This is the nerve center of your system, it contains all system related configuration files in here or in it's sub-directories. For this reason, it's a good idea to backup this directory regularly. It will definitely save you a lot of re-configuration later if you re-install or lose your current installation. Normally, no binaries should be or are located here. /etc/X11/This directory tree contains all the configuration files for the X Window System. Users should note that many of the files located in this directory are actually symbollic links to the /usr/X11R6 directory tree. Thus, the presence of these files in these locations can not be certain. /etc/X11/XF86Config, /etc/X11/XF86Config-4The 'X' configuration file. Most modern distributions possess hardware autodetection systems that enable automatic creation of a valid file. Should autodetection fail a configuration file can also be created manually provided that you have sufficient knowledge about your system. It would be considered prudent not to attempt to type out a file from beginning to end. Rather, use common configuration utilities such as xf86config, XF86Setup and xf86cfg to create a workeable template. Then, using suitable documentation commence optimization through intuition and/or trial and error. Options that can be configured via this file include X modules to be loaded on startup, keyboard, mouse, monitor and graphic chipset type. Often, commercial distributions will include their own X configuration utilities such as XDrake on Mandrake and also Xconfiguration on Redhat. Below is a sample X configuration file from the reference system ### BEGIN DEBCONF SECTION # XF86Config-4 (XFree86 server configuration file) generated by dexconf, the # Debian X Configuration tool, using values from the debconf database. # # Edit this file with caution, and see the XF86Config-4 manual page. # (Type "man XF86Config-4" at the shell prompt.) # # If you want your changes to this file preserved by dexconf, only # make changes # before the "### BEGIN DEBCONF SECTION" line above, and/or after the # "### END DEBCONF SECTION" line below. # # To change things within the debconf section, run the command: # dpkg-reconfigure xserver-xfree86 # as root. Also see "How do I add custom sections to a dexconf- # generated # XF86Config or XF86Config-4 file?" in /usr/share/doc/xfree86- # common/FAQ.gz. Section "Files" FontPath "unix/:7100" # local font server # if the local font server has problems, # we can fall back on these FontPath "/usr/lib/X11/fonts/misc" FontPath "/usr/lib/X11/fonts/cyrillic" FontPath "/usr/lib/X11/fonts/100dpi/:unscaled" FontPath "/usr/lib/X11/fonts/75dpi/:unscaled" FontPath "/usr/lib/X11/fonts/Type1" FontPath "/usr/lib/X11/fonts/Speedo" FontPath "/usr/lib/X11/fonts/100dpi" FontPath "/usr/lib/X11/fonts/75dpi" EndSection Section "Module" Load "GLcore" Load "bitmap" Load "dbe" Load "ddc" Load "dri" Load "extmod" Load "freetype" Load "glx" Load "int10" Load "pex5" Load "record" Load "speedo" Load "type1" Load "vbe" Load "xie" EndSection Section "InputDevice" Identifier "Generic Keyboard" Driver "keyboard" Option "CoreKeyboard" Option "XkbRules" "xfree86" Option "XkbModel" "pc104" Option "XkbLayout" "us" EndSection Section "InputDevice" Identifier "Configured Mouse" Driver "mouse" Option "CorePointer" Option "Device" "/dev/psaux" Option "Protocol" "NetMousePS/2" Option "Emulate3Buttons" "true" Option "ZAxisMapping" "4 5" EndSection Section "InputDevice" Identifier "Generic Mouse" Driver "mouse" Option "SendCoreEvents" "true" Option "Device" "/dev/input/mice" Option "Protocol" "ImPS/2" Option "Emulate3Buttons" "true" Option "ZAxisMapping" "4 5" EndSection Section "Device" Identifier "Generic Video Card" Driver "nv" # Option "UseFBDev" "true" Option "UseFBDev" "false" EndSection Section "Monitor" Identifier "Generic Monitor" HorizSync 30-38 VertRefresh 43-95 Option "DPMS" EndSection Section "Screen" Identifier "Default Screen" Device "Generic Video Card" Monitor "Generic Monitor" DefaultDepth 16 SubSection "Display" Depth 1 Modes "800x600" "640x480" EndSubSection SubSection "Display" Depth 4 Modes "800x600" "640x480" EndSubSection SubSection "Display" Depth 8 Modes "800x600" "640x480" EndSubSection SubSection "Display" Depth 15 Modes "800x600" "640x480" EndSubSection SubSection "Display" Depth 16 Modes "800x600" "640x480" EndSubSection SubSection "Display" Depth 24 Modes "800x600" "640x480" EndSubSection EndSection Section "ServerLayout" Identifier "Default Layout" Screen "Default Screen" InputDevice "Generic Keyboard" InputDevice "Configured Mouse" InputDevice "Generic Mouse" EndSection Section "DRI" Mode 0666 EndSection ### END DEBCONF SECTION As you can see, the layout of the file is quite simple and tends to be quite standard across most distributions. At the top are the locations of the various font files for X (note - X will not start if you do not specify a valid font), next is the "Modules" section. It details what modules are to be loaded upon startup. The most well known extensions are probably GLX (required for 3D redering of graphics and games) and Xinerama which allows users to expand their desktop over several monitors. Next are the various "Device" sections which describe the type of hardware you have. Improper configuration of these subsections can lead to heartache and trauma with seemingly misplaced keys, bewitched mice and also constant flashing as X attempts to restart in a sometimes never ending loop. In most cases when all else fails the vesa driver seems to be able to initialise most modern video cards. In the "Screen" section it is possible to alter the default startup resolution and depth. Quite often it is possible to alter these attributes on the fly by using the alt-ctrl-+ or alt-ctrl- set of keystrokes. Lastly are the "ServerLayout" and "DRI" sections. Users will almost never touch the "DRI" section and only those who wish to utilise the Xinerama extensions of X will require having to change any of the ServerLayout options. /etc/X11/XmodmapIn general your default keyboard mapping comes from your X server setup. If this setup is insufficient and you are unwilling to go through the process of reconfiguration and/or you are not the superuser you'll need to use the xmodmap program. This is the utlitiy's global configuration file. /etc/X11/xkb/The various symbols, types, geometries of keymaps that the X server supports can be found in this directory tree. /etc/X11/lbxproxy/Low Bandwidth X (LBX) proxy server configuration files. Applications that would like to take advantage of the Low Bandwidth extension to X (LBX) must make their connections to an lbxproxy. These applications need know nothing about LBX, they simply connect to the lbxproxy as if it were a regular X server. The lbxproxy accepts client connections, multiplexes them over a single connection to the X server, and performs various optimizations on the X protocol to make it faster over low bandwidth and/or high latency connections. It should be noted that such compression will not increase the pace of rendering all that much. Its primary purpose is to reduce network load and thus increase overall network latency. A competing project called DXPC (Differential X Protocol Compression) has been found to be more efficient at this task. Studies have shown though that in almost all cases ssh tunnneling of X will produce far better results than through any of these specialised pieces of software. /etc/X11/proxymngr/X proxy services manager initialisation files. proxymngr is responsible for resolving requests from xfindproxy (in the xbase-clients package) and other similar clients, starting new proxies when appropriate, and keeping track of all the available proxy services. /etc/X11/xdm/X display manager configuration files. xdm manages a collection of X servers, which may be on the local host or remote machines. It provides services similar to those provided by init, getty, and login on character-based terminals: prompting for login name and password, authenticating the user, and running a session. xdm supports XDMCP (X Display Manager Control Protocol) and can also be used to run a chooser process which presents the user with a menu of possible hosts that offer XDMCP display management. If the xutils package is installed, xdm can use the sessreg utility to register login sessions to the system utmp file; this, however, is not necessary for xdm to function. /etc/X11/xdm/xdm-configThis is the master 'xdm' configuration file. It determines where all other 'xdm' configuration files will be located. It is almost certain to be left undisturbed. /etc/X11/gdm/GNOME Display Manager configuration files. gdm provides the equivalent of a "login:" prompt for X displays- it pops up a login window and starts an X session. It provides all the functionality of xdm, including XDMCP support for managing remote displays. The greeting window is written using the GNOME libraries and hence looks like a GNOME application- even to the extent of supporting themes! By default, the greeter is run as an unprivileged user for security. /etc/X11/gdm/gdm.confThis is the primary configuration file for GDM. Through it, users can specify whether they would like their system to automatically login as a certain user, background startup image and also if they would like to run their machine as somewhat of a terminal server tby using the XDMCP protocol. /etc/X11/fontsHome of xfs fonts. /etc/X11/fs/X font server configuration files. xfs is a daemon that listens on a network port and serves X fonts to X servers (and thus to X clients). All X servers have the ability to serve locally installed fonts for themselves, but xfs makes it possible to offload that job from the X server, and/or have a central repository of fonts on a networked machine running xfs so that all the machines running X servers on a network do not require their own set of fonts. xfs may also be invoked by users to, for instance, make available X fonts in user accounts that are not available to the X server or to an already running system xfs. /etc/X11/fs/configThis is the 'xfs' initialisation file. It specifies the number of clients that are allowed to connect to the 'xfs' server at any one time, the location of log files, default resolution, the location of the fonts, etc. # font server configuration file # $Xorg: config.cpp,v 1.3 2000/08/17 19:54:19 cpqbld Exp $ # allow a maximum of 10 clients to connect to this font server client-limit = 10 # when a font server reaches its limit, start up a new one clone-self = on # log messages to /var/log/xfs.log (if syslog is not used) error-file = /var/log/xfs.log # log errors using syslog use-syslog = on # turn off TCP port listening (Unix domain connections are still permitted) no-listen = tcp # paths to search for fonts catalogue = /usr/lib/X11/fonts/misc/,/usr/lib/X11/fonts/cyrillic/, /usr/lib/X11/fonts/100dpi/:unscaled,/usr/lib/X11/fonts/75dpi/:unscaled, /usr/lib/X11/fonts/Type1/,/usr/lib/X11/fonts/CID, /usr/lib/X11/fonts/Speedo/,/usr/lib/X11/fonts/100dpi/, /usr/lib/X11/fonts/75dpi/ # in decipoints default-point-size = 120 # x1,y1,x2,y2,... default-resolutions = 100,100,75,75 # font cache control, specified in kB cache-hi-mark = 2048 cache-low-mark = 1433 cache-balance = 70 /etc/X11/twmHome of configuration files for twm. The original Tabbed Window Manager. /etc/X11/xinit/xinit configuration files. 'xinit' is a configuration method os starting up an X session that is designed to used as part of a script. Normally, this is used at larger sites as part of a tailored login process. /etc/X11/xinit/xinitrcGlobal xinitrc file, used by all X sessions started by xinit (startx). It's usage is of course overidden by a .xinitrc file located in the home directory of a user. /etc/adduser.conf'adduser' configuration. The adduser command can create new users, groups and add existing users to existing groups. Adding users with adduser is much easier than adding them by hand. Adduser will choose appropriate UID and GID values, create a home directory, copy skeletal user configuration from /etc/skel, allow you to set an initial password and the GECOS field. Optionally a custom script can be executed after this commands. See adduser(8) and adduser.conf(5) for full documentation. /etc/adjtimeHas parameters to help adjust the software (kernel) time so that it matches the RTC. /etc/aliasesThis is the aliases file - it says who gets mail for whom. It was originally generated by `eximconfig', part of the exim package distributed with Debian, but it may edited by the mail system administrator. See exim info section for details of the things that can be configured here. An aliases database file (aliases.db) is built from the entries in the aliases files by the newaliases utility. /etc/alternativesIt is possible for several programs fulfilling the same or similar functions to be installed on a single system at the same time. For example, many systems have several text editors installed at once. This gives choice to the users of a system, allowing each to use a different editor, if desired, but makes it difficult for a program to make a good choice of editor to invoke if the user has not specified a particular preference.The alternatives system aims to solve this problem. A generic name in the filesystem is shared by all files providing interchangeable functionality. The alternatives system and the system administrator together determine which actual file is referenced by this generic name. For example, if the text editors ed(1) and nvi(1) are both installed on the system, the alternatives system will cause the generic name /usr/bin/editor to refer to /usr/bin/nvi by default. The system administrator can override this and cause it to refer to /usr/bin/ed instead, and the alternatives system will not alter this setting until explicitly requested to do so.The generic name is not a direct symbolic link to the selected alternative. Instead, it is a symbolic link to a name in the alternatives directory, which in turn is a symbolic link to the actual file referenced. This is done so that the system administrator's changes can be confined within the /etc directory. /etc/apt This is Debian's next generation front-end for the dpkg package manager. It provides the apt-get utility and APT dselect method that provides a simpler, safer way to install and upgrade packages. APT features complete installation ordering, multiple source capability and several other unique features, see the Users Guide in /usr/share/doc/apt/guide.text.gz /etc/apt/sources.list deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-7 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-6 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-5 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-4 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-3 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-2 (20020718)]/ unstable contrib main non-US/contrib non-US/main deb cdrom:[Debian GNU/Linux 3.0 r0 _Woody_ - Official i386 Binary-1 (20020718)]/ unstable contrib main non-US/contrib non-US/main # deb http://security.debian.org/ stable/updates main Contains a list of apt-sources from which packages may be installed via APT. /etc/asound.confALSA (Advanced Linux Sound Architecture) configuration file. It is normally created via alsactl or other third-party sound configuration utilities that may be specific to a distribution such as sndconfig from Redhat. /etc/at.denyUsers denied access to the at daemon. The 'at' command allows user to execute programs at an arbitrary time. /etc/autoconfConfiguration files for autoconf. 'autoconf' creates scripts to configure source code packages using templates. To create configure from configure.in, run the autoconf program with no arguments. autoconf processes configure.ac with the m4 macro processor, using the Autoconf macros. If you give autoconf an argument, it reads that file instead of configure.ac and writes the configuration script to the standard output instead of to configure. If you give autoconf the argument -, it reads the standard input instead of configure.ac and writes the configuration script on the standard output.The Autoconf macros are defined in several files. Some of the files are distributed with Autoconf; autoconf reads them first. Then it looks for the optional file acsite.m4 in the directory that contains the distributed Autoconf macro files, and for the optional file aclocal.m4 in the current directory. Those files can contain your site's or the package's own Autoconf macro definitions. If a macro is defined in more than one of the files that autoconf reads, the last definition it reads overrides the earlier ones. /etc/bash.bashrcSystem wide functions and aliases' file for interactive bash shells. /etc/bash_completionProgrammable completion functions for bash 2.05a. /etc/chatscripts/providerThis is the chat script used to dial out to your default service provider. /etc/cron.d, /etc/cron.daily, /etc/cron.weekly, /etc/cron.monthlyThese directories contain scripts to be executed on a regular basis by the cron daemon. /etc/crontab'cron' configuration file. This file is for the cron table to setup the automatic running of system routines. A cron table can also be established for individual users. The location of these user cron table files will be explained later on. # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file. # This file also has a username field, that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 25 6 * * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.daily 47 6 * * 7 root test -e /usr/sbin/anacron || run-parts --report /etc/cron.weekly 52 6 1 * * root test -e /usr/sbin/anacron || run-parts --report /etc/cron.monthly # /etc/csh.loginSystem-wide .login file for csh(1). This file is sourced on all invocations of the shell. It contains commands that are to be executed upon login and sometimes aliases also. /etc/csh.logoutSystem-wide .logout file for csh(1). This file is sourced on all invocations of the shell. It contains commands that are to be executed upon logout. /etc/csh.cshrcSystem-wide .cshrc file for csh(1). This file is sourced on all invocations of the shell. This file should contain commands to set the command search path, plus other important environment variables. This file should not contain commands that produce output or assume the shell is attached to a tty. /etc/cupsConfiguration files for the Common UNIX Printing System (CUPS). Files here are used to define client-specific parameters, such as the default server or default encryption settings. /etc/deluser.conf'deluser' configuration files. The deluser command can remove users and groups and remove users from a given group. Deluser can optionally remove and backup the user's home directory and mail spool or all files on the system owned by him. Optionally a custom script can also be executed after each of the commands. /etc/devfs This daemon sets up the /dev filesystem for use. It creates required symbolic links in /dev and also creates (if so configured, as is the default) symbolic links to the "old" names for devices. /etc/devfs/conf.d/'devfsd' configuration files. This daemon sets up the /dev filesystem for use. It creates required symbolic links in /dev and also creates (if so configured, as is the default) symbolic links to the "old" names for devices. /etc/dhclient.conf, /etc/dhclient-script'dhclient' configuration file and 'dhclient' script files respectively. It configures your system so that it may act as a client on a DHCP based network. It is essential to connect to the Internet nowadays. /etc/dict.conf # /etc/dict.conf Written by Bob Hilliard <hilliard@debian.org> # 1998/03/20. Last revised Sun, 22 Nov 1998 18:10:04 -0500 This is # the configuration file for /usr/bin/dict. In most cases only the # server keyword need be specified. # This default configuration will try to access a dictd server on # the local host, failing that, it will try the public server. In # many cases this will be slow, so you should comment out the line # for the server that you don't want to use. To use any other # server, enter its IP address in place of "dict.org". # Refer to the dict manpage (man dict) for other options that could # be inserted in here. server localhost server dict.org dict is a client for the Dictionary Server Protocol (DICT), a TCP transaction based query/response protocol that provides access to dictionary definitions from a set of natural language dictionary databases. /etc/dosemu.confConfiguration file for the Linux DOS Emulator. DOSEMU is a PC Emulator application that allows Linux to run a DOS operating system in a virtual x86 machine. This allows you to run many DOS applications. It includes the FreeDOS kernel, color text and full keyboard emulation (via hotkeys) via terminal, built-in X support, IBM character set font, graphics capability at the console with most compatible video cards, DPMI support so you can run DOOM, CDROM support, builtin IPX and pktdrvr support. Note - 'dosemu' is simply a ported version of Corel's own PC-DOS. /etc/email-addressesPart of the exim package. This file contains email addresses to use for outgoing mail. Any local part not in here will be qualified by the system domain as normal. It should contain lines of the form: user: someone@isp.com otheruser: someoneelse@anotherisp.com Exim is an MTA that is considered to be rather easier to configure than smail or sendmail. It is a drop-in replacement for sendmail, mailq and rsmtp. Advanced features include the ability to reject connections from known spam sites, and an extremely efficient queue processing algorithm. /etc/esound.confESD configuration files. The Enlightened sound daemon is designed to mix together several digitized audio streams for playback by a single device. Like nasd, artsd and rplay it also has the capability to play sounds remotely./etc/exportsThe control list of systems who want to access the system via NFS, a the list of directories that you would like to share and the permissions allocated on each share. # /etc/exports: the access control list for filesystems which may be # exported to NFS clients. See exports(5). ## LTS-begin ## # # The lines between the 'LTS-begin' and the 'LTS-end' were added # on: Sun Feb 23 05:54:17 EST 2003 by the ltsp installation script. # For more information, visit the ltsp homepage # at http://www.ltsp.org # /opt/ltsp/i386 192.168.0.0/255.255.255.0(ro,no_root_squash) /var/opt/ltsp/swapfiles 192.168.0.0/255.255.255.0(rw,no_root_squash) # # The following entries need to be uncommented if you want # Local App support in ltsp # #/home 192.168.0.0/255.255.255.0(rw,no_root_squash) ## LTS-end ## /etc/fdprmFloppy disk parameter table. Describes what different floppy disk formats look like. Used by setfdprm. /etc/fstabThe configuration file for 'mount' and now 'supermount'. It lists the filesystems mounted automatically at startup by the mount -a command (in /etc/rc or equivalent startup file). Under Linux, also contains information about swap areas used automatically by swapon -a. # /etc/fstab: static file system information. # # The following is an example. Please see fstab(5) for further details. # Please refer to mount(1) for a complete description of mount options. # # Format: # <file system> <mount point> <type> <options> <dump> <pass> # # dump(8) uses the <dump> field to determine which file systems need # to be dumped. fsck(8) uses the <pass> column to determine which file # systems need to be checked--the root file system should have a 1 in # this field, other file systems a 2, and any file systems that should # not be checked (such as MS-DOS or NFS file systems) a 0. # # The `sw' option indicates that the swap partition is to be activated # with `swapon -a'. /dev/hda2 none swap sw 0 0 # The `bsdgroups' option indicates that the file system is to be mounted # with BSD semantics (files inherit the group ownership of the directory # in which they live). `ro' can be used to mount a file system read-only. /dev/hda3 / ext2 defaults 0 1 /dev/hda5 /home ext2 defaults 0 2 /dev/hda6 /var ext2 defaults 0 2 /dev/hda7 /usr ext2 defaults,ro 0 2 /dev/hda8 /usr/local ext2 defaults,bsdgroups 0 2 # The `noauto' option indicates that the file system should not be mounted # with `mount -a'. `user' indicates that normal users are allowed to mount # the file system. /dev/cdrom /cdrom iso9660 defaults,noauto,ro,user 0 0 /dev/fd0 /floppy minix defaults,noauto,user 0 0 /dev/fd1 /floppy minix defaults,noauto,user 0 0 # NFS file systems: server: /export/usr /usr nfs defaults 0 0 # proc file system: proc /proc proc defaults 0 0 /etc/ftpaccessDetermines who might get ftp-access to your machine. /etc/ftpchrootList of ftp users that need to be chrooted. /etc/ftpuserList of dissallowed ftp users. /etc/gatewaysLists gateways for 'routed'. /etc/gettydefsConfigures console-logins. /etc/gnome-vfs-mime-magicMIME magic patterns as used by the Gnome VFS library. /etc/groupSimilar to /etc/passwd. It lists the configured user groups and who belongs to them. /etc/group-Old /etc/group file. /etc/gshadowContains encrypted forms of group passwords. /etc/gshadow-Old /etc/gshadow file. /etc/hostnameContains the hostname of your machine (can be fully qualified or not). /etc/host.confDetermines the search order for look-ups (usually hosts bind, i.e. "check /etc/hosts first and then look for a DNS"). /etc/hostsThis file is used to define a system name and domain combination with a specific IP address. This file needs to always contain an entry for an IP address, if the machine is connected to the network. ### etherconf DEBCONF AREA. DO NOT EDIT THIS AREA OR INSERT TEXT BEFORE IT. 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 192.168.0.99 debian.localdomain.com debian ### END OF DEBCONF AREA. PLACE YOUR EDITS BELOW; THEY WILL BE PRESERVED. 192.168.0.1 ws001 /etc/hosts.allowPart of the tcp-wrappers system to control access to your machine's services. It lists hosts that are allowed to access the system and specfic daemons. # /etc/hosts.allow: list of hosts that are allowed to access the # system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" # for the daemon name. Remember that you can only use the keyword # "ALL" and IP addresses (NOT host or domain names) for the # portmapper. See portmap(8) and /usr/doc/portmap/portmapper.txt.gz # for further information. bootpd: 0.0.0.0 in.tftpd: 192.168.0. portmap: 192.168.0. rpc.mountd: 192.168.0. rpc.nfsd: 192.168.0. gdm: 192.168.0. nasd: 192.168.0. /etc/hosts.denypart of the tcp-wrappers system to control access to your machine's services. It lists hosts that are not allowed to access the system. # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" # for the daemon name. Remember that you can only use the keyword # "ALL" and IP addresses (NOT host or domain names) for the # portmapper. See portmap(8) and /usr/doc/portmap/portmapper.txt.gz # for further information. # # The PARANOID wildcard matches any host whose name does not match # its address. You may wish to enable this to ensure any programs # that don't validate looked up hostnames still leave understandable # logs. In past versions of Debian this has been the default. # ALL: PARANOID /etc/httpdApache configuration files. Apache is a versatile, high-performance HTTP server. The most popular server in the world, Apache features a modular design and supports dynamic selection of extension modules at runtime. Its strong points are its range of possible customization, dynamic adjustment of the number of server processes, and a whole range of available modules including many authentication mechanisms, server-parsed HTML, server-side includes, access control, CERN httpd metafiles emulation, proxy caching, etc. Apache also supports multiple virtual homing. /etc/identd.confTCP/IP IDENT protocol server. It implements the TCP/IP proposed standard IDENT user identification protocol (RFC 1413). identd operates by looking up specific TCP/IP connections and returning the username of the process owning the connection. It can also return other information besides the username. # /etc/identd.conf - an example configuration file #-- The syslog facility for error messages # syslog:facility = daemon #-- User and group (from passwd database) to run as server:user = nobody #-- Override the group id # server:group = kmem #-- What port to listen on when started as a daemon or from /etc/inittab # server:port = 113 #-- The socket backlog limit # server:backlog = 256 #-- Where to write the file containing our process id # server:pid-file = "/var/run/identd/identd.pid" #-- Maximum number of concurrent requests allowed (0 = unlimited) # server:max-requests = 0 #-- Enable some protocol extensions like "VERSION" or "QUIT" protocol:extensions = enabled #-- Allow multiple queries per connection protocol:multiquery = enabled #-- Timeout in seconds since connection or last query. Zero = disable # protocol:timeout = 120 #-- Maximum number of threads doing kernel lookups # kernel:threads = 8 #-- Maximum number of queued kernel lookup requests # kernel:buffers = 32 #-- Maximum number of time to retry a kernel lookup in case of failure # kernel:attempts = 5 #-- Disable username lookups (only return uid numbers) # result:uid-only = no #-- Enable the ".noident" file # result:noident = enabled #-- Charset token to return in replies # result:charset = "US-ASCII" #-- Opsys token to return in replies # result:opsys = "UNIX" #-- Log all request replies to syslog (none == don't) # result:syslog-level = none #-- Enable encryption (only available if linked with a DES library) # result:encrypt = no #-- Path to the DES key file (only available if linked with a DES library) # encrypt:key-file = "/usr/local/etc/identd.key" #-- Include a machine local configuration file # include = /etc/identd.conf /etc/inetd.confConfiguration of services that are started by the INETD TCP/IP super server. 'inetd' is now deprecated. 'xinetd' has taken its place. See /etc/xinet.conf for further details. # /etc/inetd.conf: see inetd(8) for further informations. # # Internet server configuration database # # # Lines starting with "#:LABEL:" or "#<off>#" should not # be changed unless you know what you are doing! # # If you want to disable an entry so it isn't touched during # package updates just comment it out with a single '#' character. # # Packages should modify this file by using update-inetd(8) # # <service_name> <sock_type> <proto> # <flags> <user> <server_path> # <args> # #:INTERNAL: Internal services #echo stream tcp nowait root internal #echo dgram udp wait root internal #chargen stream tcp nowait root internal #chargen dgram udp wait root internal discard stream tcp nowait root internal discard dgram udp wait root internal daytime stream tcp nowait root internal #daytime dgram udp wait root internal time stream tcp nowait root internal #time dgram udp wait root internal #:STANDARD: These are standard services. ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd #:MAIL: Mail, news and uucp services. smtp stream tcp nowait mail /usr/sbin/exim exim -bs imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd imap3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd #:INFO: Info services ident stream tcp wait identd /usr/sbin/identd identd finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd #:BOOT: Tftp service is provided primarily for booting. #Most sites run this only on machines acting as "boot servers." tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd -s /tftpboot /etc/init.d Order of scripts run in /etc/rc?.d ================================== 0. Overview. All scripts executed by the init system are located in /etc/init.d. The directories /etc/rc?.d (? = S, 0 .. 6) contain relative links to those scripts. These links are named S<2-digit-number>< original-name> or K<2-digit-number><original-name>. If a scripts has the ".sh" suffix it is a bourne shell script and MAY be handled in an optimized manner. The behaviour of executing the script in an optimized way will not differ in any way from it being forked and executed in the regular way. The following runlevels are defined: N System bootup (NONE). S Single user mode (not to be switched to directly) 0 halt 1 single user mode 2 .. 5 multi user mode 6 reboot 1. Boot. When the systems boots, the /etc/init.d/rcS script is executed. It in turn executes all the S* scripts in /etc/rcS.d in alphabetical (and thus numerical) order. The first argument passed to the executed scripts is "start". The runlevel at this point is "N" (none). Only things that need to be run once to get the system in a consistent state are to be run. The rcS.d directory is NOT meant to replace rc.local. One should not start daemons in this runlevel unless absolutely necessary. Eg, NFS might need the portmapper, so it is OK to start it early in the bootprocess. But this is not the time to start the squid proxy server. 2. Going multiuser. After the rcS.d scripts have been executed, init switches to the default runlevel as specified in /etc/inittab, usually "2". Init then executes the /etc/init.d/rc script which takes care of starting the services in /etc/rc2.d. Because the previous runlevel is "N" (none) the /etc/rc2.d/KXXxxxx scripts will NOT be executed - there is nothing to stop yet, the system is busy coming up. If for example there is a service that wants to run in runlevel 4 and ONLY in that level, it will place a KXXxxxx script in /etc/rc{2,3,5}.d to stop the service when switching out of runlevel 4. We do not need to run that script at this point. The /etc.rc2.d/SXXxxxx scripts will be executed in alphabetical order, with the first argument set to "start". 3. Switching runlevels. When one switches from (for example) runlevel 2 to runlevel 3, /etc/init.d/rc will first execute in alphabetical order all K scripts for runlevel 3 (/etc/rc3.d/KXXxxxx) with as first argument "stop" and then all S scripts for runlevel 3 (/etc/rc3.d/SXXxxxx) with as first argument "start". As an optimization, a check is made for each "service" to see if it was already running in the previous runlevel. If it was, and there is no K (stop) script present for it in the new runlevel, there is no need to start it a second time so that will not be done. On the other hand, if there was a K script present, it is assumed the service was stopped on purpose first and so needs to be restarted. We MIGHT make the same optimization for stop scripts as well- if no S script was present in the previous runlevel, we can assume that service was not running and we don't need to stop it either. In that case we can remove the "coming from level N" special case mentioned above in 2). But right now that has not been implemented. 4. Single user mode. Switching to single user mode is done by switching to runlevel 1. That will cause all services to be stopped (assuming they all have a K script in /etc/rc1.d). The runlevel 1 scripts will then switch to runlevel "S" which has no scripts - all it does is spawn a shell directly on /dev/console for maintenance. 5. Halt/reboot Going to runlevel 0 or 6 will cause the system to be halted or rebooted, respectively. For example, if we go to runlevel 6 (reboot) first all /etc/rc6.d/KXXxxxx scripts will be executed alphabetically with "stop" as the first argument. Then the /etc/rc6.d/SXXxxxx scripts will be executed alphabetically with "stop" as the first argument as well. The reason is that there is nothing to start anymore at this point - all scripts that are run are meant to bring the system down. In the future, the /etc/rc6.d/SXXxxxx scripts MIGHT be moved to /etc/rc6.d/K1XXxxxx for clarity. /etc/inittabBoot-time system configuration/initialization script. Tells init how to handle runlevels. It sets the default runlevel. This is run first except when booting in emergency (-b) mode. It also enables a user to startup a getty session on an external device such as the serial ports. To add terminals or dial-in modem lines to a system, just add more lines to /etc/inittab, one for each terminal or dial-in line. For more details, see the manual pages init, inittab, and getty. If a command fails when it starts, and init is configured to restart it, it will use a lot of system resources: init starts it, it fails, init starts it, it fails, and so on. To prevent this, init will keep track of how often it restarts a command, and if the frequency grows to high, it will delay for five minutes before restarting again. /etc/inittab also has some special features that allow init to react to special circumstances. powerwait Allows init to shut the system down, when the power fails. This assumes the use of a UPS, and software that watches the UPS and informs init that the power is off. ctrlaltdel Allows init to reboot the system, when the user presses ctrl-alt-del on the console keyboard. Note that the system administrator can configure the reaction to ctrl-alt-del to be something else instead, e.g., to be ignored, if the system is in a public location. sysinit Command to be run when the system is booted. This command usually cleans up /tmp, for example. The list above is not exhaustive. See your inittab manual page for all possibilities, and for details on how to use the ones above. To set (or reset) initial terminal colours. The following shell script should work for VGA consoles: for n in 1 2 4 5 6 7 8; do setterm -fore yellow -bold on -back blue -store > /dev/tty$n done Substitute your favorite colors, and use /dev/ttyS$n for serial terminals. To make sure they are reset when people log out (if they've been changed) replace the references to getty (or mingetty or uugetty or whatever) in /etc/inittab with references to /sbin/mygetty. #!/bin/sh setterm -fore yellow -bold on -back blue -store > $1 exec /sbin/mingetty $@ An example /etc/inittab is provided below. # /etc/inittab: init(8) configuration. # $Id$ # The default runlevel. id:2:initdefault: # Boot-time system configuration/initialization script. # This is run first except when booting in emergency (-b) mode. si::sysinit:/etc/init.d/rcS # What to do in single-user mode. ~~:S:wait:/sbin/sulogin # /etc/init.d executes the S and K scripts upon change # of runlevel. # # Runlevel 0 is halt. # Runlevel 1 is single-user. # Runlevels 2-5 are multi-user. # Runlevel 6 is reboot. l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3 l4:4:wait:/etc/init.d/rc 4 l5:5:wait:/etc/init.d/rc 5 l6:6:wait:/etc/init.d/rc 6 # Normally not reached, but fallthrough in case of emergency. z6:6:respawn:/sbin/sulogin # What to do when CTRL-ALT-DEL is pressed. ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now # Action on special keypress (ALT-UpArrow). #kb::kbrequest:/bin/echo "Keyboard Request #--edit /etc/inittab to let this work." # What to do when the power fails/returns. pf::powerwait:/etc/init.d/powerfail start pn::powerfailnow:/etc/init.d/powerfail now po::powerokwait:/etc/init.d/powerfail stop # /sbin/getty invocations for the runlevels. # # The "id" field MUST be the same as the last # characters of the device (after "tty"). # # Format: # <id>:<runlevels>:<action>:<process> # # Note that on most Debian systems tty7 is used by the X Window System, # so if you want to add more getty's go ahead but skip tty7 if you run X. # 1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2 3:23:respawn:/sbin/getty 38400 tty3 4:23:respawn:/sbin/getty 38400 tty4 5:23:respawn:/sbin/getty 38400 tty5 6:23:respawn:/sbin/getty 38400 tty6 # Example how to put a getty on a serial line (for a terminal) # #T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100 #T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100 # Example how to put a getty on a modem line. # #T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3 Undocumented features The letters A-C can be used to spawn a daemon listed in /etc/inittab. For example, assuming you want to start getty on a port to receive a call, but only after receiving a voice call first (and not all the time). Furthermore, you want to be able to receive a data or a fax call and that when you get the voice message you'll know which you want. You insert two new lines in /etc/inittab, each with its own ID, and each with a runlevel such as A for data and B for fax. When you know which you need, you simply spawn the appropriate daemon by calling 'telinit A' or 'telinit B'. The appropriate getty is put on the line until the first call is received. When the caller terminates the connection, the getty drops because, by definition, on demand will not respawn. The other two letters, S and Q, are special. S brings you sytem to maintenance mode and is the same as changing state to runlevel 1. The Q is used to tell init to reread inittab. The /etc/inittab file can be changed as often as required, but will only be read under certain circumstances: -One of its processes dies (do you need to respawn another?) -On a powerful signal from a power daemon (or a command line) -When told to change state by telinit The Q argument tells init to reread the /etc/inittab file. Even though it is called the System V runlevel system runlevels 7-9 are legitimate runlevels that can be used if necessary. The administrator must remember to alter the inittab file though and also to create the required rc?.d files. /etc/inputrcGlobal inputrc for libreadline. Readline is a function that gets a line from a user and automatically edits it. /etc/isapnp.confConfiguration file for ISA based cards. This standard is virtually redundant in new systems. The 'isapnptools' suite of ISA Plug-And-Play configuration utilities is used to configure such devices. These programs are suitable for all systems, whether or not they include a PnP BIOS. In fact, PnP BIOS adds some complications because it may already activate some cards so that the drivers can find them, and these tools can unconfigure them, or change their settings causing all sorts of nasty effects. /etc/isdnISDN configuration files. /etc/issueOutput by getty before the login prompt. Usually contains a short description or welcoming message to the system. The contents are up to the system administrator. Debian GNU/\s 3.0 \n \l /etc/issue.netPresents the welcome screen to users who login remotely to your machine (whereas /etc/issue determines what a local user sees on login). Debian GNU/%s 3.0 %h /etc/kdeKDE initialization scripts and KDM configuration. /etc/kde/kdmLocation for the K Desktop Manager files. kdm manages a collection of X servers, which may be on the local host or remote machines. It provides services similar to those provided by init, getty, and login on character-based terminals: prompting for login name and password, authenticating the user, and running a session. kdm supports XDMCP (X Display Manager Control Protocol) and can also be used to run a chooser process which presents the user with a menu of possible hosts that offer XDMCP display management. /etc/kdercSystem wide KDE initialization script. Commands here executed every time the KDE environment is loaded. It's a link to /etc/kde2/system.kdeglobals [Directories] dir_config=/etc/kde2 dir_html=/usr/share/doc/kde/HTML dir_cgi=/usr/lib/cgi-bin dir_apps=/usr/share/applnk dir_mime=/usr/share/mimelnk dir_services=/usr/share/services dir_servicetypes=/usr/share/servicetypes [General] TerminalApplication=x-terminal-emulator /etc/ld.so.conf, /etc/ld.so.cache /etc/ld.so.conf is a file containing a list of colon, space, tab, newline, or comma spearated directories in which to search for libraries. /etc/ld.so.cache containing an ordered list of libraries found in the directories specified in /etc/ld.so.conf. This file is not in human readable format, and is not intended to be edited. 'ldconfig' creates the necessary links and cache (for use by the run-time linker, ld.so) to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories (/usr/lib and /lib). 'ldconfig' checks the header and file names of the libraries it encounters when determining which versions should have their links updated. ldconfig ignores symbolic links when scanning for libraries. 'ldconfig' will attempt to deduce the type of ELF libs (ie. libc5 or libc6/glibc) based on what C libs if any the library was linked against, therefore when making dynamic libraries, it is wise to explicitly link against libc (use -lc). Some existing libs do not contain enough information to allow the deduction of their type, therefore the /etc/ld.so.conf file format allows the specification of an expected type. This is only used for those ELF libs which we can not work out. The format is like this "dirname=TYPE", where type can be libc4, libc5 or libc6. (This syntax also works on the command line). Spaces are not allowed. Also see the -p option. Directory names containing an = are no longer legal unless they also have an expected type specifier. 'ldconfig' should normally be run by the super-user as it may require write permission on some root owned directories and files. It is normally run automatically at bootup or manually whenever new shared libraries are installed. /usr/X11R6/libX libraries. /usr/local/libLocal libraries. /etc/lilo.confConfiguration file for the Linux boot loader 'lilo'. 'lilo' is the original OS loader and can load Linux and others. The 'lilo' package normally contains lilo (the installer) and boot-record-images to install Linux, OS/2, DOS and generic Boot Sectors of other Oses. You can use Lilo to manage your Master Boot Record (with a simple text screen, text menu or colorful splash graphics) or call 'lilo' from other boot-loaders to jump-start the Linux kernel. Prompt #Prompt user to select OS choice at boot timeout=300 # Amount of time to wait before default OS # started (in ms) default=Debian4 #Default OS to be loaded vga=normal #VGA mode boot=/dev/had #location of MBR map=/boot/map #location of kernel install=/boot/boot-bmp.b #File to be installed as boot sector bitmap=/boot/debian.bmp #LILO boot image bmp-table=30p,100p,1,10 #Colours selectable bmp-colors=13,,0,1,,0 #Colours chosen lba32 #Required on most new systems to overcome #1024 cylinder problem image=/vmlinuz #name of kernel image label=Debian #a label read-only #file system to be mounted read only root=/dev/hda6 #location of root filesystem image=/boot/bzImage label=Debian4 read-only root=/dev/hda6 image=/mnt/redhat/boot/vmlinuz label=Redhat initrd=/mnt/redhat/boot/initrd-2.4.18-14.img read-only root=/dev/hda5 vga=788 append=" hdc=ide-scsi hdd=ide-scsi" image=/mnt/mandrake/boot/vmlinuz label="Mandrake" root=/dev/hda7 initrd=/mnt/mandrake/boot/initrd.img append="devfs=mount hdc=ide-scsi acpi=off quiet" vga=788 read-only other=/dev/hda2 table=/dev/hda loader=/boot/chain.b label=FBSD other=/dev/hda1 label=Windows table=/dev/hda other=/dev/fd0 label=floppy unsafe /etc/local.genThis file lists locales that you wish to have built. You can find a list of valid supported locales at /usr/share/i18n/SUPPORTED. Other combinations are possible, but may not be well tested. If you change this file, you need to re-run locale-gen. /etc/locale.aliasLocale name alias data base. /etc/login.defsConfiguration control definitions for the login package. An inordinate number of attributes can be altered via this single file such as the location of mail, delay in seconds after a failed login, enabling display of fail log information, display of unknown username login failures, shell environment variables, etc.... /etc/logrotate.confThe logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log file gets to a certain size. Normally, logrotate runs as a daily cron job. # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0664 root utmp rotate 1 } # system-specific logs may be configured here /etc/ltrace.confConfiguration file for ltrace (Library Call Tracer). It tracks runtime library calls in dynamically linked programs. 'ltrace' is a debugging program which runs a specified command until it exits. While the command is executing, ltrace intercepts and records the dynamic library calls which are called by the executed process and the signals received by that process. It can also intercept and print the system calls executed by the program. The program to be traced need not be recompiled for this, so you can use it on binaries for which you don't have the source handy. You should install ltrace if you need a sysadmin tool for tracking the execution of processes. /etc/magicMagic local data and configuration file for the file(1) command. Contains the descriptions of various file formats based on which file guesses the type of the file. Insert here your local magic data. Format is described in magic(5). /etc/mail.rcInitialization file for 'mail'. 'mail' is an intelligent mail processing system which has a command syntax reminiscent of ed with lines replaced by messages. Its basically a command line version of Microsoft Outlook. /etc/mailcap'metamail' capabilities file. The mailcap file is read by the metamail program to determine how to display non-text at the local site. The syntax of a mailcap file is quite simple, at least compared to termcap files. Any line that starts with "#" is a comment. Blank lines are ignored. Otherwise, each line defines a single mailcap entry for a single content type. Long lines may be continued by ending them with a backslash character, \. Each individual mailcap entry consists of a content-type specification, a command to execute, and (possibly) a set of optional "flag" values. /etc/mailcap.orderThe mailcap ordering specifications. The order of entries in the /etc/mailcap file can be altered by editing the /etc/mailcap.order file. Each line of that file specifies a package and an optional mime type. Mailcap entries that match will be placed in the order of this file. Entries that don't match will be placed later. /etc/mailnameMail server hostname. Normally the same as the hostname. /etc/menu, /etc/menu-methodsThe menu package was inspired by the install-fvwm2-menu program from the old fvwm2 package. However, menu tries to provide a more general interface for menu building. With the update-menus command from this package, no package needs to be modified for every X window manager again, and it provides a unified interface for both text-and X-oriented programs.When a package that wants to add something to the menu tree gets installed, it will run update-menus in its postinstall script. Update-menus then reads in all menu files in /etc/menu/ /usr/lib/menu and /usr/lib/menu/default, and stores the menu entries of all installed packages in memory. Once that has been done, it will run the menu-methods in /etc/menu-methods/*, and pipe the information about the menu entries to the menu-methods on stdout, so that the menu-methods can read this. Each Window Manager or other program that wants to have the debian menu tree, will supply a menu-method script in /etc/menu-methods/. This menu-method then knows how to generate the startup-file for that window manager. To facilitate this task for the window-manager maintainers, menu provides a install-menu program. This program can generate the startupfiles for just about every window manager. /etc/mgetty+sendfaxConfiguration files for use of mgetty as the interface on the serial port. The mgetty routine special routine has special features for handling things such as dial up connections and fax connections. /etc/mime.typesMIME-TYPES and the extensions that represent them. This file is part of the "mime-support" package. Note: Compression schemes like "gzip", "bzip", and "compress" are not actually "mime-types". They are "encodings" and hence must _not_ have entries in this file to map their extensions. The "mime-type" of an encoded file refers to the type of data that has been encoded, not the type of the encoding. /etc/minicom'minicom' configuration files. 'minicom' is a communication program which somewhat resembles the shareware program TELIX but is free with source code and runs under most unices. Features include dialing directory with auto-redial, support for UUCP-style lock files on serial devices, a seperate script language interpreter, capture to file, multiple users with individual configurations, and more. /etc/modulesList of modules to be loaded at startup. # /etc/modules: kernel modules to load at boot time. # # This file should contain the names of kernel modules that are # to be loaded at boot time, one per line. Comments begin with # a "#", and everything on the line after them are ignored. unix af_packet via-rhine cmpci ne2k-pci nvidia /etc/modules.conf ### This file is automatically generated by update-modules" # # Please do not edit this file directly. If you want to change or add # anything please take a look at the files in /etc/modutils and read # the manpage for update-modules. # ### update-modules: start processing /etc/modutils/0keep # DO NOT MODIFY THIS FILE! # This file is not marked as conffile to make sure if you upgrade modutils # it will be restored in case some modifications have been made. # # The keep command is necessary to prevent insmod and friends from ignoring # the builtin defaults of a path-statement is encountered. Until all other # packages use the new `add path'-statement this keep-statement is essential # to keep your system working keep ### update-modules: end processing /etc/modutils/0keep ### update-modules: start processing /etc/modutils/actions # Special actions that are needed for some modules # The BTTV module does not load the tuner module automatically, # so do that in here post-install bttv insmod tuner post-remove bttv rmmod tuner ### update-modules: end processing /etc/modutils/actions ### update-modules: start processing /etc/modutils/aliases # Aliases to tell insmod/modprobe which modules to use # Uncomment the network protocols you don't want loaded: # alias net-pf-1 off # Unix # alias net-pf-2 off # IPv4 # alias net-pf-3 off # Amateur Radio AX.25 # alias net-pf-4 off # IPX # alias net-pf-5 off # DDP / appletalk # alias net-pf-6 off # Amateur Radio NET/ROM # alias net-pf-9 off # X.25 # alias net-pf-10 off # IPv6 # alias net-pf-11 off # ROSE / Amateur Radio X.25 PLP # alias net-pf-19 off # Acorn Econet alias char-major-10-175 agpgart alias char-major-10-200 tun alias char-major-81 bttv alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate # Crypto modules (see http://www.kerneli.org/) alias loop-xfer-gen-0 loop_gen alias loop-xfer-3 loop_fish2 alias loop-xfer-gen-10 loop_gen alias cipher-2 des alias cipher-3 fish2 alias cipher-4 blowfish alias cipher-6 idea alias cipher-7 serp6f alias cipher-8 mars6 alias cipher-11 rc62 alias cipher-15 dfc2 alias cipher-16 rijndael alias cipher-17 rc5 ### update-modules: end processing /etc/modutils/aliases ### update-modules: start processing /etc/modutils/ltmodem-2.4.18 # lt_drivers: autoloading and insertion parameter usage alias char-major-62 lt_serial alias /dev/tts/LT0 lt_serial alias /dev/modem lt_serial # options lt_modem vendor_id=0x115d device_id=0x0420 Forced=3,0x130,0x2f8 # section for lt_drivers ends ### update-modules: end processing /etc/modutils/ltmodem-2.4.18 ### update-modules: start processing /etc/modutils/paths # This file contains a list of paths that modprobe should scan, # beside the once that are compiled into the modutils tools # themselves. ### update-modules: end processing /etc/modutils/paths ### update-modules: start processing /etc/modutils/ppp alias /dev/ppp ppp_generic alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate ### update-modules: end processing /etc/modutils/ppp ### update-modules: start processing /etc/modutils/setserial # # This is what I wanted to do, but logger is in /usr/bin, which isn't # loaded when the module is first loaded into the kernel at boot time! # #post-install serial /etc/init.d/setserial start | #logger -p daemon.info -t "setserial-module reload" #pre-remove serial /etc/init.d/setserial stop | #logger -p daemon.info -t "setserial-module uload" # alias /dev/tts serial alias /dev/tts/0 serial alias /dev/tts/1 serial alias /dev/tts/2 serial alias /dev/tts/3 serial post-install serial /etc/init.d/setserial modload > /dev/null 2> /dev/null pre-remove serial /etc/init.d/setserial modsave > /dev/null 2> /dev/null ### update-modules: end processing /etc/modutils/setserial ### update-modules: start processing /etc/modutils/arch/i386 alias parport_lowlevel parport_pc alias char-major-10-144 nvram alias binfmt-0064 binfmt_aout alias char-major-10-135 rtc ### update-modules: end processing /etc/modutils/arch/i386 /etc/modutilsThese utilities are intended to make a Linux modular kernel manageable for all users, administrators and distribution maintainers. /etc/mtoolsDebian default mtools configuration file. The mtools series of commands work with MS-DOS files and directories on floppy disks. This allows you to use Linux with MS-DOS formatted diskettes on DOS and Windows systems. /etc/manpath.confThis file is used by the man_db package to configure the man and cat paths. It is also used to provide a manpath for those without one by examining their PATH environment variable. For details see the manpath(5) man page. /etc/mediaprmWas formally named /etc/fdprm. See /etc/fdprm for further details. /etc/motdThe message of the day, automatically output after a successful login. Contents are up to the system administrator. Often used for getting information to every user, such as warnings about planned downtimes. Linux debian.localdomain.com 2.4.18 #1 Sat Mar 15 00:17:39 EST 2003 i686 unknown Most of the programs included with the Debian GNU/Linux system are freely redistributable; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. /etc/mtabList of currently mounted filesystems. Initially set up by the bootup scripts, and updated automatically by the mount command. Used when a list of mounted filesystems is needed, e.g., by the df command. This file is sometimes a symbolic link to /proc/mounts. /etc/networksList of networks that the system is currently located on. For example, 192.168.0.0. /etc/nsswitch.confSytem Database/Name Service Switch configuration file. /etc/oss.confOSS (Open Sound System) configuration file. /etc/pam.d/This directory is the home of the configuration files for PAMs, Pluggable Authentication Modules. /etc/postfix/Holds your postfix configuration files. Postfix is now the MTA of choice among Linux distributions. It is sendmail-compatible, offers improved speed over sendmail, ease of administration and security. It was originally developed by IBM and was called the IBM Secure Mailer and is used in many large commercial networks. It is now the de-facto standard. /etc/ppp/The place where your dial-up configuration files are placed. More than likely to be created by the text menu based pppconfig or other GUI based ppp configuration utilities such as kppp or gnome-ppp. /etc/pam.confMost programs use a file under the /etc/pam.d/ directory to setup their PAM service modules. This file is and can be used, but is not recommended. /etc/paper.configPaper size configuration file. /etc/papersizeDefault papersize. /etc/passwdThis is the 'old' password file, It is kept for compatibility and contains the user database, with fields giving the username, real name, home directory, encrypted password, and other information about each user. The format is documented in the passwd man(ual) page. root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:100:sync:/bin:/bin/sync games:x:5:100:games:/usr/games:/bin/sh man:x:6:100:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh postgres:x:31:32:postgres:/var/lib/postgres:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh operator:x:37:37:Operator:/var:/bin/sh list:x:38:38:SmartList:/var/list:/bin/sh irc:x:39:39:ircd:/var:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/home:/bin/sh binh:x:1000:1000:,,,:/home/binh:/bin/bash identd:x:100:65534::/var/run/identd:/bin/false sshd:x:101:65534::/var/run/sshd:/bin/false gdm:x:102:101:Gnome Display Manager:/var/lib/gdm:/bin/false telnetd:x:103:103::/usr/lib/telnetd:/bin/false dummy:x:1001:1001:,,,:/home/dummy:/bin/bash /etc/passwd-Old /etc/passwd file. /etc/printcapPrinter configuration (capabilities) file. The definition of all system printers, whether local or remote, is stored in this file. Its layout is similar to that of /etc/termcap but it uses a different syntax. /etc/profileFiles and commands to be executed at login or startup time by the Bourne or C shells. These allow the system administrator to set global defaults for all users. /etc/profile.dShells scripts to be executed upon login to the Bourne or C shells. These scripts are normally called from the /etc/profile file. /etc/protocolsProtocols definitions file. It describes the various DARPA Internet protocols that are available from the TCP/IP subsystem. It should be consulted instead of using the numbers in the ARPA include files or resorting to guesstimation. This file should be left untouched since changes could result in incorrect IP packages. /etc/pcmciaConfiguration files for PCMCIA devices. Generally only useful to laptop users. /etc/reportbug.confConfiguration file for reportbug. Reportbug is primarily designed to report bugs in the Debian distribution. By default it creates an e-mail to the Debian bug tracking system at mit@bugs.debian.org with information about the bug. Using the -bts option you can report bugs to other servers also using ddebbugs such as KDE.org. It is similar to bug but has far greater capabilities while still maintaining simplicity. /etc/rc.boot or /etc/rc?.dThese directories contain all the files necessary to control system services and configure runlevels. A skeleton file is provided in /etc/init.d/skeleton /etc/rcS.dThe scripts in this directory are executed once when booting the system, even when booting directly into single user mode. The files are all symbolic links, the real files are located in /etc/init.d/. For a more general discussion of this technique, see /etc/init.d/README. /etc/resolv.confConfiguration of how DNS is to occur is defined in this file. It tells the name resolver libraries where they need to go to find information not found in the /etc/hosts file. This always has at least one nameserver line, but preferably three. The resolver uses each in turn. More than the first three can be included but anything beyond the first three will be ignored. Two lines that appear in the /etc/resolv.conf file are domain and search. Both of these are mutually exclusive options, and where both show up, the last one wins. Other entries beyond the three discussed here are listed in the man pages but aren't often used. /etc/rmtThis is not a mistake. This shell script (/etc/rmt) has been provided for compatibility with other Unix-like systems, some of which have utilities that expect to find (and execute) rmt in the /etc directory on remote systems. /etc/rpcThe rpc file contains user readable names that can be used in place of rpc program numbers. Each line has the following information: -name of server for the rpc program -rpc program number -aliases Items are separated by any number of blanks and/or tab characters. A ``#'' indicates the beginning of a comment; characters up to the end of the line are not interpreted by routines which search the file. # /etc/rpc: # $Id$ # # rpc 88/08/01 4.0 RPCSRC; from 1.12 88/02/07 SMI portmapper 100000 portmap sunrpc rstatd 100001 rstat rstat_svc rup perfmeter rusersd 100002 rusers nfs 100003 nfsprog ypserv 100004 ypprog mountd 100005 mount showmount ypbind 100007 walld 100008 rwall shutdown yppasswdd 100009 yppasswd etherstatd 100010 etherstat rquotad 100011 rquotaprog quota rquota sprayd 100012 spray 3270_mapper 100013 rje_mapper 100014 selection_svc 100015 selnsvc database_svc 100016 rexd 100017 rex alis 100018 sched 100019 llockmgr 100020 nlockmgr 100021 x25.inr 100022 statmon 100023 status 100024 bootparam 100026 ypupdated 100028 ypupdate keyserv 100029 keyserver tfsd 100037 nsed 100038 nsemntd 100039 pcnfsd 150001 amd 300019 amq sgi_fam 391002 ugidd 545580417 bwnfsd 788585389 /etc/sambaSamba configuration files. A 'LanManager' like file and printer server for Unix. The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. /etc/sane.dSane configuration files. SANE stands for "Scanner Access Now Easy" and is an application programming interface (API) that provides standardized access to any raster image scanner hardware (flatbed scanner, hand-held scanner, video- and still-cameras, frame-grabbers, etc.). The SANE API is public domain and its discussion and development is open to everybody. The current source code is written for UNIX (including GNU/Linux) and is available under the GNU General Public License (the SANE API is available to proprietary applications and backends as well, however).SANE is a universal scanner interface. The value of such a universal interface is that it allows writing just one driver per image acquisition device rather than one driver for each device and application. So, if you have three applications and four devices, traditionally you'd have had to write 12 different programs. With SANE, this number is reduced to seven: the three applications plus the four drivers. Of course, the savings get even bigger as more and more drivers and/or applications are added.Not only does SANE reduce development time and code duplication, it also raises the level at which applications can work. As such, it will enable applications that were previously unheard of in the UNIX world. While SANE is primarily targeted at a UNIX environment, the standard has been carefully designed to make it possible to implement the API on virtually any hardware or operating system.While SANE is an acronym for ``Scanner Access Now Easy'' the hope is of course that SANE is indeed sane in the sense that it will allow easy implementation of the API while accommodating all features required by today's scanner hardware and applications. Specifically, SANE should be broad enough to accommodate devices such as scanners, digital still and video cameras, as well as virtual devices like image file filters.If you're familiar with TWAIN, you may wonder why there is a need for SANE. Simply put, TWAIN does not separate the user-interface from the driver of a device. This, unfortunately, makes it difficult, if not impossible, to provide network transparent access to image acquisition devices (which is useful if you have a LAN full of machines, but scanners connected to only one or two machines; it's obviously also useful for remote-controlled cameras and such). It also means that any particular TWAIN driver is pretty much married to a particular GUI API (be it Win32 or the Mac API). In contrast, SANE cleanly separates device controls from their representation in a user-interface. As a result, SANE has no difficulty supporting command-line driven interfaces or network-transparent scanning. For these reasons, it is unlikely that there will ever be a SANE backend that can talk to a TWAIN driver. The converse is no problem though: it would be pretty straight forward to access SANE devices through a TWAIN source. In summary, if TWAIN had been just a little better designed, there would have been no reason for SANE to exist, but things being the way they are, TWAIN simply isn't SANE. /etc/securettyIdentifies secure terminals, i.e., the terminals from which root is allowed to log in. Typically only the virtual consoles are listed, so that it becomes impossible (or at least harder) to gain superuser privileges by breaking into a system over a modem or a network. # /etc/securetty: list of terminals on which root is allowed to login. # See securetty(5) and login(1). console # Standard consoles tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 tty12 # Same as above, but these only occur with devfs devices vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 vc/12 /etc/sensors.confConfiguration file for libsensors. A set of libraries designed to ascertain current hardware states via motherboard sensor chips. Useful statistics such as core voltages, CPU temperature can be determined through third party utilities that make user of these libraries such as 'gkrellm'. If you do not wish to install these packages you may also utliise the /proc filesystem real-time nature. /etc/sudoersSudoers file. This file must be edited with the 'visudo' command as root. The sudo command allows an authenticated user to execute an authorized command as root. Both the effective UID and GID are set to 0 (you are basically root). It determines which users are authorized and which commands they are authorized to use. Configuration of this command is via this file. /etc/shadowShadow password file on systems with shadow password software installed (PAMs). Shadow passwords move the encrypted password from /etc/passwd into /etc/shadow; the latter is not readable by anyone except root. This makes it more difficult to crack passwords. /etc/shadow-Old /etc/shadow file. /etc/sysctl.confConfiguration file for setting system variables, most notably kernel parameters. 'sysctl' is a means of configuring certain aspects of the kernel at run-time, and the /proc/sys/ directory is there so that you don't even need special tools to do it! /etc/securityEssential to security. This subdirectory allows administrators to impose quota limits, access limits and also to configure PAM environments. /etc/serial.confSerial port configuration. Changeable parameters include speed, baud rate, port, irq and type. /etc/servicesA definition of the networks, services and the associated port for each protocol that are available on this system. For example, web services (http) are assigned to port 80 by default. # /etc/services: # $Id$ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single # well-known port number for both TCP and UDP; hence, most entries # here have two entries even if the protocol doesn't support UDP # operations. Updated from RFC 1700, ``Assigned Numbers'' (October # 1994). Not all ports are included, only the more common ones. echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp qotd 17/tcp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp fsp 21/udp fspd ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp # 24 - private smtp 25/tcp mail # 26 - unassigned time 37/tcp timserver time 37/udp timserver rlp 39/udp resource # resource location nameserver 42/tcp name # IEN 116 whois 43/tcp nicname re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol domain 53/tcp nameserver # name-domain server domain 53/udp nameserver netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp x11 6000/tcp x11-0 # X windows system x11 6000/udp x11-0 # X windows system /etc/shellsLists trusted shells. The chsh command allows users to change their login shell only to shells listed in this file. ftpd, the server process that provides FTP services for a machine, will check that the user's shell is listed in /etc/shells and will not let people log in unless the shell is listed there. There are also some display managers that will passively or actively (dependent upon on distribution and display manager being used) refuse a user access to the system unless their shell is one of those listed here. # /etc/shells: valid login shells /bin/ash /bin/bash /bin/csh /bin/sh /usr/bin/es /usr/bin/ksh /bin/ksh /usr/bin/rc /usr/bin/tcsh /bin/tcsh /usr/bin/zsh /bin/sash /bin/zsh /usr/bin/esh /etc/skel/The default files for each new user are stored in this directory. Each time a new user is added, these skeleton files are copied into their home directory. An average system would have: .alias, .bash_profile, .bashrc and .cshrc files. Other files are left up to the system administrator. /etc/sysconfig/This directory contains configuration files and subdirectories for the setup of system configuration specifics and for the boot process, like 'clock', which sets the timezone, or 'keyboard' which controls the keyboard map. The contents may vary drastically depending on which distribution and what utilities you have installed. For example, on a Redhat or Mandrake based system it is possible to alter an endless array of attributes from the default desktop to whether DMA should be enabled for your IDE devices. On our Debian reference system though this folder is almost expedient containing only two files hwconf and soundcard which are both configured by the Redhat utilities hwconf and sndconfig respectively. /etc/slipConfiguration files for the setup and operation of SLIP (serial line IP) interface. Generally unused nowadays. This protocol has been superceded by the faster and more efficient PPP protocol. /etc/screenrcThis is the system wide screenrc. You can use this file to change the default behavior of screen system wide or copy it to ~/.screenrc and use it as a starting point for your own settings. Commands in this file are used to set options, bind screen functions to keys, redefine terminal capabilities, and to automatically establish one or more windows at the beginning of your screen session. This is not a comprehensive list of options, look at the screen manual for details on everything that you can put in this file. /etc/scrollkeeper.confA free electronic cataloging system for documentation. It stores metadata specified by the http://www.ibiblio.org/osrt/omf/ (Open Source Metadata Framework) as well as certain metadata extracted directly from documents (such as the table of contents). It provides various functionality pertaining to this metadata to help browsers, such as sorting the registered documents or searching the metadata for documents which satisfy a set of criteria. /etc/ssh'ssh' configuration files. 'ssh' is a secure rlogin/rsh/rcp replacement (OpenSSH). This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. 'ssh' (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel. It should be noted that in some countries, particularly Iraq, and Pakistan, it may be illegal to use any encryption at all without a special permit. /etc/syslog.confLists where log files should go, what messages are written to them and the level of verbosity. It is also now possible to filter based on message content, message integrity, message encryption (near future), portability and better network forwarding. /etc/termcapThe terminal capability database. Describes the "escape sequences" by which various terminals can be controlled. Programs are written so that instead of directly outputting an escape sequence that only works on a particular brand of terminal, they look up the correct sequence to do whatever it is they want to do in /etc/termcap. As a result most programs work with most kinds of terminals. /etc/timezonelocal timezone./etc/updatedb.confSets environment variables that are used by updatedb which therefore configures the database for 'locate', a utility that locates a pattern in a database of filenames and returns the filenames that match. # This file sets environment variables which are used by updatedb # filesystems which are pruned from updatedb database PRUNEFS="NFS nfs afs proc smbfs autofs auto iso9660 ncpfs coda devpts ftpfs" export PRUNEFS # paths which are pruned from updatedb database PRUNEPATHS="/tmp /usr/tmp /var/tmp /afs /amd /alex /var/spool" export PRUNEPATHS # netpaths which are added NETPATHS="" export NETPATHS /etc/vgaThe configuration file for the svgalib is stored in this directory. svgalib provides graphics capabilities to programs running on the system console, without going through the X Window System. It uses direct access to the video hardware to provide low-level access to the standard VGA and SVGA graphics modes. It only works with some video hardware; so use with caution. /etc/vimContains configuration files for both vim and its X based counterpart gvim. A wide range of options can be accessed though these two files such as automatic indentation, syntax highlighting, etc.... /etc/xinetd.d/The original 'inetd' daemon has now been superceded by the much improved 'xinetd'. 'inetd' should be run at boot time by /etc/init.d/inetd (or /etc/rc.local on some systems). It then listens for connections on certain Internet sockets. When a connection is found on one of its sockets, it decides what service the socket corresponds to, and invokes a program to service the request. After the program is finished, it continues to listen on the socket (except in some cases). Essentially, inetd allows running one daemon to invoke several others, reducing load on the system. Services controlled via xinetd put their configuration files here. /etc/zloginSystem-wide .zlogin file for zsh(1). This file is sourced only for login shells. It should contain commands that should be executed only in login shells. It should be used to set the terminal type and run a series of external commands (fortune, msgs, from, etc.) /etc/zlogoutCommands to be executed upon user exit from the zsh. It's control is system-wide but the .zlogout file for zsh(1) does override it in terms of importance. /etc/zprofileSystem-wide .zprofile file for zsh(1). This file is sourced only for login shells (i.e. Shells invoked with "-" as the first character of argv[0], and shells invoked with the -l flag.) /etc/zshenvSystem-wide .zshenv file for zsh(1). This file is sourced on all invocations of the shell. If the -f flag is present or if the NO_RCS option is set within this file, all other initialization files are skipped. This file should contain commands to set the command search path, plus other important environment variables. This file should not contain commands that produce output or assume the shell is attached to a tty. /etc/zshrcSystem-wide .zshrc file for zsh(1). This file is sourced only for interactive shells. It should contain commands to set up aliases, functions, options, key bindings, etc. Compliance with the FSSTND require that the following directories, or symbolic links to directories are required in /etc: /etc -- Host-specific system configuration /etc/opt Configuration for /opt The following directories, or symbolic links to directories must be in /etc, if the corresponding subsystem is installed: /etc -- Host-specific system configuration /etc/X11 Configuration for the X Window System (optional) /etc/sgml Configuration for SGML and XML (optional) The following files, or symbolic links to files, must be in /etc if the corresponding subsystem is installed: Systems that use the shadow password suite will have additional configuration files in /etc (/etc/shadow and others) and programs in /usr/sbin (useradd, usermod, and others). csh.login Systemwide initialization file for C shell logins (optional) exports NFS filesystem access control list (optional) fstab Static information about filesystems (optional) ftpusers FTP daemon user access control list (optional) gateways File which lists gateways for routed (optional) gettydefs Speed and terminal settings used by getty (optional) group User group file (optional) host.conf Resolver configuration file (optional) hosts Static information about host names (optional) hosts.allow Host access file for TCP wrappers (optional) hosts.deny Host access file for TCP wrappers (optional) hosts.equiv List of trusted hosts for rlogin, rsh, rcp (optional) hosts.lpd List of trusted hosts for lpd (optional) inetd.conf Configuration file for inetd (optional) inittab Configuration file for init (optional) issue Pre-login message and identification file (optional) ld.so.conf List of extra directories to search for shared libraries (optional) motd Post-login message of the day file (optional) mtab Dynamic information about filesystems (optional) mtab does not fit the static nature of /etc: it is excepted for historical reasons. On some Linux systems, this may be a symbolic link to /proc/mounts, in which case this exception is not required. mtools.conf Configuration file for mtools (optional) networks Static information about network names (optional) passwd The password file (optional) printcap The lpd printer capability database (optional) profile Systemwide initialization file for sh shell logins (optional) protocols IP protocol listing (optional) resolv.conf Resolver configuration file (optional) rpc RPC protocol listing (optional) securetty TTY access control for root login (optional) services Port names for network services (optional) shells Pathnames of valid login shells (optional) syslog.conf Configuration file for syslogd (optional) /etc/opt : Configuration files for /opt Host-specific configuration files for add-on application software packages must be installed within the directory /etc/opt/<package>, where <package> is the name of the subtree in /opt where the static data from that package is stored. No structure is imposed on the internal arrangement of /etc/opt/<package>. If a configuration file must reside in a different location in order for the package or system to function properly, it may be placed in a location other than /etc/opt/<package>. /etc/X11 : Configuration for the X Window System (optional) /etc/X11 is the location for all X11 host-specific configuration. This directory is necessary to allow local control if /usr is mounted read only. The following files, or symbolic links to files, must be in ` /etc/X11 if the corresponding subsystem is installed: Xconfig The configuration file for early versions of XFree86 (optional) XF86Config The configuration file for XFree86 versions 3 and 4 (optional) Xmodmap Global X11 keyboard modification file (optional) Subdirectories of /etc/X11 may include those for xdm and for any other programs (some window managers, for example) that need them. /etc/X11/xdm holds the configuration files for xdm. These are most of the files previously found in /usr/lib/X11/xdm. Some local variable data for xdm is stored in /var/lib/xdm. We recommend that window managers with only one configuration file which is a default .*wmrc file must name it system.*wmrc (unless there is a widely-accepted alternative name) and not use a subdirectory. Any window manager subdirectories must be identically named to the actual window manager binary. /etc/sgml : Configuration files for SGML and XML (optional) Generic configuration files defining high-level parameters of the SGML or XML systems are installed here. Files with names *.conf indicate generic configuration files. File with names *.cat are the DTD-specific centralized catalogs, containing references to all other catalogs needed to use the given DTD. The super catalog file catalog references all the centralized catalogs.