Important Files and Directories


This section details the most common files used to administer the system. Also refer to "Important Standard Directories and Files" on page 176.

~/.bash_profile


Contains an individual user's login shell initialization script. The shell executes the commands in this file in the same environment as the shell each time a user logs in. The file must be located in a user's home directory.

The default Red Hat .bash_profile file executes the commands in ~/.bashrc. You can use .bash_profile to specify a terminal type (for vi, terminal emulators, and other programs), run stty to establish the terminal characteristics, set up aliases, and perform other housekeeping functions when a user logs in.

A simple .bash_profile file specifying a vt100 terminal and CONTROL-H as the erase key follows:

$ cat .bash_profile export TERM=vt100 stty erase '^h'


~/.bashrc


Contains an individual user's interactive, nonlogin shell initialization script. The shell executes the commands in this file in the same environment as the (new) shell each time a user creates a new interactive shell. The .bashrc script differs from .bash_profile in that it is executed each time a new shell is spawned, not just when a user logs in. The default Red Hat .bash_profile file executes the commands in ~/.bashrc so that these commands are executed when a user logs in. For more information refer to "Startup Files" on page 267.

/dev/null


Also called a bit bucket, output sent to this file disappears. The /dev/null file is a device file and must be created with mknod. Input that you redirect to come from this file appears as nulls, creating an empty file. You can create an empty file named nothing by giving the following command:

$ cat /dev/null > nothing


or

$ cp /dev/null nothing


or, without explicitly using /dev/null,

$ > nothing


This last command redirects the output of a null command to the file with the same result as the previous commands. You can use any of these commands to truncate an existing file to zero length without changing its permissions. You can also use /dev/null to get rid of output that you do not want:

$ grep portable * 2>/dev/null


This command looks for the string portable in all files in the working directory. Any output to standard error (page 270), such as permission or directory errors, is discarded, while output to standard output appears on the screen.

/dev/pts


The /dev/pts pseudofilesystem is a hook into the Linux kernel; it is part of the pseudoterminal support. Pseudoterminals are used by remote login programs, such as ssh and telnet, and xterm as well as by other graphical terminal emulators. The following sequence of commands demonstrates that the user is logged in on /dev/pts/1. After using who am i to verify the line the user is logged in on and using ls to show that this line exists, the user redirects the output of an echo command to /dev/pts/1, whereupon the output appears on the user's screen:

$ who am i alex     pts/1    2006-02-16 12:30 (bravo.example.com) $ ls /dev/pts 0  1  2  3  4 $ echo Hi there > /dev/pts/1 Hi there


/dev/random and /dev/urandom


These files are interfaces to the kernel's random number generator. You can use either one with dd to create a file filled with pseudorandom bytes.

$ dd if=/dev/urandom of=randfile2 bs=1 count=100 100+0 records in 100+0 records out 100 bytes (100 B) copied, 0.001241 seconds, 80.6 kB/s


The preceding command reads from /dev/urandom and writes to the file named randfile. The block size is 1 and the count is 100 so randfile is 100 bytes long. For bytes that are more random, you can read from /dev/random. See the urandom and random man pages for more information.

Optional

Wiping a file


You can use a similar technique to wipe data from a file before deleting it, making it almost impossible to recover data from the deleted file. You might want to wipe a file for security reasons.

In the following example, ls shows the size of the file named secret. With a block size of 1 and a count corresponding to the number of bytes in secret, dd wipes the file. The conv=notrunc argument ensures that dd writes over the data in the file and not another place on the disk.

$ ls -l secret rwrwr 1 sam sam 3496 Jan 25 21:48 secret $ dd if=/dev/urandom of=secret bs=1 count=3496 conv=notrunc 3496+0 records in 3496+0 records out 3496 bytes (3.5 kB) copied, 0.029557 seconds, 118 kB/s $ rm secret


For added security, run sync to flush the disk buffers after running dd, and repeat the two commands several times before deleting the file.


/dev/zero


Input you take from this file contains an infinite string of zeros (numerical zeros, not ASCII zeros). You can fill a file (such as a swap file, page 458) or overwrite a file with zeros with a command such as the following:

$ dd if=/dev/zero of=zeros bs=1024 count=10 10+0 records in 10+0 records out 10240 bytes (10 kB) copied, 0.000195 seconds, 52.5 MB/s $ od c zeros 0000000  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0 * 0024000


The od utility shows the contents of the new file.

When you try to do with /dev/zero what you can do with /dev/null, you fill the partition you are working in:

$ cp /dev/zero bigzero cp: writing 'bigzero': No space left on device $ rm bigzero


/etc/aliases


Used by the mail delivery system (typically sendmail) to hold aliases for users. Edit this file to suit local needs. For more information refer to "/etc/aliases" on page 633.

/etc/at.allow, /etc/at.deny, /etc/cron.allow, and /etc/cron.deny


By default, users can use the at and crontab utilities. The at.allow file lists the users who are allowed to use at. The cron.allow file works in the same manner for crontab. The at.deny and cron.deny files specify users who are not permitted to use the corresponding utilities. As Red Hat Linux is configured, an empty at.deny file and the absence of an at.allow file allows anyone to use at; the absence of cron.allow and cron.deny files allows anyone to use crontab. To prevent anyone except Superuser from using at, remove the at.allow and at.deny files. To prevent anyone except Superuser from using crontab, create a cron.allow file with the single entry root. For more info on crontab, refer to "Scheduling Tasks" on page 547.

/etc/dumpdates


Contains information about the last execution of dump. For each filesystem, it stores the time of the last dump at a given dump level. The dump utility uses this information to determine which files to back up when executing at a particular dump level. Refer to "Backing Up Files" on page 540 and the dump man page for more information. Following is a sample /etc/dumpdates file from a system with four filesystems and a backup schedule that uses three dump levels:

/dev/hda1                5 Thu Apr 20 03:53:55 2006 /dev/hda8                2 Sun Apr 16 08:25:24 2006 /dev/hda9                2 Sun Apr 16 08:57:32 2006 /dev/hda10               2 Sun Apr 16 08:58:06 2006 /dev/hda1                2 Sun Apr 16 09:02:27 2006 /dev/hda1                0 Sun Mar 19 22:08:35 2006 /dev/hda8                0 Sun Mar 19 22:33:40 2006 /dev/hda9                0 Sun Mar 19 22:35:22 2006 /dev/hda10               0 Sun Mar 19 22:43:45 2006


The first column contains the device name of the dumped filesystem. The second column contains the dump level and the date of the dump.

/etc/fstab


filesystem (mount) table Contains a list of all mountable devices as specified by the system administrator. Programs do not write to this file but only read from it. Refer to "fstab: Keeps Track of Filesystems" on page 469.

/etc/group


Groups allow users to share files or programs without giving all system users access to those files or programs. This scheme is useful when several users are working with files that are not public. The /etc/group file associates one or more user names with each group (number). Refer to "ACLs: Access Control Lists" on page 185 for another way to control file access.

An entry in the /etc/group file has four fields arranged in the following format:


group-name:password:group-ID:login-name-list

The group-name is the name of the group. The password is an optional encrypted password. This field frequently contains an x, indicating that group passwords are not used. The group-ID is a number, with 1499 reserved for system accounts. The login-name-list is a comma-separated list of users who belong to the group. If an entry is too long to fit on one line, end the line with a backslash (\), which quotes the following RETURN, and continue the entry on the next line. A sample entry from a group file follows. The group is named pubs, has no password, and has a group ID of 503:

pubs:x:503:alex,jenny,scott,hls,barbara


You can use the groups utility to display the groups that a user belongs to:

$ groups alex alex : alex pubs


Each user has a primary group, which is the group that user is assigned in the /etc/passwd file. By default, Red Hat Linux has user private groups: Each user's primary group has the same name as the user. In addition, a user can belong to other groups, depending on which login-name-lists the user appears on in the /etc/group file. In effect, you simultaneously belong both to your primary group and to any groups you are assigned to in /etc/group. When you attempt to access a file you do not own, the operating system checks whether you are a member of the group that has access to the file. If you are, you are subject to the group access permissions for the file. If you are not a member of the group that has access to the file and you do not own the file, you are subject to the public access permissions for the file.

When you create a new file, it is assigned to the group associated with the directory the file is being written into, assuming that you belong to that group. If you do not belong to the group that has access to the directory, the file is assigned to your primary group.

Refer to page 539 for information on using system-config-users to work with groups.

/etc/hosts


The /etc/hosts file stores the name, IP address, and optional aliases of the other systems that the local system knows about. At the very least, this file must have the hostname and IP address that you have chosen for the local system and a special entry for localhost. This entry supports the loopback service, which allows the local system to talk to itself (for example, for RPC services). The IP address of the loopback service is always 127.0.0.1. Following is a simple /etc/hosts file for the system named rose with an IP address of 192.168.0.10:

$ cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1       rose localhost.localdomain localhost 192.168.0.1     bravo.example.com       bravo 192.168.0.4     mp3server 192.168.0.5     workstation 192.168.0.10    rose ...


If you are not using NIS or DNS to look up hostnames (called hostname resolution), you must include in /etc/hosts all systems that you want the local system to be able to contact. The hosts entry in the /etc/nsswitch.conf file (page 435) controls the order in which hostname resolution services are checked.

/etc/inittab


initialization table Controls how the init process behaves. Each line in inittab contains four colon-separated fields:


id:runlevel:action:process

The id uniquely identifies an entry in the inittab file. The runlevel is the system runlevel(s) at which process is executed. The runlevel consists of zero or more characters chosen from 0123456S. If more than one runlevel is listed, the associated process is executed at each of the specified runlevels. When you do not specify a runlevel, init executes process at all runlevels. When the system changes runlevels, the processes specified by all entries in inittab that do not include the new runlevel are sent the SIGTERM signal to allow them to terminate gracefully. After 5 seconds, these processes are killed with SIGKILL if they are still running. The process is any bash command line.

The action is one of the following keywords: respawn, wait, once, boot, bootwait, ondemand, powerfail, powerwait, powerokwait, powerfailnow, ctrlaltdel, kbrequest, off, ondemand, initdefault, or sysinit. This keyword controls how the process is treated when it is executed. The most commonly used keywords are wait and respawn.

The wait keyword instructs init to start the process and wait for it to terminate. All subsequent scans of inittab ignore this wait entry. Because a wait entry is started only once (on entering runlevel) and is not executed again while the system remains at runlevel, it is often used to redirect init output to the console.

The respawn entry tells init to start the process if it does not exist but not to wait for it to terminate. If the process does exist, init moves on to the next entry in inittab. The init utility continues to rescan inittab, looking for processes that have died. When a process dies, a respawn entry causes init to restart it.

The initdefault entry tells init which runlevel to bring the system to when it boots (see Table 11-1 on page 404). Without this information, init prompts for a runlevel on the system console. The value of the initdefault entry is set when you configure the system or when you edit inittab directly. By default, Red Hat Linux sets initdefault to 5, which causes the system to come up in graphical multiuser mode.

Caution: Use caution when you edit inittab

Be careful when you edit inittab manually. Always make a backup copy in the same directory before you edit this file. If you make a mistake, you may not be able to boot the system. If you cannot boot the system, refer to "Rescue Mode" on page 397.


Each virtual console (page 113) has in inittab a mingetty entry that includes a unique terminal identifier (such as tty1, which is short for /dev/tty1). You can add or remove mingetty lines to add or remove virtual consoles. Remember to leave a virtual console for each X window that you want to run. Following is the mingetty entry for /dev/tty2:

2:2345:respawn:/sbin/mingetty tty2


The id on a mingetty line corresponds to the tty number.

All of the actions are documented in the inittab man page. For more information refer to "Booting the System" on page 403.

/etc/motd


Contains the message of the day, which can be displayed each time someone logs in using a textual login. This file typically contains site policy and legal information. Keep this file short because users tend to see the message many times.

/etc/mtab


When you call mount without any arguments, it consults this file and displays a list of mounted devices. Each time you (or an init script) call mount or umount, these utilities make the necessary changes to mtab. Although this is an ASCII text file, you should not edit it. See also /etc/fstab.

Tip: Fixing mtab

The operating system maintains its own internal mount table in /proc/mounts. You can use cat to display the contents of /proc/mounts so that you can review the internal mount table. Sometimes the list of files in /etc/mtab may not be synchronized with the partitions in this table. To bring the mtab file in line with the operating system's mount table, you can either reboot the system or replace /etc/mtab with a symbolic link to /proc/mounts (some information may be lost).

# rm /etc/mtab # ln -s /proc/mounts /etc/mtab



/etc/netgroup


Defines netgroups, which are used for checking permissions when performing remote logins and remote mounts and when starting remote shells.

/etc/nsswitch.conf


Specifies whether a system uses as the source of certain information NIS, DNS, local files, or a combination, and in what order it consults these services (page 435).

/etc/pam.d


Files in this directory specify the authentication methods used by PAM (page 438) applications.

Caution: Be cautious when changing PAM files

Unless you understand how to configure PAM, avoid changing the files in /etc/pam.d. Mistakes in the configuration of PAM can make the system unusable.


/etc/passwd


Describes users to the system. Do not edit this file directly; instead, use one of the utilities discussed in "Configuring User and Group Accounts" on page 538. Each line in passwd has seven colon-separated fields that describe one user:


login-name:dummy-password:user-ID:group-ID:info:directory:program

The login-name is the user's usernamethe name you enter in response to the login: prompt or GUI login screen. The value of the dummy-password is the character x. An encrypted/hashed password is stored in /etc/shadow (page 456). For security reasons, every account should have a password. By convention, disabled accounts have an asterisk (*) in this field.

The user-ID is a number, with 0 indicating Superuser and 1499 being reserved for system accounts. The group-ID identifies the user as a member of a group. It is a number, with 0499 being reserved for system accounts; see /etc/group. You can change these values and set maximum values in /etc/login.defs.

The info is information that various programs, such as accounting programs and email, use to identify the user further. Normally it contains at least the first and last names of the user. It is referred to as the GECOS (page 1033) field.

The directory is the absolute pathname of the user's home directory. The program is the program that runs once the user logs in. If program is not present, a value of /bin/bash is assumed. You can put /bin/tcsh here to log in using the TC Shell or /bin/zsh to log in using the Z Shell, assuming the shell you specify is installed. The chsh utility (page 418) changes this value.

The program is usually a shell, but it can be any program. The following line in the passwd file creates a "user" whose only purpose is to execute the who utility:

who:x:1000:1000:execute who:/usr:/usr/bin/who


Using who as a username causes the system to log you in, execute the who utility, and log you out. The output of who flashes by in a hurry because the new login prompt clears the screen immediately after who finishes running. This entry in the passwd file does not provide a shell, so you cannot stay logged in after who finishes executing.

This technique is useful for providing special accounts that may do only one thing. For instance, sites may create an FTP (page 601) account to enable anonymous FTP access to their systems. Because no one logs in on this account, the shell is set to /bin/false (which returns a false exit status) or to /sbin/nologin (which does not permit the user to log in). When you put a message in /etc/nologin.txt, nologin displays that message (except it has the same problem as the output of who: It is removed so quickly that you cannot see it).

Security: Do not replace a login shell with a shell script

Do not use shell scripts as replacements for shells in /etc/passwd. A user may be able to interrupt a shell script, giving him or her full shell access when you did not intend to do so. When installing a dummy shell, use a compiled program, not a shell script.


/etc/printcap


The printer capability database. This file describes system printers and is derived from 4.3BSD UNIX.

/etc/profile


Contains a systemwide interactive shell initialization script for environment and start-up programs. When you log in, the shell immediately executes the commands in this file in the same environment as the shell. (For more information on executing a shell script in this manner, refer to the discussion of the. [dot] command on page 269.) This file allows the system administrator to establish systemwide environment parameters that individual users can override. For example, you can set shell variables, execute utilities, set up aliases, and take care of other housekeeping tasks. See also ~/.bash_profile on page 448.

Following is an example of a /etc/profile file that displays the message of the day (the /etc/ motd file), sets the file-creation mask (umask, page 420), and sets the interrupt character to CONTROL-C:

# cat /etc/profile cat /etc/motd umask 022 stty intr '^c'


See the /etc/profile file on the local system for a more complex example.

/etc/protocols


Provides protocol numbers, aliases, and brief definitions for DARPA Internet TCP/IP protocols. Do not modify this file.

/etc/rc.d


Holds the system init scripts, also called run command (rc) scripts. The init program executes several init scripts each time the system changes state or runlevel. For more information refer to "Init Scripts: Start and Stop System Services" on page 404.

/etc/resolv.conf


The resolver (page 722) configuration file, used to provide access to DNS.

The following example shows the resolv.conf file for the example.com domain. A resolv.conf file usually has at least two linesa domain line and a nameserver line:

# cat /etc/resolv.conf domain example.com nameserver 10.0.0.50 nameserver 10.0.0.51


The first line (optional) specifies the domain name. A resolv.conf file may use search in place of domain: In the simple case, the two perform the same function. In either case, this domain name is appended to all hostnames that are not fully qualified. See FQDN on page 1032.

The domain keyword takes a single domain name as an argument: This name is appended to all DNS queries, shortening the time needed to query local hosts. When you put domain example.com in resolv.conf, any reference to a host within the example.com domain or a subdomain (such as marketing.example.com) can use the abbreviated form of the host. For example, instead of issuing the command ping speedy.marketing.example.com, you can use ping speedy.marketing.

This search keyword is similar to domain but can contain up to six domain names. The domains are searched in order in the process of resolving a hostname. The following line in resolv.conf causes the marketing subdomain to be searched first, followed by sales, and finally the entire example.com domain:

search marketing.example.com sales.example.com example.com


It is a good idea to put the most frequently used domain names first to try to outguess possible conflicts. If both speedy.marketing.example.com and speedy.example.com exist, the order of the search determines which one is selected when you invoke DNS. Do not overuse this feature. The longer the search path, the more network DNS requests generated, and the slower the response. Three or four names are typically sufficient.

The nameserver line(s) indicate which systems the local system should query to resolve hostnames to IP addresses, and vice versa. These machines are consulted in the order they appear with a 10-second timeout between queries. The preceding file causes this machine to query 10.0.0.50, followed by 10.0.0.51 when the first machine does not answer within 10 seconds. The resolv.conf file may be automatically updated when a PPP- (Point-to-Point Protocol) or DHCP- (Dynamic Host Configuration Protocol) controlled interface is activated. Refer to the resolv.conf and resolver man pages for more information.

/etc/rpc


Maps RPC services to RPC numbers. The three columns in this file show the name of the server for the RPC program, the RPC program number, and any aliases.

/etc/services


Lists system services. The three columns in this file show the informal name of the service, the port number/protocol the service frequently uses, and any aliases for the service. This file does not specify which services are running on the local system, nor does it map services to port numbers. The services file is used internally to map port numbers to services for display purposes.

/etc/shadow


Contains encrypted or MD5 (page 1042) hashed user passwords. Each entry occupies one line composed of nine fields, separated by colons:


login-name:password:last-mod:min:max:warn:inactive:expire:flag

The login-name is the user's usernamethe name that the user enters in response to the login: prompt or GUI login screen. The password is an encrypted or hashed password that passwd puts into this file. When setting up new user accounts manually, run passwd as Superuser to assign a password to a new user.

The last-mod field indicates when the password was last modified. The min is the minimum number of days that must elapse before the password can be changed; the max is the maximum number of days before the password must be changed. The warn specifies how much advance warning (in days) to give the user before the password expires. The account will be closed if the number of days between login sessions exceeds the number of days specified in the inactive field. The account will also be closed as of the date in the expire field. The last field in an entry, flag, is reserved for future use. You can use the Password Info tab in system-config-users ("Modifying a user" on page 538) to modify these fields.

The shadow password file should be owned by root and should not be publicly readable or writable. Setting ownership and permissions this way makes it more difficult for someone to break into the system by identifying accounts without passwords or by using specialized programs that try to match hashed passwords.

A number of conventions exist for creating special shadow entries. An entry of *LK* or NP in the password field indicates locked or no password, respectively. No password is different from an empty password, implying that this is an administrative account that no one ever logs in on directly. Occasionally programs will run with the privileges of this account for system maintenance functions. These accounts are set up under the principle of least privilege (page 392).

Entries in the shadow file must appear in the same order as in the passwd file. There must be exactly one shadow entry for each passwd entry.

/etc/sysconfig


A directory containing a hierarchy of system configuration files. For more information refer to the /usr/share/doc/initscripts*/sysconfig.txt file.

/proc


The /proc pseudofilesystem provides a window into the Linux kernel. Through /proc you can obtain information on any process running on your computer, including its current state, memory usage, CPU usage, terminal, parent, and group. You can extract information directly from the files in /proc. An example follows:

$ sleep 1000 & [1] 4567 $ cd /proc/4567 $ ls -l total 0 dr-xr-xr-x 2 sam sam 0 Jan 25 21:57 attr -r-------- 1 sam sam 0 Jan 25 21:57 auxv -r--r--r-- 1 sam sam 0 Jan 25 21:57 cmdline lrwxrwxrwx 1 sam sam 0 Jan 25 21:57 cwd -> /home/sam -r-------- 1 sam sam 0 Jan 25 21:57 environ lrwxrwxrwx 1 sam sam 0 Jan 25 21:57 exe -> /bin/sleep dr-x------ 2 sam sam 0 Jan 25 21:57 fd ... -r--r--r-- 1 sam sam 0 Jan 25 21:57 status dr-xr-xr-x 3 sam sam 0 Jan 25 21:57 task -r--r--r-- 1 sam sam 0 Jan 25 21:57 wchan $  cat status Name:   sleep State:  S (sleeping) SleepAVG:        78% Tgid:    4567 Pid:     4567 PPid:    4548 TracerPid:      0 Uid:    500     500     500      500 Gid:    500     500     500      500 FDSize: 256 Groups: 500 VmPeak:      3584 kB VmSize:      3584 kB ...


In this example, bash creates a background process (PID 4567) for sleep. Next the user changes directories to the directory in /proc that has the same name as the PID of the subject background process (cd /proc/4567). This directory holds information about the process for which it is named. In this case, it holds information about the sleep process. The ls l command shows that some entries in this directory are links (cwd is a link to the directory the process was started from, and exe is a link to the executable file that this process is running) and some appear to be ordinary files. All appear to be empty. When you cat one of these pseudofiles (status in the example), you get the output shown. Obviously this is not an ordinary file.

/sbin/shutdown


A utility that brings the system down (see page 412).

swap


Even though swap is not a file, swap space can be added and deleted from the system dynamically. Swap space is used by the virtual memory subsystem. When it runs low on real memory (RAM), the system writes memory pages from RAM to the swap space on the disk. Which pages are written and when they are written are controlled by finely tuned algorithms in the Linux kernel. When needed by running programs, these pages are brought back into RAMa technique is called paging (page 1047). When a system is running very short on memory, an entire process may be paged out to disk.

Running an application that requires a large amount of virtual memory may result in the need for additional swap space. If you run out of swap space, you can use mkswap to create a new swap file and swapon to enable it. Normally you use a disk partition as swap space, but you can also use a file. A disk partition provides much better performance than a file.

If you are using a file as swap space, first use df to ensure that the partition has adequate space for the file. In the following sequence of commands, the administrator first uses dd and /dev/zero (page 450) to create an empty file (do not use cp as you may create a file with holes, which may not work) in the working directory. Next mkswap takes as an argument the name of the file created in the first step to set up the swap space. For security reasons, change the file so that it cannot be read from or written to by anyone but root. Use swapon with the same argument to turn the swap file on; then use swapon s to confirm that the swap space is available. The final two commands turn off the swap file and remove it:

# dd if=/dev/zero of=swapfile bs=1024 count=65536 65536+0 records in 65536+0 records out 67108864 bytes (67 MB) copied, 0.684039 seconds, 98.1 MB/s # mkswap swapfile Setting up swapspace version 1, size = 67104 kB # chmod 600 swapfile #  swapon swapfile # swapon -s Filename                                Type            Size    Used Priority /dev/hda5                               partition       1020088 0        -1 /root/swapfile                          file            65528   0        -2 # swapoff swapfile # rm swapfile rm: remove regular file 'swapfile'? y


/sys


The /sys pseudofilesystem was added in the Linux 2.6 kernel to make it easy for programs running in kernelspace, such as device drivers, to exchange information with programs running in userspace. Refer to udev on page 461.

/usr/share/magic


Most files begin with a unique identifier called a magic number. This file is a text database listing all known magic numbers on the system. When you use the file utility, it consults /usr/share/magic to determine the type of a file. Occasionally you may acquire a new tool that creates a new type of file that is unrecognized by the file utility. In this situation you need to update the /usr/share/magic file; refer to the magic man page for details. See also "magic number" on page 1042.

/var/log


Holds system log files.

/var/log/messages


Contains messages from daemons, the Linux kernel, and security programs. For example, you will find filesystem full warning messages, error messages from system daemons (NFS, syslog, printer daemons), SCSI and IDE disk error messages, and more in messages. Check /var/log/messages periodically to keep informed about important system events. Much of the information displayed on the system console is also sent to messages. If the system experiences a problem and you cannot access the console, check this file for messages about the problem.

/var/log/secure


Holds messages from security-related programs such as su and the sshd daemon.




A Practical Guide to Red Hat Linux
A Practical Guide to Red HatВ® LinuxВ®: Fedoraв„ў Core and Red Hat Enterprise Linux (3rd Edition)
ISBN: 0132280272
EAN: 2147483647
Year: 2006
Pages: 383

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net