Initial commit
This commit is contained in:
Gitea
commit
b686116502
33 changed files with 2722 additions and 0 deletions
195
notes/config file formats
Normal file
195
notes/config file formats
Normal file
|
|
@ -0,0 +1,195 @@
|
|||
at.allow/at.deny: line by line list of user names
|
||||
=================================================
|
||||
user1
|
||||
user2
|
||||
user3
|
||||
|
||||
fstab
|
||||
=====
|
||||
# comment
|
||||
# device mount-point fs-type options dump pass
|
||||
LABEL=/<tab>/<tab>fxfs<tab>defaults<tab>1<tab>1
|
||||
UUID=[uuid]<tab>none<tab>swap<tab>defaults<tab>0<tab>0
|
||||
-----
|
||||
device is a name, label, or UUID for a block device
|
||||
mount-point is the folder to mount it in (for swap, it's none)
|
||||
fs-type is the filesystem type
|
||||
options is the options for mounting
|
||||
dump is how often it's backed up by dump (0 is never)
|
||||
pass is the order for checking by fsck (0 don't, 1 immediately, 2 after boot)
|
||||
-----
|
||||
FS options
|
||||
auto/noauto - automatically mount on boot or only explicitly
|
||||
dev/nodev - behaviour of interpretation of block special devices
|
||||
exec/noexec - can binaries be executed
|
||||
rw/ro - read/write or read-only
|
||||
sync/async - synchronous/asynchronous IO (are writes done when commands issued?)
|
||||
suid/nosuid - operation of the suid and sgid bits
|
||||
user/users/nouser - anyone can mount, group users can mount, root can mount
|
||||
user implicitly implies noexec, nosuid, nodev
|
||||
defaults - default set (i.e. rw, suid, dev, exec, auto, nouser, async)
|
||||
check=[none, normal, strict] - fsck checking level (ext/probably fxfs)
|
||||
check=[r, n, s] - policy for allowed filenames (vfat)
|
||||
r - relaxed, n - normal, s - strict
|
||||
windows_names - only allow windows characters in names? (vfat/ntfs)
|
||||
uid=n, gid=n - set uid and gid for files on system (vfat/ntfs)
|
||||
umask/dmask/fmask=nnn - masking of fs nodes (vfat/ntfs)
|
||||
umask - user file creation, dmask - directory, fmask - files
|
||||
|
||||
gettydefs
|
||||
=========
|
||||
|
||||
group
|
||||
=====
|
||||
group1::24:user1,user2
|
||||
-----
|
||||
Simple format. name:password:gid:members
|
||||
|
||||
host.conf
|
||||
=========
|
||||
# order can be any or all of bind (name server), hosts (hosts file), or nis
|
||||
# this determines the order in which these are tried
|
||||
order bind hosts nis
|
||||
# multi can be on or off and determines if a host can have multiple IPs in hosts
|
||||
multi on
|
||||
# check if an IP is associated with a hostname given. can be on or off
|
||||
nospoof on
|
||||
# spoof attempts (above) log message to the syslog facitilty. on or off.
|
||||
alert off
|
||||
# domain name to remove from hostnames before lookup
|
||||
# for example, aegis.example.com would become aegis with this setting.
|
||||
trim example.com
|
||||
|
||||
hosts
|
||||
=====
|
||||
# IP_address hostname1 hostname2
|
||||
127.0.0.1<tab>localhost<space>loopback
|
||||
::1<tab>localhost
|
||||
|
||||
hosts.allow/deny
|
||||
================
|
||||
ALL: ALL
|
||||
ALL: ALL EXCEPT 192.168.0.125
|
||||
ALL: 192.168.1.0/24
|
||||
ALL: LOCAL
|
||||
ALL: .example.com
|
||||
ALL: .example.com EXCEPT testing.example.com
|
||||
sshd: LOCAL
|
||||
sshd, in.ftpd: LOCAL
|
||||
in.ftpd: KNOWN
|
||||
----------------
|
||||
There's more than this, but this is a good start to talk about. It's
|
||||
service: host. ALL matches everything, either all services or all hosts.
|
||||
You can use EXCEPT to add an exception. You can use subnet masks like good
|
||||
old 192.168.0.0/16. You could also use LOCAL for all on the local subnet.
|
||||
You can also specify domain names, including as exceptions. You can specify
|
||||
specific daemons, like sshd here. You can also do multiple for one rule. If you
|
||||
prefix in., it's specifically for incoming traffic. Finally, there's the
|
||||
wildcards KNOWN, UNKNOWN, and PARANOID, which are for known hostnames, unknown
|
||||
hostnames, and hostnames that are spoofed. There's also apparently command
|
||||
expansiona and all that, but we'll cross that bridge when we get to it.
|
||||
|
||||
hosts.lpd
|
||||
=========
|
||||
+
|
||||
hostname
|
||||
-hostname
|
||||
+@netgroup
|
||||
-@netgroup
|
||||
---------
|
||||
+ alone means any host on the network. hostname is a remote host allowed to
|
||||
print on the local system. Add a - to forbid that. @netgroup is an NIS netgroup.
|
||||
- works the same for these.
|
||||
|
||||
inittab
|
||||
=======
|
||||
id:2:initdefault:echo "Runlevel 2"
|
||||
-------
|
||||
Pretty simple. id is a unique identifier. Two characters, it seems. Next is
|
||||
the runlevel. Multiple can be specified (i.e. 234). Action is how the process
|
||||
is to be run. Options include respawn (restart the process if existing, do not
|
||||
start if not started), wait (start the process, wait for it to stop), once
|
||||
(start process, do not restart on termination), boot (only start on boot),
|
||||
bootwait (like wait, but only on boot), powerfail (only on SIGPWR), powerwait
|
||||
(like wait, but only on SIGPWR), off (if started, send SIGTERM, wait 5 seconds,
|
||||
then kill the process with SIGKILL), initdefault (used to determine default
|
||||
runlevel), sysinit (executed before attempts to access console, processes are
|
||||
executed and waited for termination of).
|
||||
|
||||
issue
|
||||
=====
|
||||
We'll need something good to go here. I'll work it out later.
|
||||
|
||||
ld.so.conf
|
||||
==========
|
||||
/usr/include
|
||||
/home/user1/builds/include
|
||||
----------
|
||||
Just a list of directories. Simple enough.
|
||||
|
||||
motd
|
||||
====
|
||||
We may or may not do this, since we'll have an issue file.
|
||||
|
||||
mtab
|
||||
====
|
||||
/dev/sda1 / fxfs rw,exec,suid,dev,async,nouser 0 0
|
||||
/dev/sdb1 /mnt ext4 rw,nosuid,nodev,user=user1 0 0
|
||||
----
|
||||
It's fstab but only the currently mounted filesystems. Simple enough.
|
||||
|
||||
passwd
|
||||
======
|
||||
user1:x:1001:24:GECOS field:/home/user1:/bin/sh
|
||||
------
|
||||
username:password:uid:gid:gecos field:home directory:login shell
|
||||
Password is stored in /etc/shadow. x is a placeholder for that.
|
||||
gid is the primary group for the user. Files created by this user have this gid.
|
||||
|
||||
printcap
|
||||
========
|
||||
lw|LaserWriter:lw=/dev/ttya:br#9600:ms=-parity,onlcr,ixon,decctlq:\
|
||||
sd=/var/spool/lw:lf=/var/spool/lp-log:mx#0
|
||||
--------
|
||||
There's a lot to dissect here, and it's probably best to save that dissection
|
||||
for a proper man page. Long story short, it's a series of options separated by
|
||||
colons. The first option is name and aliases. Everythings else is options that
|
||||
we'll need to specify in the man page. It's kinda like the termcap database,
|
||||
though. So, yeah.
|
||||
|
||||
profile
|
||||
=======
|
||||
It seems to be a shell script, basically. Fun.
|
||||
|
||||
protocols
|
||||
=========
|
||||
ip<tab>0<tab>IP # internet protocol
|
||||
---------
|
||||
It's basically official-name protocol-number alias. We'll need to find these.
|
||||
|
||||
securetty
|
||||
=========
|
||||
/dev/tty0
|
||||
---------
|
||||
A list of ttys from which root can login.
|
||||
|
||||
services
|
||||
========
|
||||
ssh 22 SSH
|
||||
--------
|
||||
Like protocols, but it's port instead of protocol.
|
||||
|
||||
shadow
|
||||
======
|
||||
user1:$id$salt$hash:7:7:21:14
|
||||
------
|
||||
username:crypt(3) output:days since pw change:til change allowed:\
|
||||
til change required:til expiration warning
|
||||
For crypt(3) output, $id is the algorithm used, $salt is the salt used, $hash
|
||||
is the outputted hash.
|
||||
|
||||
shells
|
||||
======
|
||||
/bin/sh
|
||||
------
|
||||
Pathnames of shells. Simple enough.
|
||||
Loading…
Add table
Add a link
Reference in a new issue