Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 635668

Summary: config file '/etc/sysctl.conf' is used after parsing user settings in '/etc/sysctl.d/*.conf'
Product: Gentoo Linux Reporter: Kai Peter <kp>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED WORKSFORME    
Severity: normal CC: tsmksubc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://blog.dyndn.es/doku.php/blog/2015/02/20_config_file_sysctl.conf_overwrites_sysctl.d
Whiteboard:
Package list:
Runtime testing required: ---

Description Kai Peter 2017-10-28 09:07:05 UTC
Settings in e.g. '/etc/sysctl.d/local.conf' will be overwritten by settings in default config file '/etc/sysctl.conf'. 

Example: In '/etc/sysctl.conf' there is set by default

net.ipv4.ip_forward = 0

Usually, this should be overwritten by a user defined setting in '/etc/sysctl.d/local.conf':

net.ipv4.ip_forward = 1

This didn't work. The /etc/sysctl.conf' takes precedence over all user settings.

One workaround is to put a 'sysctl -p <file>' call in a '/etc/local.d/*.start'

However, user settings have to have precedence over system settings.


Reproducible: Always

Steps to Reproduce:
1. check it out with the example 'net.ipv4.ip_forward = 1' from description
2. set 'net.ipv4.ip_forward = 1' in '/etc/sysctl.d/forward.conf'
3. do '/etc/init.d/sysctl restart'
4. do 'sysctl -a | grep net.ipv4.ip_forward'
Comment 1 Mike Gilbert gentoo-dev 2017-10-28 14:48:19 UTC
The settings are applied in the order documented in the sysctl man page.

/etc/sysctl.conf is under the sysadmin's control, so I don't see the problem here.
Comment 2 Kai Peter 2017-10-29 08:14:23 UTC
My intention is to prevent that (changes in) /etc/sysctl.conf will be overwritten accidently by an etc-update.

Let me take the freedom to make two suggestions:

1. Add an 'include' statement at the bottom of the file (e.g. like in /etc/rsyslog.conf)

2. remove the option 'net.ipv4.ip_forward = 0' from the default config file (comment out). Maybe put it in a file in sysctl.d, outside of CONFIG_PROTECT.