# Proper way to modify sysctl.conf or other config files



## D-FENS (Feb 22, 2019)

Hi,
What would be the proper and safe way to modify sysctl.conf or other config files != rc.conf?
I know that modifying rc.conf is easy with:

```
sysrc firewall_enable="YES"
sysrc kld_load+="ipfw_nat"
```
Should I also use the sysrc(8) command with "-f" switch like this:

`sysrc -f /etc/sysctl.conf net.inet.ip.fw.enable=1`

or is there a more standard and shorter way?


----------



## SirDice (Feb 22, 2019)

roccobaroccoSC said:


> What would be the proper and safe way to modify sysctl.conf or other config files != rc.conf?


Using your preferred editor. There's nothing "special" about any of these files.


----------



## D-FENS (Feb 22, 2019)

I would like to do it in an automated way, because it's for cloud deployment.
I was using grep and sed until I found out about the command sysrc, which made my life a whole lot easier. Just want to increase my understanding and see what is the best way to do it from a script.


----------



## olli@ (Feb 22, 2019)

Those files are standard text files, and there is no special interface for changing them (the sysrc(8) command is for rc.conf only). Normally you would use an interactive text editor (ee, vi, joe, emacs, …) to change them. Of course you can use tools like sed, grep, awk, … to change them using scripts for automated deployments. Alternatively you can use a language like Python or Perl that makes handling textual data a little easier.

In particular, the sysctl.conf file is empty by default (except for comments), so that's rather easy: You don't have to modify an existing file, but you can simply create a new one containing the entries that you need.

If you have a medium to large farm of servers, you should use a tool like puppet (port sysutils/puppet6), ansible (port sysutils/ansible) or similar. They provide ways to deploy servers with their configuration files based on templates and predefined rules.


----------



## SirDice (Feb 22, 2019)

olli@ said:


> you should use a tool like puppet (port sysutils/puppet6)


I love Puppet. One note though, all Puppetserver versions (4, 5 and 6) do not work on 12.0-RELEASE due to a bug in jnr-posix. The puppet agents work fine. With Puppet you can easily manage /etc/sysctl.conf using the file or augeus resources. For rc.conf there's very little to add, the service resource works as expected and adds the necessary flags to rc.conf automatically.


----------



## abishai (Feb 22, 2019)

I prefer individual files in rc.conf.d instead of rc.conf Usually, my rc.conf is empty. (I use ansible)


----------



## D-FENS (Feb 23, 2019)

I'll give puppet a try when time allows. Thanks SirDice, olli@ and abishai.


----------

