How to set up user niceness permanently?
usually they set it in /etc/security/limits.conf
user1 - priority -20
user2 - priority -20
sshd service upon restart is not automatically started. How to make “systemctl start sshd” permamently executed after system boot? (of course I executed “systemctl enable sshd”)
I want to inject “mitigations=off isolcpus=2-4,7-19” into kernel cmd line params conveniently.
Do you have something like “grubby --args=“mitigations=off isolcpus=2-4,7-19” …” for this?
nice is a part of coreutils. I cannot find anything in the spec file that changed the default path. So I will give it a try.
man stateless has a section for sshd, right below the section for systemd, which says to enable services to start at boot time, use systemctl enable <unit>. And I don’t understand why it doesn’t start even after you executed systemctl enabled sshd.
Before you manually start it, does systemctl status sshd mentioned any error?
Clear Linux uses systemd-boot instead of GRUB. You can add permanent boot parameters to /etc/kernel/cmdline.d/FOO.conf. Check this:
Do not need to change the default path. I am saying that other Linux distributives contain a file: /etc/security/limits.conf. In this file on other Linux distributives I can set up default niceness for different users.
Question is: how to set up default nive value = “-20” for clear-linux users?
I mean Clear Linux doesn’t seem to change the default sysconfig path of coreutils, I will try modifying /etc/security/limits.conf .
Also stated in ‘man stateless’, Clear Linux does not have any default configurations in /etc, with a few exceptions, so it’s normal that file is not already there. But it doesn’t mean you cannot create one.
We don’t do this by default. Instead, we enable sshd.socket. This means that sshd.service is not started until someone actually connects to the system.
If you have installed the openssh-server bundle, then sshd.socket will be enabled by default. There is nothing left to do - SSH will just work.
To verify, inspect systemctl status sshd.socket instead.
Just create the file and it will be used. Note: I haven’t actually tested this, but, if it doesn’t work it’s a bug and I’ll gladly fix that - this should work.
Yes, Bundle “openssh-server” is already installed. After restart it listens on default port (22). In my /etc/ssh/sshd_config I have set up another port.
To fix this I created dropin file at /etc/systemd/system/sshd.socket.d/10-sshd-listen-ports.conf and put there
The “l1tf=off” parameter does not work as expected Please find a screenshot with correct kernel line param: l1tf=off highlighted, but mitigation is still “on”.