Table of Contents
Configuration lives in `/etc`
The /etc directory is the traditional home for system configuration files on a Linux system. When you change how your system behaves in a persistent way, there is a good chance that change is stored somewhere under /etc.
This chapter focuses on the role of /etc, what you can expect to find inside, and how to treat it safely as a beginner.
What `/etc` is used for
/etc stores configuration that affects the whole system, not just a single user. Programs read files here when they start or when the system boots. These files describe things like how you log in, what services run automatically, how networking is set up, and many other behaviors.
User specific configuration usually lives in your home directory, often in hidden files such as ~/.bashrc or ~/.config/.... By contrast, configuration in /etc applies globally to all users and services on the system, unless a program has rules that allow per user overrides.
Many of the files in /etc are plain text. This is deliberate. It means you can open them with a text editor, understand them, and, with care, change them.
Treat /etc as critical system data. Incorrect edits can prevent services from starting or even stop the system from booting.
Characteristics of `/etc` contents
Most items in /etc share some common properties.
First, they are typically small, human readable text files. For example, /etc/hosts describes local hostname to IP address mappings, and /etc/fstab lists filesystems that should be mounted at boot. The formats vary, but the intent is always to store configuration, not bulk data.
Second, files in /etc are usually owned by the root user. Normal users can read many of them but cannot change them without elevated permissions. This protects the system from accidental or malicious modifications by unprivileged users.
Third, system packages install their default configuration here. When you install a web server, database, or other server software through your distribution’s package manager, the package usually drops its main configuration file into /etc and sometimes creates a dedicated subdirectory, for example /etc/apache2 or /etc/nginx.
Finally, /etc is not for user data, temporary files, or binaries. Placing scripts, downloads, or random files here goes against common practice and can confuse system management tools.
Read only before you edit
As a beginner, a safe way to approach /etc is to read before you write. Many configuration files there have extensive comments that explain their options.
You can view a file with tools like cat, less, or a simple text editor in read only mode. For example, viewing /etc/hosts shows how hostnames and addresses are laid out, and reading /etc/passwd reveals how basic user account information is stored.
Editing files under /etc usually requires sudo or a root shell. Before changing anything, it is good practice to make a backup copy. One simple method is to duplicate the file with a suffix that marks it as a backup, such as .bak or including a date.
Before changing an important configuration file in /etc, always create a backup copy that you can restore if something breaks.
If you edit a configuration file for a running service, you often need to restart that service, or sometimes reload its configuration, for your changes to take effect. The exact method depends on the service and will be covered when you learn service management.
Typical layouts inside `/etc`
Although each distribution has its own conventions, there are common patterns you will encounter inside /etc.
Many services use a single primary configuration file such as /etc/ssh/sshd_config for the OpenSSH server, or /etc/fstab for filesystem mount definitions. These files may include other files or directories for more modular configuration.
It is common to see whole directories for complex services. For example, /etc/network or /etc/NetworkManager contain networking related configuration, and /etc/systemd contains systemd unit files that describe how services are started.
Another pattern is directories that hold small fragment files, each representing one configuration item. For example, some distributions use /etc/sysctl.d/ for kernel parameter snippets, where each file contains settings that are merged at boot.
There are also symbolic links inside /etc. These links may point to configuration that lives elsewhere, or they may connect a generic file name to one chosen version. When you use tools like ls -l, you can see where these links point.
Distribution specific variations
While the idea of /etc is shared across Linux systems, details differ by distribution.
Some distributions group configuration for a topic into a single directory. For instance, on Debian based systems such as Ubuntu, the Apache web server configuration is spread under /etc/apache2 into multiple subdirectories like sites-available and sites-enabled. On Red Hat based systems, Apache’s configuration is more often centered around /etc/httpd.
Networking is another example. There may be files like /etc/network/interfaces, or directories like /etc/sysconfig/network-scripts, or configurations that are mainly managed through /etc/NetworkManager. The exact layout depends on the tools and distribution you use.
As you move between distributions, the presence of /etc is constant, but service specific paths may change. Reading distribution documentation for a particular service tells you which path under /etc is relevant on that system.
Ownership, permissions, and security
Because /etc controls how the system behaves, its security is very important. Permissions are usually strict.
Files that contain sensitive information, such as hashed passwords, keys, or secret tokens, are readable only by root or specific system users. For example, /etc/shadow stores password hashes and is not world readable.
By contrast, some configuration must be readable by all users. For example, /etc/resolv.conf tells the system which DNS servers to use and is commonly world readable. The exact permissions reflect the minimum necessary access to allow the system and applications to work correctly.
From a security perspective, an attacker that can modify files in /etc can usually take control of the system. This is why tools that grant temporary administrative access, such as sudo, should be protected with strong passwords and careful policies.
If an untrusted user can edit files inside /etc, the entire system should be considered compromised.
Package managers and `/etc` configuration
The way /etc is managed is closely tied to your distribution’s package system.
When you upgrade a package that provides configuration files in /etc, the package manager usually tries to preserve your local changes. If the new version of the package ships an updated default configuration, and your existing file has been modified, the package manager may ask you whether to keep your version, use the new one, or inspect the differences.
On some systems, if a configuration file has never been touched, it may be overwritten by the new default version during an upgrade. This behavior is intended, since the package assumes you do not depend on the old default if you have not changed it.
If you remove a package, its configuration files under /etc are often left behind, so that you can reinstall later and keep your custom settings. Most package managers have a special command to purge both the package and its configuration, if you really want a clean removal.
Backing up `/etc`
Since /etc contains the core description of how your system is configured, it is one of the most important directories to include in backups.
Backing up /etc allows you to restore your system’s configuration to a known state, even if you reinstall the operating system. Many administrators regularly archive /etc as part of their backup routine, often together with other key directories.
When something breaks after a configuration change, having an older copy of /etc lets you compare files and see what changed. Simple comparison tools can highlight differences between two versions of the same configuration file, which can be a powerful way to troubleshoot.
Because many files in /etc are small text files, backing up the entire directory is inexpensive in terms of storage space but extremely valuable when problems occur.
Summary view of `/etc`
/etc is the central location for global, system wide configuration on a Linux system. It holds mostly small, human readable files that influence how services start, how users log in, how networking is set up, and how the system behaves at a fundamental level.
As a beginner, you will mostly read files in /etc to see how things are configured, and only occasionally edit them, always with a backup and with the understanding that mistakes here can have system wide consequences. Over time, you will learn the specific paths for the services you use most often, and /etc will become a familiar map of how your Linux system is wired together.