Suse Config

of 28/28
Understand SuSEconfig Version 2 Copyright © 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by 3-1 a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license. SECTION 3 Understand SuSEconfig In this section you learn about the SuSEconfig tool and how to use it for system administration and management. Objectives 1. Describe the Files in /etc/sysconfig/ 2. Understand SuSEconfig 3. Check File Permissions with SuSEconfig Introduction A large part of the configuration of SLES 9 is based on the files in the directory /etc/sysconfig/. The configuration tool SuSEconfig maintains configuration setups that depend on several packages. Whenever one or more of these packages are changed, SuSEconfig needs to be run. You can also use the SuSEconfig script to check for specific settings such as file permissions.
  • date post

    07-Mar-2015
  • Category

    Documents

  • view

    110
  • download

    4

Embed Size (px)

Transcript of Suse Config

Understand SuSEconfig

SECTION 3

Understand SuSEconfig

In this section you learn about the SuSEconfig tool and how to use it for system administration and management.

Objectives1. 2. 3.

Describe the Files in /etc/sysconfig/ Understand SuSEconfig Check File Permissions with SuSEconfig

IntroductionA large part of the configuration of SLES 9 is based on the files in the directory /etc/sysconfig/. The configuration tool SuSEconfig maintains configuration setups that depend on several packages. Whenever one or more of these packages are changed, SuSEconfig needs to be run. You can also use the SuSEconfig script to check for specific settings such as file permissions.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-1

Migrating to SUSE LINUX

Objective 1

Describe the Files in /etc/sysconfig/The directory /etc/sysconfig/ is the central place for configuration files for SUSE LINUX. Some of the files in /etc/sysconfig/ are interpreted by start scripts in /etc/init.d/ to configure the services. The files contain general system configuration variables.

Variables for the network configuration are defined in /etc/sysconfig/network/

Variables for the mail configuration are defined in /etc/sysconfig/mail and /etc/sysconfig/postfix

Variables for cron are set in /etc/sysconfig/cron

Variables for Apache are set in /etc/sysconfig/apache (Apache 1.x) and /etc/sysconfig/apache2 (Apache 2.x)

The files contain parameters in the format VARIABLE=value Hash marks (##) are used for comments above each variable. YaST takes these comments to describe the variables in their configuration module. The comments also contain metadata. YaST uses them to display information about the variables in the YaST /etc/sysconfig Editor module.

3-2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

The following is an example of metadata in the file /etc/sysconfig/postfix:## Path: Network/Mail/Postfix ## Description: Basic configuration of the postfix MTA ## Type: string ## Default: "" ## Config: postfix # # Should we use a mailrelay? # NOTE: ALL mail that is not considered to be my destination # (POSTFIX_LOCALDOMAINS), will be sent to this host. # If this host is not your MX, then you have to use [square brackets] # around the hostname, e.g. [relay.digitalairlines.com] # You may also specify an alternate port number, e.g. # relay.digitalairlines.com:26 or [relay.digitalairlines.com]:26 to prevent MX lookups. # POSTFIX_RELAYHOST="" ...

Metadata is defined as follows:

Is part of the variable description. Its lines begin with 2 hash characters (##). It contains pairs: keyword:value

The following are Metadata keywords:

Path. Defines where the variable will be located in the tree widget, valid for all following variables in the file. There are predefined paths into which all sysconfig variables are divided:

Hardware. Hardware-related settings. System. Basic system configuration. Desktop. Desktop settings. Applications. Application settings. Network. Network services.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-3

Migrating to SUSE LINUX

Other. Settings that dont fit into the classes above.

Description. Describes the path that is displayed when the user selects Path in the tree instead of variables. Type. Specifies the data type of value. It is used for checking the value entered. The following table lists supported types and values:

Table 3-1

Type string string(v1,v2,...) list(v1,v2,...) integer integer(min:max)

Valid Values Any value Value from list or any value Only value from list Integer Integer in specified range (one limit can be missing, use e.g. integer(0:) for values >= 0) Only True or False Only Yes or No IPv4 or IPv6 address (such as 10.20.0.1) IPv4 address IPv6 address Only strings that match regular expression re (POSIX Extended Regular Expression), e.g. use regexp(^0[0-7]*$) for octal values

boolean yesno ip

ip4 ip6 regexp(re)

x3-4

If no type value is defined, the default value string will be used.

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Default. The default value, represented by a valid value, which will be set if the user selects Set Default in YaST. ServiceReload/ServiceRestart/Command/Config. Describes what to do when items in this file have been changed in the YaST /etc/sysconfig Editor module:

ServiceReload. Reloads services if they are running. This is equivalent to the command /etc/init.d/service reload

ServiceRestart. Restarts services if they are running. This is equivalent to the command /etc/init.d/service restart

Command. Starts a command in the bash shell. Config. Starts selected SuSEconfig modules.

x

All keywords are optional. For more information about metadata, see /usr/share/doc/packages/yast2-config/metadata.txt.

The files in /etc/sysconfig/ can be edited: Manually with any text editor. With the special YaST editor for /etc/sysconfig/ in the YaST /etc/sysconfig Editor module.

Start the YaST /etc/sysconfig Editor module by selecting yast2 > System > /etc/sysconfig Editor or directly by entering yast2 sysconfig

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-5

Migrating to SUSE LINUX

The following window appears: Figure 3-1

After performing changes with YaST, the script /sbin/SuSEconfig runs. This script updates the system configuration where necessary. If you modify any of the configuration files with an editor, you have to run /sbin/SuSEconfig manually to update your system configuration.

3-6

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Objective 2

Understand SuSEconfigThis objective contains the following:

Describe SuSEconfig Describe SuSEconfig Functions Understand When to Start SuSEconfig Describe the Structure of SuSEconfig Modules in /sbin/conf.d/ Understand the Function check_md5_and_move Used by SuSEconfig Modules Restart Services

Describe SuSEconfigSuSEconfig is a tool for updating the system configuration.

x

SuSEconfig has to be run by the user root.

It is based on shell scripts and consists of

The program /sbin/SuSEconfig. Modules located in the directory /sbin/conf.d/.

Additionally, there is a file /lib/YaST/SuSEconfig.functions that provides functions used by several modules.

Describe SuSEconfig FunctionsSuSEconfig has two tasks:1.

The main function of SuSEconfig is to maintain the system configuration.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-7

Migrating to SUSE LINUX

Parts of the configuration depend on several packages. Whenever one of these packages is changed (installed, updated, or removed), SuSEconfig updates the configuration. For example, the configuration of the X11 fonts must be updated after any package providing fonts is changed.2.

In earlier releases of SUSE LINUX, SuSEconfig was used to update configuration files for services depending on settings in files located in /etc/sysconfig/. For example, most of the commonly used configuration options for the Apache web server could be set in /etc/sysconfig/apache. SuSEconfig would then modify the corresponding options in /etc/httpd/httpd.conf.

This feature will not be included in future releases of SuSEconfig because very few services use it (for example, Postfix).

Understand When to Start SuSEconfigYou have to run SuSEconfig to update the configuration after modifying files in /etc/sysconfig/ manually. Start SuSEconfig by enteringDA3:~ # SuSEconfig

If the changes affect only one service, you can start the needed modules with the option --module. For example:DA3:~ # SuSEconfig --module postfix

3-8

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

x

It is usually difficult to decide which module should be processed, so it is easier to run all SuSEconfig modules after any change in /etc/sysconfig/ or after any package is changed. YaST starts SuSEconfig automatically after performing changes with YaST.

Describe the Structure of SuSEconfig Modules in /sbin/conf.d/SuSEconfig consists of several modules (shell scripts) located in /sbin/conf.d/. Their names begin with SuSEconfig. (such as SuSEconfig.fonts and SuSEconfig.hostname). In the following, the postfix module (/sbin/conf.d/SuSEconfig.postfix) is used as an example. These files

Contain the required configuration files usually sourced from /etc/sysconfig/:

... test -s $r/etc/sysconfig/postfix || { echo "No $r/etc/sysconfig/postfix found." exit 1 } . $r/etc/sysconfig/postfix ...

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-9

Migrating to SUSE LINUX

Load predefined functions, if needed. These are defined in the file /lib/YaST/SuSEconfig.functions. Loading is done like this:

... test -f $r/lib/YaST/SuSEconfig.functions || { echo "ERROR - can not find $r/lib/YaST/SuSEconfig.functions!!" echo "This should not happen. Exit..." exit 1 } . $r/lib/YaST/SuSEconfig.functions ...

Contain code that updates the system configuration:

... if test -z "$r" && test "$POSTFIX_UPDATE_MAPS" == yes ; then test -e /etc/aliases && \ if test /etc/aliases -nt /etc/aliases.db \ -o ! -e /etc/aliases.db ; then echo "Rebuilding /etc/aliases.db." /usr/bin/newaliases fi update_db virtual transport access canonical sender_canonical \ relocated sasl_passwd relay_ccerts chmod 600 /etc/postfix/sasl_passwd.db for i in $(get_alias_maps); do if test $i -nt $i.db -o ! -e $i.db; then echo "Rebuilding $i.db" /usr/sbin/postalias $i fi done /usr/sbin/postfix reload > /dev/null 2>&1 fi ...

3-10

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Understand the Function check_md5_and_move Used by SuSEconfig ModulesThe function check_md5_and_move checks a file and replaces it with a new version, if the original one has not been changed by the user. If a configuration file controlled by SuSEconfig is changed manually, SuSEconfig leaves the manually modified files untouched. This function helps to keep changes made by the user. The function check_md5_and_move does the following:1.

It checks for config_file.SuSEconfig. This file includes the changes suggested by SuSEconfig. It checks MD5 sum of the config_file. This checksums are stored in subdirectories in the directory /var/adm/SuSEconfig/md5/etc/.

2.

3.

It moves the suggested config_file.SuSEconfig to config_file, if the MD5 checksum is the same or is missing. It updates the MD5 checksum. If the checksum of config_file and config_file.SuSEconfig are different, it keeps config_file untouched and prints the message to inform the administrator. The created config_file.SuSEconfig file can be compared with the manually changed configuration file to check which changes SuSEconfig would have made.

4. 5.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-11

Migrating to SUSE LINUX

For example, after a manual change to /etc/postfix/main.cf, the following happens, when SuSEconfig is launched:DA3:~ # SuSEconfig --module postfix Starting SuSEconfig, the SuSE Configuration Tool... Running module postfix only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.postfix... Setting up postfix local as MDA... Setting SPAM protection to "off"... ATTENTION: You have modified /etc/postfix/main.cf. Leaving it untouched... You can find my version in /etc/postfix/main.cf.SuSEconfig... Finished.

Restart ServicesAfter a file in /etc/sysconfig/ has been edited and all affected files have been updated by running SuSEconfig, the involved services must be restarted. For example, for the network configuration, this can be done with the following command:DA3:~ # /etc/init.d/network restart

On SLES 9, you can also enterDA3:~ # rcnetwork restart

x3-12

rcnetwork is a symbolic link to /etc/init.d/network stored in /sbin/.

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Objective 3

Check File Permissions with SuSEconfigIn Linux you have to find a balance between security and ease of use. On SLES 9, this is handled with the SuSEconfig permissions module. To activate the permission check, the variable CHECK_PERMISSIONS in /etc/sysconfig/security has to be set to the value of set (this is the default). If you set this value to warn, SuSEconfig will only issue warnings but will not change any permissions. Each time SuSEconfig runs, the permissions of the following files are checked:

The files listed in the file /etc/permissions The files listed in one or more of the following files:

/etc/permissions.easy /etc/permissions.local /etc/permissions.security /etc/permissions.paranoid

The variable PERMISSION_SECURITY determines which of these files are checked.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-13

Migrating to SUSE LINUX

The variable PERMISSION_SECURITY is set in the file /etc/sysconfig/security:## Path: System/Security/Permissions ## Description: Configuration of permissions on the system ## Type: list(set,warn,no) ## Default: set ## Config: permissions # # SuSEconfig can call chkstat to check permissions and ownerships for # files and directories (using /etc/permissions). # Setting to "set" will correct it, "warn" produces warnings, if # something strange is found. Disable this feature with "no". # CHECK_PERMISSIONS="set" ## Type: string ## Default: "easy local" # # SuSE Linux contains two different configurations for # chkstat. The differences can be found in /etc/permissions.secure # and /etc/permissions.easy. If you create your own configuration # (e.g. permissions.foo), you can enter the extension here as well. # # (easy/secure local foo whateveryouwant). # PERMISSION_SECURITY="easy local" ...

If the variable contains easy local, the following files are checked:

/etc/permissions.easy /etc/permissions.local

If the variable contains secure, the following file is checked:

/etc/permissions.secure

If the variable contains paranoid, the following file is checked:

/etc/permissions.paranoid

3-14

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Additionally, the directory /etc/permissions.d/ can contain permission files for specific packages. The Postfix package is an example. A short description of the general permission files is given below:

/etc/permissions. Used by SuSEconfig to check or set the modes and ownerships of files and directories common for all installations. /etc/permissions.local. Holds local additions made by the system administrator to reflect file permissions and ownerships of locally installed packages (usually in /opt/local/ or /usr/local/). This file will not be changed during an upgrade of the SLES 9 installation.

/etc/permissions.easy. Used in a standalone and single-user installation to make things work out-of-the box. Some of the settings might be somewhat relaxed from the security standpoint. These settings are handled differently in the file /etc/permissions.secure.

/etc/permissions.secure. Used in a multiuser and networked installation. Most privileged file modes are disabled here. Programs that still have their SUID or SGID modes are always a security risk. Those that remain SUID or SGID with /etc/permission.secure are considered necessary for normal system operation.

/etc/permissions.paranoid. This should not be used on a system where normal users are expected to work on. Derived from /etc/permissions.secure, it has all SGID and SUID bits cleared; therefore, the system might be unusable for non-privileged users except for simple tasks. In addition, many configuration files are not readable for other users than root.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-15

Migrating to SUSE LINUX

SuSEconfig uses the program /usr/bin/chkstat to check the access mode and the user and group memberships. For example, the command chkstat -set /etc/permissions will parse the file /etc/permissions and set the access mode and the user and group memberships for each file listed. The format for the input file is filename owner:group mode For example: /etc/passwd root:root 644

x

Wildcards are not supported for the file path.

3-16

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

The YaST Security module can be used to configure which /etc/permissions.* file is used by SuSEconfig; as shown in the following: Figure 3-2

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-17

Migrating to SUSE LINUX

Exercise 3-1

Use the YaST /etc/sysconfig Editor Module To use the YaST /etc/sysconfig Editor module, complete the following:1.

Ensure that you are logged into the servers GUI as geeko with a password of Nov3ll. Launch a terminal window by selecting the respective icon. In the terminal window, enter less /etc/sysconfig/cron

2. 3.

4.

Record the value of the variable MAX_DAYS_IN_TMP:

5. 6.

Quit less by pressing q. Launch YaST from the main menu by selecting System > Configuration > YaST Control Center. Enter the root password novell in the authentication window. On the left, select System. On the right, select /etc/sysconfig Editor. options.

7. 8. 9.

10. Browse through the tree on the left side to view the available 11. On the left, open the System entry. 12. Within System, open the Cron entry. 13. Within Cron, select MAX_DAYS_IN_TMP. 14. Change the value to 180. 15. Select Finish. 16. Accept the modified variables by selecting OK. 17. In the terminal window, repeat the command

3-18

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

less /etc/sysconfig/cron by pressing Up-Arrow and Enter. Notice the change to the MAX_DAYS_IN_TMP variable.

x

The advantage of the YaST module is the tree structure. The tree lets you find the variables easily without having to bother with the filename and see where these variables are defined. Apart from that, changing the values within the files using an editor has the same effect.18. Close YaST and your terminal session.(End of Exercise)

Exercise 3-2

Use SuSEconfig to Check and Set File Permissions To use SuSEconfig to check and set file permissions, complete the following:1.

Ensure you are logged in to your servers GUI as geeko with a password of N0v3ll. Launch a terminal window: a. b. c. Press Alt + F2. Enter konsole. Select Run.

2.

3. 4. 5.

In the terminal, get root privileges by entering sux -. Enter the root password novell at the prompt. To edit the file /etc/permissions.local, enter vi /etc/permissions.local

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-19

Migrating to SUSE LINUX

6.

Add the following line to the end of the file: /etc/hosts root:root 0644

7. 8.

Save the file and exit vi by entering :wq. Run SuSEconfig to check file permissions by entering SuSEconfig --module permissions You will see a result similar to this:

Starting SuSEconfig, the SuSE Configuration Tool... Running module permissions only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.permissions... Checking permissions and ownerships - using the permissions files /etc/permissions.d/apache2 /etc/permissions.d/cups-client /etc/permissions.d/kdebase3 /etc/permissions.d/kdelibs3 /etc/permissions.d/mailman .... Finished.

9.

Change the file permissions on /etc/hosts to simulate a misconfiguration by entering chmod g+w /etc/hosts

10. Run SuSEconfig again to check permissions by entering

SuSEconfig --module permissions

3-20

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

You will see a result similar to the following:Starting SuSEconfig, the SuSE Configuration Tool... Running module permissions only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.permissions... Checking permissions and ownerships - using the permissions files /etc/permissions.d/apache2 /etc/permissions.d/cups-client /etc/permissions.d/kdebase3 /etc/permissions.d/kdelibs3 /etc/permissions.d/mailman .... setting /etc/hosts to root:root 0644. (wrong permissions 0664) Finished.

11. Check that the permissions have been corrected by entering

ls -l /etc/hosts12. Simulate a misconfiguration to the hosts file permissions by

entering chmod g+w /etc/hosts13. Check and reset the permissions by entering chkstat --set

/etc/permissions.local. You will see a result similar to the following:Checking permissions and ownerships - using the permissions files /etc/permissions.local setting /etc/hosts to root:root 0644. (wrong permissions 0664)

14. Check that the permissions have been reset again to the

configured value by entering ls -l /etc/hosts The result will look like the following:-rw-r--r-- 1 root root 687 Jun 18 08:42 /etc/hosts

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-21

Migrating to SUSE LINUX

15. Leave the session with root privileges by entering exit. 16. Close your terminal window.(End of Exercise)

3-22

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

SummaryObjective1. Describe the Files in/etc/sysconfig/

Summary /etc/sysconfig/ is the central place for configuration files. The configuration files contain general system configuration variables in the format VARIABLE=value The comments above each variable contain metadata in the format: ## keyword:value YaST takes the metadata to display information on the variables in the YaST /etc/sysconfig Editor module.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-23

Migrating to SUSE LINUX

Objective1. Describe the Files in/etc/sysconfig/ (continued)

Summary Metadata keywords are:

Path. Predefined paths are

Hardware System Desktop Applications Network Other

Description Type Default Service Reload/Service Restart/Command/Config

The files in /etc/sysconfig/ can be edited

Manually with an editor. With the YaST /etc/sysconfig Editor module.

Start this YaST module by selecting yast2 > System > /etc/sysconfig Editor or by entering yast2 sysconfig After performing changes with YaST, the script /sbin/SuSEconfig runs automatically. After performing changes with an editor, you have to run /sbin/SuSEconfig manually.

3-24

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Objective2. Understand SuSEconfig

Summary SuSEconfig

Is a tool for updating the system configuration. Is based on shell scripts. Consists of

/sbin/SuSEconfig. Modules in /sbin/conf.d/.

/lib/YaST/SuSEconfig.functions provides functions used by modules. SuSEconfig has two functions:

Maintaining the system configuration depending on changes in different packages Generating configuration files from settings in files located in /etc/sysconfig/ (only used by a few services).

SuSEconfig has to be started manually, when files in /etc/sysconfig/ have been modified using an editor. Start SuSEconfig by entering SuSEconfig Start a selected SuSEconfig module by entering SuSEconfig --module module

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-25

Migrating to SUSE LINUX

Objective2. Understand SuSEconfig(continued)

Summary The files in /sbin/conf.d/ are shell scripts. Their name begins with SuSEconfig. The files

Contain required configuration files, usually sourced from /etc/sysconfig/. Load predefined functions, defined in /lib/YaST/SuSEconfig.functions. Contain code that updates the system configuration.

check_md5_and_move checks a configuration file and replaces it with a new version. If the user has changed a file manually, SuSEconfig leaves the file untouched and creates a file, that can be compared with the manually changed file. After editing a file in /etc/sysconfig/ and updating all affected files by running SuSEconfig, the involved services must be restarted by entering /etc/init.d/service restart or rcservice restart

3-26

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2

Understand SuSEconfig

Objective3. Check File Permissions withSuSEconfig

Summary SuSEconfig checks the permissions of

Files listed in /etc/permissions One or more of the following files (depending on the variable PERMISSION_SECURITY in /etc/sysconfig/security):

/etc/permissions.local /etc/permissions.easy /etc/permissions.secure /etc/permissions.paranoid

SuSEconfig uses /usr/bin/chkstat to check the access mode and user and group membership. YaST Security module can be used to configure which /etc/permissions.* file is used by SuSEconfig.

Version 2

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

3-27

Migrating to SUSE LINUX

3-28

Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.

Version 2