4.2.2 Changing Kernel Parameters

Some virtual files under /proc, and under /proc/sys in particular, are writable and you can use them to adjust settings in the kernel. For example, to change the host name, you can write a new value to /proc/sys/kernel/hostname:

# echo www.mydomain.com > /proc/sys/kernel/hostname

Other files take value that take binary or Boolean values. For example, the value of /proc/sys/net/ipv4/ip_forward determines whether the kernel forwards IPv4 network packets.

# cat /proc/sys/net/ipv4/ip_forward
# echo 1 > /proc/sys/net/ipv4/ip_forward
# cat /proc/sys/net/ipv4/ip_forward

You can use the sysctl command to view or modify values under the /proc/sys directory.


Even root cannot bypass the file access permissions of virtual file entries under /proc. If you attempt to change the value of a read-only entry such as /proc/partitions, there is no kernel code to service the write() system call.

To display all of the current kernel settings:

# sysctl -a
kernel.sched_child_runs_first = 0
kernel.sched_min_granularity_ns = 2000000
kernel.sched_latency_ns = 10000000
kernel.sched_wakeup_granularity_ns = 2000000
kernel.sched_shares_ratelimit = 500000

The delimiter character in the name of a setting is a period (.) rather than a slash (/) in a path relative to /proc/sys. For example, net.ipv4.ip_forward represents net/ipv4/ip_forward and kernel.msgmax represents kernel/msgmax.

To display an individual setting, specify its name as the argument to sysctl:

# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

To change the value of a setting, use the following form of the command:

# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

Changes that you make in this way remain in force only until the system is rebooted. To make configuration changes persist after the system is rebooted, you must add them to the /etc/sysctl.d directory as a configuration file. Any changes that you make to the files in this directory take effect when the system reboots or if you run the sysctl --system command, for example:

# echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/ip_forward.conf 
# grep -r ip_forward /etc/sysctl.d
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/ip_forward.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

For more information, see the sysctl(8) and sysctl.d(5) manual pages.