How to Use the Sysctl Command in Linux

In this tutorial we’ll learn the fundamentals of the sysctl command.

To start off,  have you wondered how an operating system can use the hardware on which it is running?

It’s the kernel that acts as an interface between an operating system and the hardware. It enables the communication between both entities and is part of the operating system that runs on the hardware.

A user, however, does not interact with the kernel but rather works in a limited space to manage files and execute programs.

So, for example, does Ubuntu have a kernel? Yes, it does.

We can also make certain modifications to the kernel using the sysctl command, which is this article’s focus.

Let’s proceed to take a look at this concept.

Pre-requisites

• Access to a Linux machine. I’ll be using server running Ubuntu 20.04 in this article.
• Acting as a non-root sudo user to ensure a secure environment

Relation Between a Kernel and the Sysctl Command

Each kernel in an operating system works with certain parameters.

The kernel works with the system resources, which change from time to time.

Based on these changes, the kernel parameters also change.

The sysctl command is used to manage the kernel configuration and parameters.

We can use the sysctl command to modify the configuration and kernel parameters at runtime.

The Kernel Parameters Location

The kernel parameters are stored as files in the /proc/sys directory.

However, the kernel parameters are stored as files in the /proc/sys directory. When we visit this directory, we will find several subdirectories and files. Let’s quickly view the subdirectories and files using the ls command:

ls -R /proc/sys

The -R parameter performs a recursive listing of subdirectories and files. If we do not use this parameter, the ls command will list ONLY the files and subdirectories in the /proc/sys directory, but not beyond it.

When we press Enter, we see a long output spanning multiple page levels in the console. Let’s navigate to the start to view the output:

Notice that first, the subdirectories in /proc/sys are listed. After that, each subdirectory is also browsed to list more subdirectories if present and the files. We can continue to scroll down and view the list of subdirectories and files.

So, we may question the focus on the /proc/sys directory in this tutorial? This is because we can view the kernel parameters and change them depending on our requirements. The /proc/sys directory contains all those files that contain the kernel parameter settings. Any setting that we need to be changed, its relevant file can be found in this directory.

Viewing the Sysctl Command Help

We will be using the sysctl command to deal with the kernel parameters, but first thing first. Let’s view the sysctl command help. To do this, we need to type the following command and press Enter:

sysctl -h

We can also display the help using the -d parameter. It provides the same result as the -h parameter.

Viewing All Configured Kernel Parameters

Using the sysctl command, we can view all configured kernel parameters. Let’s run the sysctl command with the -a parameter, which will provide the list of configured kernel parameters. Type the following command and press Enter:

sysctl -a

Notice that the output displays a long list of configured parameters.

There are a few important points we must remember:

• Both -A and -a parameters provide the same output.
• The -X parameter also provides the same output. However, -x does not provide the same output.
• All users in Linux can view the kernel parameters. However, to be able to change any parameter, we need to be the root user.

Viewing a Single Kernel Parameter

Instead of reading through all parameters, we can find the value of a single configured parameter. We need to know the name of the parameter. Let’s take an example of vm.min_free_kbytes, which makes a specific amount, which is mentioned as the value for the variable, to be instantly available when there is a memory constraint.

The command to view a single parameter is simple. We need to mention the parameter name with the sysctl command. For example:

sysctl vm.min_free_kbytes

Notice that the output displays the value set for the vm.min_free_kbytes parameter.

Similar to the mentioned parameter, we can view any single parameter. Let’s look at another parameter, which is vm.max_map_count.

sysctl vm.max_map_count

Notice that the output displays the value set for the vm.max_map_count parameter.

Let’s say that we want to display only the parameter value but not the parameter name. We can do this with the help of the -n parameter.

sysctl -n vm.max_map_count

Notice that the output displays only the value that is set for the vm.max_map_count parameter.

Viewing a Specific Set of Parameters

Let’s assume that we do not know the parameter’s name, and we don’t want to scan through the long output generated with the -a parameter. We can still find the parameters that match a specific search string that we define with the sysctl command.

The sysctl command alone cannot filter the parameters to display. We need to combine it with the grep command to filter the output based on our search string.

The command needs to be in two parts:

• The first part contains the sysctl command with the -a parameter.
• The second part contains the grep command with the search string.

Let’s take an example:

sysctl -a | grep vm

Notice that the output all parameters that contain the search string vm.

We can further filter the search results by refining our search string. Let’s look at another example:

sysctl -a | grep vm.user

Notice that the console displays the output. There are several permissions denied errors and then the actual parameter that we were searching for. The permission denied errors are due to insufficient permissions.

Setting a Parameter’s Value

In this article, we have seen different methods to view the parameters and their values. We have learned to:

• List all parameters
• A single parameter with its value
• Only the value of a parameter

Let’s now focus on setting a value for a parameter. The parameter we’ll use is net.ipv6.conf.autoconf which is currently equal to 1.

A value can be set either temporarily or permanently.

We will first look at a temporary method to set a value. For this method, we will use the -w parameter.

To use sysctl to set the value for a parameter we’ll have to use sudo, otherwise we get permission denied.

Let’s now try the same command with sudo.

sudo sysctl -w net.ipv6.conf.all.autoconf=0

Notice the output this time. It confirms that net.ipv6.conf.all.autoconf has been now set to 0.

Let’s quickly verify the configuration. To do this, we simply execute the sysctl command with the net.ipv6.conf.all.autoconf parameter:

sysctl net.ipv6.conf.all.autoconf

Notice that before we execute the command, this parameter was set to 1. Now, it is set to 0.

If you read the autoconf file, it will contain the same value.

sudo cat /proc/sys/net/ipv6/conf/all/autoconf

Notice that before we execute the command, this parameter was set to 1. Now, it is set to 0.

Let’s now look at a permanent method, which is to change either of the following files:

• /etc/sysctl.conf
• /etc/sysctl.d/99-custom.conf

If these files do not exist, we can create them on our own. One critical point that we have to remember is that we need to open these files with the sudo permissions. If we don’t use sudo, then the file will open in the read-only mode. We can still make changes, but they will not be saved in the same file. While attempting to save the file, we will be prompted to either discard the changes or save the file as a new file. After the changes are saved, they are loaded at the boot time. We can also load the changes immediately, and we will just learn to do that a little later after making the changes.

Let’s go ahead and edit the /etc/sysctl.conf file. Before we edit the file, we can use any text editor. We can use a command line-based editor, such as vi, or use a Graphical User Interface (GUI)-based article, such as gedit. In this tutorial, we are going to use gedit.

Let’s enter the following command at the command line:

sudo gedit /etc/sysctl.conf

Notice that as we enter the command, the /etc/sysctl.conf file is now opened in gedit.

Let’s make the changes on line 33, which currently looks like this:

#net.ipv6.conf.all.forwarding=1

We will make changes by removing #, which is used for commenting the entire line, and then changing the value of 1 to 0.

Press Ctrl + C to save the file and then close it.

Let’s verify the net.ipv6.conf.all.forwarding value using the sysctl command:

sysctl net.ipv6.conf.all.forwarding

Notice that the value is now set to 0.

But remember, the changes even though saved but not applied. You can immediately enforce the changes using the -p parameter with the sysctl command.

sudo sysctl -p

The parameter’s name is also displayed along with its value, which is now set to 0.

An alternate method to using the -p parameter is to use the file name:

sudo sysctl -p /etc/sysctl.conf

The parameter’s name is also displayed along with its value, which is now set to 0.

Remember that changes made to the /etc/sysctl.conf or the /etc/sysctl.d/99-custom.conf files are permanent. They will be loaded during the system reboot. However, you may use the first method to temporarily change a parameter for testing purposes or meet a specific requirement.

Conclusion

Well done. Hopefully, this tutorial helped us understand the fundamentals of the sysctl command in Ubuntu 20.x. If we encountered any issues, please feel free to leave a comment or contact us, and we’ll get back to we as soon as we can.