Configuring System Settings

3 Configuring System Settings

WARNING:

Oracle Linux 7 is now in Extended Support. See Oracle Linux Extended Support and Oracle Open Source Support Policies for more information.

Migrate applications and data to Oracle Linux 8 or Oracle Linux 9 as soon as possible.

This chapter describes the files and virtual file systems that you can use to change configuration settings for your system.

About the /etc/sysconfig Files

The /etc/sysconfig directory contains files that control your system's configuration. The contents of this directory depend on the packages that you have installed on your system.

Some of the files that you might find in the /etc/sysconfig directory include:

atd: Specifies additional command line arguments for the atd daemon.
authconfig: Specifies whether various authentication mechanisms and options may be used. For example, the entry USEMKHOMEDIR=no disables the creation of a home directory for a user when he or she first logs in.
autofs: Defines custom options for automatically mounting devices and controlling the operation of the automounter.
crond: Passes arguments to the crond daemon at boot time.
firewalld: Passes arguments to the firewall daemon (firewalld) at boot time.
grub: Specifies default settings for the GRUB 2 boot loader. This file is a symbolic link to /etc/default/grub. For more information, see Working With the GRUB 2 Bootloader.
init: Controls how the system appears and functions during the boot process.
keyboard: Specifies the keyboard.
modules (directory): Contains scripts that the kernel runs to load additional modules at boot time. A script in the modules directory must have the extension .modules and it must have 755 executable permissions. For an example, see the bluez-uinput.modules script that loads the uinput module. For more information, see Specifying Modules To Be Loaded at Boot Time.
named: Passes arguments to the name service daemon at boot time. The named daemon is a Domain Name System (DNS) server that is part of the Berkeley Internet Name Domain (BIND) distribution. This server maintains a table that associates host names with IP addresses on the network.
nfs: Controls which ports remote procedure call (RPC) services use for NFS v2 and v3. This file allows you to set up firewall rules for NFS v2 and v3. Firewall configuration for NFS v4 does not require you to edit this file.
ntpd: Passes arguments to the network time protocol (NTP) daemon at boot time.
samba: Passes arguments to the smbd, nmbd, and winbindd daemons at boot time to support file-sharing connectivity for Windows clients, NetBIOS-over-IP naming service, and connection management to domain controllers.
selinux: Controls the state of SELinux on the system. This file is a symbolic link to /etc/selinux/config. For more information, see Oracle^® Linux: Administering SELinux.
snapper: Defines a list of btrfs file systems and thinly-provisioned LVM volumes whose contents can be recorded as snapshots by the snapper utility. For more information, see Oracle Linux 7: Managing File Systems.
sysstat: Configures logging parameters for system activity data collector utilities such as sadc.

For more information, see /usr/share/doc/initscripts*/sysconfig.txt.

Note:

In previous releases of Oracle Linux, the host name of the system was defined in /etc/sysconfig/network. The host name is now defined in /etc/hostname and can be changed by using the hostnamectl command. The host name must be a fully qualified domain name (FQDN), for example, host20.mydomain.com, instead of a simple short name.

Additionally, system-wide default localization settings such as the default language, keyboard, and console font were defined in /etc/sysconfig/i18n. These settings are now defined in /etc/locale.conf and /etc/vconsole.conf.

For more information, see the hostname(5), hostnamectl(1), locale.conf(5), and vconsole.conf(5) manual pages.

About the /proc Virtual File System

The files in the /proc directory hierarchy contain information about your system hardware and the processes that are running on the system. You can change the configuration of the kernel by writing to certain files that have write permission.

The name of the proc file system stems from its original purpose on the Oracle Solaris operating system, which was to allow access by debugging tools to the data structures inside running processes. Linux added this interface and extended it to allow access to data structures in the kernel. Over time, /proc became quite disordered and the sysfs file system was created in an attempt to tidy it up. For more information, see About the /sys Virtual File System.

Files under the /proc directory are virtual files that the kernel creates on demand to present a browsable view of the underlying data structures and system information. As such, /proc is an example of a virtual file system. Most virtual files are listed as zero bytes in size, but they contain a large amount of information when viewed.

Virtual files such as /proc/interrupts, /proc/meminfo, /proc/mounts, and /proc/partitions provide a view of the system’s hardware. Others, such as /proc/filesystems and the files under /proc/sys provide information about the system's configuration and allow this configuration to be modified.

Files that contain information about related topics are grouped into virtual directories. For example, a separate directory exists in /proc for each process that is currently running on the system, and the directory's name corresponds to the numeric process ID. /proc/1 corresponds to the systemd process, which has a PID of 1.

You can use commands such as cat, less, and view to examine virtual files within /proc. For example, /proc/cpuinfo contains information about the system's CPUs:

sudo cat /proc/cpuinfo

processor         : 0
vendor_id         : GenuineIntel
cpu family        : 6
model             : 42
model name        : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
stepping          : 7
cpu MHz           : 2393.714
cache size        : 6144 KB
physical id       : 0
siblings          : 2
core id           : 0
cpu cores         : 2
apicid            : 0
initial apicid    : 0
fpu               : yes
fpu_exception     : yes
cpuid level       : 5
wp                : yes
...

Certain files under /proc require root privileges for access or contain information that is not human-readable. You can use utilities such as lspci, free, and top to access the information in these files. For example, lspci lists all PCI devices on a system:

sudo lspci

00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:02.0 VGA compatible controller: InnoTek Systemberatung GmbH VirtualBox Graphics Adapter
00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
00:04.0 System peripheral: InnoTek Systemberatung GmbH VirtualBox Guest Service
00:05.0 Multimedia audio controller: Intel Corporation 82801AA AC'97 Audio Controller (rev 01)
00:06.0 USB controller: Apple Inc. KeyLargo/Intrepid USB
00:07.0 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:0b.0 USB controller: Intel Corporation 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller
00:0d.0 SATA controller: Intel Corporation 82801HM/HEM (ICH8M/ICH8M-E) SATA Controller [AHCI mode]
        (rev 02)
...

Virtual Files and Directories Under /proc

The following table lists the most useful virtual files and directories under the /proc directory hierarchy.

Table 3-1 Useful Virtual Files and Directories Under /proc

Virtual File or Directory	Description
`PID` (Directory)	Provides information about the process with the process ID (PID). The directory's owner and group is same as the process's. Useful files under the directory include: `cmdline` Command path. `cwd` Symbolic link to the process's current working directory. `environ` Environment variables. `exe` Symbolic link to the command executable. `fd/N` File descriptors. `maps` Memory maps to executable and library files. `root` Symbolic link to the effective root directory for the process. `stack` The contents of the kernel stack. `status` Run state and memory usage.
`buddyinfo`	Provides information for diagnosing memory fragmentation.
`bus` (directory)	Contains information about the various buses (such as `pci` and `usb`) that are available on the system. You can use commands such as `lspci`, `lspcmcia`, and `lsusb` to display information for such devices.
`cgroups`	Provides information about the resource control groups that are in use on the system.
`cmdline`	Lists parameters passed to the kernel at boot time.
`cpuinfo`	Provides information about the system's CPUs.
`crypto`	Provides information about all installed cryptographic cyphers.
`devices`	Lists the names and major device numbers of all currently configured characters and block devices.
`dma`	Lists the direct memory access (DMA) channels that are currently in use.
`driver` (directory)	Contains information about drivers used by the kernel, such as those for non-volatile RAM (`nvram`), the real-time clock (`rtc`), and memory allocation for sound (`snd-page-alloc`).
`execdomains`	Lists the execution domains for binaries that the Oracle Linux kernel supports.
`filesystems`	Lists the file system types that the kernel supports. Entries marked with `nodev` are not in use.
`fs` (directory)	Contains information about mounted file systems, organized by file system type.
`interrupts`	Records the number of interrupts per interrupt request queue (IRQ) for each CPU since system startup.
`iomem`	Lists the system memory map for each physical device.
`ioports`	Lists the range of I/O port addresses that the kernel uses with devices.
`irq` (directory)	Contains information about each IRQ. You can configure the affinity between each IRQ and the system CPUs.
`kcore`	Presents the system's physical memory in `core` file format that you can examine using a debugger such as `crash` or `gdb`. This file is not human-readable.
`kmsg`	Records kernel-generated messages, which are picked up by programs such as `dmesg`.
`loadavg`	Displays the system load averages (number of queued processes) for the past 1, 5, and 15 minutes, the number of running processes, the total number of processes, and the PID of the process that is running.
`locks`	Displays information about the file locks that the kernel is currently holding on behalf of processes. The information provided includes: lock class (`FLOCK` or `POSIX`) lock type (`ADVISORY` or `MANDATORY`) access type (`READ` or `WRITE`) process ID major device, minor device, and inode numbers bounds of the locked region
`mdstat`	Lists information about multiple-disk RAID devices.
`meminfo`	Reports the system's usage of memory in more detail than is available using the `free` or `top` commands.
`modules`	Displays information about the modules that are currently loaded into the kernel. The `lsmod` command formats and displays the same information, excluding the kernel memory offset of a module.
`mounts`	Lists information about all mounted file systems.
`net` (directory)	Provides information about networking protocol, parameters, and statistics. Each directory and virtual file describes aspects of the configuration of the system's network.
`partitions`	Lists the major and minor device numbers, number of blocks, and name of partitions mounted by the system.
`scsi/device_info`	Provides information about supported SCSI devices.
`scsi/scsi` and `scsi/sg/*`	Provide information about configured SCSI devices, including vendor, model, channel, ID, and LUN data .
`self`	Symbolic link to the process that is examining `/proc`.
`slabinfo`	Provides detailed information about slab memory usage.
`softirqs`	Displays information about software interrupts (softirqs). A softirq is similar to a hardware interrupt (hardirq) and allow the kernel to perform asynchronous processing that would take too long during a hardware interrupt.
`stat`	Records information about the system since it was started, including: `cpu` Total CPU time (measured in jiffies) spent in user mode, low-priority user mode, system mode, idle, waiting for I/O, handling hardirq events, and handling softirq events. `cpuN` Times for CPU N.
`swaps`	Provides information about swap devices. The units of size and usage are kilobytes.
`sys` (directory)	Provides information about the system and also allows you to enable, disable, or modify kernel features. You can write new settings to any file that has write permission. See Changing Kernel Parameters. The following subdirectory hierarchies of `/proc/sys` contain virtual files, some of whose values you can usefully alter: `dev` Device parameters. `fs` File system parameters. `kernel` Kernel configuration parameters. `net` Networking parameters.
`sysvipc` (directory)	Provides information about the usage of System V Interprocess Communication (IPC) resources for messages (`msg`), semaphores (`sem`), and shared memory (`shm`).
`tty` (directory)	Provides information about the available and currently used terminal devices on the system. The `drivers` virtual file lists the devices that are currently configured.
`vmstat`	Provides information about virtual memory usage.

For more information, see the proc(5) manual page.

Changing Kernel Parameters

Some virtual files under /proc, and under /proc/sys in particular, are writable and you can use them to adjust settings in the kernel. For example, to change the host name, you can write a new value to /proc/sys/kernel/hostname:

echo www.mydomain.com > /proc/sys/kernel/hostname

Other files take value that take binary or Boolean values. For example, the value of /proc/sys/net/ipv4/ip_forward determines whether the kernel forwards IPv4 network packets.

cat /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward

You can use the sysctl command to view or modify values under the /proc/sys directory.

Note:

Even root cannot bypass the file access permissions of virtual file entries under /proc. If you attempt to change the value of a read-only entry such as /proc/partitions, there is no kernel code to service the write() system call.

To display all of the current kernel settings:

sudo sysctl -a

kernel.sched_child_runs_first = 0
kernel.sched_min_granularity_ns = 2000000
kernel.sched_latency_ns = 10000000
kernel.sched_wakeup_granularity_ns = 2000000
kernel.sched_shares_ratelimit = 500000
...

Note:

The delimiter character in the name of a setting is a period (.) rather than a slash (/) in a path relative to /proc/sys. For example, net.ipv4.ip_forward represents net/ipv4/ip_forward and kernel.msgmax represents kernel/msgmax.

To display an individual setting, specify its name as the argument to sysctl:

sudo sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 0

To change the value of a setting, use the following form of the command:

sudo sysctl -w net.ipv4.ip_forward=1

net.ipv4.ip_forward = 1

Changes that you make in this way remain in force only until the system is rebooted. To make configuration changes persist after the system is rebooted, you must add them to the /etc/sysctl.d directory as a configuration file. Any changes that you make to the files in this directory take effect when the system reboots or if you run the sysctl --system command, for example:

echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/ip_forward.conf 
grep -r ip_forward /etc/sysctl.d

/etc/sysctl.d/ip_forward.conf:net.ipv4.ip_forward=1

sudo sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 0

sudo sysctl --system

* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/ip_forward.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

For more information, see the sysctl(8) and sysctl.d(5) manual pages.

Parameters That Control System Performance

The following parameters control aspects of system performance:

fs.file-max: Specifies the maximum number of open files for all processes. Increase the value of this parameter if you see messages about running out of file handles.
net.core.netdev_max_backlog: Specifies the size of the receiver backlog queue, which is used if an interface receives packets faster than the kernel can process them. If this queue is too small, packets are lost at the receiver, rather than on the network.
net.core.rmem_max: Specifies the maximum read socket buffer size. To minimize network packet loss, this buffer must be large enough to handle incoming network packets.
net.core.wmem_max: Specifies the maximum write socket buffer size. To minimize network packet loss, this buffer must be large enough to handle outgoing network packets.
net.ipv4.tcp_available_congestion_control: Displays the TCP congestion avoidance algorithms that are available for use. Use the modprobe command if you need to load additional modules such as tcp_htcp to implement the htcp algorithm.
net.ipv4.tcp_congestion_control: Specifies which TCP congestion avoidance algorithm is used.
net.ipv4.tcp_max_syn_backlog: Specifies the number of outstanding SYN requests that are allowed. Increase the value of this parameter if you see synflood warnings in your logs, and investigation shows that they are occurring because the server is overloaded by legitimate connection attempts.
net.ipv4.tcp_rmem: Specifies minimum, default, and maximum receive buffer sizes that are used for a TCP socket. The maximum value cannot be larger than net.core.rmem_max.
net.ipv4.tcp_wmem: Specifies minimum, default, and maximum send buffer sizes that are used for a TCP socket. The maximum value cannot be larger than net.core.wmem_max.
vm.swappiness: Specifies how likely the kernel is to write loaded pages to swap rather than drop pages from the system page cache. When set to 0, swapping only occurs to avoid an out of memory condition. When set to 100, the kernel swaps aggressively. For a desktop system, setting a lower value can improve system responsiveness by decreasing latency. The default value is 60.

Caution:

This parameter is intended for use with laptops to reduce power consumption by the hard disk. Do not adjust this value on server systems.

Parameters That Control Kernel Panics

The following parameters control the circumstances under which a kernel panic can occur:

kernel.hung_task_panic

(UEK R3 only) If set to 1, the kernel panics if any kernel or user thread sleeps in the TASK_UNINTERRUPTIBLE state (D state) for more than kernel.hung_task_timeout_secs seconds. A process remains in D state while waiting for I/O to complete. You cannot kill or interrupt a process in this state.

The default value is 0, which disables the panic.

Tip:

To diagnose a hung thread, you can examine /proc/PID/stack, which displays the kernel stack for both kernel and user threads.

kernel.hung_task_timeout_secs

(UEK R3 only) Specifies how long a user or kernel thread can remain in D state before a warning message is generated or the kernel panics (if the value of kernel.hung_task_panic is 1). The default value is 120 seconds. A value of 0 disables the timeout.

kernel.nmi_watchdog

If set to 1 (default), enables the non-maskable interrupt (NMI) watchdog thread in the kernel. If you want to use the NMI switch or the OProfile system profiler to generate an undefined NMI, set the value of kernel.nmi_watchdog to 0.

kernel.panic

Specifies the number of seconds after a panic before a system will automatically reset itself.

If the value is 0, the system hangs, which allows you to collect detailed information about the panic for troubleshooting. This is the default value.

To enable automatic reset, set a non-zero value. If you require a memory image (vmcore), allow enough time for Kdump to create this image. The suggested value is 30 seconds, although large systems will require a longer time.

kernel.panic_on_io_nmi

If set to 0 (default), the system tries to continue operations if the kernel detects an I/O channel check (IOCHK) NMI that usually indicates a uncorrectable hardware error. If set to 1, the system panics.

kernel.panic_on_oops

If set to 0, the system tries to continue operations if the kernel encounters an oops or BUG condition. If set to 1 (default), the system delays a few seconds to give the kernel log daemon, klogd, time to record the oops output before the panic occurs.

In an OCFS2 cluster. set the value to 1 to specify that a system must panic if a kernel oops occurs. If a kernel thread required for cluster operation crashes, the system must reset itself. Otherwise, another node might not be able to tell whether a node is slow to respond or unable to respond, causing cluster operations to hang.

kernel.panic_on_stackoverflow

(RHCK only) If set to 0 (default), the system tries to continue operations if the kernel detects an overflow in a kernel stack. If set to 1, the system panics.

kernel.panic_on_unrecovered_nmi

If set to 0 (default), the system tries to continue operations if the kernel detects an NMI that usually indicates an uncorrectable parity or ECC memory error. If set to 1, the system panics.

kernel.softlockup_panic

If set to 0 (default), the system tries to continue operations if the kernel detects a soft-lockup error that causes the NMI watchdog thread to fail to update its time stamp for more than twice the value of kernel.watchdog_thresh seconds. If set to 1, the system panics.

kernel.unknown_nmi_panic

If set to 1, the system panics if the kernel detects an undefined NMI. You would usually generate an undefined NMI by manually pressing an NMI switch. As the NMI watchdog thread also uses the undefined NMI, set the value of kernel.unknown_nmi_panic to 0 if you set kernel.nmi_watchdog to 1.

kernel.watchdog_thresh

Specifies the interval between generating an NMI performance monitoring interrupt that the kernel uses to check for hard-lockup and soft-lockup errors. A hard-lockup error is assumed if a CPU is unresponsive to the interrupt for more than kernel.watchdog_thresh seconds. The default value is 10 seconds. A value of 0 disables the detection of lockup errors.

vm.panic_on_oom

If set to 0 (default), the kernel’s OOM-killer scans through the entire task list and attempts to kill a memory-hogging process to avoid a panic. If set to 1, the kernel panics but can survive under certain conditions. If a process limits allocations to certain nodes by using memory policies or cpusets, and those nodes reach memory exhaustion status, the OOM-killer can kill one process. No panic occurs in this case because other nodes’ memory might be free and the system as a whole might not yet be out of memory. If set to 2, the kernel always panics when an OOM condition occurs. Settings of 1 and 2 are for intended for use with clusters, depending on your preferred failover policy.

About the /sys Virtual File System

In addition to /proc, the kernel exports information to the /sys virtual file system (sysfs). Programs such as the dynamic device manager, udev, use /sys to access device and device driver information. The implementation of /sys has helped to tidy up the /proc file system as most hardware information has been moved to /sys.

Note:

/sys exposes kernel data structures and control points, which implies that it might contain circular references, where a directory links to an ancestor directory. As a result, a find command used on /sys might never terminate.

The following list identifies useful virtual directories under the /sys directory hierarchy.

block

Contains subdirectories for block devices. For example: /sys/block/sda.
bus

Contains subdirectories for each supported physical bus type, such as pci, pcmcia, scsi, or usb. Under each bus type, the devices directory lists discovered devices, and the drivers directory contains directories for each device driver.
class

Contains subdirectories for every class of device that is registered with the kernel.
devices

Contains the global device hierarchy of all devices on the system. The platform directory contains peripheral devices such as device controllers that are specific to a particular platform. The system directory contains non-peripheral devices such as CPUs and APICs. The virtual directory contains virtual and pseudo devices. See Device Management.
firmware

Contains subdirectories for firmware objects.
module

Contains subdirectories for each module loaded into the kernel. You can alter some parameter values for loaded modules. See About Module Parameters.
power

Contains attributes that control the system's power state.

For more information, see https://www.kernel.org/doc/Documentation/filesystems/sysfs.txt.

Configuring System Date and Time Settings

System time is based on the POSIX time standard, where time is measured as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), Thursday, 1 January 1970. A day is defined as 86400 seconds and leap seconds are subtracted automatically.

Date and time representation on a system can be set to match a specific timezone. To list all of the available timezones, run:

sudo timedatectl list-timezones

To set the system timezone to match a value returned from the available timezones, you can run:

sudo timedatectl set-timezone America/Los_Angeles

Substitute America/Los_Angeles with a valid timezone entry.

This command sets a symbolic link from /etc/localtime to point to the appropriate zone information file in /usr/share/zoneinfo/. The setting takes effect immediately. Some long running processes that might use /etc/localtime to detect the current system timezone, may not detect a subsequent change in system timezone until the process is restarted.

Note that timezones are largely used for display purposes or to handle user input. Changing timezone does not change the time for the system clock. You can change the presentation for system time in any console by setting the TZ environment variable. For example, to see the current time in Tokyo, you can run:

TZ="Asia/Tokyo" date

You can check your system's current date and time configuration by running the timedatectl command on its own:

sudo timedatectl

      Local time: Thu 2018-10-25 13:11:30 BST
  Universal time: Thu 2018-10-25 12:11:30 UTC
        RTC time: Thu 2018-10-25 12:11:17
       Time zone: Europe/London (BST, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2018-03-25 00:59:59 GMT
                  Sun 2018-03-25 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2018-10-28 01:59:59 BST
                  Sun 2018-10-28 01:00:00 GMT

To set system time manually, you can use the timedatectl set-time command. For example. you can run:

sudo timedatectl set-time "2018-10-28 01:59:59"

This command sets the current system time based on the time specified assuming the currently set system timezone. The command also updates the system Real Time Clock (RTC).

Consider configuring your system to use network time synchronization for accurate time-keeping. This can be particularly important when setting up high-availability or when using network-based file systems.

If you configure an NTP service, you can enable NTP by running the following command:

sudo timedatectl set-ntp true

This command enables and starts the chronyd service, if available.