Implementing High Availability in MySQL

MySQL provides a built-in data replication functionality for maintaining identical copies of its data to one or more backend servers, thus providing a simple High Availability mechanism. On the other hand, the Open Source community has several projects to implement failover techniques, being one of them Heartbeat.

This article will show you how to implement a clustered, highly available and inexpensive solution based on GNU/Linux and combining MySQL as the database engine and Heartbeat as the failover mechanism. The configuration will consist of a 2-node active/passive cluster.

I assume you have MySQL up and running on both nodes and that your are working with MySQL 4.0.13 or above. If not, please refer to MySQL manual here and download a recent copy here.

How does replication works in MySQL

Replication in MySQL is very simple: one machine acts as the master server and one or more machines act as the backup servers (the replica servers). The master server keeps all changes made to its databases in binary log files, so the backup server(s) can read these files and apply the changes to its own copy of the data.

In more detail, the binary log file records all the changes (UPDATE, DELETE, INSERT…) made to the master's databases since the first time the replication was configured and started. The master also creates and maintains an index file to keep track of the binary logs created. Upon connecting, the slave server(s) obtains new updates from the binary log and aplies them to its copy of the data.

Note: As MySQL suggests, visit their website often to check the latest changes and improvements to its database replication implementation.

How does Heartbeat works

Heartbeat is a piece of software that provides High Availability features such as monitoring the availability of the machines in the cluster, transferring the virtual IPs (more on this later) in case of failures and starting and stopping services.

The Heartbeat software running on the slave server periodically checks the health of the master server by listening to its heartbeats sent via null modem cable and/or a crossover ethernet cable. Note that in the best scenario slave's main task is nothing but to monitor the health of its master. In case of a crash the slave will not receive the heartbeats from the master and then it will take over the virtual IPs and the services offered by the master.

The overall picture

Next figure shows the picture of our cluster.

As previously stated, our configuration will consist of a 2-node active/passive cluster: dbserv1, the master server and dbserv2, the slave server. Both machines are linked via serial COM port /dev/ttyS0 (null modem cable) and a crossover ethernet cable (eth0), through which they send its heartbeats to each other.

The 192.168.1.103 IP address at eth1:0 is the floating IP address, the virtual IP. This is the service IP where the master listens to and that will be transferred to the slave in case of a failure in the master. Requests from the application servers will be made through the virtual IP.

Both servers have another IP address that can be used to administer the machines: 192.168.1.101 and 192.168.1.102. Bear in mind that the virtual IP (192.168.1.103) is set up by Heartbeat, meaning that if it is not up and running in the active server there will be no access to the virtual service.

Setting up replication

1. Create a replication user on the master:

mysql -u root -p

At MySQL prompt type:

GRANT REPLICATION SLAVE ON *.* TO replica@"%" IDENTIFIED BY 'replica_passwd';

2. Stop MySQL on both the master server and the slave server. Take a snapshot of your databases from the master.

/etc/init.d/mysql stop
tar cvzf mysqldb.tgz /path/to/your/databases

In my configuration I would…

/etc/init.d/mysql stop
tar cvzf mysqldb.tgz /var/mysql-data/*

3. Copy the data to the slave

scp /path/to/mysqldb.tgz admin@dbserv2:/path/to/your/databases

If you are using InnoDB tables, copy your tablespace file(s) and associated log files to the slave. In my case, the tablespace is called ibdata and the log files are those ib_*. So:

scp /var/mysql-data/ibdata admin@dbserv2:/var/mysql-data
scp /var/log/mysql/ib_* admin@dbserv2:/var/log/mysql

4. Activate the binary log and assign a unique ID to the master:

vi /etc/my.cnf

Then add/change the following

[mysqld]
…..
# Enable binary logs. Path to bin log is optional
log-bin=/var/log/mysql/dbserv1
# If the binary log exceeds 10M, rotate the logs
max_binlog_size=10M
# Set master server ID
server-id=1
…..

Now you can start mysqld on the master. Watch the logs to see if there are problems.

/etc/init.d/mysql start

5. Log in on the slave.

vi /etc/my.cnf

Then add/change the following:

server-id=2
# This is eth0. Take a look at figure 1
master-host=192.168.100.1
master-user=replica
master-password=replica_passwd
# Port that master server is listening to
master-port=3306
# Number of seconds before retrying to connect to master. Defaults to 60 secs
#master-connect-retry

6. Uncompress the databases

cd /path/to/your/databases
tar xvzf mysqldb.tgz

chown -R mysql.mysql /path/to/your/databases

Make sure your tablespace file(s) and associated files are in place (/path/to/your/databases in our example).

7. Start mysqld on the slave. Watch the logs to see if there are problems.

/etc/init.d/mysql start

8. Check if replication is working. For example, log in on the master, create a database and see if it is replicated on the slave:

mysql -u root -p

create database replica_test;
show databases;


+----------------+
| Database |
+----------------+
| replica_test |
| mysql |
| test |
| tmp |
+----------------+

Log in on the slave server and make sure the database replica_test is created:

mysql -u root -p
show databases;


+----------------+
| Database |
+----------------+
| replica_test |
| mysql |
| test |
| tmp |
+----------------+

If you have problems, please refer to MySQL manual here.

Installing and setting up Heartbeat

Download a recent copy of Heartbeat from here and then as usual….

configure
make
make install

or:

rpm -Uhv heartbeat-1.0.4-1.i386.rpm

if you downloaded the RPM based package.

Configuring heartbeat

There are three files involved in the configuration of heartbeat:

• ha.cf: the main configuration file that describes the machines involved and how they behave.
• haresources: this configuration file specifies virtual IP (VIP) and services handled by heartbeat.
• authkeys: specifies authentication keys for the servers.

Sample /etc/ha.d/ha.cf

# Time between heartbeats in seconds
keepalive 1
# Node is pronounced dead after 15 seconds
deadtime 15
# Prevents the master node from re-acquiring cluster resources after a failover
nice_failback on
# Device for serial heartbeat
serial /dev/ttyS0
# Speed at which to run the serial line (bps)
baud 19200
# Port for udp (default)
udpport 694
# Use a udp heartbeat over the eth0 interface
udp eth0

debugfile /var/log/ha/ha.debug
logfile /var/log/ha/ha.log

# First node of the cluster (must be uname -a)
node dbserv1
# Second node of the cluster (must be uname -a)
node dbserv2

Sample /etc/ha.d/haresources

dbserv1 Ipaddress::192.168.1.103::eth1

This tells Heartbeat to set up 192.168.1.103 as the virtual IP (VIP). See figure above.

Sample /etc/ha.d/authkeys

auth 1
1 crc
2 sha1 HI!
3 md5 Hello!

This file determines the authentication keys. Must be mode 600. As I assume that our network is relatively secure I configure crc as the authentication method. There is also md5 and sha1 available.

Now start heartbeat on dbserv1 and the on dbserv2, watch the logs, then stop heartbeat on the first node and see what happens on the second node. Start again heartbeat on the first node and stop it on the second and see the logs. If all is okay, you have a 2-node cluster up and running.

What we have

At this point we have a 2-node cluster with certain degree of availability and fault tolerance. Despite this could be a valid solution for non-critical environments, in really critical environments this configuration should be improved.

Advantages

• The cluster is fault tolerant
• The cluster is relatively secure
• There is no single point of failure (comments?)
• Automatic fail over mechanism
• Proven and solid OpenSource software for production environment (my experience)
• Simple and easy to install and configure
• Easy to administer
• Inexpensive

Disadvantages

Our cluster presents almost one serious problem in critical environments (i.e. 99,99% availability). As you know, when the master node fails, the standby node takes over the service and the virtual IP address. In this scenario, when the master comes back online again, it will act as the stand-by node (remember nice_failback on from /etc/ha.d/ha.cf?). As our configuration has not implemented a two-way replication mechanism, the actual master is not generating binary logs and the actual slave is not configured to act as such. There are means to avoid this disadvantage, but this is your homework ;-). Let me know your progress.

As usual, comments are very welcome.

References:

• Mysql
• Heartbeat
• More links

--

Debian: record boot messages

Debian allows you to record boot messages by means of the bootlogd
daemon. According to man pages:

Bootlogd runs in the background and copies all strings sent to the
/dev/console device to a logfile. If the logfile is not accessible,
the messages will be kept in memory until it is.

This feature is not enabled by default. Edit /etc/default/bootlogd and
modify it to enable recording of boot messages:

# Run bootlogd at startup ?
BOOTLOGD_ENABLE=Yes

Now bootlogd will start sending boot messages to /var/log/boot.

--

How to clear your cache on squid

stop squid  --/etc/init.d/squid stop

then chk in the squid.conf file the location of cache_dir, , normally /var/spool/squid where we have swap.state

we need to flush it

# echo "" >  /var/spool/squid/swap.state

restart squid

/etc/init.d/squid start

--

how to block gmail talk without blocking Gmail on port 443

eth2 is the private network

iptables -t nat -A PREROUTING -i eth2 -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP

restart iptables --

(13)Permission denied: access to /index.php denied

[Tue Apr 08 14:36:18 2008] [error] [client 121.xx.xx.xx]
(13)Permission denied: access to /index.php denied
[Tue Apr 08 14:36:25 2008] [error] [client 121.xx.xx.xx]
(13)Permission denied: access to /index.html denied
[Tue Apr 08 14:36:30 2008] [error] [client 121.xx.xx.xx]
(13)Permission denied: access to /index.html denied

this is what i did
your permission should look like this

root@v3 user1]# ll /home/
total 16
drwx------ 2 mysql mysql 4096 2008-04-08 09:53 mysql
drwxr-xr-x 3 user1 ftp 4096 2008-04-08 12:01 user1

[root@v3 user1]# ll
total 8
drw-r--r-- 2 root root 4096 2008-04-08 13:22 www

[root@v3 user1]# ll www/
total 16
-rw-r--r-- 1 root root 44 2008-04-08 13:22 index.html
-rw-r--r-- 1 root root 171 2008-04-08 12:05 info.php

you htconf-vhost shuld look like this :

<VirtualHost *>
DocumentRoot "/home/user1/www"
ServerName v3.managedns.org
<Directory "/home/user1/www">
AllowOverride None
order allow,deny
allow from all
Options +Indexes
</Directory>
</VirtualHost>

tis this does nto work it might be selinux issue !!

do
(It'll tell you if it's enabled and what type of policy
it's using (enforcing or permissive). )

getsebool -a

--

-ERR chdir Maildir failed

If you are getting the following error in maillog
Jan 9 19:17:01 test courierpop3login: chdir Maildir: No such file or directory

or if you are trying to do the following and get the follwing error

test:~# telnet server.sbs.com 110
Trying 192.168.0.244...
Connected to test.sbs.com.sbs.com.
Escape character is '^]'.
+OK Hello there.
user user2@mega.com
+OK Password required.
passwd user2
-ERR Invalid command.
pass user2
-ERR chdir Maildir failed
Connection closed by foreign host.

then 1st tis to chechk is vi /etc/courier/authmysqlrc file
check this option
MYSQL_HOME_FIELD "/var/spool/mail/virtual"

also check this option
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)

or
MYSQL_MAILDIR_FIELD CONCAT(maildir,"/")

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop start

then try to tel net to 110 again

hope this helps !!!

--

how to install Proftpd ( basic setup )

These are installation step to install proftpd ( very basic )

cd /software or /tmp

wget ftp://ftp.ibiblio.org/pub/mirrors/proftpd/distrib/source/proftpd-1.3.1.tar.gz

tar -xzvf proftpd-1.3.1.tar.gz

cd proftpd-1.3.1

./configure --prefix=/usr/local/proftpd

make

make install

the configuration files will be located at /usr/local/etc

cd /usr/local/etc
edit the proftpd.conf ( make the following changes )

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "agnello.manage.org" ---&gt; ( usuall the hostame )
ServerType standalone
DefaultServer on

# Set the user and group under which the server will run.
User proftpd ---&gt; if this user does not exist create the same
Group proftpd

delete this entire &lt;Anonymous&gt; section.

add the following section

##########################
#
# ftp only home directories
#
#########################
&lt;Anonymous /home/test1&gt; --------&gt; ( if this user has not been created create the same , the use should belong to the grp ftp )
User test1
Group ftp
UserAlias anonymous esha
AnonRequirePassword on
&lt;Limit READ WRITE DIRS&gt;
AllowAll
&lt;/Limit&gt;
&lt;/Anonymous&gt;

to star the proftpd daemon run
/usr/local/proftpd/sbin/proftpd

to chk if preocess is running
ps -aux grep proftp

now log on to your web browser ftp://ipaddress/
add user name password

Note : proftpd supports mysql ... and can be administered throught phpmyadmin .... see for future tutorials

and enjoy !!!

--

how to install LAMP ( 29/3/08 )

installation on fedora  or centOS

before installation,  install gcc-c++ gcc ncurses-devel

setenforce 0

1. Installing MySQL 5.x
a) Download the MysQL source files from http://www.mysql.com

wget http://mysql.mirrors.pair.com/Downloads/MySQL-5.0/mysql-5.0.45.tar.gz

b) Extract the source from the gunzipped file using tar or gunzip

c) Create the mysql user and group using the following commands

groupadd mysql

useradd -g mysql -c "MySQL Server" mysql

cd mysql-5.0.45 (enter)

Follow this command by typing;

#./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data --disable-maintainer-mode --with-mysqld-user=mysql

--enable-large-files-without-debug (enter)

Sit back and wait for a while while configure does its thing, once the system returns the prompt to you issue the following command;

#make (enter)

Unless you have a very fast machine this will take some time, so spend time with your family, grab a beer, go for a walk, or whatever you're into. When you

get back, assuming the system has returned the prompt to you issue the following command;

#make install (enter)

Cool !, MySQL is installed, there are only a couple things left to do to get it working, first we need to create a group for MySQL as follows;

a symbolic link to the MySQL source directory in a directory

your choice. (I use /usr/local/). Here is an example of the same

ln -s /usr/local/src/mysql-5.0.45 /usr/local/mysql

e) Change the working directory to the symbolic link that you have

created in the server.

f) Execute the following command

./scripts/mysql_install_db

The above command will install the mysql and the test database

g) Change the ownership of /usr/local/mysql using the following command

chown -R root:mysql /usr/local/mysql

Where root is the user and mysql is the group

h) Change the ownership of /usr/local/mysql/data using the following command

chown -R mysql:mysql /usr/local/mysql/data

i) Copy the default configuration file for the expected size of the

database (small, medium, large, huge)

cp support-files/my-medium.cnf /etc/my.cnf

chown root:sys /etc/my.cnf

chmod 644 /etc/my.cnf

j) Now we have to tell the system where to find some of the dynamic

libraries that MySQL will need to run. We use dynamic libraries

instead of static to keep the memory usage of the MySQL program itself

to a minimum.

echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf

ldconfig

k) Now create a startup script, which enables MySQL auto-start each

time your server is restarted.

cp ./support-files/mysql.server /etc/rc.d/init.d/mysql

chmod +x /etc/rc.d/init.d/mysql

/sbin/chkconfig --level 3 mysql on

l) Then set up symlinks for all the MySQL binaries, so they can be run

from anyplace without having to include/specify long paths, , etc

cd /usr/local/mysql/bin

for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done

m) First, we will assume that only applications on the same server

will be allowed to access the database (i.e., not a program running

on a physically separate server). So we'll tell MySQL not to even

listen on port 3306 for TCP connections l ike it does by default.

Edit /etc/my.cnf and uncomment the

skip-networking

n) Start MySQL

mysqladmin -u root password newpassword

to login

mysql -u root -p  ( enter)  ---> new password

 

2. Installing Apache 2.2.3

2.1 The installation of OpenSSL is pretty simple. We specify the destination folder by --prefix.
cd /usr/local/src/
wget http://www.openssl.org/source/openssl-0.9.8g.tar.gz

cd /usr/local/src/openssl-0.9.8g

./config --prefix=/usr/local/openssl
make
make test
make install
ln -s /usr/local/openssl/bin/openssl /usr/local/bin/openssl

a) Download the Apache 2.2.3 source files from http://httpd.apache.org

b) Extract the source from the gunzipped file using tar or gunzip

c) change the working directory to the directory containing the

extracted source files

d) Run the following command for basic apache installation

./configure --prefix=/usr/local/apache2 --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --enable-shared=max

--enable-module=rewrite --enable-module=so --enable-shared=ssl --enable-ssl --enable-shared=rewrite --with-ssl=/usr/local/src/openssl-0.9.8d

 

make

make install

)open ../conf/httpd.conf using your favorite editor, find AddType

directive and add after it the following lines:

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

g)ln -s /usr/local/apache2/bin/apachectl /usr/bin/httpd

h)restart apache

httpd start

3. Installing PHP 5.2.0

a) Download the PHP 5.2.0 source files from http://www.php.net

b) Extract the source from the gunzipped file using tar or gunzip

c) change the working directory to the directory containing the

extracted source files

d) Run the following command for PHP installation

./configure --prefix=/usr/local/php5 --with-apxs2=/usr/local/apache2/bin/apxs --with-libxml-dir=/usr/local/lib --with-zlib --with-zlib-dir=/usr/local/lib

--with-mysql=/usr/local/mysql --with-mysqli=/usr/bin/mysql_config --with-gd --enable-soap --enable-sockets --with-jpeg-dir=/usr --enable-exif --enable-cli

or ( for basic )

./configure --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql

 if you get the following error "" configure: error: xml2-config not found ""

install

yum install libxml2-devel
yum install libjpeg-devel libpng-devel

e)Build the PHP configuration using the following command

make

f) Install PHP

make install

cp php.ini-dist /usr/local/php5/lib/php.ini

ln -s /usr/local/php5/lib/php.ini /etc/php.ini

to creat a symblolic line to the /etc dir for easy location of httpd.con
ln -s /usr/local/apache2/conf/httpd.conf /etc/httpd.conf

to start httpd fome norma start up script

ln -s /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd

 
--

command to list all the packages in a Red hat distribution

yum list all

--

Understanding Linux configuration files

Introduction

Every Linux program is an executable file holding the list of opcodes the CPU executes to accomplish specific operations. For instance, the ls command is provided by the file /bin/ls, which holds the list of machine instructions needed to display the list of files in the current directory onto the screen. The behaviour of almost every program can be customized to your preferences or needs by modifying its configuration files.

Is there a standard configuration file format in Linux?

In a word, no. Users who are new to Linux (rightly) feel frustrated that each configuration file looks like a new challenge to figure out. In Linux each programmer is free to choose the configuration file format he or she prefers. Format options range from the /etc/shells file, which contains a list of possible shells separated by a newline, to Apache's complex /etc/httpd.conf file.

What are system configuration files?

The kernel itself may be considered a "program." Why does the kernel need configuration files? The kernel needs to know the list of users and groups in the system, and manage file permissions (that is, determine if a file can be opened by a specific user, according to the permissions, UNIX_USERS). Note that these files are not specifically read by programs, but by a function provided by a system library, and used by the kernel. For instance, a program needing the (encrypted) password of a user should not open the /etc/passwd file. Instead, it should call the system library function getpw(). This kind of function is also known as a system call. It is up to the kernel (through the system library) to open the /etc/passwd file and after that, search for the password of the requested user.

Most of the configuration files in the Red Hat Linux system are in the /etc directory unless otherwise specified. The configuration files can be broadly classified into the following categories:

Back to top

Access files

/etc/host.conf	Tells the network domain server how to look up hostnames. (Normally /etc/hosts, then name server; it can be changed through netconf.)
/etc/hosts	Contains a list of known hosts (in the local network). Can be used if the IP of the system is not dynamically generated. For simple hostname resolution (to dotted notation), /etc/hosts.conf normally tells the resolver to look here before asking the network nameserver, DNS or NIS.
/etc/hosts.allow	Man page same as hosts_access. Read by tcpd at least.
/etc/hosts.deny	Man page same as hosts_access. Read by tcpd at least.

Back to top

Booting and login/logout

/etc/issue & /etc/issue.net	These files are read by mingetty (and similar programs) to display a "welcome" string to the user connecting from a terminal (issue) or through a telnet session (issue.net). They include a few lines stating the Red Hat release number, name, and Kernel ID. They are used by rc.local.
/etc/redhat-release	Includes one line stating the Red Hat release number and name. Used by rc.local.
/etc/rc.d/rc	Normally run for all run levels with level passed as argument. For example, to boot your machine in the Graphics mode (X-Server), run the following command from your command line: init 5. The runlevel 5 is starts the system in graphics mode.
/etc/rc.d/rc.local	Not official. May be called from rc, rc.sysinit, or /etc/inittab.
/etc/rc.d/rc.sysinit	Normally the first script run for all run levels.
/etc/rc.d/rc/rcX.d	Scripts run from rc (X stands for any number from 1 to 5). These directories are "run-level" specific directories. When a system starts up, it identifies the run-level to be initiated, and then it calls all the startup scripts present in the specific directory for that run-level. For example, the system usually starts up and the message "entering run-level 3" is shown after the boot messages; this means that all the init scripts in the directory /etc/rc.d/rc3.d/ will be called.

Back to top

File system

The kernel provides an interface to display some of its data structures that can be useful for determining the system parameters like interrupts used, devices initialised, memory statistics, etc. This interface is provided as a separate but dummy filesystem known as the /proc filesystem. Many system utilities use the values present in this filesystemf or displaying the system statistics. For example, the file /proc/modules lists the currently loaded modules in the system. This information is read by the command lsmod, which then displays it in a human readable format. In the same way, the file mtab specified in the following table reads the /proc/mount file, which contains the currently mounted filesystems.

/etc/mtab	This changes continuously as the file /proc/mount changes. In other words, when filesystems are mounted and unmounted, the change is immediately reflected in this file.
/etc/fstab	Lists the filesystems currently "mountable" by the computer. This is important because when the computer boots, it runs the command mount -a, which takes care of mounting every file system marked with a "1" in the next-to-last column of fstab.
/etc/mtools.conf	Configuration for all the operations (mkdir, copy, format, etc.) on a DOS-type filesystem.

Back to top

System administration

/etc/group	Contains the valid group names and the users included in the specified groups. A single user can be present in more than one group if he performs multiple tasks. For example, is a "user" is the administrator as well as a member of the project group "project 1", then his entry in the group file will look like: user: * : group-id : project1
/etc/nologin	If the file /etc/nologin exists, login(1) will allow access only to root. Other users will be shown the contents of this file and their logins refused.
etc/passwd	See "man passwd". Holds some user account info including passwords (when not "shadowed").
/etc/rpmrc	rpm command configuration. All the rpm command line options can be set together in this file so that all of the options apply globally when any rpm command is run on that system.
/etc/securetty	Contains the device names of tty lines (one per line, without leading /dev/) on which root is allowed to login.
/etc/usertty /etc/shadow	Contains the encrypted password information for users' accounts and optionally the password aging information. Included fields are: Login name Encrypted password Days since Jan 1, 1970 that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since Jan 1, 1970 that account is disabled
/etc/shells	Holds the list of possible "shells" available to the system.
/etc/motd	Message Of The Day; used if an administrator wants to convey some message to all the users of a Linux server.

Back to top

Networking

/etc/gated.conf	Configuration for gated. Used only by the gated daemon.
/etc/gated.version	Contains the version number of the gated daemon.
/etc/gateway	Optionally used by the routed daemon.
/etc/networks	Lists names and addresses of networks accessible from the network to which the machine is connected. Used by route command. Allows use of name for network.
/etc/protocols	Lists the currently available protocols. See the NAG (Network Administrators Guide) and man page. C interface is getprotoent. Should never change.
/etc/resolv.conf	Tells the kernel which name server should be queried when a program asks to "resolve" an IP Address.
/etc/rpc	Contains instructions/rules for RPC, which can be used in NFS calls, remote file system mounting, etc.
/etc/exports	The file system to be exported (NFS) and permissions for it.
/etc/services	Translates network service names to port number/protocol. Read by inetd, telnet, tcpdump, and some other programs. There are C access routines.
/etc/inetd.conf	Config file for inetd. See the inetd man page. Holds an entry for each network service for which inetd must control daemons or other servicers. Note that services will be running, but comment them out in /etc/services so they will not be available even if running. Format: <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
/etc/sendmail.cf	The Mail program sendmail's configuration file. Cryptic to understand.
/etc/sysconfig/network	Indicates NETWORKING=yes or no. Read by rc.sysinit at least.
/etc/sysconfig/network-scripts/if*	Red Hat network configuration scripts.

Back to top

System commands

System commands are meant exclusively to control the system, and make everything work properly. All the programs like login (performing the authentication phase of a user on the console) or bash (providing the interaction between a user and the computer) are system commands. The files associated with them are therefore particularly important. This category has the following files of interest to users and administrators.

/etc/lilo.conf	Contains the system's default boot command line parameters and also the different images to boot with. You can see this list by pressing Tab at the LILO prompt.
/etc/logrotate.conf	Maintains the log files present in the /var/log directory.
/etc/identd.conf	Identd is a server that implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. identd operates by looking up specific TCP/IP connections and returning the user name of the process owning the connection. It can optionally return other information instead of a user name. See the identd man page.
/etc/ld.so.conf	Configuration for the Dynamic Linker.
/etc/inittab	This is chronologically the first configuration file in UNIX. The first program launched after a UNIX machine is switched on is init, which knows what to launch, thanks to inittab. It is read by init at run level changes, and controls the startup of the main process.
/etc/termcap	A database containing all of the possible terminal types and their capabilities.

Back to top

Daemons

A daemon is a program running in non-interactive mode. Typically, daemon tasks are related to the networking area: they wait for connections, so that they can provide services through them. Many daemons are available for Linux, ranging from Web servers to ftp servers.

/etc/syslogd.conf	The configuration file for the syslogd daemon. syslogd is the daemon that takes care of logging (writing to disk) messages coming from other programs to the system. This service, in particular, is used by daemons that would not otherwise have any means of signaling the presence of possible problems or sending messages to users.
/etc/httpd.conf	The configuration file for Apache, the Web server. This file is typically not in /etc. It may be in /usr/local/httpd/conf/ or /etc/httpd/conf/, but to make sure, you need to check the particular Apache installation.
/etc/conf.modules or /etc/modules.conf	The configuration file for kerneld. Ironically, it is not the kernel "as a daemon". It is rather a daemon that takes care of loading additional kernel modules "on the fly" when needed.

Back to top

User programs

In Linux (and UNIX in general), there are countless "user" programs. A most common user program config file is /etc/lynx.cfg. This is the configuration file for lynx, the well-known textual browser. Through this file you can define the proxy server, the character set to use, and so on. The following code sample shows a part of the lynx.cfg file that can be modified to change the proxy settings of the Linux system. These settings apply (by default) to all the users running lynx in their respective shells, unless a user overrides the default config file by specifying --cfg = "mylynx.cfg.

Proxy settings in /etc/lynx.cfg

.h1 proxy .h2 HTTP_PROXY .h2 HTTPS_PROXY .h2 FTP_PROXY .h2 GOPHER_PROXY .h2 NEWS_PROXY .h2 NNTP_PROXY # Lynx version 2.2 and beyond supports the use of proxy servers that can act as # firewall gateways and caching servers. They are preferable to the older # gateway servers. Each protocol used by Lynx can be mapped separately using # PROTOCOL_proxy environment variables (see Lynx Users Guide). If you have # not set them externally, you can set them at run time via this configuration file. # They will not override external settings. The no_proxy variable can be used # to inhibit proxying to selected regions of the Web (see below). Note that on # VMS these proxy variables are set as process logicals rather than symbols, to # preserve lowercasing, and will outlive the Lynx image. # .ex 15 http_proxy:http://proxy3.in.ibm.com:80/ ftp_proxy:http://proxy3.in.ibm.com:80/ #http_proxy:http://penguin.in.ibm.com:8080 #ftp_proxy:http://penguin.in.ibm.com:8080/ .h2 NO_PROXY # The no_proxy variable can be a comma-separated list of strings defining # no-proxy zones in the DNS domain name space. If a tail substring of the # domain-path for a host matches one of these strings, transactions with that # node will not be proxied. .ex no_proxy:demiurge.in.ibm.com, demiurge

Back to top

Changing configuration files

When changing a configuration file, make sure that the program using that configuration is restarted if it's not controlled by the system administrator or the kernel. A normal user doesn't usually have privileges to start or stop system programs and/or daemons.

The kernel

Changing configuration files in the kernel immediately affects the system. For example, changing the passwd file to add a user immediately enables that user. Also there are some kernel tunable parameters in the /proc/sys directory on any Linux system. The write-access to all these files is given only to the super-user; other users have only readonly access. The files in this directory are classified in the same manner as the Linux kernel source. Every file in this directory represents a kernel data structure that can be dynamically modified to change the system performance.

Note: Before changing any value in any of these files, make sure you know everything about the file to avoid irreparable damage to the system.
Files in the /proc/sys/kernel/ directory

File name	Description
threads-max	The maximum number of tasks the kernel can run.
ctrl-alt-del	If 1, then pressing this key sequence cleanly reboots the system.
sysrq	If 1, then Alt-SysRq is active.
osrelease	Displays the release of the operating system.
ostype	Displays the type of the operating system.
hostname	The host name of the system.
domainname	Network domain of which the system is a part.
modprobe	Specifies whether modprobe should be automatically run at startup, and load the necessary modules.

Daemons and system programs

A daemon is a program that is always running in background, quietly carrying out its task. Common ones are in.ftpd (ftp server daemon), in.telnetd (telnet server daemon), and syslogd (system logging daemon). Some daemons, while running, keep a close watch on the configuration file and reload it automatically when it changes. But most of the daemons do not reload automatically. We need to "tell" them somehow that the configuration file has changed and that it should be reloaded. This can be achieved (on Red Hat Linux systems) by restarting the services using the service command.

For example, if we have changed the network configuration, we need to issue:
service network restart.

Note: The services are most commonly the scripts present in the /etc/rc.d/init.d/* directory and are started by the init when the system is booted. So, to restart the service you can also do the following:
/etc/rc.d/init.d/<script-for-the-service> start | stop | status
start, stop, and status are the values that these scripts take as input to perform the action.

User programs

A user or system program reads its configuration file every time it is launched. Remember, though, that some system programs are spawned when the computer is turned on, and their behaviour depends on what they read in the configuration files in /etc/. So, the first time a user program is started, the default configuration is read from the files present in the /etc/ directory. Later, the user can customise the programs by using rc and . (dot) files as explained in the next section.

Back to top

User configuration files: . (dot) files and rc files

We have seen how programs can be easily configured. But what if someone does not like the way a program has been configured in /etc/? A "normal" user cannot simply go into /etc and change the configuration files; they are owned -- from the filesystem's point of view -- by root! This is why most user programs define two configuration files: the first one at a "system" level, located in /etc/; and the other one, "private" to the user, that can be found in his or her home directory.

For example, in my system I have installed the very useful wget utility. In /etc/ there is an /etc/wgetrc file. In my home directory, there is a file named .wgetrc, which describes my customised configuration (which will be loaded only when I, the user run the wget command). Other users may also have the .wgetrc file in their home directory (/home/other); this file will be read, of course, only when the user runs the wget command. In other words, the /etc/wgetrc file provides "default" values for wget, while the /home/xxx/.wgetrc file lists the "customisations" for a certain user. It is important to understand that this is the "general rule," and is not necessarily true for all cases. A program like pine, for instance, does not have any files in /etc/, but only the custom configuration in the users' home directory, in a file named .pinerc. Other programs may only have a default configuration file in /etc/, and may not let users "customize" them (it's the case with only a few of the config. files in the /etc dir.).

Commonly used rc and . (dot) files

Filename	Description
~/.bash_login	Look at "man bash". Treated by bash like ~/.bash_profile if that doesn't exist.
~/.bash_logout	Look at "man bash".Sourced by bash login shells at exit.
~/.bash_profile	Sourced by bash login shells after /etc/profile.
~/.bash_history	The list of commands executed previously.
~/.bashrc	Look at "man bash". Sourced by bash non-login interactive shells (no other files are). Non-interactive shells source nothing unless BASH_ENV or ENV are set.
~/.emacs	Read by emacs at startup.
~/.forward	If this contains an e-mail address, then all mail to owner of ~ will be forwarded to that e-mail address.
~/.fvwmrc ~/.fvwm2rc	Config files for fvwm and fvwm2 (the basic X Window manager).
~/.hushlogin	Look at "man login". Causes a "quiet" login (no mail notice, last login info, or MOD).
~/.mail.rc	User init file for mail program.
~/.ncftp/	Directory for ncftp program; contains bookmarks, log, macros, preferences, trace. See man ncftp. The purpose of ncftp is to provide a powerful and flexible interface to the Internet standard File Transfer Protocol. It is intended to replace the stock ftp program that comes with the system.
~/.profile	Look at "man bash". Treated by bash like ~/.bash_profile if that and ~/.bash_login don't exist, and used by other Bourn-heritage shells too.
~/.pinerc	Pine configuration
~/.muttrc	Mutt configuration
~/.exrc	Configuration of vi can be controlled by this file. Example: set ai sm ruler Writing the above line in this file makes vi set the auto-indentation, matching brackets and displaying line number and rows-columns options.
~/.vimrc	Default "Vim" configuration file. Same as .exrc.
~/.gtkrc	GNOME Toolkit.
~/.kderc	KDE configuration.
~/.netrc	Default login names and passwords for ftp.
~/.rhosts	Used by the r-tools: rsh, rlogin, etc. Very weak security since host impersonation is easy. Must be owned by user (owner of ~/) or superuser. Lists hosts from which users may access this account. Ignored if it is a symbolic link.
~/.rpmrc	See "man rpm". Read by rpm if /etc/rpmrc is not present.
~/.signature	Message text that will be appended automatically to the mail sent from this account.
~/.twmrc	Config file for twm (The Window Manager).
~/.xinitrc	Read by X at startup (not by xinit script). Mostly starts some progs. Example: exec /usr/sbin/startkde If the above line is present in this file, then the KDE Window Manager is started in when the startx command is issued from this account.
~/.xmodmaprc	This file is passed to the xmodmap program, and could be named anything (~/.Xmodmap and ~/.keymap.km, for example).
~/.xserverrc	Run by xinit as the X server if it can find X to execute.
~/News/Sent-Message-IDs	Default mail history file for gnus.
~/.Xauthority	Read and written by xdm program to handle authorization. See the X, xdm, and xauth man pages.
~/.Xdefaults, ~/.Xdefaults-hostname	Read by X applications during startup on hostname. If the -hostname file can't be found, .Xdefaults is looked for.
~/.Xmodmap	Points to .xmodmaprc; Red Hat had (has) .xinitrc using this name.
~/.Xresources	Usually the name for the file passed to xrdb to load the X resources database, to avoid the need for applications to read a long .Xdefaults file. (~/.Xres has been used by some.)
~/mbox	User's old mail.

by IBM