libexec man page fleshing. again, bored on the plane home.

4 files changed, 114 insertions, 96 deletions

diff --git a/libexec/tcpd/safe_finger/safe_finger.8 b/libexec/tcpd/safe_finger/safe_finger.8
index 5942df49a0c..8c329861280 100644
--- a/libexec/tcpd/safe_finger/safe_finger.8
+++ b/libexec/tcpd/safe_finger/safe_finger.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: safe_finger.8,v 1.6 2000/02/16 16:53:23 aaron Exp $
+.\"	$OpenBSD: safe_finger.8,v 1.7 2000/10/30 17:46:22 aaron Exp $
 .\"
 .\" Copyright (c) 1997, Jason Downs.  All rights reserved.
 .\"
@@ -45,7 +45,8 @@ is simply a wrapper around the
 .Xr finger 1
 program, meant for use in
 .Xr tcpd 8
-rulesets.  It accepts exactly the same arguments as
+rulesets.
+It accepts exactly the same arguments as
 .Xr finger 1 .
 .Sh SEE ALSO
 .Xr finger 1 ,
diff --git a/libexec/tcpd/tcpd/tcpd.8 b/libexec/tcpd/tcpd/tcpd.8
index db55c34fc91..ba76e75328f 100644
--- a/libexec/tcpd/tcpd/tcpd.8
+++ b/libexec/tcpd/tcpd/tcpd.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: tcpd.8,v 1.7 2000/04/15 02:15:30 aaron Exp $
+.\"	$OpenBSD: tcpd.8,v 1.8 2000/10/30 17:46:24 aaron Exp $
 .\"
 .\" Copyright (c) 1997, Jason Downs.  All rights reserved.
 .\"
@@ -38,7 +38,7 @@
 .Nd tcp wrappers access control facility for internet services
 .Sh DESCRIPTION
 The
-.Nm tcpd
+.Nm
 program can be set up to monitor incoming requests for
 .Xr telnet 1 ,
 .Xr finger 1 ,
@@ -60,11 +60,12 @@ and other services that have a one-to-one mapping onto executable files.
 Operation is as follows: whenever a request for service arrives, the
 .Xr inetd 8
 daemon is tricked into running the
-.Nm tcpd
+.Nm
 program instead of the desired server.
-.Nm tcpd
-logs the request and does some additional checks.  When all is well,
-.Nm tcpd
+.Nm
+logs the request and does some additional checks.
+When all is well,
+.Nm
 runs the appropriate server program and goes away.
 .Pp
 Optional features are: pattern-based access control, client username
@@ -73,23 +74,25 @@ pretend to have someone elses host name, and protection against hosts
 that pretend to have someone elses network address.
 .Sh LOGGING
 Connections that are monitored by
-.Nm tcpd
+.Nm
 are reported through the
 .Xr syslog 3
-facility. Each record contains a time stamp, the client host name and
-the name of the requested service.  The information can be useful to detect
-unwanted activities, especially when logfile information from several hosts
-is merged.
+facility.
+Each record contains a time stamp, the client host name and
+the name of the requested service.
+The information can be useful to detect unwanted activities,
+especially when logfile information from several hosts is merged.
 .Pp
 In order to find out where your logs are going, examine the syslog
 configuration file, usually
 .Pa /etc/syslog.conf .
 .Sh ACCESS CONTROL
 Optionally,
-.Nm tcpd
-supports a simple form of access control that is based on pattern
-matching.  The access-control software provides hooks for the execution
-of shell commands when a pattern fires.  For details, see the
+.Nm
+supports a simple form of access control that is based on pattern matching.
+The access-control software provides hooks for the execution
+of shell commands when a pattern fires.
+For details, see the
 .Xr hosts_access 5
 manual page.
 .Sh HOST NAME VERIFICATION
@@ -97,15 +100,16 @@ The authentication scheme of some protocols
 .Pf ( Xr rlogin 1 ,
 .Xr rsh 1 )
 relies
-on host names. Some implementations believe the host name that they get
-from any random name server; other implementations are more careful but
-use a flawed algorithm.
+on host names.
+Some implementations believe the host name that they get from any random
+name server; other implementations are more careful but use a flawed algorithm.
 .Pp
-.Nm tcpd
+.Nm
 verifies the client host name that is returned by the address->name DNS
 server by looking at the host name and address that are returned by the
-name->address DNS server.  If any discrepancy is detected,
-.Nm tcpd
+name->address DNS server.
+If any discrepancy is detected,
+.Nm
 concludes that it is dealing with a host that pretends to have someone
 elses host name.
 .Pp
@@ -118,17 +122,17 @@ elses host name.
 .\" after which suitable action can be taken.
 .Sh HOST ADDRESS SPOOFING
 Optionally,
-.Nm tcpd
-disables source-routing socket options on every connection that it
-deals with. This will take care of most attacks from hosts that pretend
-to have an address that belongs to someone elses network. UDP services
-do not benefit from this protection. This feature must be turned on
-at compile time.
+.Nm
+disables source-routing socket options on every connection that it deals with.
+This will take care of most attacks from hosts that pretend
+to have an address that belongs to someone elses network.
+UDP services do not benefit from this protection.
+This feature must be turned on at compile-time.
 .Sh RFC 931
 When RFC 931 etc. lookups are enabled (compile-time option)
-.Nm tcpd
-will attempt to establish the name of the client user. This will
-succeed only if the client host runs an RFC 931-compliant daemon.
+.Nm
+will attempt to establish the name of the client user.
+This will succeed only if the client host runs an RFC 931-compliant daemon.
 Client user name lookups will not work for datagram-oriented
 connections, and may cause noticeable delays in the case of connections
 from PCs.
@@ -160,10 +164,10 @@ from PCs.
 .\" .Sh EXAMPLE 2
 .Sh EXAMPLE
 This example applies when
-.Nm tcpd
+.Nm
 expects that the network daemons
 are left in their original place, as it is configured within
-.Nm OpenBSD .
+.Ox .
 .Pp
 In order to monitor access to the
 .Xr finger 1
@@ -200,21 +204,45 @@ In the case of daemons that do not live in a common directory ("secret"
 or otherwise), edit the
 .Xr inetd 8
 configuration file so that it specifies an absolute path name for the process
-name field. For example:
+name field.
+For example:
 .Pp
-.Bd -unfilled -offset indent
+.Bd -unfilled
     ntalk  dgram  udp  wait  root  /usr/libexec/tcpd  /usr/local/lib/ntalkd
 .Ed
 .Pp
 Only the last component
 .Pf ( Nm ntalkd )
 of the pathname will be used for access control and logging.
+.Sh FILES
+The default locations of the host access control tables are:
+.Pp
+.Bl -tag -width /etc/hosts.allow -compact
+.It Pa /etc/hosts.allow
+Access control table (allow list)
+.It Pa /etc/hosts.deny
+Access control table (deny list)
+.El
+.Sh SEE ALSO
+.Xr hosts_access 5 ,
+.Xr inetd.conf 5 ,
+.Xr syslog.conf 5 .
+.Sh AUTHOR
+.Bd -unfilled -offset indent
+Wietse Venema (wietse@wzv.win.tue.nl),
+Department of Mathematics and Computing Science,
+Eindhoven University of Technology
+Den Dolech 2, P.O. Box 513,
+5600 MB Eindhoven, The Netherlands
+.Ed
+\" @(#) tcpd.8 1.5 96/02/21 16:39:16
 .Sh BUGS
 Some UDP (and RPC) daemons linger around for a while after they have
-finished their work, in case another request comes in.  In the inetd
-configuration file these services are registered with the
+finished their work, in case another request comes in.
+In the inetd configuration file these services are registered with the
 .Ar wait
-option. Only the request that started such a daemon will be logged.
+option.
+Only the request that started such a daemon will be logged.
 .Pp
 .\" The program does not work with RPC services over TCP. These services
 .\" are registered as
@@ -234,35 +262,12 @@ RPC broadcast requests (for example:
 .Xr rwall 1 ,
 .Xr rup 1 ,
 .Xr rusers 1 )
-always
-appear to come from the responding host. What happens is that the
-client broadcasts the request to all
+always appear to come from the responding host.
+What happens is that the client broadcasts the request to all
 .Xr portmap 8
-daemons on its
-network; each
+daemons on its network; each
 .Xr portmap 8
-daemon forwards the request to a local daemon. As far as the
+daemon forwards the request to a local daemon.
+As far as the
 .Xr rwall 8
-etc.  daemons know, the request comes from the local host.
-.Sh FILES
-The default locations of the host access control tables are:
-.Pp
-.Bl -tag -width /etc/hosts.allow -compact
-.It Pa /etc/hosts.allow
-Access control table (allow list)
-.It Pa /etc/hosts.deny
-Access control table (deny list)
-.El
-.Sh SEE ALSO
-.Xr hosts_access 5 ,
-.Xr inetd.conf 5 ,
-.Xr syslog.conf 5 .
-.Sh AUTHOR
-.Bd -unfilled -offset indent
-Wietse Venema (wietse@wzv.win.tue.nl),
-Department of Mathematics and Computing Science,
-Eindhoven University of Technology
-Den Dolech 2, P.O. Box 513,
-5600 MB Eindhoven, The Netherlands
-.Ed
-\" @(#) tcpd.8 1.5 96/02/21 16:39:16
+etc. daemons know, the request comes from the local host.
diff --git a/libexec/tcpd/tcpdchk/tcpdchk.8 b/libexec/tcpd/tcpdchk/tcpdchk.8
index d0f5de18ad8..0b76115e179 100644
--- a/libexec/tcpd/tcpdchk/tcpdchk.8
+++ b/libexec/tcpd/tcpdchk/tcpdchk.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: tcpdchk.8,v 1.6 1999/07/09 13:35:52 aaron Exp $
+.\"	$OpenBSD: tcpdchk.8,v 1.7 2000/10/30 17:46:26 aaron Exp $
 .\"
 .\" Copyright (c) 1997, Jason Downs.  All rights reserved.
 .\"
@@ -43,9 +43,10 @@
 .Op Fl i Ar inet_conf
 .Op Fl v
 .Sh DESCRIPTION
-.Nm tcpdchk
+.Nm
 examines your tcp wrapper configuration and reports all
-potential and real problems it can find. The program examines the
+potential and real problems it can find.
+The program examines the
 .Xr tcpd 8
 access control files (by default, these are
 .Pa /etc/hosts.allow
@@ -56,7 +57,7 @@ entries in these files against entries in the
 .Xr inetd 8
 network configuration file.
 .Pp
-.Nm tcpdchk
+.Nm
 reports problems such as non-existent pathnames; services
 that appear in
 .Xr tcpd 8
@@ -70,9 +71,10 @@ netgroups or references to non-existent NIS netgroups; references to
 non-existent options; invalid arguments to options; and so on.
 .Pp
 Where possible,
-.Nm tcpdchk
+.Nm
 provides a helpful suggestion to fix the problem.
-.Sh OPTIONS
+.Pp
+The options are as follows:
 .Bl -tag -width XXXXXXXXXXXX
 .It Fl a
 Report access control rules that permit access without an explicit
@@ -87,15 +89,15 @@ and
 files in the current directory instead of the default ones.
 .It Fl i Ar inet_conf
 Specify this option when
-.Nm tcpdchk
+.Nm
 is unable to find your
 .Pa inetd.conf
 network configuration file, or when you wish to test with a non-default one.
 .It Fl v
-Display the contents of each access control rule.  Daemon lists, client
-lists, shell commands and options are shown in a pretty-printed format;
-this makes it easier for you to spot any discrepancies between what you
-want and what the program understands.
+Display the contents of each access control rule.
+Daemon lists, client lists, shell commands and options are shown in a
+pretty-printed format; this makes it easier for you to spot any
+discrepancies between what you want and what the program understands.
 .El
 .Sh FILES
 .Bl -tag -width /etc/hosts.allow -compact
diff --git a/libexec/tcpd/tcpdmatch/tcpdmatch.8 b/libexec/tcpd/tcpdmatch/tcpdmatch.8
index e8acc971ee8..1b33ebb052e 100644
--- a/libexec/tcpd/tcpdmatch/tcpdmatch.8
+++ b/libexec/tcpd/tcpdmatch/tcpdmatch.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: tcpdmatch.8,v 1.5 1999/07/09 13:35:52 aaron Exp $
+.\"	$OpenBSD: tcpdmatch.8,v 1.6 2000/10/30 17:46:27 aaron Exp $
 .\"
 .\" Copyright (c) 1997, Jason Downs.  All rights reserved.
 .\"
@@ -49,7 +49,7 @@ tcpdmatch \- tcp wrapper oracle
 .Op Ar user@
 .Ar client
 .Sh DESCRIPTION
-.Nm tcpdmatch
+.Nm
 predicts how the tcp wrapper would handle a specific request for service.
 Examples are given below.
 .Pp
@@ -59,15 +59,15 @@ access control tables (default
 .Pa /etc/hosts.allow
 and
 .Pa /etc/hosts.deny )
-and prints its conclusion.  For maximal accuracy, it extracts additional
-information from your
+and prints its conclusion.
+For maximal accuracy, it extracts additional information from your
 .Xr inetd 8
 network configuration file.
 .Pp
 When
-.Nm tcpdmatch
-finds a match in the access control tables, it
-identifies the matched rule.  In addition, it displays the optional
+.Nm
+finds a match in the access control tables, it identifies the matched rule.
+In addition, it displays the optional
 shell commands or options in a pretty-printed format; this makes it
 easier for you to spot any discrepancies between what you want and what
 the program understands.
@@ -76,19 +76,22 @@ The following two arguments are always required:
 .Pp
 .Bl -tag -width XXXXXX -compact
 .It Ar daemon
-A daemon process name. Typically, the last component of a daemon
-executable pathname.
+A daemon process name.
+Typically, the last component of a daemon executable pathname.
 .It Ar client
-A host name or network address, or one of the `unknown' or `paranoid'
+A host name or network address, or one of the
+.Dq unknown
+or
+.Dq paranoid
 wildcard patterns.
 .El
 .Pp
 When a client host name is specified,
-.Nm tcpdmatch
+.Nm
 gives a prediction for each address listed for that client.
 .Pp
 When a client address is specified,
-.Nm tcpdmatch
+.Nm
 predicts what
 .Xr tcpd 8
 would do when client name lookup fails.
@@ -99,8 +102,13 @@ form:
 .Pp
 .Bl -tag -width XXXXXX -compact
 .It Ar server
-A host name or network address, or one of the `unknown' or `paranoid'
-wildcard patterns.  The default server name is `unknown'.
+A host name or network address, or one of the
+.Dq unknown
+or
+.Dq paranoid
+wildcard patterns.
+The default server name is
+.Dq unknown .
 .El
 .Pp
 Optional information specified with the
@@ -109,8 +117,10 @@ form:
 .Pp
 .Bl -tag -width XXXXXX -compact
 .It Ar user
-A client user identifier. Typically, a login name or a numeric userid.
-The default user name is `unknown'.
+A client user identifier.
+Typically, a login name or a numeric user ID.
+The default user name is
+.Dq unknown .
 .El
 .Sh OPTIONS
 .Bl -tag -width XXXXXXXXXXXX
@@ -122,7 +132,7 @@ and
 files in the current directory instead of the default ones.
 .It Fl i Ar inet_conf
 Specify this option when
-.Nm tcpdmatch
+.Nm
 is unable to find your
 .Pa inetd.conf
 network configuration file, or when you wish to test with a non-default one.