Linux Help: "What's Where" in /etc?
by Dave Retz, September 29, 1998

A general listing of the files in various Linux (Unix) directories can be somewhat overwhelming. This is a simple attempt to explain "what's where" on the various files that live in /etc and some other system directories under Linux.

This information is obtained by simply listing the directory in the Slackware or Red Hat distributions of linux, using the ls /etc command. Each item in the table below contains a link to a short description of the program, shell script, or configuration file hidden behind that item.

Below this list of links are a set of titles on various topics, each with a set of pointers to their primary related files. For example, the topic of sendmail might have links to the items named aliases, sendmail.cf, sendmail.cw, virtusertable and possibly others.

This list is (by definition) incomplete, and intended to grow by your suggestions. Please notify us of any requests for corrections, changes, or additions to:   Tip Feedback.

The following are Red Hat Linux /etc files:

Notation: Items marked below with [T] are Text files, [X] are executable program files, [S] are (bash) script files. Otherwise, files are assumed to be binary, or of a data format characteristic of a particular system program.

DIR_COLORS - Specifies the colors (in ANSI format) used when displaying files using the ls command. [T]

HOSTNAME - Specifies the fully-qualified host name of this system. This includes the domain, so is of the form host.domain.com, or host.name1.domain2.com. This is generally setup at system install time. [T]

aliases - contains a list of alias names for mailboxes, either on this system or on other systems. This is used by sendmail to redirect a destination. Most systems have aliases for postmaster, webmaster, etc. Entries are of the form: aliasname: mailbox@domain.com (or simply mailbox, if on the same server). Aliases can also be directed to multiple destination mailboxes, or to an entire distribution list. For a good reference, see Bryan Costales and Eric Allman's "Sendmail" (O'Reilley and Associates), 2nd ed., also known as "The Bat Book", Chapter 24. [T]

aliases.db - Contains the indexed database actually used by the sendmail program. This file is generated by the program newaliases, which builds the index and signals sendmail that there has been an update. If you update aliases, be sure to run newaliases.

bashrc - contains system-wide initial parameter settings for the bash shell. This typically determines the format of the command prompt (e.g., PS1=...), and can be customized at installation time. These settings are of the form: varname=value. [T]

bruhelp - BRU Backup and Restore Utility documentation file. See also information provided by the man page (man bru).[T]

brusmartrest - used by BRU Backup and Restore Utility to avoid over-writing shared library files and possibly crashing the system during a restore.[T]

brutab - BRU Backup and Restore Utility configuration information, contains entries describing various backup devices (e.g., SCSI tapes, 4mm drives etc.) and their default options. [T]

conf.linuxconf - Identifies the type of Linux distribution (i.e., Red Hat. [T]

conf.modules - controls the operation of the depmod and programs that are used for dynamically loading modules. Refer to the man pages on those programs for a description of this file. [T]

crontab - a special system-wide crontab that runs a series of programs at specified times. This has a slightly different format than the per-user crontab, which simply has a list of runtimes and a program to run. See the manpage for crontab (5) using the man 5 crontab command. (This is assumed to be using the Vixie cron program). [T]

csh.cshrc - Contains system-wide default setup parameters for the C shell (similar to bashrc).

default/ - Directory containing default values for various programs, such as useradd.

fstab - Contains the list of configured file systems. This configuration file is setup at system installation time, and identifies the partition name, the "mount point", the file system type, and other information. This table is used at system start-up time to perform a file system check on each file system, and to mount the file system at the specified mount point. See the man page on fstab. [T]

ftpaccess - Contains configuration information for the ftp daemon. This file can be used to specify the name of the message file that is issued when a user connects to a given directory. Also sets limits on unauthorized login attempts and provides other security limitations.[T]

ftpconversions - Specifies conversion options, if enabled in ftpaccess, allowing automatic tar or gzip operations on file before/after transfers.

ftpgroups - Specifies the ability for a user to operate within a specific user group. (i.e., this allows changing of the effective group ID before doing transfers. This file contains a user ID, an encrypted password, and an associated group ID. This requires the setting of the private option in ftpaccess.[T]

ftphosts - Provides the ability to restrict operation of certain user IDs from certain hosts (IP addresses). This is a security feature on a per-user basis, similar to hosts.allow and hosts.deny. Consists of a set of allow or deny statements.[T]

ftpusers - This should really be called "ftp-nonusers", since it identifies the user IDs that can not login. This is primarily used to exclude user IDs such as root, nobody, from using the ftp facility. The entries in this file are each simply a user ID, one per line. [T]

gettydefs - Contains definitions of baud rates (speeds) and initial setup information for starting interactive terminal sessions, particularly on dial-up modem ports. [T]

group - Contains a list of user groups defined on the system. Each group has an associated list of users that are members of that group. The associated group number is the second parameter in each line of the file. This list is used to provide access control to files by group name. See: chmod. [T]

group- - Contains the list of user groups before converting to shadow password options. This is a backup of the group file before conversion. [T]

host.conf - This file is used by the name resolver (DNS system), and tells your server what order to use in searching for a name. The primary function that uses this file is gethostbyname, which is described by the associated man page. The format of the host.conf file is not well documented in man pages, but includes the following options:

• order - Specifies hosts, bind, or nis, specifying the sequence of name resolution. Hosts prioritizes on the entries in your /etc/hosts file.
• alert - (on or off) Checks addresses of remote sites attempting to access your system.
• nospoof - Confirms addresses of remote sites attempting to address your system (making sure that reverse DNS is in effect)
• trim - removes the domain name and allows you to search for only the host name within your own domain.
• multi - (on or off) Allows a host to have several IP addresses.

hosts - Contains a local definition of the hosts table. This operates independently of the DNS tables, and usually is only for the names of local host. Each line contains the IP address followed by a list of names associated with that IP address. [T]
For example:

     192.1.2.3 adam.mydomainname.com adam
     127.0.0.1 localhost

hosts.allow - Provides a list of allowed IP addresses (with optional masks) which are allowed access to this system. This supercedes the ones that are denied in the hosts.deny file, described below. This file is used by the tcpd daemon to control access to various subsystems such as telnet, ftp, and pop3 servers. See the man page for hosts_access (5) via man 5 hosts_access. [T].

hosts.deny - Provides a list of IP addresses to be denied access. Frequently, this can be used to deny access to ALL remote addresses to a specific network service such as telnet, with the exception of those listed in the hosts.allow file described above. This file is used by the inetd system. Further information can be obtained from the hosts_access (5) man page, accessed via man 5 hosts_access. [T]

httpd/ - This directory can contain the top-level web server (e.g., Apache). Many installations, however, install the web server in the path /usr/local/etc/httpd/ instead.

inetd.conf - This configuration file contains the list of daemons for various internet services. This file should be edited to limit access to various server functions (e.g., finger should be disabled, since it's a security hole.). Information on this file can be obtained from the inetd man page.

initrunlvl@ - This is a symbolic link to a file indicating the initial runlevel directory (germane to Red Hat Linux).

inittab - this is the primary control file for starting the system, and it read by the init process. This file tells what to do on entering each "run level". Virtually all start-up logic is controlled by scripts contained in the /etc/rc.d directory described below. See the man page inittab.

issue - this text file is issued to a user when a user connects to the system (prior to login). Note that the system initialization scripts (in rc.d) may over-write this file at system startup. Note that entries in gettydefs may override the issue file on a per-port basis (see man page on getty).

issue.net - similar to issue, but used for initiation of telnet sessions. Both issue and issue.net may take advantage of special prompt characters preceded by @ or \. Information on these special "escape sequences" is contained in the getty man page.

ld.so.cache - This file is a list of run-time libraries that is built at system initialization time by the ldconfig program (unless the cache file is specified otherwise at startup time, it resides here in the /etc directory).

ld.so.conf - This run time loader configuration file contains a list of directories to be searched for run-time libraries (typically one per line). [T].

lilo.conf - This is the Linux Loader (LILO) configuration file. This is created when the system is installed, and tells where the kernel resides, as well as providing options on start-up. See the man page for lilo.conf for further information. [T]

localtime@ - This is a symbolic link to a file describing a particular time zone. This is established when the system is installed, and typically links to a file in /usr/share/zoneinfo (or subdirectory thereof). For example, for Pacific time it points to /usr/share/zoneinfo/US/Pacific. The zoneinfo file contains information on number of hours relative to GMT, as well as information on start/stop rules for Daylight Savings Time.

man.config - This configuration file tells the 'man' command where to search for man pages. The location of this file is dependent on the distribution of Linux (in this case, Red Hat).

mime.types - This file lists the MIME types, followed by the associated file extensions (e.g., .html).

motd - This is the Message Of The Day, and can be edited at will (by someone who has write access to the /etc directory!). It is issued immediately after signon before starting the shell. [T]

named.boot - this is the primary boot file for the DNS system. This contains a list of domain names known by the system, and a pointer to a directory containing their zone files (typically /var/named).

passwd - This is the system-wide user ID and password file, containing all the user name, UID, default GID, actual user name, etc. This is system-readable. In a system that does not implement shadow passwords (the default for RH Linux), this also contains the encrypted password for each user (the second field on a line in the file). Because this file is system-wide readable (and must be for many programs to work correctly), this is vulnerable to "cracking", whereby someone can run a program that tries to determine users' passwords. Consequently, shadow password (if enabled) removes the encrypted password from this file, replacing it with the letter 'x'.[T]

passwd- - When the shadow password facility has been enabled, this is the backup copy of the password file after conversion to shadow passwords.

ppp/ - This directory contains configuration options for dial-up operation using the PPP protocol.

profile - This is the script that gets invoked when starting a shell. This is system-wide, meaning every user account receives the defaults set by this script. (Note that parameter settings are set by /etc/bashrc, described above). This script also invokes scripts contained in the /etc/profile.d/ directory. [S]

profile.d/ - This directory contains a set of scripts that are executed when a shell starts. These are invoked by the profile script described above.

protocols - This file contains the set of protocol numbers used by the DARPA IP protocol suite. Primary of interest: TCP (6) and UDP (17) [T].

rc.d/ - This directory contains scripts invoked by inittab when the system starts up or shuts down.

redhat-release - This is simply the Red Hat release code (Release Identification Number ... e.g., "release 5.1 (Manhattan)". [T]

resolv.conf - This is used by the name resolver (see also host.conf) to specify the address of a DNS. This file also identifies the domain on which this host resides. If this system runs DNS, then it probably has its own DNS address. Note that more than one DNS may be listed. [T]

securetty - This file lists the set of devices which can login as root. If an attempt to login from another device is encountered, the password is simply not recognized. To disable telnet login as root, simply remove all ttyp# entries.

sendmail.cf - This is the primary configuration file for sendmail. This file is typically generated by the m4 macro processor, also some choose to edit it directly. Best reference on the content of this file is "sendmail" by Bryan Costales and Eric Allman (O'Reilley and Associates), a.k.a. "The Bat Book". [T]

sendmail.cw - This contains the list of domain names supported by this mail server. All domains on this system must be listed, or mail will be bounced. Domains are listed one per line. [T]

services - This file contains the set of Internet services and their associated "well-known" socket numbers. This file should not be edited to disable a service; rather, the inetd.conf file should be changed to disable a particular function (e.g., telnetd daemon).

shadow - This is the shadow password file, consisting of a set of user names and their encrypted passwords. Additional information, such as the expiry date and date since password change is also provided. This file should be readable ONLY by root (i.e. rw-------). This file is not used if the shadow suite is not enabled.

shadow- - This is a backup copy of the shadow password file maintained by the useradd function. [T]

shells - This file contains the paths to each of the executable shells in the system.

skel/ - This directory contains the default information to be placed in a new user's directory when the user is created via the useradd function (unless superceded by parameters to that function).

snmpd.agentinfo - Used to contain the number of SNMP agent "boots", maintained by the CMU SNMP system.

snmpd.conf - Configuration information for CMU SNMP system. [T].

sysconfig/ - Directory containing Red Hat Linux configuration scripts. These files may need to be modified at system installation time.

syslog.conf - Provides configuration information on where syslog information is stored (i.e., which directory for various classes of syslog messages. See man pages on syslogd.

termcap - Terminal Capabilities database. This file contains the characteristics of various ASCII terminals that can be used to connect to the Linux server. Commonly used entries are vt100, vt220, etc. This file determines the control characters transmitted to the terminal for various screen control operations.[T].