Index: chapter.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v
retrieving revision 1.122
diff -u -r1.122 chapter.sgml
--- chapter.sgml	2002/12/04 15:21:24	1.122
+++ chapter.sgml	2002/12/05 00:24:18
@@ -101,7 +101,7 @@
       servers &ndash; meaning that external entities can connect and talk
       to them.  As yesterday's mini-computers and mainframes become
       today's desktops, and as computers become networked and
-      internetworked, security becomes an even bigger issue.</para>
+      inter-networked, security becomes an even bigger issue.</para>
 
     <para>Security is best implemented through a layered
       <quote>onion</quote> approach.  In a nutshell, what you want to do is
@@ -254,7 +254,7 @@
 
       <listitem>
 	<para>Securing the kernel core, raw devices, and
-	  filesystems.</para>
+	  file systems.</para>
       </listitem>
 
       <listitem>
@@ -522,7 +522,7 @@
 	to a special group that only staff can access, and get rid of
 	(<command>chmod 000</command>) any suid binaries that nobody uses.
 	A server with no display generally does not need an
-	<application>xterm</application> binary.  Sgid binaries can be
+	<application>xterm</application> binary.  SGID binaries can be
 	almost as dangerous.  If an intruder can break an sgid-kmem binary,
 	the intruder might be able to read <filename>/dev/kmem</filename>
 	and thus read the encrypted password file, potentially compromising
@@ -572,7 +572,7 @@
 
     <sect2>
       <title>Securing the Kernel Core, Raw Devices, and
-	Filesystems</title>
+	File systems</title>
 
       <para>If an attacker breaks <username>root</username> he can do
         just about anything, but
@@ -650,7 +650,7 @@
 	allow the limited-access box to ssh to
 	the other machines.  Except for its network traffic, NFS is the
 	least visible method &ndash; allowing you to monitor the
-	filesystems on each client box virtually undetected.  If your
+	file systems on each client box virtually undetected.  If your
 	limited-access server is connected to the client boxes through a
 	switch, the NFS method is often the better choice.  If your
 	limited-access server is connected to the client boxes through a
@@ -1386,7 +1386,7 @@
 	Unix passwords at any time.  Generally speaking, this should only
 	be used for people who are either unable to use the
 	<command>key</command> program, like those with dumb terminals, or
-	those who are uneducable.</para>
+	those who are ineducable.</para>
 
       <para>The third line (<literal>permit port</literal>) allows all
 	users logging in on the specified terminal line to use Unix
@@ -3501,7 +3501,7 @@
 
     <para>must be compiled into the kernel.  If this option has
       not been compiled in, a warning message will be displayed
-      when attempting to mount a file system sporting <acronym>ACLs</acronym>.
+      when attempting to mount a file system supporting <acronym>ACLs</acronym>.
       <acronym>ACLs</acronym> rely on extended attributes being enabled on
       the file system.  This is supported natively in the next generation of
       the <acronym>UNIX</acronym> file system or <acronym>UFS2</acronym>.</para>
@@ -3512,7 +3512,7 @@
       problem.</para></note>
 
     <para>To enable <acronym>ACLs</acronym> on a file system, the <option>-a</option>
-      option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates
+      option has to be passed to &man.tunefs.8; in a manner similar to the Soft Updates
       process:</para>
 
     <screen>&prompt.root; <userinput>umount /usr</userinput>
