Understanding Linux profile reprint: http://www-900.ibm.com/developerWorks/cn/linux/Management/configuration/index.shtml Classification and Subodh Soni (SubodH@in.ibm.com) IBM Software Engineer 2001 December
This article describes the profile of the Linux system, in multi-user, multi-tasking environments, configuration file control user rights, system applications, daemons, services, and other management tasks. These tasks include managing user accounts, assigning disk quotas, managing email, and newsgroups, and configuring kernel parameters. This article also classifies the configuration files in the Red Hat Linux system based on the use of the configuration file and the services they affect.
This section describes that each Linux program is an executable, which contains an operating code list, and the CPU will execute these opcodes to complete a specific operation. For example, the LS command is provided by the / bin / ls file, which contains a list of machine instructions, which displays these machine instructions when displaying a list of files in the current directory on the screen. Almost every program can be customized by modifying its profile or needs to be customized. Is there a standard profile format in Linux? One sentence, no. Users who are not familiar with Linux will be frustrated because each profile looks like a new challenge to welcome. In Linux, each programmer can freely select his or her favorite profile format. There are many formats that can be selected, from the / etc / shells file (which contains a list of shells separated by a wrap), to the complex /etc/httpd.conf file of Apache. What is a system profile? The kernel itself can also be seen as a "program". Why is the kernel need a configuration file? The kernel needs to understand the list of users and groups in the system, and then manage file privileges (ie, determine if a specific user (UNIX_USERS) can open a file). Note that these files are not explicitly read by the program, but is read by a function provided by the system library and is used by the kernel. For example, the program should not open the / etc / passwd file when the program needs a user (encrypted) password. Instead, the program should call the GetPW () function of the system library. This function is also known as system calls. The password of the UTC / PASSWD file and then lookup that the requested user is determined by the kernel (through the system library). Most of the configuration files in the Red Hat Linux system are in the / etc directory unless otherwise specified. Profiles can be roughly divided into several categories: access files
/etc/host.conf tells the network domain name server how to find the host name. (Usually / etc / hosts, then the name server; can be changed via NetConf) / etc / hosts contains a list of known hosts (local network). If the IP of the system is not dynamically generated, you can use it. For simple hostname parsing (dummy representation), / etc / hosts.conf usually tells the resolution program before requesting a DNS or NIS Network Name Server. /etc/hosts.allow See the Hosts_Access's online help page. At least read by TCPD. /etc/hosts.deny Please refer to the Hosts_Access's online help page. At least read by TCPD. Guide and login / logout
/ etc / ixue & /etc/issue.net These files are read by MINGETTY (and similar programs) to display a "Welcome" character to users connected to the terminal (Issue) or through the Telnet session (Issue.Net). string. They include several lines of information about the Red Hat version number, name and kernel ID. They are used by rc.local. / etc / redhat-release information includes information on the RED HAT version number and name. Used by rc.local. /etc/rc.d/rc typically runs at all run levels, levels as parameters. For example, to boot the machine with a Graphics mode (X-Server), run the following command in the command line: init 5. Running level 5 indicates a graphic mode boot system. /etc/rc.d/rc.local is informal. You can call from RC, RC.SYSINIT or / ETC / INITTAB. /etc/rc.d/rc.sysinit is usually the first script for all run levels. /etc/rc.d/rc/rcx.d The script running from the RC (X represents any number between 1 to 5). These directories are directorys for specific "run levels". When the system starts, it recognizes the run level to be started, then call all startup scripts existing in the specific directory of the run level. For example, when the system is started, "Entering Run-Level 3" will be displayed after the boot message; this means that all initialization scripts in the /etc/rc.d/rc3.d/ directory will be called. The file system kernel provides an interface to display some of its data structures, which may be useful for system parameters such as interrupts, initialized devices and memory statistics. This interface is provided as an independent but virtual file system, called / proc file system. Many system utilities use the values existing in this file system to display system statistics. For example, the / proc / modules file enumerates the module currently loaded in the system. The lsmod command reads this information and then displays it in the format that people can understand. The MTAB file specified in the table below reads the / proc / mount file containing the currently installed file system in the same manner. / etc / mtab This will continue to change as the / proc / mount file changes. In other words, when the file system is installed and uninstalled, the change will be immediately reflected in this file. / etc / fstab lists the computer current "can install" file system. This is very important, because the computer boot will run the mount -a command, which is responsible for installing each file system with the "1" tag in the second column of the FSTAB. /etc/mtools.confDoS type of file system configuration (Create Directory, Replication, Format, etc.). System Management
/ etc / group contains valid group names and users included in the specified group. Single users can exist in multiple groups if multiple tasks are executed. For example, if a "user" is a member of the "Project 1" engineering group, it is also an administrator, then his entry in the group file looks like this: user: *: Group-id: Project1 / etc / NOLOGIN If there is a / etc / nologin file exists, login (1) will only allow root users to access. It will display other users to this file and reject its login. Etc / Passwd See "Man Passwd". It contains some user account information, including a password (if it is not encrypted by the Shadow program). / etc / rpmrcrpm command configuration. All rpm command line options can be set together in this file so that all options are globally available when any RMM commands are running in the system. / etc / securetty contains the device name, composed of TTY lines (one name per line, does not include the front / dev /), and the root user is allowed to log in. / etc / usertty / etc / shadow contains encrypted user account password information, and can include password aging information. The fields included are: login name encrypted password from January 1, 1970 to password last time changed to password, the password, the password, can change the previous days of password, must change the previous days password before the user is warned the number of passwords After the expiration of the account is disabled, from January 1, 1970 to the account disabled day / etc / shells contains a list of possible "shell" available for the system. / etc / motd daily message; use when administrators want to communicate a message to all users of the Linux server. networking
/etc/gated.confgated configuration. Can only be used by the Gated daemon. /etc/gated.version contains the version number of the GATed daemon. / etc / gateway is optionally used by the ROUTED daemon. / etc / networks enumerate the network name and network address that can be accessed from the network connected to the machine. Use by routing commands. Allow the use of the network name. / etc / protocols enumerate the currently available protocol. See NAG (Network Administrator Guide, Network Administrators Guide) and online help pages. The C interface is GetProtoent. Never change it. /etc/resolv.conf tells the kernel which name server should be queried when the program requests "parsing" an IP address. / etc / rpc contains RPC instructions / rules that can be used in NFS calls, remote file system installations. / etc / exports To export the file system (NFS) and the permissions to it. / etc / services convert the network service name to the port number / protocol. Read by inetd, telnet, tcpdump, and some other programs. There are some C access routines. /etc/inetd.confinetd configuration file. See the inetd online help page. The entry containing each network service, INETD must control these network services to control daemon or other services. Note that the service will run, but they commented in / etc / services, so even if these services are running. The format is:
/etc/lilo.conf contains the default boot command line parameters of the system, as well as different images used during startup. You can see this list when you press the Tab while the LILO boot prompt. The /etc/logrotate.conf Maintains the log file in the / var / log directory. /etc/identd.confidentd is a server that implements the standard Ident user identity identification protocol for TCP / IP proposals in the manner specified in the RFC 1413 document. Identd's operating principle is to find a specific TCP / IP connection and return a user name that has this connection. Alternatively, it can also return other information instead of a username. Please refer to the IdentD online help page. /etc/ld.so.conf "Dynamic Linker" configuration. / etc / inittab In the year, this is the first configuration file in UNIX. The first program started after a UNIX machine is open is init, which knows what to start, this is due to the existence of inittabs. When the run level changes, the initTab reads initTab and then controls the startup of the main process. / etc / termcap A database contains all possible terminal types and performance of these terminals. The daemon daemon is a program running in non-interactive mode. In general, the daemon task is related to the networking area: they wait for the connection to provide services. Linux can use many daemons from the web server to the FTP server. The /etc/slogd.confsyslogd Profile of the daemon. Syslogd is a daemon that is responsible for recording (write to disk) Send a message from other programs to the system. This service is especially often used by some daemon, which does not have additional methods to issue signals that may have problems or send messages to the user. /etc/httpd.confweb server Apache configuration file. This file is generally not in / ETC. It may be in / usr / local / httpd / conf / or / etc / httpd / conf / or / etc / httpd / conf / or to determine its location, you also need to check specific Apache installation information. /etc/conf.modules or /etc/modules.confkerneld configuration file. Interesting is that kernel is not "as a" kernel as a daemon. It is actually a daemon that is responsible for "fast" loading additional kernel module when needed. The user program is in Linux (and a general unix), there are countless "user" programs. The most common user program profile is /etc/lynx.cfg. This is the famous text browser Lynx profile. With this file, you can define the proxy server, the character set to use, and so on. The following code sample shows part of the Lynx.cfg file, modifying this part of the code can change the Linux system's proxy settings. By default, these settings apply to all users running Lynx in their respective shells unless a user resets the default profile by specifying --cfg = "mylynx.cfg". Proxy Server Settings in /etc/lynx.cfg
.h1 proxy .h2 HTTP_PROXY .h2 HTTPS_PROXY .h2 FTP_PROXY .h2 GOPHER_PROXY .h2 NEWS_PROXY .h2 NNTP_PROXY # Lynx version 2.2 and beyond supports the use of proxy servers that can act as # firewall gateways and caching servers. They are preferable to the older # gateway servers. Each protocol used by Lynx can be mapped separately using # PROTOCOL_proxy environment variables (see Lynx Users Guide). If you have # not set them externally, you can set them at run time via this configuration file. # They will not override external settings. The no_proxy variable can be used # to inhibit proxying to selected regions of the Web (see below). Note that on # VMS these proxy variables are set as process logicals rather than symbols, to # preserve lowercasing, and will outlive The Lynx Image. # .ex 15 http_proxy: http://proxy3.in.ibm.com: 80 / ftp_proxy: http://proxy3.in.ibm.com: 80 / #http_proxy: http://penguin.in .ibm.com: 8080 #ftp_proxy: http://penguin.in.ibm.com: 8080 / .h2 NO_PROXY # The no_proxy variable CA n be a comma-separated list of strings defining # no-proxy zones in the DNS domain name space. If a tail substring of the # domain-path for a host matches one of these strings, transactions with that # node will not be proxied .. .ex no_proxy: Demiurge.in.ibm.com, Demiurge Change Profile When changing the configuration file, if the program is not controlled by the system administrator or kernel, be sure to restart the program that uses the configuration. Ordinary users usually do not start or stop the permissions of the system program and / or daemon. The configuration file in the kernel change the kernel will immediately affect the system. For example, change the passwd file to increase the user to become available immediately. And there are some kernel tunable parameters in any Linux system / proc / sys directory. Only super users can get write access to all of these files; other users only read only access. The classification of files in this directory is the same as the classification of the Linux kernel source code. Each file in this directory represents a kernel data structure, which can be dynamically modified to change system performance. Note: Before changing any of the values of any file, you should make sure you have a comprehensive understanding of the file to avoid unpaid damage to the system. / proc / sys / kernel / directory file name
description
The maximum number of THREADS-MAX kernels can run. Ctrl-Alt-DEL If the value is 1, then the sequence presses these keys to reboot the system. Sysrq If the value is 1, Alt-SysRQ is an activation state. OSRELEASE Displays the release of the operating system OSTYPE Displays the type of the operating system. Hostname system hostname. The DomainName network field, the system is part of the network domain. ModProbe specifies whether ModProbe should automatically run and load the required modules when startup. The daemon and system program daemon are running in the background, and it silently performs their own tasks. The common daemon has in.ftpd (FTP server daemon), in.telnetd (Telnet server daemon) and syslogd (system logging daemon). Some daemons are tightly monitored at runtime, which automatically reloads it when the configuration file changes. But most daemon does not automatically reload the configuration file. We need to "tell" these daemon configuration files in some way and should have changed and should be reloaded. This purpose can be reached by using the service command to reach the service (on the Red Hat Linux system). For example, if we change the network configuration, we need to issue: Service Network Restart. Note: These services are the most common is the script in the /etc/rc.d/init.d/* directory, and started by init when the system is booted. So, you can also execute the following: /etc/rc.d/init.d/
For example, a program like Pine, there is no file in / etc /, which only has a custom configuration file in the user home directory, named .pinerc. Other programs may only have the default configuration file in / etc /, and may not allow the user to "customize" these configuration files (only a few config. Files in / etc directory are this). Usually used RC and. (Point) file file name
description
~ / .bash_login Please refer to "Man Bash". If ~ / .bash_profile does not exist, Bash will be processed to ~ / .bash_login as ~ / .bash_profile. ~ / .bash_logout Please refer to "Man Bash". Log in to the shell reference by the bash when exiting. ~ / .bash_profile is referenced after the Bash login shell reference / etc / profile. ~ / .bash_history list of previously executed commands. ~ / .bashrc Please refer to "Man Bash". BASH Non-login interactive shell references (no other files). Non-interactive shells do not quote any files unless the Bash_ENV or ENV is set. ~ / .Emacs is read by EMAC during startup. ~ / .Forward If you include an email address here, all sent to the owner of the molcher will be forwarded to this email address. ~ / .fvwmrc ~ / .fvwm2rcfvwm and FVWM2 (Basic X Window Manager) profile. ~ / .hushlogin Please refer to "Man Login". Causes "No Tips" login (no mail notification, last login information or MOD information). ~ / .mail.rc mail program user initialization file. ~ / .ncftp / NCFTP program directory; contain bookmarks, logs, macros, preferences, and tracking information. See MAN NCFTP. The purpose of NCFTP is to provide a powerful and flexible interface for Internet Standard File Transfer Protocol. It is designed to replace the standard FTP program used by the system. ~ / .profile Please refer to "Man Bash". If the ~ / .bash_profile and ~ / .bash_login file do not exist, BASH will be ~ / .profile as ~ / .bash_profile, and is used by other inherited bourn. ~ / .pinercpine configuration ~ / .muttrcmutt configuration ~ / .exrc This file can control the configuration of the VI. Example: SET AI SM RULER Write the top line in this file to let VI set automatically, match parentheses, display line numbers, and row-columns. ~ / .vimrc default "VIM" profile. Like .exrc. ~ / .gtkrcgnome toolkit (GNOME Toolkit). ~ / .kderckde configuration. ~ / .netrcftp default login name and password. ~ / .rhosts is used by R-tools such as RSH, Rlogin, and so on. Because the pretending host is easy, the security is very low.
Must be owned by the user (~ / owner) or superuser. List some hosts, users can access the account from these hosts. If it is a symbolic link, it is ignored. ~ / .rpmrc See "Man RPM". If the / etc / rpmrc does not exist, it is read by RPM. ~ / .signature message text, will be automatically attached to the end of the message emitted from this account. ~ / .twmrctwm (The Window Manager) profile. ~ / .xinitrc starts by x read (not by xinit script). Some programs are usually started. Example: EXEC / USR / SBIN / STARTKDE If there is a top content in this file, this line will launch the "KDE Window Manager" when the STARTX command is issued from this account. ~ / .XMODMAPRC This file is transmitted to the XMODMAP program, and can be named any file (for example, ~ / .xmodmap and ~ / .KeyMap.km). ~ / .xserverrc If xinit can find X, xinit will run the file as the X server. ~ / News / sample-message-idsgnus default mail history file. ~ / .Xauthority is read and written by the XDM program to handle permissions. See the X, XDM, and Xauth Online Help Pages. ~ / .Xdefaults, ~ / .xdefaults-hostname is read by the X application during the startup of the host Hostname. If you can't find the -hostname file, look for the .xdefaults file. ~ / .Xmodmap points to .xmodmaprc; red Hat has a .xinitrc file using this name. ~ / .XResources is usually transmitted to XRDB to load the name of the X resource database, intended to avoid the application needs to read a very .xdefaults file. (Some situations have been used ~ / .xres.) ~ / Mbox users' old emails. For more information, please read Jack Wallen, Jr. Linux Configuration Files. Also on developerWorks:
TECHNICAL FAQ for Linux Users What Good Is A Linux Client? Using The XinetD Program for System Administration Direct Excise DEVELOPERWORKS More Linux References. More open source reference information on the flowchart developerWorks.
A Bile School of Engineering in Computer Science and Technology Regional Engineering in India 's University of COLEGE SURAT. He works for India's IBM Global Services (IBM Software Labs); he is one of the members of IBM Linux Technology Center, where he is committed to Linux Ras (reliants, availability, and applicability)). Other areas of him are also interested in operating internal, Linux system management and troubleshooting. You can contact him through Subodh@in.ibm.com.
