From 39d0fbb1269687a41a389cec927424c3e2837a28 Mon Sep 17 00:00:00 2001 From: Charles Uneze Date: Fri, 7 Mar 2025 17:00:37 +0100 Subject: [PATCH] Work on the third 5 G's (Glossary) (#174) * third 5 G's --------- Co-authored-by: Sally --- .custom_wordlist.txt | 1 + .../active-directory/the-rid-idmap-backend.md | 2 +- how-to/backups/install-gitolite.md | 2 +- how-to/containers/lxd-containers.md | 2 +- .../gpu-virtualization-with-qemu-kvm.md | 2 +- .../basic-workstation-authentication.md | 2 +- how-to/openldap/install-openldap.md | 2 +- how-to/openldap/users-and-groups.md | 2 +- how-to/samba/mount-cifs-shares-permanently.md | 2 +- how-to/samba/openldap-backend-legacy.md | 2 +- reference/clouds/find-cloud-images.md | 2 +- reference/glossary.rst | 23 +++++++++++++------ tutorial/basic-installation.md | 2 +- tutorial/managing-software.rst | 2 +- 14 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.custom_wordlist.txt b/.custom_wordlist.txt index 7bd5378..6641c15 100644 --- a/.custom_wordlist.txt +++ b/.custom_wordlist.txt @@ -302,6 +302,7 @@ FW gauranteed GCE GCM +GCP gcplogs gcrypt GDB diff --git a/explanation/active-directory/the-rid-idmap-backend.md b/explanation/active-directory/the-rid-idmap-backend.md index 8dba4e4..d355842 100644 --- a/explanation/active-directory/the-rid-idmap-backend.md +++ b/explanation/active-directory/the-rid-idmap-backend.md @@ -1,7 +1,7 @@ (the-rid-idmap-backend)= # The rid idmap backend -The [rid](https://manpages.ubuntu.com/manpages/noble/man8/idmap_rid.8.html) idmap backend provides an algorithmic mapping between Linux uids/gids and Active Directory SIDs. That means that a given SID will always map to the same uid/gid, and vice-versa, within the same domain. +The [rid](https://manpages.ubuntu.com/manpages/noble/man8/idmap_rid.8.html) idmap backend provides an algorithmic mapping between Linux uids/{term}`gids ` and Active Directory SIDs. That means that a given SID will always map to the same uid/gid, and vice-versa, within the same domain. To use this backend, we have to choose two or more ID ranges: - a range for the domain we are joining diff --git a/how-to/backups/install-gitolite.md b/how-to/backups/install-gitolite.md index 81619c7..a6343cd 100644 --- a/how-to/backups/install-gitolite.md +++ b/how-to/backups/install-gitolite.md @@ -1,7 +1,7 @@ (install-gitolite)= # How to install and configure gitolite -Gitolite provides a traditional source control management server for git, with multiple users and access rights management. +{term}`Gitolite` provides a traditional source control management server for git, with multiple users and access rights management. ## Install a gitolite server diff --git a/how-to/containers/lxd-containers.md b/how-to/containers/lxd-containers.md index fac8d64..2227a26 100644 --- a/how-to/containers/lxd-containers.md +++ b/how-to/containers/lxd-containers.md @@ -232,7 +232,7 @@ For a full list of limits known to LXD, see [the configuration documentation](ht By default, LXD creates unprivileged containers. This means that root in the container is a non-root UID on the host. It is privileged against the resources owned by the container, but unprivileged with respect to the host, making root in a container roughly equivalent to an unprivileged user on the host. (The main exception is the increased attack surface exposed through the system call interface) -Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the container. For instance, UID 0 in the container may be 100000 on the host, UID 1 in the container is 100001, etc, up to 165535. The starting value for UIDs and GIDs, respectively, is determined by the 'root' entry the `/etc/subuid` and `/etc/subgid` files. (See the [subuid(5)](http://manpages.ubuntu.com/manpages/xenial/en/man5/subuid.5.html) man page.) +Briefly, in an unprivileged container, 65536 UIDs are 'shifted' into the container. For instance, UID 0 in the container may be 100000 on the host, UID 1 in the container is 100001, etc, up to 165535. The starting value for UIDs and {term}`GIDs `, respectively, is determined by the 'root' entry the `/etc/subuid` and `/etc/subgid` files. (See the [subuid(5)](http://manpages.ubuntu.com/manpages/xenial/en/man5/subuid.5.html) man page.) It is possible to request a container to run without a UID mapping by setting the `security.privileged` flag to true: diff --git a/how-to/graphics/gpu-virtualization-with-qemu-kvm.md b/how-to/graphics/gpu-virtualization-with-qemu-kvm.md index 9c4edbb..572d1db 100644 --- a/how-to/graphics/gpu-virtualization-with-qemu-kvm.md +++ b/how-to/graphics/gpu-virtualization-with-qemu-kvm.md @@ -17,7 +17,7 @@ If you run with `spice` or `vnc` you can use native `vnc` tools or virtualizatio All these options are considered basic usage of graphics, but there are also advanced options for more specific use-cases. Those cases usually differ in their [ease-of-use and capability](https://cpaelzer.github.io/blogs/006-mediated-device-to-pass-parts-of-your-gpu-to-a-guest/), such as: -- *Need 3D acceleration*: Use `-vga virtio` with a local display having a GL context `-display gtk,gl=on`. This will use [virgil3d](https://virgil3d.github.io/) on the host, and guest drivers are needed (which are common in Linux since [Kernels >= 4.4](https://www.kraxel.org/blog/2016/09/using-virtio-gpu-with-libvirt-and-spice/) but can be hard to come by for other cases). While not as fast as the next two options, the major benefit is that it can be used without additional hardware and without a proper input-output memory management unit (IOMMU) [set up for device passthrough](https://www.kernel.org/doc/Documentation/vfio-mediated-device.txt). +- *Need 3D acceleration*: Use `-vga virtio` with a local display having a {term}`GL` context `-display gtk,gl=on`. This will use [virgil3d](https://virgil3d.github.io/) on the host, and guest drivers are needed (which are common in Linux since [Kernels >= 4.4](https://www.kraxel.org/blog/2016/09/using-virtio-gpu-with-libvirt-and-spice/) but can be hard to come by for other cases). While not as fast as the next two options, the major benefit is that it can be used without additional hardware and without a proper input-output memory management unit (IOMMU) [set up for device passthrough](https://www.kernel.org/doc/Documentation/vfio-mediated-device.txt). - *Need native performance*: Use PCI passthrough of additional GPUs in the system. You'll need an IOMMU set up, and you'll need to unbind the cards from the host before you can pass it through, like so: diff --git a/how-to/kerberos/basic-workstation-authentication.md b/how-to/kerberos/basic-workstation-authentication.md index 0f65edd..340a268 100644 --- a/how-to/kerberos/basic-workstation-authentication.md +++ b/how-to/kerberos/basic-workstation-authentication.md @@ -6,7 +6,7 @@ In this section we'll look at configuring a Linux system as a Kerberos client. T Note that Kerberos alone is not enough for a user to exist in a Linux system. We cannot just point the system at a Kerberos server and expect all the Kerberos principals to be able to *log in* on the Linux system, simply because these users do not *exist* locally. -Kerberos only provides authentication: it doesn't know about user groups, Linux UIDs and GIDs, home directories, etc. Normally, another network source is used for this information, such as an LDAP or Windows server, and, in the old days, NIS was used for that as well. +Kerberos only provides authentication: it doesn't know about user groups, Linux UIDs and {term}`GIDs `, home directories, etc. Normally, another network source is used for this information, such as an LDAP or Windows server, and, in the old days, NIS was used for that as well. ## Set up a Linux system as a Kerberos client diff --git a/how-to/openldap/install-openldap.md b/how-to/openldap/install-openldap.md index 9aa7890..2b1c6ee 100644 --- a/how-to/openldap/install-openldap.md +++ b/how-to/openldap/install-openldap.md @@ -139,7 +139,7 @@ $ sudo ldapwhoami -Y EXTERNAL -H ldapi:/// -Q dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth ``` -When using SASL EXTERNAL via the `ldapi:///` transport, the Bind DN becomes a combination of the `uid` and `gid` of the connecting user, followed by the suffix `cn=peercred,cn=external,cn=auth`. The server ACLs know about this, and grant the local root user complete write access to `cn=config` via the SASL mechanism. +When using SASL EXTERNAL via the `ldapi:///` transport, the Bind DN becomes a combination of the `uid` and {term}`gid` of the connecting user, followed by the suffix `cn=peercred,cn=external,cn=auth`. The server ACLs know about this, and grant the local root user complete write access to `cn=config` via the SASL mechanism. ## Populate the directory diff --git a/how-to/openldap/users-and-groups.md b/how-to/openldap/users-and-groups.md index 61aec67..fbcd7e5 100644 --- a/how-to/openldap/users-and-groups.md +++ b/how-to/openldap/users-and-groups.md @@ -56,7 +56,7 @@ sudo ldapaddgroup george sudo ldapadduser george george ``` -This will create a group and user with name "george" and set the user's primary group (*gid*) to "george" as well. +This will create a group and user with name "george" and set the user's primary group (*{term}`gid`*) to "george" as well. ### Change a user's password diff --git a/how-to/samba/mount-cifs-shares-permanently.md b/how-to/samba/mount-cifs-shares-permanently.md index 078c2c7..872fe04 100644 --- a/how-to/samba/mount-cifs-shares-permanently.md +++ b/how-to/samba/mount-cifs-shares-permanently.md @@ -106,7 +106,7 @@ If there are no errors, you should test how it works after a reboot. Your remote ## Changing the share ownership -If you need to change the owner of a share, you'll need to add a **UID** (short for 'User ID') or **GID** (short for 'Group ID') parameter to the share's mount options: +If you need to change the owner of a share, you'll need to add a **UID** (short for 'User ID') or **{term}`GID`** (short for 'Group ID') parameter to the share's mount options: ```text //servername/sharename /media/windowsshare cifs uid=ubuntuusername,credentials=/home/ubuntuusername/.smbcredentials 0 0 diff --git a/how-to/samba/openldap-backend-legacy.md b/how-to/samba/openldap-backend-legacy.md index aef1e4f..32f0439 100644 --- a/how-to/samba/openldap-backend-legacy.md +++ b/how-to/samba/openldap-backend-legacy.md @@ -122,7 +122,7 @@ The `smbldap-populate` script will then add the LDAP objects required for Samba. sudo smbldap-populate -g 10000 -u 10000 -r 10000 ``` -The `-g`, `-u` and `-r` parameters tell `smbldap-tools` where to start the numeric `uid` and `gid` allocation for the LDAP users. You should pick a range start that does not overlap with your local `/etc/passwd` users. +The `-g`, `-u` and `-r` parameters tell `smbldap-tools` where to start the numeric `uid` and {term}`gid` allocation for the LDAP users. You should pick a range start that does not overlap with your local `/etc/passwd` users. You can create a LDIF file containing the new Samba objects by executing `sudo smbldap-populate -e samba.ldif`. This allows you to look over the changes making sure everything is correct. If it is, rerun the script without the `'-e'` switch. Alternatively, you can take the LDIF file and import its data as per usual. diff --git a/reference/clouds/find-cloud-images.md b/reference/clouds/find-cloud-images.md index b3b3f45..6d468c5 100644 --- a/reference/clouds/find-cloud-images.md +++ b/reference/clouds/find-cloud-images.md @@ -23,7 +23,7 @@ Users can find Ubuntu images for virtual machines and bare-metal offerings publi Ubuntu images are also produced for a number of container offerings: * [Amazon Elastic Kubernetes Service (EKS)](https://cloud-images.ubuntu.com/docs/aws/eks/) -* Google Kubernetes Engine (GKE) +* {term}`Google Kubernetes Engine (GKE) ` ## Private clouds diff --git a/reference/glossary.rst b/reference/glossary.rst index 24a5afb..31b65cc 100644 --- a/reference/glossary.rst +++ b/reference/glossary.rst @@ -569,23 +569,32 @@ Glossary Related topic(s): High availability, and Storage. - GiB - *Work in Progress* + GiB + A gigabyte (GiB) is a unit of storage equal to 1024^3 bytes. It is commonly used to describe the size of a disk or Random Access Memory (RAM). + + Related topic(s): Storage GID - *Work in Progress* + A Group ID (GID) is an identifier for a collection of users. It helps administrators enforce system or file + access permissions on multiple users at once. + + Related topic(s): Active Directory integration, Containers, Kerberos, Multipath, OpenLDAP, Samba, Security, SSSD. gitolite - *Work in Progress* + Gitolite is a tool installed on a central server for managing git repositories and controlling access to them, all via the command line. The central server becomes a git server. + + Related topic(s): Backups and version control GKE - *Work in Progress* + Google Kubernetes Engine (GKE) is a managed Kubernetes service provided by Google cloud. GL - *Work in Progress* + GL (Graphics Library) is an :term:`API` for interacting with a graphics card, enabling it to perform better rendering. + + Related topic(s): Graphics GNU - *Work in Progress* + *Work in Progress* GnuTLS *Work in Progress* diff --git a/tutorial/basic-installation.md b/tutorial/basic-installation.md index 42c5d7b..c9e1abf 100644 --- a/tutorial/basic-installation.md +++ b/tutorial/basic-installation.md @@ -18,7 +18,7 @@ Ubuntu Server Edition provides a common, minimalist base for a variety of server The recommended minimal system requirements for this tutorial are: - * RAM: 2 GiB or more + * RAM: 2 {term}`GiB` or more * Disk: 5 GiB or more If you are looking for more general system requirements, {ref}`refer to this page `. diff --git a/tutorial/managing-software.rst b/tutorial/managing-software.rst index 699ea10..6c9a769 100644 --- a/tutorial/managing-software.rst +++ b/tutorial/managing-software.rst @@ -26,7 +26,7 @@ Prerequisites * **Hardware:** - The default Multipass VM will need **5 GiB of disk space**, and + The default Multipass VM will need **5** :term:`GiB` **of disk space**, and **1 GiB of memory**. * **Software: -- Multipass**