Common Config File Reference

One of the first things you learn about Linux is that everything is configured through text files. There is no hidden registry, no opaque binary database. Every service, every daemon, every system behavior is governed by a plain-text file sitting somewhere under /etc or in your home directory.

This appendix is a reference guide to the configuration files you will encounter most often as a Linux sysadmin. For each file you get its purpose, format, key fields, and a working example snippet you can use as a starting point.

Golden rule: Before editing any config file, make a backup. cp /etc/somefile /etc/somefile.bak.$(date +%Y%m%d) takes two seconds and can save you hours.

/etc/passwd -- User Account Database

Purpose: Stores basic information about every user account on the system. Despite the name, it does not contain actual passwords (those live in /etc/shadow).

Format: Colon-delimited, one user per line.

username:x:UID:GID:comment:home_directory:shell

Fields:

Field	Meaning
`username`	Login name (up to 32 characters)
`x`	Password placeholder (actual password is in /etc/shadow)
`UID`	User ID number. 0 = root. 1-999 = system accounts. 1000+ = regular users
`GID`	Primary group ID
`comment`	Full name or description (also called GECOS field)
`home_directory`	User's home directory
`shell`	Default login shell. `/usr/sbin/nologin` or `/bin/false` = no interactive login

Example:

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
alice:x:1001:1001:Alice Johnson:/home/alice:/bin/bash
nginx:x:998:998:Nginx web server:/var/lib/nginx:/usr/sbin/nologin

Things to know:

This file is world-readable. Anyone can see usernames and UIDs. This is by design.
Never edit this file directly. Use useradd, usermod, and userdel instead. If you must edit it directly, use vipw which locks the file to prevent concurrent edits.
A UID of 0 grants root privileges regardless of the username. This is how the system identifies root.

/etc/shadow -- Password Hashes

Purpose: Stores the actual encrypted passwords and password aging information. Only readable by root.

Format: Colon-delimited, one user per line.

username:password_hash:lastchanged:min:max:warn:inactive:expire:reserved

Fields:

Field	Meaning
`username`	Must match an entry in /etc/passwd
`password_hash`	The hashed password. `!` or `*` = locked account. `!!` = password never set
`lastchanged`	Days since Jan 1, 1970 that password was last changed
`min`	Minimum days between password changes
`max`	Maximum days before password must be changed
`warn`	Days before expiry to warn the user
`inactive`	Days after expiry before the account is locked
`expire`	Days since Jan 1, 1970 when account expires
`reserved`	Reserved for future use

Example:

root:$6$rounds=5000$salt$hashvalue:19500:0:99999:7:::
alice:$y$j9T$salt$hashvalue:19650:0:90:14:30::
nginx:!:19400:::::

Things to know:

The hash prefix tells you the algorithm: $1$ = MD5 (ancient, avoid), $5$ = SHA-256, $6$ = SHA-512, $y$ = yescrypt (modern default on many distros).
Use passwd to change passwords, never edit this file directly. If you must, use vipw -s.
Permissions should be 640 owned by root:shadow. If this file is world-readable, you have a serious security problem.

/etc/group -- Group Definitions

Purpose: Defines all groups on the system and their membership.

Format: Colon-delimited, one group per line.

groupname:password:GID:member1,member2,member3

Fields:

Field	Meaning
`groupname`	Name of the group
`password`	Group password (almost never used; usually `x` or empty)
`GID`	Group ID number
`members`	Comma-separated list of users in this group (no spaces!)

Example:

root:x:0:
sudo:x:27:alice,bob
docker:x:999:alice,deploy
devs:x:1002:alice,bob,charlie

Things to know:

A user's primary group (from /etc/passwd GID field) does not need to be listed here. The user is automatically a member.
To add a user to a group: sudo usermod -aG groupname username. The -a flag is critical -- without it, the user is removed from all other supplementary groups.
Use vigr to edit this file safely.

/etc/sudoers -- Sudo Privileges

Purpose: Controls who can use sudo and what commands they can run.

Format: Custom syntax. Never edit directly -- always use visudo, which validates syntax before saving. A syntax error in this file can lock you out of sudo entirely.

Key syntax patterns:

# User privilege specification
# who    where=(as_whom)  what
root      ALL=(ALL:ALL)    ALL
alice     ALL=(ALL)        NOPASSWD: ALL
bob       ALL=(ALL)        /usr/bin/systemctl restart nginx, /usr/bin/journalctl

# Group-based rules (group names prefixed with %)
%sudo     ALL=(ALL:ALL)    ALL
%devops   ALL=(ALL)        NOPASSWD: /usr/bin/docker, /usr/bin/systemctl

# Aliases for cleaner rules
Cmnd_Alias WEBSERVER = /usr/bin/systemctl restart nginx, /usr/bin/systemctl reload nginx
User_Alias WEBADMINS = alice, bob, charlie
WEBADMINS  ALL=(ALL)  NOPASSWD: WEBSERVER

Drop-in directory: Modern systems use /etc/sudoers.d/ for additional rules. Files in this directory are included automatically. This is the preferred approach -- leave the main sudoers file untouched and add your rules as separate files:

$ sudo visudo -f /etc/sudoers.d/deploy-user

deploy  ALL=(ALL)  NOPASSWD: /usr/bin/systemctl restart myapp, /usr/bin/journalctl -u myapp

Things to know:

NOPASSWD: lets users run commands without entering their password. Use sparingly and only for specific commands, not ALL.
Rules are evaluated top to bottom. The last matching rule wins.
The Defaults directive controls behavior: Defaults timestamp_timeout=15 extends the sudo password cache to 15 minutes.

/etc/fstab -- Filesystem Mount Table

Purpose: Defines which filesystems are mounted at boot and with what options.

Format: Space or tab-delimited, six fields per line.

# <device>                <mount point>  <type>  <options>           <dump> <fsck>
UUID=abc123-def456         /              ext4    errors=remount-ro   0      1
UUID=789ghi-012jkl         /home          ext4    defaults            0      2
UUID=mno345-pqr678         none           swap    sw                  0      0
/dev/sdb1                  /data          xfs     defaults,noatime    0      2
server:/export/share       /mnt/nfs       nfs     defaults,_netdev   0      0
tmpfs                      /tmp           tmpfs   defaults,noatime,size=2G  0  0

Fields:

Field	Meaning
`device`	Block device, UUID, or LABEL. UUIDs are preferred (they survive disk reordering)
`mount point`	Where to mount the filesystem. `none` for swap
`type`	Filesystem type: ext4, xfs, btrfs, nfs, swap, tmpfs, etc.
`options`	Mount options. `defaults` = rw, suid, dev, exec, auto, nouser, async
`dump`	0 = do not dump (backup). 1 = dump. Almost always 0 these days
`fsck`	Boot-time fsck order. 0 = skip. 1 = check first (root). 2 = check after root

Common mount options:

Option	Meaning
`noatime`	Do not update access times (improves performance)
`noexec`	Prevent execution of binaries on this filesystem
`nosuid`	Ignore SUID/SGID bits
`ro`	Read-only
`_netdev`	Wait for network before mounting (essential for NFS, iSCSI)
`nofail`	Do not fail boot if the device is missing

Things to know:

Get UUIDs with blkid or lsblk -f.
A bad fstab entry can prevent your system from booting. Always test with sudo mount -a after editing.
For temporary mounts, use the mount command directly instead of editing fstab.

/etc/hosts -- Static Hostname Resolution

Purpose: Maps hostnames to IP addresses, consulted before DNS (unless NSS is configured otherwise).

Format: IP address followed by hostnames, space-separated.

127.0.0.1       localhost
127.0.1.1       myserver.example.com myserver
::1             localhost ip6-localhost ip6-loopback

# Internal servers
192.168.1.10    db01.internal db01
192.168.1.11    web01.internal web01
192.168.1.12    web02.internal web02
192.168.1.20    monitoring.internal grafana

Things to know:

Resolution order is controlled by /etc/nsswitch.conf. The line hosts: files dns means check /etc/hosts first, then DNS.
This file is great for small labs and development environments. For anything larger, use proper DNS.
The 127.0.1.1 entry is a Debian/Ubuntu convention that maps the machine's own hostname to a loopback address.

/etc/resolv.conf -- DNS Resolver Configuration

Purpose: Tells the system which DNS servers to use and how to search for hostnames.

Format:

# DNS servers (up to 3)
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 192.168.1.1

# Search domains: short names get these appended
search example.com internal.example.com

# Options
options timeout:2 attempts:3 rotate

Key directives:

Directive	Meaning
`nameserver`	IP of a DNS server (maximum 3)
`search`	Domain search list. If you type `ssh web01`, it tries `web01.example.com` first
`domain`	Default domain (mutually exclusive with `search`)
`options timeout:N`	Seconds before retrying a different nameserver
`options rotate`	Round-robin between nameservers instead of always trying the first one

Things to know:

On systems with systemd-resolved or NetworkManager, this file may be a symlink or auto-generated. Check with ls -la /etc/resolv.conf.
If using systemd-resolved, the real config is managed by resolvectl and the file often points to ../run/systemd/resolve/stub-resolv.conf.
To set permanent DNS servers on a system with NetworkManager, use nmcli or edit the connection profile, not resolv.conf directly.

/etc/hostname -- System Hostname

Purpose: Contains the system's hostname. Just one line.

Format:

myserver

That is it. One line, one hostname.

Things to know:

Change it with sudo hostnamectl set-hostname newname rather than editing the file directly.
The hostname should also be reflected in /etc/hosts.
The FQDN (fully qualified domain name) is usually configured in /etc/hosts rather than here.

/etc/ssh/sshd_config -- SSH Server Configuration

Purpose: Configures the OpenSSH server daemon (sshd).

Format: Keyword Value pairs, one per line. Comments start with #.

Example with recommended security settings:

# Listen on a non-standard port (optional, not a security measure by itself)
Port 22

# Only use protocol version 2
Protocol 2

# Authentication
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# Limit who can log in
AllowUsers alice bob deploy
# Or restrict by group:
# AllowGroups sshusers

# Timeouts and limits
LoginGraceTime 30
MaxAuthTries 3
MaxSessions 5
ClientAliveInterval 300
ClientAliveCountMax 2

# Disable unused features
X11Forwarding no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

# Logging
LogLevel VERBOSE

# SFTP subsystem
Subsystem sftp /usr/lib/openssh/sftp-server

Critical settings to know:

Setting	Recommended	Why
`PermitRootLogin`	`no`	Force users to log in as themselves, then `sudo`
`PasswordAuthentication`	`no`	Use SSH keys only. Eliminates brute-force attacks
`PubkeyAuthentication`	`yes`	Enable key-based authentication
`AllowUsers`	specific users	Whitelist who can SSH in
`MaxAuthTries`	`3`	Limit failed attempts per connection
`ClientAliveInterval`	`300`	Disconnect idle sessions after 5 minutes of silence

Things to know:

After editing, always validate: sudo sshd -t. If it says nothing, the config is valid.
Reload the service: sudo systemctl reload sshd. Do NOT restart if you are connected remotely -- if the config is broken, you lose access.
Drop-in overrides can go in /etc/ssh/sshd_config.d/ on modern systems.
Keep a second SSH session open when testing config changes. If the new config locks you out, you still have the old session.

/etc/nginx/nginx.conf -- Nginx Web Server Configuration

Purpose: Main configuration file for the Nginx web server and reverse proxy.

Format: Block-based configuration with nested contexts.

Example:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log warn;

events {
    worker_connections 1024;
    multi_accept on;
}

http {
    # Basic settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;          # Hide Nginx version in responses

    # MIME types
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Gzip compression
    gzip on;
    gzip_types text/plain text/css application/json application/javascript;
    gzip_min_length 1000;

    # Include site configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

A typical site config (in /etc/nginx/sites-available/mysite):

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    location /api/ {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Deny access to hidden files
    location ~ /\. {
        deny all;
    }
}

Things to know:

Test configuration before reloading: sudo nginx -t.
Reload without downtime: sudo systemctl reload nginx.
Site configs go in /etc/nginx/sites-available/ and are enabled by symlinking to /etc/nginx/sites-enabled/.
On RHEL-based systems, the convention is /etc/nginx/conf.d/*.conf instead of sites-available/sites-enabled.

/etc/systemd/system/*.service -- systemd Unit Files

Purpose: Define how systemd manages a service: how to start it, when to start it, what to do if it crashes.

Format: INI-style with three main sections.

Example -- a custom application service:

[Unit]
Description=My Application Server
Documentation=https://docs.example.com
After=network.target postgresql.service
Wants=postgresql.service

[Service]
Type=simple
User=appuser
Group=appgroup
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/bin/server --config /etc/myapp/config.yaml
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal
Environment=NODE_ENV=production
EnvironmentFile=/etc/myapp/env

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/lib/myapp /var/log/myapp
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Key directives:

Section	Directive	Meaning
`[Unit]`	`After`	Start this unit after the listed units
`[Unit]`	`Wants`	Weak dependency (start but do not fail if dependency fails)
`[Unit]`	`Requires`	Strong dependency (fail if dependency fails)
`[Service]`	`Type`	`simple` (default), `forking`, `oneshot`, `notify`
`[Service]`	`ExecStart`	Command to start the service
`[Service]`	`Restart`	`on-failure`, `always`, `on-abnormal`, `no`
`[Service]`	`RestartSec`	Seconds to wait before restarting
`[Service]`	`User/Group`	Run as this user/group
`[Install]`	`WantedBy`	Which target enables this service (usually `multi-user.target`)

Things to know:

Custom unit files go in /etc/systemd/system/. Distribution-provided ones live in /lib/systemd/system/.
After creating or modifying a unit file: sudo systemctl daemon-reload.
To override a distribution unit without modifying it: sudo systemctl edit nginx creates a drop-in override file.
The security directives (ProtectSystem, PrivateTmp, etc.) are extremely useful for hardening services. Use them.

/etc/crontab -- System-Wide Cron Schedule

Purpose: System-wide scheduled tasks. Unlike user crontabs, this one includes a username field.

Format:

# m  h  dom mon dow  user     command
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=admin@example.com

# Run system maintenance at 2 AM
0  2  *   *   *     root     /usr/local/bin/daily-maintenance.sh

# Rotate application logs weekly
0  3  *   *   0     root     /usr/sbin/logrotate /etc/logrotate.conf

# Database backup every 6 hours
0  */6 *  *   *     postgres /opt/scripts/db-backup.sh

# Cleanup temp files daily at midnight
0  0  *   *   *     root     find /tmp -type f -atime +7 -delete

Things to know:

System crontab has a user field between the time spec and the command. User crontabs (edited with crontab -e) do not.
Drop-in scripts can go in /etc/cron.daily/, /etc/cron.hourly/, /etc/cron.weekly/, /etc/cron.monthly/. These are run by anacron or a cron entry.
MAILTO controls where error output is sent. Set it to "" to disable email.
Cron uses a minimal PATH. Always use full paths to commands in cron jobs, or set PATH at the top.
On systemd systems, consider using systemd timers instead. They offer better logging, dependency management, and randomized delays.

/etc/exports -- NFS Shared Directories

Purpose: Defines which directories are shared via NFS and who can access them.

Format: One export per line: directory followed by client specifications.

# Share /data/shared with the 192.168.1.0/24 network, read-write
/data/shared    192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)

# Share /srv/public read-only to everyone
/srv/public     *(ro,sync,no_subtree_check)

# Share /home to specific hosts
/home           web01.internal(rw,sync) web02.internal(rw,sync)

Common options:

Option	Meaning
`rw`	Read-write access
`ro`	Read-only access
`sync`	Write data to disk before replying (safer)
`async`	Reply before data is written to disk (faster, riskier)
`no_subtree_check`	Disables subtree checking (improves reliability)
`no_root_squash`	Trust root on the client (dangerous in production)
`root_squash`	Map client root to anonymous user (default, recommended)
`all_squash`	Map all users to anonymous (useful for public shares)

Things to know:

After editing, apply changes with: sudo exportfs -ra.
View current exports: sudo exportfs -v.
Make sure NFS services are running: sudo systemctl enable --now nfs-server.
No space between the client specification and the options in parentheses. /data host(rw) is correct. /data host (rw) is wrong -- that exports to host with default options AND to the entire world with (rw).

/etc/sysctl.conf -- Kernel Parameter Tuning

Purpose: Sets kernel parameters at boot time. These parameters can also be changed at runtime.

Format: parameter = value, one per line.

Example -- common tuning parameters:

# Enable IP forwarding (required for routers, VPNs, containers)
net.ipv4.ip_forward = 1

# Harden network stack
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_syncookies = 1

# Increase connection tracking for busy servers
net.netfilter.nf_conntrack_max = 1048576

# Virtual memory tuning
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5

# Increase file descriptor limits
fs.file-max = 2097152

# Increase maximum number of memory map areas
vm.max_map_count = 262144

# Increase network buffer sizes for high-throughput servers
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Things to know:

Apply changes without rebooting: sudo sysctl -p or sudo sysctl --system.
View a current value: sysctl net.ipv4.ip_forward.
Set a value temporarily (until reboot): sudo sysctl -w net.ipv4.ip_forward=1.
Drop-in files go in /etc/sysctl.d/. For example, /etc/sysctl.d/99-custom.conf. The numbering controls load order.

~/.bashrc -- Bash Shell Customization

Purpose: Executed for every new interactive non-login Bash shell. This is where you put your personal customizations.

Format: Bash script.

Example:

# ~/.bashrc

# If not running interactively, don't do anything
case $- in
    *i*) ;;
      *) return;;
esac

# History settings
HISTSIZE=10000
HISTFILESIZE=20000
HISTCONTROL=ignoreboth    # Ignore duplicates and commands starting with space
shopt -s histappend        # Append to history, don't overwrite

# Check window size after each command
shopt -s checkwinsize

# Custom prompt: user@host:path (green for normal user, red for root)
if [ "$(id -u)" -eq 0 ]; then
    PS1='\[\e[1;31m\]\u@\h:\w#\[\e[0m\] '
else
    PS1='\[\e[1;32m\]\u@\h:\w$\[\e[0m\] '
fi

# Useful aliases
alias ll='ls -alFh'
alias la='ls -A'
alias ..='cd ..'
alias ...='cd ../..'
alias grep='grep --color=auto'
alias df='df -h'
alias du='du -h'
alias free='free -h'
alias ports='ss -tlnp'
alias myip='curl -s ifconfig.me'

# Safety nets
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Custom PATH
export PATH="$HOME/.local/bin:$HOME/bin:$PATH"

# Default editor
export EDITOR=vim
export VISUAL=vim

# Colored man pages
export LESS_TERMCAP_mb=$'\e[1;32m'
export LESS_TERMCAP_md=$'\e[1;32m'
export LESS_TERMCAP_me=$'\e[0m'
export LESS_TERMCAP_se=$'\e[0m'
export LESS_TERMCAP_so=$'\e[01;33m'
export LESS_TERMCAP_ue=$'\e[0m'
export LESS_TERMCAP_us=$'\e[1;4;31m'

# Source local customizations if they exist
if [ -f ~/.bashrc.local ]; then
    source ~/.bashrc.local
fi

Things to know:

.bashrc runs for interactive non-login shells. .bash_profile (or .profile) runs for login shells. Usually .bash_profile sources .bashrc.
Changes take effect in new shells. To apply immediately: source ~/.bashrc.
System-wide defaults live in /etc/bash.bashrc (Debian/Ubuntu) or /etc/bashrc (RHEL).
Keep .bashrc clean and fast. Complex operations here slow down every new terminal.

~/.ssh/config -- SSH Client Configuration

Purpose: Configures the SSH client. Lets you define shortcuts, default options, and per-host settings so you never have to type long SSH commands.

Format: Block-based, with Host patterns.

Example:

# Default settings for all connections
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3
    AddKeysToAgent yes
    IdentitiesOnly yes

# Quick access to production web server
Host prod-web
    HostName 203.0.113.50
    User deploy
    Port 2222
    IdentityFile ~/.ssh/prod_key

# Jump through a bastion host to reach internal servers
Host bastion
    HostName bastion.example.com
    User alice
    IdentityFile ~/.ssh/bastion_key

Host internal-*
    ProxyJump bastion
    User alice
    IdentityFile ~/.ssh/internal_key

Host internal-db
    HostName 10.0.1.50

Host internal-web
    HostName 10.0.1.51

# Development VM
Host devbox
    HostName 192.168.56.10
    User vagrant
    IdentityFile ~/.vagrant.d/insecure_private_key
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

# GitHub (useful when you have multiple keys)
Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/github_key

Common directives:

Directive	Meaning
`HostName`	The actual hostname or IP to connect to
`User`	Default username for this host
`Port`	Default port
`IdentityFile`	Path to the private key
`ProxyJump`	Jump through another host (bastion/jump box)
`LocalForward`	Set up a local port forward automatically
`ServerAliveInterval`	Send keepalive every N seconds
`StrictHostKeyChecking`	`ask` (default), `yes`, `no`
`IdentitiesOnly`	Only try the specified key, not all keys in the agent

Things to know:

With the config above, ssh prod-web is all you need. No more ssh -p 2222 -i ~/.ssh/prod_key deploy@203.0.113.50.
Host patterns support wildcards: Host *.example.com matches any subdomain.
Settings are applied first-match-wins. Put specific hosts before general patterns.
File permissions must be 600 (or 644). The .ssh directory must be 700.
This file is for the SSH client. The SSH server config is /etc/ssh/sshd_config.

Quick Reference Table

Here is a summary of where to find what:

What you need to configure	File
User accounts	`/etc/passwd`
Passwords and aging	`/etc/shadow`
Groups	`/etc/group`
Sudo privileges	`/etc/sudoers` (use `visudo`)
Filesystem mounts	`/etc/fstab`
Static hostname resolution	`/etc/hosts`
DNS resolver	`/etc/resolv.conf`
System hostname	`/etc/hostname`
SSH server	`/etc/ssh/sshd_config`
SSH client (per user)	`~/.ssh/config`
Nginx web server	`/etc/nginx/nginx.conf`
Custom systemd services	`/etc/systemd/system/*.service`
System-wide cron jobs	`/etc/crontab`
NFS exports	`/etc/exports`
Kernel parameters	`/etc/sysctl.conf`
Bash customization	`~/.bashrc`
Name resolution order	`/etc/nsswitch.conf`
PAM authentication	`/etc/pam.d/*`
Log rotation	`/etc/logrotate.conf`
Time zone	`/etc/timezone` or `timedatectl`
Network (modern)	`/etc/netplan/*.yaml` or `nmcli`

This is not every config file on a Linux system -- there are thousands. But master these and you will be able to troubleshoot and configure the vast majority of what you encounter in the real world.

Linux Book: From First Boot to Production