本文说明了 Linux 系统的配置文件,在多用户、多任务环境中,配置文件控制用户权限、系统应用程序、守护进程、服务和其它管理任务。这些任务包括管理用户帐号、分配磁盘配额、管理电子邮件和新闻组,以及配置内核参数。本文还根据配置文件的使用和其所影响的服务的情况对目前 Red Hat Linux 系统中的配置文件进行了分类。
转于: http://www.ibm.com/developerworks/cn/linux/management/configuration/index.html
Subodh Soni (subodh@in.ibm.com), 软件工程师, IBM 2001 年 12 月 01 日
介绍
每个 Linux 程序都是一个可执行文件,它含有操作码列表,CPU 将执行这些操作码来完成特定的操作。例如,ls 命令是由 /bin/ls 文件提供的,该文件含有机器指令的列表,在屏幕上显示当前目录中文件的列表时需要使用这些机器指令。几乎每个程序的行为都可以通过修改其配置文件来按照您的偏好或需要去定制。
Linux 中有没有一个标准的配置文件格式?
一句话,没有。不熟悉 Linux 的用户(一定)会感到沮丧,因为每个配置文件看起来都象是一个要迎接的新挑战。在 Linux 中,每个程序员都可以自由选择他或她喜欢的配置文件格式。可以选择的格式很多,从 /etc/shells 文件(它包含被一个换行符分开的 shell 的列表),到 Apache 的复杂的 /etc/httpd.conf 文件。
什么是系统配置文件?
内核本身也可以看成是一个“程序”。为什么内核需要配置文件?内核需要了解系统中用户和组的列表,进而管理文件权限(即根据权限判定特定用户(UNIX_USERS)是否可以打开某个文件)。注意,这些文件不是明确地由程序读取的,而是由系统库所提供的一个函数读取,并被内核使用。例如,程序需要某个用户的(加密过的)密码时不应该打开 /etc/passwd 文件。相反,程序应该调用系统库的 getpw() 函数。这种函数也被称为系统调用。打开 /etc/passwd 文件和之后查找那个被请求的用户的密码都是由内核(通过系统库)决定的。
除非另行指定,Red Hat Linux 系统中大多数配置文件都在 /etc 目录中。配置文件可以大致分为下面几类:
访问文件
| /etc/host.conf | 告诉网络域名服务器如何查找主机名。(通常是 /etc/hosts,然后就是名称服务器;可通过 netconf 对其进行更改) |
| /etc/hosts | 包含(本地网络中)已知主机的一个列表。如果系统的 IP 不是动态生成,就可以使用它。对于简单的主机名解析(点分表示法),在请求 DNS 或 NIS 网络名称服务器之前,/etc/hosts.conf 通常会告诉解析程序先查看这里。 |
| /etc/hosts.allow | 请参阅 hosts_access 的联机帮助页。至少由 tcpd 读取。 |
| /etc/hosts.deny | 请参阅 hosts_access 的联机帮助页。至少由 tcpd 读取。 |
引导和登录/注销
| /etc/issue & /etc/issue.net | 这些文件由 mingetty(和类似的程序)读取,用来向从终端(issue)或通过 telnet 会话(issue.net)连接的用户显示一个“welcome”字符串。 它们包括几行声明 Red Hat 版本号、名称和内核 ID 的信息。它们由 rc.local 使用。 |
| /etc/redhat-release | 包括一行声明 Red Hat 版本号和名称的信息。由 rc.local 使用。 |
| /etc/rc.d/rc | 通常在所有运行级别运行,级别作为参数传送。 例如,要以图形(Graphics)模式(X-Server)引导机器,请在命令行运行下面的命令: init 5 。运行级别 5 表示以图形模式引导系统。 |
| /etc/rc.d/rc.local | 非正式的。可以从 rc、rc.sysinit 或 /etc/inittab 调用。 |
| /etc/rc.d/rc.sysinit | 通常是所有运行级别的第一个脚本。 |
| /etc/rc.d/rc/rcX.d | 从 rc 运行的脚本( X 表示 1 到 5 之间的任意数字)。这些目录是特定“运行级别”的目录。 当系统启动时,它会识别要启动的运行级别,然后调用该运行级别的特定目录中存在的所有启动脚本。例如,系统启动时通常会在引导消息之后显示 “entering run-level 3”的消息;这意味着 /etc/rc.d/rc3.d/ 目录中的所有初始化脚本都将被调用。 |
文件系统
内核提供了一个接口,用来显示一些它的数据结构,这些数据结构对于决定诸如使用的中断、初始化的设备和内存统计信息之类的系统参数可能很有用。这个接口是 作为一个独立但虚拟的文件系统提供的,称为 /proc 文件系统。很多系统实用程序都使用这个文件系统中存在的值来显示系统统计信息。例如,/proc/modules 文件列举系统中当前加载的模块。lsmod 命令读取此信息,然后将其以人们可以看懂的格式显示出来。 下面表格中指定的 mtab 文件以同样的方式读取包含当前安装的文件系统的 /proc/mount 文件。
| /etc/mtab | 这将随着 /proc/mount 文件的改变而不断改变。换句话说,文件系统被安装和卸载时,改变会立即反映到此文件中。 |
| /etc/fstab | 列举计算机当前“可以安装”的文件系统。 这非常重要,因为计算机引导时将运行 mount -a 命令,该命令负责安装 fstab 的倒数第二列中带有“1”标记的每一个文件系统。 |
| /etc/mtools.conf | DOS 类型的文件系统上所有操作(创建目录、复制、格式化等等)的配置。 |
系统管理
| /etc/group | 包含有效的组名称和指定组中包括的用户。单一用户如果执行多个任务,可以存在于多个组中。例如,如果一个“用户”是“project 1”工程组的成员,同时也是管理员,那么在 group 文件中他的条目看起来就会是这样的: user: * : group-id : project1 |
| /etc/nologin | 如果有 /etc/nologin 文件存在,login(1) 将只允许 root 用户进行访问。它将对其它用户显示此文件的内容并拒绝其登录。 |
| etc/passwd | 请参阅“man passwd”。它包含一些用户帐号信息,包括密码(如果未被 shadow 程序加密过)。 |
| /etc/rpmrc | rpm 命令配置。所有的 rpm 命令行选项都可以在这个文件中一起设置,这样,当任何 rpm 命令在该系统中运行时,所有的选项都会全局适用。 |
| /etc/securetty | 包含设备名称,由 tty 行组成(每行一个名称,不包括前面的 /dev/),root 用户在这里被允许登录。 |
| /etc/usertty /etc/shadow |
包含加密后的用户帐号密码信息,还可以包括密码时效信息。包括的字段有:
|
| /etc/shells | 包含系统可用的可能的“shell”的列表。 |
| /etc/motd | 每日消息;在管理员希望向 Linux 服务器的所有用户传达某个消息时使用。 |
联网
| /etc/gated.conf | gated 的配置。只能被 gated 守护进程所使用。 |
| /etc/gated.version | 包含 gated 守护进程的版本号。 |
| /etc/gateway | 由 routed 守护进程可选地使用。 |
| /etc/networks | 列举从机器所连接的网络可以访问的网络名和网络地址。通过路由命令使用。允许使用网络名称。 |
| /etc/protocols | 列举当前可用的协议。请参阅 NAG(网络管理员指南,Network Administrators Guide)和联机帮助页。 C 接口是 getprotoent。绝不能更改。 |
| /etc/resolv.conf | 在程序请求“解析”一个 IP 地址时告诉内核应该查询哪个名称服务器。 |
| /etc/rpc | 包含 RPC 指令/规则,这些指令/规则可以在 NFS 调用、远程文件系统安装等中使用。 |
| /etc/exports | 要导出的文件系统(NFS)和对它的权限。 |
| /etc/services | 将网络服务名转换为端口号/协议。由 inetd、telnet、tcpdump 和一些其它程序读取。有一些 C 访问例程。 |
| /etc/inetd.conf | inetd 的配置文件。请参阅 inetd 联机帮助页。 包含每个网络服务的条目,inetd 必须为这些网络服务控制守护进程或其它服务。注意,服务将会运行,但在 /etc/services 中将它们注释掉了,这样即使这些服务在运行也将不可用。 格式为:<service_name> <sock_type> <proto> <flags> <user> <server_path> <args> |
| /etc/sendmail.cf | 邮件程序 sendmail 的配置文件。比较隐晦,很难理解。 |
| /etc/sysconfig/network | 指出 NETWORKING=yes 或 no。至少由 rc.sysinit 读取。 |
| /etc/sysconfig/network-scripts/if* | Red Hat 网络配置脚本。 |
系统命令
系统命令要独占地控制系统,并让一切正常工作。所有如 login(完成控制台用户身份验证阶段)或 bash(提供用户和计算机之间交互)之类的程序都是系统命令。因此,和它们有关的文件也特别重要。这一类别中有下列令用户和管理员感兴趣的文件。
| /etc/lilo.conf | 包含系统的缺省引导命令行参数,还有启动时使用的不同映象。您在 LILO 引导提示的时候按 Tab 键就可以看到这个列表。 |
| /etc/logrotate.conf | 维护 /var/log 目录中的日志文件。 |
| /etc/identd.conf | identd 是一个服务器,它按照 RFC 1413 文档中指定的方式实现 TCP/IP 提议的标准 IDENT 用户身份识别协议。identd 的操作原理是查找特定 TCP/IP 连接并返回拥有此连接的进程的用户名。作为选择,它也可以返回其它信息,而不是用户名。请参阅 identd 联机帮助页。 |
| /etc/ld.so.conf | “动态链接程序”(Dynamic Linker)的配置。 |
| /etc/inittab | 按年代来讲,这是 UNIX 中第一个配置文件。在一台 UNIX 机器打开之后启动的第一个程序是 init,它知道该启动什么,这是由于 inittab 的存在。在运行级别改变时,init 读取 inittab,然后控制主进程的启动。 |
| /etc/termcap | 一个数据库,包含所有可能的终端类型以及这些终端的性能。 |
守护进程
守护进程是一种运行在非交互模式下的程序。一般来说,守护进程任务是和联网区域有关的:它们等待连接,以便通过连接提供服务。Linux 可以使用从 Web 服务器到 ftp 服务器的很多守护进程。
| /etc/syslogd.conf | syslogd 守护进程的配置文件。syslogd 是一种守护进程,它负责记录(写到磁盘)从其它程序发送到系统的消息。这个服务尤其常被某些守护进程所使用,这些守护进程不会有另外的方法来发出可能有问 题存在的信号或向用户发送消息。 |
| /etc/httpd.conf | Web 服务器 Apache 的配置文件。这个文件一般不在 /etc 中。它可能在 /usr/local/httpd/conf/ 或 /etc/httpd/conf/ 中,但是要确定它的位置,您还需要检查特定的 Apache 安装信息。 |
| /etc/conf.modules or /etc/modules.conf | kerneld 的配置文件。有意思的是,kerneld 并不是“作为守护进程的”内核。它其实是一种在需要时负责“快速”加载附加内核模块的守护进程。 |
用户程序
在 Linux(和一般的 UNIX)中,有无数的“用户”程序。最常见的一种用户程序配置文件是 /etc/lynx.cfg。这是著名的文本浏览器 lynx 的配置文件。通过这个文件,您可以定义代理服务器、要使用的字符集等等。 下面的代码样本展示了 lynx.cfg 文件的一部分,修改这部分代码可以改变 Linux 系统的代理服务器设置。缺省情况下,这些设置适用于在各自的 shell 中运行 lynx 的所有用户,除非某个用户通过指定 --cfg = "mylynx.cfg" 重设了缺省的配置文件。
/etc/lynx.cfg 中的代理服务器设置
.h1 proxy .h2 HTTP_PROXY .h2 HTTPS_PROXY .h2 FTP_PROXY .h2 GOPHER_PROXY .h2 NEWS_PROXY .h2 NNTP_PROXY # Lynx version 2.2 and beyond supports the use of proxy servers that can act as # firewall gateways and caching servers. They are preferable to the older # gateway servers. Each protocol used by Lynx can be mapped separately using # PROTOCOL_proxy environment variables (see Lynx Users Guide). If you have # not set them externally, you can set them at run time via this configuration file. # They will not override external settings. The no_proxy variable can be used # to inhibit proxying to selected regions of the Web (see below). Note that on # VMS these proxy variables are set as process logicals rather than symbols, to # preserve lowercasing, and will outlive the Lynx image. # .ex 15 http_proxy:http://proxy3.in.ibm.com:80/ ftp_proxy:http://proxy3.in.ibm.com:80/ #http_proxy:http://penguin.in.ibm.com:8080 #ftp_proxy:http://penguin.in.ibm.com:8080/ .h2 NO_PROXY # The no_proxy variable can be a comma-separated list of strings defining # no-proxy zones in the DNS domain name space. If a tail substring of the # domain-path for a host matches one of these strings, transactions with that # node will not be proxied. .ex no_proxy:demiurge.in.ibm.com, demiurge
更改配置文件
在更改配置文件时,如果程序不是由系统管理员或内核控制的,就要确保重新启动过使用该配置的程序。普通用户通常没有启动或停止系统程序和/或守护进程的权 限。
内核
更改内核中的配置文件会立即影响到系统。例如,更改 passwd 文件以增加用户将立即使该用户变为可用。而且任何 Linux 系统的 /proc/sys 目录中都有一些内核可调参数。只有超级用户可以得到对所有这些文件的写访问权力;其它用户只有只读访问权力。此目录中文件的分类的方式和 Linux 内核源代码的分类方式一样。此目录中的每个文件都代表一个内核数据结构,这些数据结构可以被动态地修改,从而改变系统性能。
注意:在更改其中任何文件的任何值之前,您应该确保自己全面了解该文件,以避免对系统造成不可修复的损害。
/proc/sys/kernel/ 目录中的文件
| 文件名 | 描述 |
| threads-max | 内核可运行的最大任务数。 |
| ctrl-alt-del | 如 果值为 1,那么顺序按下这几个键将“彻底地”重新引导系统。 |
| sysrq | 如果值为 1,Alt-SysRq 则为激活状态。 |
| osrelease | 显示操作系统的发行版版本号 |
| ostype | 显 示操作系统的类型。 |
| hostname | 系统的主机名。 |
| domainname | 网 络域,系统是该网络域的一部分。 |
| modprobe | 指定 modprobe 是否应该在启动时自动运行并加载必需的模块。 |
守护进程和系统程序
守护进程是永远运行在后台的程序,它默默地执行自己的任务。常见的守护进程有 in.ftpd(ftp 服务器守护进程)、in.telnetd(telnet 服务器守护进程)和 syslogd(系统日志记录守护进程)。 有些守护进程在运行时会严密监视配置文件,在配置文件改变时就会自动重新加载它。但是大多数守护进程并不会自动重新加载配置文件。我们需要以某种方式“告 诉”这些守护进程配置文件已经被发生了改变并应该重新加载。可以通过使用服务命令重新启动服务来达到这个目的(在 Red Hat Linux 系统上)。
例如,如果我们更改了网络配置,就需要发出:
service network restart 。
注意:这些服务最常见的是 /etc/rc.d/init.d/* 目录中存在的脚本,在系统被引导时由 init 启动。所以,您也可以执行如下操作来重新启动服务:
/etc/rc.d/init.d/<script-for-the-service> start | stop | status
start、stop 和 status 是这些脚本接受的输入值,用来执行操作。
用户程序
用户或系统程序在每次启动时都会读取其配置文件。尽管如此,请记住,有些系统程序在计算机打开时情况不一样,它们的行为依赖于在 /etc/ 中的配置文件中读到的内容。所以,用户程序第一次启动时将从 /etc/ 目录中存在的文件读取缺省配置。然后,用户可以通过使用 rc 和 .(点)文件来定制程序,正如下面一节所示。
用户配置文件:.(点)文件和 rc 文件
我们已经看到怎样容易地配置程序。但是如果有的人不喜欢在 /etc/ 中配置程序的方式该怎么办呢?“普通”用户不能简单地进入 /etc 然后更改配置文件;从文件系统的角度来看,配置文件的所有者是 root 用户!这就是大多数用户程序都定义两个配置文件的原因:第一个是“系统”级别的,位于 /etc/;另一个属于用户“专用”,可以在他或她的主目录中找到。
例如,我在我的系统中安装了非常有用的 wget 实用程序。/etc/ 中有一个 /etc/wgetrc 文件。在我的主目录中,有一个名为 .wgetrc 的文件,它描述了我定制的配置(只有在我,也就是用户运行 wget 命令时,才会加载这个配置文件)。其它用户在他们自己的主目录(/home/other)中也可以有 .wgetrc 文件;当然,只有这些用户运行 wget 命令时,才会读取这个文件。换句话说,/etc/wgetrc 文件为 wget 提供了“缺省”值,而 /home/xxx/.wgetrc 文件列举了某个用户的“定制项”。重要的是这只是“一般规则”,并非所有情况都如此。例如,一个象 pine 一样的程序,在 /etc/ 中并没有任何文件,它只在用户主目录中有一个定制配置文件,名为 .pinerc。其它程序可能只有 /etc/ 中的缺省配置文件,而且可能不允许用户“定制”这些配置文件(/etc 目录中只有少数 config. 文件是这种情况)。
通常使用的 rc 和 .(点)文件
| 文件名 | 描述 |
| ~/.bash_login | 请参考“man bash”。如果 ~/.bash_profile 不存在,bash 则将 ~/.bash_login 作为 ~/.bash_profile 处理。 |
| ~/.bash_logout | 请 参考“man bash”。在退出时由 bash 登录 shell 引用。 |
| ~/.bash_profile | 由 bash 登录 shell 引用 /etc/profile 之后引用。 |
| ~/.bash_history | 先 前执行的命令的列表。 |
| ~/.bashrc | 请参考“man bash”。由 bash 非登录交互式 shell 引用(没有其它文件)。除非设置了 BASH_ENV 或 ENV,非交互式 shell 不引用任何文件。 |
| ~/.emacs | 启动时由 emac 读取。 |
| ~/.forward | 如果这里包含一个电子邮件地址,那么所有发往 ~ 的所有者的邮件都会被转发到这个电子邮件地址。 |
| ~/.fvwmrc ~/.fvwm2rc | fvwm 和 fvwm2(基本的 X Window 管理器)的配置文件。 |
| ~/.hushlogin | 请 参考“man login”。引起“无提示”登录(没有邮件通知、上次登录信息或者 MOD 信息)。 |
| ~/.mail.rc | 邮件程序的用户初始化文件。 |
| ~/.ncftp/ | ncftp 程序的目录;包含书签、日志、宏、首选项和跟踪信息。请参阅 man ncftp。ncftp 的目的是为因特网标准文件传输协议(Internet standard File Transfer Protocol)提供一个强大而灵活的接口。它旨在替换系统所使用的标准的 ftp 程序。 |
| ~/.profile | 请参考“man bash”。如果 ~/.bash_profile 和 ~/.bash_login 文件不存在,bash 则将 ~/.profile 作为 ~/.bash_profile 处理,并被其它继承 Bourn 的 shell 使用。 |
| ~/.pinerc | Pine 配置 |
| ~/.muttrc | Mutt 配置 |
| ~/.exrc | 这个文件可以控制 vi 的配置。 示例:set ai sm ruler 在此文件中写入上面一行会让 vi 设置自动缩进、匹配括号、显示行号和行-列这几个选项。 |
| ~/.vimrc | 缺省的“Vim”配置文件。和 .exrc 一样。 |
| ~/.gtkrc | GNOME 工具包(GNOME Toolkit)。 |
| ~/.kderc | KDE 配置。 |
| ~/.netrc | ftp 缺省登录名和密码。 |
| ~/.rhosts | 由 r- 工具(如 rsh、rlogin 等等)使用。因为冒充主机很容易,所以安全性非常低。
|
| ~/.rpmrc | 请参阅“man rpm”。如果 /etc/rpmrc 不存在则由 rpm 读取。 |
| ~/.signature | 消息文本,将自动附 加在从此帐号发出的邮件末尾。 |
| ~/.twmrc | twm( The Window Manager)的配置文件。 |
| ~/.xinitrc | 启动时由 X 读取(而不是由 xinit 脚本读取)。通常会启动一些程序。 示例:exec /usr/sbin/startkde 如果该文件中存在上面这行内容,那么在从这个帐号发出 startx 命令时,这一行就会启动“KDE 视窗管理器”(KDE Window Manager)。 |
| ~/.xmodmaprc | 此文件被传送到 xmodmap 程序,而且可以被命名为任何文件(例如 ~/.Xmodmap 和 ~/.keymap.km)。 |
| ~/.xserverrc | 如果 xinit 可以找到要执行的 X,xinit 就会将该文件作为 X 服务器运行。 |
| ~/News/Sent-Message-IDs | gnus 的缺省邮件历史文件。 |
| ~/.Xauthority | 由 xdm 程序读和写,以处理权限。请参阅 X、xdm 和 xauth 联机帮助页。 |
| ~/.Xdefaults, ~/.Xdefaults-hostname | 在主机 hostname 的启动过程中由 X 应用程序读取。如果找不到 -hostname 文件,则查找 .Xdefaults 文件。 |
| ~/.Xmodmap | 指向 .xmodmaprc;Red Hat 有使用这个名称的 .xinitrc 文件。 |
| ~/.Xresources | 通常是传送到 xrdb 以加载 X 资源数据库的文件的名称,旨在避免应用程序需要读取一个很长的 .Xdefaults 文件这样的情况。(有些情况曾经使用了 ~/.Xres。) |
| ~/mbox | 用户的旧邮件。 |
关于作者
Subodh Soni 持有印度 College Surat 大学计算机科学与技术地区工程学的工程学学士学位。他为印度的 IBM Global Services(IBM Software Labs)工作;他还是 IBM Linux Technology Center 的成员之一,在那里他致力于 Linux RAS(Reliability,Availability and Serviceability(可靠性、可用性和适用性))。他感兴趣的其它领域还有操作系统内部、Linux 系统管理和疑难解答。您可以通过 subodh@in.ibm.com 与他联系。
=================================================
英文原文
Every Linux program is an executable file holding the list of opcodes the CPU executes to accomplish specific operations. For instance, the ls command is provided by the file /bin/ls, which holds the list of machine instructions needed to display the list of files in the current directory onto the screen. The behaviour of almost every program can be customized to your preferences or needs by modifying its configuration files.
Is there a standard configuration file format in Linux? In a word, no. Users who are new to Linux (rightly) feel frustrated that each configuration file looks like a new challenge to figure out. In Linux each programmer is free to choose the configuration file format he or she prefers. Format options range from the /etc/shells file, which contains a list of possible shells separated by a newline, to Apache’s complex /etc/httpd.conf file.
What are system configuration files? The kernel itself may be considered a “program.” Why does the kernel need configuration files? The kernel needs to know the list of users and groups in the system, and manage file permissions (that is, determine if a file can be opened by a specific user, according to the permissions, UNIX_USERS). Note that these files are not specifically read by programs, but by a function provided by a system library, and used by the kernel. For instance, a program needing the (encrypted) password of a user should not open the /etc/passwd file. Instead, it should call the system library function getpw(). This kind of function is also known as a system call. It is up to the kernel (through the system library) to open the /etc/passwd file and after that, search for the password of the requested user.
Most of the configuration files in the Red Hat Linux system are in the /etc directory unless otherwise specified. The configuration files can be broadly classified into the following categories:
| /etc/host.conf | Tells the network domain server how to look up hostnames. (Normally /etc/hosts, then name server; it can be changed through netconf.) |
| /etc/hosts | Contains a list of known hosts (in the local network). Can be used if the IP of the system is not dynamically generated. For simple hostname resolution (to dotted notation), /etc/hosts.conf normally tells the resolver to look here before asking the network nameserver, DNS or NIS. |
| /etc/hosts.allow | Man page same as hosts_access. Read by tcpd at least. |
| /etc/hosts.deny | Man page same as hosts_access. Read by tcpd at least. |
| /etc/issue & /etc/issue.net | These files are read by mingetty (and similar programs) to display a “welcome” string to the user connecting from a terminal (issue) or through a telnet session (issue.net). They include a few lines stating the Red Hat release number, name, and Kernel ID. They are used by rc.local. |
| /etc/redhat-release | Includes one line stating the Red Hat release number and name. Used by rc.local. |
| /etc/rc.d/rc | Normally run for all run levels with level passed as argument. For example, to boot your machine in the Graphics mode (X-Server), run the following command from your command line: init 5. The runlevel 5 is starts the system in graphics mode. |
| /etc/rc.d/rc.local | Not official. May be called from rc, rc.sysinit, or /etc/inittab. |
| /etc/rc.d/rc.sysinit | Normally the first script run for all run levels. |
| /etc/rc.d/rc/rcX.d | Scripts run from rc (X stands for any number from 1 to 5). These directories are “run-level” specific directories. When a system starts up, it identifies the run-level to be initiated, and then it calls all the startup scripts present in the specific directory for that run-level. For example, the system usually starts up and the message “entering run-level 3” is shown after the boot messages; this means that all the init scripts in the directory /etc/rc.d/rc3.d/ will be called. |
The kernel provides an interface to display some of its data structures that can be useful for determining the system parameters like interrupts used, devices initialised, memory statistics, etc. This interface is provided as a separate but dummy filesystem known as the /proc filesystem. Many system utilities use the values present in this filesystemf or displaying the system statistics. For example, the file /proc/modules lists the currently loaded modules in the system. This information is read by the command lsmod, which then displays it in a human readable format. In the same way, the file mtab specified in the following table reads the /proc/mount file, which contains the currently mounted filesystems.
| /etc/mtab | This changes continuously as the file /proc/mount changes. In other words, when filesystems are mounted and unmounted, the change is immediately reflected in this file. |
| /etc/fstab | Lists the filesystems currently “mountable” by the computer. This is important because when the computer boots, it runs the command mount -a, which takes care of mounting every file system marked with a “1” in the next-to-last column of fstab. |
| /etc/mtools.conf | Configuration for all the operations (mkdir, copy, format, etc.) on a DOS-type filesystem. |
| /etc/group | Contains the valid group names and the users included in the specified groups. A single user can be present in more than one group if he performs multiple tasks. For example, is a “user” is the administrator as well as a member of the project group “project 1”, then his entry in the group file will look like: user: * : group-id : project1 |
| /etc/nologin | If the file /etc/nologin exists, login(1) will allow access only to root. Other users will be shown the contents of this file and their logins refused. |
| etc/passwd | See “man passwd”. Holds some user account info including passwords (when not “shadowed”). |
| /etc/rpmrc | rpm command configuration. All the rpm command line options can be set together in this file so that all of the options apply globally when any rpm command is run on that system. |
| /etc/securetty | Contains the device names of tty lines (one per line, without leading /dev/) on which root is allowed to login. |
| /etc/usertty /etc/shadow |
Contains the encrypted password information for users’ accounts and optionally the password aging information. Included fields are:
|
| /etc/shells | Holds the list of possible “shells” available to the system. |
| /etc/motd | Message Of The Day; used if an administrator wants to convey some message to all the users of a Linux server. |
| /etc/gated.conf | Configuration for gated. Used only by the gated daemon. |
| /etc/gated.version | Contains the version number of the gated daemon. |
| /etc/gateway | Optionally used by the routed daemon. |
| /etc/networks | Lists names and addresses of networks accessible from the network to which the machine is connected. Used by route command. Allows use of name for network. |
| /etc/protocols | Lists the currently available protocols. See the NAG (Network Administrators Guide) and man page. C interface is getprotoent. Should never change. |
| /etc/resolv.conf | Tells the kernel which name server should be queried when a program asks to “resolve” an IP Address. |
| /etc/rpc | Contains instructions/rules for RPC, which can be used in NFS calls, remote file system mounting, etc. |
| /etc/exports | The file system to be exported (NFS) and permissions for it. |
| /etc/services | Translates network service names to port number/protocol. Read by inetd, telnet, tcpdump, and some other programs. There are C access routines. |
| /etc/inetd.conf | Config file for inetd. See the inetd man page. Holds an entry for each network service for which inetd must control daemons or other servicers. Note that services will be running, but comment them out in /etc/services so they will not be available even if running. Format: <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> |
| /etc/sendmail.cf | The Mail program sendmail’s configuration file. Cryptic to understand. |
| /etc/sysconfig/network | Indicates NETWORKING=yes or no. Read by rc.sysinit at least. |
| /etc/sysconfig/network-scripts/if* | Red Hat network configuration scripts. |
System commands are meant exclusively to control the system, and make everything work properly. All the programs like login (performing the authentication phase of a user on the console) or bash (providing the interaction between a user and the computer) are system commands. The files associated with them are therefore particularly important. This category has the following files of interest to users and administrators.
| /etc/lilo.conf | Contains the system’s default boot command line parameters and also the different images to boot with. You can see this list by pressing Tab at the LILO prompt. |
| /etc/logrotate.conf | Maintains the log files present in the /var/log directory. |
| /etc/identd.conf | Identd is a server that implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. identd operates by looking up specific TCP/IP connections and returning the user name of the process owning the connection. It can optionally return other information instead of a user name. See the identd man page. |
| /etc/ld.so.conf | Configuration for the Dynamic Linker. |
| /etc/inittab | This is chronologically the first configuration file in UNIX. The first program launched after a UNIX machine is switched on is init, which knows what to launch, thanks to inittab. It is read by init at run level changes, and controls the startup of the main process. |
| /etc/termcap | A database containing all of the possible terminal types and their capabilities. |
A daemon is a program running in non-interactive mode. Typically, daemon tasks are related to the networking area: they wait for connections, so that they can provide services through them. Many daemons are available for Linux, ranging from Web servers to ftp servers.
| /etc/syslogd.conf | The configuration file for the syslogd daemon. syslogd is the daemon that takes care of logging (writing to disk) messages coming from other programs to the system. This service, in particular, is used by daemons that would not otherwise have any means of signaling the presence of possible problems or sending messages to users. |
| /etc/httpd.conf | The configuration file for Apache, the Web server. This file is typically not in /etc. It may be in /usr/local/httpd/conf/ or /etc/httpd/conf/, but to make sure, you need to check the particular Apache installation. |
| /etc/conf.modules or /etc/modules.conf | The configuration file for kerneld. Ironically, it is not the kernel “as a daemon”. It is rather a daemon that takes care of loading additional kernel modules “on the fly” when needed. |
In Linux (and UNIX in general), there are countless “user” programs. A most common user program config file is /etc/lynx.cfg. This is the configuration file for lynx, the well-known textual browser. Through this file you can define the proxy server, the character set to use, and so on. The following code sample shows a part of the lynx.cfg file that can be modified to change the proxy settings of the Linux system. These settings apply (by default) to all the users running lynx in their respective shells, unless a user overrides the default config file by specifying --cfg = "mylynx.cfg.
Proxy settings in /etc/lynx.cfg
.h1 proxy .h2 HTTP_PROXY .h2 HTTPS_PROXY .h2 FTP_PROXY .h2 GOPHER_PROXY .h2 NEWS_PROXY .h2 NNTP_PROXY # Lynx version 2.2 and beyond supports the use of proxy servers that can act as # firewall gateways and caching servers. They are preferable to the older # gateway servers. Each protocol used by Lynx can be mapped separately using # PROTOCOL_proxy environment variables (see Lynx Users Guide). If you have # not set them externally, you can set them at run time via this configuration file. # They will not override external settings. The no_proxy variable can be used # to inhibit proxying to selected regions of the Web (see below). Note that on # VMS these proxy variables are set as process logicals rather than symbols, to # preserve lowercasing, and will outlive the Lynx image. # .ex 15 http_proxy:http://proxy3.in.ibm.com:80/ ftp_proxy:http://proxy3.in.ibm.com:80/ #http_proxy:http://penguin.in.ibm.com:8080 #ftp_proxy:http://penguin.in.ibm.com:8080/ .h2 NO_PROXY # The no_proxy variable can be a comma-separated list of strings defining # no-proxy zones in the DNS domain name space. If a tail substring of the # domain-path for a host matches one of these strings, transactions with that # node will not be proxied. .ex no_proxy:demiurge.in.ibm.com, demiurge
When changing a configuration file, make sure that the program using that configuration is restarted if it’s not controlled by the system administrator or the kernel. A normal user doesn’t usually have privileges to start or stop system programs and/or daemons.
Changing configuration files in the kernel immediately affects the system. For example, changing the passwd file to add a user immediately enables that user. Also there are some kernel tunable parameters in the /proc/sys directory on any Linux system. The write-access to all these files is given only to the super-user; other users have only readonly access. The files in this directory are classified in the same manner as the Linux kernel source. Every file in this directory represents a kernel data structure that can be dynamically modified to change the system performance.
Note: Before changing any value in any of these files, make sure you know everything about the file to avoid irreparable damage to the system.
Files in the /proc/sys/kernel/ directory
| File name | Description |
| threads-max | The maximum number of tasks the kernel can run. |
| ctrl-alt-del | If 1, then pressing this key sequence cleanly reboots the system. |
| sysrq | If 1, then Alt-SysRq is active. |
| osrelease | Displays the release of the operating system. |
| ostype | Displays the type of the operating system. |
| hostname | The host name of the system. |
| domainname | Network domain of which the system is a part. |
| modprobe | Specifies whether modprobe should be automatically run at startup, and load the necessary modules. |
A daemon is a program that is always running in background, quietly carrying out its task. Common ones are in.ftpd (ftp server daemon), in.telnetd (telnet server daemon), and syslogd (system logging daemon). Some daemons, while running, keep a close watch on the configuration file and reload it automatically when it changes. But most of the daemons do not reload automatically. We need to “tell” them somehow that the configuration file has changed and that it should be reloaded. This can be achieved (on Red Hat Linux systems) by restarting the services using the service command.
For example, if we have changed the network configuration, we need to issue:
service network restart.
Note: The services are most commonly the scripts present in the /etc/rc.d/init.d/* directory and are started by the init when the system is booted. So, to restart the service you can also do the following:
/etc/rc.d/init.d/<script-for-the-service> start | stop | status
start, stop, and status are the values that these scripts take as input to perform the action.
A user or system program reads its configuration file every time it is launched. Remember, though, that some system programs are spawned when the computer is turned on, and their behaviour depends on what they read in the configuration files in /etc/. So, the first time a user program is started, the default configuration is read from the files present in the /etc/ directory. Later, the user can customise the programs by using rc and . (dot) files as explained in the next section.
User configuration files: . (dot) files and rc files
We have seen how programs can be easily configured. But what if someone does not like the way a program has been configured in /etc/? A “normal” user cannot simply go into /etc and change the configuration files; they are owned — from the filesystem’s point of view — by root! This is why most user programs define two configuration files: the first one at a “system” level, located in /etc/; and the other one, “private” to the user, that can be found in his or her home directory.
For example, in my system I have installed the very useful wget utility. In /etc/ there is an /etc/wgetrc file. In my home directory, there is a file named .wgetrc, which describes my customised configuration (which will be loaded only when I, the user run the wget command). Other users may also have the .wgetrc file in their home directory (/home/other); this file will be read, of course, only when the user runs the wget command. In other words, the /etc/wgetrc file provides “default” values for wget, while the /home/xxx/.wgetrc file lists the “customisations” for a certain user. It is important to understand that this is the “general rule,” and is not necessarily true for all cases. A program like pine, for instance, does not have any files in /etc/, but only the custom configuration in the users’ home directory, in a file named .pinerc. Other programs may only have a default configuration file in /etc/, and may not let users “customize” them (it’s the case with only a few of the config. files in the /etc dir.).
Commonly used rc and . (dot) files
| Filename | Description |
| ~/.bash_login | Look at “man bash”. Treated by bash like ~/.bash_profile if that doesn’t exist. |
| ~/.bash_logout | Look at “man bash”.Sourced by bash login shells at exit. |
| ~/.bash_profile | Sourced by bash login shells after /etc/profile. |
| ~/.bash_history | The list of commands executed previously. |
| ~/.bashrc? | Look at “man bash”. Sourced by bash non-login interactive shells (no other files are). Non-interactive shells source nothing unless BASH_ENV or ENV are set. |
| ~/.emacs | Read by emacs at startup. |
| ~/.forward | If this contains an e-mail address, then all mail to owner of ~ will be forwarded to that e-mail address. |
| ~/.fvwmrc ~/.fvwm2rc | Config files for fvwm and fvwm2 (the basic X Window manager). |
| ~/.hushlogin | Look at “man login”. Causes a “quiet” login (no mail notice, last login info, or MOD). |
| ~/.mail.rc | User init file for mail program. |
| ~/.ncftp/ | Directory for ncftp program; contains bookmarks, log, macros, preferences, trace. See man ncftp. The purpose of ncftp is to provide a powerful and flexible interface to the Internet standard File Transfer Protocol. It is intended to replace the stock ftp program that comes with the system. |
| ~/.profile | Look at “man bash”. Treated by bash like ~/.bash_profile if that and ~/.bash_login don’t exist, and used by other Bourn-heritage shells too. |
| ~/.pinerc | Pine configuration |
| ~/.muttrc | Mutt configuration |
| ~/.exrc | Configuration of vi can be controlled by this file. Example: set ai sm ruler Writing the above line in this file makes vi set the auto-indentation, matching brackets and displaying line number and rows-columns options. |
| ~/.vimrc | Default “Vim” configuration file. Same as .exrc. |
| ~/.gtkrc | GNOME Toolkit. |
| ~/.kderc | KDE configuration. |
| ~/.netrc | Default login names and passwords for ftp. |
| ~/.rhosts | Used by the r-tools: rsh, rlogin, etc. Very weak security since host impersonation is easy.
|
| ~/.rpmrc | See “man rpm”. Read by rpm if /etc/rpmrc is not present. |
| ~/.signature | Message text that will be appended automatically to the mail sent from this account. |
| ~/.twmrc | Config file for twm (The Window Manager). |
| ~/.xinitrc | Read by X at startup (not by xinit script). Mostly starts some progs. Example: exec /usr/sbin/startkde If the above line is present in this file, then the KDE Window Manager is started in when the startx command is issued from this account. |
| ~/.xmodmaprc | This file is passed to the xmodmap program, and could be named anything (~/.Xmodmap and ~/.keymap.km, for example). |
| ~/.xserverrc | Run by xinit as the X server if it can find X to execute. |
| ~/News/Sent-Message-IDs | Default mail history file for gnus. |
| ~/.Xauthority | Read and written by xdm program to handle authorization. See the X, xdm, and xauth man pages. |
| ~/.Xdefaults, ~/.Xdefaults-hostname |
Read by X applications during startup on hostname. If the -hostname file can’t be found, .Xdefaults is looked for. |
| ~/.Xmodmap | Points to .xmodmaprc; Red Hat had (has) .xinitrc using this name. |
| ~/.Xresources | Usually the name for the file passed to xrdb to load the X resources database, to avoid the need for applications to read a long .Xdefaults file. (~/.Xres has been used by some.) |
| ~/mbox | User’s old mail. |
- Also on developerWorks:
- Browse more Linux resources on developerWorks.
- Browse more Open source resources on developerWorks.
Subodh Soni has a bachelor of engineering degree in Computer Science and Technology Regional Engineering from College Surat, India. He works for IBM Global Services (IBM Software Labs) in India; he is also a member of the IBM Linux Technology Center, where he concentrates on Linux RAS (Reliability, Availability, and Serviceability). Other areas of interest are operating system internals, Linux system administration, and troubleshooting. You can reach him at subodh@in.ibm.com.
0 条评论。