FENIX_main/notes/config file formats

at.allow/at.deny: line by line list of user names
=================================================
user1
user2
user3

fstab
=====
# comment
# device  mount-point fs-type options dump  pass
LABEL=/<tab>/<tab>fxfs<tab>defaults<tab>1<tab>1
UUID=[uuid]<tab>none<tab>swap<tab>defaults<tab>0<tab>0
-----
device is a name, label, or UUID for a block device
mount-point is the folder to mount it in (for swap, it's none)
fs-type is the filesystem type
options is the options for mounting
dump is how often it's backed up by dump (0 is never)
pass is the order for checking by fsck (0 don't, 1 immediately, 2 after boot)
-----
FS options
auto/noauto - automatically mount on boot or only explicitly
dev/nodev - behaviour of interpretation of block special devices
exec/noexec - can binaries be executed
rw/ro - read/write or read-only
sync/async - synchronous/asynchronous IO (are writes done when commands issued?)
suid/nosuid - operation of the suid and sgid bits
user/users/nouser - anyone can mount, group users can mount, root can mount
  user implicitly implies noexec, nosuid, nodev
defaults - default set (i.e. rw, suid, dev, exec, auto, nouser, async)
check=[none, normal, strict] - fsck checking level (ext/probably fxfs)
check=[r, n, s] - policy for allowed filenames (vfat)
  r - relaxed, n - normal, s - strict
windows_names - only allow windows characters in names? (vfat/ntfs)
uid=n, gid=n - set uid and gid for files on system (vfat/ntfs)
umask/dmask/fmask=nnn - masking of fs nodes (vfat/ntfs)
  umask - user file creation, dmask - directory, fmask - files

gettydefs
=========

group
=====
group1::24:user1,user2
-----
Simple format. name:password:gid:members

host.conf
=========
# order can be any or all of bind (name server), hosts (hosts file), or nis
# this determines the order in which these are tried
order bind hosts nis
# multi can be on or off and determines if a host can have multiple IPs in hosts
multi on
# check if an IP is associated with a hostname given. can be on or off
nospoof on
# spoof attempts (above) log message to the syslog facitilty. on or off.
alert off
# domain name to remove from hostnames before lookup
# for example, aegis.example.com would become aegis with this setting.
trim example.com

hosts
=====
# IP_address  hostname1 hostname2
127.0.0.1<tab>localhost<space>loopback
::1<tab>localhost

hosts.allow/deny
================
ALL: ALL
ALL: ALL EXCEPT 192.168.0.125
ALL: 192.168.1.0/24
ALL: LOCAL
ALL: .example.com
ALL: .example.com EXCEPT testing.example.com
sshd: LOCAL
sshd, in.ftpd: LOCAL
in.ftpd: KNOWN
----------------
There's more than this, but this is a good start to talk about. It's
service: host. ALL matches everything, either all services or all hosts.
You can use EXCEPT to add an exception. You can use subnet masks like good
old 192.168.0.0/16. You could also use LOCAL for all on the local subnet.
You can also specify domain names, including as exceptions. You can specify
specific daemons, like sshd here. You can also do multiple for one rule. If you
prefix in., it's specifically for incoming traffic. Finally, there's the
wildcards KNOWN, UNKNOWN, and PARANOID, which are for known hostnames, unknown
hostnames, and hostnames that are spoofed. There's also apparently command
expansiona and all that, but we'll cross that bridge when we get to it.

hosts.lpd
=========
+
hostname
-hostname
+@netgroup
-@netgroup
---------
+ alone means any host on the network. hostname is a remote host allowed to
print on the local system. Add a - to forbid that. @netgroup is an NIS netgroup.
- works the same for these.

inittab
=======
id:2:initdefault:echo "Runlevel 2"
-------
Pretty simple. id is a unique identifier. Two characters, it seems. Next is
the runlevel. Multiple can be specified (i.e. 234). Action is how the process
is to be run. Options include respawn (restart the process if existing, do not
start if not started), wait (start the process, wait for it to stop), once
(start process, do not restart on termination), boot (only start on boot),
bootwait (like wait, but only on boot), powerfail (only on SIGPWR), powerwait
(like wait, but only on SIGPWR), off (if started, send SIGTERM, wait 5 seconds,
then kill the process with SIGKILL), initdefault (used to determine default
runlevel), sysinit (executed before attempts to access console, processes are
executed and waited for termination of).

issue
=====
We'll need something good to go here. I'll work it out later.

ld.so.conf
==========
/usr/include
/home/user1/builds/include
----------
Just a list of directories. Simple enough.

motd
====
We may or may not do this, since we'll have an issue file.

mtab
====
/dev/sda1 / fxfs rw,exec,suid,dev,async,nouser 0 0
/dev/sdb1 /mnt ext4 rw,nosuid,nodev,user=user1 0 0
----
It's fstab but only the currently mounted filesystems. Simple enough.

passwd
======
user1:x:1001:24:GECOS field:/home/user1:/bin/sh
------
username:password:uid:gid:gecos field:home directory:login shell
Password is stored in /etc/shadow. x is a placeholder for that.
gid is the primary group for the user. Files created by this user have this gid.

printcap
========
lw|LaserWriter:lw=/dev/ttya:br#9600:ms=-parity,onlcr,ixon,decctlq:\
sd=/var/spool/lw:lf=/var/spool/lp-log:mx#0
--------
There's a lot to dissect here, and it's probably best to save that dissection
for a proper man page. Long story short, it's a series of options separated by
colons. The first option is name and aliases. Everythings else is options that
we'll need to specify in the man page. It's kinda like the termcap database,
though. So, yeah.

profile
=======
It seems to be a shell script, basically. Fun.

protocols
=========
ip<tab>0<tab>IP # internet protocol
---------
It's basically official-name protocol-number alias. We'll need to find these.

securetty
=========
/dev/tty0
---------
A list of ttys from which root can login.

services
========
ssh 22 SSH
--------
Like protocols, but it's port instead of protocol.

shadow
======
user1:$id$salt$hash:7:7:21:14
------
username:crypt(3) output:days since pw change:til change allowed:\
til change required:til expiration warning
For crypt(3) output, $id is the algorithm used, $salt is the salt used, $hash
is the outputted hash.

shells
======
/bin/sh
------
Pathnames of shells. Simple enough.
Initial commit 2021-01-31 20:08:26 +00:00			`at.allow/at.deny: line by line list of user names`
			`=================================================`
			`user1`
			`user2`
			`user3`

			`fstab`
			`=====`
			`# comment`
			`# device mount-point fs-type options dump pass`
			`LABEL=/<tab>/<tab>fxfs<tab>defaults<tab>1<tab>1`
			`UUID=[uuid]<tab>none<tab>swap<tab>defaults<tab>0<tab>0`
			`-----`
			`device is a name, label, or UUID for a block device`
			`mount-point is the folder to mount it in (for swap, it's none)`
			`fs-type is the filesystem type`
			`options is the options for mounting`
			`dump is how often it's backed up by dump (0 is never)`
			`pass is the order for checking by fsck (0 don't, 1 immediately, 2 after boot)`
			`-----`
			`FS options`
			`auto/noauto - automatically mount on boot or only explicitly`
			`dev/nodev - behaviour of interpretation of block special devices`
			`exec/noexec - can binaries be executed`
			`rw/ro - read/write or read-only`
			`sync/async - synchronous/asynchronous IO (are writes done when commands issued?)`
			`suid/nosuid - operation of the suid and sgid bits`
			`user/users/nouser - anyone can mount, group users can mount, root can mount`
			`user implicitly implies noexec, nosuid, nodev`
			`defaults - default set (i.e. rw, suid, dev, exec, auto, nouser, async)`
			`check=[none, normal, strict] - fsck checking level (ext/probably fxfs)`
			`check=[r, n, s] - policy for allowed filenames (vfat)`
			`r - relaxed, n - normal, s - strict`
			`windows_names - only allow windows characters in names? (vfat/ntfs)`
			`uid=n, gid=n - set uid and gid for files on system (vfat/ntfs)`
			`umask/dmask/fmask=nnn - masking of fs nodes (vfat/ntfs)`
			`umask - user file creation, dmask - directory, fmask - files`

			`gettydefs`
			`=========`

			`group`
			`=====`
			`group1::24:user1,user2`
			`-----`
			`Simple format. name:password:gid:members`

			`host.conf`
			`=========`
			`# order can be any or all of bind (name server), hosts (hosts file), or nis`
			`# this determines the order in which these are tried`
			`order bind hosts nis`
			`# multi can be on or off and determines if a host can have multiple IPs in hosts`
			`multi on`
			`# check if an IP is associated with a hostname given. can be on or off`
			`nospoof on`
			`# spoof attempts (above) log message to the syslog facitilty. on or off.`
			`alert off`
			`# domain name to remove from hostnames before lookup`
			`# for example, aegis.example.com would become aegis with this setting.`
			`trim example.com`

			`hosts`
			`=====`
			`# IP_address hostname1 hostname2`
			`127.0.0.1<tab>localhost<space>loopback`
			`::1<tab>localhost`

			`hosts.allow/deny`
			`================`
			`ALL: ALL`
			`ALL: ALL EXCEPT 192.168.0.125`
			`ALL: 192.168.1.0/24`
			`ALL: LOCAL`
			`ALL: .example.com`
			`ALL: .example.com EXCEPT testing.example.com`
			`sshd: LOCAL`
			`sshd, in.ftpd: LOCAL`
			`in.ftpd: KNOWN`
			`----------------`
			`There's more than this, but this is a good start to talk about. It's`
			`service: host. ALL matches everything, either all services or all hosts.`
			`You can use EXCEPT to add an exception. You can use subnet masks like good`
			`old 192.168.0.0/16. You could also use LOCAL for all on the local subnet.`
			`You can also specify domain names, including as exceptions. You can specify`
			`specific daemons, like sshd here. You can also do multiple for one rule. If you`
			`prefix in., it's specifically for incoming traffic. Finally, there's the`
			`wildcards KNOWN, UNKNOWN, and PARANOID, which are for known hostnames, unknown`
			`hostnames, and hostnames that are spoofed. There's also apparently command`
			`expansiona and all that, but we'll cross that bridge when we get to it.`

			`hosts.lpd`
			`=========`
			`+`
			`hostname`
			`-hostname`
			`+@netgroup`
			`-@netgroup`
			`---------`
			`+ alone means any host on the network. hostname is a remote host allowed to`
			`print on the local system. Add a - to forbid that. @netgroup is an NIS netgroup.`
			`- works the same for these.`

			`inittab`
			`=======`
			`id:2:initdefault:echo "Runlevel 2"`
			`-------`
			`Pretty simple. id is a unique identifier. Two characters, it seems. Next is`
			`the runlevel. Multiple can be specified (i.e. 234). Action is how the process`
			`is to be run. Options include respawn (restart the process if existing, do not`
			`start if not started), wait (start the process, wait for it to stop), once`
			`(start process, do not restart on termination), boot (only start on boot),`
			`bootwait (like wait, but only on boot), powerfail (only on SIGPWR), powerwait`
			`(like wait, but only on SIGPWR), off (if started, send SIGTERM, wait 5 seconds,`
			`then kill the process with SIGKILL), initdefault (used to determine default`
			`runlevel), sysinit (executed before attempts to access console, processes are`
			`executed and waited for termination of).`

			`issue`
			`=====`
			`We'll need something good to go here. I'll work it out later.`

			`ld.so.conf`
			`==========`
			`/usr/include`
			`/home/user1/builds/include`
			`----------`
			`Just a list of directories. Simple enough.`

			`motd`
			`====`
			`We may or may not do this, since we'll have an issue file.`

			`mtab`
			`====`
			`/dev/sda1 / fxfs rw,exec,suid,dev,async,nouser 0 0`
			`/dev/sdb1 /mnt ext4 rw,nosuid,nodev,user=user1 0 0`
			`----`
			`It's fstab but only the currently mounted filesystems. Simple enough.`

			`passwd`
			`======`
			`user1:x:1001:24:GECOS field:/home/user1:/bin/sh`
			`------`
			`username:password:uid:gid:gecos field:home directory:login shell`
			`Password is stored in /etc/shadow. x is a placeholder for that.`
			`gid is the primary group for the user. Files created by this user have this gid.`

			`printcap`
			`========`
			`lw\|LaserWriter:lw=/dev/ttya:br#9600:ms=-parity,onlcr,ixon,decctlq:\`
			`sd=/var/spool/lw:lf=/var/spool/lp-log:mx#0`
			`--------`
			`There's a lot to dissect here, and it's probably best to save that dissection`
			`for a proper man page. Long story short, it's a series of options separated by`
			`colons. The first option is name and aliases. Everythings else is options that`
			`we'll need to specify in the man page. It's kinda like the termcap database,`
			`though. So, yeah.`

			`profile`
			`=======`
			`It seems to be a shell script, basically. Fun.`

			`protocols`
			`=========`
			`ip<tab>0<tab>IP # internet protocol`
			`---------`
			`It's basically official-name protocol-number alias. We'll need to find these.`

			`securetty`
			`=========`
			`/dev/tty0`
			`---------`
			`A list of ttys from which root can login.`

			`services`
			`========`
			`ssh 22 SSH`
			`--------`
			`Like protocols, but it's port instead of protocol.`

			`shadow`
			`======`
			`user1:$id$salt$hash:7:7:21:14`
			`------`
			`username:crypt(3) output:days since pw change:til change allowed:\`
			`til change required:til expiration warning`
			`For crypt(3) output, $id is the algorithm used, $salt is the salt used, $hash`
			`is the outputted hash.`

			`shells`
			`======`
			`/bin/sh`
			`------`
			`Pathnames of shells. Simple enough.`