RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302), Fourth Edition [Electronic resources] نسخه متنی

Certification Objective 5.01: Shell Configuration Files

All system-wide shell configuration files are kept in the /etc directory. These files are bashrc, profile, and the scripts in the /etc/profile.d directory. These files and scripts are supplemented by hidden files in each user's home directory, as described in Chapter 4. Let's take a look at these files.

/etc/bashrc

The /etc/bashrc file is used for aliases and functions, on a system-wide basis. Open this file in the text editor of your choice. Read each line in this file. Even if you don't understand the programming commands, you can see that this file sets the following bash shell parameters for each user. For example:

It assigns a value of umask, which creates the default permissions for newly created files. It supports one set of permissions for root and system users (with user IDs below 100), and another for regular users.

It assigns a prompt, which is what you see just before the cursor at the command prompt.

The settings here are called by the .bashrc file in each user's home directory. The settings are supplemented by the .bash_history and .bash_logout files in each user's home directory.

/etc/profile

The /etc/profile file is used for system-wide environments and startup files. The following is the profile script from my copy of the RHEL 3 operating system. The first part of the file sets the PATH for searching for commands. Then it sets the PATH, USER, LOGNAME, MAIL, HOSTNAME, HISTSIZE, and INPUTRC variables, and finally it runs the scripts in the /etc/profile.d directory. You can check the current value of any of these variables with the echo $variable command.

# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
pathmunge () {
if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
fi
}

# Path manipulation
if [ `id -u` = 0 ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
fi
pathmunge /usr/X11R6/bin after
unset pathmunge
# No core files by default
ulimit -S -c 0 > /dev/null 2>&1
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
HOSTNAME=`/bin/hostname`
HISTSIZE=1000
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then
INPUTRC=/etc/inputrc
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC
for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
. $i
fi
done
unset i

/etc/profile.d/

Actually, /etc/profile.d is not a script, but a directory of scripts. As I just noted, /etc/profile runs the scripts in this directory. Here is a partial listing of the files, which apply to the default bash shell:

-rwxr-xr-x   1 root    root       724 Aug 12 11:34 colorls.sh
-rwxr-xr-x   1 root    root       190 Sep  8 11:32 glib2.sh
-rwxr-xr-x   1 root    root        70 Sep 17 12:13 gnome-ssh-askpass.sh
-rwxr-xr-x   1 root    root       210 Sep 23 15:42 krb5.sh
-rwxr-xr-x   1 root    root        53 Mar 26  2003 lam.sh
-rwxr-xr-x   1 root    root      2595 Sep 26 00:39 lang.sh
-rwxr-xr-x   1 root    root       435 Sep  1 10:32 less.sh
-rwxr-xr-x   1 root    root        70 May  1  2003 pvm.sh
-rwxr-xr-x   1 root    root       181 Sep  1 11:01 vim.sh
-rwxr-xr-x   1 root    root       170 Jul 17 15:09 which-2.sh

By looking at the /etc/profile script, you can see that any script in this directory that ends with an 'sh' and is set as an executable will be run when /etc/profile is executed.

Exercise 5-1: Securing Your System

We want to keep our system as secure as possible. One approach is to change the default permissions users have for new files and directories they make. We'll set all new files and directories to No Access to group or other members.

Back up your current /etc/bashrc file. If you want to cancel any changes that you make during this exercise, restore from the backup after the final step.

Edit the /etc/bashrc file. Two lines in the file set the umask. One of the two lines is selected depending on the if statement above them. See if you can determine which line gets executed for an average (non-root) user.

The if statement tests to see if the user ID (uid) and group ID (gid) are the same, and that the uid is greater than 99. If this is true, then the first umask is executed; otherwise, the second is executed. The second umask is for root and other key system accounts. The first is for users.

Change the first umask statement to exclude all permissions for groups and others. Use umask 077 to do the job.

Save and exit the file.

Log in as a nonprivileged user. Use the touch command to make a new empty file. Use ls -l to verify the permissions on that file.

Log in as root. Again, use the touch command to make a new empty file and use ls -l to verify the permissions on that new file.

You have just changed the default umask for all shell users. If you backed up your /etc/bashrc in step 1, you can now restore the original version of this file.

User Shell Configuration Files

As described in Chapter 4, each user gets a copy of the hidden files from the /etc/skel directory. As your users start working with their accounts, more configuration files are added to their home directories. Some are based on shells such as bash (.bash*); others draw their settings from the GUI desktops that you use, typically GNOME and KDE. I'll describe the GUIs in more detail in Chapter 6.

The default Linux shell is bash. However, if you or your users work with other shells, you'll find configuration files associated with those shells hidden in each user's home directory.