跳转至

man 文档的一些示例

man 文档非常详细。当然,详细的后果,就是我们在阅读的时候很容易变得一头雾水。必须承认的是,尽管 man 文档有一些有中文翻译(安装 manpages-zh),但是阅读它们,仍然是一件非常痛苦的事情。况且中文翻译有一些也已经十分老旧(例如,execve() 文档的最新翻译在 2003 年 5 月,而现在已经过去 17 年了),且有一些错误(例如,man 的文档中介绍 -a|-b 的含义的时候,将 "cannot be used together" 翻译为了「可以一起使用」)。下面会给出一些 man 文档以及其内容结构的解释,以帮助你更好地理解,man 文档到底在做什么长篇大论。

数字的含义

在查阅资料时,你常常会见到如 chmod(1)mount(8) 这样的表达方式。正如上面所述,数字表示这个条目所属的章节。

但是为什么要加数字呢?这是因为不同的章节可能有相同的条目,例如 chmod 既是一条命令,又是一个系统调用。当你要查看 chmod 命令的 man 文档时,你会去看 chmod(1);而当你要查看 chmod 系统调用的 man 文档时,你会去看 chmod(2)。这时候条目后面数字的作用就体现出来了,你可以放心的说 chmod(1) 内部使用了 chmod(2) 这样的话而不必担心造成困惑。

命令行工具:以 su 为例

SU(1)                            User Commands                           SU(1)
(第一行的标题是 User Commands,两边的 SU(1) 代表这篇文档是关于 `su` 的,在文档第一卷。
第一卷与 Shell 命令和程序有关。更多信息可以查看 man man 中 DESCRIPTION 一节的内容。)

NAME(名字,包含了我们的主角的名字 `su`,和它的简要介绍。)
       su - run a command with substitute user and group ID

SYNOPSIS(概要,包含了命令参数的结构。)
       su [options] [-] [user [argument...]]
       (可能你会对这样的内容感到迷惑。但在概要中显示的内容格式有一个固定的格式模版。例如,
       [-ab] 代表参数是可选的,而 -a|-b 代表这两个参数是互斥的。同样可以查看 man man
       的介绍。)

DESCRIPTION(介绍,大致描述了它能够做什么事情)
       su allows to run commands with a substitute user and group ID.

       When  called  without  arguments, su defaults to running an interactive
       shell as root.

       For backward compatibility, su defaults to not change the  current  di‐
       rectory  and to only set the environment variables HOME and SHELL (plus
       USER and LOGNAME if the target user is not root).  It is recommended to
       always use the --login option (instead of its shortcut -) to avoid side
       effects caused by mixing environments.

       This version of su uses PAM for  authentication,  account  and  session
       management.   Some  configuration options found in other su implementa‐
       tions, such as support for a wheel group, have  to  be  configured  via
       PAM.

       su  is mostly designed for unprivileged users, the recommended solution
       for privileged users (e.g. scripts executed by root) is to use non-set-
       user-ID  command  runuser(1)  that  does not require authentication and
       provide separate PAM configuration. If the PAM session is not  required
       at all then the recommend solution is to use command setpriv(1).
       (看完这段话之后,你可能会感到非常非常迷惑:PAM 是什么?最后一段到底在说啥?这种感觉是
       很正常的。从文档的立场来讲,它不得不面面俱到,描述所有可能的情况,而有些情况你根本不会遇
       到。
       不过,就算我们忽略一些问题(先不管 PAM 是啥),我们仍然可以了解到很多信息,比如说:
       - 推荐使用 `su -` 而不是 `su`,这可以防止(当前用户和切换目标用户不同的)环境混起来
       带来问题。
       - `root` 用户更推荐使用 `runuser` 代替 `su`,因为不需要认证为其他用户,且在 PAM
       方面更好。)

OPTIONS(选项,包含了所有参数的语法和介绍)
       -c, --command=command
              Pass command to the shell with the -c option.

       -f, --fast
              Pass  -f to the shell, which may or may not be useful, depending
              on the shell.

       -g, --group=group
              Specify the primary group.  This option is available to the root
              user only.

       -G, --supp-group=group
              Specify  a  supplemental group.  This option is available to the
              root user only.  The first specified supplementary group is also
              used as a primary group if the option --group is unspecified.

       -, -l, --login
              Start  the shell as a login shell with an environment similar to
              a real login:

                 o      clears all the environment variables except  TERM  and
                        variables specified by --whitelist-environment

                 o      initializes  the  environment  variables  HOME, SHELL,
                        USER, LOGNAME, and PATH

                 o      changes to the target user's home directory

                 o      sets argv[0] of the shell to '-' in order to make  the
                        shell a login shell

       -m, -p, --preserve-environment
              Preserve  the  entire  environment,  i.e.  it does not set HOME,
              SHELL, USER nor LOGNAME.  This option is ignored if  the  option
              --login is specified.

       -P, --pty
              Create pseudo-terminal for the session. The independent terminal
              provides better security as user does not  share  terminal  with
              the  original session.  This allow to avoid TIOCSTI ioctl termi‐
              nal injection and another security attacks against terminal file
              descriptors.  The  all session is also possible to move to back‐
              ground (e.g. "su --pty - username -c  application  &").  If  the
              pseudo-terminal  is enabled then su command works as a proxy be‐
              tween the sessions (copy stdin and stdout).

              This feature is EXPERIMENTAL for now and may be removed  in  the
              next releases.

       -s, --shell=shell
              Run  the  specified  shell instead of the default.  The shell to
              run is selected according to the following rules, in order:

                 o      the shell specified with --shell

                 o      the shell specified in the environment variable SHELL,
                        if the --preserve-environment option is used

                 o      the  shell  listed  in  the passwd entry of the target
                        user

                 o      /bin/sh

              If the target user has a restricted shell (i.e.  not  listed  in
              /etc/shells), the --shell option and the SHELL environment vari‐
              ables are ignored unless the calling user is root.

       --session-command=command
              Same as -c but do not create a new session.  (Discouraged.)

       -w, --whitelist-environment=list
              Don't reset environment variables specified in  comma  separated
              list  when  clears environment for --login. The whitelist is ig‐
              nored for the environment variables HOME, SHELL, USER,  LOGNAME,
              and PATH.

       -V, --version
              Display version information and exit.

       -h, --help
              Display help text and exit.
       (这里按照字典序介绍了所有的参数。对于想要详尽了解命令使用的人来说没有什么问题,而对于想
       要快速找到自己想要的参数的人来说,阅读这样的文档确实会让人一头雾水。
       你可以按下 /,然后输入搜索关键词快速搜索,按 n 查看下一个搜索项,按 N 查看上一个搜索项。
       至于专有名词,你可能不得不去了解它们的含义。查看相关的文档,或者在互联网上搜索。)

SIGNALS(信号,信号的含义详见进程一章)
       Upon  receiving  either  SIGINT,  SIGQUIT or SIGTERM, su terminates its
       child and afterwards terminates itself with the received  signal.   The
       child  is  terminated by SIGTERM, after unsuccessful attempt and 2 sec‐
       onds of delay the child is killed by SIGKILL.
       (你会注意到,不是所有程序手册都有这一节。不同的程序,文档的结构可能不一样。)

CONFIG FILES(配置文件)
       su reads the /etc/default/su and /etc/login.defs  configuration  files.
       The following configuration items are relevant for su(1):

       FAIL_DELAY (number)
           Delay  in  seconds in case of an authentication failure. The number
           must be a non-negative integer.

       ENV_PATH (string)
           Defines the PATH environment variable for a regular user.  The  de‐
           fault value is /usr/local/bin:/bin:/usr/bin.

       ENV_ROOTPATH (string)
       ENV_SUPATH (string)
           Defines  the PATH environment variable for root.  The default value
           is /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin.

       ALWAYS_SET_PATH (boolean)
           If set to yes and --login and --preserve-environment were not spec‐
           ified su initializes PATH.

       The  environment  variable  PATH may be different on systems where /bin
       and /sbin are merged into /usr.

EXIT STATUS(退出状态)
       su normally returns the exit status of the command it executed.  If the
       command  was  killed  by  a signal, su returns the number of the signal
       plus 128.

       Exit status generated by su itself:

                 1      Generic error before executing the requested command

                 126    The requested command could not be executed

                 127    The requested command was not found
       (退出状态是什么?还记得你写 C 程序时在 `main()` 里面最后的 `return 0;` 吗?0 就是
       你的程序的退出状态。一般来说,0 代表程序运行成功,而非 0 值代表程序没有完成它预期的功能,
       或者用户输入了错误的选项。
       你可以输入 `echo $?` 查看上一条命令的退出状态。)

FILES(相关文件)
       /etc/pam.d/su    default PAM configuration file
       /etc/pam.d/su-l  PAM configuration file if --login is specified
       /etc/default/su  command specific logindef config file
       /etc/login.defs  global logindef config file

NOTES(附录)
       For security reasons su always logs failed log-in attempts to the  btmp
       file,  but it does not write to the lastlog file at all.  This solution
       allows to control su behavior by PAM configuration.  If you want to use
       the pam_lastlog module to print warning message about failed log-in at‐
       tempts then the pam_lastlog has to be configured to update the  lastlog
       file as well. For example by:

              session  required  pam_lastlog.so nowtmp

SEE ALSO(另寻,包含了一些相关的命令。可以用 `man 号码 名称` 的格式查看这些命令的文档。)
       setpriv(1), login.defs(5), shells(5), pam(8), runuser(8)

HISTORY(历史记录)
       This  su  command was derived from coreutils' su, which was based on an
       implementation by David MacKenzie. The util-linux has  been  refactored
       by Karel Zak.

AVAILABILITY(「可用性」,即,我可以在哪里获得这个程序?)
       The  su command is part of the util-linux package and is available from
       Linux  Kernel   Archive   ⟨https://www.kernel.org/pub/linux/utils/util-
       linux/⟩.

util-linux                         July 2014                             SU(1)

程序库函数:以 strcmp() 为例

文档第三卷是程序库函数的信息,包括了 C 语言的标准库函数。

STRCMP(3)                  Linux Programmer's Manual                 STRCMP(3)

NAME
       strcmp, strncmp - compare two strings

SYNOPSIS(概要,这里包含了你需要 include 的头文件,以及相关函数的声明。)
       #include <string.h>

       int strcmp(const char *s1, const char *s2);

       int strncmp(const char *s1, const char *s2, size_t n);
       (这里也会有需要的编译和链接参数,当然对 `strcmp()` 来说是不需要这些的。)

DESCRIPTION
       The  strcmp()  function compares the two strings s1 and s2.  It returns
       an integer less than, equal to, or greater than zero if  s1  is  found,
       respectively, to be less than, to match, or be greater than s2.

       The  strncmp()  function  is similar, except it compares only the first
       (at most) n bytes of s1 and s2.

RETURN VALUE(返回值,有些函数会包含返回后参数的情况)
       The strcmp() and strncmp() functions return an integer less than, equal
       to, or greater than zero if s1 (or the first n bytes thereof) is found,
       respectively, to be less than, to match, or be greater than s2.

ATTRIBUTES(属性)
       For an  explanation  of  the  terms  used  in  this  section,  see  at‐
       tributes(7).

       ┌────────────────────┬───────────────┬─────────┐
       │Interface           │ Attribute     │ Value   │
       ├────────────────────┼───────────────┼─────────┤
       │strcmp(), strncmp() │ Thread safety │ MT-Safe │
       └────────────────────┴───────────────┴─────────┘
       (从 man 7 attributes 中,可以得到此章会使用的专有名词的解释。这里我们可以看到,
       `strcmp()` 系列函数是线程安全的。)
CONFORMING TO(符合的标准,可以看到熟悉的 POSIX 和 C89、C99 标准)
       POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.

SEE ALSO(另寻,表明这些库函数也和 `strcmp()` 相关)
       bcmp(3),   memcmp(3),   strcasecmp(3),   strcoll(3),  string(3),  strn‐
       casecmp(3), strverscmp(3), wcscmp(3), wcsncmp(3)

COLOPHON(作者信息、文档来源等信息)
       This page is part of release 4.16 of the Linux  man-pages  project.   A
       description  of  the project, information about reporting bugs, and the
       latest    version    of    this    page,    can     be     found     at
       https://www.kernel.org/doc/man-pages/.

                                  2015-08-08                         STRCMP(3)

系统调用:以 kill() 为例

文档第二卷是关于系统调用的信息。当然,很多系统调用都由 C 运行时库包装了一层,否则用起来很麻烦。一个目前还没有被包装的系统调用的例子是 copy_file_range(),你需要在你的代码里面使用 syscall() 去手动包装它,才能方便地使用。

KILL(2)                    Linux Programmer's Manual                   KILL(2)

NAME
       kill - send signal to a process

SYNOPSIS
       #include <sys/types.h>
       #include <signal.h>

       int kill(pid_t pid, int sig);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       kill(): _POSIX_C_SOURCE
       (这里的话,出现了 "Macro Requirements",表明 kill() 函数需要在 include 文件之前
       作宏定义 _POSIX_C_SOURCE 来正常使用。当然,很多 Macro 都是默认包含的,可以在
       feature_test_macros 文档中的 Default definitions, implicit definitions,
       and combining definitions 一小节中找到)

DESCRIPTION
       The  kill()  system  call can be used to send any signal to any process
       group or process.

       If pid is positive, then signal sig is sent to the process with the  ID
       specified by pid.

       If pid equals 0, then sig is sent to every process in the process group
       of the calling process.

       If pid equals -1, then sig is sent to every process for which the call‐
       ing  process  has  permission  to  send  signals,  except for process 1
       (init), but see below.

       If pid is less than -1, then sig  is  sent  to  every  process  in  the
       process group whose ID is -pid.

       If  sig  is  0,  then  no  signal is sent, but existence and permission
       checks are still performed; this can be used to check for the existence
       of  a  process  ID  or process group ID that the caller is permitted to
       signal.

       For a process to have permission to send a signal, it  must  either  be
       privileged (under Linux: have the CAP_KILL capability in the user name‐
       space of the target process), or the real or effective user ID  of  the
       sending  process must equal the real or saved set-user-ID of the target
       process.  In the case of SIGCONT, it suffices when the sending and  re‐
       ceiving processes belong to the same session.  (Historically, the rules
       were different; see NOTES.)

RETURN VALUE
       On success (at least one signal was sent), zero is returned.  On error,
       -1 is returned, and errno is set appropriately.
       (一般来说,系统调用出错时,会返回非 0 值,且设置全局的 errno 值。
       不同的 errno 值对应了不同的错误,可以查看 errno 的文档。)

ERRORS(错误解释)
       EINVAL An invalid signal was specified.

       EPERM  The  process  does not have permission to send the signal to any
              of the target processes.

       ESRCH  The process or process group does not exist.  Note that  an  ex‐
              isting  process might be a zombie, a process that has terminated
              execution, but has not yet been wait(2)ed for.
       (这些大写字符串代表了 errno 中不同的错误值。可以使用 `perror()` 输出系统的报错信息。)

CONFORMING TO(符合的标准,可以看到这里没有 C89 这类值了,因为 `kill()` 不是标准 C 库函数。)
       POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD.

NOTES
       The only signals that can be sent to process ID 1,  the  init  process,
       are  those  for  which  init  has explicitly installed signal handlers.
       This is done to assure the system is not brought down accidentally.

       POSIX.1 requires that kill(-1,sig) send sig to all processes  that  the
       calling process may send signals to, except possibly for some implemen‐
       tation-defined system processes.  Linux allows a process to signal  it‐
       self,  but  on  Linux the call kill(-1,sig) does not signal the calling
       process.

       POSIX.1 requires that if a process sends a signal to  itself,  and  the
       sending  thread  does  not have the signal blocked, and no other thread
       has it unblocked or is waiting for it in sigwait(3), at least  one  un‐
       blocked  signal  must  be  delivered  to  the sending thread before the
       kill() returns.

   Linux notes
       Across different kernel versions, Linux has  enforced  different  rules
       for the permissions required for an unprivileged process to send a sig‐
       nal to another process.  In kernels 1.0 to 1.2.2,  a  signal  could  be
       sent  if  the effective user ID of the sender matched effective user ID
       of the target, or the real user ID of the sender matched the real  user
       ID  of  the  target.  From kernel 1.2.3 until 1.3.77, a signal could be
       sent if the effective user ID of the sender matched either the real  or
       effective  user  ID of the target.  The current rules, which conform to
       POSIX.1, were adopted in kernel 1.3.78.
       (很多系统调用都是 POSIX 标准,但是在 Linux 上可能会有一些地方不太一样。)

BUGS(问题,你需要绕开这些坑)
       In 2.6 kernels up to and including 2.6.7, there was a  bug  that  meant
       that  when  sending  signals to a process group, kill() failed with the
       error EPERM if the caller did not have permission to send the signal to
       any  (rather  than  all) of the members of the process group.  Notwith‐
       standing this error return, the signal was still delivered  to  all  of
       the processes for which the caller had permission to signal.

SEE ALSO
       kill(1),    _exit(2),    signal(2),   tkill(2),   exit(3),   killpg(3),
       sigqueue(3), capabilities(7), credentials(7), signal(7)

COLOPHON
       This page is part of release 4.16 of the Linux  man-pages  project.   A
       description  of  the project, information about reporting bugs, and the
       latest    version    of    this    page,    can     be     found     at
       https://www.kernel.org/doc/man-pages/.

Linux                             2017-09-15                           KILL(2)