Sysctl Parameters – How to Customize Sysctl Parameters by User

kernelparametersysctl

I know there's *.conf file in /usr/lib/sysctl.d and/or /etc/sysctl.d folders ready to establish kernel parameters on boot. But they are general;
what I want is to customize some of these parameters (say, net.ipv4.icmp_echo_ignore_all) depending on the user who is in, but I want per-user kernel parameters.
Is it possible or what I'm saying is a complete silliness?

Best Answer

What @Tomasz says it's true: those are kernel parameters, so they are "unique"!

Anyway, you can achieve some result with that limit

...in the OP, @Osqui doesn't say users are simultaneously logged in...

by sketching out a script executed when users login/logout using the sysctl command

Example

You can get a partial list of what kernel parameters are currently set using this command:

$ sudo sysctl -a | head -5
abi.vsyscall32 = 1
debug.exception-trace = 1
debug.kprobes-optimization = 1
dev.cdrom.autoclose = 1
dev.cdrom.autoeject = 0

Making a change

/etc/sysctl.conf

Simply add rules to the file sysctl.conf.

# sysctl.conf sample
#
kernel.domainname = example.com
; this one has a space which will be written to the sysctl!
kernel.modprobe = /sbin/mod probe

You can also use the sysctl.conf command line to make edits to this file without having to edit it directly.

$ sysctl -w kernel.domainname="example.com"

After making any changes be sure to make them active.

$ sysctl -p

/etc/sysctl.d

To add your override of this parameter simply put it in a file named similarly to the files that are already present in the /etc/sysctl.d directory.

$ ls -l /etc/sysctl.d
total 40
-rw-r--r-- 1 root root   77 Jul 16  2012 10-console-messages.conf
-rw-r--r-- 1 root root  490 Jul 16  2012 10-ipv6-privacy.conf
-rw-r--r-- 1 root root  726 Jul 16  2012 10-kernel-hardening.conf
-rw-r--r-- 1 root root 1184 Jul 16  2012 10-magic-sysrq.conf
-rw-r--r-- 1 root root  509 Jul 16  2012 10-network-security.conf
...

In a file named something like 99-myparam.conf.

$ more 10-console-messages.conf 

# the following stops low-level messages on console
kernel.printk = 4 4 1 7

Where the name of the parameter is on the left, and it's corresponding value is on the right.

See sysctl's man page for more details.

Change sysctl parameters for all interfaces

Try all and default:

# sysctl -w "net.ipv4.conf.all.rp_filter=0"
# sysctl -w "net.ipv4.conf.default.rp_filter=0"

This is explained in the Kernel documentation:

conf/default/*:    Change the interface-specific default settings.
conf/all/*:        Change all the interface-specific settings.

However note that putting a new value in all doesn't change the value you read from the interface, but it only gets computed and used internally. See this email for more details.

Best Answer

Related Solutions

Linux – What’s the right way to set Linux kernel runtime parameters

Example

Making a change

/etc/sysctl.conf

/etc/sysctl.d

Change sysctl parameters for all interfaces

Related Question