#! /bin/sh
chmod 777 d/ -Rf
chmod 777 s/ -Rf
chmod 777 search/ -Rf
chmod 777 html/ -Rf
chmod 777 index.html -Rf
chmod 777 e/data/ -Rf
chmod 777 e/install/ -Rf
chmod 777 e/admin/ebak/bdata/ -Rf
chmod 777 e/admin/ebak/zip/ -Rf
chmod 777 e/class/config.php
chmod 777 e/class/user.php
chmod 777 e/member/iframe/index.php
chmod 777 e/member/login/loginjs.php
chmod 777 e/pl/more/index.php
chmod 777 e/sch/index.php
chmod 777 e/tool/feedback/temp/ -Rf
chmod 777 e/tool/gbook/index.php
-
帝国目录权限修改脚本
-
insert into … select …
语句形式为:Insert into Table2(field1,field2,…) select value1,value2,… from Table1
要求目标表Table2必须存在,由于目标表Table2已经存在,所以我们除了插入源表Table1的字段外,还可以插入常量。 -
nginx + spawn-fcgi
apt-get install spawn-fcgi php5-cgi
用 spawn-fcgi 启动 fcgi ,
spawn-fcgi -a 127.0.0.1 -p 8000 -u nobody -f /usr/bin/php-cgi -C 5 ;
在 nginx 里配置加一句:
location ~ .php$ {
fastcgi_pass 127.0.0.1:8000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/nginx/html$fastcgi_script_name;
include fastcgi_params;
} -
linux系统内核优化tcp参数 sysctl.conf
查看网络连接状态
netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rndebian系统32位优化
在Squid服务器中
vi /etc/sysctl.conf
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 2048 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.core.netdev_max_backlog=10000Apache或Nginx等的Web服务器,或Nginx的反向代理,则只需要更改以下几项即可:
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
如果是邮件服务器,则建议内核方案如下:net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000 65000
kernel.shmmax = 134217728其中:
net.ipv4.tcp_syncookies=1表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookie来处理,可防范少量的SYN攻击。默认为0,表示关闭。
net.ipv4.tcp_tw_reuse=1表示开启重用。允许将TIME-WAIT套接字重新用于新的TCP连接。默认为0,表示关闭。
net.ipv4.tcp_tw_recycle=1表示开启TCP连接中TIME-WAIT套接字的快速回收。默认为0,表示关闭。
net.ipv4.tcp_fin_timeout=30表示如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间。
net.ipv4.tcp_keepalive_time=1200表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,这里改为20分钟。
net.ipv4.ip_local_port_range=1024 65000表示向外连接的端口范围。默认值很小:32768~61000,改为1024~65000。
net.ipv4.tcp_max_syn_backlog=8192表示SYN队列的长度,默认为1024,加大队列长度为8192,可以容纳更多等待连接的网络连接数。
net.ipv4.tcp_max_tw_buckets=5000表示系统同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。默认为180000,改为5000。对于Apache、Nginx等服务器,前面介绍的几个参数已经可以很好地减少TIME_WAIT套接字数量,但是对于Squid来说,效果却不大。有了此参数就可以控制TIME_WAIT套接字的最大数量,避免Squid服务器被大量的TIME_WAIT套接字拖死。
netdev_max_backlog 在接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。
执行以下命令使内核配置立即生效:
/sbin/sysctl -psysctl.conf中相关重要设定的详细说明
$ /proc/sys/net/core/wmem_max
最大socket写buffer,可参考的优化值:873200
$ /proc/sys/net/core/rmem_max
最大socket读buffer,可参考的优化值:873200
$ /proc/sys/net/ipv4/tcp_wmem
TCP写buffer,可参考的优化值: 8192 436600 873200
$ /proc/sys/net/ipv4/tcp_rmem
TCP读buffer,可参考的优化值: 32768 436600 873200
$ /proc/sys/net/ipv4/tcp_mem
同样有3个值,意思是:
net.ipv4.tcp_mem[0]:低于此值,TCP没有内存压力.
net.ipv4.tcp_mem[1]:在此值下,进入内存压力阶段.
net.ipv4.tcp_mem[2]:高于此值,TCP拒绝分配socket.
上述内存单位是页,而不是字节.可参考的优化值是:786432 1048576 1572864
$ /proc/sys/net/core/netdev_max_backlog
进入包的最大设备队列.默认是300,对重负载服务器而言,该值太低,可调整到1000.
$ /proc/sys/net/core/somaxconn
listen()的默认参数,挂起请求的最大数量.默认是128.对繁忙的服务器,增加该值有助于网络性能.可调整到256.
$ /proc/sys/net/core/optmem_max
socket buffer的最大初始化值,默认10K.
$ /proc/sys/net/ipv4/tcp_max_syn_backlog
进入SYN包的最大请求队列.默认1024.对重负载服务器,增加该值显然有好处.可调整到2048.
$ /proc/sys/net/ipv4/tcp_retries2
TCP失败重传次数,默认值15,意味着重传15次才彻底放弃.可减少到5,以尽早释放内核资源.
$ /proc/sys/net/ipv4/tcp_keepalive_time
$ /proc/sys/net/ipv4/tcp_keepalive_intvl
$ /proc/sys/net/ipv4/tcp_keepalive_probes
这3个参数与TCP KeepAlive有关.默认值是:
tcp_keepalive_time = 7200 seconds (2 hours)
tcp_keepalive_probes = 9
tcp_keepalive_intvl = 75 seconds
意思是如果某个TCP连接在idle 2个小时后,内核才发起probe.如果probe 9次(每次75秒)不成功,内核才彻底放弃,认为该连接已失效.对服务器而言,显然上述值太大. 可调整到:
/proc/sys/net/ipv4/tcp_keepalive_time 1800
/proc/sys/net/ipv4/tcp_keepalive_intvl 30
/proc/sys/net/ipv4/tcp_keepalive_probes 3
$ proc/sys/net/ipv4/ip_local_port_range
指定端口范围的一个配置,默认是32768 61000,已够大. -
/bin/rm: argument list too long 的处理方法
#!/bin/bash
# 设定需要删除的文件夹
RM_DIR=’/data/files’cd $RM_DIR
for I in `ls`
do
rm -f $I
done -
IE里Cookie跨域不能读取
1.页面里的COOKIE不能是浏览器进程的COOKIE(包括验证票和不设置超时时间的COOKIE),否则跨域会取不到.这点做跨域COOKIE的人比较少提到.不过实际上留意下几家大学做的方案,有细微的提到他们的验证模块里的COOKIE是有设置超时时间的.
2.当利用IFRAME时,记得要在相应的动态页的页头添加一下P3P的信息,否则IE会自觉的把IFRAME框里的COOKIE给阻止掉,产生问题.本身不保存自然就取不到了.这个其实是FRAMESET和COOKIE的问题,用FRAME或者IFRAME都会遇到.
3.测试时输出TRACE,会减少很多测试的工作量.
只需要设置 P3P HTTP Header,在隐含 iframe 里面跨域设置 cookie 就可以成功。他们所用的内容是:
P3P: CP=’CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR’
ASP直接在头部加了头部申明,测试有效。
<%Response.AddHeader "P3P", "CP=CAO PSA OUR"%>php的话,应该是如下写法:
-PHP
header('P3P: CP=CAO PSA OUR');ASP.NET的话
通过在代码上加
-C#
Response.AddHeader("P3P", "CP=CAO PSA OUR");或者在Window服务中将ASP.NET State Service 启动。
JSP:
response.setHeader("P3P","CP=CAO PSA OUR")英语原文解析
You can add a P3P compact policy header to your child content, and you can declare that no malicious actions are performed with the data of the user. If Internet Explorer detects a satisfactory policy, then Internet Explorer permits the cookie to be set.Visit the following MSDN Web site for a complete list of satisfactory and unsatisfactory policy codes:
Privacy in Internet Explorer 6
http://msdn.microsoft.com/workshop/security/privacy/overview/privacyie6.asp
A simple compact policy that fulfills this criteria follows:P3P: CP=”CAO PSA OUR”
This code sample shows that your site provides you access to your own contact information (CAO), that any analyzed data is only “pseudo-analyzed”, which means that the data is connected to your online persona and not to your physical identity (PSA), and that your data is not supplied to any outside agencies for those agencies to use (OUR).
You can set this header if you use the Response.AddHeader method in an ASP page. In ASP.NET, you can use the Response.AppendHeader method. You can use the IIS Management Snap-In (inetmgr) to add to a static file.
Follow these steps to add this header to a static file:
1. Click Start, click Run, and then type inetmgr.
2. In the left navigation page, click the appropriate file or directory in your Web site to which you want to add the header, right-click the file, and then click Properties.
3. Click the HTTP Headers tab.
4. In the Custom HTTP Headers group box, click Add.
5. Type P3P for the header name, and then for the compact policy string, type CP=…, where “…” is the appropriate code for your compact policy.Alternatively, Internet Explorer users can modify their privacy settings so that they are prompted to accept third party content. The following steps show how to modify the privacy settings:
1. Run Internet Explorer.
2. Click Tools, and then click Internet Options.
3. Click the Privacy tab, and then click Advanced.
4. Click to select the Override automatic cookie handling check box.
5. To allow ASP and ASP.NET session cookies to be set, click to select the Always allow session cookies check box.
6. To receive a prompt for any type of third party cookie, click Prompt in the Third-party Cookies list. -
linux mrtg服务器网络监控
其它软件包的检查:
[root@mail doc]# rpm -qa|grep gd
gd-1.8.4-4
gd-devel-1.8.4-4[root@mail doc]# rpm -qa|grep perl
perl-5.6.0-17
mod_perl-1.24_01-3[root@mail doc]# rpm -qa|grep libp
libpng-1.0.12-2
libpng-devel-1.0.12-2[root@mail doc]# rpm -qa|grep zlib
zlib-1.1.3-24
zlib-devel-1.1.3-24
[root@mail doc]# rpm -qa|grep gcc
gcc-2.96-98
gcc-g77-2.96-98
gcc-c++-2.96-98目前mrtg的最新版本为mrtg-2.16.1:
wget ftp://ftp.idilis.ro/mirrors/mrtg/mrtg-2.16.1.tar.gz
[root@mail src]# tar xvfz mrtg-2.16.1.tar.gz
[root@mail src]# cd mrtg-2.16.1
[root@mail mrtg-2.16.1]# ./configure –prefix=/data/mrtg
[root@mail mrtg-2.16.1]# make
[root@mail mrtg-2.16.1]# make install到现在我们就已经正确地安装了MRTG系统。
配置SNMP服务
对于不同的设备,配置SNMP支持的方法是不一致的,具体请参考设备的随机文档,一般里 面都有详细的介绍。这里我们讨论在Linux环境下配置SNMP服务器,以实现对本机流出流入数据的分析和报表(我的应用环境是使用Linux带动一个小型局域网上网,监控本机进出 流量)。
在linux环境下安装snmp软件包是很容易的,只需要安装相应的软件包即可:
[root@mail doc]# rpm -qa|grep snmp
net-snmp-libs-5.3.1-14.el5
net-snmp-libs-5.3.1-14.el5
net-snmp-5.3.1-14.el5[root@mail doc]# /etc/rc.d/init.d/snmpd start
Starting snmpd: [ OK ]如果命令输出如上所示,就表示snmp服务器启动正常。
为了配合mrtg使用,还要修改snmpd的配置,以使其允许mrtg读取其interface(网络接口) 流量数据。
vi /etc/snmp/snmpd.conf
装下面这个的#注
view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
然后将access notConfigGroup “” any noauth exact systemview none none
修改为:
access notConfigGroup “” any noauth exact mib2 none none
在55行左右加入:
view systemview included .1.3.6.1.2.1.2然后再重新启动snmpd:
/etc/rc.d/init.d/snmpd restart
生成MRTG配置文件
# mkdir /data/mrtg/cfg/
配置文件:/data/mrtg/cfg/mrtg.cfg
# cd /data/mrtg/bin
# ./cfgmaker –global ‘WorkDir: /data/apache2/htdocs/mrtg’ –global ‘Options[_]: bits,growright’ –output /data/mrtg/cfg/mrtg.cfg public@192.168.3.9
更新信息.
env LANG=C /data/mrtg/bin/mrtg /data/mrtg/cfg/mrtg.cfg# mkdir /data/apache2/htdocs/mrtg
生成mrtg的index文件
# ./indexmaker –output /data/apache2/htdocs/mrtg/index.html /data/mrtg/cfg/mrtg.cfg
<VirtualHost mrgt.yourdomanin.com>
servername mrgt.yourdomanin.com
documentroot /data/apache2/htdocs/mrtg
customlog logs/mrgt.yourdomanin.com common
</VirtualHost><directory “/data/apache2/htdocs/mrtg/”>
options followsymlinks includes
allowoverride none
order allow,deny
allow from all
authname “MRTG流量察看”
authtype basic
authuserfile /data/apache2/passdir/mrtgpass
require user 4ujk
</directory>生成密码:
mkdir /data/apache2/passdir/
/data/apache2/bin/htpasswd -bc /data/apache2/passdir/mrtgpass username userpass让系统每隔5分钟执行一次mrtg,生成新的MRTG流量图
# crontab –e
*/5 * * * * env LANG=C /data/mrtg/bin/mrtg /data/mrtg/cfg/mrtg.cfg=============================================
-
mysql 日期格式与时间戳的相互转换
2008-08-08 ->1178845140
update 表名 set l字段名=UNIX_TIMESTAMP(字段名)
1178845140 ->2008-08-08
update 表名 set l字段名=FROM_UNIXTIME(字段名)
-
linux 常用命令
vi编辑器黛色
echo "syntax enable" >> ~/.vimrc
网络连接状态
netstat -nat |awk '{print $6}'|sort|uniq -c|sort -rnsquid缓存状态
squidclient -h 211.154.255.103 -p 80 mgr:info
从日志文件中找出若干匹配的行
tail -n 22000 122.225.115.199.log |grep -E 'CST 2011|Total space in arena|StoreEntries with MemObjects' | more
Debian 管理服务 需要先安装个rcconf,然后直接用:
rcconf
cpu信息
cat /proc/cpuinfo
硬件信息
ls+tab,会出一堆命令,基本是这些
MySQL的mysqldump工具的基本用法
几个常用用例:
1.导出整个数据库
mysqldump -u 用户名 -p 数据库名 > 导出的文件名 mysqldump -u wcnc -p smgp_apps_wcnc > wcnc.sql
2.导出一个表
mysqldump -u 用户名 -p 数据库名 表名> 导出的文件名 mysqldump -u wcnc -p smgp_apps_wcnc users> wcnc_users.sql
3.导出一个数据库结构
mysqldump -u wcnc -p -d --add-drop-table smgp_apps_wcnc >d:\wcnc_db.sql -d 没有数据 --add-drop-table 在每个create语句之前增加一个drop table
4.导入数据库 常用source 命令
进入mysql数据库控制台, 如mysql -u root -p mysql>use 数据库 然后使用source命令,后面参数为脚本文件(如这里用到的.sql) mysql>source d:\wcnc_db.sql
-
sysctl调整Linux系统性能
sysctl是一个允许您改变正在运行中的Linux系统的接口。它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。基于这点,sysctl(8)提供两个功能:读取和修改系统设置。
查看所有可读变量:
%sysctl -a
读一个指定的变量,例如kern.maxproc:
%sysctl kern.maxprockern.maxproc: 1044
要设置一个指定的变量,直接用variable=value这样的语法:
#sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
您可以使用sysctl修改系统变量,也可以通过编辑sysctl.conf文件来修改系统变量。sysctl.conf 看起来很像rc.conf。它用variable=value的形式来设定值。指定的值在系统进入多用户模式之后被设定。并不是所有的变量都可以在这个模式下设定。
sysctl 变量的设置通常是字符串、数字或者布尔型。 (布尔型用1来表示’yes’,用0来表示’no’)。sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4.tcp_sack=1配置sysctl
编辑此文件:
vi /etc/sysctl.conf
如果该文件为空,则输入以下内容,否则请根据情况自己做调整:
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1# Turn on the tcp_sack
net.ipv4.tcp_sack = 1# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048# Various Settings
net.core.netdev_max_backlog = 1024# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960如果希望屏蔽别人 ping 你的主机,则加入以下代码:
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1编辑完成后,请执行以下命令使变动立即生效:
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1我们常常在 Linux 的 /proc/sys 目录下,手动设定一些 kernel 的参数或是直接 echo 特定的值给一个 proc下的虚拟档案,俾利某些档案之开启,常见的例如设定开机时自动启动 IP Forwarding:
echo “1” > /proc/sys/net/ipv4/ip_forward其实,在 Linux 我们还可以用 sysctl command 便可以简易的去检视、设定或自动配置 特定的 kernel 设定。我们可以在系统提示符号下输入「sysctl -a」,摘要如后:abi.defhandler_coff = 117440515
dev.raid.speed_limit_max = 100000
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.icmp_ratelimit = 100
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.igmp_max_memberships = 20
net.ipv4.ip_no_pmtu_disc = 0
net.core.no_cong_thresh = 20
net.core.netdev_max_backlog = 300
net.core.rmem_default = 65535
net.core.wmem_max = 65535
vm.kswapd = 512 32 8
vm.overcommit_memory = 0
vm.bdflush = 30 64 64 256 500 3000 60 0 0
vm.freepages = 351 702 1053
kernel.sem = 250 32000 32 128
kernel.panic = 0
kernel.domainname = (none)
kernel.hostname = pc02.shinewave.com.tw
kernel.version = #1 Tue Oct 30 20:11:04 EST 2001
kernel.osrelease = 2.4.9-13
kernel.ostype = Linux
fs.dentry-state = 1611 969 45 0 0 0
fs.file-nr = 1121 73 8192
fs.inode-state = 1333 523 0 0 0 0 0
从上述的语法我们大概可看出 sysctl 的表示法乃把目录结构的「/」以「.」表示,一层一层的连结下去。当然以echo 特定的值给一个 proc下的虚拟档案也是可以用 sysctl加以表示,例如:
#sysctl –w net.ipv4.ip_forward =”1”
或是直接在 /etc/sysctl.conf 增删修改特定档案的 0,1值亦可:
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
当然如果考虑 reboot 后仍有效, 直接在 /etc/sysctl.conf 增删修改特定档案的 0,1值才可使之保留设定(以RedHat 为例,每次开机系统启动后, init 会执行 /etc/rc.d/rc.sysinit,便会使用 /etc/sysctl.conf 的预设值去执行 sysctl)。
相关参考档案:
/sbin/sysctl
/etc/sysctl.conf
sysctl 及sysctl.conf manpage
/usr/src/linux-x.y.z/Documentation/sysctl/*
/usr/share/doc/kernel-doc-x.y.z/sysctl/* (RedHat)