Chapter 18. The sysconfig Directory

This chapter outlines some of the files and directories found in the /etc/sysconfig/ directory, their function, and their contents. The information in this chapter is not intended to be complete, as many of these files have a variety of options that are only used in very specific or rare circumstances.

Note

The actual content of your /etc/sysconfig/ directory depends on the programs you have installed on your machine. To find the name of the package the configuration file belongs to, type the following at a shell prompt:

~]$ yum provides /etc/sysconfig/filename

Refer to Section 1.2.2, “Installing” for more information on how to install new packages in Red Hat Enterprise Linux.

18.1. Files in the `/etc/sysconfig/` Directory

The following sections offer descriptions of files normally found in the /etc/sysconfig/ directory.

18.1.1. `/etc/sysconfig/arpwatch`

The /etc/sysconfig/arpwatch file is used to pass arguments to the arpwatch daemon at boot time. By default, it contains the following option:

OPTIONS=value

Additional options to be passed to the arpwatch daemon. For example:

OPTIONS="-u arpwatch -e root -s 'root (Arpwatch)'"

18.1.2. `/etc/sysconfig/authconfig`

The /etc/sysconfig/authconfig file sets the authorization to be used on the host. By default, it contains the following options:

USEMKHOMEDIR=boolean

A boolean to enable (yes) or disable (no) creating a home directory for a user on the first login. For example:

USEMKHOMEDIR=no

USEPAMACCESS=boolean

A boolean to enable (yes) or disable (no) the PAM authentication. For example:

USEPAMACCESS=no

USESSSDAUTH=boolean

A boolean to enable (yes) or disable (no) the SSSD authentication. For example:

USESSSDAUTH=no

USESHADOW=boolean

A boolean to enable (yes) or disable (no) shadow passwords. For example:

USESHADOW=yes

USEWINBIND=boolean

A boolean to enable (yes) or disable (no) using Winbind for user account configuration. For example:

USEWINBIND=no

USEDB=boolean

A boolean to enable (yes) or disable (no) the FAS authentication. For example:

USEDB=no

USEFPRINTD=boolean

A boolean to enable (yes) or disable (no) the fingerprint authentication. For example:

USEFPRINTD=yes

FORCESMARTCARD=boolean

A boolean to enable (yes) or disable (no) enforcing the smart card authentication. For example:

FORCESMARTCARD=no

PASSWDALGORITHM=value

The password algorithm. The value can be bigcrypt, descrypt, md5, sha256, or sha512. For example:

PASSWDALGORITHM=sha512

USELDAPAUTH=boolean

A boolean to enable (yes) or disable (no) the LDAP authentication. For example:

USELDAPAUTH=no

USELOCAUTHORIZE=boolean

A boolean to enable (yes) or disable (no) the local authorization for local users. For example:

USELOCAUTHORIZE=yes

USECRACKLIB=boolean

A boolean to enable (yes) or disable (no) using the CrackLib. For example:

USECRACKLIB=yes

USEWINBINDAUTH=boolean

A boolean to enable (yes) or disable (no) the Winbind authentication. For example:

USEWINBINDAUTH=no

USESMARTCARD=boolean

A boolean to enable (yes) or disable (no) the smart card authentication. For example:

USESMARTCARD=no

USELDAP=boolean

A boolean to enable (yes) or disable (no) using LDAP for user account configuration. For example:

USELDAP=no

USENIS=boolean

A boolean to enable (yes) or disable (no) using NIS for user account configuration. For example:

USENIS=no

USEKERBEROS=boolean

A boolean to enable (yes) or disable (no) the Kerberos authentication. For example:

USEKERBEROS=no

USESYSNETAUTH=boolean

A boolean to enable (yes) or disable (no) authenticating system accounts with network services. For example:

USESYSNETAUTH=no

USESMBAUTH=boolean

A boolean to enable (yes) or disable (no) the SMB authentication. For example:

USESMBAUTH=no

USESSSD=boolean

A boolean to enable (yes) or disable (no) using SSSD for obtaining user information. For example:

USESSSD=no

USEHESIOD=boolean

A boolean to enable (yes) or disable (no) using the Hesoid name service. For example:

USEHESIOD=no

Refer to Chapter 8, Authentication Configuration for more information on this topic.

18.1.3. `/etc/sysconfig/autofs`

The /etc/sysconfig/autofs file defines custom options for the automatic mounting of devices. This file controls the operation of the automount daemons, which automatically mount file systems when you use them and unmount them after a period of inactivity. File systems can include network file systems, CD-ROM drives, diskettes, and other media.

By default, it contains the following options:

MASTER_MAP_NAME=value

The default name for the master map. For example:

MASTER_MAP_NAME="auto.master"

TIMEOUT=value

The default mount timeout. For example:

TIMEOUT=300

NEGATIVE_TIMEOUT=value

The default negative timeout for unsuccessful mount attempts. For example:

NEGATIVE_TIMEOUT=60

MOUNT_WAIT=value

The time to wait for a response from mount. For example:

MOUNT_WAIT=-1

UMOUNT_WAIT=value

The time to wait for a response from umount. For example:

UMOUNT_WAIT=12

BROWSE_MODE=boolean

A boolean to enable (yes) or disable (no) browsing the maps. For example:

BROWSE_MODE="no"

MOUNT_NFS_DEFAULT_PROTOCOL=value

The default protocol to be used by mount.nfs. For example:

MOUNT_NFS_DEFAULT_PROTOCOL=4

APPEND_OPTIONS=boolean

A boolean to enable (yes) or disable (no) appending the global options instead of replacing them. For example:

APPEND_OPTIONS="yes"

LOGGING=value

The default logging level. The value has to be either none, verbose, or debug. For example:

LOGGING="none"

LDAP_URI=value

A space-separated list of server URIs in the form of protocol://server . For example:

LDAP_URI="ldaps://ldap.example.com/"

LDAP_TIMEOUT=value

The synchronous API calls timeout. For example:

LDAP_TIMEOUT=-1

LDAP_NETWORK_TIMEOUT=value

The network response timeout. For example:

LDAP_NETWORK_TIMEOUT=8

SEARCH_BASE=value

The base Distinguished Name (DN) for the map search. For example:

SEARCH_BASE=""

AUTH_CONF_FILE=value

The default location of the SASL authentication configuration file. For example:

AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"

MAP_HASH_TABLE_SIZE=value

The hash table size for the map cache. For example:

MAP_HASH_TABLE_SIZE=1024

USE_MISC_DEVICE=boolean

A boolean to enable (yes) or disable (no) using the autofs miscellaneous device. For example:

USE_MISC_DEVICE="yes"

OPTIONS=value

Additional options to be passed to the LDAP daemon. For example:

OPTIONS=""

18.1.4. `/etc/sysconfig/clock`

The /etc/sysconfig/clock file controls the interpretation of values read from the system hardware clock. It is used by the Date/Time Properties tool, and should not be edited by hand. By default, it contains the following option:

ZONE=value

The time zone file under /usr/share/zoneinfo that /etc/localtime is a copy of. For example:

ZONE="Europe/Prague"

Refer to Section 13.1, “Date/Time Properties Tool” for more information on the Date/Time Properties tool and its usage.

18.1.5. `/etc/sysconfig/dhcpd`

The /etc/sysconfig/dhcpd file is used to pass arguments to the dhcpd daemon at boot time. By default, it contains the following options:

DHCPDARGS=value

Additional options to be passed to the dhcpd daemon. For example:

DHCPDARGS=

Refer to Chapter 6, Dynamic Host Configuration Protocol (DHCP) for more information on DHCP and its usage.

18.1.6. `/etc/sysconfig/firstboot`

The /etc/sysconfig/firstboot file defines whether to run the firstboot utility. By default, it contains the following option:

RUN_FIRSTBOOT=boolean

A boolean to enable (YES) or disable (NO) running the firstboot program. For example:

RUN_FIRSTBOOT=NO

The first time the system boots, the init program calls the /etc/rc.d/init.d/firstboot script, which looks for the /etc/sysconfig/firstboot file. If this file does not contain the RUN_FIRSTBOOT=NO option, the firstboot program is run, guiding a user through the initial configuration of the system.

Tip: You Can Run the `firstboot` Program Again

To start the firstboot program the next time the system boots, change the value of RUN_FIRSTBOOT option to YES, and type the following at a shell prompt:

~]# chkconfig firstboot on

18.1.7. `/etc/sysconfig/i18n`

The /etc/sysconfig/i18n configuration file defines the default language, any supported languages, and the default system font. By default, it contains the following options:

LANG=value

The default language. For example:

LANG="en_US.UTF-8"

SUPPORTED=value

A colon-separated list of supported languages. For example:

SUPPORTED="en_US.UTF-8:en_US:en"

SYSFONT=value

The default system font. For example:

SYSFONT="latarcyrheb-sun16"

18.1.8. `/etc/sysconfig/init`

The /etc/sysconfig/init file controls how the system appears and functions during the boot process. By default, it contains the following options:

BOOTUP=value

The bootup style. The value has to be either color (the standard color boot display), verbose (an old style display which provides more information), or anything else for the new style display, but without ANSI formatting. For example:

BOOTUP=color

RES_COL=value

The number of the column in which the status labels start. For example:

RES_COL=60

MOVE_TO_COL=value

The terminal sequence to move the cursor to the column specified in RES_COL (see above). For example:

MOVE_TO_COL="echo -en \\033[${RES_COL}G"

SETCOLOR_SUCCESS=value

The terminal sequence to set the success color. For example:

SETCOLOR_SUCCESS="echo -en \\033[0;32m"

SETCOLOR_FAILURE=value

The terminal sequence to set the failure color. For example:

SETCOLOR_FAILURE="echo -en \\033[0;31m"

SETCOLOR_WARNING=value

The terminal sequence to set the warning color. For example:

SETCOLOR_WARNING="echo -en \\033[0;33m"

SETCOLOR_NORMAL=value

The terminal sequence to set the default color. For example:

SETCOLOR_NORMAL="echo -en \\033[0;39m"

LOGLEVEL=value

The initial console logging level. The value has to be in the range from 1 (kernel panics only) to 8 (everything, including the debugging information). For example:

LOGLEVEL=3

PROMPT=boolean

A boolean to enable (yes) or disable (no) the hotkey interactive startup. For example:

PROMPT=yes

AUTOSWAP=boolean

A boolean to enable (yes) or disable (no) probing for devices with swap signatures. For example:

AUTOSWAP=no

ACTIVE_CONSOLES=value

The list of active consoles. For example:

ACTIVE_CONSOLES=/dev/tty[1-6]

SINGLE=value

The single-user mode type. The value has to be either /sbin/sulogin (a user will be prompted for a password to log in), or /sbin/sushell (the user will be logged in directly). For example:

SINGLE=/sbin/sushell

18.1.9. `/etc/sysconfig/ip6tables-config`

The /etc/sysconfig/ip6tables-config file stores information used by the kernel to set up IPv6 packet filtering at boot time or whenever the ip6tables service is started. Note that you should not modify it unless you are familiar with ip6tables rules. By default, it contains the following options:

IP6TABLES_MODULES=value

A space-separated list of helpers to be loaded after the firewall rules are applied. For example:

IP6TABLES_MODULES="ip_nat_ftp ip_nat_irc"

IP6TABLES_MODULES_UNLOAD=boolean

A boolean to enable (yes) or disable (no) module unloading when the firewall is stopped or restarted. For example:

IP6TABLES_MODULES_UNLOAD="yes"

IP6TABLES_SAVE_ON_STOP=boolean

A boolean to enable (yes) or disable (no) saving the current firewall rules when the firewall is stopped. For example:

IP6TABLES_SAVE_ON_STOP="no"

IP6TABLES_SAVE_ON_RESTART=boolean

A boolean to enable (yes) or disable (no) saving the current firewall rules when the firewall is restarted. For example:

IP6TABLES_SAVE_ON_RESTART="no"

IP6TABLES_SAVE_COUNTER=boolean

A boolean to enable (yes) or disable (no) saving the rule and chain counters. For example:

IP6TABLES_SAVE_COUNTER="no"

IP6TABLES_STATUS_NUMERIC=boolean

A boolean to enable (yes) or disable (no) printing IP addresses and port numbers in a numeric format in the status output. For example:

IP6TABLES_STATUS_NUMERIC="yes"

IP6TABLES_STATUS_VERBOSE=boolean

A boolean to enable (yes) or disable (no) printing information about the number of packets and bytes in the status output. For example:

IP6TABLES_STATUS_VERBOSE="no"

IP6TABLES_STATUS_LINENUMBERS=boolean

A boolean to enable (yes) or disable (no) printing line numbers in the status output. For example:

IP6TABLES_STATUS_LINENUMBERS="yes"

Tip: Use the `ip6tables` Command to Create the Rules

You can create the rules manually using the ip6tables command. Once created, type the following at a shell prompt:

~]# service ip6tables save

This will add the rules to /etc/sysconfig/ip6tables. Once this file exists, any firewall rules saved in it persist through a system reboot or a service restart.

18.1.10. `/etc/sysconfig/keyboard`

The /etc/sysconfig/keyboard file controls the behavior of the keyboard. By default, it contains the following options:

KEYTABLE=value

The name of a keytable file. The files that can be used as keytables start in the /lib/kbd/keymaps/i386/ directory, and branch into different keyboard layouts from there, all labeled value.kmap.gz. The first filename that matches the KEYTABLE setting is used. For example:

KEYTABLE="us"

MODEL=value

The keyboard model. For example:

MODEL="pc105+inet"

LAYOUT=value

The keyboard layout. For example:

LAYOUT="us"

KEYBOARDTYPE=value

The keyboard type. Allowed values are pc (a PS/2 keyboard), or sun (a Sun keyboard). For example:

KEYBOARDTYPE="pc"

18.1.11. `/etc/sysconfig/ldap`

The /etc/sysconfig/ldap file holds the basic configuration for the LDAP server. By default, it contains the following options:

SLAPD_OPTIONS=value

Additional options to be passed to the slapd daemon. For example:

SLAPD_OPTIONS="-4"

SLURPD_OPTIONS=value

Additional options to be passed to the slurpd daemon. For example:

SLURPD_OPTIONS=""

SLAPD_LDAP=boolean

A boolean to enable (yes) or disable (no) using the LDAP over TCP (that is, ldap:///). For example:

SLAPD_LDAP="yes"

SLAPD_LDAPI=boolean

A boolean to enable (yes) or disable (no) using the LDAP over IPC (that is, ldapi:///). For example:

SLAPD_LDAPI="no"

SLAPD_LDAPS=boolean

A boolean to enable (yes) or disable (no) using the LDAP over TLS (that is, ldaps:///). For example:

SLAPD_LDAPS="no"

SLAPD_URLS=value

A space-separated list of URLs. For example:

SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///"

SLAPD_SHUTDOWN_TIMEOUT=value

The time to wait for slapd to shut down. For example:

SLAPD_SHUTDOWN_TIMEOUT=3

SLAPD_ULIMIT_SETTINGS=value

The parameters to be passed to ulimit before the slapd daemon is started. For example:

SLAPD_ULIMIT_SETTINGS=""

18.1.12. `/etc/sysconfig/named`

The /etc/sysconfig/named file is used to pass arguments to the named daemon at boot time. By default, it contains the following options:

ROOTDIR=value

The chroot environment under which the named daemon runs. The value has to be a full directory path. For example:

ROOTDIR="/var/named/chroot"

Note that the chroot environment has to be configured first (type info chroot at a shell prompt for more information).

OPTIONS=value

Additional options to be passed to named. For example:

OPTIONS="-6"

Note that you should not use the -t option. Instead, use ROOTDIR as described above.

KEYTAB_FILE=value

The keytab filename. For example:

KEYTAB_FILE="/etc/named.keytab"

Refer to Chapter 10, The BIND DNS Server for more information on the BIND DNS server and its configuration.

18.1.13. `/etc/sysconfig/network`

The /etc/sysconfig/network file is used to specify information about the desired network configuration. By default, it contains the following options:

NETWORKING=boolean

A boolean to enable (yes) or disable (no) the networking. For example:

NETWORKING=yes

HOSTNAME=value

The hostname of the machine. For example:

HOSTNAME=penguin.example.com

GATEWAY=value

The IP address of the network's gateway. For example:

GATEWAY=192.168.1.0

Warning: Avoid Using Custom Init Scripts

Do not use custom init scripts to configure network settings. When performing a post-boot network service restart, custom init scripts configuring network settings that are run outside of the network init script lead to unpredictable results.

18.1.14. `/etc/sysconfig/ntpd`

The /etc/sysconfig/ntpd file is used to pass arguments to the ntpd daemon at boot time. By default, it contains the following option:

OPTIONS=value

Additional options to be passed to ntpd. For example:

OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"

Refer to Section 13.1.2, “Network Time Protocol Properties” or Section 13.2.2, “Network Time Protocol Setup” for more information on how to configure the ntpd daemon.

18.1.15. `/etc/sysconfig/quagga`

The /etc/sysconfig/quagga file holds the basic configuration for Quagga daemons. By default, it contains the following options:

QCONFDIR=value

The directory with the configuration files for Quagga daemons. For example:

QCONFDIR="/etc/quagga"

BGPD_OPTS=value

Additional options to be passed to the bgpd daemon. For example:

BGPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/bgpd.conf"

OSPF6D_OPTS=value

Additional options to be passed to the ospf6d daemon. For example:

OSPF6D_OPTS="-A ::1 -f ${QCONFDIR}/ospf6d.conf"

OSPFD_OPTS=value

Additional options to be passed to the ospfd daemon. For example:

OSPFD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ospfd.conf"

RIPD_OPTS=value

Additional options to be passed to the ripd daemon. For example:

RIPD_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/ripd.conf"

RIPNGD_OPTS=value

Additional options to be passed to the ripngd daemon. For example:

RIPNGD_OPTS="-A ::1 -f ${QCONFDIR}/ripngd.conf"

ZEBRA_OPTS=value

Additional options to be passed to the zebra daemon. For example:

ZEBRA_OPTS="-A 127.0.0.1 -f ${QCONFDIR}/zebra.conf"

ISISD_OPTS=value

Additional options to be passed to the isisd daemon. For example:

ISISD_OPTS="-A ::1 -f ${QCONFDIR}/isisd.conf"

WATCH_OPTS=value

Additional options to be passed to the watchquagga daemon. For example:

WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"

WATCH_DAEMONS=value

A space separated list of monitored daemons. For example:

WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd"

18.1.16. `/etc/sysconfig/radvd`

The /etc/sysconfig/radvd file is used to pass arguments to the radvd daemon at boot time. By default, it contains the following option:

OPTIONS=value

Additional options to be passed to the radvd daemon. For example:

OPTIONS="-u radvd"

18.1.17. `/etc/sysconfig/samba`

The /etc/sysconfig/samba file is used to pass arguments to the Samba daemons at boot time. By default, it contains the following options:

SMBDOPTIONS=value

Additional options to be passed to smbd. For example:

SMBDOPTIONS="-D"

NMBDOPTIONS=value

Additional options to be passed to nmbd. For example:

NMBDOPTIONS="-D"

WINBINDOPTIONS=value

Additional options to be passed to winbindd. For example:

WINBINDOPTIONS=""

18.1.18. `/etc/sysconfig/selinux`

The /etc/sysconfig/selinux file contains the basic configuration options for SELinux. It is a symbolic link to /etc/selinux/config, and by default, it contains the following options:

SELINUX=value

The security policy. The value can be either enforcing (the security policy is always enforced), permissive (instead of enforcing the policy, appropriate warnings are displayed), or disabled (no policy is used). For example:

SELINUX=enforcing

SELINUXTYPE=value

The protection type. The value can be either targeted (the targeted processes are protected), or mls (the Multi Level Security protection). For example:

SELINUXTYPE=targeted

18.1.19. `/etc/sysconfig/sendmail`

The /etc/sysconfig/sendmail is used to set the default values for the Sendmail application. By default, it contains the following values:

DAEMON=boolean

A boolean to enable (yes) or disable (no) running sendmail as a daemon. For example:

DAEMON=yes

QUEUE=value

The interval at which the messages are to be processed. For example:

QUEUE=1h

Refer to Section 12.3.2, “Sendmail” for more information on Sendmail and its configuration.

18.1.20. `/etc/sysconfig/spamassassin`

The /etc/sysconfig/spamassassin file is used to pass arguments to the spamd daemon (a daemonized version of Spamassassin) at boot time. By default, it contains the following option:

SPAMDOPTIONS=value

Additional options to be passed to the spamd daemon. For example:

SPAMDOPTIONS="-d -c -m5 -H"

Refer to Section 12.4.2.6, “Spam Filters” for more information on Spamassassin and its configuration.

18.1.21. `/etc/sysconfig/squid`

The /etc/sysconfig/squid file is used to pass arguments to the squid daemon at boot time. By default, it contains the following options:

SQUID_OPTS=value

Additional options to be passed to the squid daemon. For example:

SQUID_OPTS=""

SQUID_SHUTDOWN_TIMEOUT=value

The time to wait for squid daemon to shut down. For example:

SQUID_SHUTDOWN_TIMEOUT=100

SQUID_CONF=value

The default configuration file. For example:

SQUID_CONF="/etc/squid/squid.conf"

18.1.22. `/etc/sysconfig/system-config-users`

The /etc/sysconfig/system-config-users file is the configuration file for the User Manager utility, and should not be edited by hand. By default, it contains the following options:

FILTER=boolean

A boolean to enable (true) or disable (false) filtering of system users. For example:

FILTER=true

ASSIGN_HIGHEST_UID=boolean

A boolean to enable (true) or disable (false) assigning the highest available UID to newly added users. For example:

ASSIGN_HIGHEST_UID=true

ASSIGN_HIGHEST_GID=boolean

A boolean to enable (true) or disable (false) assigning the highest available GID to newly added groups. For example:

ASSIGN_HIGHEST_GID=true

PREFER_SAME_UID_GID=boolean

A boolean to enable (true) or disable (false) using the same UID and GID for newly added users when possible. For example:

PREFER_SAME_UID_GID=true

Refer to Section 15.1, “User and Group Configuration” for more information on User Manager and its usage.

18.1.23. `/etc/sysconfig/vncservers`

The /etc/sysconfig/vncservers file configures the way the Virtual Network Computing (VNC) server starts up. By default, it contains the following options:

VNCSERVERS=value

A list of space separated display:username pairs. For example:

VNCSERVERS="2:myusername"

VNCSERVERARGS[display]=value

Additional arguments to be passed to the VNC server running on the specified display. For example:

VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"

18.1.24. `/etc/sysconfig/xinetd`

The /etc/sysconfig/xinetd file is used to pass arguments to the xinetd daemon at boot time. By default, it contains the following options:

EXTRAOPTIONS=value

Additional options to be passed to xinetd. For example:

EXTRAOPTIONS=""

XINETD_LANG=value

The locale information to be passed to every service started by xinetd. Note that to remove locale information from the xinetd environment, you can use an empty string ("") or none. For example:

XINETD_LANG="en_US"

Refer to Chapter 7, Controlling Access to Services for more information on how to configure the xinetd services.