1.6. /etc

This is the nerve center of your system, it contains all system related configuration files in here or in its sub-directories. A "configuration file" is defined as a local file used to control the operation of a program; it must be static and cannot be an executable binary. For this reason, it's a good idea to backup this directory regularly. It will definitely save you a lot of re-configuration later if you re-install or lose your current installation. Normally, no binaries should be or are located here.


This directory tree contains all the configuration files for the X Window System. Users should note that many of the files located in this directory are actually symbolic links to the /usr/X11R6 directory tree. Thus, the presence of these files in these locations can not be certain.

/etc/X11/XF86Config, /etc/X11/XF86Config-4

The 'X' configuration file. Most modern distributions possess hardware autodetection systems that enable automatic creation of a valid file. Should autodetection fail a configuration file can also be created manually provided that you have sufficient knowledge about your system. It would be considered prudent not to attempt to type out a file from beginning to end. Rather, use common configuration utilities such as xf86config, XF86Setup and xf86cfg to create a workable template. Then, using suitable documentation commence optimization through intuition and/or trial and error. Options that can be configured via this file include X modules to be loaded on startup, keyboard, mouse, monitor and graphic chipset type. Often, commercial distributions will include their own X configuration utilities such as XDrake on Mandrake and also Xconfiguration on Redhat. Below is a sample X configuration file from the reference system

# XF86Config-4 (XFree86 server configuration file) generated by dexconf, the
# Debian X Configuration tool, using values from the debconf database.
# Edit this file with caution, and see the XF86Config-4 manual page.
# (Type "man XF86Config-4" at the shell prompt.)
# If you want your changes to this file preserved by dexconf, only 
# make changes
# before the "### BEGIN DEBCONF SECTION" line above, and/or after the
# "### END DEBCONF SECTION" line below.
# To change things within the debconf section, run the command:
#   dpkg-reconfigure xserver-xfree86
# as root.  Also see "How do I add custom sections to a dexconf-
# generated
# XF86Config or XF86Config-4 file?" in /usr/share/doc/xfree86-
# common/FAQ.gz.

Section "Files"
        FontPath        "unix/:7100"                        
# local font server
        # if the local font server has problems, 
# we can fall back on these
        FontPath        "/usr/lib/X11/fonts/misc"
        FontPath        "/usr/lib/X11/fonts/cyrillic"
        FontPath        "/usr/lib/X11/fonts/100dpi/:unscaled"
        FontPath        "/usr/lib/X11/fonts/75dpi/:unscaled"
        FontPath        "/usr/lib/X11/fonts/Type1"
        FontPath        "/usr/lib/X11/fonts/Speedo"
        FontPath        "/usr/lib/X11/fonts/100dpi"
        FontPath        "/usr/lib/X11/fonts/75dpi"

Section "Module"
        Load        "GLcore"
        Load        "bitmap"
        Load        "dbe"
        Load        "ddc"
        Load        "dri"
        Load        "extmod"
        Load        "freetype"
        Load        "glx"
        Load        "int10"
        Load        "pex5"
        Load        "record"
        Load        "speedo"
        Load        "type1"
        Load        "vbe"
        Load        "xie"

Section "InputDevice"
        Identifier        "Generic Keyboard"
        Driver                "keyboard"
        Option                "CoreKeyboard"
        Option                "XkbRules"        "xfree86"
        Option                "XkbModel"        "pc104"
        Option                "XkbLayout"        "us"

Section "InputDevice"
        Identifier        "Configured Mouse"
        Driver                "mouse"
        Option                "CorePointer"
        Option                "Device"                "/dev/psaux"
        Option                "Protocol"                "NetMousePS/2"
        Option                "Emulate3Buttons"        "true"
        Option                "ZAxisMapping"                "4 5"

Section "InputDevice"
        Identifier        "Generic Mouse"
        Driver                "mouse"
        Option                "SendCoreEvents"        "true"
        Option                "Device"                "/dev/input/mice"
        Option                "Protocol"                "ImPS/2"
        Option                "Emulate3Buttons"        "true"
        Option                "ZAxisMapping"                "4 5"

Section "Device"
        Identifier        "Generic Video Card"
        Driver                "nv"
#        Option                "UseFBDev"                "true"
        Option                "UseFBDev"                "false"

Section "Monitor"
        Identifier        "Generic Monitor"
        HorizSync        30-38
        VertRefresh        43-95
        Option                "DPMS"

Section "Screen"
        Identifier        "Default Screen"
        Device                "Generic Video Card"
        Monitor                "Generic Monitor"
        DefaultDepth        16
        SubSection "Display"
                Depth                1
                Modes                "800x600" "640x480"
        SubSection "Display"
                Depth                4
                Modes                "800x600" "640x480"
        SubSection "Display"
                Depth                8
                Modes                "800x600" "640x480"
        SubSection "Display"
                Depth                15
                Modes                "800x600" "640x480"
        SubSection "Display"
                Depth                16
                Modes                "800x600" "640x480"
        SubSection "Display"
                Depth                24
                Modes                "800x600" "640x480"

Section "ServerLayout"
        Identifier        "Default Layout"
        Screen                "Default Screen"
        InputDevice        "Generic Keyboard"
        InputDevice        "Configured Mouse"
        InputDevice        "Generic Mouse"

Section "DRI"
        Mode        0666


As you can see, the layout of the file is quite simple and tends to be quite standard across most distributions. At the top are the locations of the various font files for X (note - X will not start if you do not specify a valid font), next is the "Modules" section. It details what modules are to be loaded upon startup. The most well known extensions are probably GLX (required for 3D rendering of graphics and games) and Xinerama which allows users to expand their desktop over several monitors. Next are the various "Device" sections which describe the type of hardware you have. Improper configuration of these subsections can lead to heartache and trauma with seemingly misplaced keys, bewitched mice and also constant flashing as X attempts to restart in a sometimes never ending loop. In most cases when all else fails the vesa driver seems to be able to initialise most modern video cards. In the "Screen" section it is possible to alter the default startup resolution and depth. Quite often it is possible to alter these attributes on the fly by using the alt-ctrl-+ or alt-ctrl- set of keystrokes. Lastly are the "ServerLayout" and "DRI" sections. Users will almost never touch the "DRI" section and only those who wish to utilise the Xinerama extensions of X will require having to change any of the ServerLayout options.


In general your default keyboard mapping comes from your X server setup. If this setup is insufficient and you are unwilling to go through the process of reconfiguration and/or you are not the superuser you'll need to use the xmodmap program. This is the utility's global configuration file.


The various symbols, types, geometries of keymaps that the X server supports can be found in this directory tree.


Low Bandwidth X (LBX) proxy server configuration files. Applications that would like to take advantage of the Low Bandwidth extension to X (LBX) must make their connections to an lbxproxy. These applications need know nothing about LBX, they simply connect to the lbxproxy as if it were a regular X server. The lbxproxy accepts client connections, multiplexes them over a single connection to the X server, and performs various optimizations on the X protocol to make it faster over low bandwidth and/or high latency connections. It should be noted that such compression will not increase the pace of rendering all that much. Its primary purpose is to reduce network load and thus increase overall network latency. A competing project called DXPC (Differential X Protocol Compression) has been found to be more efficient at this task. Studies have shown though that in almost all cases ssh tunneling of X will produce far better results than through any of these specialised pieces of software.


X proxy services manager initialisation files. proxymngr is responsible for resolving requests from xfindproxy (in the xbase-clients package) and other similar clients, starting new proxies when appropriate, and keeping track of all the available proxy services.


X display manager configuration files. xdm manages a collection of X servers, which may be on the local host or remote machines. It provides services similar to those provided by init, getty, and login on character-based terminals: prompting for login name and password, authenticating the user, and running a session. xdm supports XDMCP (X Display Manager Control Protocol) and can also be used to run a chooser process which presents the user with a menu of possible hosts that offer XDMCP display management. If the xutils package is installed, xdm can use the sessreg utility to register login sessions to the system utmp file; this, however, is not necessary for xdm to function.


This is the master 'xdm' configuration file. It determines where all other 'xdm' configuration files will be located. It is almost certain to be left undisturbed.


GNOME Display Manager configuration files. gdm provides the equivalent of a "login:" prompt for X displays- it pops up a login window and starts an X session. It provides all the functionality of xdm, including XDMCP support for managing remote displays. The greeting window is written using the GNOME libraries and hence looks like a GNOME application- even to the extent of supporting themes! By default, the greeter is run as an unprivileged user for security.


This is the primary configuration file for GDM. Through it, users can specify whether they would like their system to automatically login as a certain user, background startup image and also if they would like to run their machine as somewhat of a terminal server by using the XDMCP protocol.


Home of xfs fonts.


X font server configuration files. xfs is a daemon that listens on a network port and serves X fonts to X servers (and thus to X clients). All X servers have the ability to serve locally installed fonts for themselves, but xfs makes it possible to offload that job from the X server, and/or have a central repository of fonts on a networked machine running xfs so that all the machines running X servers on a network do not require their own set of fonts. xfs may also be invoked by users to, for instance, make available X fonts in user accounts that are not available to the X server or to an already running system xfs.


This is the 'xfs' initialisation file. It specifies the number of clients that are allowed to connect to the 'xfs' server at any one time, the location of log files, default resolution, the location of the fonts, etc.

# font server configuration file
# $Xorg: config.cpp,v 1.3 2000/08/17 19:54:19 cpqbld Exp $

# allow a maximum of 10 clients to connect to this font server
client-limit = 10
# when a font server reaches its limit, start up a new one
clone-self = on
# log messages to /var/log/xfs.log (if syslog is not used)
error-file = /var/log/xfs.log
# log errors using syslog
use-syslog = on
# turn off TCP port listening (Unix domain connections are still permitted)
no-listen = tcp
# paths to search for fonts
catalogue = /usr/lib/X11/fonts/misc/,/usr/lib/X11/fonts/cyrillic/,
# in decipoints
default-point-size = 120
# x1,y1,x2,y2,...
default-resolutions = 100,100,75,75

# font cache control, specified in kB
cache-hi-mark = 2048
cache-low-mark = 1433
cache-balance = 70


Home of configuration files for twm. The original Tabbed Window Manager.


xinit configuration files. 'xinit' is a configuration method of starting up an X session that is designed to used as part of a script. Normally, this is used at larger sites as part of a tailored login process.


Global xinitrc file, used by all X sessions started by xinit (startx). Its usage is of course overridden by a .xinitrc file located in the home directory of a user.


'adduser' configuration. The adduser command can create new users, groups and add existing users to existing groups. Adding users with adduser is much easier than adding them by hand. Adduser will choose appropriate UID and GID values, create a home directory, copy skeletal user configuration from /etc/skel, allow you to set an initial password and the GECOS field. Optionally a custom script can be executed after this commands. See adduser(8) and adduser.conf(5) for full documentation.


Has parameters to help adjust the software (kernel) time so that it matches the RTC.


This is the aliases file - it says who gets mail for whom. It was originally generated by `eximconfig', part of the exim package distributed with Debian, but it may edited by the mail system administrator. See exim info section for details of the things that can be configured here. An aliases database file (aliases.db) is built from the entries in the aliases files by the newaliases utility.


It is possible for several programs fulfilling the same or similar functions to be installed on a single system at the same time. For example, many systems have several text editors installed at once. This gives choice to the users of a system, allowing each to use a different editor, if desired, but makes it difficult for a program to make a good choice of editor to invoke if the user has not specified a particular preference.

The alternatives system aims to solve this problem. A generic name in the filesystem is shared by all files providing interchangeable functionality. The alternatives system and the system administrator together determine which actual file is referenced by this generic name. For example, if the text editors ed(1) and nvi(1) are both installed on the system, the alternatives system will cause the generic name /usr/bin/editor to refer to /usr/bin/nvi by default. The system administrator can override this and cause it to refer to /usr/bin/ed instead, and the alternatives system will not alter this setting until explicitly requested to do so.

The generic name is not a direct symbolic link to the selected alternative. Instead, it is a symbolic link to a name in the alternatives directory, which in turn is a symbolic link to the actual file referenced. This is done so that the system administrator's changes can be confined within the /etc directory.


This is Debian's next generation front-end for the dpkg package manager. It provides the apt-get utility and APT dselect method that provides a simpler, safer way to install and upgrade packages. APT features complete installation ordering, multiple source capability and several other unique features, see the Users Guide in /usr/share/doc/apt/guide.text.gz


deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-7 (20020718)]/
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-6 (20020718)]/
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-5 (20020718)]/
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-4 (20020718)]/
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-3 (20020718)]/ 
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-2 (20020718)]/ 
          unstable contrib main non-US/contrib non-US/main
deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-1 (20020718)]/ 
          unstable contrib main non-US/contrib non-US/main

# deb http://security.debian.org/ stable/updates main

Contains a list of apt-sources from which packages may be installed via APT.


ALSA (Advanced Linux Sound Architecture) configuration file. It is normally created via alsactl or other third-party sound configuration utilities that may be specific to a distribution such as sndconfig from Redhat.


Users denied access to the at daemon. The 'at' command allows user to execute programs at an arbitrary time.


Configuration files for autoconf. 'autoconf' creates scripts to configure source code packages using templates. To create configure from configure.in, run the autoconf program with no arguments. autoconf processes configure.ac with the m4 macro processor, using the Autoconf macros. If you give autoconf an argument, it reads that file instead of configure.ac and writes the configuration script to the standard output instead of to configure. If you give autoconf the argument -, it reads the standard input instead of configure.ac and writes the configuration script on the standard output.

The Autoconf macros are defined in several files. Some of the files are distributed with Autoconf; autoconf reads them first. Then it looks for the optional file acsite.m4 in the directory that contains the distributed Autoconf macro files, and for the optional file aclocal.m4 in the current directory. Those files can contain your site's or the package's own Autoconf macro definitions. If a macro is defined in more than one of the files that autoconf reads, the last definition it reads overrides the earlier ones.


System wide functions and aliases' file for interactive bash shells.


Programmable completion functions for bash 2.05a.


This is the chat script used to dial out to your default service provider.

/etc/cron.d, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthly

These directories contain scripts to be executed on a regular basis by the cron daemon.


'cron' configuration file. This file is for the cron table to setup the automatic running of system routines. A cron table can also be established for individual users. The location of these user cron table files will be explained later on.

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file.
# This file also has a username field, that none of the other crontabs do.


# m h dom mon dow user command
25 6 * * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.daily
47 6 * * 7 root test -e /usr/sbin/anacron || run-parts --report /etc/cron.weekly
52 6 1 * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.monthly


System-wide .login file for csh(1). This file is sourced on all invocations of the shell. It contains commands that are to be executed upon login and sometimes aliases also.


System-wide .logout file for csh(1). This file is sourced on all invocations of the shell. It contains commands that are to be executed upon logout.


System-wide .cshrc file for csh(1). This file is sourced on all invocations of the shell. This file should contain commands to set the command search path, plus other important environment variables. This file should not contain commands that produce output or assume the shell is attached to a tty.


Configuration files for the Common UNIX Printing System (CUPS). Files here are used to define client-specific parameters, such as the default server or default encryption settings.


'deluser' configuration files. The deluser command can remove users and groups and remove users from a given group. Deluser can optionally remove and backup the user's home directory and mail spool or all files on the system owned by him. Optionally a custom script can also be executed after each of the commands.


This daemon sets up the /dev filesystem for use. It creates required symbolic links in /dev and also creates (if so configured, as is the default) symbolic links to the "old" names for devices.


'devfsd' configuration files. This daemon sets up the /dev filesystem for use. It creates required symbolic links in /dev and also creates (if so configured, as is the default) symbolic links to the "old" names for devices.

/etc/dhclient.conf, /etc/dhclient-script

'dhclient' configuration file and 'dhclient' script files respectively. It configures your system so that it may act as a client on a DHCP based network. It is essential to connect to the Internet nowadays.


#  /etc/dict.conf Written by Bob Hilliard <hilliard@debian.org>
#  1998/03/20.  Last revised Sun, 22 Nov 1998 18:10:04 -0500 This is
#  the configuration file for /usr/bin/dict.  In most cases only the
#  server keyword need be specified.  

#  This default configuration will try to access a dictd server on
#  the local host, failing that, it will try the public server.  In
#  many cases this will be slow, so you should comment out the line 
#  for the server that you don't want to use. To use any other 
#  server, enter its IP address in place of "dict.org".  

#  Refer to the dict manpage (man dict) for other options that could
#  be inserted in here.

server localhost 
server dict.org

dict is a client for the Dictionary Server Protocol (DICT), a TCP transaction based query/response protocol that provides access to dictionary definitions from a set of natural language dictionary databases.


Configuration file for the Linux DOS Emulator. DOSEMU is a PC Emulator application that allows Linux to run a DOS operating system in a virtual x86 machine. This allows you to run many DOS applications. It includes the FreeDOS kernel, color text and full keyboard emulation (via hotkeys) via terminal, built-in X support, IBM character set font, graphics capability at the console with most compatible video cards, DPMI support so you can run DOOM, CDROM support, builtin IPX and pktdrvr support. Note - 'dosemu' is simply a ported version of Corel's own PC-DOS.


Part of the exim package. This file contains email addresses to use for outgoing mail. Any local part not in here will be qualified by the system domain as normal. It should contain lines of the form:

  user: someone@isp.com
  otheruser: someoneelse@anotherisp.com

Exim is an MTA that is considered to be rather easier to configure than smail or sendmail. It is a drop-in replacement for sendmail, mailq and rsmtp. Advanced features include the ability to reject connections from known spam sites, and an extremely efficient queue processing algorithm.


ESD configuration files. The Enlightened sound daemon is designed to mix together several digitized audio streams for playback by a single device. Like nasd, artsd and rplay it also has the capability to play sounds remotely.


The control list of systems who want to access the system via NFS, a the list of directories that you would like to share and the permissions allocated on each share.

  # /etc/exports: the access control list for filesystems which may be
  # exported to NFS clients.  See exports(5).
  ## LTS-begin ##

  # The lines between the 'LTS-begin' and the 'LTS-end' were added
  # on: Sun Feb 23 05:54:17 EST 2003 by the ltsp installation script.
  # For more information, visit the ltsp homepage
  # at http://www.ltsp.org

  /opt/ltsp/i386        ,no_root_squash)

  # The following entries need to be uncommented if you want
  # Local App support in ltsp
  #/home        ,no_root_squash)

  ## LTS-end ##


Floppy disk parameter table. Describes what different floppy disk formats look like. Used by setfdprm.


The configuration file for 'mount' and now 'supermount'. It lists the filesystems mounted automatically at startup by the mount -a command (in /etc/rc or equivalent startup file). Under Linux, also contains information about swap areas used automatically by swapon -a.

  # /etc/fstab: static file system information.
  # The following is an example. Please see fstab(5) for further details.
  # Please refer to mount(1) for a complete description of mount options.
  # Format:
  # <file system> <mount point> <type> <options> <dump> <pass>
  # dump(8) uses the <dump> field to determine which file systems need
  # to be dumped. fsck(8) uses the <pass> column to determine which file
  # systems need to be checked--the root file system should have a 1 in 
  # this field, other file systems a 2, and any file systems that should
  # not be checked (such as MS-DOS or NFS file systems) a 0.
  # The `sw' option indicates that the swap partition is to be activated
  # with `swapon -a'.
  /dev/hda2 none swap sw 0 0
  # The `bsdgroups' option indicates that the file system is to be mounted
  # with BSD semantics (files inherit the group ownership of the directory
  # in which they live). `ro' can be used to mount a file system read-only.
  /dev/hda3 / ext2 defaults 0 1 
  /dev/hda5 /home ext2 defaults 0 2
  /dev/hda6 /var ext2 defaults 0 2
  /dev/hda7 /usr ext2 defaults,ro 0 2
  /dev/hda8 /usr/local ext2 defaults,bsdgroups 0 2
  # The `noauto' option indicates that the file system should not be mounted
  # with `mount -a'. `user' indicates that normal users are allowed to mount
  # the file system.
  /dev/cdrom /cdrom iso9660 defaults,noauto,ro,user 0 0
  /dev/fd0 /floppy minix defaults,noauto,user 0 0
  /dev/fd1 /floppy minix defaults,noauto,user 0 0
  # NFS file systems: server:
  /export/usr /usr nfs defaults 0 0
  # proc file system:
  proc /proc proc defaults 0 0


Determines who might get ftp-access to your machine.


List of ftp users that need to be chrooted.


List of disallowed ftp users.


Lists gateways for 'routed'.


Configures console-logins.


MIME magic patterns as used by the Gnome VFS library.


Similar to /etc/passwd. It lists the configured user groups and who belongs to them.


Old /etc/group file.


Contains encrypted forms of group passwords.


Old /etc/gshadow file.


Contains the hostname of your machine (can be fully qualified or not).


Determines the search order for look-ups (usually hosts bind, i.e. "check /etc/hosts first and then look for a DNS").


This file is used to define a system name and domain combination with a specific IP address. This file needs to always contain an entry for an IP address, if the machine is connected to the network.

  ### etherconf DEBCONF AREA. DO NOT EDIT THIS AREA OR INSERT TEXT BEFORE IT. localhost ::1 localhost
  ip6-localhost ip6-loopback
  fe00::0 ip6-localnet
  ff00::0 ip6-mcastprefix
  ff02::1 ip6-allnodes
  ff02::2 ip6-allrouters
  ff02::3 ip6-allhosts debian.localdomain.com debian


Part of the tcp-wrappers system to control access to your machine's services. It lists hosts that are allowed to access the system and specific daemons.

  # /etc/hosts.allow: list of hosts that are allowed to access the
  # system.
  # See the manual pages hosts_access(5), hosts_options(5)
  # and /usr/doc/netbase/portmapper.txt.gz
  # Example: ALL: LOCAL @some_netgroup
  # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
  # If you're going to protect the portmapper use the name "portmap"
  # for the daemon name. Remember that you can only use the keyword
  # "ALL" and IP addresses (NOT host or domain names) for the
  # portmapper. See portmap(8) and /usr/doc/portmap/portmapper.txt.gz
  # for further information.
  bootpd: in.tftpd: 192.168.0.
  portmap: 192.168.0.
  rpc.mountd: 192.168.0.
  rpc.nfsd: 192.168.0.
  gdm: 192.168.0.
  nasd: 192.168.0.


part of the tcp-wrappers system to control access to your machine's services. It lists hosts that are not allowed to access the system.

  # Example: ALL: some.host.name, .some.domain
  # ALL EXCEPT in.fingerd: other.host.name, .other.domain
  # If you're going to protect the portmapper use the name "portmap"
  # for the daemon name. Remember that you can only use the keyword
  # "ALL" and IP addresses (NOT host or domain names) for the
  # portmapper. See portmap(8) and /usr/doc/portmap/portmapper.txt.gz
  # for further information.
  # The PARANOID wildcard matches any host whose name does not match
  # its address. You may wish to enable this to ensure any programs
  # that don't validate looked up hostnames still leave understandable
  # logs. In past versions of Debian this has been the default.


Apache configuration files. Apache is a versatile, high-performance HTTP server. The most popular server in the world, Apache features a modular design and supports dynamic selection of extension modules at runtime. Its strong points are its range of possible customization, dynamic adjustment of the number of server processes, and a whole range of available modules including many authentication mechanisms, server-parsed HTML, server-side includes, access control, CERN httpd metafiles emulation, proxy caching, etc. Apache also supports multiple virtual homing.


TCP/IP IDENT protocol server. It implements the TCP/IP proposed standard IDENT user identification protocol (RFC 1413). identd operates by looking up specific TCP/IP connections and returning the username of the process owning the connection. It can also return other information besides the username.

  # /etc/identd.conf - an example configuration file

  #-- The syslog facility for error messages
  # syslog:facility = daemon

  #-- User and group (from passwd database) to run as
  server:user = nobody

  #-- Override the group id
  # server:group = kmem

  #-- What port to listen on when started as a daemon or from /etc/inittab
  # server:port = 113

  #-- The socket backlog limit
  # server:backlog = 256

  #-- Where to write the file containing our process id
  # server:pid-file = "/var/run/identd/identd.pid"

  #-- Maximum number of concurrent requests allowed (0 = unlimited)
  # server:max-requests = 0

  #-- Enable some protocol extensions like "VERSION" or "QUIT"
  protocol:extensions = enabled

  #-- Allow multiple queries per connection
  protocol:multiquery = enabled

  #-- Timeout in seconds since connection or last query. Zero = disable
  # protocol:timeout = 120

  #-- Maximum number of threads doing kernel lookups
  # kernel:threads = 8

  #-- Maximum number of queued kernel lookup requests
  # kernel:buffers = 32

  #-- Maximum number of time to retry a kernel lookup in case of failure
  # kernel:attempts = 5

  #-- Disable username lookups (only return uid numbers)
  # result:uid-only = no

  #-- Enable the ".noident" file
  # result:noident = enabled

  #-- Charset token to return in replies
  # result:charset = "US-ASCII"

  #-- Opsys token to return in replies
  # result:opsys = "UNIX"

  #-- Log all request replies to syslog (none == don't)
  # result:syslog-level = none

  #-- Enable encryption (only available if linked with a DES library)
  # result:encrypt = no

  #-- Path to the DES key file (only available if linked with a DES library)
  # encrypt:key-file = "/usr/local/etc/identd.key"

  #-- Include a machine local configuration file
  # include = /etc/identd.conf


Configuration of services that are started by the INETD TCP/IP super server. 'inetd' is now deprecated. 'xinetd' has taken its place. See /etc/xinet.conf for further details.

  # /etc/inetd.conf:  see inetd(8) for further information.
  # Internet server configuration database
  # Lines starting with "#:LABEL:" or "#<off>#" should not
  # be changed unless you know what you are doing!
  # If you want to disable an entry so it isn't touched during
  # package updates just comment it out with a single '#' character.
  # Packages should modify this file by using update-inetd(8)
  # <service_name> <sock_type> <proto> 
  # <flags> <user> <server_path>
  # <args>
  #:INTERNAL: Internal services
  #echo	stream	tcp nowait root	internal
  #echo	dgram	udp wait root internal
  #chargen stream tcp	nowait root internal
  #chargen dgram udp	wait root internal
  discard stream tcp nowait root internal
  discard dgram	udp wait root internal
  daytime stream tcp nowait root internal
  #daytime dgram udp wait root internal
  time stream tcp nowait root internal
  #time dgram udp wait root internal

  #:STANDARD: These are standard services.
  ftp stream tcp nowait	root /usr/sbin/tcpd /usr/sbin/in.ftpd	
  telnet stream	tcp nowait telnetd.telnetd /usr/sbin/tcpd 

  #:MAIL: Mail, news and uucp services.
  smtp stream tcp nowait mail /usr/sbin/exim exim -bs
  imap2  stream  tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd
  imap3  stream  tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd

  #:INFO: Info services
  ident	stream tcp wait	identd /usr/sbin/identd	identd
  finger stream	tcp nowait nobody /usr/sbin/tcpd 

  #:BOOT: Tftp service is provided primarily for booting.  
  #Most sites run this only on machines acting as "boot servers."
  tftp dgram udp wait nobody /usr/sbin/tcpd 
                             /usr/sbin/in.tftpd -s /tftpboot


Order of scripts run in /etc/rc?.d

0. Overview.

   All scripts executed by the init system are located in /etc/init.d.
   The directories /etc/rc?.d (? = S, 0 .. 6) contain relative links to
   those scripts. These links are named S<2-digit-number><
   original-name> or K<2-digit-number><original-name>.

   If a scripts has the ".sh" suffix it is a bourne shell script and
   MAY be handled in an optimized manner. The behaviour of executing the
   script in an optimized way will not differ in any way from it being
   forked and executed in the regular way.

   The following runlevels are defined:

   N       System bootup (NONE).
   S       Single user mode (not to be switched to directly)
   0       halt
   1       single user mode
   2 .. 5  multi user mode
   6       reboot

1. Boot.

   When the systems boots, the /etc/init.d/rcS script is executed. It
   in turn executes all the S* scripts in /etc/rcS.d in alphabetical
   (and thus numerical) order. The first argument passed to the
   executed scripts is "start". The runlevel at this point is
   "N" (none).

   Only things that need to be run once to get the system in a consistent
   state are to be run. The rcS.d directory is NOT meant to replace rc.local.
   One should not start daemons in this runlevel unless absolutely
   necessary. Eg, NFS might need the portmapper, so it is OK to start it
   early in the boot process. But this is not the time to start the
   squid proxy server.

2. Going multiuser.

   After the rcS.d scripts have been executed, init switches to the
   default runlevel as specified in /etc/inittab, usually "2".

   Init then executes the /etc/init.d/rc script which takes care of
   starting the services in /etc/rc2.d.

   Because the previous runlevel is "N" (none) the /etc/rc2.d/KXXxxxx
   scripts will NOT be executed - there is nothing to stop yet,
   the system is busy coming up.

   If for example there is a service that wants to run in runlevel 4
   and ONLY in that level, it will place a KXXxxxx script in
   /etc/rc{2,3,5}.d to stop the service when switching out of runlevel 4.
   We do not need to run that script at this point.
   The /etc.rc2.d/SXXxxxx scripts will be executed in alphabetical
   order, with the first argument set to "start".

3. Switching runlevels.

   When one switches from (for example) runlevel 2 to runlevel 3,
   /etc/init.d/rc will first execute in alphabetical order all K
   scripts for runlevel 3 (/etc/rc3.d/KXXxxxx) with as first argument
   "stop" and then all S scripts for runlevel 3 (/etc/rc3.d/SXXxxxx)
   with as first argument "start".

   As an optimization, a check is made for each "service" to see if
   it was already running in the previous runlevel. If it was, and there
   is no K (stop) script present for it in the new runlevel, there is
   no need to start it a second time so that will not be done.

   On the other hand, if there was a K script present, it is assumed the
   service was stopped on purpose first and so needs to be restarted.

   We MIGHT make the same optimization for stop scripts as well-
   if no S script was present in the previous runlevel, we can assume
   that service was not running and we don't need to stop it either.
   In that case we can remove the "coming from level N" special case
   mentioned above in 2). But right now that has not been implemented.

4. Single user mode.

   Switching to single user mode is done by switching to runlevel 1.
   That will cause all services to be stopped (assuming they all have
   a K script in /etc/rc1.d). The runlevel 1 scripts will then switch
   to runlevel "S" which has no scripts - all it does is spawn
   a shell directly on /dev/console for maintenance.

5. Halt/reboot

   Going to runlevel 0 or 6 will cause the system to be halted or rebooted,
   respectively. For example, if we go to runlevel 6 (reboot) first
   all /etc/rc6.d/KXXxxxx scripts will be executed alphabetically with
   "stop" as the first argument.

   Then the /etc/rc6.d/SXXxxxx scripts will be executed alphabetically
   with "stop" as the first argument as well. The reason is that there
   is nothing to start any more at this point - all scripts that are
   run are meant to bring the system down.

   In the future, the /etc/rc6.d/SXXxxxx scripts MIGHT be moved to
   /etc/rc6.d/K1XXxxxx for clarity.


Boot-time system configuration/initialization script. Tells init how to handle runlevels. It sets the default runlevel. This is run first except when booting in emergency (-b) mode. It also enables a user to startup a getty session on an external device such as the serial ports. To add terminals or dial-in modem lines to a system, just add more lines to /etc/inittab, one for each terminal or dial-in line. For more details, see the manual pages init, inittab, and getty. If a command fails when it starts, and init is configured to restart it, it will use a lot of system resources: init starts it, it fails, init starts it, it fails, and so on. To prevent this, init will keep track of how often it restarts a command, and if the frequency grows to high, it will delay for five minutes before restarting again. /etc/inittab also has some special features that allow init to react to special circumstances. powerwait Allows init to shut the system down, when the power fails. This assumes the use of a UPS, and software that watches the UPS and informs init that the power is off. ctrlaltdel Allows init to reboot the system, when the user presses ctrl-alt-del on the console keyboard. Note that the system administrator can configure the reaction to ctrl-alt-del to be something else instead, e.g., to be ignored, if the system is in a public location. sysinit Command to be run when the system is booted. This command usually cleans up /tmp, for example. The list above is not exhaustive. See your inittab manual page for all possibilities, and for details on how to use the ones above. To set (or reset) initial terminal colours. The following shell script should work for VGA consoles: for n in 1 2 4 5 6 7 8; do setterm -fore yellow -bold on -back blue -store > /dev/tty$n done Substitute your favorite colors, and use /dev/ttyS$n for serial terminals. To make sure they are reset when people log out (if they've been changed) replace the references to getty (or mingetty or uugetty or whatever) in /etc/inittab with references to /sbin/mygetty. #!/bin/sh setterm -fore yellow -bold on -back blue -store > $1 exec /sbin/mingetty $@ An example /etc/inittab is provided below.

  # /etc/inittab: init(8) configuration.
  # $Id: etc.xml,v 1.10 2004/02/03 21:42:57 binh Exp $
  # The default runlevel. id:2:initdefault:
  # Boot-time system configuration/initialization script.
  # This is run first except when booting in emergency (-b) mode.
  # What to do in single-user mode.
  # /etc/init.d executes the S and K scripts upon change
  # of runlevel.
  # Runlevel 0 is halt.
  # Runlevel 1 is single-user.
  # Runlevels 2-5 are multi-user.
  # Runlevel 6 is reboot.
  l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1
  l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3
  l4:4:wait:/etc/init.d/rc 4 l5:5:wait:/etc/init.d/rc 5
  l6:6:wait:/etc/init.d/rc 6
  # Normally not reached, but fallthrough in case of emergency.
  # What to do when CTRL-ALT-DEL is pressed.
  ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
  # Action on special keypress (ALT-UpArrow).
  #kb::kbrequest:/bin/echo "Keyboard Request
  #--edit /etc/inittab to let this work."
  # What to do when the power fails/returns.
  pf::powerwait:/etc/init.d/powerfail start
  pn::powerfailnow:/etc/init.d/powerfail now
  po::powerokwait:/etc/init.d/powerfail stop
  # /sbin/getty invocations for the runlevels.
  # The "id" field MUST be the same as the last
  # characters of the device (after "tty").
  # Format:
  # <id>:<runlevels>:<action>:<process>
  # Note that on most Debian systems tty7 is used by the X Window System,
  # so if you want to add more getty's go ahead but skip tty7 if you run X.
  1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2
  3:23:respawn:/sbin/getty 38400 tty3 4:23:respawn:/sbin/getty 38400 tty4
  5:23:respawn:/sbin/getty 38400 tty5 6:23:respawn:/sbin/getty 38400 tty6
  # Example how to put a getty on a serial line (for a terminal)
  #T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100 
  #T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
  # Example how to put a getty on a modem line.
  #T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3

  Undocumented features
  The letters A-C can be used to spawn a daemon listed in /etc/inittab. For
  example, assuming you want to start getty on a port to receive a call, but
  only after receiving a voice call first (and not all the time). Furthermore,
  you want to be able to receive a data or a fax call and that when you get
  the voice message you'll know which you want. You insert two new lines
  in /etc/inittab, each with its own ID, and each with a runlevel such as A
  for data and B for fax. When you know which you need, you simply spawn the
  appropriate daemon by calling 'telinit A' or 'telinit B'.
  The appropriate getty is put on the line until the first call is received.
  When the caller terminates the connection, the getty drops because, by
  definition, on demand will not respawn. The other two letters, S and Q, are
  special. S brings you system to maintenance mode and is the same as changing
  state to runlevel 1. The Q is used to tell init to reread inittab. The
  /etc/inittab file can be changed as often as required, but will only be read
  under certain circumstances: -One of its processes dies (do you need to
  respawn another?) -On a powerful signal from a power daemon (or a command
  line) -When told to change state by telinit The Q argument tells init to
  reread the /etc/inittab file. Even though it is called the System V runlevel
  system runlevels 7-9 are legitimate runlevels that can be used if necessary.
  The administrator must remember to alter the inittab file though and also to
  create the required rc?.d files.


Global inputrc for libreadline. Readline is a function that gets a line from a user and automatically edits it.


Configuration file for ISA based cards. This standard is virtually redundant in new systems. The 'isapnptools' suite of ISA Plug-And-Play configuration utilities is used to configure such devices. These programs are suitable for all systems, whether or not they include a PnP BIOS. In fact, PnP BIOS adds some complications because it may already activate some cards so that the drivers can find them, and these tools can unconfigure them, or change their settings causing all sorts of nasty effects.


ISDN configuration files.


Output by getty before the login prompt. Usually contains a short description or welcoming message to the system. The contents are up to the system administrator. Debian GNU/\s 3.0 \n \l


Presents the welcome screen to users who login remotely to your machine (whereas /etc/issue determines what a local user sees on login). Debian GNU/%s 3.0 %h


KDE initialization scripts and KDM configuration.


Location for the K Desktop Manager files. kdm manages a collection of X servers, which may be on the local host or remote machines. It provides services similar to those provided by init, getty, and login on character-based terminals: prompting for login name and password, authenticating the user, and running a session. kdm supports XDMCP (X Display Manager Control Protocol) and can also be used to run a chooser process which presents the user with a menu of possible hosts that offer XDMCP display management.


System wide KDE initialization script. Commands here executed every time the KDE environment is loaded. It's a link to /etc/kde2/system.kdeglobals


/etc/ld.so.conf, /etc/ld.so.cache

/etc/ld.so.conf is a file containing a list of colon, space, tab, newline, or comma separated directories in which to search for libraries. /etc/ld.so.cache containing an ordered list of libraries found in the directories specified in /etc/ld.so.conf. This file is not in human readable format, and is not intended to be edited.

'ldconfig' creates the necessary links and cache (for use by the run-time linker, ld.so) to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories (/usr/lib and /lib). 'ldconfig' checks the header and file names of the libraries it encounters when determining which versions should have their links updated. ldconfig ignores symbolic links when scanning for libraries.

'ldconfig' will attempt to deduce the type of ELF libs (ie. libc5 or libc6/glibc) based on what C libs if any the library was linked against, therefore when making dynamic libraries, it is wise to explicitly link against libc (use -lc).

Some existing libs do not contain enough information to allow the deduction of their type, therefore the /etc/ld.so.conf file format allows the specification of an expected type. This is only used for those ELF libs which we can not work out. The format is like this "dirname=TYPE", where type can be libc4, libc5 or libc6. (This syntax also works on the command line). Spaces are not allowed. Also see the -p option.

Directory names containing an = are no longer legal unless they also have an expected type specifier.

'ldconfig' should normally be run by the super-user as it may require write permission on some root owned directories and files. It is normally run automatically at bootup or manually whenever new shared libraries are installed.


X libraries.


Local libraries.


Configuration file for the Linux boot loader 'lilo'. 'lilo' is the original OS loader and can load Linux and others. The 'lilo' package normally contains lilo (the installer) and boot-record-images to install Linux, OS/2, DOS and generic Boot Sectors of other Oses. You can use Lilo to manage your Master Boot Record (with a simple text screen, text menu or colorful splash graphics) or call 'lilo' from other boot-loaders to jump-start the Linux kernel.

  Prompt #Prompt user to select
  OS choice at boot timeout=300  # Amount of time to wait before default OS
                                 # started (in ms)
  default=Debian4 #Default OS to be loaded
  vga=normal #VGA mode
  boot=/dev/had #location of MBR
  map=/boot/map #location of kernel
  install=/boot/boot-bmp.b #File to be installed as boot sector
  bitmap=/boot/debian.bmp #LILO boot image 
  bmp-table=30p,100p,1,10 #Colours
  selectable bmp-colors=13,,0,1,,0 #Colours chosen
  lba32 #Required on most new systems to overcome
        #1024 cylinder problem
  image=/vmlinuz #name of kernel
  image label=Debian #a label
  read-only #file system to be mounted read only
  root=/dev/hda6 #location of root filesystem

  append=" hdc=ide-scsi hdd=ide-scsi"
  append="devfs=mount hdc=ide-scsi
  acpi=off quiet"

  label=floppy unsafe


This file lists locales that you wish to have built. You can find a list of valid supported locales at /usr/share/i18n/SUPPORTED. Other combinations are possible, but may not be well tested. If you change this file, you need to re-run locale-gen.


Locale name alias data base.


Configuration control definitions for the login package. An inordinate number of attributes can be altered via this single file such as the location of mail, delay in seconds after a failed login, enabling display of fail log information, display of unknown username login failures, shell environment variables, etc....


The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job.

  # see "man logrotate" for details
  # rotate log files weekly

  # keep 4 weeks worth of backlogs
  rotate 4

  # create new (empty) log files after rotating old ones

  # uncomment this if you want your log files compressed

  # packages drop log rotation information into this directory
  include /etc/logrotate.d

  # no packages own wtmp, or btmp -- we'll rotate them here
  /var/log/wtmp {
      create 0664 root utmp
      rotate 1

  /var/log/btmp {
      create 0664 root utmp
      rotate 1

  # system-specific logs may be configured here


Configuration file for ltrace (Library Call Tracer). It tracks runtime library calls in dynamically linked programs. 'ltrace' is a debugging program which runs a specified command until it exits. While the command is executing, ltrace intercepts and records the dynamic library calls which are called by the executed process and the signals received by that process. It can also intercept and print the system calls executed by the program. The program to be traced need not be recompiled for this, so you can use it on binaries for which you don't have the source handy. You should install ltrace if you need a sysadmin tool for tracking the execution of processes.


Magic local data and configuration file for the file(1) command. Contains the descriptions of various file formats based on which file guesses the type of the file. Insert here your local magic data. Format is described in magic(5).


Initialization file for 'mail'. 'mail' is an intelligent mail processing system which has a command syntax reminiscent of ed with lines replaced by messages. It's basically a command line version of Microsoft Outlook.


'metamail' capabilities file. The mailcap file is read by the metamail program to determine how to display non-text at the local site. The syntax of a mailcap file is quite simple, at least compared to termcap files. Any line that starts with "#" is a comment. Blank lines are ignored. Otherwise, each line defines a single mailcap entry for a single content type. Long lines may be continued by ending them with a backslash character, \. Each individual mailcap entry consists of a content-type specification, a command to execute, and (possibly) a set of optional "flag" values.


The mailcap ordering specifications. The order of entries in the /etc/mailcap file can be altered by editing the /etc/mailcap.order file. Each line of that file specifies a package and an optional mime type. Mailcap entries that match will be placed in the order of this file. Entries that don't match will be placed later.


Mail server hostname. Normally the same as the hostname.

/etc/menu, /etc/menu-methods

The menu package was inspired by the install-fvwm2-menu program from the old fvwm2 package. However, menu tries to provide a more general interface for menu building. With the update-menus command from this package, no package needs to be modified for every X window manager again, and it provides a unified interface for both text-and X-oriented programs.

When a package that wants to add something to the menu tree gets installed, it will run update-menus in its postinstall script. Update-menus then reads in all menu files in /etc/menu/ /usr/lib/menu and /usr/lib/menu/default, and stores the menu entries of all installed packages in memory. Once that has been done, it will run the menu-methods in /etc/menu-methods/*, and pipe the information about the menu entries to the menu-methods on stdout, so that the menu-methods can read this. Each Window Manager or other program that wants to have the debian menu tree, will supply a menu-method script in /etc/menu-methods/. This menu-method then knows how to generate the startup-file for that window manager. To facilitate this task for the window-manager maintainers, menu provides a install-menu program. This program can generate the startup files for just about every window manager.


Configuration files for use of mgetty as the interface on the serial port. The mgetty routine special routine has special features for handling things such as dial up connections and fax connections.


MIME-TYPES and the extensions that represent them. This file is part of the "mime-support" package. Note: Compression schemes like "gzip", "bzip", and "compress" are not actually "mime-types". They are "encodings" and hence must _not_ have entries in this file to map their extensions. The "mime-type" of an encoded file refers to the type of data that has been encoded, not the type of the encoding.


'minicom' configuration files. 'minicom' is a communication program which somewhat resembles the shareware program TELIX but is free with source code and runs under most unices. Features include dialling directory with auto-redial, support for UUCP-style lock files on serial devices, a separate script language interpreter, capture to file, multiple users with individual configurations, and more.


List of modules to be loaded at startup.

  # /etc/modules: kernel modules to load at boot time.
  # This file should contain the names of kernel modules that are
  # to be loaded at boot time, one per line. Comments begin with
  # a "#", and everything on the line after them are ignored.


  ### This file is automatically generated by update-modules"
  # Please do not edit this file directly. If you want to change or add
  # anything please take a look at the files in /etc/modutils and read
  # the manpage for update-modules.
  ### update-modules: start processing /etc/modutils/0keep
  # This file is not marked as conffile to make sure if you upgrade modutils
  # it will be restored in case some modifications have been made.
  # The keep command is necessary to prevent insmod and friends from ignoring
  # the builtin defaults of a path-statement is encountered. Until all other
  # packages use the new `add path'-statement this keep-statement is essential
  # to keep your system working

  ### update-modules: end processing /etc/modutils/0keep

  ### update-modules: start processing /etc/modutils/actions
  # Special actions that are needed for some modules

  # The BTTV module does not load the tuner module automatically,
  # so do that in here
  post-install bttv insmod tuner
  post-remove bttv rmmod tuner

  ### update-modules: end processing /etc/modutils/actions

  ### update-modules: start processing /etc/modutils/aliases
  # Aliases to tell insmod/modprobe which modules to use 

  # Uncomment the network protocols you don't want loaded:
  # alias net-pf-1 off		# Unix
  # alias net-pf-2 off		# IPv4
  # alias net-pf-3 off		# Amateur Radio AX.25
  # alias net-pf-4 off		# IPX
  # alias net-pf-5 off		# DDP / appletalk
  # alias net-pf-6 off		# Amateur Radio NET/ROM
  # alias net-pf-9 off		# X.25
  # alias net-pf-10 off		# IPv6
  # alias net-pf-11 off		# ROSE / Amateur Radio X.25 PLP
  # alias net-pf-19 off		# Acorn Econet

  alias char-major-10-175	agpgart
  alias char-major-10-200	tun
  alias char-major-81	bttv
  alias char-major-108	ppp_generic
  alias /dev/ppp		ppp_generic
  alias tty-ldisc-3	ppp_async
  alias tty-ldisc-14	ppp_synctty
  alias ppp-compress-21	bsd_comp
  alias ppp-compress-24	ppp_deflate
  alias ppp-compress-26	ppp_deflate

  # Crypto modules (see http://www.kerneli.org/)
  alias loop-xfer-gen-0	loop_gen
  alias loop-xfer-3	loop_fish2
  alias loop-xfer-gen-10	loop_gen
  alias cipher-2		des
  alias cipher-3		fish2
  alias cipher-4		blowfish
  alias cipher-6		idea
  alias cipher-7		serp6f
  alias cipher-8		mars6
  alias cipher-11		rc62
  alias cipher-15		dfc2
  alias cipher-16		rijndael
  alias cipher-17		rc5

  ### update-modules: end processing /etc/modutils/aliases

  ### update-modules: start processing /etc/modutils/ltmodem-2.4.18
  # lt_drivers: autoloading and insertion parameter usage
  alias char-major-62 lt_serial
  alias /dev/tts/LT0  lt_serial
  alias /dev/modem lt_serial
  # options lt_modem vendor_id=0x115d device_id=0x0420 Forced=3,0x130,0x2f8
  # section for lt_drivers ends

  ### update-modules: end processing /etc/modutils/ltmodem-2.4.18

  ### update-modules: start processing /etc/modutils/paths
  # This file contains a list of paths that modprobe should scan,
  # beside the once that are compiled into the modutils tools
  # themselves.

  ### update-modules: end processing /etc/modutils/paths

  ### update-modules: start processing /etc/modutils/ppp
  alias /dev/ppp          ppp_generic
  alias char-major-108    ppp_generic
  alias tty-ldisc-3       ppp_async  
  alias tty-ldisc-14      ppp_synctty
  alias ppp-compress-21   bsd_comp   
  alias ppp-compress-24   ppp_deflate
  alias ppp-compress-26   ppp_deflate

  ### update-modules: end processing /etc/modutils/ppp

  ### update-modules: start processing /etc/modutils/setserial
  # This is what I wanted to do, but logger is in /usr/bin, which isn't
  # loaded when the module is first loaded into the kernel at boot time!
  #post-install serial /etc/init.d/setserial start | 
  #logger -p daemon.info -t "setserial-module reload"
  #pre-remove serial /etc/init.d/setserial stop | 
  #logger -p daemon.info -t "setserial-module uload"
  alias /dev/tts          serial
  alias /dev/tts/0        serial
  alias /dev/tts/1        serial
  alias /dev/tts/2        serial
  alias /dev/tts/3        serial
  post-install serial /etc/init.d/setserial modload > /dev/null 2> /dev/null
  pre-remove serial /etc/init.d/setserial modsave  > /dev/null 2> /dev/null

  ### update-modules: end processing /etc/modutils/setserial

  ### update-modules: start processing /etc/modutils/arch/i386
  alias parport_lowlevel parport_pc
  alias char-major-10-144 nvram
  alias binfmt-0064 binfmt_aout
  alias char-major-10-135 rtc

  ### update-modules: end processing /etc/modutils/arch/i386


These utilities are intended to make a Linux modular kernel manageable for all users, administrators and distribution maintainers.


Debian default mtools configuration file. The mtools series of commands work with MS-DOS files and directories on floppy disks. This allows you to use Linux with MS-DOS formatted diskettes on DOS and Windows systems.


This file is used by the man_db package to configure the man and cat paths. It is also used to provide a manpath for those without one by examining their PATH environment variable. For details see the manpath(5) man page.


Was formally named /etc/fdprm. See /etc/fdprm for further details.


The message of the day, automatically output after a successful login. Contents are up to the system administrator. Often used for getting information to every user, such as warnings about planned downtimes. Linux debian.localdomain.com 2.4.18 #1 Sat Mar 15 00:17:39 EST 2003 i686 unknown Most of the programs included with the Debian GNU/Linux system are freely redistributable; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.


List of currently mounted filesystems. Initially set up by the bootup scripts, and updated automatically by the mount command. Used when a list of mounted filesystems is needed, e.g., by the df command. This file is sometimes a symbolic link to /proc/mounts.


List of networks that the system is currently located on. For example,


System Database/Name Service Switch configuration file.


OSS (Open Sound System) configuration file.


This directory is the home of the configuration files for PAMs, Pluggable Authentication Modules.


Holds your postfix configuration files. Postfix is now the MTA of choice among Linux distributions. It is sendmail-compatible, offers improved speed over sendmail, ease of administration and security. It was originally developed by IBM and was called the IBM Secure Mailer and is used in many large commercial networks. It is now the de-facto standard.


The place where your dial-up configuration files are placed. More than likely to be created by the text menu based pppconfig or other GUI based ppp configuration utilities such as kppp or gnome-ppp.


Most programs use a file under the /etc/pam.d/ directory to setup their PAM service modules. This file is and can be used, but is not recommended.


Paper size configuration file.


Default papersize.


This is the 'old' password file, It is kept for compatibility and contains the user database, with fields giving the username, real name, home directory, encrypted password, and other information about each user. The format is documented in the passwd man(ual) page.

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync games:x:5:100:games:/usr/games:/bin/sh
man:x:6:100:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh
list:x:38:38:SmartList:/var/list:/bin/sh irc:x:39:39:ircd:/var:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
sshd:x:101:65534::/var/run/sshd:/bin/false gdm:x:102:101:Gnome Display


Old /etc/passwd file.


Printer configuration (capabilities) file. The definition of all system printers, whether local or remote, is stored in this file. Its layout is similar to that of /etc/termcap but it uses a different syntax.


Files and commands to be executed at login or startup time by the Bourne or C shells. These allow the system administrator to set global defaults for all users.


Shells scripts to be executed upon login to the Bourne or C shells. These scripts are normally called from the /etc/profile file.


Protocols definitions file. It describes the various DARPA Internet protocols that are available from the TCP/IP subsystem. It should be consulted instead of using the numbers in the ARPA include files or resorting to guesstimation. This file should be left untouched since changes could result in incorrect IP packages.


Configuration files for PCMCIA devices. Generally only useful to laptop users.


Configuration file for reportbug. Reportbug is primarily designed to report bugs in the Debian distribution. By default it creates an e-mail to the Debian bug tracking system at mit@bugs.debian.org with information about the bug. Using the -bts option you can report bugs to other servers also using ddebbugs such as KDE.org. It is similar to bug but has far greater capabilities while still maintaining simplicity.

/etc/rc.boot or /etc/rc?.d

These directories contain all the files necessary to control system services and configure runlevels. A skeleton file is provided in /etc/init.d/skeleton


The scripts in this directory are executed once when booting the system, even when booting directly into single user mode. The files are all symbolic links, the real files are located in /etc/init.d/. For a more general discussion of this technique, see /etc/init.d/README.


Configuration of how DNS is to occur is defined in this file. It tells the name resolver libraries where they need to go to find information not found in the /etc/hosts file. This always has at least one nameserver line, but preferably three. The resolver uses each in turn. More than the first three can be included but anything beyond the first three will be ignored. Two lines that appear in the /etc/resolv.conf file are domain and search. Both of these are mutually exclusive options, and where both show up, the last one wins. Other entries beyond the three discussed here are listed in the man pages but aren't often used.


This is not a mistake. This shell script (/etc/rmt) has been provided for compatibility with other Unix-like systems, some of which have utilities that expect to find (and execute) rmt in the /etc directory on remote systems.


The rpc file contains user readable names that can be used in place of rpc program numbers. Each line has the following information: -name of server for the rpc program -rpc program number -aliases Items are separated by any number of blanks and/or tab characters. A ``#'' indicates the beginning of a comment; characters up to the end of the line are not interpreted by routines which search the file.

  # /etc/rpc:
  # $Id: etc.xml,v 1.10 2004/02/03 21:42:57 binh Exp $
  # rpc 88/08/01 4.0 RPCSRC; from 1.12   88/02/07 SMI

  portmapper	100000	portmap sunrpc
  rstatd		100001	rstat rstat_svc rup perfmeter
  rusersd		100002	rusers
  nfs		100003	nfsprog
  ypserv		100004	ypprog
  mountd		100005	mount showmount
  ypbind		100007
  walld		100008	rwall shutdown
  yppasswdd	100009	yppasswd
  etherstatd	100010	etherstat
  rquotad		100011	rquotaprog quota rquota
  sprayd		100012	spray
  3270_mapper	100013
  rje_mapper	100014
  selection_svc	100015	selnsvc
  database_svc	100016
  rexd		100017	rex
  alis		100018
  sched		100019
  llockmgr	100020
  nlockmgr	100021
  x25.inr		100022
  statmon		100023
  status		100024
  bootparam	100026
  ypupdated	100028	ypupdate
  keyserv		100029	keyserver
  tfsd		100037 
  nsed		100038
  nsemntd		100039
  pcnfsd		150001
  amd		300019	amq
  sgi_fam		391002
  ugidd		545580417
  bwnfsd          788585389


Samba configuration files. A 'LanManager' like file and printer server for Unix. The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol.


Sane configuration files. SANE stands for "Scanner Access Now Easy" and is an application programming interface (API) that provides standardized access to any raster image scanner hardware (flatbed scanner, hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The SANE API is public domain and its discussion and development is open to everybody. The current source code is written for UNIX (including GNU/Linux) and is available under the GNU General Public License (the SANE API is available to proprietary applications and backends as well, however).

SANE is a universal scanner interface. The value of such a universal interface is that it allows writing just one driver per image acquisition device rather than one driver for each device and application. So, if you have three applications and four devices, traditionally you'd have had to write 12 different programs. With SANE, this number is reduced to seven: the three applications plus the four drivers. Of course, the savings get even bigger as more and more drivers and/or applications are added.

Not only does SANE reduce development time and code duplication, it also raises the level at which applications can work. As such, it will enable applications that were previously unheard of in the UNIX world. While SANE is primarily targeted at a UNIX environment, the standard has been carefully designed to make it possible to implement the API on virtually any hardware or operating system.

While SANE is an acronym for ``Scanner Access Now Easy'' the hope is of course that SANE is indeed sane in the sense that it will allow easy implementation of the API while accommodating all features required by today's scanner hardware and applications. Specifically, SANE should be broad enough to accommodate devices such as scanners, digital still and video cameras, as well as virtual devices like image file filters.

If you're familiar with TWAIN, you may wonder why there is a need for SANE. Simply put, TWAIN does not separate the user-interface from the driver of a device. This, unfortunately, makes it difficult, if not impossible, to provide network transparent access to image acquisition devices (which is useful if you have a LAN full of machines, but scanners connected to only one or two machines; it's obviously also useful for remote-controlled cameras and such). It also means that any particular TWAIN driver is pretty much married to a particular GUI API (be it Win32 or the Mac API). In contrast, SANE cleanly separates device controls from their representation in a user-interface. As a result, SANE has no difficulty supporting command-line driven interfaces or network-transparent scanning. For these reasons, it is unlikely that there will ever be a SANE backend that can talk to a TWAIN driver. The converse is no problem though: it would be pretty straight forward to access SANE devices through a TWAIN source. In summary, if TWAIN had been just a little better designed, there would have been no reason for SANE to exist, but things being the way they are, TWAIN simply isn't SANE.


Identifies secure terminals, i.e., the terminals from which root is allowed to log in. Typically only the virtual consoles are listed, so that it becomes impossible (or at least harder) to gain superuser privileges by breaking into a system over a modem or a network.

  # /etc/securetty: list of terminals on which root is allowed to login.
  # See securetty(5) and login(1).

  # Standard consoles

  # Same as above, but these only occur with devfs devices


Configuration file for libsensors. A set of libraries designed to ascertain current hardware states via motherboard sensor chips. Useful statistics such as core voltages, CPU temperature can be determined through third party utilities that make user of these libraries such as 'gkrellm'. If you do not wish to install these packages you may also utilise the /proc filesystem real-time nature.


Sudoers file. This file must be edited with the 'visudo' command as root. The sudo command allows an authenticated user to execute an authorized command as root. Both the effective UID and GID are set to 0 (you are basically root). It determines which users are authorized and which commands they are authorized to use. Configuration of this command is via this file.


Shadow password file on systems with shadow password software installed (PAMs). Shadow passwords move the encrypted password from /etc/passwd into /etc/shadow; the latter is not readable by anyone except root. This makes it more difficult to crack passwords.


Old /etc/shadow file.


Configuration file for setting system variables, most notably kernel parameters. 'sysctl' is a means of configuring certain aspects of the kernel at run-time, and the /proc/sys/ directory is there so that you don't even need special tools to do it!


Essential to security. This subdirectory allows administrators to impose quota limits, access limits and also to configure PAM environments.


Serial port configuration. Changeable parameters include speed, baud rate, port, irq and type.


A definition of the networks, services and the associated port for each protocol that are available on this system. For example, web services (http) are assigned to port 80 by default. # /etc/services: # $Id: etc.xml,v 1.10 2004/02/03 21:42:57 binh Exp $ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single # well-known port number for both TCP and UDP; hence, most entries # here have two entries even if the protocol doesn't support UDP # operations. Updated from RFC 1700, ``Assigned Numbers'' (October # 1994). Not all ports are included, only the more common ones. echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp fsp 21/udp fspd ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp # 24 - private smtp 25/tcp mail # 26 - unassigned time 37/tcp timserver time 37/udp timserver rlp 39/udp resource # resource location nameserver 42/tcp name # IEN 116 whois 43/tcp nicname re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol domain 53/tcp nameserver # name-domain server domain 53/udp nameserver netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp x11 6000/tcp x11-0 # X windows system x11 6000/udp x11-0 # X windows system


Lists trusted shells. The chsh command allows users to change their login shell only to shells listed in this file. ftpd, the server process that provides FTP services for a machine, will check that the user's shell is listed in /etc/shells and will not let people log in unless the shell is listed there. There are also some display managers that will passively or actively (dependent upon on distribution and display manager being used) refuse a user access to the system unless their shell is one of those listed here.

  # /etc/shells: valid login shells


The default files for each new user are stored in this directory. Each time a new user is added, these skeleton files are copied into their home directory. An average system would have: .alias, .bash_profile, .bashrc and .cshrc files. Other files are left up to the system administrator.


This directory contains configuration files and subdirectories for the setup of system configuration specifics and for the boot process, like 'clock', which sets the timezone, or 'keyboard' which controls the keyboard map. The contents may vary drastically depending on which distribution and what utilities you have installed. For example, on a Redhat or Mandrake based system it is possible to alter an endless array of attributes from the default desktop to whether DMA should be enabled for your IDE devices. On our Debian reference system though this folder is almost expedient containing only two files hwconf and soundcard which are both configured by the Redhat utilities hwconf and sndconfig respectively.


Configuration files for the setup and operation of SLIP (serial line IP) interface. Generally unused nowadays. This protocol has been superceded by the faster and more efficient PPP protocol.


This is the system wide screenrc. You can use this file to change the default behavior of screen system wide or copy it to ~/.screenrc and use it as a starting point for your own settings. Commands in this file are used to set options, bind screen functions to keys, redefine terminal capabilities, and to automatically establish one or more windows at the beginning of your screen session. This is not a comprehensive list of options, look at the screen manual for details on everything that you can put in this file.


A free electronic cataloging system for documentation. It stores metadata specified by the http://www.ibiblio.org/osrt/omf/ (Open Source Metadata Framework) as well as certain metadata extracted directly from documents (such as the table of contents). It provides various functionality pertaining to this metadata to help browsers, such as sorting the registered documents or searching the metadata for documents which satisfy a set of criteria.


'ssh' configuration files. 'ssh' is a secure rlogin/rsh/rcp replacement (OpenSSH). This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. 'ssh' (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel. It should be noted that in some countries, particularly Iraq, and Pakistan, it may be illegal to use any encryption at all without a special permit.


Lists where log files should go, what messages are written to them and the level of verbosity. It is also now possible to filter based on message content, message integrity, message encryption (near future), portability and better network forwarding.


The terminal capability database. Describes the "escape sequences" by which various terminals can be controlled. Programs are written so that instead of directly outputting an escape sequence that only works on a particular brand of terminal, they look up the correct sequence to do whatever it is they want to do in /etc/termcap. As a result most programs work with most kinds of terminals.


local timezone.


Sets environment variables that are used by updatedb which therefore configures the database for 'locate', a utility that locates a pattern in a database of filenames and returns the filenames that match.

  # This file sets environment variables which are used by updatedb

  # filesystems which are pruned from updatedb database
  PRUNEFS="NFS nfs afs proc smbfs autofs auto iso9660 ncpfs coda devpts ftpfs"
  export PRUNEFS
  # paths which are pruned from updatedb database
  PRUNEPATHS="/tmp /usr/tmp /var/tmp /afs /amd /alex /var/spool"
  # netpaths which are added
  export NETPATHS


The configuration file for the svgalib is stored in this directory. svgalib provides graphics capabilities to programs running on the system console, without going through the X Window System. It uses direct access to the video hardware to provide low-level access to the standard VGA and SVGA graphics modes. It only works with some video hardware; so use with caution.


Contains configuration files for both vim and its X based counterpart gvim. A wide range of options can be accessed though these two files such as automatic indentation, syntax highlighting, etc....


The original 'inetd' daemon has now been superceded by the much improved 'xinetd'. 'inetd' should be run at boot time by /etc/init.d/inetd (or /etc/rc.local on some systems). It then listens for connections on certain Internet sockets. When a connection is found on one of its sockets, it decides what service the socket corresponds to, and invokes a program to service the request. After the program is finished, it continues to listen on the socket (except in some cases). Essentially, inetd allows running one daemon to invoke several others, reducing load on the system. Services controlled via xinetd put their configuration files here.


System-wide .zlogin file for zsh(1). This file is sourced only for login shells. It should contain commands that should be executed only in login shells. It should be used to set the terminal type and run a series of external commands (fortune, msgs, from, etc.)


Commands to be executed upon user exit from the zsh. Its control is system-wide but the .zlogout file for zsh(1) does override it in terms of importance.


System-wide .zprofile file for zsh(1). This file is sourced only for login shells (i.e. Shells invoked with "-" as the first character of argv[0], and shells invoked with the -l flag.)


System-wide .zshenv file for zsh(1). This file is sourced on all invocations of the shell. If the -f flag is present or if the NO_RCS option is set within this file, all other initialization files are skipped. This file should contain commands to set the command search path, plus other important environment variables. This file should not contain commands that produce output or assume the shell is attached to a tty.


System-wide .zshrc file for zsh(1). This file is sourced only for interactive shells. It should contain commands to set up aliases, functions, options, key bindings, etc.

Compliance with the FSSTND requires that the following directories, or symbolic links to directories are required in /etc:

  opt       Configuration for /opt
  X11       Configuration for the X Window system (optional)
  sgml      Configuration for SGML (optional)
  xml       Configuration for XML (optional)

  The following directories, or symbolic links to directories must be in /etc,
  if the corresponding subsystem is installed:

  opt       Configuration for /opt

  The following files, or symbolic links to files, must be in /etc if the
  corresponding subsystem is installed (it is recommended that files be
  stored in subdirectories of /etc/ rather than directly in /etc:

  csh.login   Systemwide initialization file for C shell logins (optional)
  exports     NFS filesystem access control list (optional)
  fstab       Static information about filesystems (optional)
  ftpusers    FTP daemon user access control list (optional)
  gateways    File which lists gateways for routed (optional)
  gettydefs   Speed and terminal settings used by getty (optional)
  group       User group file (optional)
  host.conf   Resolver configuration file (optional)
  hosts       Static information about host names (optional)
  hosts.allow Host access file for TCP wrappers (optional)
  hosts.deny  Host access file for TCP wrappers (optional)
  hosts.equiv List of trusted hosts for rlogin, rsh, rcp (optional)
  hosts.lpd   List of trusted hosts for lpd (optional)
  inetd.conf  Configuration file for inetd (optional)
  inittab     Configuration file for init (optional)
  issue       Pre-login message and identification file (optional)
  ld.so.conf  List of extra directories to search for shared libraries 
  motd        Post-login message of the day file (optional)
  mtab        Dynamic information about filesystems (optional)
  mtools.conf Configuration file for mtools (optional)
  networks    Static information about network names (optional)
  passwd      The password file (optional)
  printcap    The lpd printer capability database (optional)
  profile     Systemwide initialization file for sh shell logins (optional)
  protocols   IP protocol listing (optional)
  resolv.conf Resolver configuration file (optional)
  rpc         RPC protocol listing (optional)
  securetty   TTY access control for root login (optional)
  services    Port names for network services (optional)
  shells      Pathnames of valid login shells (optional)
  syslog.conf Configuration file for syslogd (optional) 

  mtab does not fit the static nature of /etc: it is excepted for historical
  reasons. On some Linux systems, this may be a symbolic link to /proc/mounts,
  in which case this exception is not required.

  /etc/opt : Configuration files for /opt
  Host-specific configuration files for add-on application software packages
  must be installed within the directory /etc/opt/&60;subdir&62;, where 
  &60;subdir&62; is the name of the subtree in /opt where the static data
  from that package is stored.

  No structure is imposed on the internal arrangement of /etc/opt/&60;subdir&62;.
  If a configuration file must reside in a different location in order for the
  package or system to function properly, it may be placed in a location other
  than /etc/opt/&60;subdir&62;.

  The rationale behind this subtree is best explained by refering to the
  rationale for /opt.

  /etc/X11 : Configuration for the X Window System (optional)
  /etc/X11 is the location for all X11 host-specific configuration. This
  directory is necessary to allow local control if /usr is mounted read only.

  The following files, or symbolic links to files, must be in /etc/X11 if the
  corresponding subsystem is installed:

  Xconfig    The configuration file for early versions of XFree86 (optional)
  XF86Config The configuration file for XFree86 versions 3 and 4 (optional)
  Xmodmap    Global X11 keyboard modification file (optional)

  Subdirectories of /etc/X11 may include those for xdm and for any other
  programs (some window managers, for example) that need them.

  /etc/X11/xdm holds the configuration files for xdm. These are most of the
  files previously found in /usr/lib/X11/xdm. Some local variable data for
  xdm is stored in /var/lib/xdm.

  It is recommended that window managers with only one configuration file
  which is a default .*wmrc file must name it system.*wmrc (unless there is
  a widely-accepted alternative name) and not use a subdirectory. Any window
  manager subdirectories must be identically named to the actual window 
  manager binary.

  /etc/sgml : Configuration files for SGML (optional)
  Generic configuration files defining high-level parameters of the SGML
  systems are installed here. Files with names *.conf indicate generic
  configuration files. File with names *.cat are the DTD-specific centralized
  catalogs, containing references to all other catalogs needed to use the 
  given DTD. The super catalog file catalog references all the centralized

  /etc/xml : Configuration files for XML (optional)
  Generic configuration files defining high-level parameters of the XML
  systems are installed here. Files with names *.conf indicate generic
  configuration files. The super catalog file catalog references all the
  centralized catalogs.