The output from ps(1) is organized into a number of
columns. The PID
column displays the
process ID. PIDs are assigned starting at
1, go up to 99999, then wrap around back to the beginning.
However, a PID is not reassigned if it is
already in use. The TT
column shows the
tty the program is running on and STAT
shows the program's state. TIME
is the
amount of time the program has been running on the CPU. This
is usually not the elapsed time since the program was started,
as most programs spend a lot of time waiting for things to
happen before they need to spend time on the CPU. Finally,
COMMAND
is the command that was used to
start the program.
A number of different options are available to change the
information that is displayed. One of the most useful sets is
auxww
, where a
displays
information about all the running processes of all users,
u
displays the username and memory usage of
the process' owner, x
displays
information about daemon processes, and ww
causes ps(1) to display the full command line for each
process, rather than truncating it once it gets too long to
fit on the screen.
The output from top(1) is similar:
%
top
last pid: 9609; load averages: 0.56, 0.45, 0.36 up 0+00:20:03 10:21:46 107 processes: 2 running, 104 sleeping, 1 zombie CPU: 6.2% user, 0.1% nice, 8.2% system, 0.4% interrupt, 85.1% idle Mem: 541M Active, 450M Inact, 1333M Wired, 4064K Cache, 1498M Free ARC: 992M Total, 377M MFU, 589M MRU, 250K Anon, 5280K Header, 21M Other Swap: 2048M Total, 2048M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 557 root 1 -21 r31 136M 42296K select 0 2:20 9.96% Xorg 8198 dru 2 52 0 449M 82736K select 3 0:08 5.96% kdeinit4 8311 dru 27 30 0 1150M 187M uwait 1 1:37 0.98% firefox 431 root 1 20 0 14268K 1728K select 0 0:06 0.98% moused 9551 dru 1 21 0 16600K 2660K CPU3 3 0:01 0.98% top 2357 dru 4 37 0 718M 141M select 0 0:21 0.00% kdeinit4 8705 dru 4 35 0 480M 98M select 2 0:20 0.00% kdeinit4 8076 dru 6 20 0 552M 113M uwait 0 0:12 0.00% soffice.bin 2623 root 1 30 10 12088K 1636K select 3 0:09 0.00% powerd 2338 dru 1 20 0 440M 84532K select 1 0:06 0.00% kwin 1427 dru 5 22 0 605M 86412K select 1 0:05 0.00% kdeinit4
The output is split into two sections. The header (the
first five or six lines) shows the PID of
the last process to run, the system load averages (which are a
measure of how busy the system is), the system uptime (time
since the last reboot) and the current time. The other
figures in the header relate to how many processes are
running, how much memory and swap space has been used, and how
much time the system is spending in different CPU states. If
the ZFS file system module has been loaded,
an ARC
line indicates how much data was
read from the memory cache instead of from disk.
Below the header is a series of columns containing similar information to the output from ps(1), such as the PID, username, amount of CPU time, and the command that started the process. By default, top(1) also displays the amount of memory space taken by the process. This is split into two columns: one for total size and one for resident size. Total size is how much memory the application has needed and the resident size is how much it is actually using now.
top(1) automatically updates the display every two
seconds. A different interval can be specified with
-s
.
One way to communicate with any running process or daemon
is to send a signal using kill(1).
There are a number of different signals; some have a specific
meaning while others are described in the application's
documentation. A user can only send a signal to a process
they own and sending a signal to someone else's process will
result in a permission denied error. The exception is the
root
user, who can
send signals to anyone's processes.
The operating system can also send a signal to a process.
If an application is badly written and tries to access memory
that it is not supposed to, FreeBSD will send the process the
“Segmentation Violation” signal
(SIGSEGV
). If an application has been
written to use the alarm(3) system call to be alerted
after a period of time has elapsed, it will be sent the
“Alarm” signal
(SIGALRM
).
Two signals can be used to stop a process:
SIGTERM
and SIGKILL
.
SIGTERM
is the polite way to kill a process
as the process can read the signal, close any log files it may
have open, and attempt to finish what it is doing before
shutting down. In some cases, a process may ignore
SIGTERM
if it is in the middle of some task
that cannot be interrupted.
SIGKILL
cannot be ignored by a
process. Sending a SIGKILL
to a
process will usually stop that process there and then.
[1].
Other commonly used signals are SIGHUP
,
SIGUSR1
, and SIGUSR2
.
Since these are general purpose signals, different
applications will respond differently.
For example, after changing a web server's configuration
file, the web server needs to be told to re-read its
configuration. Restarting httpd
would
result in a brief outage period on the web server. Instead,
send the daemon the SIGHUP
signal. Be
aware that different daemons will have different behavior, so
refer to the documentation for the daemon to determine if
SIGHUP
will achieve the desired
results.
This example shows how to send a signal to
inetd(8). The inetd(8) configuration file is
/etc/inetd.conf
, and inetd(8) will
re-read this configuration file when it is sent a
SIGHUP
.
Find the PID of the process to send the signal to using pgrep(1). In this example, the PID for inetd(8) is 198:
%
pgrep -l inetd
198 inetd -wW
Use kill(1) to send the signal. Because
inetd(8) is owned by
root
, use
su(1) to become
root
first.
%
su
Password:
#
/bin/kill -s HUP 198
Like most UNIX® commands, kill(1) will not print
any output if it is successful. If a signal is sent to a
process not owned by that user, the message
kill: PID
: Operation
not permitted will be displayed. Mistyping
the PID will either send the signal to
the wrong process, which could have negative results, or
will send the signal to a PID that is
not currently in use, resulting in the error
kill: PID
: No such
process.
/bin/kill
?: Many shells provide kill
as a
built in command, meaning that the shell will send the
signal directly, rather than running
/bin/kill
. Be aware that different
shells have a different syntax for specifying the name
of the signal to send. Rather than try to learn all of
them, it can be simpler to specify
/bin/kill
.
When sending other signals, substitute
TERM
or KILL
with the
name of the signal.
A shell provides a command line
interface for interacting with the operating system. A shell
receives commands from the input channel and executes them.
Many shells provide built in functions to help with everyday
tasks such as file management, file globbing, command line
editing, command macros, and environment variables. FreeBSD comes
with several shells, including the Bourne shell (sh(1)) and
the extended C shell (tcsh(1)). Other shells are available
from the FreeBSD Ports Collection, such as
zsh
and bash
.
The shell that is used is really a matter of taste. A C
programmer might feel more comfortable with a C-like shell such
as tcsh(1). A Linux® user might prefer
bash
. Each shell has unique properties that
may or may not work with a user's preferred working environment,
which is why there is a choice of which shell to use.
One common shell feature is filename completion. After a
user types the first few letters of a command or filename and
presses Tab, the shell completes the rest of
the command or filename. Consider two files called
foobar
and football
.
To delete foobar
, the user might type
rm foo
and press Tab to
complete the filename.
But the shell only shows rm foo
. It was
unable to complete the filename because both
foobar
and football
start with foo
. Some shells sound a beep or
show all the choices if more than one name matches. The user
must then type more characters to identify the desired filename.
Typing a t
and pressing Tab
again is enough to let the shell determine which filename is
desired and fill in the rest.
Another feature of the shell is the use of environment variables. Environment variables are a variable/key pair stored in the shell's environment. This environment can be read by any program invoked by the shell, and thus contains a lot of program configuration. Table 3.4, “Common Environment Variables” provides a list of common environment variables and their meanings. Note that the names of environment variables are always in uppercase.
Variable | Description |
---|---|
USER | Current logged in user's name. |
PATH | Colon-separated list of directories to search for binaries. |
DISPLAY | Network name of the Xorg display to connect to, if available. |
SHELL | The current shell. |
TERM | The name of the user's type of terminal. Used to determine the capabilities of the terminal. |
TERMCAP | Database entry of the terminal escape codes to perform various terminal functions. |
OSTYPE | Type of operating system. |
MACHTYPE | The system's CPU architecture. |
EDITOR | The user's preferred text editor. |
PAGER | The user's preferred utility for viewing text one page at a time. |
MANPATH | Colon-separated list of directories to search for manual pages. |
How to set an environment variable differs between shells.
In tcsh(1) and csh(1), use
setenv
to set environment variables. In
sh(1) and bash
, use
export
to set the current environment
variables. This example sets the default EDITOR
to /usr/local/bin/emacs
for the
tcsh(1) shell:
%
setenv EDITOR /usr/local/bin/emacs
The equivalent command for bash
would be:
%
export EDITOR="/usr/local/bin/emacs"
To expand an environment variable in order to see its
current setting, type a $
character in front
of its name on the command line. For example,
echo $TERM
displays the current
$TERM
setting.
Shells treat special characters, known as meta-characters,
as special representations of data. The most common
meta-character is *
, which represents any
number of characters in a filename. Meta-characters can be used
to perform filename globbing. For example, echo
*
is equivalent to ls
because
the shell takes all the files that match *
and echo
lists them on the command
line.
To prevent the shell from interpreting a special character,
escape it from the shell by starting it with a backslash
(\
). For example, echo
$TERM
prints the terminal setting whereas
echo \$TERM
literally prints the string
$TERM
.
The easiest way to permanently change the default shell is
to use chsh
. Running this command will
open the editor that is configured in the
EDITOR
environment variable, which by default
is set to vi(1). Change the Shell:
line to the full path of the new shell.
Alternately, use chsh -s
which will set
the specified shell without opening an editor. For example,
to change the shell to bash
:
%
chsh -s /usr/local/bin/bash
The new shell must be present in
/etc/shells
. If the shell was
installed from the FreeBSD Ports Collection as described in
Chapter 4, Installing Applications: Packages and Ports, it should be automatically added
to this file. If it is missing, add it using this command,
replacing the path with the path of the shell:
#
echo
/usr/local/bin/bash
>> /etc/shells
Then, rerun chsh(1).
The UNIX® shell is not just a command interpreter, it acts as a powerful tool which allows users to execute commands, redirect their output, redirect their input and chain commands together to improve the final command output. When this functionality is mixed with built in commands, the user is provided with an environment that can maximize efficiency.
Shell redirection is the action of sending the output or the input of a command into another command or into a file. To capture the output of the ls(1) command, for example, into a file, redirect the output:
%
ls > directory_listing.txt
The directory contents will now be listed in
directory_listing.txt
. Some commands can
be used to read input, such as sort(1). To sort this
listing, redirect the input:
%
sort < directory_listing.txt
The input will be sorted and placed on the screen. To redirect that input into another file, one could redirect the output of sort(1) by mixing the direction:
%
sort < directory_listing.txt > sorted.txt
In all of the previous examples, the commands are performing redirection using file descriptors. Every UNIX® system has file descriptors, which include standard input (stdin), standard output (stdout), and standard error (stderr). Each one has a purpose, where input could be a keyboard or a mouse, something that provides input. Output could be a screen or paper in a printer. And error would be anything that is used for diagnostic or error messages. All three are considered I/O based file descriptors and sometimes considered streams.
Through the use of these descriptors, the shell allows output and input to be passed around through various commands and redirected to or from a file. Another method of redirection is the pipe operator.
The UNIX® pipe operator, “|” allows the output of one command to be directly passed or directed to another program. Basically, a pipe allows the standard output of a command to be passed as standard input to another command, for example:
%
cat directory_listing.txt | sort | less
In that example, the contents of
directory_listing.txt
will be sorted and
the output passed to less(1). This allows the user to
scroll through the output at their own pace and prevent it
from scrolling off the screen.
Most FreeBSD configuration is done by editing text files. Because of this, it is a good idea to become familiar with a text editor. FreeBSD comes with a few as part of the base system, and many more are available in the Ports Collection.
A simple editor to learn is ee(1), which stands for
easy editor. To start this editor, type ee
where
filename
filename
is the name of the file to
be edited. Once inside the editor, all of the commands for
manipulating the editor's functions are listed at the top of the
display. The caret (^
) represents
Ctrl, so ^e
expands to
Ctrl+e. To leave ee(1), press Esc,
then choose the “leave editor” option from the main
menu. The editor will prompt to save any changes if the file
has been modified.
FreeBSD also comes with more powerful text editors, such as vi(1), as part of the base system. Other editors, like editors/emacs and editors/vim, are part of the FreeBSD Ports Collection. These editors offer more functionality at the expense of being more complicated to learn. Learning a more powerful editor such as vim or Emacs can save more time in the long run.
Many applications which modify files or require typed input
will automatically open a text editor. To change the default
editor, set the EDITOR
environment
variable as described in Section 3.9, “Shells”.
A device is a term used mostly for hardware-related
activities in a system, including disks, printers, graphics
cards, and keyboards. When FreeBSD boots, the majority of the boot
messages refer to devices being detected. A copy of the boot
messages are saved to
/var/run/dmesg.boot
.
Each device has a device name and number. For example,
ada0
is the first SATA hard drive,
while kbd0
represents the
keyboard.
Most devices in FreeBSD must be accessed through special
files called device nodes, which are located in
/dev
.
The most comprehensive documentation on FreeBSD is in the form
of manual pages. Nearly every program on the system comes with
a short reference manual explaining the basic operation and
available arguments. These manuals can be viewed using
man
:
%
man
command
where command
is the name of the
command to learn about. For example, to learn more about
ls(1), type:
%
man ls
Manual pages are divided into sections which represent the type of topic. In FreeBSD, the following sections are available:
User commands.
System calls and error numbers.
Functions in the C libraries.
Device drivers.
File formats.
Games and other diversions.
Miscellaneous information.
System maintenance and operation commands.
System kernel interfaces.
In some cases, the same topic may appear in more than one
section of the online manual. For example, there is a
chmod
user command and a
chmod()
system call. To tell man(1)
which section to display, specify the section number:
%
man 1 chmod
This will display the manual page for the user command chmod(1). References to a particular section of the online manual are traditionally placed in parenthesis in written documentation, so chmod(1) refers to the user command and chmod(2) refers to the system call.
If the name of the manual page is unknown, use man
-k
to search for keywords in the manual page
descriptions:
%
man -k
This command displays a list of commands that have the keyword “mail” in their descriptions. This is equivalent to using apropos(1).
To read the descriptions for all of the commands in
/usr/bin
, type:
%
cd /usr/bin
%
man -f * | more
or
%
cd /usr/bin
%
whatis * |more
FreeBSD includes several applications and utilities produced
by the Free Software Foundation (FSF). In addition to manual
pages, these programs may include hypertext documents called
info
files. These can be viewed using
info(1) or, if editors/emacs is
installed, the info mode of
emacs.
To use info(1), type:
%
info
For a brief introduction, type h
. For
a quick command reference, type ?
.
[1] There are a few tasks that cannot be interrupted. For example, if the process is trying to read from a file that is on another computer on the network, and the other computer is unavailable, the process is said to be “uninterruptible”. Eventually the process will time out, typically after two minutes. As soon as this time out occurs the process will be killed.
FreeBSD is bundled with a rich collection of system tools as part of the base system. In addition, FreeBSD provides two complementary technologies for installing third-party software: the FreeBSD Ports Collection, for installing from source, and packages, for installing from pre-built binaries. Either method may be used to install software from local media or from the network.
After reading this chapter, you will know:
The difference between binary packages and ports.
How to find third-party software that has been ported to FreeBSD.
How to manage binary packages using pkg.
How to build third-party software from source using the Ports Collection.
How to find the files installed with the application for post-installation configuration.
What to do if a software installation fails.
The typical steps for installing third-party software on a UNIX® system include:
Find and download the software, which might be distributed in source code format or as a binary.
Unpack the software from its distribution format. This is typically a tarball compressed with a program such as compress(1), gzip(1), bzip2(1) or xz(1).
Locate the documentation in
INSTALL
, README
or some file in a doc/
subdirectory and
read up on how to install the software.
If the software was distributed in source format,
compile it. This may involve editing a
Makefile
or running a
configure
script.
Test and install the software.
A FreeBSD port is a collection of files designed to automate the process of compiling an application from source code. The files that comprise a port contain all the necessary information to automatically download, extract, patch, compile, and install the application.
If the software has not already been adapted and tested on FreeBSD, the source code might need editing in order for it to install and run properly.
However, over 24,000 third-party applications have already been ported to FreeBSD. When feasible, these applications are made available for download as pre-compiled packages.
Packages can be manipulated with the FreeBSD package management commands.
Both packages and ports understand dependencies. If a package or port is used to install an application and a dependent library is not already installed, the library will automatically be installed first.
A FreeBSD package contains pre-compiled copies of all the
commands for an application, as well as any configuration files
and documentation. A package can be manipulated with the
pkg(8) commands, such as
pkg install
.
While the two technologies are similar, packages and ports each have their own strengths. Select the technology that meets your requirements for installing a particular application.
A compressed package tarball is typically smaller than the compressed tarball containing the source code for the application.
Packages do not require compilation time. For large applications, such as Mozilla, KDE, or GNOME, this can be important on a slow system.
Packages do not require any understanding of the process involved in compiling software on FreeBSD.
Packages are normally compiled with conservative options because they have to run on the maximum number of systems. By compiling from the port, one can change the compilation options.
Some applications have compile-time options relating to which features are installed. For example, Apache can be configured with a wide variety of different built-in options.
In some cases, multiple packages will exist for the same
application to specify certain settings. For example,
Ghostscript is available as a
ghostscript
package and a
ghostscript-nox11
package, depending on
whether or not Xorg is installed.
Creating multiple packages rapidly becomes impossible if an
application has more than one or two different compile-time
options.
The licensing conditions of some software forbid binary distribution. Such software must be distributed as source code which must be compiled by the end-user.
Some people do not trust binary distributions or prefer to read through source code in order to look for potential problems.
Source code is needed in order to apply custom patches.
To keep track of updated ports, subscribe to the FreeBSD ports mailing list and the FreeBSD ports bugs mailing list.
Before installing any application, check https://vuxml.freebsd.org/
for security issues related to the application or type
pkg audit -F
to check all installed
applications for known vulnerabilities.
The remainder of this chapter explains how to use packages and ports to install and manage third-party software on FreeBSD.
FreeBSD's list of available applications is growing all the time. There are a number of ways to find software to install:
The FreeBSD web site maintains an up-to-date searchable list of all the available applications, at https://www.FreeBSD.org/ports/. The ports can be searched by application name or by software category.
Dan Langille maintains FreshPorts.org which provides a comprehensive search utility and also tracks changes to the applications in the Ports Collection. Registered users can create a customized watch list in order to receive an automated email when their watched ports are updated.
If finding a particular application becomes challenging, try searching a site like SourceForge.net or GitHub.com then check back at the FreeBSD site to see if the application has been ported.
To search the binary package repository for an application:
#
pkg search
git-subversion-subversion
1.9.2
java-subversion-1.8.8_2
p5-subversion-1.8.8_2
py27-hgsubversion-1.6
py27-subversion-1.8.8_2
ruby-subversion-1.8.8_2
subversion-1.8.8_2
subversion-book-4515
subversion-static-1.8.8_2
subversion16-1.6.23_4
subversion17-1.7.16_2
Package names include the version number and, in the
case of ports based on python, the version number of the
version of python the package was built with. Some ports
also have multiple versions available. In the case of
Subversion, there are different
versions available, as well as different compile options.
In this case, the statically linked version of
Subversion. When indicating
which package to install, it is best to specify the
application by the port origin, which is the path in the
ports tree. Repeat the pkg search
with
-o
to list the origin of each
package:
#
pkg search -o
devel/git-subversion java/java-subversion devel/p5-subversion devel/py-hgsubversion devel/py-subversion devel/ruby-subversion devel/subversion16 devel/subversion17 devel/subversion devel/subversion-book devel/subversion-staticsubversion
Searching by shell globs, regular expressions, exact
match, by description, or any other field in the repository
database is also supported by pkg search
.
After installing ports-mgmt/pkg or
ports-mgmt/pkg-devel, see
pkg-search(8) for more details.
If the Ports Collection is already installed, there are
several methods to query the local version of the ports
tree. To find out which category a port is in, type
whereis
,
where file
file
is the program to be
installed:
#
whereis lsof
lsof: /usr/ports/sysutils/lsof
Alternately, an echo(1) statement can be used:
#
echo /usr/ports/*/*lsof*
/usr/ports/sysutils/lsof
Note that this will also return any matched files
downloaded into the
/usr/ports/distfiles
directory.
Another way to find software is by using the Ports
Collection's built-in search mechanism. To use the search
feature, cd to
/usr/ports
then run make
search name=program-name
where
program-name
is the name of the
software. For example, to search for
lsof
:
#
cd /usr/ports
#
make search name=lsof
Port: lsof-4.88.d,8 Path: /usr/ports/sysutils/lsof Info: Lists information about open files (similar to fstat(1)) Maint: ler@lerctr.org Index: sysutils B-deps: R-deps:
The built-in search mechanism uses a file
of index information. If a message indicates that the
INDEX
is required, run
make fetchindex
to download the current
index file. With the INDEX
present,
make search
will be able to perform the
requested search.
The “Path:” line indicates where to find the port.
To receive less information, use the
quicksearch
feature:
#
cd /usr/ports
#
make quicksearch name=lsof
Port: lsof-4.88.d,8 Path: /usr/ports/sysutils/lsof Info: Lists information about open files (similar to fstat(1))
For more in-depth searching, use
make search
key=
or
string
make quicksearch
key=
, where
string
string
is some text to search
for. The text can be in comments, descriptions, or
dependencies in order to find ports which relate to a
particular subject when the name of the program is
unknown.
When using search
or
quicksearch
, the search string
is case-insensitive. Searching for “LSOF” will
yield the same results as searching for
“lsof”.
pkg is the next generation replacement for the traditional FreeBSD package management tools, offering many features that make dealing with binary packages faster and easier.
For sites wishing to only use prebuilt binary packages from the FreeBSD mirrors, managing packages with pkg can be sufficient.
However, for those sites building from source or using their own repositories, a separate port management tool will be needed.
Since pkg only works with binary packages, it is not a replacement for such tools. Those tools can be used to install software from both binary packages and the Ports Collection, while pkg installs only binary packages.
FreeBSD includes a bootstrap utility which can be used to
download and install pkg
and its manual pages. This utility is designed to work
with versions of FreeBSD starting with
10.X
.
Not all FreeBSD versions and architectures support this bootstrap process. The current list is at https://pkg.freebsd.org/. For other cases, pkg must instead be installed from the Ports Collection or as a binary package.
To bootstrap the system, run:
#
/usr/sbin/pkg
You must have a working Internet connection for the bootstrap process to succeed.
Otherwise, to install the port, run:
#
cd /usr/ports/ports-mgmt/pkg
#
make
#
make install clean
When upgrading an existing system that originally used the older pkg_* tools, the database must be converted to the new format, so that the new tools are aware of the already installed packages. Once pkg has been installed, the package database must be converted from the traditional format to the new format by running this command:
#
pkg2ng
This step is not required for new installations that do not yet have any third-party software installed.
This step is not reversible. Once the package database
has been converted to the pkg
format, the traditional pkg_*
tools
should no longer be used.
The package database conversion may emit errors as the
contents are converted to the new version. Generally, these
errors can be safely ignored. However, a list of
software that was not successfully converted
is shown after pkg2ng
finishes.
These applications must be manually reinstalled.
To ensure that the Ports Collection registers
new software with pkg instead of
the traditional packages database, FreeBSD versions earlier than
10.X
require this line in
/etc/make.conf
:
WITH_PKGNG= yes
By default, pkg uses the binary packages from the FreeBSD package mirrors (the repository). For information about building a custom package repository, see Section 4.6, “Building Packages with Poudriere”.
Additional pkg configuration options are described in pkg.conf(5).
Usage information for pkg is
available in the pkg(8) manual page or by running
pkg
without additional arguments.
Each pkg command argument is
documented in a command-specific manual page. To read the
manual page for pkg install
, for example,
run either of these commands:
#
pkg help install
#
man pkg-install
The rest of this section demonstrates common binary package management tasks which can be performed using pkg. Each demonstrated command provides many switches to customize its use. Refer to a command's help or man page for details and more examples.
The Quarterly
branch provides users
with a more predictable and stable experience for port and
package installation and upgrades. This is done essentially
by only allowing non-feature updates. Quarterly branches aim
to receive security fixes (that may be version updates, or
backports of commits), bug fixes and ports compliance or
framework changes. The Quarterly branch is cut from HEAD at
the beginning of every (yearly) quarter in January, April,
July, and October. Branches are named according to the year
(YYYY) and quarter (Q1-4) they are created in. For example,
the quarterly branch created in January 2016, is named 2016Q1.
And the Latest
branch provides the latest
versions of the packages to the users.
To switch from quarterly to latest run the following commands:
#
cp /etc/pkg/FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf
Edit the file
/usr/local/etc/pkg/repos/FreeBSD.conf
and change the string quarterly to
latest in the url:
line.
The result should be similar to the following:
FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes }
And finally run this command to update from the new (latest) repository metadata.
#
pkg update -f
Information about the packages installed on a system
can be viewed by running pkg info
which,
when run without any switches, will list the package version
for either all installed packages or the specified
package.
For example, to see which version of pkg is installed, run:
#
pkg info pkg
pkg-1.1.4_1
To install a binary package use the following command,
where packagename
is the name of
the package to install:
#
pkg install
packagename
This command uses repository data to determine which version of the software to install and if it has any uninstalled dependencies. For example, to install curl:
#
pkg install curl
Updating repository catalogue /usr/local/tmp/All/curl-7.31.0_1.txz 100% of 1181 kB 1380 kBps 00m01s /usr/local/tmp/All/ca_root_nss-3.15.1_1.txz 100% of 288 kB 1700 kBps 00m00s Updating repository catalogue The following 2 packages will be installed: Installing ca_root_nss: 3.15.1_1 Installing curl: 7.31.0_1 The installation will require 3 MB more space 0 B to be downloaded Proceed with installing packages [y/N]:y
Checking integrity... done [1/2] Installing ca_root_nss-3.15.1_1... done [2/2] Installing curl-7.31.0_1... done Cleaning up cache files...Done
The new package and any additional packages that were installed as dependencies can be seen in the installed packages list:
#
pkg info
ca_root_nss-3.15.1_1 The root certificate bundle from the Mozilla Project curl-7.31.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers pkg-1.1.4_6 New generation package manager
Packages that are no longer needed can be removed with
pkg delete
. For example:
#
pkg delete curl
The following packages will be deleted: curl-7.31.0_1 The deletion will free 3 MB Proceed with deleting packages [y/N]:y
[1/1] Deleting curl-7.31.0_1... done
Installed packages can be upgraded to their latest versions by running:
#
pkg upgrade
This command will compare the installed versions with those available in the repository catalogue and upgrade them from the repository.
Software vulnerabilities are regularly discovered in third-party applications. To address this, pkg includes a built-in auditing mechanism. To determine if there are any known vulnerabilities for the software installed on the system, run:
#
pkg audit -F
Removing a package may leave behind dependencies which are no longer required. Unneeded packages that were installed as dependencies (leaf packages) can be automatically detected and removed using:
#
pkg autoremove
Packages to be autoremoved: ca_root_nss-3.15.1_1 The autoremoval will free 723 kB Proceed with autoremoval of packages [y/N]:y
Deinstalling ca_root_nss-3.15.1_1... done
Packages installed as dependencies are called automatic packages. Non-automatic packages, i.e the packages that were explicity installed not as a dependency to another package, can be listed using:
#
pkg prime-list
nginx openvpn sudo
pkg prime-list
is an alias command
declared in /usr/local/etc/pkg.conf
.
There are many others that can be used to query the package
database of the system. For instance, command
pkg prime-origins
can be used to get the
origin port directory of the list mentioned above:
#
pkg prime-origins
www/nginx security/openvpn security/sudo
This list can be used to rebuild all packages installed on a system using build tools such as ports-mgmt/poudriere or ports-mgmt/synth.
Marking an installed package as automatic can be done using:
#
pkg set -A 1 devel/cmake
Once a package is a leaf package and is marked
as automatic, it gets selected by
pkg autoremove
.
Marking an installed package as not automatic can be done using:
#
pkg set -A 0 devel/cmake
Unlike the traditional package management system, pkg includes its own package database backup mechanism. This functionality is enabled by default.
To disable the periodic script from backing up the
package database, set
daily_backup_pkgdb_enable="NO"
in
periodic.conf(5).
To restore the contents of a previous package database
backup, run the following command replacing
/path/to/pkg.sql
with the location
of the backup:
#
pkg backup -r
/path/to/pkg.sql
If restoring a backup taken by the periodic script, it must be decompressed prior to being restored.
To run a manual backup of the
pkg database, run the following
command, replacing /path/to/pkg.sql
with a suitable file name and location:
#
pkg backup -d
/path/to/pkg.sql
By default, pkg stores
binary packages in a cache directory defined by
PKG_CACHEDIR
in pkg.conf(5). Only copies
of the latest installed packages are kept. Older versions of
pkg kept all previous packages. To
remove these outdated binary packages, run:
#
pkg clean
The entire cache may be cleared by running:
#
pkg clean -a
Software within the FreeBSD Ports Collection can
undergo major version number changes. To address this,
pkg has a built-in command to
update package origins. This can be useful, for example, if
lang/php5 is renamed to
lang/php53 so that
lang/php5 can now
represent version 5.4
.
To change the package origin for the above example, run:
#
pkg set -o lang/php5:lang/php53
As another example, to update lang/ruby18 to lang/ruby19, run:
#
pkg set -o lang/ruby18:lang/ruby19
As a final example, to change the origin of the
libglut
shared libraries from
graphics/libglut to
graphics/freeglut, run:
#
pkg set -o graphics/libglut:graphics/freeglut
When changing package origins, it is important to reinstall packages that are dependent on the package with the modified origin. To force a reinstallation of dependent packages, run:
#
pkg install -Rf
graphics/freeglut
The Ports Collection is a set of
Makefile
s, patches, and description files.
Each set of these files is used to compile and install an
individual application on FreeBSD, and is called a
port.
By default, the Ports Collection itself is stored as a
subdirectory of /usr/ports
.
Before an application can be compiled using a port, the Ports Collection must first be installed. If it was not installed during the installation of FreeBSD, use one of the following methods to install it:
The base system of FreeBSD includes Portsnap. This is a fast and user-friendly tool for retrieving the Ports Collection and is the recommended choice for most users not running FreeBSD-CURRENT. This utility connects to a FreeBSD site, verifies the secure key, and downloads a new copy of the Ports Collection. The key is used to verify the integrity of all downloaded files.
To download a compressed snapshot of the Ports
Collection into
/var/db/portsnap
:
#
portsnap fetch
When running Portsnap for the
first time, extract the snapshot into
/usr/ports
:
#
portsnap extract
After the first use of
Portsnap has been completed as
shown above, /usr/ports
can be updated
as needed by running:
#
portsnap fetch
#
portsnap update
When using fetch
, the
extract
or the update
operation may be run consecutively, like so:
#
portsnap fetch update
If more control over the ports tree is needed or if local changes need to be maintained, or if running FreeBSD-CURRENT, Subversion can be used to obtain the Ports Collection. Refer to the Subversion Primer for a detailed description of Subversion.
Subversion must be installed before it can be used to check out the ports tree. If a copy of the ports tree is already present, install Subversion like this:
#
cd /usr/ports/devel/subversion
#
make install clean
If the ports tree is not available, or pkg is being used to manage packages, Subversion can be installed as a package:
#
pkg install subversion
Check out a copy of the ports tree:
#
svn checkout https://svn.FreeBSD.org/ports/head /usr/ports
As needed, update /usr/ports
after
the initial Subversion
checkout:
#
svn update /usr/ports
The Ports Collection contains directories for software categories. Inside each category are subdirectories for individual applications. Each application subdirectory contains a set of files that tells FreeBSD how to compile and install that program, called a ports skeleton. Each port skeleton includes these files and directories:
Makefile
: contains statements that
specify how the application should be compiled and where
its components should be installed.
distinfo
: contains the names and
checksums of the files that must be downloaded to build the
port.
files/
: this directory contains
any patches needed for the program to compile and install
on FreeBSD. This directory may also contain other files used
to build the port.
pkg-descr
: provides a more detailed
description of the program.
pkg-plist
: a list of all the
files that will be installed by the port. It also tells
the ports system which files to remove upon
deinstallation.
Some ports include pkg-message
or
other files to handle special situations. For more details
on these files, and on ports in general, refer to the FreeBSD
Porter's Handbook.
The port does not include the actual source code, also
known as a distfile
. The extract portion
of building a port will automatically save the downloaded
source to /usr/ports/distfiles
.
This section provides basic instructions on using the
Ports Collection to install or remove software. The detailed
description of available make
targets and
environment variables is available in ports(7).
Before compiling any port, be sure to update the Ports
Collection as described in the previous section. Since
the installation of any third-party software can introduce
security vulnerabilities, it is recommended to first check
https://vuxml.freebsd.org/
for known security issues related to the port. Alternately,
run pkg audit -F
before installing a new
port. This command can be configured to automatically
perform a security audit and an update of the vulnerability
database during the daily security system check. For more
information, refer to pkg-audit(8) and
periodic(8).
Using the Ports Collection assumes a working Internet connection. It also requires superuser privilege.
To compile and install the port, change to the directory
of the port to be installed, then type make
install
at the prompt. Messages will indicate
the progress:
#
cd /usr/ports/sysutils/lsof
#
make install
>> lsof_4.88D.freebsd.tar.gz doesn't seem to exist in /usr/ports/distfiles/. >> Attempting to fetch from ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/. ===> Extracting for lsof-4.88 ... [extraction output snipped] ... >> Checksum OK for lsof_4.88D.freebsd.tar.gz. ===> Patching for lsof-4.88.d,8 ===> Applying FreeBSD patches for lsof-4.88.d,8 ===> Configuring for lsof-4.88.d,8 ... [configure output snipped] ... ===> Building for lsof-4.88.d,8 ... [compilation output snipped] ... ===> Installing for lsof-4.88.d,8 ... [installation output snipped] ... ===> Generating temporary packing list ===> Compressing manual pages for lsof-4.88.d,8 ===> Registering installation for lsof-4.88.d,8 ===> SECURITY NOTE: This port has installed the following binaries which execute with increased privileges. /usr/local/sbin/lsof#
Since lsof
is a program that runs
with increased privileges, a security warning is displayed
as it is installed. Once the installation is complete, the
prompt will be returned.
Some shells keep a cache of the commands that are
available in the directories listed in the
PATH
environment variable, to speed up lookup
operations for the executable file of these commands. Users
of the tcsh
shell should type
rehash
so that a newly installed command
can be used without specifying its full path. Use
hash -r
instead for the
sh
shell. Refer to the documentation
for the shell for more information.
During installation, a working subdirectory is created which contains all the temporary files used during compilation. Removing this directory saves disk space and minimizes the chance of problems later when upgrading to the newer version of the port:
#
make clean
===> Cleaning for lsof-88.d,8#
To save this extra step, instead use make
install clean
when compiling the port.
Some ports provide build options which can be used to
enable or disable application components, provide security
options, or allow for other customizations. Examples
include www/firefox,
security/gpgme, and
mail/sylpheed-claws. If the port depends
upon other ports which have configurable options, it may
pause several times for user interaction as the default
behavior is to prompt the user to select options from a
menu. To avoid this and do all of the configuration in one
batch, run make config-recursive
within
the port skeleton. Then, run make install
[clean]
to compile and install the port.
When using
config-recursive
, the list of
ports to configure are gathered by the
all-depends-list
target. It is
recommended to run make
config-recursive
until all dependent ports
options have been defined, and ports options screens no
longer appear, to be certain that all dependency options
have been configured.
There are several ways to revisit a port's build options
menu in order to add, remove, or change these options after
a port has been built. One method is to
cd
into the directory containing the
port and type make config
. Another
option is to use make showconfig
.
Another option is to execute make
rmconfig
which will remove all selected options
and allow you to start over. All of these options, and
others, are explained in great detail in
ports(7).
The ports system uses fetch(1) to download the
source files, which supports various environment variables.
The FTP_PASSIVE_MODE
,
FTP_PROXY
, and FTP_PASSWORD
variables may need to be set if the FreeBSD system is behind
a firewall or FTP/HTTP proxy. See fetch(3) for the
complete list of supported variables.
For users who cannot be connected to the Internet all
the time, make fetch
can be run within
/usr/ports
, to fetch all distfiles, or
within a category, such as
/usr/ports/net
, or within the specific
port skeleton. Note that if a port has any dependencies,
running this command in a category or ports skeleton will
not fetch the distfiles of ports from
another category. Instead, use make
fetch-recursive
to also fetch the distfiles for
all the dependencies of a port.
In rare cases, such as when an organization has a local
distfiles repository, the MASTER_SITES
variable can be used to override the download locations
specified in the Makefile
. When using,
specify the alternate location:
#
cd /usr/ports/
directory
#
make MASTER_SITE_OVERRIDE= \
ftp://ftp.organization.org/pub/FreeBSD/ports/distfiles/
fetch
The WRKDIRPREFIX
and
PREFIX
variables can override the default
working and target directories. For example:
#
make WRKDIRPREFIX=/usr/home/example/ports install
will compile the port in
/usr/home/example/ports
and install
everything under /usr/local
.
#
make PREFIX=/usr/home/example/local install
will compile the port in /usr/ports
and install it in
/usr/home/example/local
. And:
#
make WRKDIRPREFIX=../ports PREFIX=../local install
will combine the two.
These can also be set as environmental variables. Refer to the manual page for your shell for instructions on how to set an environmental variable.
Installed ports can be uninstalled using pkg
delete
. Examples for using this command can be
found in the pkg-delete(8) manual page.
Alternately, make deinstall
can be
run in the port's directory:
#
cd /usr/ports/sysutils/lsof
#
make deinstall
===> Deinstalling for sysutils/lsof ===> Deinstalling Deinstallation has been requested for the following 1 packages: lsof-4.88.d,8 The deinstallation will free 229 kB [1/1] Deleting lsof-4.88.d,8... done
It is recommended to read the messages as the port is uninstalled. If the port has any applications that depend upon it, this information will be displayed but the uninstallation will proceed. In such cases, it may be better to reinstall the application in order to prevent broken dependencies.
Over time, newer versions of software become available in the Ports Collection. This section describes how to determine which software can be upgraded and how to perform the upgrade.
To determine if newer versions of installed ports are available, ensure that the latest version of the ports tree is installed, using the updating command described in either Procedure 4.1, “Portsnap Method” or Procedure 4.2, “Subversion Method”. On FreeBSD 10 and later, or if the system has been converted to pkg, the following command will list the installed ports which are out of date:
#
pkg version -l "<"
For FreeBSD 9.X
and lower, the
following command will list the installed ports that are out
of date:
#
pkg_version -l "<"
Before
attempting an upgrade, read
/usr/ports/UPDATING
from the top of
the file to the date closest to the last time ports were
upgraded or the system was installed. This file describes
various issues and additional steps users may encounter and
need to perform when updating a port, including such things
as file format changes, changes in locations of
configuration files, or any incompatibilities with previous
versions. Make note of any instructions which match any of
the ports that need upgrading and follow these instructions
when performing the upgrade.
The Ports Collection contains several utilities to perform the actual upgrade. Each has its strengths and weaknesses.
Historically, most installations used either Portmaster or Portupgrade. Synth is a newer alternative.
The choice of which tool is best for a particular system is up to the system administrator. It is recommended practice to back up your data before using any of these tools.
ports-mgmt/portmaster is a very small utility for upgrading installed ports. It is designed to use the tools installed with the FreeBSD base system without depending on other ports or databases. To install this utility as a port:
#
cd /usr/ports/ports-mgmt/portmaster
#
make install clean
Portmaster defines four categories of ports:
Root port: has no dependencies and is not a dependency of any other ports.
Trunk port: has no dependencies, but other ports depend upon it.
Branch port: has dependencies and other ports depend upon it.
Leaf port: has dependencies but no other ports depend upon it.
To list these categories and search for updates:
#
portmaster -L
===>>> Root ports (No dependencies, not depended on) ===>>> ispell-3.2.06_18 ===>>> screen-4.0.3 ===>>> New version available: screen-4.0.3_1 ===>>> tcpflow-0.21_1 ===>>> 7 root ports ... ===>>> Branch ports (Have dependencies, are depended on) ===>>> apache22-2.2.3 ===>>> New version available: apache22-2.2.8 ... ===>>> Leaf ports (Have dependencies, not depended on) ===>>> automake-1.9.6_2 ===>>> bash-3.1.17 ===>>> New version available: bash-3.2.33 ... ===>>> 32 leaf ports ===>>> 137 total installed ports ===>>> 83 have new versions available
This command is used to upgrade all outdated ports:
#
portmaster -a
By default, Portmaster
makes a backup package before deleting the existing port.
If the installation of the new version is successful,
Portmaster deletes the
backup. Using -b
instructs
Portmaster not to automatically
delete the backup. Adding -i
starts
Portmaster in interactive mode,
prompting for confirmation before upgrading each port.
Many other options are available. Read through the
manual page for portmaster(8) for details regarding
their usage.
If errors are encountered during the upgrade process,
add -f
to upgrade and rebuild all
ports:
#
portmaster -af
Portmaster can also be used to install new ports on the system, upgrading all dependencies before building and installing the new port. To use this function, specify the location of the port in the Ports Collection:
#
portmaster
shells/bash
More information about
ports-mgmt/portmaster may be found in its
pkg-descr
.
ports-mgmt/portupgrade is another utility that can be used to upgrade ports. It installs a suite of applications which can be used to manage ports. However, it is dependent upon Ruby. To install the port:
#
cd /usr/ports/ports-mgmt/portupgrade
#
make install clean
Before performing an upgrade using this utility, it is
recommended to scan the list of installed ports using
pkgdb -F
and to fix all the
inconsistencies it reports.
To upgrade all the outdated ports installed on the
system, use portupgrade -a
. Alternately,
include -i
to be asked for confirmation
of every individual upgrade:
#
portupgrade -ai
To upgrade only a specified application instead of all
available ports, use portupgrade
. It is very
important to include pkgname
-R
to first upgrade
all the ports required by the given application:
#
portupgrade -R firefox
If
-P
is included,
Portupgrade searches for
available packages in the local directories listed in
PKG_PATH
. If none are available locally, it
then fetches packages from a remote site. If packages can
not be found locally or fetched remotely,
Portupgrade will use ports. To
avoid using ports entirely, specify -PP
.
This last set of options tells
Portupgrade to abort if no
packages are available:
#
portupgrade -PP gnome3
To just fetch the port distfiles, or packages, if
-P
is specified, without building or
installing anything, use -F
. For further
information on all of the available switches, refer to the
manual page for portupgrade
.
More information about
ports-mgmt/portupgrade may be found in
its pkg-descr
.
Using the Ports Collection will use up disk space over
time. After building and installing a port, running
make clean
within the ports skeleton will
clean up the temporary work
directory.
If Portmaster is used to install a
port, it will automatically remove this directory unless
-K
is specified. If
Portupgrade is installed, this
command will remove all work
directories
found within the local copy of the Ports Collection:
#
portsclean -C
In addition, outdated source distribution files
accumulate in /usr/ports/distfiles
over
time. To use Portupgrade to
delete all the distfiles that are no longer
referenced by any ports:
#
portsclean -D
Portupgrade can remove all distfiles not referenced by any port currently installed on the system:
#
portsclean -DD
If Portmaster is installed, use:
#
portmaster --clean-distfiles
By default, this command is interactive and prompts the user to confirm if a distfile should be deleted.
In addition to these commands, ports-mgmt/pkg_cutleaves automates the task of removing installed ports that are no longer needed.
Poudriere is a BSD-licensed utility for creating and testing FreeBSD packages. It uses FreeBSD jails to set up isolated compilation environments. These jails can be used to build packages for versions of FreeBSD that are different from the system on which it is installed, and also to build packages for i386 if the host is an amd64 system. Once the packages are built, they are in a layout identical to the official mirrors. These packages are usable by pkg(8) and other package management tools.
Poudriere is installed using
the ports-mgmt/poudriere package
or port. The installation includes a sample configuration
file /usr/local/etc/poudriere.conf.sample
.
Copy this file to
/usr/local/etc/poudriere.conf
. Edit the
copied file to suit the local configuration.
While ZFS is not required on the system
running poudriere, it is beneficial.
When ZFS is used,
ZPOOL
must be specified in
/usr/local/etc/poudriere.conf
and
FREEBSD_HOST
should be set to a nearby
mirror. Defining CCACHE_DIR
enables the use
of devel/ccache to cache
compilation and reduce build times for frequently-compiled code.
It may be convenient to put
poudriere datasets in an isolated
tree mounted at /poudriere
. Defaults for the
other configuration values are adequate.
The number of processor cores detected is used to define how many builds will run in parallel. Supply enough virtual memory, either with RAM or swap space. If virtual memory runs out, the compilation jails will stop and be torn down, resulting in weird error messages.
After configuration, initialize
poudriere so that it installs a
jail with the required FreeBSD tree and a ports tree. Specify a
name for the jail using -j
and the FreeBSD
version with -v
. On systems running
FreeBSD/amd64, the architecture can be set with
-a
to either i386
or
amd64
. The default is the
architecture shown by uname
.
#
poudriere jail -c -j
[00:00:00] Creating 11amd64 fs at /poudriere/jails/11amd64... done [00:00:00] Using pre-distributed MANIFEST for FreeBSD 11.4-RELEASE amd64 [00:00:00] Fetching base for FreeBSD 11.4-RELEASE amd64 /poudriere/jails/11amd64/fromftp/base.txz 125 MB 4110 kBps 31s [00:00:33] Extracting base... done [00:00:54] Fetching src for FreeBSD 11.4-RELEASE amd64 /poudriere/jails/11amd64/fromftp/src.txz 154 MB 4178 kBps 38s [00:01:33] Extracting src... done [00:02:31] Fetching lib32 for FreeBSD 11.4-RELEASE amd64 /poudriere/jails/11amd64/fromftp/lib32.txz 24 MB 3969 kBps 06s [00:02:38] Extracting lib32... done [00:02:42] Cleaning up... done [00:02:42] Recording filesystem state for clean... done [00:02:42] Upgrading using ftp /etc/resolv.conf -> /poudriere/jails/11amd64/etc/resolv.conf Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching public key from update4.freebsd.org... done. Fetching metadata signature for 11.4-RELEASE from update4.freebsd.org... done. Fetching metadata index... done. Fetching 2 metadata files... done. Inspecting system... done. Preparing to download files... done. Fetching 124 patches.....10....20....30....40....50....60....70....80....90....100....110....120.. done. Applying patches... done. Fetching 6 files... done. The following files will be added as part of updating to 11.4-RELEASE-p1: /usr/src/contrib/unbound/.github /usr/src/contrib/unbound/.github/FUNDING.yml /usr/src/contrib/unbound/contrib/drop2rpz /usr/src/contrib/unbound/contrib/unbound_portable.service.in /usr/src/contrib/unbound/services/rpz.c /usr/src/contrib/unbound/services/rpz.h /usr/src/lib/libc/tests/gen/spawnp_enoexec.sh The following files will be updated as part of updating to 11.4-RELEASE-p1: […] Installing updates...Scanning //usr/share/certs/blacklisted for certificates... Scanning //usr/share/certs/trusted for certificates... done. 11.4-RELEASE-p1 [00:04:06] Recording filesystem state for clean... done [00:04:07] Jail 11amd64 11.4-RELEASE-p1 amd64 is ready to be used11amd64
-v11.4-RELEASE
#
poudriere ports -c -p
[00:00:00] Creating local fs at /poudriere/ports/local... done [00:00:00] Checking out the ports tree... donelocal
-m svn+https
On a single computer, poudriere can build ports with multiple configurations, in multiple jails, and from different port trees. Custom configurations for these combinations are called sets. See the CUSTOMIZATION section of poudriere(8) for details after ports-mgmt/poudriere or ports-mgmt/poudriere-devel is installed.
The basic configuration shown here puts a single jail-,
port-, and set-specific make.conf
in
/usr/local/etc/poudriere.d
.
The filename in this example is created by combining the jail
name, port name, and set name:
.
The system 11amd64-local-workstation
-make.confmake.conf
and this new file
are combined at build time to create the
make.conf
used by the build jail.
Packages to be built are entered in
:11amd64-local-workstation
-pkglist
editors/emacs devel/git ports-mgmt/pkg ...
Options and dependencies for the specified ports are configured:
#
poudriere options -j
10amd64
-plocal
-zworkstation
-f11amd64-local-workstation-pkglist
Finally, packages are built and a package repository is created:
#
poudriere bulk -j
11amd64
-plocal
-zworkstation
-f11amd64-local-workstation-pkglist
While running, pressing Ctrl+t
displays the current state of the build.
Poudriere also builds files in
/poudriere/logs/bulk/
that can be used with a web server to display build
information.jailname
After completion, the new packages are now available for installation from the poudriere repository.
For more information on using poudriere, see poudriere(8) and the main web site, https://github.com/freebsd/poudriere/wiki.
While it is possible to use both a custom repository along
side of the official repository, sometimes it is useful to
disable the official repository. This is done by creating a
configuration file that overrides and disables the official
configuration file. Create
/usr/local/etc/pkg/repos/FreeBSD.conf
that contains the following:
FreeBSD: { enabled: no }
Usually it is easiest to serve a poudriere repository to
the client machines via HTTP. Set up a webserver to serve up
the package directory, for instance:
/usr/local/poudriere/data/packages/
,
where 11amd64
is the name of the build.11amd64
If the URL to the package repository is:
http://pkg.example.com/11amd64
, then the
repository configuration file in
/usr/local/etc/pkg/repos/custom.conf
would look like:
custom: {
url: "http://pkg.example.com/11amd64
",
enabled: yes,
}
Regardless of whether the software was installed from a binary package or port, most third-party applications require some level of configuration after installation. The following commands and locations can be used to help determine what was installed with the application.
Most applications install at least one default
configuration file in /usr/local/etc
.
In cases where an application has a large number of
configuration files, a subdirectory will be created to hold
them. Often, sample configuration files are installed which
end with a suffix such as .sample
. The
configuration files should be reviewed and possibly
edited to meet the system's needs. To edit a sample file,
first copy it without the .sample
extension.
Applications which provide documentation will install
it into /usr/local/share/doc
and many
applications also install manual pages. This documentation
should be consulted before continuing.
Some applications run services which must be added
to /etc/rc.conf
before starting the
application. These applications usually install a startup
script in /usr/local/etc/rc.d
. See
Starting
Services for more information.
By design, applications do not run their startup script upon installation, nor do they run their stop script upon deinstallation or upgrade. This decision is left to the individual system administrator.
Users of csh(1) should run
rehash
to rebuild the known binary list
in the shells PATH
.
Use pkg info
to determine which
files, man pages, and binaries were installed with the
application.
When a port does not build or install, try the following:
Search to see if there is a fix pending for the port in the Problem Report database. If so, implementing the proposed fix may fix the issue.
Ask the maintainer of the port for help. Type
make maintainer
in the ports skeleton or read the port's
Makefile
to find the maintainer's
email address. Remember to include the
$FreeBSD:
line from the port's
Makefile
and the output leading up to
the error in the email to the maintainer.
Some ports are not maintained by an individual but
instead by a group maintainer represented by a mailing
list. Many, but not all, of these addresses look
like <freebsd-
.
Please take this into account when sending an
email.listname
@FreeBSD.org>
In particular, ports maintained by
<ports@FreeBSD.org>
are not
maintained by a specific individual. Instead, any fixes
and support come from the general community who subscribe
to that mailing list. More volunteers are always
needed!
If there is no response to the email, use Bugzilla to submit a bug report using the instructions in Writing FreeBSD Problem Reports.
Fix it! The Porter's Handbook includes detailed information on the ports infrastructure so that you can fix the occasional broken port or even submit your own!
Install the package instead of the port using the instructions in Section 4.4, “Using pkg for Binary Package Management”.
An installation of FreeBSD using bsdinstall does not automatically install a graphical user interface. This chapter describes how to install and configure Xorg, which provides the open source X Window System used to provide a graphical environment. It then describes how to find and install a desktop environment or window manager.
Users who prefer an installation method that automatically configures the Xorg should refer to FuryBSD, GhostBSD or MidnightBSD.
For more information on the video hardware that Xorg supports, refer to the x.org website.
After reading this chapter, you will know:
The various components of the X Window System, and how they interoperate.
How to install and configure Xorg.
How to install and configure several window managers and desktop environments.
How to use TrueType® fonts in Xorg.
How to set up your system for graphical logins (XDM).
Before reading this chapter, you should:
Know how to install additional third-party software as described in Chapter 4, Installing Applications: Packages and Ports.
While it is not necessary to understand all of the details of the various components in the X Window System and how they interact, some basic knowledge of these components can be useful.
X was designed from the beginning to be network-centric, and adopts a “client-server” model. In this model, the “X server” runs on the computer that has the keyboard, monitor, and mouse attached. The server's responsibility includes tasks such as managing the display, handling input from the keyboard and mouse, and handling input or output from other devices such as a tablet or a video projector. This confuses some people, because the X terminology is exactly backward to what they expect. They expect the “X server” to be the big powerful machine down the hall, and the “X client” to be the machine on their desk.
Each X application, such as XTerm or Firefox, is a “client”. A client sends messages to the server such as “Please draw a window at these coordinates”, and the server sends back messages such as “The user just clicked on the OK button”.
In a home or small office environment, the X server and the X clients commonly run on the same computer. It is also possible to run the X server on a less powerful computer and to run the X applications on a more powerful system. In this scenario, the communication between the X client and server takes place over the network.
X does not dictate what windows should look like
on-screen, how to move them around with the mouse, which
keystrokes should be used to move between windows, what
the title bars on each window should look like, whether or
not they have close buttons on them, and so on. Instead,
X delegates this responsibility to a separate window
manager application. There are dozens of window
managers available. Each window manager provides
a different look and feel: some support virtual desktops,
some allow customized keystrokes to manage the desktop,
some have a “Start” button, and some are
themeable, allowing a complete change of the desktop's
look-and-feel. Window managers are available in the
x11-wm
category of the Ports
Collection.
Each window manager uses a different configuration mechanism. Some expect configuration file written by hand while others provide graphical tools for most configuration tasks.
KDE and GNOME are considered to be desktop environments as they include an entire suite of applications for performing common desktop tasks. These may include office suites, web browsers, and games.
The window manager is responsible for the mouse focus policy. This policy provides some means for choosing which window is actively receiving keystrokes and it should also visibly indicate which window is currently active.
One focus policy is called “click-to-focus”. In this model, a window becomes active upon receiving a mouse click. In the “focus-follows-mouse” policy, the window that is under the mouse pointer has focus and the focus is changed by pointing at another window. If the mouse is over the root window, then this window is focused. In the “sloppy-focus” model, if the mouse is moved over the root window, the most recently used window still has the focus. With sloppy-focus, focus is only changed when the cursor enters a new window, and not when exiting the current window. In the “click-to-focus” policy, the active window is selected by mouse click. The window may then be raised and appear in front of all other windows. All keystrokes will now be directed to this window, even if the cursor is moved to another window.
Different window managers support different focus models. All of them support click-to-focus, and the majority of them also support other policies. Consult the documentation for the window manager to determine which focus models are available.
Widget is a term for all of the items in the user interface that can be clicked or manipulated in some way. This includes buttons, check boxes, radio buttons, icons, and lists. A widget toolkit is a set of widgets used to create graphical applications. There are several popular widget toolkits, including Qt, used by KDE, and GTK+, used by GNOME. As a result, applications will have a different look and feel, depending upon which widget toolkit was used to create the application.
On FreeBSD, Xorg can be installed as a package or port.
The binary package can be installed quickly but with fewer options for customization:
#
pkg install xorg
To build and install from the Ports Collection:
#
cd /usr/ports/x11/xorg
#
make install clean
Either of these installations results in the complete Xorg system being installed. Binary packages are the best option for most users.
A smaller version of the X system suitable for experienced users is available in x11/xorg-minimal. Most of the documents, libraries, and applications will not be installed. Some applications require these additional components to function.
Xorg supports most common video cards, keyboards, and pointing devices.
Video cards, monitors, and input devices are
automatically detected and do not require any manual
configuration. Do not create xorg.conf
or run a -configure
step unless automatic
configuration fails.
If Xorg has been used on this computer before, move or remove any existing configuration files:
#
mv /etc/X11/xorg.conf ~/xorg.conf.etc
#
mv /usr/local/etc/X11/xorg.conf ~/xorg.conf.localetc
Add the user who will run
Xorg to the
video
or
wheel
group to enable 3D acceleration
when available. To add user
jru
to whichever group is
available:
#
pw groupmod video -m
jru
|| pw groupmod wheel -mjru
The TWM window manager is included by default. It is started when Xorg starts:
%
startx
On some older versions of FreeBSD, the system console must be set to vt(4) before switching back to the text console will work properly. See Section 5.4.3, “Kernel Mode Setting (KMS)”.
Access to /dev/dri
is needed to allow
3D acceleration on video cards. It is usually simplest to add
the user who will be running X to either the
video
or wheel
group.
Here, pw(8) is used to add user
slurms
to the
video
group, or to the
wheel
group if there is no
video
group:
#
pw groupmod video -m
slurms
|| pw groupmod wheel -mslurms
When the computer switches from displaying the console to a higher screen resolution for X, it must set the video output mode. Recent versions of Xorg use a system inside the kernel to do these mode changes more efficiently. Older versions of FreeBSD use sc(4), which is not aware of the KMS system. The end result is that after closing X, the system console is blank, even though it is still working. The newer vt(4) console avoids this problem.
Add this line to /boot/loader.conf
to enable vt(4):
kern.vty=vt
Manual configuration is usually not necessary. Please do not manually create configuration files unless autoconfiguration does not work.
Xorg looks in several
directories for configuration files.
/usr/local/etc/X11/
is the recommended
directory for these files on FreeBSD. Using this directory
helps keep application files separate from operating system
files.
Storing configuration files in the legacy
/etc/X11/
still works. However, this
mixes application files with the base FreeBSD files and is not
recommended.
It is easier to use multiple files that each configure a
specific setting than the traditional single
xorg.conf
. These files are stored in
the xorg.conf.d/
subdirectory of the
main configuration file directory. The full path is
typically
/usr/local/etc/X11/xorg.conf.d/
.
Examples of these files are shown later in this section.
The traditional single xorg.conf
still works, but is neither as clear nor as flexible as
multiple files in the xorg.conf.d/
subdirectory.
Because of changes made in recent versions of FreeBSD, it is now possible to use graphics drivers provided by the Ports framework or as packages. As such, users can use one of the following drivers available from graphics/drm-kmod.
2D and 3D acceleration is supported on most Intel KMS driver graphics cards provided by Intel.
Driver name: i915kms
2D and 3D acceleration is supported on most older Radeon KMS driver graphics cards provided by AMD.
Driver name: radeonkms
2D and 3D acceleration is supported on most newer AMD KMS driver graphics cards provided by AMD.
Driver name: amdgpu
For reference, please see https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units or https://en.wikipedia.org/wiki/List_of_AMD_graphics_processing_units for a list of supported GPUs.
3D acceleration is supported on most Intel® graphics up to Ivy Bridge (HD Graphics 2500, 4000, and P4000), including Iron Lake (HD Graphics) and Sandy Bridge (HD Graphics 2000).
Driver name: intel
For reference, see https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units.
2D and 3D acceleration is supported on Radeon cards up to and including the HD6000 series.
Driver name: radeon
For reference, see https://en.wikipedia.org/wiki/List_of_AMD_graphics_processing_units.
Several NVIDIA drivers are available in the
x11
category of the Ports
Collection. Install the driver that matches the video
card.
For reference, see https://en.wikipedia.org/wiki/List_of_Nvidia_graphics_processing_units.
Some notebook computers add additional graphics processing units to those built into the chipset or processor. Optimus combines Intel® and NVIDIA hardware. Switchable Graphics or Hybrid Graphics are a combination of an Intel® or AMD® processor and an AMD® Radeon GPU.
Implementations of these hybrid graphics systems vary, and Xorg on FreeBSD is not able to drive all versions of them.
Some computers provide a BIOS option to disable one of the graphics adapters or select a discrete mode which can be used with one of the standard video card drivers. For example, it is sometimes possible to disable the NVIDIA GPU in an Optimus system. The Intel® video can then be used with an Intel® driver.
BIOS settings depend on the model
of computer. In some situations, both
GPUs can be left enabled, but
creating a configuration file that only uses the main
GPU in the Device
section is enough to make such a system
functional.
Drivers for some less-common video cards can be
found in the x11-drivers
directory
of the Ports Collection.
Cards that are not supported by a specific driver might still be usable with the x11-drivers/xf86-video-vesa driver. This driver is installed by x11/xorg. It can also be installed manually as x11-drivers/xf86-video-vesa. Xorg attempts to use this driver when a specific driver is not found for the video card.
x11-drivers/xf86-video-scfb is a similar nonspecialized video driver that works on many UEFI and ARM® computers.
To set the Intel® driver in a configuration file:
/usr/local/etc/X11/xorg.conf.d/driver-intel.conf
Section "Device" Identifier "Card0" Driver "intel" # BusID "PCI:1:0:0" EndSection
If more than one video card is present, the
BusID
identifier can be uncommented
and set to select the desired card. A list of video
card bus IDs can be displayed with
pciconf -lv | grep -B3
display
.
To set the Radeon driver in a configuration file:
/usr/local/etc/X11/xorg.conf.d/driver-radeon.conf
Section "Device" Identifier "Card0" Driver "radeon" EndSection
To set the VESA driver in a configuration file:
/usr/local/etc/X11/xorg.conf.d/driver-vesa.conf
Section "Device" Identifier "Card0" Driver "vesa" EndSection
To set the scfb
driver for use
with a UEFI or ARM® computer:
scfb
Video Driver in a
File/usr/local/etc/X11/xorg.conf.d/driver-scfb.conf
Section "Device" Identifier "Card0" Driver "scfb" EndSection
Almost all monitors support the Extended Display Identification Data standard (EDID). Xorg uses EDID to communicate with the monitor and detect the supported resolutions and refresh rates. Then it selects the most appropriate combination of settings to use with that monitor.
Other resolutions supported by the monitor can be chosen by setting the desired resolution in configuration files, or after the X server has been started with xrandr(1).
Run xrandr(1) without any parameters to see a list of video outputs and detected monitor modes:
%
xrandr
Screen 0: minimum 320 x 200, current 3000 x 1920, maximum 8192 x 8192 DVI-0 connected primary 1920x1200+1080+0 (normal left inverted right x axis y axis) 495mm x 310mm 1920x1200 59.95*+ 1600x1200 60.00 1280x1024 85.02 75.02 60.02 1280x960 60.00 1152x864 75.00 1024x768 85.00 75.08 70.07 60.00 832x624 74.55 800x600 75.00 60.32 640x480 75.00 60.00 720x400 70.08 DisplayPort-0 disconnected (normal left inverted right x axis y axis) HDMI-0 disconnected (normal left inverted right x axis y axis)
This shows that the DVI-0
output
is being used to display a screen resolution of
1920x1200 pixels at a refresh rate of about 60 Hz.
Monitors are not attached to the
DisplayPort-0
and
HDMI-0
connectors.
Any of the other display modes can be selected with xrandr(1). For example, to switch to 1280x1024 at 60 Hz:
%
xrandr --mode 1280x1024 --rate 60
A common task is using the external video output on a notebook computer for a video projector.
The type and quantity of output connectors varies
between devices, and the name given to each output
varies from driver to driver. What one driver calls
HDMI-1
, another might call
HDMI1
. So the first step is to run
xrandr(1) to list all the available
outputs:
%
xrandr
Screen 0: minimum 320 x 200, current 1366 x 768, maximum 8192 x 8192 LVDS1 connected 1366x768+0+0 (normal left inverted right x axis y axis) 344mm x 193mm 1366x768 60.04*+ 1024x768 60.00 800x600 60.32 56.25 640x480 59.94 VGA1 connected (normal left inverted right x axis y axis) 1280x1024 60.02 + 75.02 1280x960 60.00 1152x864 75.00 1024x768 75.08 70.07 60.00 832x624 74.55 800x600 72.19 75.00 60.32 56.25 640x480 75.00 72.81 66.67 60.00 720x400 70.08 HDMI1 disconnected (normal left inverted right x axis y axis) DP1 disconnected (normal left inverted right x axis y axis)
Four outputs were found: the built-in panel
LVDS1
, and external
VGA1
, HDMI1
, and
DP1
connectors.
The projector has been connected to the
VGA1
output. xrandr(1) is now
used to set that output to the native resolution of the
projector and add the additional space to the right side
of the desktop:
%
xrandr --output VGA1 --auto --right-of LVDS1
--auto
chooses the resolution and
refresh rate detected by EDID. If
the resolution is not correctly detected, a fixed value
can be given with --mode
instead of
the --auto
statement. For example,
most projectors can be used with a 1024x768 resolution,
which is set with
--mode 1024x768
.
xrandr(1) is often run from
.xinitrc
to set the appropriate
mode when X starts.
To set a screen resolution of 1024x768 in a configuration file:
/usr/local/etc/X11/xorg.conf.d/screen-resolution.conf
Section "Screen" Identifier "Screen0" Device "Card0" SubSection "Display" Modes "1024x768" EndSubSection EndSection
The few monitors that do not have
EDID can be configured by setting
HorizSync
and
VertRefresh
to the range of
frequencies supported by the monitor.
/usr/local/etc/X11/xorg.conf.d/monitor0-freq.conf
Section "Monitor" Identifier "Monitor0" HorizSync 30-83 # kHz VertRefresh 50-76 # Hz EndSection
The standardized location of keys on a keyboard is called a layout. Layouts and other adjustable parameters are listed in xkeyboard-config(7).
A United States layout is the default. To select
an alternate layout, set the
XkbLayout
and
XkbVariant
options in an
InputClass
. This will be applied
to all input devices that match the class.
This example selects a French keyboard layout.
/usr/local/etc/X11/xorg.conf.d/keyboard-fr.conf
Section "InputClass" Identifier "KeyboardDefaults" MatchIsKeyboard "on" Option "XkbLayout" "fr" EndSection
Set United States, Spanish, and Ukrainian keyboard layouts. Cycle through these layouts by pressing Alt+Shift. x11/xxkb or x11/sbxkb can be used for improved layout switching control and current layout indicators.
/usr/local/etc/X11/xorg.conf.d/kbd-layout-multi.conf
Section "InputClass" Identifier "All Keyboards" MatchIsKeyboard "yes" Option "XkbLayout" "us, es, ua" EndSection
X can be closed with a combination of keys.
By default, that key combination is not set because it
conflicts with keyboard commands for some
applications. Enabling this option requires changes
to the keyboard InputDevice
section:
/usr/local/etc/X11/xorg.conf.d/keyboard-zap.conf
Section "InputClass" Identifier "KeyboardDefaults" MatchIsKeyboard "on" Option "XkbOptions" "terminate:ctrl_alt_bksp" EndSection
If using xorg-server 1.20.8 or
later under FreeBSD 12.1 and not
using moused(8), add
kern.evdev.rcpt_mask=12
to
/etc/sysctl.conf
.
Many mouse parameters can be adjusted with configuration options. See mousedrv(4) for a full list.
The number of buttons on a mouse can be set in the
mouse InputDevice
section of
xorg.conf
. To set the number of
buttons to 7:
/usr/local/etc/X11/xorg.conf.d/mouse0-buttons.conf
Section "InputDevice" Identifier "Mouse0" Option "Buttons" "7" EndSection
In some cases, Xorg autoconfiguration does not work with particular hardware, or a different configuration is desired. For these cases, a custom configuration file can be created.
Do not create manual configuration files unless required. Unnecessary manual configuration can prevent proper operation.
A configuration file can be generated by Xorg based on the detected hardware. This file is often a useful starting point for custom configurations.
Generating an xorg.conf
:
#
Xorg -configure
The configuration file is saved to
/root/xorg.conf.new
. Make any changes
desired, then test that file (using -retro
so there is a visible background) with:
#
Xorg -retro -config /root/xorg.conf.new
After the new configuration has been adjusted and tested,
it can be split into smaller files in the normal location,
/usr/local/etc/X11/xorg.conf.d/
.
The default fonts that ship with Xorg are less than ideal for typical desktop publishing applications. Large presentation fonts show up jagged and unprofessional looking, and small fonts are almost completely unintelligible. However, there are several free, high quality Type1 (PostScript®) fonts available which can be readily used with Xorg. For instance, the URW font collection (x11-fonts/urwfonts) includes high quality versions of standard type1 fonts (Times Roman®, Helvetica®, Palatino® and others). The Freefonts collection (x11-fonts/freefonts) includes many more fonts, but most of them are intended for use in graphics software such as the Gimp, and are not complete enough to serve as screen fonts. In addition, Xorg can be configured to use TrueType® fonts with a minimum of effort. For more details on this, see the X(7) manual page or Section 5.5.2, “TrueType® Fonts”.
To install the above Type1 font collections from binary packages, run the following commands:
#
pkg install urwfonts
Alternatively, to build from the Ports Collection, run the following commands:
#
cd /usr/ports/x11-fonts/urwfonts
#
make install clean
And likewise with the freefont or other collections. To
have the X server detect these fonts, add an appropriate line
to the X server configuration file
(/etc/X11/xorg.conf
), which reads:
FontPath "/usr/local/share/fonts/urwfonts/"
Alternatively, at the command line in the X session run:
%
xset fp+ /usr/local/share/fonts/urwfonts
%
xset fp rehash
This will work but will be lost when the X session is
closed, unless it is added to the startup file
(~/.xinitrc
for a normal
startx
session, or
~/.xsession
when logging in through a
graphical login manager like XDM).
A third way is to use the new
/usr/local/etc/fonts/local.conf
as
demonstrated in Section 5.5.3, “Anti-Aliased Fonts”.
Xorg has built in support for
rendering TrueType® fonts. There are two different modules
that can enable this functionality. The freetype module is
used in this example because it is more consistent with the
other font rendering back-ends. To enable the freetype module
just add the following line to the "Module"
section of /etc/X11/xorg.conf
.
Load "freetype"
Now make a directory for the TrueType® fonts (for
example, /usr/local/share/fonts/TrueType
)
and copy all of the TrueType® fonts into this directory.
Keep in mind that TrueType® fonts cannot be directly taken
from an Apple® Mac®; they must be in
UNIX®/MS-DOS®/Windows® format for use by
Xorg. Once the files have been
copied into this directory, use
mkfontscale to create a
fonts.dir
, so that the X font renderer
knows that these new files have been installed.
mkfontscale
can be installed as a
package:
#
pkg install mkfontscale
Then create an index of X font files in a directory:
#
cd /usr/local/share/fonts/TrueType
#
mkfontscale
Now add the TrueType® directory to the font path. This is just the same as described in Section 5.5.1, “Type1 Fonts”:
%
xset fp+ /usr/local/share/fonts/TrueType
%
xset fp rehash
or add a FontPath
line to
xorg.conf
.
Now Gimp, Apache OpenOffice, and all of the other X applications should now recognize the installed TrueType® fonts. Extremely small fonts (as with text in a high resolution display on a web page) and extremely large fonts (within StarOffice™) will look much better now.
All fonts in Xorg that are
found in /usr/local/share/fonts/
and
~/.fonts/
are automatically made
available for anti-aliasing to Xft-aware applications. Most
recent applications are Xft-aware, including
KDE,
GNOME, and
Firefox.
To control which fonts are anti-aliased, or to
configure anti-aliasing properties, create (or edit, if it
already exists) the file
/usr/local/etc/fonts/local.conf
. Several
advanced features of the Xft font system can be tuned using
this file; this section describes only some simple
possibilities. For more details, please see
fonts-conf(5).
This file must be in XML format. Pay careful attention to
case, and make sure all tags are properly closed. The file
begins with the usual XML header followed by a DOCTYPE
definition, and then the <fontconfig>
tag:
<?xml version="1.0"?> <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> <fontconfig>
As previously stated, all fonts in
/usr/local/share/fonts/
as well as
~/.fonts/
are already made available to
Xft-aware applications. To add another directory
outside of these two directory trees, add a line like
this to
/usr/local/etc/fonts/local.conf
:
<dir>/path/to/my/fonts</dir>
After adding new fonts, and especially new font directories, rebuild the font caches:
#
fc-cache -f
Anti-aliasing makes borders slightly fuzzy, which makes very small text more readable and removes “staircases” from large text, but can cause eyestrain if applied to normal text. To exclude font sizes smaller than 14 point from anti-aliasing, include these lines:
<match target="font"> <test name="size" compare="less"> <double>14</double> </test> <edit name="antialias" mode="assign"> <bool>false</bool> </edit> </match> <match target="font"> <test name="pixelsize" compare="less" qual="any"> <double>14</double> </test> <edit mode="assign" name="antialias"> <bool>false</bool> </edit> </match>
Spacing for some monospaced fonts might also be inappropriate with anti-aliasing. This seems to be an issue with KDE, in particular. One possible fix is to force the spacing for such fonts to be 100. Add these lines:
<match target="pattern" name="family"> <test qual="any" name="family"> <string>fixed</string> </test> <edit name="family" mode="assign"> <string>mono</string> </edit> </match> <match target="pattern" name="family"> <test qual="any" name="family"> <string>console</string> </test> <edit name="family" mode="assign"> <string>mono</string> </edit> </match>
(this aliases the other common names for fixed fonts as
"mono"
), and then add:
<match target="pattern" name="family"> <test qual="any" name="family"> <string>mono</string> </test> <edit name="spacing" mode="assign"> <int>100</int> </edit> </match>
Certain fonts, such as Helvetica, may have a problem when
anti-aliased. Usually this manifests itself as a font that
seems cut in half vertically. At worst, it may cause
applications to crash. To avoid this, consider adding the
following to local.conf
:
<match target="pattern" name="family"> <test qual="any" name="family"> <string>Helvetica</string> </test> <edit name="family" mode="assign"> <string>sans-serif</string> </edit> </match>
After editing
local.conf
, make certain to end the file
with the </fontconfig>
tag. Not
doing this will cause changes to be ignored.
Users can add personalized settings by creating their own
~/.config/fontconfig/fonts.conf
. This
file uses the same XML format described
above.
One last point: with an LCD screen, sub-pixel sampling may
be desired. This basically treats the (horizontally
separated) red, green and blue components separately to
improve the horizontal resolution; the results can be
dramatic. To enable this, add the line somewhere in
local.conf
:
<match target="font"> <test qual="all" name="rgba"> <const>unknown</const> </test> <edit name="rgba" mode="assign"> <const>rgb</const> </edit> </match>
Depending on the sort of display,
rgb
may need to be changed to
bgr
, vrgb
or
vbgr
: experiment and see which works
best.
Xorg provides an X Display Manager, XDM, which can be used for login session management. XDM provides a graphical interface for choosing which display server to connect to and for entering authorization information such as a login and password combination.
This section demonstrates how to configure the X Display Manager on FreeBSD. Some desktop environments provide their own graphical login manager. Refer to Section 5.7.1, “GNOME” for instructions on how to configure the GNOME Display Manager and Section 5.7.2, “KDE” for instructions on how to configure the KDE Display Manager.
To install XDM, use the
x11/xdm package or port. Once installed,
XDM can be configured to run when
the machine boots up by editing this entry in
/etc/ttys
:
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
Change the off
to on
and save the edit. The ttyv8
in this entry
indicates that XDM will run on the
ninth virtual terminal.
The XDM configuration directory
is located in /usr/local/etc/X11/xdm
.
This directory contains several files used to change the
behavior and appearance of XDM, as
well as a few scripts and programs used to set up the desktop
when XDM is running. Table 5.1, “XDM Configuration Files” summarizes the function of each
of these files. The exact syntax and usage of these files is
described in xdm(1).
File | Description |
---|---|
Xaccess | The protocol for connecting to XDM is called the X Display Manager Connection Protocol (XDMCP). This file is a client authorization ruleset for controlling XDMCP connections from remote machines. By default, this file does not allow any remote clients to connect. |
Xresources | This file controls the look and feel of the XDM display chooser and login screens. The default configuration is a simple rectangular login window with the hostname of the machine displayed at the top in a large font and “Login:” and “Password:” prompts below. The format of this file is identical to the app-defaults file described in the Xorg documentation. |
Xservers | The list of local and remote displays the chooser should provide as login choices. |
Xsession | Default session script for logins which is run by
XDM after a user has logged
in. This points to a customized session
script in ~/.xsession . |
Xsetup_ * | Script to automatically launch applications
before displaying the chooser or login interfaces.
There is a script for each display being used, named
Xsetup_* , where
* is the local display number.
Typically these scripts run one or two programs in the
background such as
xconsole . |
xdm-config | Global configuration for all displays running on this machine. |
xdm-errors | Contains errors generated by the server program.
If a display that XDM is
trying to start hangs, look at this file for error
messages. These messages are also written to the
user's ~/.xsession-errors on a
per-session basis. |
xdm-pid | The running process ID of XDM. |
By default, only users on the same system can login using XDM. To enable users on other systems to connect to the display server, edit the access control rules and enable the connection listener.
To configure XDM to listen for
any remote connection, comment out the
DisplayManager.requestPort
line in
/usr/local/etc/X11/xdm/xdm-config
by
putting a !
in front of it:
! SECURITY: do not listen for XDMCP or Chooser requests ! Comment out this line if you want to manage X terminals with xdm DisplayManager.requestPort: 0
Save the edits and restart XDM.
To restrict remote access, look at the example entries in
/usr/local/etc/X11/xdm/Xaccess
and refer
to xdm(1) for further information.
This section describes how to install three popular desktop
environments on a FreeBSD system. A desktop environment can range
from a simple window manager to a complete suite of desktop
applications. Over a hundred desktop environments are available
in the x11-wm
category of the Ports
Collection.
GNOME is a user-friendly desktop environment. It includes a panel for starting applications and displaying status, a desktop, a set of tools and applications, and a set of conventions that make it easy for applications to cooperate and be consistent with each other. More information regarding GNOME on FreeBSD can be found at https://www.FreeBSD.org/gnome. That web site contains additional documentation about installing, configuring, and managing GNOME on FreeBSD.
This desktop environment can be installed from a package:
#
pkg install gnome3
To instead build GNOME from ports, use the following command. GNOME is a large application and will take some time to compile, even on a fast computer.
#
cd /usr/ports/x11/gnome3
#
make install clean
GNOME
requires /proc
to be mounted. Add this
line to /etc/fstab
to mount this file
system automatically during system startup:
proc /proc procfs rw 0 0
GNOME uses
D-Bus and
HAL for a message bus and hardware
abstraction. These applications are automatically installed
as dependencies of GNOME. Enable
them in /etc/rc.conf
so they will be
started when the system boots:
dbus_enable="YES" hald_enable="YES"
After installation,
configure Xorg to start
GNOME. The easiest way to do this
is to enable the GNOME Display Manager,
GDM, which is installed as part of
the GNOME package or port. It can
be enabled by adding this line to
/etc/rc.conf
:
gdm_enable="YES"
It is often desirable to also start all
GNOME services. To achieve this,
add a second line to /etc/rc.conf
:
gnome_enable="YES"
GDM will start automatically when the system boots.
A second method for starting
GNOME is to type
startx
from the command-line after
configuring ~/.xinitrc
. If this file
already exists, replace the line that starts the current
window manager with one that starts
/usr/local/bin/gnome-session
. If this
file does not exist, create it with this command:
%
echo "exec /usr/local/bin/gnome-session" > ~/.xinitrc
A third method is to use XDM as
the display manager. In this case, create an executable
~/.xsession
:
%
echo "exec /usr/local/bin/gnome-session" > ~/.xsession
KDE is another easy-to-use desktop environment. This desktop provides a suite of applications with a consistent look and feel, a standardized menu and toolbars, keybindings, color-schemes, internationalization, and a centralized, dialog-driven desktop configuration. More information on KDE can be found at http://www.kde.org/. For FreeBSD-specific information, consult http://freebsd.kde.org.
To install the KDE package, type:
#
pkg install x11/kde5
To instead build the KDE port, use the following command. Installing the port will provide a menu for selecting which components to install. KDE is a large application and will take some time to compile, even on a fast computer.
#
cd /usr/ports/x11/kde5
#
make install clean
KDE requires
/proc
to be mounted. Add this line to
/etc/fstab
to mount this file system
automatically during system startup:
proc /proc procfs rw 0 0
KDE uses
D-Bus and
HAL for a message bus and hardware
abstraction. These applications are automatically installed
as dependencies of KDE. Enable
them in /etc/rc.conf
so they will be
started when the system boots:
dbus_enable="YES" hald_enable="YES"
Since KDE Plasma 5, the KDE Display Manager, KDM is no longer developed. A possible replacement is SDDM. To install it, type:
#
pkg install x11/sddm
Add this line to
/etc/rc.conf
:
sddm_enable="YES"
A second method for launching
KDE Plasma is to type
startx
from the command line. For this to
work, the following line is needed in
~/.xinitrc
:
exec ck-launch-session startplasma-x11
A third method for starting KDE Plasma
is through XDM. To do so, create
an executable ~/.xsession
as
follows:
%
echo "exec ck-launch-session startplasma-x11" > ~/.xsession
Once KDE Plasma is started, refer to its built-in help system for more information on how to use its various menus and applications.
Xfce is a desktop environment based on the GTK+ toolkit used by GNOME. However, it is more lightweight and provides a simple, efficient, easy-to-use desktop. It is fully configurable, has a main panel with menus, applets, and application launchers, provides a file manager and sound manager, and is themeable. Since it is fast, light, and efficient, it is ideal for older or slower machines with memory limitations. More information on Xfce can be found at http://www.xfce.org.
To install the Xfce package:
#
pkg install xfce
Alternatively, to build the port:
#
cd /usr/ports/x11-wm/xfce4
#
make install clean
Xfce uses
D-Bus for a message bus. This
application is automatically installed as dependency of
Xfce. Enable it in
/etc/rc.conf
so it will be started when
the system boots:
dbus_enable="YES"
Unlike GNOME or
KDE,
Xfce does not provide its own login
manager. In order to start Xfce
from the command line by typing startx
,
first create ~/.xinitrc
with this
command:
%
echo ". /usr/local/etc/xdg/xfce4/xinitrc" > ~/.xinitrc
An alternate method is to use
XDM. To configure this method,
create an executable ~/.xsession
:
%
echo ". /usr/local/etc/xdg/xfce4/xinitrc" > ~/.xsession
One way to make using a desktop computer more pleasant is with nice 3D effects.
Installing the Compiz Fusion package is easy, but configuring it requires a few steps that are not described in the port's documentation.
Desktop effects can cause quite a load on the graphics
card. For an nVidia-based graphics card, the proprietary
driver is required for good performance. Users of other
graphics cards can skip this section and continue with the
xorg.conf
configuration.
To determine which nVidia driver is needed see the FAQ question on the subject.
Having determined the correct driver to use for your card, installation is as simple as installing any other package.
For example, to install the latest driver:
#
pkg install x11/nvidia-driver
The driver will create a kernel module, which needs to be
loaded at system startup. Add the following line to
/boot/loader.conf
:
nvidia_load="YES"
To immediately load the kernel module into the running
kernel issue a command like kldload
nvidia
. However, it has been noted that some
versions of Xorg will not
function properly if the driver is not loaded at boot time.
After editing /boot/loader.conf
, a
reboot is recommended.
With the kernel module loaded, you normally only need to
change a single line in xorg.conf
to enable the proprietary driver:
Find the following line in
/etc/X11/xorg.conf
:
Driver "nv"
and change it to:
Driver "nvidia"
Start the GUI as usual, and you should be greeted by the nVidia splash. Everything should work as usual.
To enable Compiz Fusion,
/etc/X11/xorg.conf
needs to be
modified:
Add the following section to enable composite effects:
Section "Extensions" Option "Composite" "Enable" EndSection
Locate the “Screen” section which should look similar to the one below:
Section "Screen" Identifier "Screen0" Device "Card0" Monitor "Monitor0" ...
and add the following two lines (after “Monitor” will do):
DefaultDepth 24 Option "AddARGBGLXVisuals" "True"
Locate the “Subsection” that refers to the screen resolution that you wish to use. For example, if you wish to use 1280x1024, locate the section that follows. If the desired resolution does not appear in any subsection, you may add the relevant entry by hand:
SubSection "Display" Viewport 0 0 Modes "1280x1024" EndSubSection
A color depth of 24 bits is needed for desktop composition, change the above subsection to:
SubSection "Display" Viewport 0 0 Depth 24 Modes "1280x1024" EndSubSection
Finally, confirm that the “glx” and “extmod” modules are loaded in the “Module” section:
Section "Module" Load "extmod" Load "glx" ...
The preceding can be done automatically with x11/nvidia-xconfig by running (as root):
#
nvidia-xconfig --add-argb-glx-visuals
#
nvidia-xconfig --composite
#
nvidia-xconfig --depth=24
Installing Compiz Fusion is as simple as any other package:
#
pkg install x11-wm/compiz-fusion
When the installation is finished, start your graphic desktop and at a terminal, enter the following commands (as a normal user):
%
compiz --replace --sm-disable --ignore-desktop-hints ccp &
%
emerald --replace &
Your screen will flicker for a few seconds, as your window manager (e.g. Metacity if you are using GNOME) is replaced by Compiz Fusion. Emerald takes care of the window decorations (i.e. close, minimize, maximize buttons, title bars and so on).
You may convert this to a trivial script and have it run at startup automatically (e.g. by adding to “Sessions” in a GNOME desktop):
#! /bin/sh compiz --replace --sm-disable --ignore-desktop-hints ccp & emerald --replace &
Save this in your home directory as, for example,
start-compiz
and make it
executable:
%
chmod +x ~/start-compiz
Then use the GUI to add it to GNOME desktop).
(located in , , on aTo actually select all the desired effects and their settings, execute (again as a normal user) the Compiz Config Settings Manager:
%
ccsm
In GNOME, this can also be found in the , menu.
If you have selected “gconf support” during
the build, you will also be able to view these settings using
gconf-editor
under
apps/compiz
.
If the mouse does not work, you will need to first configure
it before proceeding.
In recent Xorg
versions, the InputDevice
sections in
xorg.conf
are ignored in favor of the
autodetected devices. To restore the old behavior, add the
following line to the ServerLayout
or
ServerFlags
section of this file:
Option "AutoAddDevices" "false"
Input devices may then be configured as in previous versions, along with any other options needed (e.g., keyboard layout switching).
As previously explained the hald daemon will, by default, automatically detect your keyboard. There are chances that your keyboard layout or model will not be correct, desktop environments like GNOME, KDE or Xfce provide tools to configure the keyboard. However, it is possible to set the keyboard properties directly either with the help of the setxkbmap(1) utility or with a hald's configuration rule.
For example if, one wants to use a PC 102 keys keyboard
coming with a french layout, we have to create a keyboard
configuration file for hald
called x11-input.fdi
and saved in the
/usr/local/etc/hal/fdi/policy
directory. This file should contain the following
lines:
<?xml version="1.0" encoding="iso-8859-1"?> <deviceinfo version="0.2"> <device> <match key="info.capabilities" contains="input.keyboard"> <merge key="input.x11_options.XkbModel" type="string">pc102</merge> <merge key="input.x11_options.XkbLayout" type="string">fr</merge> </match> </device> </deviceinfo>
If this file already exists, just copy and add to your file the lines regarding the keyboard configuration.
You will have to reboot your machine to force hald to read this file.
It is possible to do the same configuration from an X terminal or a script with this command line:
%
setxkbmap -model pc102 -layout fr
/usr/local/share/X11/xkb/rules/base.lst
lists the various keyboard, layouts and options
available.
The xorg.conf.new
configuration file
may now be tuned to taste. Open the file in a text editor
such as emacs(1) or ee(1). If the monitor is an
older or unusual model that does not support autodetection of
sync frequencies, those settings can be added to
xorg.conf.new
under the
"Monitor"
section:
Section "Monitor" Identifier "Monitor0" VendorName "Monitor Vendor" ModelName "Monitor Model" HorizSync 30-107 VertRefresh 48-120 EndSection
Most monitors support sync frequency autodetection, making manual entry of these values unnecessary. For the few monitors that do not support autodetection, avoid potential damage by only entering values provided by the manufacturer.
X allows DPMS (Energy Star) features to be used with capable monitors. The xset(1) program controls the time-outs and can force standby, suspend, or off modes. If you wish to enable DPMS features for your monitor, you must add the following line to the monitor section:
Option "DPMS"
While the xorg.conf.new
configuration
file is still open in an editor, select the default resolution
and color depth desired. This is defined in the
"Screen"
section:
Section "Screen" Identifier "Screen0" Device "Card0" Monitor "Monitor0" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 Modes "1024x768" EndSubSection EndSection
The DefaultDepth
keyword describes the
color depth to run at by default. This can be overridden with
the -depth
command line switch to
Xorg(1). The Modes
keyword describes
the resolution to run at for the given color depth. Note that
only VESA standard modes are supported as defined by the
target system's graphics hardware. In the example above, the
default color depth is twenty-four bits per pixel. At this
color depth, the accepted resolution is 1024 by 768
pixels.
Finally, write the configuration file and test it using the test mode given above.
One of the tools available to assist you during
troubleshooting process are the
Xorg log files, which contain
information on each device that the
Xorg server attaches to.
Xorg log file names are in the
format of /var/log/Xorg.0.log
. The
exact name of the log can vary from
Xorg.0.log
to
Xorg.8.log
and so forth.
If all is well, the configuration file needs to be
installed in a common location where Xorg(1) can find it.
This is typically /etc/X11/xorg.conf
or
/usr/local/etc/X11/xorg.conf
.
#
cp xorg.conf.new /etc/X11/xorg.conf
The Xorg configuration process is now complete. Xorg may be now started with the startx(1) utility. The Xorg server may also be started with the use of xdm(1).
Configuration with Intel® i810 integrated chipsets
requires the agpgart
AGP programming
interface for Xorg to drive the
card. See the agp(4) driver manual page for more
information.
This will allow configuration of the hardware as any
other graphics board. Note on systems without the
agp(4) driver compiled in the kernel, trying to load
the module with kldload(8) will not work. This driver
has to be in the kernel at boot time through being compiled
in or using /boot/loader.conf
.
This section assumes a bit of advanced configuration knowledge. If attempts to use the standard configuration tools above have not resulted in a working configuration, there is information enough in the log files to be of use in getting the setup working. Use of a text editor will be necessary.
Current widescreen (WSXGA, WSXGA+, WUXGA, WXGA, WXGA+, et.al.) formats support 16:10 and 10:9 formats or aspect ratios that can be problematic. Examples of some common screen resolutions for 16:10 aspect ratios are:
2560x1600
1920x1200
1680x1050
1440x900
1280x800
At some point, it will be as easy as adding one of these
resolutions as a possible Mode
in the
Section "Screen"
as such:
Section "Screen" Identifier "Screen0" Device "Card0" Monitor "Monitor0" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 Modes "1680x1050" EndSubSection EndSection
Xorg is smart enough to pull the resolution information from the widescreen via I2C/DDC information so it knows what the monitor can handle as far as frequencies and resolutions.
If those ModeLines
do not exist in
the drivers, one might need to give
Xorg a little hint. Using
/var/log/Xorg.0.log
one can extract
enough information to manually create a
ModeLine
that will work. Simply look for
information resembling this:
(II) MGA(0): Supported additional Video Mode: (II) MGA(0): clock: 146.2 MHz Image Size: 433 x 271 mm (II) MGA(0): h_active: 1680 h_sync: 1784 h_sync_end 1960 h_blank_end 2240 h_border: 0 (II) MGA(0): v_active: 1050 v_sync: 1053 v_sync_end 1059 v_blanking: 1089 v_border: 0 (II) MGA(0): Ranges: V min: 48 V max: 85 Hz, H min: 30 H max: 94 kHz, PixClock max 170 MHz
This information is called EDID information. Creating a
ModeLine
from this is just a matter of
putting the numbers in the correct order:
ModeLine <name> <clock> <4 horiz. timings> <4 vert. timings>
So that the ModeLine
in
Section "Monitor"
for this example would
look like this:
Section "Monitor" Identifier "Monitor1" VendorName "Bigname" ModelName "BestModel" ModeLine "1680x1050" 146.2 1680 1784 1960 2240 1050 1053 1059 1089 Option "DPMS" EndSection
Now having completed these simple editing steps, X should start on your new widescreen monitor.
5.9.3.1. | I have installed Compiz Fusion, and after running the commands you mention, my windows are left without title bars and buttons. What is wrong? |
You are probably missing a setting in
| |
5.9.3.2. | When I run the command to start Compiz Fusion, the X server crashes and I am back at the console. What is wrong? |
If you check
(EE) NVIDIA(0): Failed to initialize the GLX module; please check in your X (EE) NVIDIA(0): log file that the GLX module has been loaded in your X (EE) NVIDIA(0): server, and that the module is the NVIDIA GLX module. If (EE) NVIDIA(0): you continue to encounter problems, Please try (EE) NVIDIA(0): reinstalling the NVIDIA driver. This is usually the case when you upgrade Xorg. You will need to reinstall the x11/nvidia-driver package so glx is built again. |
Now that the basics have been covered, this part of the book discusses some frequently used features of FreeBSD. These chapters:
Introduce popular and useful desktop applications: browsers, productivity tools, document viewers, and more.
Introduce a number of multimedia tools available for FreeBSD.
Explain the process of building a customized FreeBSD kernel to enable extra functionality.
Describe the print system in detail, both for desktop and network-connected printer setups.
Show how to run Linux applications on the FreeBSD system.
Some of these chapters recommend prior reading, and this is noted in the synopsis at the beginning of each chapter.
While FreeBSD is popular as a server for its performance and stability, it is also suited for day-to-day use as a desktop. With over 24,000 applications available as FreeBSD packages or ports, it is easy to build a customized desktop that runs a wide variety of desktop applications. This chapter demonstrates how to install numerous desktop applications, including web browsers, productivity software, document viewers, and financial software.
Users who prefer to install a pre-built desktop version of FreeBSD rather than configuring one from scratch should refer to FuryBSD, GhostBSD or MidnightBSD.
Readers of this chapter should know how to:
Install additional software using packages or ports as described in Chapter 4, Installing Applications: Packages and Ports.
Install X and a window manager as described in Chapter 5, The X Window System.
For information on how to configure a multimedia environment, refer to Chapter 7, Multimedia.
FreeBSD does not come with a pre-installed web browser. Instead, the www category of the Ports Collection contains many browsers which can be installed as a package or compiled from the Ports Collection.
The KDE and GNOME desktop environments include their own HTML browser. Refer to Section 5.7, “Desktop Environments” for more information on how to set up these complete desktops.
Some lightweight browsers include www/dillo2, www/links, and www/w3m.
This section demonstrates how to install the following popular web browsers and indicates if the application is resource-heavy, takes time to compile from ports, or has any major dependencies.
Application Name | Resources Needed | Installation from Ports | Notes |
---|---|---|---|
Firefox | medium | heavy | FreeBSD, Linux®, and localized versions are available |
Konqueror | medium | heavy | Requires KDE libraries |
Chromium | medium | heavy | Requires Gtk+ |
Firefox is an open source browser that features a standards-compliant HTML display engine, tabbed browsing, popup blocking, extensions, improved security, and more. Firefox is based on the Mozilla codebase.
To install the package of the latest release version of Firefox, type:
#
pkg install firefox
To instead install Firefox Extended Support Release (ESR) version, use:
#
pkg install firefox-esr
The Ports Collection can instead be used to compile the
desired version of Firefox from
source code. This example builds
www/firefox, where
firefox
can be replaced with the ESR or
localized version to install.
#
cd /usr/ports/www/firefox
#
make install clean
Konqueror is more than a web browser as it is also a file manager and a multimedia viewer. Supports WebKit as well as its own KHTML. WebKit is a rendering engine used by many modern browsers including Chromium.
Konqueror can be installed as a package by typing:
#
pkg install konqueror
To install from the Ports Collection:
#
cd /usr/ports/x11-fm/konqueror/
#
make install clean
Chromium is an open source browser project that aims to build a safer, faster, and more stable web browsing experience. Chromium features tabbed browsing, popup blocking, extensions, and much more. Chromium is the open source project upon which the Google Chrome web browser is based.
Chromium can be installed as a package by typing:
#
pkg install chromium
Alternatively, Chromium can be compiled from source using the Ports Collection:
#
cd /usr/ports/www/chromium
#
make install clean
The executable for Chromium
is /usr/local/bin/chrome
, not
/usr/local/bin/chromium
.
When it comes to productivity, users often look for an office suite or an easy-to-use word processor. While some desktop environments like KDE provide an office suite, there is no default productivity package. Several office suites and graphical word processors are available for FreeBSD, regardless of the installed window manager.
This section demonstrates how to install the following popular productivity software and indicates if the application is resource-heavy, takes time to compile from ports, or has any major dependencies.
Application Name | Resources Needed | Installation from Ports | Major Dependencies |
---|---|---|---|
Calligra | light | heavy | KDE |
AbiWord | light | light | Gtk+ or GNOME |
The Gimp | light | heavy | Gtk+ |
Apache OpenOffice | heavy | huge | JDK™ and Mozilla |
LibreOffice | somewhat heavy | huge | Gtk+, or KDE/ GNOME, or JDK™ |
The KDE desktop environment includes an office suite which can be installed separately from KDE. Calligra includes standard components that can be found in other office suites. Words is the word processor, Sheets is the spreadsheet program, Stage manages slide presentations, and Karbon is used to draw graphical documents.
In FreeBSD, editors/calligra can be installed as a package or a port. To install the package:
#
pkg install calligra
If the package is not available, use the Ports Collection instead:
#
cd /usr/ports/editors/calligra
#
make install clean
AbiWord is a free word processing program similar in look and feel to Microsoft® Word. It is fast, contains many features, and is user-friendly.
AbiWord can import or export
many file formats, including some proprietary ones like
Microsoft® .rtf
.
To install the AbiWord package:
#
pkg install abiword
If the package is not available, it can be compiled from the Ports Collection:
#
cd /usr/ports/editors/abiword
#
make install clean
For image authoring or picture retouching, The GIMP provides a sophisticated image manipulation program. It can be used as a simple paint program or as a quality photo retouching suite. It supports a large number of plugins and features a scripting interface. The GIMP can read and write a wide range of file formats and supports interfaces with scanners and tablets.
To install the package:
#
pkg install gimp
Alternately, use the Ports Collection:
#
cd /usr/ports/graphics/gimp
#
make install clean
The graphics category (freebsd.org/ports/graphics.html) of the Ports Collection contains several GIMP-related plugins, help files, and user manuals.
Apache OpenOffice is an open source office suite which is developed under the wing of the Apache Software Foundation's Incubator. It includes all of the applications found in a complete office productivity suite: a word processor, spreadsheet, presentation manager, and drawing program. Its user interface is similar to other office suites, and it can import and export in various popular file formats. It is available in a number of different languages and internationalization has been extended to interfaces, spell checkers, and dictionaries.
The word processor of Apache OpenOffice uses a native XML file format for increased portability and flexibility. The spreadsheet program features a macro language which can be interfaced with external databases. Apache OpenOffice is stable and runs natively on Windows®, Solaris™, Linux®, FreeBSD, and Mac OS® X. More information about Apache OpenOffice can be found at openoffice.org. For FreeBSD specific information refer to porting.openoffice.org/freebsd/.
To install the Apache OpenOffice package:
#
pkg install apache-openoffice
Once the package is installed, type the following command to launch Apache OpenOffice:
%
openoffice-
X.Y.Z
where X.Y.Z
is the version
number of the installed version of Apache
OpenOffice. The first time
Apache OpenOffice launches, some
questions will be asked and a
.openoffice.org
folder will be created in
the user's home directory.
If the desired Apache OpenOffice package is not available, compiling the port is still an option. However, this requires a lot of disk space and a fairly long time to compile:
#
cd /usr/ports/editors/openoffice-4
#
make install clean
To build a localized version, replace the previous command with:
#
make LOCALIZED_LANG=
your_language
install clean
Replace
your_language
with the correct
language ISO-code. A list of supported language codes is
available in
files/Makefile.localized
, located in
the port's directory.
LibreOffice is a free software office suite developed by documentfoundation.org. It is compatible with other major office suites and available on a variety of platforms. It is a rebranded fork of Apache OpenOffice and includes applications found in a complete office productivity suite: a word processor, spreadsheet, presentation manager, drawing program, database management program, and a tool for creating and editing mathematical formulæ. It is available in a number of different languages and internationalization has been extended to interfaces, spell checkers, and dictionaries.
The word processor of LibreOffice uses a native XML file format for increased portability and flexibility. The spreadsheet program features a macro language which can be interfaced with external databases. LibreOffice is stable and runs natively on Windows®, Linux®, FreeBSD, and Mac OS® X. More information about LibreOffice can be found at libreoffice.org.
To install the English version of the LibreOffice package:
#
pkg install libreoffice
The editors category (freebsd.org/ports/editors.html)
of the Ports Collection contains several localizations for
LibreOffice. When installing a
localized package, replace libreoffice
with the name of the localized package.
Once the package is installed, type the following command to run LibreOffice:
%
libreoffice
During the first launch, some questions will be asked
and a .libreoffice
folder will be created
in the user's home directory.
If the desired LibreOffice package is not available, compiling the port is still an option. However, this requires a lot of disk space and a fairly long time to compile. This example compiles the English version:
#
cd /usr/ports/editors/libreoffice
#
make install clean
To build a localized version,
cd
into the port directory of
the desired language. Supported languages can be found
in the editors category (freebsd.org/ports/editors.html)
of the Ports Collection.
Some new document formats have gained popularity since the advent of UNIX® and the viewers they require may not be available in the base system. This section demonstrates how to install the following document viewers:
Application Name | Resources Needed | Installation from Ports | Major Dependencies |
---|---|---|---|
Xpdf | light | light | FreeType |
gv | light | light | Xaw3d |
Geeqie | light | light | Gtk+ or GNOME |
ePDFView | light | light | Gtk+ |
Okular | light | heavy | KDE |
For users that prefer a small FreeBSD PDF viewer, Xpdf provides a light-weight and efficient viewer which requires few resources. It uses the standard X fonts and does not require any additional toolkits.
To install the Xpdf package:
#
pkg install xpdf
If the package is not available, use the Ports Collection:
#
cd /usr/ports/graphics/xpdf
#
make install clean
Once the installation is complete, launch
xpdf
and use the right mouse button to
activate the menu.
gv is a PostScript® and PDF viewer. It is based on ghostview, but has a nicer look as it is based on the Xaw3d widget toolkit. gv has many configurable features, such as orientation, paper size, scale, and anti-aliasing. Almost any operation can be performed with either the keyboard or the mouse.
To install gv as a package:
#
pkg install gv
If a package is unavailable, use the Ports Collection:
#
cd /usr/ports/print/gv
#
make install clean
Geeqie is a fork from the unmaintained GQView project, in an effort to move development forward and integrate the existing patches. Geeqie is an image manager which supports viewing a file with a single click, launching an external editor, and thumbnail previews. It also features a slideshow mode and some basic file operations, making it easy to manage image collections and to find duplicate files. Geeqie supports full screen viewing and internationalization.
To install the Geeqie package:
#
pkg install geeqie
If the package is not available, use the Ports Collection:
#
cd /usr/ports/graphics/geeqie
#
make install clean
ePDFView is a lightweight PDF document viewer that only uses the Gtk+ and Poppler libraries. It is currently under development, but already opens most PDF files (even encrypted), save copies of documents, and has support for printing using CUPS.
To install ePDFView as a package:
#
pkg install epdfview
If a package is unavailable, use the Ports Collection:
#
cd /usr/ports/graphics/epdfview
#
make install clean
Okular is a universal document viewer based on KPDF for KDE. It can open many document formats, including PDF, PostScript®, DjVu, CHM, XPS, and ePub.
To install Okular as a package:
#
pkg install okular
If a package is unavailable, use the Ports Collection:
#
cd /usr/ports/graphics/okular
#
make install clean
For managing personal finances on a FreeBSD desktop, some powerful and easy-to-use applications can be installed. Some are compatible with widespread file formats, such as the formats used by Quicken and Excel.
This section covers these programs:
Application Name | Resources Needed | Installation from Ports | Major Dependencies |
---|---|---|---|
GnuCash | light | heavy | GNOME |
Gnumeric | light | heavy | GNOME |
KMyMoney | light | heavy | KDE |
GnuCash is part of the GNOME effort to provide user-friendly, yet powerful, applications to end-users. GnuCash can be used to keep track of income and expenses, bank accounts, and stocks. It features an intuitive interface while remaining professional.
GnuCash provides a smart register, a hierarchical system of accounts, and many keyboard accelerators and auto-completion methods. It can split a single transaction into several more detailed pieces. GnuCash can import and merge Quicken QIF files. It also handles most international date and currency formats.
To install the GnuCash package:
#
pkg install gnucash
If the package is not available, use the Ports Collection:
#
cd /usr/ports/finance/gnucash
#
make install clean
Gnumeric is a spreadsheet program developed by the GNOME community. It features convenient automatic guessing of user input according to the cell format with an autofill system for many sequences. It can import files in a number of popular formats, including Excel, Lotus 1-2-3, and Quattro Pro. It has a large number of built-in functions and allows all of the usual cell formats such as number, currency, date, time, and much more.
To install Gnumeric as a package:
#
pkg install gnumeric
If the package is not available, use the Ports Collection:
#
cd /usr/ports/math/gnumeric
#
make install clean
KMyMoney is a personal finance application created by the KDE community. KMyMoney aims to provide the important features found in commercial personal finance manager applications. It also highlights ease-of-use and proper double-entry accounting among its features. KMyMoney imports from standard Quicken QIF files, tracks investments, handles multiple currencies, and provides a wealth of reports.
To install KMyMoney as a package:
#
pkg install kmymoney-kde4
If the package is not available, use the Ports Collection:
#
cd /usr/ports/finance/kmymoney-kde4
#
make install clean
FreeBSD supports a wide variety of sound cards, allowing users to enjoy high fidelity output from a FreeBSD system. This includes the ability to record and play back audio in the MPEG Audio Layer 3 (MP3), Waveform Audio File (WAV), Ogg Vorbis, and other formats. The FreeBSD Ports Collection contains many applications for editing recorded audio, adding sound effects, and controlling attached MIDI devices.
FreeBSD also supports the playback of video files and DVDs. The FreeBSD Ports Collection contains applications to encode, convert, and playback various video media.
This chapter describes how to configure sound cards, video playback, TV tuner cards, and scanners on FreeBSD. It also describes some of the applications which are available for using these devices.
After reading this chapter, you will know how to:
Configure a sound card on FreeBSD.
Troubleshoot the sound setup.
Playback and encode MP3s and other audio.
Prepare a FreeBSD system for video playback.
Play DVDs, .mpg
,
and .avi
files.
Rip CD and DVD content into files.
Configure a TV card.
Install and setup MythTV on FreeBSD
Configure an image scanner.
Configure a Bluetooth headset.
Before reading this chapter, you should:
Know how to install applications as described in Chapter 4, Installing Applications: Packages and Ports.
Before beginning the configuration, determine the model of the sound card and the chip it uses. FreeBSD supports a wide variety of sound cards. Check the supported audio devices list of the Hardware Notes to see if the card is supported and which FreeBSD driver it uses.
In order to use the sound device, its device driver must be loaded. The easiest way is to load a kernel module for the sound card with kldload(8). This example loads the driver for a built-in audio chipset based on the Intel specification:
#
kldload snd_hda
To automate the loading of this driver at boot time, add the
driver to /boot/loader.conf
. The line for
this driver is:
snd_hda_load="YES"
Other available sound modules are listed in
/boot/defaults/loader.conf
. When unsure
which driver to use, load the snd_driver
module:
#
kldload snd_driver
This is a metadriver which loads all of the most common
sound drivers and can be used to speed up the search for the
correct driver. It is also possible to load all sound drivers
by adding the metadriver to
/boot/loader.conf
.
To determine which driver was selected for the sound card
after loading the snd_driver
metadriver,
type cat /dev/sndstat
.
This section is for users who prefer to statically compile in support for the sound card in a custom kernel. For more information about recompiling a kernel, refer to Chapter 8, Configuring the FreeBSD Kernel.
When using a custom kernel to provide sound support, make sure that the audio framework driver exists in the custom kernel configuration file:
device sound
Next, add support for the sound card. To continue the example of the built-in audio chipset based on the Intel specification from the previous section, use the following line in the custom kernel configuration file:
device snd_hda
Be sure to read the manual page of the driver for the device name to use for the driver.
Non-PnP ISA sound cards may require the IRQ and I/O port
settings of the card to be added to
/boot/device.hints
. During the boot
process, loader(8) reads this file and passes the
settings to the kernel. For example, an old Creative
SoundBlaster® 16 ISA non-PnP card will use the
snd_sbc(4) driver in conjunction with
snd_sb16
. For this card, the following
lines must be added to the kernel configuration file:
device snd_sbc device snd_sb16
If the card uses the 0x220
I/O port and
IRQ 5
, these lines must also be added to
/boot/device.hints
:
hint.sbc.0.at="isa" hint.sbc.0.port="0x220" hint.sbc.0.irq="5" hint.sbc.0.drq="1" hint.sbc.0.flags="0x15"
The syntax used in /boot/device.hints
is described in sound(4) and the manual page for the
driver of the sound card.
The settings shown above are the defaults. In some cases, the IRQ or other settings may need to be changed to match the card. Refer to snd_sbc(4) for more information about this card.
After loading the required module or rebooting into the
custom kernel, the sound card should be detected. To confirm,
run dmesg | grep pcm
. This example is
from a system with a built-in Conexant CX20590 chipset:
pcm0: <NVIDIA (0x001c) (HDMI/DP 8ch)> at nid 5 on hdaa0 pcm1: <NVIDIA (0x001c) (HDMI/DP 8ch)> at nid 6 on hdaa0 pcm2: <Conexant CX20590 (Analog 2.0+HP/2.0)> at nid 31,25 and 35,27 on hdaa1
The status of the sound card may also be checked using this command:
#
cat /dev/sndstat
FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64) Installed devices: pcm0: <NVIDIA (0x001c) (HDMI/DP 8ch)> (play) pcm1: <NVIDIA (0x001c) (HDMI/DP 8ch)> (play) pcm2: <Conexant CX20590 (Analog 2.0+HP/2.0)> (play/rec) default
The output will vary depending upon the sound card. If no
pcm
devices are listed, double-check
that the correct device driver was loaded or compiled into the
kernel. The next section lists some common problems and their
solutions.
If all goes well, the sound card should now work in FreeBSD. If the CD or DVD drive is properly connected to the sound card, one can insert an audio CD in the drive and play it with cdcontrol(1):
%
cdcontrol -f /dev/acd0 play 1
Audio CDs have specialized encodings which means that they should not be mounted using mount(8).
Various applications, such as audio/workman, provide a friendlier interface. The audio/mpg123 port can be installed to listen to MP3 audio files.
Another quick way to test the card is to send data to
/dev/dsp
:
%
cat
filename
> /dev/dsp
where
can
be any type of file. This command should produce some noise,
confirming that the sound card is working.filename
The /dev/dsp*
device nodes will
be created automatically as needed. When not in use, they
do not exist and will not appear in the output of
ls(1).
Connecting to a Bluetooth device is out of scope for this chapter. Refer to Section 31.5, “Bluetooth” for more information.
To get Bluetooth sound sink working with FreeBSD's sound system, users have to install audio/virtual_oss first:
#
pkg install virtual_oss
audio/virtual_oss requires
cuse
to be loaded into the kernel:
#
kldload cuse
To load cuse
during system startup, run
this command:
#
sysrc -f /boot/loader.conf cuse_load=yes
To use headphones as a sound sink with audio/virtual_oss, users need to create a virtual device after connecting to a Bluetooth audio device:
#
virtual_oss -C 2 -c 2 -r 48000 -b 16 -s 768 -R /dev/null -P /dev/bluetooth/
headphones
-d dsp
headphones
in this example is
a hostname from /etc/bluetooth/hosts
.
BT_ADDR
could be used instead.
Refer to virtual_oss(8) for more information.
Table 7.1, “Common Error Messages” lists some common error messages and their solutions:
Error | Solution |
---|---|
sb_dspwr(XX) timed out | The I/O port is not set correctly. |
bad irq XX | The IRQ is set incorrectly. Make sure that the set IRQ and the sound IRQ are the same. |
xxx: gus pcm not attached, out of memory | There is not enough available memory to use the device. |
xxx: can't open /dev/dsp! | Type |
Modern graphics cards often come with their own sound
driver for use with HDMI. This sound
device is sometimes enumerated before the sound card meaning
that the sound card will not be used as the default playback
device. To check if this is the case, run
dmesg and look for
pcm
. The output looks something like
this:
... hdac0: HDA Driver Revision: 20100226_0142 hdac1: HDA Driver Revision: 20100226_0142 hdac0: HDA Codec #0: NVidia (Unknown) hdac0: HDA Codec #1: NVidia (Unknown) hdac0: HDA Codec #2: NVidia (Unknown) hdac0: HDA Codec #3: NVidia (Unknown) pcm0: <HDA NVidia (Unknown) PCM #0 DisplayPort> at cad 0 nid 1 on hdac0 pcm1: <HDA NVidia (Unknown) PCM #0 DisplayPort> at cad 1 nid 1 on hdac0 pcm2: <HDA NVidia (Unknown) PCM #0 DisplayPort> at cad 2 nid 1 on hdac0 pcm3: <HDA NVidia (Unknown) PCM #0 DisplayPort> at cad 3 nid 1 on hdac0 hdac1: HDA Codec #2: Realtek ALC889 pcm4: <HDA Realtek ALC889 PCM #0 Analog> at cad 2 nid 1 on hdac1 pcm5: <HDA Realtek ALC889 PCM #1 Analog> at cad 2 nid 1 on hdac1 pcm6: <HDA Realtek ALC889 PCM #2 Digital> at cad 2 nid 1 on hdac1 pcm7: <HDA Realtek ALC889 PCM #3 Digital> at cad 2 nid 1 on hdac1 ...
In this example, the graphics card
(NVidia
) has been enumerated before the
sound card (Realtek ALC889
). To use the
sound card as the default playback device, change
hw.snd.default_unit
to the unit that should
be used for playback:
#
sysctl hw.snd.default_unit=
n
where n
is the number of the sound
device to use. In this example, it should be
4
. Make this change permanent by adding
the following line to
/etc/sysctl.conf
:
hw.snd.default_unit=4
It is often desirable to have multiple sources of sound that are able to play simultaneously. FreeBSD uses “Virtual Sound Channels” to multiplex the sound card's playback by mixing sound in the kernel.
Three sysctl(8) knobs are available for configuring virtual channels:
#
sysctl dev.pcm.0.play.vchans=4
#
sysctl dev.pcm.0.rec.vchans=4
#
sysctl hw.snd.maxautovchans=4
This example allocates four virtual channels, which is a
practical number for everyday use. Both
dev.pcm.0.play.vchans=4
and
dev.pcm.0.rec.vchans=4
are configurable
after a device has been attached and represent the number of
virtual channels pcm0
has for playback
and recording. Since the pcm
module can
be loaded independently of the hardware drivers,
hw.snd.maxautovchans
indicates how many
virtual channels will be given to an audio device when it is
attached. Refer to pcm(4) for more information.
The number of virtual channels for a device cannot be changed while it is in use. First, close any programs using the device, such as music players or sound daemons.
The correct pcm
device will
automatically be allocated transparently to a program that
requests /dev/dsp0
.
The default values for the different mixer channels are
hardcoded in the source code of the pcm(4) driver. While
sound card mixer levels can be changed using mixer(8) or
third-party applications and daemons, this is not a permanent
solution. To instead set default mixer values at the driver
level, define the appropriate values in
/boot/device.hints
, as seen in this
example:
hint.pcm.0.vol="50"
This will set the volume channel to a default value of
50
when the pcm(4) module is
loaded.
This section describes some MP3 players available for FreeBSD, how to rip audio CD tracks, and how to encode and decode MP3s.
A popular graphical MP3 player is Audacious. It supports Winamp skins and additional plugins. The interface is intuitive, with a playlist, graphic equalizer, and more. Those familiar with Winamp will find Audacious simple to use. On FreeBSD, Audacious can be installed from the multimedia/audacious port or package. Audacious is a descendant of XMMS.
The audio/mpg123 package or port provides an alternative, command-line MP3 player. Once installed, specify the MP3 file to play on the command line. If the system has multiple audio devices, the sound device can also be specified:
#
mpg123
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3 version 1.18.1; written and copyright by Michael Hipp and others free software (LGPL) without any warranty but with best wishes Playing MPEG stream from Foobar-GreatestHits.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo-a /dev/dsp1.0 Foobar-GreatestHits.mp3
Additional MP3 players are available in the FreeBSD Ports Collection.
Before encoding a CD or CD track to MP3, the audio data on the CD must be ripped to the hard drive. This is done by copying the raw CD Digital Audio (CDDA) data to WAV files.
The cdda2wav
tool, which is installed
with the sysutils/cdrtools suite, can be
used to rip audio information from
CDs.
With the audio CD in the drive, the
following command can be issued as
root
to rip an
entire CD into individual, per track,
WAV files:
#
cdda2wav -D
0,1,0
-B
In this example, the
-D
indicates
the SCSI device 0,1,0
0,1,0
containing the CD to rip. Use
cdrecord -scanbus
to determine the correct
device parameters for the system.
To rip individual tracks, use -t
to
specify the track:
#
cdda2wav -D
0,1,0
-t 7
To rip a range of tracks, such as track one to seven, specify a range:
#
cdda2wav -D
0,1,0
-t 1+7
To rip from an ATAPI (IDE) CDROM drive, specify the device name in place of the SCSI unit numbers. For example, to rip track 7 from an IDE drive:
#
cdda2wav -D
/dev/acd0 -t 7
Alternately, dd
can be used to extract
audio tracks on ATAPI drives, as described
in Section 17.5.5, “Duplicating Audio CDs”.
Lame is a popular MP3 encoder which can be installed from the audio/lame port. Due to patent issues, a package is not available.
The following command will convert the ripped
WAV file
to
audio01.wav
:audio01.mp3
#
lame -h -b
128
--tt "Foo Song Title
" --ta "FooBar Artist
" --tl "FooBar Album
" \ --ty "2014
" --tc "Ripped and encoded by Foo
" --tg "Genre
"audio01.wav audio01.mp3
The specified 128 kbits is a standard
MP3 bitrate while the 160 and 192 bitrates
provide higher quality. The higher the bitrate, the larger
the size of the resulting MP3. The
-h
turns on the
“higher quality but a little slower”
mode. The options beginning with --t
indicate ID3 tags, which usually contain
song information, to be embedded within the
MP3 file. Additional encoding options can
be found in the lame manual
page.
In order to burn an audio CD from MP3s, they must first be converted to a non-compressed file format. XMMS can be used to convert to the WAV format, while mpg123 can be used to convert to the raw Pulse-Code Modulation (PCM) audio data format.
To convert audio01.mp3
using
mpg123, specify the name of the
PCM file:
#
mpg123 -s
audio01.mp3
>audio01.pcm
To use XMMS to convert a MP3 to WAV format, use these steps:
Launch XMMS.
Right-click the window to bring up the XMMS menu.
Select Preferences
under
Options
.
Change the Output Plugin to “Disk Writer Plugin”.
Press Configure
.
Enter or browse to a directory to write the uncompressed files to.
Load the MP3 file into XMMS as usual, with volume at 100% and EQ settings turned off.
Press Play
. The
XMMS will appear as if it is
playing the MP3, but no music will be
heard. It is actually playing the MP3
to a file.
When finished, be sure to set the default Output Plugin back to what it was before in order to listen to MP3s again.
Both the WAV and PCM formats can be used with cdrecord. When using WAV files, there will be a small tick sound at the beginning of each track. This sound is the header of the WAV file. The audio/sox port or package can be used to remove the header:
%
sox -t wav -r 44100 -s -w -c 2
track.wav track.raw
Refer to Section 17.5, “Creating and Using CD Media” for more information on using a CD burner in FreeBSD.
Before configuring video playback, determine the model and
chipset of the video card. While
Xorg supports a wide variety of
video cards, not all provide good playback performance. To
obtain a list of extensions supported by the
Xorg server using the card, run
xdpyinfo
while
Xorg is running.
It is a good idea to have a short MPEG test file for
evaluating various players and options. Since some
DVD applications look for
DVD media in /dev/dvd
by
default, or have this device name hardcoded in them, it might be
useful to make a symbolic link to the proper device:
#
ln -sf /dev/cd0 /dev/dvd
Due to the nature of devfs(5), manually created links
will not persist after a system reboot. In order to recreate
the symbolic link automatically when the system boots, add the
following line to /etc/devfs.conf
:
link cd0 dvd
DVD decryption invokes certain functions that require write permission to the DVD device.
To enhance the shared memory Xorg interface, it is recommended to increase the values of these sysctl(8) variables:
kern.ipc.shmmax=67108864 kern.ipc.shmall=32768
There are several possible ways to display video under Xorg and what works is largely hardware dependent. Each method described below will have varying quality across different hardware.
Common video interfaces include:
Xorg: normal output using shared memory.
XVideo: an extension to the Xorg interface which allows video to be directly displayed in drawable objects through a special acceleration. This extension provides good quality playback even on low-end machines. The next section describes how to determine if this extension is running.
SDL: the Simple Directmedia Layer is a porting layer for many operating systems, allowing cross-platform applications to be developed which make efficient use of sound and graphics. SDL provides a low-level abstraction to the hardware which can sometimes be more efficient than the Xorg interface. On FreeBSD, SDL can be installed using the devel/sdl20 package or port.
DGA: the Direct Graphics Access is
an Xorg extension which
allows a program to bypass the
Xorg server and directly
alter the framebuffer. Because it relies on a low level
memory mapping, programs using it must be run as
root
. The
DGA extension can be tested and
benchmarked using dga(1). When
dga
is running, it changes the colors
of the display whenever a key is pressed. To quit, press
q.
SVGAlib: a low level console graphics layer.
To check whether this extension is running, use
xvinfo
:
%
xvinfo
XVideo is supported for the card if the result is similar to:
X-Video Extension version 2.2 screen #0 Adaptor #0: "Savage Streams Engine" number of ports: 1 port base: 43 operations supported: PutImage supported visuals: depth 16, visualID 0x22 depth 16, visualID 0x23 number of attributes: 5 "XV_COLORKEY" (range 0 to 16777215) client settable attribute client gettable attribute (current value is 2110) "XV_BRIGHTNESS" (range -128 to 127) client settable attribute client gettable attribute (current value is 0) "XV_CONTRAST" (range 0 to 255) client settable attribute client gettable attribute (current value is 128) "XV_SATURATION" (range 0 to 255) client settable attribute client gettable attribute (current value is 128) "XV_HUE" (range -180 to 180) client settable attribute client gettable attribute (current value is 0) maximum XvImage size: 1024 x 1024 Number of image formats: 7 id: 0x32595559 (YUY2) guid: 59555932-0000-0010-8000-00aa00389b71 bits per pixel: 16 number of planes: 1 type: YUV (packed) id: 0x32315659 (YV12) guid: 59563132-0000-0010-8000-00aa00389b71 bits per pixel: 12 number of planes: 3 type: YUV (planar) id: 0x30323449 (I420) guid: 49343230-0000-0010-8000-00aa00389b71 bits per pixel: 12 number of planes: 3 type: YUV (planar) id: 0x36315652 (RV16) guid: 52563135-0000-0000-0000-000000000000 bits per pixel: 16 number of planes: 1 type: RGB (packed) depth: 0 red, green, blue masks: 0x1f, 0x3e0, 0x7c00 id: 0x35315652 (RV15) guid: 52563136-0000-0000-0000-000000000000 bits per pixel: 16 number of planes: 1 type: RGB (packed) depth: 0 red, green, blue masks: 0x1f, 0x7e0, 0xf800 id: 0x31313259 (Y211) guid: 59323131-0000-0010-8000-00aa00389b71 bits per pixel: 6 number of planes: 3 type: YUV (packed) id: 0x0 guid: 00000000-0000-0000-0000-000000000000 bits per pixel: 0 number of planes: 0 type: RGB (packed) depth: 1 red, green, blue masks: 0x0, 0x0, 0x0
The formats listed, such as YUV2 and YUV12, are not present with every implementation of XVideo and their absence may hinder some players.
If the result instead looks like:
X-Video Extension version 2.2 screen #0 no adaptors present
XVideo is probably not supported for the card. This means that it will be more difficult for the display to meet the computational demands of rendering video, depending on the video card and processor.
This section introduces some of the software available from the FreeBSD Ports Collection which can be used for video playback.
MPlayer is a command-line video player with an optional graphical interface which aims to provide speed and flexibility. Other graphical front-ends to MPlayer are available from the FreeBSD Ports Collection.
MPlayer can be installed using the multimedia/mplayer package or port. Several compile options are available and a variety of hardware checks occur during the build process. For these reasons, some users prefer to build the port rather than install the package.
When compiling the port, the menu options should be reviewed to determine the type of support to compile into the port. If an option is not selected, MPlayer will not be able to display that type of video format. Use the arrow keys and spacebar to select the required formats. When finished, press Enter to continue the port compile and installation.
By default, the package or port will build the
mplayer
command line utility and the
gmplayer
graphical utility. To encode
videos, compile the multimedia/mencoder
port. Due to licensing restrictions, a package is not
available for MEncoder.
The first time MPlayer is
run, it will create ~/.mplayer
in the
user's home directory. This subdirectory contains default
versions of the user-specific configuration files.
This section describes only a few common uses. Refer to mplayer(1) for a complete description of its numerous options.
To play the file
,
specify the video interfaces with testfile.avi
-vo
, as
seen in the following examples:
%
mplayer -vo xv
testfile.avi
%
mplayer -vo sdl
testfile.avi
%
mplayer -vo x11
testfile.avi
#
mplayer -vo dga
testfile.avi
#
mplayer -vo 'sdl:dga'
testfile.avi
It is worth trying all of these options, as their relative performance depends on many factors and will vary significantly with hardware.
To play a DVD, replace
with testfile.avi
dvd://
, where
N
-dvd-device
DEVICE
N
is the title number to play and
DEVICE
is the device node for the
DVD. For example, to play title 3 from
/dev/dvd
:
#
mplayer -vo xv dvd://3 -dvd-device /dev/dvd
The default DVD device can be
defined during the build of the
MPlayer port by including the
WITH_DVD_DEVICE=/path/to/desired/device
option. By default, the device is
/dev/cd0
. More details can be found
in the port's
Makefile.options
.
To stop, pause, advance, and so on, use a keybinding.
To see the list of keybindings, run mplayer
-h
or read mplayer(1).
Additional playback options include -fs
-zoom
, which engages fullscreen mode, and
-framedrop
, which helps performance.
Each user can add commonly used options to their
~/.mplayer/config
like so:
vo=xv fs=yes zoom=yes
mplayer
can be used to rip a
DVD title to a .vob
.
To dump the second title from a
DVD:
#
mplayer -dumpstream -dumpfile out.vob dvd://2 -dvd-device /dev/dvd
The output file, out.vob
, will be
in MPEG format.
Anyone wishing to obtain a high level of expertise with UNIX® video should consult mplayerhq.hu/DOCS as it is technically informative. This documentation should be considered as required reading before submitting any bug reports.
Before using mencoder
, it is a good
idea to become familiar with the options described at mplayerhq.hu/DOCS/HTML/en/mencoder.html.
There are innumerable ways to improve quality, lower
bitrate, and change formats, and some of these options may
make the difference between good or bad performance.
Improper combinations of command line options can yield
output files that are unplayable even by
mplayer
.
Here is an example of a simple copy:
%
mencoder
input.avi
-oac copy -ovc copy -ooutput.avi
To rip to a file, use -dumpfile
with
mplayer
.
To convert
to
the MPEG4 codec with MPEG3 audio encoding, first install the
audio/lame port. Due to licensing
restrictions, a package is not available. Once installed,
type:input.avi
%
mencoder
input.avi
-oac mp3lame -lameopts br=192 \ -ovc lavc -lavcopts vcodec=mpeg4:vhq -ooutput.avi
This will produce output playable by applications such
as mplayer
and
xine
.
can be replaced with input.avi
dvd://1 -dvd-device
/dev/dvd
and run as root
to re-encode a
DVD title directly. Since it may take a
few tries to get the desired result, it is recommended to
instead dump the title to a file and to work on the
file.
xine is a video player with a reusable base library and a modular executable which can be extended with plugins. It can be installed using the multimedia/xine package or port.
In practice, xine requires either a fast CPU with a fast video card, or support for the XVideo extension. The xine video player performs best on XVideo interfaces.
By default, the xine player starts a graphical user interface. The menus can then be used to open a specific file.
Alternatively, xine may be invoked from the command line by specifying the name of the file to play:
%
xine -g -p
mymovie.avi
Refer to xine-project.org/faq for more information and troubleshooting tips.
Transcode provides a suite of tools for re-encoding video and audio files. Transcode can be used to merge video files or repair broken files using command line tools with stdin/stdout stream interfaces.
In FreeBSD, Transcode can be installed using the multimedia/transcode package or port. Many users prefer to compile the port as it provides a menu of compile options for specifying the support and codecs to compile in. If an option is not selected, Transcode will not be able to encode that format. Use the arrow keys and spacebar to select the required formats. When finished, press Enter to continue the port compile and installation.
This example demonstrates how to convert a DivX file into a PAL MPEG-1 file (PAL VCD):
%
transcode -i
input.avi
-V --export_prof vcd-pal -o output_vcd%
mplex -f 1 -o
output_vcd.mpg output_vcd.m1v output_vcd.mpa
The resulting MPEG file,
,
is ready to be played with
MPlayer. The file can be burned
on a CD media to create a video
CD using a utility such as
multimedia/vcdimager or
sysutils/cdrdao.output_vcd.mpg
In addition to the manual page for
transcode
, refer to transcoding.org/cgi-bin/transcode
for further information and examples.
TV cards can be used to watch broadcast or cable TV on a computer. Most cards accept composite video via an RCA or S-video input and some cards include a FM radio tuner.
FreeBSD provides support for PCI-based TV cards using a Brooktree Bt848/849/878/879 video capture chip with the bktr(4) driver. This driver supports most Pinnacle PCTV video cards. Before purchasing a TV card, consult bktr(4) for a list of supported tuners.
In order to use the card, the bktr(4) driver must be
loaded. To automate this at boot time, add the following line
to /boot/loader.conf
:
bktr_load="YES"
Alternatively, one can statically compile support for the TV card into a custom kernel. In that case, add the following lines to the custom kernel configuration file:
device bktr device iicbus device iicbb device smbus
These additional devices are necessary as the card components are interconnected via an I2C bus. Then, build and install a new kernel.
To test that the tuner is correctly detected, reboot the system. The TV card should appear in the boot messages, as seen in this example:
bktr0: <BrookTree 848A> mem 0xd7000000-0xd7000fff irq 10 at device 10.0 on pci0 iicbb0: <I2C bit-banging driver> on bti2c0 iicbus0: <Philips I2C bus> on iicbb0 master-only iicbus1: <Philips I2C bus> on iicbb0 master-only smbus0: <System Management Bus> on bti2c0 bktr0: Pinnacle/Miro TV, Philips SECAM tuner.
The messages will differ according to the hardware. If necessary, it is possible to override some of the detected parameters using sysctl(8) or custom kernel configuration options. For example, to force the tuner to a Philips SECAM tuner, add the following line to a custom kernel configuration file:
options OVERRIDE_TUNER=6
or, use sysctl(8):
#
sysctl hw.bt848.tuner=6
Refer to bktr(4) for a description of the available sysctl(8) parameters and kernel options.
To use the TV card, install one of the following applications:
multimedia/fxtv provides TV-in-a-window and image/audio/video capture capabilities.
multimedia/xawtv is another TV application with similar features.
audio/xmradio provides an application for using the FM radio tuner of a TV card.
More applications are available in the FreeBSD Ports Collection.
If any problems are encountered with the TV card, check that the video capture chip and the tuner are supported by bktr(4) and that the right configuration options were used. For more support or to ask questions about supported TV cards, refer to the freebsd-multimedia mailing list.
MythTV is a popular, open source Personal Video Recorder (PVR) application. This section demonstrates how to install and setup MythTV on FreeBSD. Refer to mythtv.org/wiki for more information on how to use MythTV.
MythTV requires a frontend and a backend. These components can either be installed on the same system or on different machines.
The frontend can be installed on FreeBSD using the multimedia/mythtv-frontend package or port. Xorg must also be installed and configured as described in Chapter 5, The X Window System. Ideally, this system has a video card that supports X-Video Motion Compensation (XvMC) and, optionally, a Linux Infrared Remote Control (LIRC)-compatible remote.
To install both the backend and the frontend on FreeBSD, use the multimedia/mythtv package or port. A MySQL™ database server is also required and should automatically be installed as a dependency. Optionally, this system should have a tuner card and sufficient storage to hold recorded data.
MythTV uses Video for Linux (V4L) to access video input devices such as encoders and tuners. In FreeBSD, MythTV works best with USB DVB-S/C/T cards as they are well supported by the multimedia/webcamd package or port which provides a V4L userland application. Any Digital Video Broadcasting (DVB) card supported by webcamd should work with MythTV. A list of known working cards can be found at wiki.freebsd.org/WebcamCompat. Drivers are also available for Hauppauge cards in the multimedia/pvr250 and multimedia/pvrxxx ports, but they provide a non-standard driver interface that does not work with versions of MythTV greater than 0.23. Due to licensing restrictions, no packages are available and these two ports must be compiled.
The wiki.freebsd.org/HTPC page contains a list of all available DVB drivers.
To install MythTV using binary packages:
#
pkg install mythtv
Alternatively, to install from the Ports Collection:
#
cd /usr/ports/multimedia/mythtv
#
make install
Once installed, set up the MythTV database:
#
mysql -uroot -p < /usr/local/share/mythtv/database/mc.sql
Then, configure the backend:
#
mythtv-setup
Finally, start the backend:
#
sysrc mythbackend_enable=yes
#
service mythbackend start
In FreeBSD, access to image scanners is provided by SANE (Scanner Access Now Easy), which is available in the FreeBSD Ports Collection. SANE will also use some FreeBSD device drivers to provide access to the scanner hardware.
FreeBSD supports both SCSI and USB scanners. Depending upon the scanner interface, different device drivers are required. Be sure the scanner is supported by SANE prior to performing any configuration. Refer to http://www.sane-project.org/sane-supported-devices.html for more information about supported scanners.
This chapter describes how to determine if the scanner has been detected by FreeBSD. It then provides an overview of how to configure and use SANE on a FreeBSD system.
The GENERIC
kernel includes the
device drivers needed to support USB
scanners. Users with a custom kernel should ensure that the
following lines are present in the custom kernel configuration
file:
device usb device uhci device ohci device ehci device xhci
To determine if the USB scanner is
detected, plug it in and use dmesg
to
determine whether the scanner appears in the system message
buffer. If it does, it should display a message similar to
this:
ugen0.2: <EPSON> at usbus0
In this example, an EPSON
Perfection® 1650
USB scanner was detected on
/dev/ugen0.2
.
If the scanner uses a SCSI interface,
it is important to know which SCSI
controller board it will use. Depending upon the
SCSI chipset, a custom kernel configuration
file may be needed. The GENERIC
kernel
supports the most common SCSI controllers.
Refer to /usr/src/sys/conf/NOTES
to
determine the correct line to add to a custom kernel
configuration file. In addition to the
SCSI adapter driver, the following lines
are needed in a custom kernel configuration file:
device scbus device pass
Verify that the device is displayed in the system message buffer:
pass2 at aic0 bus 0 target 2 lun 0 pass2: <AGFA SNAPSCAN 600 1.10> Fixed Scanner SCSI-2 device pass2: 3.300MB/s transfers
If the scanner was not powered-on at system boot, it is
still possible to manually force detection by performing a
SCSI bus scan with
camcontrol
:
#
camcontrol rescan all
Re-scan of bus 0 was successful Re-scan of bus 1 was successful Re-scan of bus 2 was successful Re-scan of bus 3 was successful
The scanner should now appear in the SCSI devices list:
#
camcontrol devlist
<IBM DDRS-34560 S97B> at scbus0 target 5 lun 0 (pass0,da0) <IBM DDRS-34560 S97B> at scbus0 target 6 lun 0 (pass1,da1) <AGFA SNAPSCAN 600 1.10> at scbus1 target 2 lun 0 (pass3) <PHILIPS CDD3610 CD-R/RW 1.00> at scbus2 target 0 lun 0 (pass2,cd0)
Refer to scsi(4) and camcontrol(8) for more details about SCSI devices on FreeBSD.
The SANE system provides the access to the scanner via backends (graphics/sane-backends). Refer to http://www.sane-project.org/sane-supported-devices.html to determine which backend supports the scanner. A graphical scanning interface is provided by third party applications like Kooka (graphics/kooka) or XSane (graphics/xsane). SANE's backends are enough to test the scanner.
To install the backends from binary package:
#
pkg install sane-backends
Alternatively, to install from the Ports Collection
#
cd /usr/ports/graphics/sane-backends
#
make install clean
After installing the
graphics/sane-backends port or package, use
sane-find-scanner
to check the scanner
detection by the SANE
system:
#
sane-find-scanner -q
found SCSI scanner "AGFA SNAPSCAN 600 1.10" at /dev/pass3
The output should show the interface type of the scanner and the device node used to attach the scanner to the system. The vendor and the product model may or may not appear.
Some USB scanners require firmware to be loaded. Refer to sane-find-scanner(1) and sane(7) for details.
Next, check if the scanner will be identified by a
scanning frontend. The SANE
backends include scanimage
which can be
used to list the devices and perform an image acquisition.
Use -L
to list the scanner devices. The
first example is for a SCSI scanner and the
second is for a USB scanner:
#
scanimage -L
device `snapscan:/dev/pass3' is a AGFA SNAPSCAN 600 flatbed scanner#
scanimage -L
device 'epson2:libusb:000:002' is a Epson GT-8200 flatbed scanner
In this second example,
epson2
is
the backend name and
libusb:000:002
means
/dev/ugen0.2
is the device node used by the
scanner.
If scanimage
is unable to identify the
scanner, this message will appear:
#
scanimage -L
No scanners were identified. If you were expecting something different, check that the scanner is plugged in, turned on and detected by the sane-find-scanner tool (if appropriate). Please read the documentation which came with this software (README, FAQ, manpages).
If this happens, edit the backend configuration file in
/usr/local/etc/sane.d/
and define the
scanner device used. For example, if the undetected scanner
model is an EPSON
Perfection® 1650 and it uses the
epson2
backend, edit
/usr/local/etc/sane.d/epson2.conf
. When
editing, add a line specifying the interface and the device
node used. In this case, add the following line:
usb /dev/ugen0.2
Save the edits and verify that the scanner is identified with the right backend name and the device node:
#
scanimage -L
device 'epson2:libusb:000:002' is a Epson GT-8200 flatbed scanner
Once scanimage -L
sees the scanner, the
configuration is complete and the scanner is now ready to
use.
While scanimage
can be used to perform
an image acquisition from the command line, it is often
preferable to use a graphical interface to perform image
scanning. Applications like Kooka
or XSane are popular scanning
frontends. They
offer advanced features such as various scanning modes, color
correction, and batch scans. XSane
is also usable as a GIMP plugin.
In order to have access to the scanner, a user needs read
and write permissions to the device node used by the scanner.
In the previous example, the USB scanner
uses the device node /dev/ugen0.2
which
is really a symlink to the real device node
/dev/usb/0.2.0
. The symlink and the
device node are owned, respectively, by the wheel
and operator
groups. While
adding the user to these groups will allow access to the
scanner, it is considered insecure to add a user to
wheel
. A better
solution is to create a group and make the scanner device
accessible to members of this group.
This example creates a group called
:usb
#
pw groupadd usb
Then, make the /dev/ugen0.2
symlink
and the /dev/usb/0.2.0
device node
accessible to the usb
group with write
permissions of 0660
or
0664
by adding the following lines to
/etc/devfs.rules
:
[system=5] add path ugen0.2 mode 0660 group usb add path usb/0.2.0 mode 0666 group usb
It happens the device node changes with the addition or removal of devices, so one may want to give access to all USB devices using this ruleset instead:
[system=5] add path 'ugen*' mode 0660 group usb add path 'usb/*' mode 0666 group usb
Refer to devfs.rules(5) for more information about this file.
Next, enable the ruleset in /etc/rc.conf:
devfs_system_ruleset="system"
And, restart the devfs(8) system:
#
service devfs restart
Finally, add the users to
in order to allow access to the scanner:usb
#
pw groupmod usb -m
joe
For more details refer to pw(8).
The kernel is the core of the FreeBSD operating system. It is responsible for managing memory, enforcing security controls, networking, disk access, and much more. While much of FreeBSD is dynamically configurable, it is still occasionally necessary to configure and compile a custom kernel.
After reading this chapter, you will know:
When to build a custom kernel.
How to take a hardware inventory.
How to customize a kernel configuration file.
How to use the kernel configuration file to create and build a new kernel.
How to install the new kernel.
How to troubleshoot if things go wrong.
All of the commands listed in the examples in this chapter
should be executed as root
.
Traditionally, FreeBSD used a monolithic kernel. The kernel was one large program, supported a fixed list of devices, and in order to change the kernel's behavior, one had to compile and then reboot into a new kernel.
Today, most of the functionality in the FreeBSD kernel is contained in modules which can be dynamically loaded and unloaded from the kernel as necessary. This allows the running kernel to adapt immediately to new hardware and for new functionality to be brought into the kernel. This is known as a modular kernel.
Occasionally, it is still necessary to perform static kernel configuration. Sometimes the needed functionality is so tied to the kernel that it can not be made dynamically loadable. Some security environments prevent the loading and unloading of kernel modules and require that only needed functionality is statically compiled into the kernel.
Building a custom kernel is often a rite of passage for
advanced BSD users. This process, while time consuming, can
provide benefits to the FreeBSD system. Unlike the
GENERIC
kernel, which must support a wide
range of hardware, a custom kernel can be stripped down to only
provide support for that computer's hardware. This has a number
of benefits, such as:
Faster boot time. Since the kernel will only probe the hardware on the system, the time it takes the system to boot can decrease.
Lower memory usage. A custom kernel often uses less
memory than the GENERIC
kernel by
omitting unused features and device drivers. This is
important because the kernel code remains resident in
physical memory at all times, preventing that memory from
being used by applications. For this reason, a custom
kernel is useful on a system with a small amount of
RAM.
Additional hardware support. A custom kernel can add
support for devices which are not present in the
GENERIC
kernel.
Before building a custom kernel, consider the reason for doing so. If there is a need for specific hardware support, it may already exist as a module.
Kernel modules exist in /boot/kernel
and may be dynamically loaded into the running kernel using
kldload(8). Most kernel drivers have a loadable module and
manual page. For example, the ath(4) wireless Ethernet
driver has the following information in its manual page:
Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): if_ath_load="YES"
Adding if_ath_load="YES"
to
/boot/loader.conf
will load this module
dynamically at boot time.
In some cases, there is no associated module in
/boot/kernel
. This is mostly true for
certain subsystems.
Before editing the kernel configuration file, it is recommended to perform an inventory of the machine's hardware. On a dual-boot system, the inventory can be created from the other operating system. For example, Microsoft®'s Device Manager contains information about installed devices.
Some versions of Microsoft® Windows® have a System icon which can be used to access Device Manager.
If FreeBSD is the only installed operating system, use dmesg(8) to determine the hardware that was found and listed during the boot probe. Most device drivers on FreeBSD have a manual page which lists the hardware supported by that driver. For example, the following lines indicate that the psm(4) driver found a mouse:
psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: [ITHREAD] psm0: model Generic PS/2 mouse, device ID 0
Since this hardware exists, this driver should not be removed from a custom kernel configuration file.
If the output of dmesg
does not display
the results of the boot probe output, instead read the contents
of /var/run/dmesg.boot
.
Another tool for finding hardware is pciconf(8), which provides more verbose output. For example:
%
pciconf -lv
ath0@pci0:3:0:0: class=0x020000 card=0x058a1014 chip=0x1014168c rev=0x01 hdr=0x00 vendor = 'Atheros Communications Inc.' device = 'AR5212 Atheros AR5212 802.11abg wireless' class = network subclass = ethernet
This output shows that the ath
driver
located a wireless Ethernet device.
The -k
flag of man(1) can be used to
provide useful information. For example, it can be
used to display a list of manual pages which contain a
particular device brand or name:
#
man -k
ath(4) - Atheros IEEE 802.11 wireless network driver ath_hal(4) - Atheros Hardware Access Layer (HAL)Atheros
Once the hardware inventory list is created, refer to it to ensure that drivers for installed hardware are not removed as the custom kernel configuration is edited.
In order to create a custom kernel configuration file and build a custom kernel, the full FreeBSD source tree must first be installed.
If /usr/src/
does not exist or it is
empty, source has not been installed. Source can be installed
using Subversion and the instructions
in Section A.3, “Using Subversion”.
Once source is installed, review the contents of
/usr/src/sys
. This directory contains a
number of subdirectories, including those which represent the
following supported architectures: amd64
,
i386
,
powerpc
, and
sparc64
. Everything inside a particular
architecture's directory deals with that architecture only and
the rest of the code is machine independent code common to all
platforms. Each supported architecture has a
conf
subdirectory which contains the
GENERIC
kernel configuration file for that
architecture.
Do not make edits to GENERIC
. Instead,
copy the file to a different name and make edits to the copy.
The convention is to use a name with all capital letters. When
maintaining multiple FreeBSD machines with different hardware, it
is a good idea to name it after the machine's hostname. This
example creates a copy, named MYKERNEL
, of
the GENERIC
configuration file for the
amd64
architecture:
#
cd /usr/src/sys/
amd64
/conf#
cp GENERIC
MYKERNEL
can
now be customized with any ASCII text editor.
The default editor is vi, though an
easier editor for beginners, called
ee, is also installed with
FreeBSD.MYKERNEL
The format of the kernel configuration file is simple.
Each line contains a keyword that represents a device or
subsystem, an argument, and a brief description. Any text
after a #
is considered a comment and
ignored. To remove kernel support for a device or subsystem,
put a #
at the beginning of the line
representing that device or subsystem. Do not add or remove a
#
for any line that you do not
understand.
It is easy to remove support for a device or option and end up with a broken kernel. For example, if the ata(4) driver is removed from the kernel configuration file, a system using ATA disk drivers may not boot. When in doubt, just leave support in the kernel.
In addition to the brief descriptions provided in this file,
additional descriptions are contained in
NOTES
, which can be found in the same
directory as GENERIC
for that architecture.
For architecture independent options, refer to
/usr/src/sys/conf/NOTES
.
When finished customizing the kernel configuration file,
save a backup copy to a location outside of
/usr/src
.
Alternately, keep the kernel configuration file elsewhere and create a symbolic link to the file:
#
cd /usr/src/sys/amd64/conf
#
mkdir /root/kernels
#
cp GENERIC /root/kernels/MYKERNEL
#
ln -s /root/kernels/MYKERNEL
An include
directive is available for use
in configuration files. This allows another configuration file
to be included in the current one, making it easy to maintain
small changes relative to an existing file. If only a small
number of additional options or drivers are required, this
allows a delta to be maintained with respect to
GENERIC
, as seen in this example:
include GENERIC ident MYKERNEL options IPFIREWALL options DUMMYNET options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT
Using this method, the local configuration file expresses
local differences from a GENERIC
kernel.
As upgrades are performed, new features added to
GENERIC
will also be added to the local
kernel unless they are specifically prevented using
nooptions
or nodevice
. A
comprehensive list of configuration directives and their
descriptions may be found in config(5).
To build a file which contains all available options,
run the following command as root
:
#
cd /usr/src/sys/
arch
/conf && make LINT
Once the edits to the custom configuration file have been saved, the source code for the kernel can be compiled using the following steps:
Change to this directory:
#
cd /usr/src
Compile the new kernel by specifying the name of the custom kernel configuration file:
#
make buildkernel KERNCONF=
MYKERNEL
Install the new kernel associated with the specified
kernel configuration file. This command will copy the new
kernel to /boot/kernel/kernel
and save
the old kernel to
/boot/kernel.old/kernel
:
#
make installkernel KERNCONF=
MYKERNEL
Shutdown the system and reboot into the new kernel. If something goes wrong, refer to The kernel does not boot.
By default, when a custom kernel is compiled, all kernel
modules are rebuilt. To update a kernel faster or to build
only custom modules, edit /etc/make.conf
before starting to build the kernel.
For example, this variable specifies the list of modules to build instead of using the default of building all modules:
MODULES_OVERRIDE = linux acpi
Alternately, this variable lists which modules to exclude from the build process:
WITHOUT_MODULES = linux acpi sound
Additional variables are available. Refer to make.conf(5) for details.
There are four categories of trouble that can occur when building a custom kernel:
config
failsIf config
fails, it will print the
line number that is incorrect. As an example, for the
following message, make sure that line 17 is typed
correctly by comparing it to GENERIC
or NOTES
:
config: line 17: syntax error
make
failsIf make
fails, it is usually due to
an error in the kernel configuration file which is not
severe enough for config
to catch.
Review the configuration, and if the problem is not
apparent, send an email to the FreeBSD general questions mailing list which
contains the kernel configuration file.
If the new kernel does not boot or fails to recognize
devices, do not panic! Fortunately, FreeBSD has an excellent
mechanism for recovering from incompatible kernels.
Simply choose the kernel to boot from at the FreeBSD boot
loader. This can be accessed when the system boot menu
appears by selecting the “Escape to a loader
prompt” option. At the prompt, type
boot
, or the
name of any other kernel that is known to boot
properly.kernel.old
After booting with a good kernel, check over the
configuration file and try to build it again. One helpful
resource is /var/log/messages
which
records the kernel messages from every successful boot.
Also, dmesg(8) will print the kernel messages from
the current boot.
When troubleshooting a kernel, make sure to keep
a copy of GENERIC
, or some other
kernel that is known to work, as a different name that
will not get erased on the next build. This is
important because every time a new kernel is installed,
kernel.old
is overwritten with the
last installed kernel, which may or may not be bootable.
As soon as possible, move the working kernel by renaming
the directory containing the good kernel:
#
mv /boot/kernel
/boot/kernel.bad
#
mv /boot/
kernel.good
/boot/kernel
If the kernel version differs from the one that the system utilities have been built with, for example, a kernel built from -CURRENT sources is installed on a -RELEASE system, many system status commands like ps(1) and vmstat(8) will not work. To fix this, recompile and install a world built with the same version of the source tree as the kernel. It is never a good idea to use a different version of the kernel than the rest of the operating system.
Putting information on paper is a vital function, despite many attempts to eliminate it. Printing has two basic components. The data must be delivered to the printer, and must be in a form that the printer can understand.
Basic printing can be set up quickly. The printer must be capable of printing plain ASCII text. For printing to other types of files, see Section 9.5.3, “Filters”.
Create a directory to store files while they are being printed:
#
mkdir -p /var/spool/lpd/lp
#
chown daemon:daemon /var/spool/lpd/lp
#
chmod 770 /var/spool/lpd/lp
As root
,
create /etc/printcap
with these
contents:
lp:\:lp=/dev/unlpt0:\
:sh:\ :mx#0:\ :sd=/var/spool/lpd/lp:\ :lf=/var/log/lpd-errs:
Enable lpd
by editing
/etc/rc.conf
, adding this line:
lpd_enable="YES"
Start the service:
#
service lpd start
Starting lpd.
Print a test:
#
printf "1. This printer can print.\n2. This is the second line.\n" | lpr
If both lines do not start at the left border, but “stairstep” instead, see Section 9.5.3.1, “Preventing Stairstepping on Plain Text Printers”.
Text files can now be printed with
lpr
. Give the filename on the command
line, or pipe output directly into
lpr
.
%
lpr textfile.txt
%
ls -lh | lpr
Printers are connected to computer systems in a variety of ways. Small desktop printers are usually connected directly to a computer's USB port. Older printers are connected to a parallel or “printer” port. Some printers are directly connected to a network, making it easy for multiple computers to share them. A few printers use a rare serial port connection.
FreeBSD can communicate with all of these types of printers.
USB printers can be connected to any available USB port on the computer.
When FreeBSD detects a USB printer,
two device entries are created:
/dev/ulpt0
and
/dev/unlpt0
. Data sent to either
device will be relayed to the printer. After each print
job, ulpt0
resets the
USB port. Resetting the port can cause
problems with some printers, so the
unlpt0
device is usually used
instead. unlpt0
does not reset the
USB port at all.
The parallel port device is
/dev/lpt0
. This device appears
whether a printer is attached or not, it is not
autodetected.
Vendors have largely moved away from these “legacy” ports, and many computers no longer have them. Adapters can be used to connect a parallel printer to a USB port. With such an adapter, the printer can be treated as if it were actually a USB printer. Devices called print servers can also be used to connect parallel printers directly to a network.
Serial ports are another legacy port, rarely used for printers except in certain niche applications. Cables, connectors, and required wiring vary widely.
For serial ports built into a motherboard, the serial
device name is /dev/cuau0
or
/dev/cuau1
. Serial
USB adapters can also be used, and
these will appear as
/dev/cuaU
.0
Several communication parameters must be known to communicate with a serial printer. The most important are baud rate or BPS (Bits Per Second) and parity. Values vary, but typical serial printers use a baud rate of 9600 and no parity.
Network printers are connected directly to the local computer network.
The DNS hostname of the printer must be known. If the printer is assigned a dynamic address by DHCP, DNS should be dynamically updated so that the host name always has the correct IP address. Network printers are often given static IP addresses to avoid this problem.
Most network printers understand print jobs sent with
the LPD protocol. A print queue name
can also be specified. Some printers process data
differently depending on which queue is used. For
example, a raw
queue prints the data
unchanged, while the text
queue adds
carriage returns to plain text.
Many network printers can also print data sent directly to port 9100.
Wired network connections are usually the easiest to set up and give the fastest printing. For direct connection to the computer, USB is preferred for speed and simplicity. Parallel connections work but have limitations on cable length and speed. Serial connections are more difficult to configure. Cable wiring differs between models, and communication parameters like baud rate and parity bits must add to the complexity. Fortunately, serial printers are rare.
Data sent to a printer must be in a language that the printer can understand. These languages are called Page Description Languages, or PDLs.
Plain ASCII text is the simplest
way to send data to a printer. Characters correspond one
to one with what will be printed: an A
in the data prints an A
on the page.
Very little formatting is available. There is no way to
select a font or proportional spacing. The forced
simplicity of plain ASCII means that
text can be printed straight from the computer with little
or no encoding or translation. The printed output
corresponds directly with what was sent.
Some inexpensive printers cannot print plain ASCII text. This makes them more difficult to set up, but it is usually still possible.
PostScript® is almost the opposite of ASCII. Rather than simple text, a PostScript® program is a set of instructions that draw the final document. Different fonts and graphics can be used. However, this power comes at a price. The program that draws the page must be written. Usually this program is generated by application software, so the process is invisible to the user.
Inexpensive printers sometimes leave out PostScript® compatibility as a cost-saving measure.
PCL is an extension of ASCII, adding escape sequences for formatting, font selection, and printing graphics. Many printers provide PCL5 support. Some support the newer PCL6 or PCLXL. These later versions are supersets of PCL5 and can provide faster printing.
Manufacturers can reduce the cost of a printer by giving it a simple processor and very little memory. These printers are not capable of printing plain text. Instead, bitmaps of text and graphics are drawn by a driver on the host computer and then sent to the printer. These are called host-based printers.
Communication between the driver and a host-based printer is often through proprietary or undocumented protocols, making them functional only on the most common operating systems.
Many applications from the Ports Collection and FreeBSD utilities produce PostScript® output. This table shows the utilities available to convert that into other common PDLs:
Output PDL | Generated By | Notes |
---|---|---|
PCL or PCL5 | print/ghostscript9-base | -sDEVICE=ljet4 for monochrome,
-sDEVICE=cljet5 for color |
PCLXL or PCL6 | print/ghostscript9-base | -sDEVICE=pxlmono for
monochrome, -sDEVICE=pxlcolor for
color |
ESC/P2 | print/ghostscript9-base | -sDEVICE=uniprint |
XQX | print/foo2zjs |
For the easiest printing, choose a printer that supports PostScript®. Printers that support PCL are the next preferred. With print/ghostscript9-base, these printers can be used as if they understood PostScript® natively. Printers that support PostScript® or PCL directly almost always support direct printing of plain ASCII text files also.
Line-based printers like typical inkjets usually do not support PostScript® or PCL. They often can print plain ASCII text files. print/ghostscript9-base supports the PDLs used by some of these printers. However, printing an entire graphic-based page on these printers is often very slow due to the large amount of data to be transferred and printed.
Host-based printers are often more difficult to set up. Some cannot be used at all because of proprietary PDLs. Avoid these printers when possible.
Descriptions of many PDLs can be found at http://www.undocprint.org/formats/page_description_languages. The particular PDL used by various models of printers can be found at http://www.openprinting.org/printers.
For occasional printing, files can be sent directly to a
printer device without any setup. For example, a file called
sample.txt
can be sent to a
USB printer:
#
cp sample.txt /dev/unlpt0
Direct printing to network printers depends on the
abilities of the printer, but most accept print jobs on port
9100, and nc(1) can be used with them. To print the
same file to a printer with the DNS
hostname of netlaser
:
#
nc
netlaser
9100 < sample.txt
Printing a file in the background is called spooling. A spooler allows the user to continue with other programs on the computer without waiting for the printer to slowly complete the print job.
FreeBSD includes a spooler called lpd(8). Print jobs are submitted with lpr(1).
A directory for storing print jobs is created, ownership is set, and the permissions are set to prevent other users from viewing the contents of those files:
#
mkdir -p /var/spool/lpd/lp
#
chown daemon:daemon /var/spool/lpd/lp
#
chmod 770 /var/spool/lpd/lp
Printers are defined in
/etc/printcap
. An entry for each printer
includes details like a name, the port where it is attached,
and various other settings. Create
/etc/printcap
with these contents:
lp:\:lp=/dev/unlpt0:\
:sh:\
:mx#0:\
:sd=/var/spool/lpd/lp:\
:lf=/var/log/lpd-errs:
The name of this printer. lpr(1) sends print
jobs to the | |||||||||||
The device where the printer is connected. Replace this line with the appropriate one for the connection type shown here.
| |||||||||||
Suppress the printing of a header page at the start of a print job. | |||||||||||
Do not limit the maximum size of a print job. | |||||||||||
The path to the spooling directory for this printer. Each printer uses its own spooling directory. | |||||||||||
The log file where errors on this printer will be reported. |
After creating /etc/printcap
, use
chkprintcap(8) to test it for errors:
#
chkprintcap
Fix any reported problems before continuing.
Enable lpd(8) in
/etc/rc.conf
:
lpd_enable="YES"
Start the service:
#
service lpd start
Documents are sent to the printer with
lpr
. A file to be printed can be named on
the command line or piped into lpr
. These
two commands are equivalent, sending the contents of
doc.txt
to the default printer:
%
lpr doc.txt
%
cat doc.txt | lpr
Printers can be selected with -P
. To
print to a printer called
laser
:
%
lpr -Plaser doc.txt
The examples shown so far have sent the contents of a text file directly to the printer. As long as the printer understands the content of those files, output will be printed correctly.
Some printers are not capable of printing plain text, and the input file might not even be plain text.
Filters allow files to be translated or processed. The typical use is to translate one type of input, like plain text, into a form that the printer can understand, like PostScript® or PCL. Filters can also be used to provide additional features, like adding page numbers or highlighting source code to make it easier to read.
The filters discussed here are
input filters or
text filters. These filters convert the
incoming file into different forms. Use su(1) to become
root
before
creating the files.
Filters are specified in
/etc/printcap
with the
if=
identifier. To use
/usr/local/libexec/lf2crlf
as a filter,
modify /etc/printcap
like this:
lp:\ :lp=/dev/unlpt0:\ :sh:\ :mx#0:\ :sd=/var/spool/lpd/lp:\ :if=/usr/local/libexec/lf2crlf:\:lf=/var/log/lpd-errs:
The backslash line continuation
characters at the end of the lines in
printcap
entries reveal that an entry
for a printer is really just one long line with entries
delimited by colon characters. An earlier example can be
rewritten as a single less-readable line:
lp:lp=/dev/unlpt0:sh:mx#0:sd=/var/spool/lpd/lp:if=/usr/local/libexec/lf2crlf:lf=/var/log/lpd-errs:
Typical FreeBSD text files contain only a single line feed character at the end of each line. These lines will “stairstep” on a standard printer:
A printed file looks like the steps of a staircase scattered by the wind
A filter can convert the newline characters into
carriage returns and newlines. The carriage returns make
the printer return to the left after each line. Create
/usr/local/libexec/lf2crlf
with these
contents:
#!/bin/sh CR=$'\r' /usr/bin/sed -e "s/$/${CR}/g"
Set the permissions and make it executable:
#
chmod 555 /usr/local/libexec/lf2crlf
Modify /etc/printcap
to use the
new filter:
:if=/usr/local/libexec/lf2crlf:\
Test the filter by printing the same plain text file. The carriage returns will cause each line to start at the left side of the page.
GNU Enscript converts plain text files into nicely-formatted PostScript® for printing on PostScript® printers. It adds page numbers, wraps long lines, and provides numerous other features to make printed text files easier to read. Depending on the local paper size, install either print/enscript-letter or print/enscript-a4 from the Ports Collection.
Create /usr/local/libexec/enscript
with these contents:
#!/bin/sh /usr/local/bin/enscript -o -
Set the permissions and make it executable:
#
chmod 555 /usr/local/libexec/enscript
Modify /etc/printcap
to use the
new filter:
:if=/usr/local/libexec/enscript:\
Test the filter by printing a plain text file.
Many programs produce PostScript® documents. However, inexpensive printers often only understand plain text or PCL. This filter converts PostScript® files to PCL before sending them to the printer.
Install the Ghostscript PostScript® interpreter, print/ghostscript9-base, from the Ports Collection.
Create /usr/local/libexec/ps2pcl
with these contents:
#!/bin/sh /usr/local/bin/gs -dSAFER -dNOPAUSE -dBATCH -q -sDEVICE=ljet4 -sOutputFile=- -
Set the permissions and make it executable:
#
chmod 555 /usr/local/libexec/ps2pcl
PostScript® input sent to this script will be rendered and converted to PCL before being sent on to the printer.
Modify /etc/printcap
to use this
new input filter:
:if=/usr/local/libexec/ps2pcl:\
Test the filter by sending a small PostScript® program to it:
%
printf "%%\!PS \n /Helvetica findfont 18 scalefont setfont \ 72 432 moveto (PostScript printing successful.) show showpage \004" | lpr
A filter that detects the type of input and
automatically converts it to the correct format for the
printer can be very convenient. The first two characters of
a PostScript® file are usually %!
. A
filter can detect those two characters. PostScript® files
can be sent on to a PostScript® printer unchanged. Text
files can be converted to PostScript® with
Enscript as shown earlier.
Create /usr/local/libexec/psif
with
these contents:
#!/bin/sh # # psif - Print PostScript or plain text on a PostScript printer # IFS="" read -r first_line first_two_chars=`expr "$first_line" : '\(..\)'` case "$first_two_chars" in %!) # %! : PostScript job, print it. echo "$first_line" && cat && exit 0 exit 2 ;; *) # otherwise, format with enscript ( echo "$first_line"; cat ) | /usr/local/bin/enscript -o - && exit 0 exit 2 ;; esac
Set the permissions and make it executable:
#
chmod 555 /usr/local/libexec/psif
Modify /etc/printcap
to use this
new input filter:
:if=/usr/local/libexec/psif:\
Test the filter by printing PostScript® and plain text files.
Writing a filter that detects many different types of input and formats them correctly is challenging. print/apsfilter from the Ports Collection is a smart “magic” filter that detects dozens of file types and automatically converts them to the PDL understood by the printer. See http://www.apsfilter.org for more details.
The entries in /etc/printcap
are
really definitions of queues. There can
be more than one queue for a single printer. When combined
with filters, multiple queues provide users more control over
how their jobs are printed.
As an example, consider a networked PostScript® laser
printer in an office. Most users want to print plain text,
but a few advanced users want to be able to print PostScript®
files directly. Two entries can be created for the same
printer in /etc/printcap
:
textprinter:\ :lp=9100@officelaser:\ :sh:\ :mx#0:\ :sd=/var/spool/lpd/textprinter:\ :if=/usr/local/libexec/enscript:\ :lf=/var/log/lpd-errs: psprinter:\ :lp=9100@officelaser:\ :sh:\ :mx#0:\ :sd=/var/spool/lpd/psprinter:\ :lf=/var/log/lpd-errs:
Documents sent to textprinter
will be
formatted by the
/usr/local/libexec/enscript
filter shown
in an earlier example. Advanced users can print PostScript®
files on psprinter
, where no filtering is
done.
This multiple queue technique can be used to provide direct access to all kinds of printer features. A printer with a duplexer could use two queues, one for ordinary single-sided printing, and one with a filter that sends the command sequence to enable double-sided printing and then sends the incoming file.
Several utilities are available to monitor print jobs and check and control printer operation.
lpq(1) shows the status of a user's print jobs. Print jobs from other users are not shown.
Show the current user's pending jobs on a single printer:
%
lpq -P
Rank Owner Job Files Total Size 1st jsmith 0 (standard input) 12792 byteslp
Show the current user's pending jobs on all printers:
%
lpq -a
lp: Rank Owner Job Files Total Size 1st jsmith 1 (standard input) 27320 bytes laser: Rank Owner Job Files Total Size 1st jsmith 287 (standard input) 22443 bytes
lprm(1) is used to remove print jobs. Normal users
are only allowed to remove their own jobs.
root
can remove
any or all jobs.
Remove all pending jobs from a printer:
#
lprm -P
dfA002smithy dequeued cfA002smithy dequeued dfA003smithy dequeued cfA003smithy dequeued dfA004smithy dequeued cfA004smithy dequeuedlp
-
Remove a single job from a printer. lpq(1) is used to find the job number.
%
lpq
Rank Owner Job Files Total Size 1st jsmith 5 (standard input) 12188 bytes%
lprm -P
dfA005smithy dequeued cfA005smithy dequeuedlp
5
lpc(8) is used to check and modify printer status.
lpc
is followed by a command and an
optional printer name. all
can be used
instead of a specific printer name, and the command will be
applied to all printers. Normal users can view status with
lpc(8). Only
root
can use
commands which modify printer status.
Show the status of all printers:
%
lpc status all
lp: queuing is enabled printing is enabled 1 entry in spool area printer idle laser: queuing is enabled printing is enabled 1 entry in spool area waiting for laser to come up
Prevent a printer from accepting new jobs, then begin accepting new jobs again:
#
lpc disable
lp: queuing disabledlp
#
lpc enable
lp: queuing enabledlp
Stop printing, but continue to accept new jobs. Then begin printing again:
#
lpc stop
lp: printing disabledlp
#
lpc start
lp: printing enabled daemon startedlp
Restart a printer after some error condition:
#
lpc restart
lp: no daemon to abort printing enabled daemon restartedlp
Turn the print queue off and disable printing, with a message to explain the problem to users:
#
lpc down
lp: printer and queuing disabled status message is now: Repair parts will arrive on Mondaylp
Repair parts will arrive on Monday
Re-enable a printer that is down:
#
lpc up
lp: printing enabled daemon startedlp
See lpc(8) for more commands and options.
Printers are often shared by multiple users in businesses and schools. Additional features are provided to make sharing printers more convenient.
The printer name is set in the first line of the
entry in /etc/printcap
. Additional
names, or aliases, can be added after
that name. Aliases are separated from the name and each
other by vertical bars:
lp|repairsprinter
|salesprinter
:\
Aliases can be used in place of the printer name. For example, users in the Sales department print to their printer with
%
lpr -P
salesprinter
sales-report.txt
Users in the Repairs department print to their printer with
%
lpr -P
repairsprinter
repairs-report.txt
All of the documents print on that single printer. When the Sales department grows enough to need their own printer, the alias can be removed from the shared printer entry and used as the name of a new printer. Users in both departments continue to use the same commands, but the Sales documents are sent to the new printer.
It can be difficult for users to locate their documents in the stack of pages produced by a busy shared printer. Header pages were created to solve this problem. A header page with the user name and document name is printed before each print job. These pages are also sometimes called banner or separator pages.
Enabling header pages differs depending on whether the printer is connected directly to the computer with a USB, parallel, or serial cable, or is connected remotely over a network.
Header pages on directly-connected printers are enabled
by removing the :sh:\
(Suppress Header)
line from the entry in /etc/printcap
.
These header pages only use line feed characters for new
lines. Some printers will need the
/usr/share/examples/printing/hpif
filter to prevent stairstepped text. The filter configures
PCL printers to print both carriage
returns and line feeds when a line feed is received.
Header pages for network printers must be configured on
the printer itself. Header page entries in
/etc/printcap
are ignored. Settings
are usually available from the printer front panel or a
configuration web page accessible with a web browser.
Several other printing systems are available in addition to the built-in lpd(8). These systems offer support for other protocols or additional features.
CUPS is a popular printing system available on many operating systems. Using CUPS on FreeBSD is documented in a separate article:../../../../doc/en_US.ISO8859-1/articles/cups
Hewlett Packard provides a printing system that supports many of their inkjet and laser printers. The port is print/hplip. The main web page is at http://hplipopensource.com/hplip-web/index.html. The port handles all the installation details on FreeBSD. Configuration information is shown at http://hplipopensource.com/hplip-web/install/manual/hp_setup.html.
LPRng was developed as an enhanced alternative to lpd(8). The port is sysutils/LPRng. For details and documentation, see http://www.lprng.com/.
FreeBSD provides binary compatibility with Linux®, allowing users to install and run most Linux® binaries on a FreeBSD system without having to first modify the binary. It has even been reported that, in some situations, Linux® binaries perform better on FreeBSD than they do on Linux®.
However, some Linux®-specific operating system features are not supported under FreeBSD. For example, Linux® binaries will not work on FreeBSD if they overly use i386™ specific calls, such as enabling virtual 8086 mode.
Support for 64-bit binary compatibility with Linux® was added in FreeBSD 10.3.
After reading this chapter, you will know:
How to enable Linux® binary compatibility on a FreeBSD system.
How to install additional Linux® shared libraries.
How to install Linux® applications on a FreeBSD system.
The implementation details of Linux® compatibility in FreeBSD.
Before reading this chapter, you should:
Know how to install additional third-party software.
By default, Linux® libraries are not installed and Linux® binary compatibility is not enabled. Linux® libraries can either be installed manually or from the FreeBSD Ports Collection.
Before attempting to build the port, load the Linux® kernel module, otherwise the build will fail:
#
kldload linux
For 64-bit compatibility:
#
kldload linux64
To verify that the module is loaded:
%
kldstat
Id Refs Address Size Name 1 2 0xc0100000 16bdb8 kernel 7 1 0xc24db000 d000 linux.ko
The emulators/linux_base-c7 package or port is the easiest way to install a base set of Linux® libraries and binaries on a FreeBSD system. To install the port:
#
pkg install emulators/linux_base-c7
For Linux® compatibility to be enabled at boot time,
add this line to /etc/rc.conf
:
linux_enable="YES"
On 64-bit machines, /etc/rc.d/abi
will
automatically load the module for 64-bit emulation.
Since the Linux® binary compatibility layer has gained support for running both 32- and 64-bit Linux® binaries (on 64-bit x86 hosts), it is no longer possible to link the emulation functionality statically into a custom kernel.
If a Linux® application complains about missing shared libraries after configuring Linux® binary compatibility, determine which shared libraries the Linux® binary needs and install them manually.
From a Linux® system, ldd
can be used
to determine which shared libraries the application needs.
For example, to check which shared libraries
linuxdoom
needs, run this command from a
Linux® system that has Doom
installed:
%
ldd linuxdoom
libXt.so.3 (DLL Jump 3.1) => /usr/X11/lib/libXt.so.3.1.0 libX11.so.3 (DLL Jump 3.1) => /usr/X11/lib/libX11.so.3.1.0 libc.so.4 (DLL Jump 4.5pl26) => /lib/libc.so.4.6.29
Then, copy all the files in the last column of the output
from the Linux® system into
/compat/linux
on the FreeBSD system. Once
copied, create symbolic links to the names in the first
column. This example will result in the following files on
the FreeBSD system:
/compat/linux/usr/X11/lib/libXt.so.3.1.0 /compat/linux/usr/X11/lib/libXt.so.3 -> libXt.so.3.1.0 /compat/linux/usr/X11/lib/libX11.so.3.1.0 /compat/linux/usr/X11/lib/libX11.so.3 -> libX11.so.3.1.0 /compat/linux/lib/libc.so.4.6.29 /compat/linux/lib/libc.so.4 -> libc.so.4.6.29
If a Linux® shared library already exists with a
matching major revision number to the first column of the
ldd
output, it does not need to be copied
to the file named in the last column, as the existing library
should work. It is advisable to copy the shared library if it
is a newer version, though. The old one can be removed, as
long as the symbolic link points to the new one.
For example, these libraries already exist on the FreeBSD system:
/compat/linux/lib/libc.so.4.6.27 /compat/linux/lib/libc.so.4 -> libc.so.4.6.27
and ldd
indicates that a binary
requires a later version:
libc.so.4 (DLL Jump 4.5pl26) -> libc.so.4.6.29
Since the existing library is only one or two versions out
of date in the last digit, the program should still work with
the slightly older version. However, it is safe to replace
the existing libc.so
with the newer
version:
/compat/linux/lib/libc.so.4.6.29 /compat/linux/lib/libc.so.4 -> libc.so.4.6.29
Generally, one will need to look for the shared libraries that Linux® binaries depend on only the first few times that a Linux® program is installed on FreeBSD. After a while, there will be a sufficient set of Linux® shared libraries on the system to be able to run newly installed Linux® binaries without any extra work.
ELF binaries sometimes require an extra step. When an unbranded ELF binary is executed, it will generate an error message:
%
./my-linux-elf-binary
ELF binary type not known Abort
To help the FreeBSD kernel distinguish between a FreeBSD ELF binary and a Linux® binary, use brandelf(1):
%
brandelf -t Linux my-linux-elf-binary
Since the GNU toolchain places the appropriate branding information into ELF binaries automatically, this step is usually not necessary.
To install a Linux® RPM-based
application, first install the
archivers/rpm4 package or port. Once
installed, root
can
use this command to install a
.rpm
:
#
cd /compat/linux
#
rpm2cpio < /path/to/linux.archive.rpm | cpio -id
If necessary, brandelf
the installed
ELF binaries. Note that this will prevent
a clean uninstall.
If DNS does not work or this error appears:
resolv+: "bind" is an invalid keyword resolv+: "hosts" is an invalid keyword
configure /compat/linux/etc/host.conf
as follows:
order hosts, bind multi on
This specifies that /etc/hosts
is
searched first and DNS is searched second.
When /compat/linux/etc/host.conf
does not
exist, Linux® applications use
/etc/host.conf
and complain about the
incompatible FreeBSD syntax. Remove bind
if a
name server is not configured using
/etc/resolv.conf
.
This section describes how Linux® binary compatibility
works and is based on an email written to FreeBSD chat mailing list by
Terry Lambert <tlambert@primenet.com>
(Message ID:
<199906020108.SAA07001@usr09.primenet.com>
).
FreeBSD has an abstraction called an “execution class loader”. This is a wedge into the execve(2) system call.
Historically, the UNIX® loader examined the magic number (generally the first 4 or 8 bytes of the file) to see if it was a binary known to the system, and if so, invoked the binary loader.
If it was not the binary type for the system, the execve(2) call returned a failure, and the shell attempted to start executing it as shell commands. The assumption was a default of “whatever the current shell is”.
Later, a hack was made for sh(1) to examine the first
two characters, and if they were :\n
, it
invoked the csh(1) shell instead.
FreeBSD has a list of loaders, instead of a single loader, with
a fallback to the #!
loader for running shell
interpreters or shell scripts.
For the Linux® ABI support, FreeBSD sees the magic number as an ELF binary. The ELF loader looks for a specialized brand, which is a comment section in the ELF image, and which is not present on SVR4/Solaris™ ELF binaries.
For Linux® binaries to function, they must be
branded as type Linux
using brandelf(1):
#
brandelf -t Linux file
When the ELF loader sees the Linux
brand, the loader replaces a pointer in the
proc
structure. All system calls are indexed
through this pointer. In addition, the process is flagged for
special handling of the trap vector for the signal trampoline
code, and several other (minor) fix-ups that are handled by the
Linux® kernel module.
The Linux® system call vector contains, among other things,
a list of sysent[]
entries whose addresses
reside in the kernel module.
When a system call is called by the Linux® binary, the trap
code dereferences the system call function pointer off the
proc
structure, and gets the Linux®, not the
FreeBSD, system call entry points.
Linux® mode dynamically reroots
lookups. This is, in effect, equivalent to
union
to file system mounts. First, an
attempt is made to lookup the file in
/compat/linux/
.
If that fails, the lookup is done in
original-path
/
.
This makes sure that binaries that require other binaries can
run. For example, the Linux® toolchain can all run under
Linux® ABI support. It also means that the
Linux® binaries can load and execute FreeBSD binaries, if there
are no corresponding Linux® binaries present, and that a
uname(1) command can be placed in the
original-path
/compat/linux
directory tree to ensure that
the Linux® binaries cannot tell they are not running on
Linux®.
In effect, there is a Linux® kernel in the FreeBSD kernel. The various underlying functions that implement all of the services provided by the kernel are identical to both the FreeBSD system call table entries, and the Linux® system call table entries: file system operations, virtual memory operations, signal delivery, and System V IPC. The only difference is that FreeBSD binaries get the FreeBSD glue functions, and Linux® binaries get the Linux® glue functions. The FreeBSD glue functions are statically linked into the kernel, and the Linux® glue functions can be statically linked, or they can be accessed via a kernel module.
Technically, this is not really emulation, it is an ABI implementation. It is sometimes called “Linux® emulation” because the implementation was done at a time when there was no other word to describe what was going on. Saying that FreeBSD ran Linux® binaries was not true, since the code was not compiled in.
The remaining chapters cover all aspects of FreeBSD system administration. Each chapter starts by describing what will be learned as a result of reading the chapter, and also details what the reader is expected to know before tackling the material.
These chapters are designed to be read as the information is needed. They do not need to be read in any particular order, nor must all of them be read before beginning to use FreeBSD.
One of the important aspects of FreeBSD is proper system configuration. This chapter explains much of the FreeBSD configuration process, including some of the parameters which can be set to tune a FreeBSD system.
After reading this chapter, you will know:
The basics of rc.conf
configuration
and /usr/local/etc/rc.d
startup
scripts.
How to configure and test a network card.
How to configure virtual hosts on network devices.
How to use the various configuration files in
/etc
.
How to tune FreeBSD using sysctl(8) variables.
How to tune disk performance and modify kernel limitations.
Before reading this chapter, you should:
Understand UNIX® and FreeBSD basics (Chapter 3, FreeBSD Basics).
Be familiar with the basics of kernel configuration and compilation (Chapter 8, Configuring the FreeBSD Kernel).
Many users install third party software on FreeBSD from the Ports Collection and require the installed services to be started upon system initialization. Services, such as mail/postfix or www/apache22 are just two of the many software packages which may be started during system initialization. This section explains the procedures available for starting third party software.
In FreeBSD, most included services, such as cron(8), are started through the system startup scripts.
Now that FreeBSD includes rc.d
,
configuration of application startup is easier and provides
more features. Using the key words discussed in
Section 11.4, “Managing Services in FreeBSD”, applications can be set to
start after certain other services and extra flags can be
passed through /etc/rc.conf
in place of
hard coded flags in the startup script. A basic script may
look similar to the following:
#!/bin/sh # # PROVIDE: utility # REQUIRE: DAEMON # KEYWORD: shutdown . /etc/rc.subr name=utility rcvar=utility_enable command="/usr/local/sbin/utility" load_rc_config $name # # DO NOT CHANGE THESE DEFAULT VALUES HERE # SET THEM IN THE /etc/rc.conf FILE # utility_enable=${utility_enable-"NO"} pidfile=${utility_pidfile-"/var/run/utility.pid"} run_rc_command "$1"
This script will ensure that the provided
utility
will be started after the
DAEMON
pseudo-service. It also provides a
method for setting and tracking the process ID
(PID).
This application could then have the following line placed
in /etc/rc.conf
:
utility_enable="YES"
This method allows for easier manipulation of command
line arguments, inclusion of the default functions provided
in /etc/rc.subr
, compatibility with
rcorder(8), and provides for easier configuration via
rc.conf
.
Other services can be started using inetd(8). Working with inetd(8) and its configuration is described in depth in Section 29.2, “The inetd Super-Server”.
In some cases, it may make more sense to use cron(8) to start system services. This approach has a number of advantages as cron(8) runs these processes as the owner of the crontab(5). This allows regular users to start and maintain their own applications.
The @reboot
feature of cron(8),
may be used in place of the time specification. This causes
the job to run when cron(8) is started, normally during
system initialization.
One of the most useful utilities in FreeBSD is
cron. This utility runs in the
background and regularly checks
/etc/crontab
for tasks to execute and
searches /var/cron/tabs
for custom crontab
files. These files are used to schedule tasks which
cron runs at the specified times.
Each entry in a crontab defines a task to run and is known as a
cron job.
Two different types of configuration files are used: the
system crontab, which should not be modified, and user crontabs,
which can be created and edited as needed. The format used by
these files is documented in crontab(5). The format of the
system crontab, /etc/crontab
includes a
who
column which does not exist in user
crontabs. In the system crontab,
cron runs the command as the user
specified in this column. In a user crontab, all commands run
as the user who created the crontab.
User crontabs allow individual users to schedule their own
tasks. The root
user
can also have a user crontab
which can be
used to schedule tasks that do not exist in the system
crontab
.
Here is a sample entry from the system crontab,
/etc/crontab
:
# /etc/crontab - root's crontab for FreeBSD # # $FreeBSD$ #SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
# #minute hour mday month wday who command
# */5 * * * * root /usr/libexec/atrun
Lines that begin with the | |
The equals ( | |
This line defines the seven fields used in a system
crontab: | |
This entry defines the values for this cron job. The
Commands can include any number of switches. However, commands which extend to multiple lines need to be broken with the backslash “\” continuation character. |
To create a user crontab, invoke
crontab
in editor mode:
%
crontab -e
This will open the user's crontab using the default text editor. The first time a user runs this command, it will open an empty file. Once a user creates a crontab, this command will open that file for editing.
It is useful to add these lines to the top of the crontab file in order to set the environment variables and to remember the meanings of the fields in the crontab:
SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin # Order of crontab fields # minute hour mday month wday command
Then add a line for each command or script to run,
specifying the time to run the command. This example runs the
specified custom Bourne shell script every day at two in the
afternoon. Since the path to the script is not specified in
PATH
, the full path to the script is
given:
0 14 * * * /usr/home/dru/bin/mycustomscript.sh
Before using a custom script, make sure it is executable and test it with the limited set of environment variables set by cron. To replicate the environment that would be used to run the above cron entry, use:
env -i SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin HOME=/home/dru
LOGNAME=dru
/usr/home/dru/bin/mycustomscript.sh
The environment set by cron is discussed in crontab(5). Checking that scripts operate correctly in a cron environment is especially important if they include any commands that delete files using wildcards.
When finished editing the crontab, save the file. It will automatically be installed and cron will read the crontab and run its cron jobs at their specified times. To list the cron jobs in a crontab, use this command:
%
crontab -l
0 14 * * * /usr/home/dru/bin/mycustomscript.sh
To remove all of the cron jobs in a user crontab:
%
crontab -r
remove crontab for dru?y
FreeBSD uses the rc(8) system of startup scripts during
system initialization and for managing services. The scripts
listed in /etc/rc.d
provide basic services
which can be controlled with the start
,
stop
, and restart
options to
service(8). For instance, sshd(8) can be restarted
with the following command:
#
service sshd restart
This procedure can be used to start services on a running
system. Services will be started automatically at boot time
as specified in rc.conf(5). For example, to enable
natd(8) at system startup, add the following line to
/etc/rc.conf
:
natd_enable="YES"
If a natd_enable="NO"
line is already
present, change the NO
to
YES
. The rc(8) scripts will
automatically load any dependent services during the next boot,
as described below.
Since the rc(8) system is primarily intended to start
and stop services at system startup and shutdown time, the
start
, stop
and
restart
options will only perform their action
if the appropriate /etc/rc.conf
variable
is set. For instance, sshd restart
will
only work if sshd_enable
is set to
YES
in /etc/rc.conf
.
To start
, stop
or
restart
a service regardless of the settings
in /etc/rc.conf
, these commands should be
prefixed with “one”. For instance, to restart
sshd(8) regardless of the current
/etc/rc.conf
setting, execute the following
command:
#
service sshd onerestart
To check if a service is enabled in
/etc/rc.conf
, run the appropriate
rc(8) script with rcvar
. This example
checks to see if sshd(8) is enabled in
/etc/rc.conf
:
#
service sshd rcvar
# sshd # sshd_enable="YES" # (default: "")
The # sshd
line is output from the
above command, not a
root
console.
To determine whether or not a service is running, use
status
. For instance, to verify that
sshd(8) is running:
#
service sshd status
sshd is running as pid 433.
In some cases, it is also possible to
reload
a service. This attempts to send a
signal to an individual service, forcing the service to reload
its configuration files. In most cases, this means sending
the service a SIGHUP
signal. Support for
this feature is not included for every service.
The rc(8) system is used for network services and it
also contributes to most of the system initialization. For
instance, when the
/etc/rc.d/bgfsck
script is executed, it
prints out the following message:
Starting background file system checks in 60 seconds.
This script is used for background file system checks, which occur only during system initialization.
Many system services depend on other services to function properly. For example, yp(8) and other RPC-based services may fail to start until after the rpcbind(8) service has started. To resolve this issue, information about dependencies and other meta-data is included in the comments at the top of each startup script. The rcorder(8) program is used to parse these comments during system initialization to determine the order in which system services should be invoked to satisfy the dependencies.
The following key word must be included in all startup scripts as it is required by rc.subr(8) to “enable” the startup script:
PROVIDE
: Specifies the services this
file provides.
The following key words may be included at the top of each startup script. They are not strictly necessary, but are useful as hints to rcorder(8):
REQUIRE
: Lists services which are
required for this service. The script containing this key
word will run after the specified
services.
BEFORE
: Lists services which depend
on this service. The script containing this key word will
run before the specified
services.
By carefully setting these keywords for each startup script, an administrator has a fine-grained level of control of the startup order of the scripts, without the need for “runlevels” used by some UNIX® operating systems.
Additional information can be found in rc(8) and rc.subr(8). Refer to this article for instructions on how to create custom rc(8) scripts.
The principal location for system configuration
information is /etc/rc.conf
. This file
contains a wide range of configuration information and it is
read at system startup to configure the system. It provides
the configuration information for the
rc*
files.
The entries in /etc/rc.conf
override
the default settings in
/etc/defaults/rc.conf
. The file
containing the default settings should not be edited.
Instead, all system-specific changes should be made to
/etc/rc.conf
.
A number of strategies may be applied in clustered
applications to separate site-wide configuration from
system-specific configuration in order to reduce
administration overhead. The recommended approach is to place
system-specific configuration into
/etc/rc.conf.local
. For example, these
entries in /etc/rc.conf
apply to all
systems:
sshd_enable="YES" keyrate="fast" defaultrouter="10.1.1.254"
Whereas these entries in
/etc/rc.conf.local
apply to this system
only:
hostname="node1.example.org" ifconfig_fxp0="inet 10.1.1.1/8"
Distribute /etc/rc.conf
to every
system using an application such as
rsync or
puppet, while
/etc/rc.conf.local
remains
unique.
Upgrading the system will not overwrite
/etc/rc.conf
, so system configuration
information will not be lost.
Both /etc/rc.conf
and
/etc/rc.conf.local
are parsed by sh(1). This allows system operators to
create complex configuration scenarios. Refer to
rc.conf(5) for further information on this
topic.
Adding and configuring a network interface card (NIC) is a common task for any FreeBSD administrator.
First, determine the model of the NIC and the chip it uses. FreeBSD supports a wide variety of NICs. Check the Hardware Compatibility List for the FreeBSD release to see if the NIC is supported.
If the NIC is supported, determine
the name of the FreeBSD driver for the NIC.
Refer to /usr/src/sys/conf/NOTES
and
/usr/src/sys/
for the list of NIC drivers with some
information about the supported chipsets. When in doubt, read
the manual page of the driver as it will provide more
information about the supported hardware and any known
limitations of the driver.arch
/conf/NOTES
The drivers for common NICs are already
present in the GENERIC
kernel, meaning
the NIC should be probed during boot. The
system's boot messages can be viewed by typing
more /var/run/dmesg.boot
and using the
spacebar to scroll through the text. In this example, two
Ethernet NICs using the dc(4) driver
are present on the system:
dc0: <82c169 PNIC 10/100BaseTX> port 0xa000-0xa0ff mem 0xd3800000-0xd38 000ff irq 15 at device 11.0 on pci0 miibus0: <MII bus> on dc0 bmtphy0: <BCM5201 10/100baseTX PHY> PHY 1 on miibus0 bmtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: Ethernet address: 00:a0:cc:da:da:da dc0: [ITHREAD] dc1: <82c169 PNIC 10/100BaseTX> port 0x9800-0x98ff mem 0xd3000000-0xd30 000ff irq 11 at device 12.0 on pci0 miibus1: <MII bus> on dc1 bmtphy1: <BCM5201 10/100baseTX PHY> PHY 1 on miibus1 bmtphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc1: Ethernet address: 00:a0:cc:da:da:db dc1: [ITHREAD]
If the driver for the NIC is not
present in GENERIC
, but a driver is
available, the driver will need to be loaded before the
NIC can be configured and used. This may
be accomplished in one of two ways:
The easiest way is to load a kernel module for the
NIC using kldload(8). To also
automatically load the driver at boot time, add the
appropriate line to
/boot/loader.conf
. Not all
NIC drivers are available as
modules.
Alternatively, statically compile support for the
NIC into a custom kernel. Refer to
/usr/src/sys/conf/NOTES
,
/usr/src/sys/
and the manual page of the driver to determine which line
to add to the custom kernel configuration file. For more
information about recompiling the kernel, refer to Chapter 8, Configuring the FreeBSD Kernel. If the NIC
was detected at boot, the kernel does not need to be
recompiled.arch
/conf/NOTES
Unfortunately, there are still many vendors that do not provide schematics for their drivers to the open source community because they regard such information as trade secrets. Consequently, the developers of FreeBSD and other operating systems are left with two choices: develop the drivers by a long and pain-staking process of reverse engineering or using the existing driver binaries available for Microsoft® Windows® platforms.
FreeBSD provides “native” support for the Network Driver Interface Specification (NDIS). It includes ndisgen(8) which can be used to convert a Windows® XP driver into a format that can be used on FreeBSD. Because the ndis(4) driver uses a Windows® XP binary, it only runs on i386™ and amd64 systems. PCI, CardBus, PCMCIA, and USB devices are supported.
To use ndisgen(8), three things are needed:
FreeBSD kernel sources.
A Windows® XP driver binary with a
.SYS
extension.
A Windows® XP driver configuration file with a
.INF
extension.
Download the .SYS
and
.INF
files for the specific
NIC. Generally, these can be found on
the driver CD or at the vendor's website. The following
examples use W32DRIVER.SYS
and
W32DRIVER.INF
.
The driver bit width must match the version of FreeBSD. For FreeBSD/i386, use a Windows® 32-bit driver. For FreeBSD/amd64, a Windows® 64-bit driver is needed.
The next step is to compile the driver binary into a
loadable kernel module. As
root
, use
ndisgen(8):
#
ndisgen
/path/to/W32DRIVER.INF
/path/to/W32DRIVER.SYS
This command is interactive and prompts for any extra information it requires. A new kernel module will be generated in the current directory. Use kldload(8) to load the new module:
#
kldload
./W32DRIVER_SYS.ko
In addition to the generated kernel module, the
ndis.ko
and
if_ndis.ko
modules must be loaded.
This should happen automatically when any module that
depends on ndis(4) is loaded. If not, load them
manually, using the following commands:
#
kldload ndis
#
kldload if_ndis
The first command loads the ndis(4) miniport driver wrapper and the second loads the generated NIC driver.
Check dmesg(8) to see if there were any load errors. If all went well, the output should be similar to the following:
ndis0: <Wireless-G PCI Adapter> mem 0xf4100000-0xf4101fff irq 3 at device 8.0 on pci1 ndis0: NDIS API version: 5.0 ndis0: Ethernet address: 0a:b1:2c:d3:4e:f5 ndis0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ndis0: 11g rates: 6Mbps 9Mbps 12Mbps 18Mbps 36Mbps 48Mbps 54Mbps
From here, ndis0
can be
configured like any other NIC.
To configure the system to load the ndis(4) modules
at boot time, copy the generated module,
W32DRIVER_SYS.ko
, to
/boot/modules
. Then, add the following
line to /boot/loader.conf
:
W32DRIVER_SYS_load="YES"
Once the right driver is loaded for the NIC, the card needs to be configured. It may have been configured at installation time by bsdinstall(8).
To display the NIC configuration, enter the following command:
%
ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80008<VLAN_MTU,LINKSTATE> ether 00:a0:cc:da:da:da inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active dc1: flags=8802<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80008<VLAN_MTU,LINKSTATE> ether 00:a0:cc:da:da:db inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 media: Ethernet 10baseT/UTP status: no carrier lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
In this example, the following devices were displayed:
dc0
: The first Ethernet
interface.
dc1
: The second Ethernet
interface.
lo0
: The loopback
device.
FreeBSD uses the driver name followed by the order in which
the card is detected at boot to name the
NIC. For example,
sis2
is the third
NIC on the system using the sis(4)
driver.
In this example, dc0
is up and
running. The key indicators are:
UP
means that the card is
configured and ready.
The card has an Internet (inet
)
address, 192.168.1.3
.
It has a valid subnet mask
(netmask
), where
0xffffff00
is the
same as 255.255.255.0
.
It has a valid broadcast address, 192.168.1.255
.
The MAC address of the card
(ether
) is 00:a0:cc:da:da:da
.
The physical media selection is on autoselection mode
(media: Ethernet autoselect (100baseTX
<full-duplex>)
). In this example,
dc1
is configured to run with
10baseT/UTP
media. For more
information on available media types for a driver, refer
to its manual page.
The status of the link (status
) is
active
, indicating that the carrier
signal is detected. For dc1
, the
status: no carrier
status is normal
when an Ethernet cable is not plugged into the
card.
If the ifconfig(8) output had shown something similar to:
dc0: flags=8843<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80008<VLAN_MTU,LINKSTATE> ether 00:a0:cc:da:da:da media: Ethernet autoselect (100baseTX <full-duplex>) status: active
it would indicate the card has not been configured.
The card must be configured as
root
. The
NIC configuration can be performed from the
command line with ifconfig(8) but will not persist after
a reboot unless the configuration is also added to
/etc/rc.conf
. If a
DHCP server is present on the LAN,
just add this line:
ifconfig_dc0="DHCP"
Replace dc0
with the correct
value for the system.
The line added, then, follow the instructions given in Section 11.5.3, “Testing and Troubleshooting”.
If the network was configured during installation, some
entries for the NIC(s) may be already
present. Double check /etc/rc.conf
before adding any lines.
If there is no DHCP server, the NIC(s) must be configured manually. Add a line for each NIC present on the system, as seen in this example:
ifconfig_dc0="inet 192.168.1.3 netmask 255.255.255.0" ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP"
Replace dc0
and
dc1
and the IP
address information with the correct values for the system.
Refer to the man page for the driver, ifconfig(8), and
rc.conf(5) for more details about the allowed options and
the syntax of /etc/rc.conf
.
If the network is not using DNS, edit
/etc/hosts
to add the names and
IP addresses of the hosts on the
LAN, if they are not already there. For
more information, refer to hosts(5) and to
/usr/share/examples/etc/hosts
.
If there is no DHCP server and access to the Internet is needed, manually configure the default gateway and the nameserver:
#
echo 'defaultrouter="
your_default_router
"' >> /etc/rc.conf#
echo 'nameserver
your_DNS_server
' >> /etc/resolv.conf
Once the necessary changes to
/etc/rc.conf
are saved, a reboot can be
used to test the network configuration and to verify that the
system restarts without any configuration errors.
Alternatively, apply the settings to the networking system
with this command:
#
service netif restart
If a default gateway has been set in
/etc/rc.conf
, also issue this
command:
#
service routing restart
Once the networking system has been relaunched, test the NICs.
To verify that an Ethernet card is configured correctly, ping(8) the interface itself, and then ping(8) another machine on the LAN:
%
ping -c5 192.168.1.3
PING 192.168.1.3 (192.168.1.3): 56 data bytes 64 bytes from 192.168.1.3: icmp_seq=0 ttl=64 time=0.082 ms 64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.074 ms 64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.076 ms 64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.108 ms 64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.076 ms --- 192.168.1.3 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.074/0.083/0.108/0.013 ms
%
ping -c5 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.726 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.766 ms 64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.700 ms 64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.747 ms 64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.704 ms --- 192.168.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.700/0.729/0.766/0.025 ms
To test network resolution, use the host name instead
of the IP address. If there is no
DNS server on the network,
/etc/hosts
must first be
configured. To this purpose, edit
/etc/hosts
to add the names and
IP addresses of the hosts on the
LAN, if they are not already there. For
more information, refer to hosts(5) and to
/usr/share/examples/etc/hosts
.
When troubleshooting hardware and software configurations, check the simple things first. Is the network cable plugged in? Are the network services properly configured? Is the firewall configured correctly? Is the NIC supported by FreeBSD? Before sending a bug report, always check the Hardware Notes, update the version of FreeBSD to the latest STABLE version, check the mailing list archives, and search the Internet.
If the card works, yet performance is poor, read through tuning(7). Also, check the network configuration as incorrect network settings can cause slow connections.
Some users experience one or two device timeout messages, which is normal for some cards. If they continue, or are bothersome, determine if the device is conflicting with another device. Double check the cable connections. Consider trying another card.
To resolve watchdog timeout errors, first check the network cable. Many cards require a PCI slot which supports bus mastering. On some old motherboards, only one PCI slot allows it, usually slot 0. Check the NIC and the motherboard documentation to determine if that may be the problem.
No route to host messages occur
if the system is unable to route a packet to the destination
host. This can happen if no default route is specified or
if a cable is unplugged. Check the output of
netstat -rn
and make sure there is a
valid route to the host. If there is not, read
Section 31.2, “Gateways and Routes”.
ping: sendto: Permission denied error messages are often caused by a misconfigured firewall. If a firewall is enabled on FreeBSD but no rules have been defined, the default policy is to deny all traffic, even ping(8). Refer to Chapter 30, Firewalls for more information.
Sometimes performance of the card is poor or below
average. In these cases, try setting the media
selection mode from autoselect
to the
correct media selection. While this works for most
hardware, it may or may not resolve the issue. Again,
check all the network settings, and refer to
tuning(7).
A common use of FreeBSD is virtual site hosting, where one server appears to the network as many servers. This is achieved by assigning multiple network addresses to a single interface.
A given network interface has one “real”
address, and may have any number of “alias”
addresses. These aliases are normally added by placing alias
entries in /etc/rc.conf
, as seen in this
example:
ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"
Alias entries must start with
alias
using a
sequential number such as
0
alias0
, alias1
,
and so on. The configuration process will stop at the first
missing number.
The calculation of alias netmasks is important. For a
given interface, there must be one address which correctly
represents the network's netmask. Any other addresses which
fall within this network must have a netmask of all
1
s, expressed as either
255.255.255.255
or
0xffffffff
.
For example, consider the case where the
fxp0
interface is connected to two
networks: 10.1.1.0
with a netmask of
255.255.255.0
and
202.0.75.16
with a
netmask of
255.255.255.240
. The
system is to be configured to appear in the ranges
10.1.1.1
through
10.1.1.5
and
202.0.75.17
through
202.0.75.20
. Only
the first address in a given network range should have a real
netmask. All the rest
(10.1.1.2
through
10.1.1.5
and
202.0.75.18
through
202.0.75.20
) must be
configured with a netmask of
255.255.255.255
.
The following /etc/rc.conf
entries
configure the adapter correctly for this scenario:
ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0" ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255" ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255" ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255" ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255" ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240" ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255" ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255" ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"
A simpler way to express this is with a space-separated list
of IP address ranges. The first address
will be given the
indicated subnet mask and the additional addresses will have a
subnet mask of 255.255.255.255
.
ifconfig_fxp0_aliases="inet 10.1.1.1-5/24 inet 202.0.75.17-20/28"
Generating and reading system logs is an important aspect of system administration. The information in system logs can be used to detect hardware and software issues as well as application and system configuration errors. This information also plays an important role in security auditing and incident response. Most system daemons and applications will generate log entries.
FreeBSD provides a system logger,
syslogd, to manage logging. By
default, syslogd is started when the
system boots. This is controlled by the variable
syslogd_enable
in
/etc/rc.conf
. There are numerous
application arguments that can be set using
syslogd_flags
in
/etc/rc.conf
. Refer to syslogd(8) for
more information on the available arguments.
This section describes how to configure the FreeBSD system logger for both local and remote logging and how to perform log rotation and log management.
The configuration file,
/etc/syslog.conf
, controls what
syslogd does with log entries as
they are received. There are several parameters to control
the handling of incoming events. The
facility describes which subsystem
generated the message, such as the kernel or a daemon, and the
level describes the severity of the
event that occurred. This makes it possible to configure if
and where a log message is logged, depending on the facility
and level. It is also possible to take action depending on
the application that sent the message, and in the case of
remote logging, the hostname of the machine generating the
logging event.
This configuration file contains one line per action,
where the syntax for each line is a selector field followed by
an action field. The syntax of the selector field is
facility.level
which will match log
messages from facility
at level
level
or higher. It is also
possible to add an optional comparison flag before the level
to specify more precisely what is logged. Multiple selector
fields can be used for the same action, and are separated with
a semicolon (;
). Using
*
will match everything. The action field
denotes where to send the log message, such as to a file or
remote log host. As an example, here is the default
syslog.conf
from FreeBSD:
# $FreeBSD$
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
!-devd
*.=debug /var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=info
!ppp
*.* /var/log/ppp.log
!*
In this example:
Line 8 matches all messages with a level of
err
or higher, as well as
kern.warning
,
auth.notice
and
mail.crit
, and sends these log messages
to the console
(/dev/console
).
Line 12 matches all messages from the
mail
facility at level
info
or above and logs the messages to
/var/log/maillog
.
Line 17 uses a comparison flag (=
)
to only match messages at level debug
and logs them to
/var/log/debug.log
.
Line 33 is an example usage of a program
specification. This makes the rules following it only
valid for the specified program. In this case, only the
messages generated by ppp are
logged to /var/log/ppp.log
.
The available levels, in order from most to least
critical are emerg
,
alert
, crit
,
err
, warning
,
notice
, info
, and
debug
.
The facilities, in no particular order, are
auth
, authpriv
,
console
, cron
,
daemon
, ftp
,
kern
, lpr
,
mail
, mark
,
news
, security
,
syslog
, user
,
uucp
, and local0
through
local7
. Be aware that other operating
systems might have different facilities.
To log everything of level notice
and
higher to /var/log/daemon.log
, add the
following entry:
daemon.notice /var/log/daemon.log
For more information about the different levels and
facilities, refer to syslog(3) and syslogd(8).
For more information about
/etc/syslog.conf
, its syntax, and more
advanced usage examples, see syslog.conf(5).
Log files can grow quickly, taking up disk space and making it more difficult to locate useful information. Log management attempts to mitigate this. In FreeBSD, newsyslog is used to manage log files. This built-in program periodically rotates and compresses log files, and optionally creates missing log files and signals programs when log files are moved. The log files may be generated by syslogd or by any other program which generates log files. While newsyslog is normally run from cron(8), it is not a system daemon. In the default configuration, it runs every hour.
To know which actions to take,
newsyslog reads its configuration
file, /etc/newsyslog.conf
. This file
contains one line for each log file that
newsyslog manages. Each line
states the file owner, permissions, when to rotate that file,
optional flags that affect log rotation, such as compression,
and programs to signal when the log is rotated. Here is the
default configuration in FreeBSD:
# configuration file for newsyslog
# $FreeBSD$
#
# Entries which do not specify the '/pid_file' field will cause the
# syslogd process to be signalled when that log file is rotated. This
# action is only appropriate for log files which are written to by the
# syslogd process (ie, files listed in /etc/syslog.conf). If there
# is no process which needs to be signalled when a given log file is
# rotated, then the entry for that file should include the 'N' flag.
#
# The 'flags' field is one or more of the letters: BCDGJNUXZ or a '-'.
#
# Note: some sites will want to select more restrictive protections than the
# defaults. In particular, it may be desirable to switch many of the 644
# entries to 640 or 600. For example, some sites will consider the
# contents of maillog, messages, and lpd-errs to be confidential. In the
# future, these defaults may change to more conservative ones.
#
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/all.log 600 7 * @T00 J
/var/log/amd.log 644 7 100 * J
/var/log/auth.log 600 7 100 @0101T JC
/var/log/console.log 600 5 100 * J
/var/log/cron 600 3 100 * JC
/var/log/daily.log 640 7 * @T00 JN
/var/log/debug.log 600 7 100 * JC
/var/log/kerberos.log 600 7 100 * J
/var/log/lpd-errs 644 7 100 * JC
/var/log/maillog 640 7 * @T00 JC
/var/log/messages 644 5 100 @0101T JC
/var/log/monthly.log 640 12 * $M1D0 JN
/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid
/var/log/ppp.log root:network 640 3 100 * JC
/var/log/devd.log 644 3 100 * JC
/var/log/security 600 10 100 * JC
/var/log/sendmail.st 640 10 * 168 B
/var/log/utx.log 644 3 * @01T05 B
/var/log/weekly.log 640 5 1 $W6D0 JN
/var/log/xferlog 600 7 100 * JC
Each line starts with the name of the log to be rotated,
optionally followed by an owner and group for both rotated and
newly created files. The mode
field sets
the permissions on the log file and count
denotes how many rotated log files should be kept. The
size
and when
fields
tell newsyslog when to rotate the
file. A log file is rotated when either its size is larger
than the size
field or when the time in the
when
field has passed. An asterisk
(*
) means that this field is ignored. The
flags
field gives further
instructions, such as how to compress the rotated file or to
create the log file if it is missing. The last two fields are
optional and specify the name of the Process ID
(PID) file of a process and a signal number
to send to that process when the file is rotated.
For more information on all fields, valid flags, and how to specify the rotation time, refer to newsyslog.conf(5). Since newsyslog is run from cron(8), it cannot rotate files more often than it is scheduled to run from cron(8).
Monitoring the log files of multiple hosts can become unwieldy as the number of systems increases. Configuring centralized logging can reduce some of the administrative burden of log file administration.
In FreeBSD, centralized log file aggregation, merging, and
rotation can be configured using
syslogd and
newsyslog. This section
demonstrates an example configuration, where host
A
, named logserv.example.com
, will
collect logging information for the local network. Host
B
, named logclient.example.com
,
will be configured to pass logging information to the logging
server.
A log server is a system that has been configured to accept logging information from other hosts. Before configuring a log server, check the following:
If there is a firewall between the logging server and any logging clients, ensure that the firewall ruleset allows UDP port 514 for both the clients and the server.
The logging server and all client machines must
have forward and reverse entries in the local
DNS. If the network does not have a
DNS server, create entries in each
system's /etc/hosts
. Proper name
resolution is required so that log entries are not
rejected by the logging server.
On the log server, edit
/etc/syslog.conf
to specify the name of
the client to receive log entries from, the logging facility
to be used, and the name of the log to store the host's log
entries. This example adds the hostname of
B
, logs all facilities, and stores
the log entries in
/var/log/logclient.log
.
When adding multiple log clients, add a similar two-line entry for each client. More information about the available facilities may be found in syslog.conf(5).
Next, configure
/etc/rc.conf
:
syslogd_enable="YES" syslogd_flags="-a logclient.example.com -v -v"
The first entry starts
syslogd at system boot. The
second entry allows log entries from the specified client.
The -v -v
increases the verbosity of logged
messages. This is useful for tweaking facilities as
administrators are able to see what type of messages are
being logged under each facility.
Multiple -a
options may be specified to
allow logging from multiple clients. IP
addresses and whole netblocks may also be specified. Refer
to syslogd(8) for a full list of possible
options.
Finally, create the log file:
#
touch /var/log/logclient.log
At this point, syslogd should be restarted and verified:
#
service syslogd restart
#
pgrep syslog
If a PID is returned, the server
restarted successfully, and client configuration can begin.
If the server did not restart, consult
/var/log/messages
for the error.
A logging client sends log entries to a logging server on the network. The client also keeps a local copy of its own logs.
Once a logging server has been configured, edit
/etc/rc.conf
on the logging
client:
syslogd_enable="YES" syslogd_flags="-s -v -v"
The first entry enables
syslogd on boot up. The second
entry prevents logs from being accepted by this client from
other hosts (-s
) and increases the
verbosity of logged messages.
Next, define the logging server in the client's
/etc/syslog.conf
. In this example, all
logged facilities are sent to a remote system, denoted by
the @
symbol, with the specified
hostname:
*.* @logserv.example.com
After saving the edit, restart syslogd for the changes to take effect:
#
service syslogd restart
To test that log messages are being sent across the network, use logger(1) on the client to send a message to syslogd:
#
logger "
Test message from logclient
"
This message should now exist both in
/var/log/messages
on the client and
/var/log/logclient.log
on the log
server.
If no messages are being received on the log server, the
cause is most likely a network connectivity issue, a
hostname resolution issue, or a typo in a configuration
file. To isolate the cause, ensure that both the logging
server and the logging client are able to
ping
each other using the hostname
specified in their /etc/rc.conf
. If
this fails, check the network cabling, the firewall ruleset,
and the hostname entries in the DNS
server or /etc/hosts
on both the
logging server and clients. Repeat until the
ping
is successful from both
hosts.
If the ping
succeeds on both hosts
but log messages are still not being received, temporarily
increase logging verbosity to narrow down the configuration
issue. In the following example,
/var/log/logclient.log
on the logging
server is empty and /var/log/messages
on the logging client does not indicate a reason for the
failure. To increase debugging output, edit the
syslogd_flags
entry on the logging server
and issue a restart:
syslogd_flags="-d -a logclient.example.com -v -v"
#
service syslogd restart
Debugging data similar to the following will flash on the console immediately after the restart:
logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel Logging to FILE /var/log/messages syslogd: kernel boot file is /boot/kernel/kernel cvthname(192.168.1.10) validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com; rejected in rule 0 due to name mismatch.
In this example, the log messages are being rejected due
to a typo which results in a hostname mismatch. The
client's hostname should be logclient
,
not logclien
. Fix the typo, issue a
restart, and verify the results:
#
service syslogd restart
logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel syslogd: kernel boot file is /boot/kernel/kernel logmsg: pri 166, flags 17, from logserv.example.com, msg Dec 10 20:55:02 <syslog.err> logserv.example.com syslogd: exiting on signal 2 cvthname(192.168.1.10) validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com; accepted in rule 0. logmsg: pri 15, flags 0, from logclient.example.com, msg Dec 11 02:01:28 trhodes: Test message 2 Logging to FILE /var/log/logclient.log Logging to FILE /var/log/messages
At this point, the messages are being properly received and placed in the correct file.
As with any network service, security requirements should be considered before implementing a logging server. Log files may contain sensitive data about services enabled on the local host, user accounts, and configuration data. Network data sent from the client to the server will not be encrypted or password protected. If a need for encryption exists, consider using security/stunnel, which will transmit the logging data over an encrypted tunnel.
Local security is also an issue. Log files are not
encrypted during use or after log rotation. Local users may
access log files to gain additional insight into system
configuration. Setting proper permissions on log files is
critical. The built-in log rotator,
newsyslog, supports setting
permissions on newly created and rotated log files. Setting
log files to mode 600
should prevent
unwanted access by local users. Refer to
newsyslog.conf(5) for additional information.
There are a number of directories in which configuration information is kept. These include:
/etc | Generic system-specific configuration information. |
/etc/defaults | Default versions of system configuration files. |
/etc/mail | Extra sendmail(8) configuration and other MTA configuration files. |
/etc/ppp | Configuration for both user- and kernel-ppp programs. |
/usr/local/etc | Configuration files for installed applications. May contain per-application subdirectories. |
/usr/local/etc/rc.d | rc(8) scripts for installed applications. |
/var/db | Automatically generated system-specific database files, such as the package database and the locate(1) database. |
How a FreeBSD system accesses the Internet Domain Name System (DNS) is controlled by resolv.conf(5).
The most common entries to
/etc/resolv.conf
are:
nameserver | The IP address of a name server the resolver should query. The servers are queried in the order listed with a maximum of three. |
search | Search list for hostname lookup. This is normally determined by the domain of the local hostname. |
domain | The local domain name. |
A typical /etc/resolv.conf
looks
like this:
search example.com nameserver 147.11.1.11 nameserver 147.11.100.30
Only one of the search
and
domain
options should be used.
When using DHCP, dhclient(8)
usually rewrites /etc/resolv.conf
with information received from the DHCP
server.
/etc/hosts
is a simple text
database which works in conjunction with
DNS and
NIS to provide host name to
IP address mappings. Entries for local
computers connected via a LAN can be
added to this file for simplistic naming purposes instead
of setting up a named(8) server. Additionally,
/etc/hosts
can be used to provide a
local record of Internet names, reducing the need to query
external DNS servers for commonly
accessed names.
# $FreeBSD$
#
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file. Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1 localhost localhost.my.domain
127.0.0.1 localhost localhost.my.domain
#
# Imaginary network.
#10.0.0.2 myname.my.domain myname
#10.0.0.3 myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers. Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
The format of /etc/hosts
is as
follows:
[Internet address] [official hostname] [alias1] [alias2] ...
For example:
10.0.0.1 myRealHostname.example.com myRealHostname foobar1 foobar2
Consult hosts(5) for more information.
sysctl(8) is used to make changes to a running FreeBSD system. This includes many advanced options of the TCP/IP stack and virtual memory system that can dramatically improve performance for an experienced system administrator. Over five hundred system variables can be read and set using sysctl(8).
At its core, sysctl(8) serves two functions: to read and to modify system settings.
To view all readable variables:
%
sysctl -a
To read a particular variable, specify its name:
%
sysctl kern.maxproc
kern.maxproc: 1044
To set a particular variable, use the
variable
=value
syntax:
#
sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
Settings of sysctl variables are usually either strings,
numbers, or booleans, where a boolean is 1
for yes or 0
for no.
To automatically set some variables each time the machine
boots, add them to /etc/sysctl.conf
. For
more information, refer to sysctl.conf(5) and
Section 11.9.1, “sysctl.conf
”.
The configuration file for sysctl(8),
/etc/sysctl.conf
, looks much like
/etc/rc.conf
. Values are set in a
variable=value
form. The specified values
are set after the system goes into multi-user mode. Not all
variables are settable in this mode.
For example, to turn off logging of fatal signal exits
and prevent users from seeing processes started by other
users, the following tunables can be set in
/etc/sysctl.conf
:
# Do not log fatal signal exits (e.g., sig 11) kern.logsigexit=0 # Prevent users from seeing information about processes that # are being run under another UID. security.bsd.see_other_uids=0
In some cases it may be desirable to modify read-only sysctl(8) values, which will require a reboot of the system.
For instance, on some laptop models the cardbus(4) device will not probe memory ranges and will fail with errors similar to:
cbb0: Could not map register memory device_probe_and_attach: cbb0 attach returned 12
The fix requires the modification of a read-only
sysctl(8) setting. Add
hw.pci.allow_unsupported_io_range=1
to
/boot/loader.conf
and reboot. Now
cardbus(4) should work properly.
The following section will discuss various tuning mechanisms and options which may be applied to disk devices. In many cases, disks with mechanical parts, such as SCSI drives, will be the bottleneck driving down the overall system performance. While a solution is to install a drive without mechanical parts, such as a solid state drive, mechanical drives are not going away anytime in the near future. When tuning disks, it is advisable to utilize the features of the iostat(8) command to test various changes to the system. This command will allow the user to obtain valuable information on system IO.
The vfs.vmiodirenable
sysctl(8)
variable
may be set to either 0
(off) or
1
(on). It is set to
1
by default. This variable controls
how directories are cached by the system. Most directories
are small, using just a single fragment (typically 1 K)
in the file system and typically 512 bytes in the
buffer cache. With this variable turned off, the buffer
cache will only cache a fixed number of directories, even
if the system has a huge amount of memory. When turned on,
this sysctl(8) allows the buffer cache to use the
VM page cache to cache the directories,
making all the memory available for caching directories.
However, the minimum in-core memory used to cache a
directory is the physical page size (typically 4 K)
rather than 512 bytes. Keeping this option enabled
is recommended if the system is running any services which
manipulate large numbers of files. Such services can
include web caches, large mail systems, and news systems.
Keeping this option on will generally not reduce
performance, even with the wasted memory, but one should
experiment to find out.
The vfs.write_behind
sysctl(8)
variable
defaults to 1
(on). This tells the file
system to issue media writes as full clusters are collected,
which typically occurs when writing large sequential files.
This avoids saturating the buffer cache with dirty buffers
when it would not benefit I/O performance. However, this
may stall processes and under certain circumstances should
be turned off.
The vfs.hirunningspace
sysctl(8)
variable determines how much outstanding write I/O may be
queued to disk controllers system-wide at any given
instance. The default is usually sufficient, but on
machines with many disks, try bumping it up to four or five
megabytes. Setting too high a value
which exceeds the buffer cache's write threshold can lead
to bad clustering performance. Do not set this value
arbitrarily high as higher write values may add latency to
reads occurring at the same time.
There are various other buffer cache and VM page cache related sysctl(8) values. Modifying these values is not recommended as the VM system does a good job of automatically tuning itself.
The vm.swap_idle_enabled
sysctl(8) variable is useful in large multi-user
systems with many active login users and lots of idle
processes. Such systems tend to generate continuous
pressure on free memory reserves. Turning this feature on
and tweaking the swapout hysteresis (in idle seconds) via
vm.swap_idle_threshold1
and
vm.swap_idle_threshold2
depresses the
priority of memory pages associated with idle processes more
quickly then the normal pageout algorithm. This gives a
helping hand to the pageout daemon. Only turn this option
on if needed, because the tradeoff is essentially pre-page
memory sooner rather than later which eats more swap and
disk bandwidth. In a small system this option will have a
determinable effect, but in a large system that is already
doing moderate paging, this option allows the
VM system to stage whole processes into
and out of memory easily.
Turning off IDE write caching reduces
write bandwidth to IDE disks, but may
sometimes be necessary due to data consistency issues
introduced by hard drive vendors. The problem is that
some IDE drives lie about when a write
completes. With IDE write caching
turned on, IDE hard drives write data
to disk out of order and will sometimes delay writing some
blocks indefinitely when under heavy disk load. A crash or
power failure may cause serious file system corruption.
Check the default on the system by observing the
hw.ata.wc
sysctl(8) variable. If
IDE write caching is turned off, one can
set this read-only variable to
1
in
/boot/loader.conf
in order to enable
it at boot time.
For more information, refer to ata(4).
The SCSI_DELAY
kernel configuration
option may be used to reduce system boot times. The
defaults are fairly high and can be responsible for
15
seconds of delay in the boot process.
Reducing it to 5
seconds usually works
with modern drives. The
kern.cam.scsi_delay
boot time tunable
should be used. The tunable and kernel configuration
option accept values in terms of
milliseconds and
not
seconds.
To fine-tune a file system, use tunefs(8). This program has many different options. To toggle Soft Updates on and off, use:
#
tunefs -n enable /filesystem
#
tunefs -n disable /filesystem
A file system cannot be modified with tunefs(8) while it is mounted. A good time to enable Soft Updates is before any partitions have been mounted, in single-user mode.
Soft Updates is recommended for UFS
file systems as it drastically improves meta-data performance,
mainly file creation and deletion, through the use of a memory
cache. There are two downsides to Soft Updates to be aware
of. First, Soft Updates guarantee file system consistency
in the case of a crash, but could easily be several seconds
or even a minute behind updating the physical disk. If the
system crashes, unwritten data may be lost. Secondly, Soft
Updates delay the freeing of file system blocks. If the
root file system is almost full, performing a major update,
such as make installworld
, can cause the
file system to run out of space and the update to fail.
Meta-data updates are updates to non-content data like inodes or directories. There are two traditional approaches to writing a file system's meta-data back to disk.
Historically, the default behavior was to write out
meta-data updates synchronously. If a directory changed,
the system waited until the change was actually written to
disk. The file data buffers (file contents) were passed
through the buffer cache and backed up to disk later on
asynchronously. The advantage of this implementation is
that it operates safely. If there is a failure during an
update, meta-data is always in a consistent state. A
file is either created completely or not at all. If the
data blocks of a file did not find their way out of the
buffer cache onto the disk by the time of the crash,
fsck(8) recognizes this and repairs the file system
by setting the file length to 0
.
Additionally, the implementation is clear and simple. The
disadvantage is that meta-data changes are slow. For
example, rm -r
touches all the files in a
directory sequentially, but each directory change will be
written synchronously to the disk. This includes updates to
the directory itself, to the inode table, and possibly to
indirect blocks allocated by the file. Similar
considerations apply for unrolling large hierarchies using
tar -x
.
The second approach is to use asynchronous meta-data
updates. This is the default for a UFS
file system mounted with mount -o async
.
Since all meta-data updates are also passed through the
buffer cache, they will be intermixed with the updates of
the file content data. The advantage of this
implementation is there is no need to wait until each
meta-data update has been written to disk, so all operations
which cause huge amounts of meta-data updates work much
faster than in the synchronous case. This implementation
is still clear and simple, so there is a low risk for bugs
creeping into the code. The disadvantage is that there is
no guarantee for a consistent state of the file system.
If there is a failure during an operation that updated
large amounts of meta-data, like a power failure or someone
pressing the reset button, the file system will be left
in an unpredictable state. There is no opportunity to
examine the state of the file system when the system comes
up again as the data blocks of a file could already have
been written to the disk while the updates of the inode
table or the associated directory were not. It is
impossible to implement a fsck(8) which is able to
clean up the resulting chaos because the necessary
information is not available on the disk. If the file
system has been damaged beyond repair, the only choice
is to reformat it and restore from backup.
The usual solution for this problem is to implement dirty region logging, which is also referred to as journaling. Meta-data updates are still written synchronously, but only into a small region of the disk. Later on, they are moved to their proper location. Because the logging area is a small, contiguous region on the disk, there are no long distances for the disk heads to move, even during heavy operations, so these operations are quicker than synchronous updates. Additionally, the complexity of the implementation is limited, so the risk of bugs being present is low. A disadvantage is that all meta-data is written twice, once into the logging region and once to the proper location, so performance “pessimization” might result. On the other hand, in case of a crash, all pending meta-data operations can be either quickly rolled back or completed from the logging area after the system comes up again, resulting in a fast file system startup.
Kirk McKusick, the developer of Berkeley
FFS, solved this problem with Soft
Updates. All pending meta-data updates are kept in memory
and written out to disk in a sorted sequence
(“ordered meta-data updates”). This has the
effect that, in case of heavy meta-data operations, later
updates to an item “catch” the earlier ones
which are still in memory and have not already been written
to disk. All operations are generally performed in memory
before the update is written to disk and the data blocks are
sorted according to their position so that they will not be
on the disk ahead of their meta-data. If the system
crashes, an implicit “log rewind” causes all
operations which were not written to the disk appear as if
they never happened. A consistent file system state is
maintained that appears to be the one of 30 to 60 seconds
earlier. The algorithm used guarantees that all resources
in use are marked as such in their blocks and inodes.
After a crash, the only resource allocation error that
occurs is that resources are marked as “used”
which are actually “free”. fsck(8)
recognizes this situation, and frees the resources that
are no longer used. It is safe to ignore the dirty state
of the file system after a crash by forcibly mounting it
with mount -f
. In order to free
resources that may be unused, fsck(8) needs to be run
at a later time. This is the idea behind the
background fsck(8): at system
startup time, only a snapshot of the
file system is recorded and fsck(8) is run afterwards.
All file systems can then be mounted
“dirty”, so the system startup proceeds in
multi-user mode. Then, background fsck(8) is
scheduled for all file systems where this is required, to
free resources that may be unused. File systems that do
not use Soft Updates still need the usual foreground
fsck(8).
The advantage is that meta-data operations are nearly as fast as asynchronous updates and are faster than logging, which has to write the meta-data twice. The disadvantages are the complexity of the code, a higher memory consumption, and some idiosyncrasies. After a crash, the state of the file system appears to be somewhat “older”. In situations where the standard synchronous approach would have caused some zero-length files to remain after the fsck(8), these files do not exist at all with Soft Updates because neither the meta-data nor the file contents have been written to disk. Disk space is not released until the updates have been written to disk, which may take place some time after running rm(1). This may cause problems when installing large amounts of data on a file system that does not have enough free space to hold all the files twice.
The kern.maxfiles
sysctl(8)
variable can be raised or lowered based upon system
requirements. This variable indicates the maximum number
of file descriptors on the system. When the file descriptor
table is full, file: table is full
will show up repeatedly in the system message buffer, which
can be viewed using dmesg(8).
Each open file, socket, or fifo uses one file descriptor. A large-scale production server may easily require many thousands of file descriptors, depending on the kind and number of services running concurrently.
In older FreeBSD releases, the default value of
kern.maxfiles
is derived from
maxusers
in the kernel configuration file.
kern.maxfiles
grows proportionally to the
value of maxusers
. When compiling a custom
kernel, consider setting this kernel configuration option
according to the use of the system. From this number, the
kernel is given most of its pre-defined limits. Even though
a production machine may not have 256 concurrent users, the
resources needed may be similar to a high-scale web
server.
The read-only sysctl(8) variable
kern.maxusers
is automatically sized at
boot based on the amount of memory available in the system,
and may be determined at run-time by inspecting the value
of kern.maxusers
. Some systems require
larger or smaller values of
kern.maxusers
and values of
64
, 128
, and
256
are not uncommon. Going above
256
is not recommended unless a huge
number of file descriptors is needed. Many of the tunable
values set to their defaults by
kern.maxusers
may be individually
overridden at boot-time or run-time in
/boot/loader.conf
. Refer to
loader.conf(5) and
/boot/defaults/loader.conf
for more
details and some hints.
In older releases, the system will auto-tune
maxusers
if it is set to
0
.
[2]. When
setting this option, set maxusers
to
at least 4
, especially if the system
runs Xorg or is used to
compile software. The most important table set by
maxusers
is the maximum number of
processes, which is set to
20 + 16 * maxusers
. If
maxusers
is set to 1
,
there can only be
36
simultaneous processes, including
the 18
or so that the system starts up
at boot time and the 15
or so used by
Xorg. Even a simple task like
reading a manual page will start up nine processes to
filter, decompress, and view it. Setting
maxusers
to 64
allows
up to 1044
simultaneous processes, which
should be enough for nearly all uses. If, however, the
proc table full error is displayed
when trying to start another program, or a server is
running with a large number of simultaneous users, increase
the number and rebuild.
maxusers
does
not limit the number of users which
can log into the machine. It instead sets various table
sizes to reasonable values considering the maximum number
of users on the system and how many processes each user
will be running.
The kern.ipc.soacceptqueue
sysctl(8) variable limits the size of the listen queue
for accepting new TCP
connections. The
default value of 128
is typically too low
for robust handling of new connections on a heavily loaded
web server. For such environments, it is recommended to
increase this value to 1024
or higher. A
service such as sendmail(8), or
Apache may itself limit the
listen queue size, but will often have a directive in its
configuration file to adjust the queue size. Large listen
queues do a better job of avoiding Denial of Service
(DoS) attacks.
The NMBCLUSTERS
kernel configuration
option dictates the amount of network Mbufs available to the
system. A heavily-trafficked server with a low number of
Mbufs will hinder performance. Each cluster represents
approximately 2 K of memory, so a value of
1024
represents 2
megabytes of kernel memory reserved for network buffers. A
simple calculation can be done to figure out how many are
needed. A web server which maxes out at
1000
simultaneous connections where each
connection uses a 6 K receive and 16 K send buffer,
requires approximately 32 MB worth of network buffers
to cover the web server. A good rule of thumb is to multiply
by 2
, so
2x32 MB / 2 KB =
64 MB / 2 kB =
32768
. Values between
4096
and 32768
are
recommended for machines with greater amounts of memory.
Never specify an arbitrarily high value for this parameter
as it could lead to a boot time crash. To observe network
cluster usage, use -m
with
netstat(1).
The kern.ipc.nmbclusters
loader tunable
should be used to tune this at boot time. Only older versions
of FreeBSD will require the use of the
NMBCLUSTERS
kernel config(8)
option.
For busy servers that make extensive use of the
sendfile(2) system call, it may be necessary to increase
the number of sendfile(2) buffers via the
NSFBUFS
kernel configuration option or by
setting its value in /boot/loader.conf
(see loader(8) for details). A common indicator that
this parameter needs to be adjusted is when processes are seen
in the sfbufa
state. The sysctl(8)
variable kern.ipc.nsfbufs
is read-only.
This parameter nominally scales with
kern.maxusers
, however it may be necessary
to tune accordingly.
Even though a socket has been marked as non-blocking,
calling sendfile(2) on the non-blocking socket may
result in the sendfile(2) call blocking until enough
struct sf_buf
's are made
available.
The net.inet.ip.portrange.*
sysctl(8) variables control the port number ranges
automatically bound to TCP
and
UDP
sockets. There are three ranges: a
low range, a default range, and a high range. Most network
programs use the default range which is controlled by
net.inet.ip.portrange.first
and
net.inet.ip.portrange.last
, which default
to 1024
and 5000
,
respectively. Bound port ranges are used for outgoing
connections and it is possible to run the system out of
ports under certain circumstances. This most commonly
occurs when running a heavily loaded web proxy. The port
range is not an issue when running a server which handles
mainly incoming connections, such as a web server, or has
a limited number of outgoing connections, such as a mail
relay. For situations where there is a shortage of ports,
it is recommended to increase
net.inet.ip.portrange.last
modestly. A
value of 10000
, 20000
or 30000
may be reasonable. Consider
firewall effects when changing the port range. Some
firewalls may block large ranges of ports, usually
low-numbered ports, and expect systems to use higher ranges
of ports for outgoing connections. For this reason, it
is not recommended that the value of
net.inet.ip.portrange.first
be
lowered.
TCP
bandwidth delay product limiting
can be enabled by setting the
net.inet.tcp.inflight.enable
sysctl(8) variable to 1
. This
instructs the system to attempt to calculate the bandwidth
delay product for each connection and limit the amount of
data queued to the network to just the amount required to
maintain optimum throughput.
This feature is useful when serving data over modems,
Gigabit Ethernet, high speed WAN
links,
or any other link with a high bandwidth delay product,
especially when also using window scaling or when a large
send window has been configured. When enabling this option,
also set net.inet.tcp.inflight.debug
to
0
to disable debugging. For production
use, setting net.inet.tcp.inflight.min
to at least 6144
may be beneficial.
Setting high minimums may effectively disable bandwidth
limiting, depending on the link. The limiting feature
reduces the amount of data built up in intermediate route
and switch packet queues and reduces the amount of data
built up in the local host's interface queue. With fewer
queued packets, interactive connections, especially over
slow modems, will operate with lower
Round Trip Times. This feature only
effects server side data transmission such as uploading.
It has no effect on data reception or downloading.
Adjusting net.inet.tcp.inflight.stab
is not recommended. This parameter
defaults to 20
, representing 2 maximal
packets added to the bandwidth delay product window
calculation. The additional window is required to stabilize
the algorithm and improve responsiveness to changing
conditions, but it can also result in higher ping(8)
times over slow links, though still much lower than without
the inflight algorithm. In such cases, try reducing this
parameter to 15
, 10
,
or 5
and reducing
net.inet.tcp.inflight.min
to a value such
as 3500
to get the desired effect.
Reducing these parameters should be done as a last resort
only.
A vnode is the internal representation of a file or directory. Increasing the number of vnodes available to the operating system reduces disk I/O. Normally, this is handled by the operating system and does not need to be changed. In some cases where disk I/O is a bottleneck and the system is running out of vnodes, this setting needs to be increased. The amount of inactive and free RAM will need to be taken into account.
To see the current number of vnodes in use:
#
sysctl vfs.numvnodes
vfs.numvnodes: 91349
To see the maximum vnodes:
#
sysctl kern.maxvnodes
kern.maxvnodes: 100000
If the current vnode usage is near the maximum, try
increasing kern.maxvnodes
by a value of
1000
. Keep an eye on the number of
vfs.numvnodes
. If it climbs up to the
maximum again, kern.maxvnodes
will need
to be increased further. Otherwise, a shift in memory
usage as reported by top(1) should be visible and
more memory should be active.
Sometimes a system requires more swap space. This section describes two methods to increase swap space: adding swap to an existing partition or new hard drive, and creating a swap file on an existing partition.
For information on how to encrypt swap space, which options exist, and why it should be done, refer to Section 17.13, “Encrypting Swap”.
Adding a new hard drive for swap gives better performance than using a partition on an existing drive. Setting up partitions and hard drives is explained in Section 17.2, “Adding Disks” while Section 2.6.1, “Designing the Partition Layout” discusses partition layouts and swap partition size considerations.
Use swapon
to add a swap partition to
the system. For example:
#
swapon
/dev/ada1s1b
It is possible to use any partition not currently
mounted, even if it already contains data. Using
swapon
on a partition that contains data
will overwrite and destroy that data. Make sure that the
partition to be added as swap is really the intended
partition before running swapon
.
To automatically add this swap partition on boot, add an
entry to /etc/fstab
:
/dev/ada1s1b
none swap sw 0 0
See fstab(5) for an explanation of the entries in
/etc/fstab
. More information about
swapon
can be found in
swapon(8).
These examples create a 512M swap file called
/usr/swap0
instead of using a
partition.
Using swap files requires that the module needed by md(4) has either been built into the kernel or has been loaded before swap is enabled. See Chapter 8, Configuring the FreeBSD Kernel for information about building a custom kernel.
Create the swap file:
#
dd if=/dev/zero of=
/usr/swap0
bs=1m count=512
Set the proper permissions on the new file:
#
chmod 0600
/usr/swap0
Inform the system about the swap file by adding a
line to /etc/fstab
:
md99 none swap sw,file=/usr/swap0,late 0 0
The md(4) device md99
is
used, leaving lower device numbers available for
interactive use.
Swap space will be added on system startup. To add swap space immediately, use swapon(8):
#
swapon -aL
It is important to utilize hardware resources in an efficient manner. Power and resource management allows the operating system to monitor system limits and to possibly provide an alert if the system temperature increases unexpectedly. An early specification for providing power management was the Advanced Power Management (APM) facility. APM controls the power usage of a system based on its activity. However, it was difficult and inflexible for operating systems to manage the power usage and thermal properties of a system. The hardware was managed by the BIOS and the user had limited configurability and visibility into the power management settings. The APM BIOS is supplied by the vendor and is specific to the hardware platform. An APM driver in the operating system mediates access to the APM Software Interface, which allows management of power levels.
There are four major problems in APM. First, power management is done by the vendor-specific BIOS, separate from the operating system. For example, the user can set idle-time values for a hard drive in the APM BIOS so that, when exceeded, the BIOS spins down the hard drive without the consent of the operating system. Second, the APM logic is embedded in the BIOS, and it operates outside the scope of the operating system. This means that users can only fix problems in the APM BIOS by flashing a new one into the ROM, which is a dangerous procedure with the potential to leave the system in an unrecoverable state if it fails. Third, APM is a vendor-specific technology, meaning that there is a lot of duplication of efforts and bugs found in one vendor's BIOS may not be solved in others. Lastly, the APM BIOS did not have enough room to implement a sophisticated power policy or one that can adapt well to the purpose of the machine.
The Plug and Play BIOS (PNPBIOS) was unreliable in many situations. PNPBIOS is 16-bit technology, so the operating system has to use 16-bit emulation in order to interface with PNPBIOS methods. FreeBSD provides an APM driver as APM should still be used for systems manufactured at or before the year 2000. The driver is documented in apm(4).
The successor to APM is the Advanced Configuration and Power Interface (ACPI). ACPI is a standard written by an alliance of vendors to provide an interface for hardware resources and power management. It is a key element in Operating System-directed configuration and Power Management as it provides more control and flexibility to the operating system.
This chapter demonstrates how to configure ACPI on FreeBSD. It then offers some tips on how to debug ACPI and how to submit a problem report containing debugging information so that developers can diagnosis and fix ACPI issues.
In FreeBSD the acpi(4) driver is loaded by default at
system boot and should not be compiled
into the kernel. This driver cannot be unloaded after boot
because the system bus uses it for various hardware
interactions. However, if the system is experiencing
problems, ACPI can be disabled altogether
by rebooting after setting
hint.acpi.0.disabled="1"
in
/boot/loader.conf
or by setting this
variable at the loader prompt, as described in Section 12.2.3, “Stage Three”.
ACPI and APM cannot coexist and should be used separately. The last one to load will terminate if the driver notices the other is running.
ACPI can be used to put the system into
a sleep mode with acpiconf
, the
-s
flag, and a number from
1
to 5
. Most users only
need 1
(quick suspend to
RAM) or 3
(suspend to
RAM). Option 5
performs
a soft-off which is the same as running
halt -p
.
Other options are available using
sysctl
. Refer to acpi(4) and
acpiconf(8) for more information.
ACPI is present in all modern computers that conform to the ia32 (x86) and amd64 (AMD) architectures. The full standard has many features including CPU performance management, power planes control, thermal zones, various battery systems, embedded controllers, and bus enumeration. Most systems implement less than the full standard. For instance, a desktop system usually only implements bus enumeration while a laptop might have cooling and battery management support as well. Laptops also have suspend and resume, with their own associated complexity.
An ACPI-compliant system has various components. The BIOS and chipset vendors provide various fixed tables, such as FADT, in memory that specify things like the APIC map (used for SMP), config registers, and simple configuration values. Additionally, a bytecode table, the Differentiated System Description Table DSDT, specifies a tree-like name space of devices and methods.
The ACPI driver must parse the fixed
tables, implement an interpreter for the bytecode, and modify
device drivers and the kernel to accept information from the
ACPI subsystem. For FreeBSD, Intel® has
provided an interpreter (ACPI-CA) that is
shared with Linux® and NetBSD. The path to the
ACPI-CA source code is
src/sys/contrib/dev/acpica
. The glue
code that allows ACPI-CA to work on FreeBSD is
in src/sys/dev/acpica/Osd
. Finally,
drivers that implement various ACPI devices
are found in src/sys/dev/acpica
.
For ACPI to work correctly, all the parts have to work correctly. Here are some common problems, in order of frequency of appearance, and some possible workarounds or fixes. If a fix does not resolve the issue, refer to Section 11.13.4, “Getting and Submitting Debugging Info” for instructions on how to submit a bug report.
In some cases, resuming from a suspend operation will
cause the mouse to fail. A known work around is to add
hint.psm.0.flags="0x3000"
to
/boot/loader.conf
.
ACPI has three suspend to
RAM (STR) states,
S1
-S3
, and one suspend
to disk state (STD), called
S4
. STD can be
implemented in two separate ways. The
S4
BIOS is a
BIOS-assisted suspend to disk and
S4
OS is implemented
entirely by the operating system. The normal state the
system is in when plugged in but not powered up is
“soft off” (S5
).
Use sysctl hw.acpi
to check for the
suspend-related items. These example results are from a
Thinkpad:
hw.acpi.supported_sleep_state: S3 S4 S5 hw.acpi.s4bios: 0
Use acpiconf -s
to test
S3
, S4
, and
S5
. An s4bios
of one
(1
) indicates
S4
BIOS support instead
of S4
operating system support.
When testing suspend/resume, start with
S1
, if supported. This state is most
likely to work since it does not require much driver
support. No one has implemented S2
,
which is similar to S1
. Next, try
S3
. This is the deepest
STR state and requires a lot of driver
support to properly reinitialize the hardware.
A common problem with suspend/resume is that many device drivers do not save, restore, or reinitialize their firmware, registers, or device memory properly. As a first attempt at debugging the problem, try:
#
sysctl debug.bootverbose=1
#
sysctl debug.acpi.suspend_bounce=1
#
acpiconf -s 3
This test emulates the suspend/resume cycle of all
device drivers without actually going into
S3
state. In some cases, problems such
as losing firmware state, device watchdog time out, and
retrying forever, can be captured with this method. Note
that the system will not really enter S3
state, which means devices may not lose power, and many
will work fine even if suspend/resume methods are totally
missing, unlike real S3
state.
Harder cases require additional hardware, such as a serial port and cable for debugging through a serial console, a Firewire port and cable for using dcons(4), and kernel debugging skills.
To help isolate the problem, unload as many drivers as
possible. If it works, narrow down which driver is the
problem by loading drivers until it fails again. Typically,
binary drivers like nvidia.ko
, display
drivers, and USB will have the most
problems while Ethernet interfaces usually work fine. If
drivers can be properly loaded and unloaded, automate this
by putting the appropriate commands in
/etc/rc.suspend
and
/etc/rc.resume
. Try setting
hw.acpi.reset_video
to 1
if the display is messed up after resume. Try setting
longer or shorter values for
hw.acpi.sleep_delay
to see if that
helps.
Try loading a recent Linux® distribution to see if suspend/resume works on the same hardware. If it works on Linux®, it is likely a FreeBSD driver problem. Narrowing down which driver causes the problem will assist developers in fixing the problem. Since the ACPI maintainers rarely maintain other drivers, such as sound or ATA, any driver problems should also be posted to the freebsd-current list and mailed to the driver maintainer. Advanced users can include debugging printf(3)s in a problematic driver to track down where in its resume function it hangs.
Finally, try disabling ACPI and enabling APM instead. If suspend/resume works with APM, stick with APM, especially on older hardware (pre-2000). It took vendors a while to get ACPI support correct and older hardware is more likely to have BIOS problems with ACPI.
Most system hangs are a result of lost interrupts or an interrupt storm. Chipsets may have problems based on boot, how the BIOS configures interrupts before correctness of the APIC (MADT) table, and routing of the System Control Interrupt (SCI).
Interrupt storms can be distinguished from lost
interrupts by checking the output of
vmstat -i
and looking at the line that
has acpi0
. If the counter is increasing
at more than a couple per second, there is an interrupt
storm. If the system appears hung, try breaking to
DDB (CTRL+ALT+ESC on console) and type
show interrupts
.
When dealing with interrupt problems, try disabling
APIC support with
hint.apic.0.disabled="1"
in
/boot/loader.conf
.
Panics are relatively rare for ACPI
and are the top priority to be fixed. The first step is to
isolate the steps to reproduce the panic, if possible, and
get a backtrace. Follow the advice for enabling
options DDB
and setting up a serial
console in Section 26.6.4, “Entering the DDB Debugger from the Serial Line” or setting
up a dump partition. To get a backtrace in
DDB, use tr
. When
handwriting the backtrace, get at least the last five and
the top five lines in the trace.
Then, try to isolate the problem by booting with
ACPI disabled. If that works, isolate
the ACPI subsystem by using various
values of debug.acpi.disable
. See
acpi(4) for some examples.
First, try setting
hw.acpi.disable_on_poweroff="0"
in
/boot/loader.conf
. This keeps
ACPI from disabling various events during
the shutdown process. Some systems need this value set to
1
(the default) for the same reason.
This usually fixes the problem of a system powering up
spontaneously after a suspend or poweroff.
Some BIOS vendors provide incorrect or buggy bytecode. This is usually manifested by kernel console messages like this:
ACPI-1287: *** Error: Method execution failed [\\_SB_.PCI0.LPC0.FIGD._STA] \\ (Node 0xc3f6d160), AE_NOT_FOUND
Often, these problems may be resolved by updating the BIOS to the latest revision. Most console messages are harmless, but if there are other problems, like the battery status is not working, these messages are a good place to start looking for problems.
The BIOS bytecode, known as ACPI Machine Language (AML), is compiled from a source language called ACPI Source Language (ASL). The AML is found in the table known as the Differentiated System Description Table (DSDT).
The goal of FreeBSD is for everyone to have working
ACPI without any user intervention.
Workarounds are still being developed for common mistakes made
by BIOS vendors. The Microsoft®
interpreter (acpi.sys
and
acpiec.sys
) does not strictly check for
adherence to the standard, and thus many
BIOS vendors who only test
ACPI under Windows® never fix their
ASL. FreeBSD developers continue to identify
and document which non-standard behavior is allowed by
Microsoft®'s interpreter and replicate it so that FreeBSD can
work without forcing users to fix the
ASL.
To help identify buggy behavior and possibly fix it
manually, a copy can be made of the system's
ASL. To copy the system's
ASL to a specified file name, use
acpidump
with -t
, to show
the contents of the fixed tables, and -d
, to
disassemble the AML:
#
acpidump -td >
my.asl
Some AML versions assume the user is
running Windows®. To override this, set
hw.acpi.osname=
in
"Windows
2009"
/boot/loader.conf
, using the most recent
Windows® version listed in the ASL.
Other workarounds may require my.asl
to be customized. If this file is edited, compile the new
ASL using the following command. Warnings
can usually be ignored, but errors are bugs that will usually
prevent ACPI from working correctly.
#
iasl -f
my.asl
Including -f
forces creation of the
AML, even if there are errors during
compilation. Some errors, such as missing return statements,
are automatically worked around by the FreeBSD
interpreter.
The default output filename for iasl
is
DSDT.aml
. Load this file instead of the
BIOS's buggy copy, which is still present
in flash memory, by editing
/boot/loader.conf
as follows:
acpi_dsdt_load="YES" acpi_dsdt_name="/boot/DSDT.aml"
Be sure to copy DSDT.aml
to
/boot
, then reboot the system. If this
fixes the problem, send a diff(1) of the old and new
ASL to freebsd-acpi so that developers can
work around the buggy behavior in
acpica
.
The ACPI driver has a flexible
debugging facility. A set of subsystems and the level of
verbosity can be specified. The subsystems to debug are
specified as layers and are broken down into components
(ACPI_ALL_COMPONENTS
) and
ACPI hardware support
(ACPI_ALL_DRIVERS
). The verbosity of
debugging output is specified as the level and ranges from
just report errors (ACPI_LV_ERROR
) to
everything (ACPI_LV_VERBOSE
). The level is
a bitmask so multiple options can be set at once, separated by
spaces. In practice, a serial console should be used to log
the output so it is not lost as the console message buffer
flushes. A full list of the individual layers and levels is
found in acpi(4).
Debugging output is not enabled by default. To enable it,
add options ACPI_DEBUG
to the custom kernel
configuration file if ACPI is compiled into
the kernel. Add ACPI_DEBUG=1
to
/etc/make.conf
to enable it globally. If
a module is used instead of a custom kernel, recompile just
the acpi.ko
module as follows:
#
cd /sys/modules/acpi/acpi && make clean && make ACPI_DEBUG=1
Copy the compiled acpi.ko
to
/boot/kernel
and add the desired level
and layer to /boot/loader.conf
. The
entries in this example enable debug messages for all
ACPI components and hardware drivers and
output error messages at the least verbose level:
debug.acpi.layer="ACPI_ALL_COMPONENTS ACPI_ALL_DRIVERS" debug.acpi.level="ACPI_LV_ERROR"
If the required information is triggered by a specific
event, such as a suspend and then resume, do not modify
/boot/loader.conf
. Instead, use
sysctl
to specify the layer and level after
booting and preparing the system for the specific event. The
variables which can be set using sysctl
are
named the same as the tunables in
/boot/loader.conf
.
Once the debugging information is gathered, it can be sent to freebsd-acpi so that it can be used by the FreeBSD ACPI maintainers to identify the root cause of the problem and to develop a solution.
Before submitting debugging information to this mailing list, ensure the latest BIOS version is installed and, if available, the embedded controller firmware version.
When submitting a problem report, include the following information:
Description of the buggy behavior, including system type, model, and anything that causes the bug to appear. Note as accurately as possible when the bug began occurring if it is new.
The output of dmesg
after running
boot -v
, including any error messages
generated by the bug.
The dmesg
output from boot
-v
with ACPI disabled,
if disabling ACPI helps to fix the
problem.
Output from sysctl hw.acpi
. This
lists which features the system offers.
The URL to a pasted version of the system's ASL. Do not send the ASL directly to the list as it can be very large. Generate a copy of the ASL by running this command:
#
acpidump -dt >
name
-system
.asl
Substitute the login name for
name
and manufacturer/model for
system
. For example, use
njl-FooCo6000.asl
.
Most FreeBSD developers watch the FreeBSD-CURRENT mailing list, but one should submit problems to freebsd-acpi to be sure it is seen. Be patient when waiting for a response. If the bug is not immediately apparent, submit a bug report. When entering a PR, include the same information as requested above. This helps developers to track the problem and resolve it. Do not send a PR without emailing freebsd-acpi first as it is likely that the problem has been reported before.
More information about ACPI may be found in the following locations:
The FreeBSD ACPI Mailing List Archives
(https://lists.freebsd.org/pipermail/freebsd-acpi/
)
The ACPI 2.0 Specification (http://acpi.info/spec.htm
)
acpi(4), acpi_thermal(4), acpidump(8), iasl(8), and acpidb(8)
[2] The auto-tuning algorithm sets
maxusers
equal to the amount of
memory in the system, with a minimum of
32
, and a maximum of
384
.
The process of starting a computer and loading the operating system is referred to as “the bootstrap process”, or “booting”. FreeBSD's boot process provides a great deal of flexibility in customizing what happens when the system starts, including the ability to select from different operating systems installed on the same computer, different versions of the same operating system, or a different installed kernel.
This chapter details the configuration options that can be set. It demonstrates how to customize the FreeBSD boot process, including everything that happens until the FreeBSD kernel has started, probed for devices, and started init(8). This occurs when the text color of the boot messages changes from bright white to grey.
After reading this chapter, you will recognize:
The components of the FreeBSD bootstrap system and how they interact.
The options that can be passed to the components in the FreeBSD bootstrap in order to control the boot process.
How to configure a customized boot splash screen.
The basics of setting device hints.
How to boot into single- and multi-user mode and how to properly shut down a FreeBSD system.
This chapter only describes the boot process for FreeBSD running on x86 and amd64 systems.
Turning on a computer and starting the operating system poses an interesting dilemma. By definition, the computer does not know how to do anything until the operating system is started. This includes running programs from the disk. If the computer can not run a program from the disk without the operating system, and the operating system programs are on the disk, how is the operating system started?
This problem parallels one in the book The Adventures of Baron Munchausen. A character had fallen part way down a manhole, and pulled himself out by grabbing his bootstraps and lifting. In the early days of computing, the term bootstrap was applied to the mechanism used to load the operating system. It has since become shortened to “booting”.
On x86 hardware, the Basic Input/Output System (BIOS) is responsible for loading the operating system. The BIOS looks on the hard disk for the Master Boot Record (MBR), which must be located in a specific place on the disk. The BIOS has enough knowledge to load and run the MBR, and assumes that the MBR can then carry out the rest of the tasks involved in loading the operating system, possibly with the help of the BIOS.
FreeBSD provides for booting from both the older MBR standard, and the newer GUID Partition Table (GPT). GPT partitioning is often found on computers with the Unified Extensible Firmware Interface (UEFI). However, FreeBSD can boot from GPT partitions even on machines with only a legacy BIOS with gptboot(8). Work is under way to provide direct UEFI booting.
The code within the MBR is typically
referred to as a boot manager, especially
when it interacts with the user. The boot manager usually has
more code in the first track of the disk or within the file
system. Examples of boot managers include the standard FreeBSD
boot manager boot0, also called