Difference between revisions of "Sysctl"

Sysctl

Sysctl is a representation of the kernel parameters that are editable at runtime. It consists of two parts - a binary, and a config tree. You can view sysctl fields at any time with:

sysctl -a

And update them live with:

sysctl -w [entry] [setting]

Actually, this is all parallel to the /proc/sys virtual filesystem. You can access the same entries in a more UNIX-y fashion by accessing the files contained within, for example:

net.ipv4.ip_forward

is accessible also as:

/proc/sys/net/ipv4/ip_forward

sysctl.conf

In most distributions sysctl loads, in order,

/etc/sysctl.d/*
/etc/sysctl.conf

So anything in /etc/sysctl.conf overrides /etc/sysctl.d.

On WUR managed servers, Puppet controls /etc/sysctl.conf and only fills it with hard, security-related sysctl entries. it also fills /etc/sysctl.d/00-wur-defaults.conf with some overridable defaults that aren't security related, but make your life easier. As a superuser, you may update the contents of /etc/sysctl.d with more files (starting with numbers greater than 00!) that can override these custom for your server, and they will be used at the next reboot.

Once you've installed them, to reread the config files, simply run:

sysctl --system

One confusing caveat:

"Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored."