| Deployment GuideThis appendix outlines some of the files and directories found in the /etc/sysconfig/ directory, their function, and their contents. The information in this appendix is not intended to be complete, as many of these files have a variety of options that are only used in very specific or rare circumstances. The actual content of your /etc/sysconfig/ directory depends on the programs you have installed on your machine. To find the name of the package the configuration file belongs to, type the following at a shell prompt: ~]$ yum provides /etc/sysconfig/filename D.1. Files in the /etc/sysconfig/ DirectoryThe following sections offer descriptions of files normally found in the /etc/sysconfig/ directory. D.1.1. /etc/sysconfig/arpwatchThe /etc/sysconfig/arpwatch file is used to pass arguments to the arpwatch daemon at boot time. By default, it contains the following option: -
OPTIONS=value Additional options to be passed to the arpwatch daemon. For example: OPTIONS="-u arpwatch -e root -s 'root (Arpwatch)'"
D.1.2. /etc/sysconfig/authconfigThe /etc/sysconfig/authconfig file sets the authorization to be used on the host. By default, it contains the following options: -
USEMKHOMEDIR=boolean A Boolean to enable (yes ) or disable (no ) creating a home directory for a user on the first login. For example: USEMKHOMEDIR=no -
USEPAMACCESS=boolean A Boolean to enable (yes ) or disable (no ) the PAM authentication. For example: USEPAMACCESS=no -
USESSSDAUTH=boolean A Boolean to enable (yes ) or disable (no ) the SSSD authentication. For example: USESSSDAUTH=no -
USESHADOW=boolean A Boolean to enable (yes ) or disable (no ) shadow passwords. For example: USESHADOW=yes -
USEWINBIND=boolean A Boolean to enable (yes ) or disable (no ) using Winbind for user account configuration. For example: USEWINBIND=no -
USEDB=boolean A Boolean to enable (yes ) or disable (no ) the FAS authentication. For example: USEDB=no -
USEFPRINTD=boolean A Boolean to enable (yes ) or disable (no ) the fingerprint authentication. For example: USEFPRINTD=yes -
FORCESMARTCARD=boolean A Boolean to enable (yes ) or disable (no ) enforcing the smart card authentication. For example: FORCESMARTCARD=no -
PASSWDALGORITHM=value The password algorithm. The value can be bigcrypt , descrypt , md5 , sha256 , or sha512 . For example: PASSWDALGORITHM=sha512 -
USELDAPAUTH=boolean A Boolean to enable (yes ) or disable (no ) the LDAP authentication. For example: USELDAPAUTH=no -
USELOCAUTHORIZE=boolean A Boolean to enable (yes ) or disable (no ) the local authorization for local users. For example: USELOCAUTHORIZE=yes -
USECRACKLIB=boolean A Boolean to enable (yes ) or disable (no ) using the CrackLib. For example: USECRACKLIB=yes -
USEWINBINDAUTH=boolean A Boolean to enable (yes ) or disable (no ) the Winbind authentication. For example: USEWINBINDAUTH=no -
USESMARTCARD=boolean A Boolean to enable (yes ) or disable (no ) the smart card authentication. For example: USESMARTCARD=no -
USELDAP=boolean A Boolean to enable (yes ) or disable (no ) using LDAP for user account configuration. For example: USELDAP=no -
USENIS=boolean A Boolean to enable (yes ) or disable (no ) using NIS for user account configuration. For example: USENIS=no -
USEKERBEROS=boolean A Boolean to enable (yes ) or disable (no ) the Kerberos authentication. For example: USEKERBEROS=no -
USESYSNETAUTH=boolean A Boolean to enable (yes ) or disable (no ) authenticating system accounts with network services. For example: USESYSNETAUTH=no -
USESMBAUTH=boolean A Boolean to enable (yes ) or disable (no ) the SMB authentication. For example: USESMBAUTH=no -
USESSSD=boolean A Boolean to enable (yes ) or disable (no ) using SSSD for obtaining user information. For example: USESSSD=no -
USEHESIOD=boolean A Boolean to enable (yes ) or disable (no ) using the Hesoid name service. For example: USEHESIOD=no
D.1.3. /etc/sysconfig/autofsThe /etc/sysconfig/autofs file defines custom options for the automatic mounting of devices. This file controls the operation of the automount daemons, which automatically mount file systems when you use them and unmount them after a period of inactivity. File systems can include network file systems, CD-ROM drives, diskettes, and other media. By default, it contains the following options: -
MASTER_MAP_NAME=value The default name for the master map. For example: MASTER_MAP_NAME="auto.master" -
TIMEOUT=value The default mount timeout. For example: TIMEOUT=300 -
NEGATIVE_TIMEOUT=value The default negative timeout for unsuccessful mount attempts. For example: NEGATIVE_TIMEOUT=60 -
MOUNT_WAIT=value The time to wait for a response from mount . For example: MOUNT_WAIT=-1 -
UMOUNT_WAIT=value The time to wait for a response from umount . For example: UMOUNT_WAIT=12 -
BROWSE_MODE=boolean A Boolean to enable (yes ) or disable (no ) browsing the maps. For example: BROWSE_MODE="no" -
MOUNT_NFS_DEFAULT_PROTOCOL=value The default protocol to be used by mount.nfs . For example: MOUNT_NFS_DEFAULT_PROTOCOL=4 -
APPEND_OPTIONS=boolean A Boolean to enable (yes ) or disable (no ) appending the global options instead of replacing them. For example: APPEND_OPTIONS="yes" -
LOGGING=value The default logging level. The value has to be either none , verbose , or debug . For example: LOGGING="none" -
LDAP_URI=value A space-separated list of server URIs in the form of protocol ://server . For example: LDAP_URI="ldaps://ldap.example.com/" -
LDAP_TIMEOUT=value The synchronous API calls timeout. For example: LDAP_TIMEOUT=-1 -
LDAP_NETWORK_TIMEOUT=value The network response timeout. For example: LDAP_NETWORK_TIMEOUT=8 -
SEARCH_BASE=value The base Distinguished Name (DN) for the map search. For example: SEARCH_BASE="" -
AUTH_CONF_FILE=value The default location of the SASL authentication configuration file. For example: AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" -
MAP_HASH_TABLE_SIZE=value The hash table size for the map cache. For example: MAP_HASH_TABLE_SIZE=1024 -
USE_MISC_DEVICE=boolean A Boolean to enable (yes ) or disable (no ) using the autofs miscellaneous device. For example: USE_MISC_DEVICE="yes" -
OPTIONS=value Additional options to be passed to the LDAP daemon. For example: OPTIONS=""
D.1.4. /etc/sysconfig/clockThe /etc/sysconfig/clock file controls the interpretation of values read from the system hardware clock. It is used by the Date/Time Properties tool, and should not be edited by hand. By default, it contains the following option: -
ZONE=value The time zone file under /usr/share/zoneinfo that /etc/localtime is a copy of. For example: ZONE="Europe/Prague"
D.1.5. /etc/sysconfig/dhcpdThe /etc/sysconfig/dhcpd file is used to pass arguments to the dhcpd daemon at boot time. By default, it contains the following options: -
DHCPDARGS=value Additional options to be passed to the dhcpd daemon. For example: DHCPDARGS=
D.1.6. /etc/sysconfig/firstbootThe /etc/sysconfig/firstboot file defines whether to run the firstboot utility. By default, it contains the following option: -
RUN_FIRSTBOOT=boolean A Boolean to enable (YES ) or disable (NO ) running the firstboot program. For example: RUN_FIRSTBOOT=NO
The first time the system boots, the init program calls the /etc/rc.d/init.d/firstboot script, which looks for the /etc/sysconfig/firstboot file. If this file does not contain the RUN_FIRSTBOOT=NO option, the firstboot program is run, guiding a user through the initial configuration of the system. To start the firstboot program the next time the system boots, change the value of RUN_FIRSTBOOT option to YES , and type the following at a shell prompt: ~]# chkconfig firstboot on D.1.7. /etc/sysconfig/i18nThe /etc/sysconfig/i18n configuration file defines the default language, any supported languages, and the default system font. By default, it contains the following options: -
LANG=value The default language. For example: LANG="en_US.UTF-8" -
SUPPORTED=value A colon-separated list of supported languages. For example: SUPPORTED="en_US.UTF-8:en_US:en" -
SYSFONT=value The default system font. For example: SYSFONT="latarcyrheb-sun16"
D.1.8. /etc/sysconfig/initThe /etc/sysconfig/init file controls how the system appears and functions during the boot process. By default, it contains the following options: -
BOOTUP=value The bootup style. The value has to be either color (the standard color boot display), verbose (an old style display which provides more information), or anything else for the new style display, but without ANSI formatting. For example: BOOTUP=color -
RES_COL=value The number of the column in which the status labels start. For example: RES_COL=60 -
MOVE_TO_COL=value The terminal sequence to move the cursor to the column specified in RES_COL (see above). For example: MOVE_TO_COL="echo -en \\033[${RES_COL}G" -
SETCOLOR_SUCCESS=value The terminal sequence to set the success color. For example: SETCOLOR_SUCCESS="echo -en \\033[0;32m" -
SETCOLOR_FAILURE=value The terminal sequence to set the failure color. For example: SETCOLOR_FAILURE="echo -en \\033[0;31m" -
SETCOLOR_WARNING=value The terminal sequence to set the warning color. For example: SETCOLOR_WARNING="echo -en \\033[0;33m" -
SETCOLOR_NORMAL=value The terminal sequence to set the default color. For example: SETCOLOR_NORMAL="echo -en \\033[0;39m" -
LOGLEVEL=value The initial console logging level. The value has to be in the range from 1 (kernel panics only) to 8 (everything, including the debugging information). For example: LOGLEVEL=3 -
PROMPT=boolean A Boolean to enable (yes ) or disable (no ) the hotkey interactive startup. For example: PROMPT=yes -
AUTOSWAP=boolean A Boolean to enable (yes ) or disable (no ) probing for devices with swap signatures. For example: AUTOSWAP=no -
ACTIVE_CONSOLES=value The list of active consoles. For example: ACTIVE_CONSOLES=/dev/tty[1-6] -
SINGLE=value The single-user mode type. The value has to be either /sbin/sulogin (a user will be prompted for a password to log in), or /sbin/sushell (the user will be logged in directly). For example: SINGLE=/sbin/sushell
D.1.9. /etc/sysconfig/ip6tables-configThe /etc/sysconfig/ip6tables-config file stores information used by the kernel to set up IPv6 packet filtering at boot time or whenever the ip6tables service is started. Note that you should not modify it unless you are familiar with ip6tables rules. By default, it contains the following options: -
IP6TABLES_MODULES=value A space-separated list of helpers to be loaded after the firewall rules are applied. For example: IP6TABLES_MODULES="ip_nat_ftp ip_nat_irc" -
IP6TABLES_MODULES_UNLOAD=boolean A Boolean to enable (yes ) or disable (no ) module unloading when the firewall is stopped or restarted. For example: IP6TABLES_MODULES_UNLOAD="yes" -
IP6TABLES_SAVE_ON_STOP=boolean A Boolean to enable (yes ) or disable (no ) saving the current firewall rules when the firewall is stopped. For example: IP6TABLES_SAVE_ON_STOP="no" -
IP6TABLES_SAVE_ON_RESTART=boolean A Boolean to enable (yes ) or disable (no ) saving the current firewall rules when the firewall is restarted. For example: IP6TABLES_SAVE_ON_RESTART="no" -
IP6TABLES_SAVE_COUNTER=boolean A Boolean to enable (yes ) or disable (no ) saving the rule and chain counters. For example: IP6TABLES_SAVE_COUNTER="no" -
IP6TABLES_STATUS_NUMERIC=boolean A Boolean to enable (yes ) or disable (no ) printing IP addresses and port numbers in a numeric format in the status output. For example: IP6TABLES_STATUS_NUMERIC="yes" -
IP6TABLES_STATUS_VERBOSE=boolean A Boolean to enable (yes ) or disable (no ) printing information about the number of packets and bytes in the status output. For example: IP6TABLES_STATUS_VERBOSE="no" -
IP6TABLES_STATUS_LINENUMBERS=boolean A Boolean to enable (yes ) or disable (no ) printing line numbers in the status output. For example: IP6TABLES_STATUS_LINENUMBERS="yes"
You can create the rules manually using the ip6tables command. Once created, type the following at a shell prompt: ~]# service ip6tables save This will add the rules to /etc/sysconfig/ip6tables . Once this file exists, any firewall rules saved in it persist through a system reboot or a service restart. D.1.10. /etc/sysconfig/keyboardThe /etc/sysconfig/keyboard file controls the behavior of the keyboard. By default, it contains the following options: -
KEYTABLE=value The name of a keytable file. The files that can be used as keytables start in the /lib/kbd/keymaps/i386/ directory, and branch into different keyboard layouts from there, all labeled value .kmap.gz . The first file name that matches the KEYTABLE setting is used. For example: KEYTABLE="us" -
MODEL=value The keyboard model. For example: MODEL="pc105+inet" -
LAYOUT=value The keyboard layout. For example: LAYOUT="us" -
KEYBOARDTYPE=value The keyboard type. Allowed values are pc (a PS/2 keyboard), or sun (a Sun keyboard). For example: KEYBOARDTYPE="pc"
D.1.11. /etc/sysconfig/ldapThe /etc/sysconfig/ldap file holds the basic configuration for the LDAP server. By default, it contains the following options: -
SLAPD_OPTIONS=value Additional options to be passed to the slapd daemon. For example: SLAPD_OPTIONS="-4" -
SLURPD_OPTIONS=value Additional options to be passed to the slurpd daemon. For example: SLURPD_OPTIONS="" -
SLAPD_LDAP=boolean A Boolean to enable (yes ) or disable (no ) using the LDAP over TCP (that is, ldap:/// ). For example: SLAPD_LDAP="yes" -
SLAPD_LDAPI=boolean A Boolean to enable (yes ) or disable (no ) using the LDAP over IPC (that is, ldapi:/// ). For example: SLAPD_LDAPI="no" -
SLAPD_LDAPS=boolean A Boolean to enable (yes ) or disable (no ) using the LDAP over TLS (that is, ldaps:/// ). For example: SLAPD_LDAPS="no" -
SLAPD_URLS=value A space-separated list of URLs. For example: SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///" -
SLAPD_SHUTDOWN_TIMEOUT=value The time to wait for slapd to shut down. For example: SLAPD_SHUTDOWN_TIMEOUT=3 -
SLAPD_ULIMIT_SETTINGS=value The parameters to be passed to ulimit before the slapd daemon is started. For example: SLAPD_ULIMIT_SETTINGS=""
D.1.12. /etc/sysconfig/namedThe /etc/sysconfig/named file is used to pass arguments to the named daemon at boot time. By default, it contains the following options: -
ROOTDIR=value The chroot environment under which the named daemon runs. The value has to be a full directory path. For example: ROOTDIR="/var/named/chroot" Note that the chroot environment has to be configured first (type info chroot at a shell prompt for more information). -
OPTIONS=value Additional options to be passed to named . For example: OPTIONS="-6" Note that you should not use the -t option. Instead, use ROOTDIR as described above. -
KEYTAB_FILE=value The keytab file name. For example: KEYTAB_FILE="/etc/named.keytab"
D.1.13. /etc/sysconfig/networkThe /etc/sysconfig/network file is used to specify information about the desired network configuration. By default, it contains the following options: -
NETWORKING=boolean A Boolean to enable (yes ) or disable (no ) the networking. For example: NETWORKING=yes -
HOSTNAME=value The hostname of the machine. For example: HOSTNAME=penguin.example.com -
GATEWAY=value The IP address of the network's gateway. For example: GATEWAY=192.168.1.0
Do not use custom init scripts to configure network settings. When performing a post-boot network service restart, custom init scripts configuring network settings that are run outside of the network init script lead to unpredictable results. D.1.14. /etc/sysconfig/ntpdThe /etc/sysconfig/ntpd file is used to pass arguments to the ntpd daemon at boot time. By default, it contains the following option: -
OPTIONS=value Additional options to be passed to ntpd . For example: OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"
D.1.15. /etc/sysconfig/quaggaThe /etc/sysconfig/quagga file holds the basic configuration for Quagga daemons. By default, it contains the following options: -
QCONFDIR=value The directory with the configuration files for Quagga daemons. For example: QCONFDIR="/etc/quagga" -
BGPD_OPTS=value Additional options to be passed to the bgpd daemon. For example: BGPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/bgpd.conf" -
OSPF6D_OPTS=value Additional options to be passed to the ospf6d daemon. For example: OSPF6D_OPTS="-A ::1 -f ${QCONFDIR}/ospf6d.conf" -
OSPFD_OPTS=value Additional options to be passed to the ospfd daemon. For example: OSPFD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ospfd.conf" -
RIPD_OPTS=value Additional options to be passed to the ripd daemon. For example: RIPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ripd.conf" -
RIPNGD_OPTS=value Additional options to be passed to the ripngd daemon. For example: RIPNGD_OPTS="-A ::1 -f ${QCONFDIR}/ripngd.conf" -
ZEBRA_OPTS=value Additional options to be passed to the zebra daemon. For example: ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf" -
ISISD_OPTS=value Additional options to be passed to the isisd daemon. For example: ISISD_OPTS="-A ::1 -f ${QCONFDIR}/isisd.conf" -
WATCH_OPTS=value Additional options to be passed to the watchquagga daemon. For example: WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop" -
WATCH_DAEMONS=value A space separated list of monitored daemons. For example: WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd"
D.1.16. /etc/sysconfig/radvdThe /etc/sysconfig/radvd file is used to pass arguments to the radvd daemon at boot time. By default, it contains the following option: -
OPTIONS=value Additional options to be passed to the radvd daemon. For example: OPTIONS="-u radvd"
D.1.17. /etc/sysconfig/sambaThe /etc/sysconfig/samba file is used to pass arguments to the Samba daemons at boot time. By default, it contains the following options: -
SMBDOPTIONS=value Additional options to be passed to smbd . For example: SMBDOPTIONS="-D" -
NMBDOPTIONS=value Additional options to be passed to nmbd . For example: NMBDOPTIONS="-D" -
WINBINDOPTIONS=value Additional options to be passed to winbindd . For example: WINBINDOPTIONS=""
D.1.18. /etc/sysconfig/saslauthdThe /etc/sysconfig/saslauthd file is used to control which arguments are passed to saslauthd , the SASL authentication server. By default, it contains the following options: - SOCKETDIR=
value The directory for the saslauthd 's listening socket. For example: SOCKETDIR=/var/run/saslauthd - MECH=
value The authentication mechanism to use to verify user passwords. For example: MECH=pam - DAEMONOPTS=
value Options to be passed to the daemon() function that is used by the /etc/rc.d/init.d/saslauthd init script to start the saslauthd service. For example: DAEMONOPTS="--user saslauth" - FLAGS=
value Additional options to be passed to the saslauthd service. For example: FLAGS=
D.1.19. /etc/sysconfig/selinuxThe /etc/sysconfig/selinux file contains the basic configuration options for SELinux. It is a symbolic link to /etc/selinux/config , and by default, it contains the following options: -
SELINUX=value The security policy. The value can be either enforcing (the security policy is always enforced), permissive (instead of enforcing the policy, appropriate warnings are displayed), or disabled (no policy is used). For example: SELINUX=enforcing -
SELINUXTYPE=value The protection type. The value can be either targeted (the targeted processes are protected), or mls (the Multi Level Security protection). For example: SELINUXTYPE=targeted
D.1.20. /etc/sysconfig/sendmailThe /etc/sysconfig/sendmail is used to set the default values for the Sendmail application. By default, it contains the following values: -
DAEMON=boolean A Boolean to enable (yes ) or disable (no ) running sendmail as a daemon. For example: DAEMON=yes -
QUEUE=value The interval at which the messages are to be processed. For example: QUEUE=1h
D.1.21. /etc/sysconfig/spamassassinThe /etc/sysconfig/spamassassin file is used to pass arguments to the spamd daemon (a daemonized version of Spamassassin) at boot time. By default, it contains the following option: -
SPAMDOPTIONS=value Additional options to be passed to the spamd daemon. For example: SPAMDOPTIONS="-d -c -m5 -H"
D.1.22. /etc/sysconfig/squidThe /etc/sysconfig/squid file is used to pass arguments to the squid daemon at boot time. By default, it contains the following options: -
SQUID_OPTS=value Additional options to be passed to the squid daemon. For example: SQUID_OPTS="" -
SQUID_SHUTDOWN_TIMEOUT=value The time to wait for squid daemon to shut down. For example: SQUID_SHUTDOWN_TIMEOUT=100 -
SQUID_CONF=value The default configuration file. For example: SQUID_CONF="/etc/squid/squid.conf"
D.1.23. /etc/sysconfig/system-config-usersThe /etc/sysconfig/system-config-users file is the configuration file for the User Manager utility, and should not be edited by hand. By default, it contains the following options: -
FILTER=boolean A Boolean to enable (true ) or disable (false ) filtering of system users. For example: FILTER=true -
ASSIGN_HIGHEST_UID=boolean A Boolean to enable (true ) or disable (false ) assigning the highest available UID to newly added users. For example: ASSIGN_HIGHEST_UID=true -
ASSIGN_HIGHEST_GID=boolean A Boolean to enable (true ) or disable (false ) assigning the highest available GID to newly added groups. For example: ASSIGN_HIGHEST_GID=true -
PREFER_SAME_UID_GID=boolean A Boolean to enable (true ) or disable (false ) using the same UID and GID for newly added users when possible. For example: PREFER_SAME_UID_GID=true
D.1.24. /etc/sysconfig/vncserversThe /etc/sysconfig/vncservers file configures the way the Virtual Network Computing (VNC) server starts up. By default, it contains the following options: -
VNCSERVERS=value A list of space separated display :username pairs. For example: VNCSERVERS="2:myusername" -
VNCSERVERARGS[display ]=value Additional arguments to be passed to the VNC server running on the specified display . For example: VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
D.1.25. /etc/sysconfig/xinetdThe /etc/sysconfig/xinetd file is used to pass arguments to the xinetd daemon at boot time. By default, it contains the following options: -
EXTRAOPTIONS=value Additional options to be passed to xinetd . For example: EXTRAOPTIONS="" -
XINETD_LANG=value The locale information to be passed to every service started by xinetd . Note that to remove locale information from the xinetd environment, you can use an empty string ("" ) or none . For example: XINETD_LANG="en_US"
D.2. Directories in the /etc/sysconfig/ DirectoryThe following directories are normally found in /etc/sysconfig/ . -
/etc/sysconfig/cbq/ This directory contains the configuration files needed to do Class Based Queuing for bandwidth management on network interfaces. CBQ divides user traffic into a hierarchy of classes based on any combination of IP addresses, protocols, and application types. -
/etc/sysconfig/networking/ This directory is used by the now deprecated Network Administration Tool ( system-config-network ), and its contents should not be edited manually. For more information about configuring network interfaces using graphical configuration tools, refer to Chapter 8, NetworkManager. -
/etc/sysconfig/network-scripts/ This directory contains the following network-related configuration files: Network configuration files for each configured network interface, such as ifcfg-eth0 for the eth0 Ethernet interface. Scripts used to bring network interfaces up and down, such as ifup and ifdown . Scripts used to bring ISDN interfaces up and down, such as ifup-isdn and ifdown-isdn . Various shared network function scripts which should not be edited directly.
-
/etc/sysconfig/rhn/ This directory contains the configuration files and GPG keys for Red Hat Network. No files in this directory should be edited by hand. For more information on Red Hat Network, refer to the Red Hat Network website online at https://rhn.redhat.com/.
D.3. Additional ResourcesThis chapter is only intended as an introduction to the files in the /etc/sysconfig/ directory. The following source contains more comprehensive information. D.3.1. Installed Documentation-
/usr/share/doc/initscripts-version /sysconfig.txt A more authoritative listing of the files found in the /etc/sysconfig/ directory and the configuration options available for them.
|
| |
|