1.\" $NetBSD: rc.conf.5,v 1.128 2009/03/27 09:11:36 hannken Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2009 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd March 27, 2009 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89Most variables are one of two types: enabling variables or flags 90variables. 91Enabling variables, such as 92.Sy inetd , 93are generally named after the program or the system they enable, 94and are set to 95.Sq YES 96or 97.Sq NO . 98Flags variables, such as 99.Sy inetd_flags 100have the same name with "_flags" appended, and determine what 101arguments are passed to the program if it is enabled. 102.Pp 103If a variable that 104.Xr rc 8 105expects to be set is not set, or the value is not one of the allowed 106values, a warning will be printed. 107.Pp 108By default, 109.Nm 110reads 111.Pa /etc/defaults/rc.conf 112(if it is readable) 113to obtain default values for various variables, and the end-user 114may override these by appending appropriate entries to the end of 115.Nm . 116.Pp 117.Xr rc.d 8 118scripts that use 119.Ic load_rc_config 120from 121.Xr rc.subr 8 122also support sourcing an optional end-user provided per-script override 123file 124.Pa /etc/rc.conf.d/ Ns Ar service , 125(where 126.Ar service 127is the contents of the 128.Sy name 129variable in the 130.Xr rc.d 8 131script). 132This may contain variable overrides, including allowing the end-user 133to override various 134.Ic run_rc_command 135.Xr rc.d 8 136control variables, and thus changing the operation of the script 137without requiring editing of the script. 138.Ss Overall control 139.Bl -tag -width net_interfaces 140.It Sy do_rcshutdown 141.Sq YES 142or 143.Sq NO . 144If set to 145.Sq NO , 146.Xr shutdown 8 147will not run 148.Pa /etc/rc.shutdown . 149.It Sy rcshutdown_rcorder_flags 150A string. 151Extra arguments to the 152.Xr rcorder 8 153run by 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_timeout 156A number. 157If non-blank, use this as the number of seconds to run a watchdog timer for 158which will terminate 159.Pa /etc/rc.shutdown 160if the timer expires before the shutdown script completes. 161.It Sy rc_configured 162.Sq YES 163or 164.Sq NO . 165If not set to 166.Sq YES 167then the system will drop into single-user mode during boot. 168.It Sy rc_fast_and_loose 169If set to a non-empty string, 170each script in 171.Pa /etc/rc.d 172will be executed in the current shell rather than a sub shell. 173This may be faster on slow machines that have an expensive 174.Xr fork 2 175operation. 176.Bl -hang 177.It Em Note : 178Use this at your own risk! 179A rogue command or script may inadvertently prevent boot to multiuser. 180.El 181.It Sy rc_rcorder_flags 182A string. 183Extra arguments to the 184.Xr rcorder 8 185run by 186.Pa /etc/rc . 187.El 188.Ss Basic network configuration 189.Bl -tag -width net_interfaces 190.It Sy defaultroute 191A string. 192Default IPv4 network route. 193If empty or not set, then the contents of 194.Pa /etc/mygate 195(if it exists) are used. 196.It Sy defaultroute6 197A string. 198Default IPv6 network route. 199If empty or not set, then the contents of 200.Pa /etc/mygate6 201(if it exists) are used. 202.It Sy domainname 203A string. 204.Tn NIS 205(YP) domain of host. 206If empty or not set, then the contents of 207.Pa /etc/defaultdomain 208(if it exists) are used. 209.It Sy force_down_interfaces 210A space separated list of interface names. 211These interfaces will be configured down when going from multiuser to singleuser 212mode or on system shutdown. 213.Pp 214This is important for some stateful interfaces, for example PPP over ISDN 215connections that cost money by connection time or PPPoE interfaces which 216have no direct means of noticing 217.Dq disconnect 218events. 219.Pp 220All active 221.Xr pppoe 4 222and 223.Xr ippp 4 224interfaces will be automatically added to this list. 225.It Sy hostname 226A string. 227Name of host. 228If empty or not set, then the contents of 229.Pa /etc/myname 230(if it exists) are used. 231.El 232.Ss Boottime file-system and swap configuration 233.Bl -tag -width net_interfaces 234.It Sy critical_filesystems_local 235A string. 236File systems mounted very early in the system boot before networking 237services are available. 238Usually 239.Pa /var 240is part of this, because it is needed by services such as 241.Xr dhclient 8 242which may be required to get the network operational. 243.It Sy critical_filesystems_remote 244A string. 245File systems such as 246.Pa /usr 247that may require network services to be available to mount, 248that must be available early in the system boot for general services to use. 249.It Sy fsck_flags 250A string. 251A file system is checked with 252.Xr fsck 8 253during boot before mounting it. 254This option may be used to override the default command-line options 255passed to the 256.Xr fsck 8 257program. 258.Pp 259When set to 260.Fl y , 261.Xr fsck 8 262assumes yes as the answer to all operator questions during file system checks. 263This might be important with hosts where the administrator does not have 264access to the console and an unsuccessful shutdown must not make the host 265unbootable even if the file system checks would fail in preen mode. 266.It Sy no_swap 267.Sq YES 268or 269.Sq NO . 270Set the 271.Sy no_swap 272variable to 273.Sq YES 274if you have configured your system with no swap on purpose. 275If not set to 276.Sq YES , 277and no swap devices 278are configured, the system will warn you. 279.It Sy swapoff 280.Sq YES 281or 282.Sq NO . 283Remove block-type swap devices at shutdown time. 284Useful if swapping onto RAIDframe devices. 285.El 286.Ss One-time actions to perform or programs to run on boot-up 287.Bl -tag -width net_interfaces 288.It Sy accounting 289.Sq YES 290or 291.Sq NO . 292Enables process accounting with 293.Xr accton 8 . 294Requires 295.Pa /var/account/acct 296to exist. 297.It Sy clear_tmp 298.Sq YES 299or 300.Sq NO . 301Clear /tmp after reboot. 302.It Sy dmesg 303.Sq YES 304or 305.Sq NO . 306Create 307.Pa /var/run/dmesg.boot 308from the output of 309.Xr dmesg 8 . 310Passes 311.Sy dmesg_flags . 312.It Sy mixerctl 313.Sq YES 314or 315.Sq NO . 316Read 317.Xr mixerctl.conf 5 318for how to set mixer values. 319List in 320.Sy mixerctl_mixers 321the devices whose settings are to be saved at shutdown and 322restored at start-up. 323.It Sy newsyslog 324.Sq YES 325or 326.Sq NO . 327Run 328.Nm newsyslog 329to trim logfiles before syslogd starts. 330Intended for laptop users. 331Passes 332.Sy newsyslog_flags . 333.It Sy per_user_tmp 334.Sq YES 335or 336.Sq NO . 337Enables a per-user 338.Pa /tmp 339directory. 340.Sy per_user_tmp_dir 341can be used to override the default location of the 342.Dq real 343temporary directories, 344.Dq Pa /private/tmp . 345.It Sy rndctl 346.Sq YES 347or 348.Sq NO . 349Runs the 350.Xr rndctl 8 351utility one or more times according to the specification in 352.Sy rndctl_flags . 353.Pp 354If 355.Sy rndctl_flags 356does not contain a semicolon 357.Pq Ql \&; 358then it is expected to contain zero or more flags, 359followed by one or more device or type names. 360The 361.Xr rndctl 8 362command will be executed once for each device or type name. 363If the specified flags do not include any of 364.Fl c , C , e , 365or 366.Fl E , 367then the flags 368.Fl c 369and 370.Fl e 371are added, to specify that entropy from the relevant device or type 372should be both collected and estimated. 373If the specified flags do not include either of 374.Fl d 375or 376.Fl t , 377then the flag 378.Fl d 379is added, to specify that the non-flag arguments are device names, 380not type names. 381.Pp 382.Sy rndctl_flags 383may contain multiple semicolon-separated segments, in which each 384segment contains flags and device or type names as described above. 385This allows different flags to be associated with different 386device or type names. 387For example, given 388.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 389the following commands will be executed: 390.Li "rndctl -c -e -d wd0" ; 391.Li "rndctl -c -e -d wd1" ; 392.Li "rndctl -c -e -t tty" ; 393.Li "rndctl -c -t net" . 394.It Sy savecore 395.Sq YES 396or 397.Sq NO . 398Runs the 399.Xr savecore 8 400utility. 401Passes 402.Sy savecore_flags . 403The directory where crash dumps are stored is specified by 404.Sy savecore_dir . 405The default setting is 406.Dq Pa /var/crash . 407.It Sy tpctl 408.Sq YES 409or 410.Sq NO . 411Run 412.Xr tpctl 8 413to calibrate touch panel device. 414Passes 415.Sy tpctl_flags . 416.It Sy update_motd 417.Sq YES 418or 419.Sq NO . 420Updates the 421.Nx 422version string in the 423.Pa /etc/motd 424file to reflect the version of the running kernel. 425See 426.Xr motd 5 . 427.It Sy veriexec 428.Sq YES 429or 430.Sq NO . 431Load Veriexec fingerprints during startup. 432Read 433.Xr veriexecctl 8 434for more information. 435.It Sy virecover 436.Sq YES 437or 438.Sq NO . 439Send notification mail to users if any recoverable files exist in 440.Pa /var/tmp/vi.recover . 441Read 442.Xr virecover 8 443for more information. 444.El 445.Ss System security setting 446.Bl -tag -width net_interfaces 447.It Sy securelevel 448A number. 449The system securelevel is set to the specified value early 450in the boot process, before any external logins, or other programs 451that run users job, are started. 452If set to nothing, the default action is taken, as described in 453.Xr init 8 454and 455.Xr secmodel_securelevel 9 , 456which contains definitive information about the system securelevel. 457Note that setting 458.Sy securelevel 459to 0 in 460.Nm 461will actually result in the system booting with securelevel set to 1, as 462.Xr init 8 463will raise the level when 464.Xr rc 8 465completes. 466.It Sy permit_nonalpha 467Allow passwords to include non-alpha characters, usually to allow 468NIS/YP netgroups. 469.It Sy veriexec_strict 470A number. 471Controls the strict level of Veriexec. 472Level 0 is learning mode, used when building the signatures file. 473It will only output messages but will not enforce anything. 474Level 1 will only prevent access to files with a fingerprint 475mismatch. 476Level 2 will also deny writing to and removing of 477monitored files, as well as enforce access type (as specified in 478the signatures file). 479Level 3 will take a step further and prevent 480access to files that are not monitored. 481.It Sy veriexec_verbose 482A number. 483Controls the verbosity of Veriexec. 484Recommended operation is at level 0, verbose output (mostly used when 485building the signatures file) is at level 1. 486Level 2 is for debugging only and should not be used. 487.It Sy veriexec_flags 488A string. 489Flags to pass to the 490.Nm veriexecctl 491command. 492.El 493.Ss Networking startup 494.Bl -tag -width net_interfaces 495.It Sy altqd 496.Sq YES 497or 498.Sq NO . 499ALTQ configuration/monitoring daemon. 500Passes 501.Sy altqd_flags . 502.It Sy auto_ifconfig 503.Sq YES 504or 505.Sq NO . 506Sets the 507.Sy net_interfaces 508variable (see below) to the output of 509.Xr ifconfig 8 510with the 511.Dq Li -l 512flag and suppresses warnings about interfaces in this list that 513do not have an ifconfig file or variable. 514.It Sy dhclient 515.Sq YES 516or 517.Sq NO . 518Set to 519.Sq YES 520to configure some or all network interfaces using 521the ISC DHCP client. 522If you set 523.Sy dhclient 524to 525.Sq YES , 526you must either have 527.Pa /var 528in 529.Sy critical_filesystems_local , 530as part of 531.Pa / , 532or direct the DHCP client to store the leases file on the root 533file system by modifying the 534.Sy dhclient_flags 535variable. 536You must not provide ifconfig information or ifaliases 537information for any interface that is to be configured using the DHCP client. 538Interface aliases can be set up in the DHCP client configuration 539file if needed - see 540.Xr dhclient.conf 5 541for details. 542.Pp 543Passes 544.Sy dhclient_flags 545to the DHCP client. 546See 547.Xr dhclient 8 548for complete documentation. 549If you wish to configure all broadcast 550network interfaces using the DHCP client, you can leave this blank. 551To configure only specific interfaces, name the interfaces to be configured 552on the command line. 553.Pp 554If you must run the DHCP client before mounting critical file systems, 555then you should specify an alternate location for the DHCP client's lease 556file in the 557.Sy dhclient_flags 558variable - for example, "-lf /tmp/dhclient.leases". 559.It Sy dhcpcd_flags 560Additional arguments to pass to 561.Xr dhcpcd 8 562when requesting configuration via 563.Sy ifconfig_xxN 564or 565.Pa /etc/ifconfig.xxN . 566.It Sy flushroutes 567.Sq YES 568or 569.Sq NO . 570Flushes the route table on networking startup. 571Useful when coming up to multiuser mode after going down to 572single-user mode. 573.It Sy hostapd 574.Sq YES 575or 576.Sq NO . 577Runs 578.Xr hostapd 8 , 579the authenticator for IEEE 802.11 networks. 580.It Sy ifaliases_* 581A string. 582List of 583.Sq Em "address netmask" 584pairs to configure additional network addresses for the given 585configured interface 586.Dq * 587(e.g. 588.Sy ifaliases_le0 ) . 589If 590.Em netmask 591is 592.Dq - , 593then use the default netmask for the interface. 594.Pp 595.Sy ifaliases_* 596covers limited cases only and considered unrecommended. 597We recommend using 598.Sy ifconfig_nnX 599variables or 600.Pa /etc/ifconfig.xxN 601files with multiple lines instead. 602.It Sy ifwatchd 603.Sq YES 604or 605.Sq NO . 606Monitor dynamic interfaces and perform actions upon address changes. 607Passes 608.Sy ifwatchd_flags . 609.It Sy ip6mode 610A string. 611An IPv6 node can be a router 612.Pq nodes that forward packet for others 613or a host 614.Pq nodes that do not forward . 615A host can be autoconfigured 616based on the information advertised by adjacent IPv6 routers. 617By setting 618.Sy ip6mode 619to 620.Dq Li router , 621.Dq Li host , 622or 623.Dq Li autohost , 624you can configure your node as a router, 625a non-autoconfigured host, or an autoconfigured host. 626Invalid values will be ignored, and the node will be configured as 627a non-autoconfigured host. 628You may want to check 629.Sy rtsol 630and 631.Sy rtsold 632as well, if you set the variable to 633.Dq Li autohost . 634.It Sy ip6uniquelocal 635.Sq YES 636or 637.Sq NO . 638If 639.Sy ip6mode 640is equal to 641.Dq Li router 642and 643.Sy ip6uniquelocal 644is set to 645.Sq NO 646a reject route will be installed on boot to avoid misconfiguration relating 647to unique-local addresses. 648If set to 649.Sq YES 650the reject route won't be installed. 651.It Sy ipfilter 652.Sq YES 653or 654.Sq NO . 655Runs 656.Xr ipf 8 657to load in packet filter specifications from 658.Pa /etc/ipf.conf 659at network boot time, before any interfaces are configured. 660Passes 661.Sy ipfilter_flags . 662See 663.Xr ipf.conf 5 . 664.It Sy ipfs 665.Sq YES 666or 667.Sq NO . 668Runs 669.Xr ipfs 8 670to save and restore information for ipnat and ipfilter state tables. 671The information is stored in 672.Pa /var/db/ipf/ipstate.ipf 673and 674.Pa /var/db/ipf/ipnat.ipf . 675Passes 676.Sy ipfs_flags . 677.It Sy ipmon 678.Sq YES 679or 680.Sq NO . 681Runs 682.Xr ipmon 8 683to read 684.Xr ipf 8 685packet log information and log it to a file or the system log. 686Passes 687.Sy ipmon_flags . 688.It Sy ipmon_flags 689A string. 690Specifies arguments to supply to 691.Xr ipmon 8 . 692Defaults to 693.Dq Li -ns . 694A typical example would be 695.Dq Fl nD Pa /var/log/ipflog 696to have 697.Xr ipmon 8 698log directly to a file bypassing 699.Xr syslogd 8 . 700If the 701.Dq -D 702argument is used, remember to modify 703.Pa /etc/newsyslog.conf 704accordingly; for example: 705.Bd -literal 706/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 707.Ed 708.It Sy ipnat 709.Sq YES 710or 711.Sq NO . 712Runs 713.Xr ipnat 8 714to load in the IP network address translation (NAT) rules from 715.Pa /etc/ipnat.conf 716at network boot time, before any interfaces are configured. 717See 718.Xr ipnat.conf 5 . 719.It Sy ipsec 720.Sq YES 721or 722.Sq NO . 723Runs 724.Xr setkey 8 725to load in IPsec manual keys and policies from 726.Pa /etc/ipsec.conf 727at network boot time, before any interfaces are configured. 728.It Sy net_interfaces 729A string. 730The list of network interfaces to be configured at boot time. 731For each interface "xxN", the system first looks for ifconfig 732parameters in the variable 733.Sy ifconfig_xxN , 734and then in the file 735.Pa /etc/ifconfig.xxN . 736If 737.Sy auto_ifconfig 738is set to "NO" and neither the file nor the variable is found, 739a warning is printed. 740Information in either the variable or the file is parsed identically, 741except that, if an 742.Sy ifconfig_xxN 743variable contains a single line with embedded semicolons, 744then the value is split into multiple lines prior to further parsing, 745treating the semicolon as a line separator. 746One common case it to set 747.Sy ifconfig_xxN Ns Li \&= Ns Qq dhcp , 748which will cause 749.Xr dhcpcd 8 750to be started for the interface. 751Another common case it to set the 752.Sy ifconfig_xxN 753variable to a set of arguments to be passed to an 754.Xr ifconfig 8 755command after the interface name. 756Refer to 757.Xr ifconfig.if 5 758for more details on 759.Pa /etc/ifconfig.xxN 760files, and note that the information there also applies to 761.Sy ifconfig_xxN 762variables (after the variables are split into lines). 763.It Sy ntpdate 764.Sq YES 765or 766.Sq NO . 767Runs 768.Xr ntpdate 8 769to set the system time from one of the hosts in 770.Sy ntpdate_hosts . 771If 772.Sy ntpdate_hosts 773is empty, it will attempt to find a list of hosts in 774.Pa /etc/ntp.conf . 775Passes 776.Sy ntpdate_flags . 777.It Sy pf 778.Sq YES 779or 780.Sq NO . 781Enable 782.Xr pf 4 783at network boot time: 784Load the initial configuration 785.Xr pf.boot.conf 5 786before the network is up. 787After the network has been configured, then load the final ruleset 788.Xr pf.conf 5 . 789.It Sy pf_rules 790A string. 791The path of the 792.Xr pf.conf 5 793ruleset that will be used when loading the final ruleset. 794.It Sy pflogd 795.Sq YES 796or 797.Sq NO . 798Run 799.Xr pflogd 8 800for dumping packet filter logging information to a file. 801.It Sy ppp_peers 802A string. 803If 804.Sy ppp_peers 805is not empty, then 806.Pa /etc/rc.d/ppp 807will check each word in 808.Sy ppp_peers 809for a corresponding ppp configuration file in 810.Pa /etc/ppp/peers 811and will call 812.Xr pppd 8 813with the 814.Dq call Sy peer 815option. 816.It Sy racoon 817.Sq YES 818or 819.Sq NO . 820Runs 821.Xr racoon 8 , 822the IKE (ISAKMP/Oakley) key management daemon. 823.It Sy rtsol 824.Sq YES 825or 826.Sq NO . 827Run 828.Xr rtsol 8 , 829router solicitation command for IPv6 hosts. 830On nomadic hosts like notebook computers, you may want to enable 831.Sy rtsold 832as well. 833Passes 834.Sy rtsol_flags . 835This is only for autoconfigured IPv6 hosts, so set 836.Sy ip6mode 837to 838.Dq Li autohost 839if you use it. 840.It Sy wpa_supplicant 841.Sq YES 842or 843.Sq NO . 844Run 845.Xr wpa_supplicant 8 , 846WPA/802.11i Supplicant for wireless network devices. 847.El 848.Ss Daemons required by other daemons 849.Bl -tag -width net_interfaces 850.It Sy inetd 851.Sq YES 852or 853.Sq NO . 854Runs the 855.Xr inetd 8 856daemon to start network server processes (as listed in 857.Pa /etc/inetd.conf ) 858as necessary. 859Passes 860.Sy inetd_flags . 861The 862.Dq Li -l 863flag turns on libwrap connection logging. 864.It Sy rpcbind 865.Sq YES 866or 867.Sq NO . 868The 869.Xr rpcbind 8 870daemon is required for any 871.Xr rpc 3 872services. 873These include NFS, 874.Tn NIS , 875.Xr bootparamd 8 , 876.Xr rstatd 8 , 877.Xr rusersd 8 , 878and 879.Xr rwalld 8 . 880Passes 881.Sy rpcbind_flags . 882.El 883.Ss Commonly used daemons 884.Bl -tag -width net_interfaces 885.It Sy cron 886.Sq YES 887or 888.Sq NO . 889Run 890.Xr cron 8 . 891.It Sy httpd 892.Sq YES 893or 894.Sq NO . 895Runs the 896.Xr httpd 8 897daemon and passes 898.Sy httpd_flags . 899.It Sy httpd_wwwdir 900A string. 901The 902.Xr httpd 8 903WWW root directory. 904Used only if 905.Sy httpd 906is set to 907.Sq YES . 908The default setting is 909.Dq Pa /var/www . 910.It Sy httpd_wwwuser 911A string. 912If non-blank and 913.Sy httpd 914is 915.Sq YES , 916run 917.Xr httpd 8 918and cause it to switch to the specified user after initialization. 919It is preferred to 920.Sy httpd_user 921because 922.Xr httpd 8 923is requiring extra privileges to start listening on default port 80. 924The default setting is 925.Dq Dv _httpd . 926.It Sy lpd 927.Sq YES 928or 929.Sq NO . 930Runs 931.Xr lpd 8 932and passes 933.Sy lpd_flags . 934The 935.Dq Li -l 936flag will turn on extra logging. 937.It Sy named 938.Sq YES 939or 940.Sq NO . 941Runs 942.Xr named 8 943and passes 944.Sy named_flags . 945.It Sy named_chrootdir 946A string. 947If non-blank and 948.Sy named 949is 950.Sq YES , 951run 952.Xr named 8 953as the unprivileged user and group 954.Sq named , 955.Xr chroot 2 Ns ed 956to 957.Sy named_chrootdir . 958.Sy named_chrootdir Ns Pa /var/run/log 959will be added to the list of log sockets that 960.Xr syslogd 8 961listens to. 962.It Sy ntpd 963.Sq YES 964or 965.Sq NO . 966Runs 967.Xr ntpd 8 968and passes 969.Sy ntpd_flags . 970.It Sy ntpd_chrootdir 971A string. 972If non-blank and 973.Sy ntpd 974is 975.Sq YES , 976run 977.Xr ntpd 8 978as the unprivileged user and group 979.Sq ntpd , 980.Xr chroot 2 Ns ed 981to 982.Sy ntpd_chrootdir . 983.Sy ntpd_chrootdir Ns Pa /var/run/log 984will be added to the list of log sockets that 985.Xr syslogd 8 986listens to. 987This option requires that the kernel has 988.Dl pseudo-device clockctl 989compiled in, and that 990.Pa /dev/clockctl 991is present. 992.It Sy postfix 993.Sq YES 994or 995.Sq NO . 996Starts 997.Xr postfix 1 998mail system. 999.It Sy sshd 1000.Sq YES 1001or 1002.Sq NO . 1003Runs 1004.Xr sshd 8 1005and passes 1006.Sy sshd_flags . 1007.It Sy syslogd 1008.Sq YES 1009or 1010.Sq NO . 1011Runs 1012.Xr syslogd 8 1013and passes 1014.Sy syslogd_flags . 1015.It Sy timed 1016.Sq YES 1017or 1018.Sq NO . 1019Runs 1020.Xr timed 8 1021and passes 1022.Sy timed_flags . 1023The 1024.Dq Li -M 1025option allows 1026.Xr timed 8 1027to be a master time source as well as a slave. 1028If you are also running 1029.Xr ntpd 8 , 1030only one machine running both should have the 1031.Dq Li -M 1032flag given to 1033.Xr timed 8 . 1034.El 1035.Ss Routing daemons 1036.Bl -tag -width net_interfaces 1037.It Sy mrouted 1038.Sq YES 1039or 1040.Sq NO . 1041Runs 1042.Xr mrouted 8 , 1043the DVMRP multicast routing protocol daemon. 1044Passes 1045.Sy mrouted_flags . 1046.It Sy route6d 1047.Sq YES 1048or 1049.Sq NO . 1050Runs 1051.Xr route6d 8 , 1052the RIPng routing protocol daemon for IPv6. 1053Passes 1054.Sy route6d_flags . 1055.It Sy routed 1056.Sq YES 1057or 1058.Sq NO . 1059Runs 1060.Xr routed 8 , 1061the RIP routing protocol daemon. 1062Passes 1063.Sy routed_flags . 1064.\" This should be 1065.\" .Sq NO 1066.\" if 1067.\" .Sy gated 1068.\" is 1069.\" .Sq YES . 1070.It Sy rtsold 1071.Sq YES 1072or 1073.Sq NO . 1074Runs 1075.Xr rtsold 8 , 1076the IPv6 router solicitation daemon. 1077.Xr rtsold 8 1078periodically transmits router solicitation packets 1079to find IPv6 routers on the network. 1080This configuration is mainly for nomadic hosts like notebook computers. 1081Stationary hosts should work fine with just 1082.Sy rtsol . 1083Passes 1084.Sy rtsold_flags . 1085This is only for autoconfigured IPv6 hosts, so set 1086.Sy ip6mode 1087to 1088.Dq Li autohost 1089if you use it. 1090.El 1091.Ss Daemons used to boot other hosts over a network 1092.Bl -tag -width net_interfaces 1093.It Sy bootparamd 1094.Sq YES 1095or 1096.Sq NO . 1097Runs 1098.Xr bootparamd 8 , 1099the boot parameter server, with 1100.Sy bootparamd_flags 1101as options. 1102Used to boot 1103.Nx 1104and 1105.Tn "SunOS 4.x" 1106systems. 1107.It Sy dhcpd 1108.Sq YES 1109or 1110.Sq NO . 1111Runs 1112.Xr dhcpd 8 , 1113the Dynamic Host Configuration Protocol (DHCP) daemon, 1114for assigning IP addresses to hosts and passing boot information. 1115Passes 1116.Sy dhcpd_flags . 1117.It Sy dhcrelay 1118.Sq YES 1119or 1120.Sq NO . 1121Runs 1122.Xr dhcrelay 8 . 1123Passes 1124.Sy dhcrelay_flags . 1125.It Sy mopd 1126.Sq YES 1127or 1128.Sq NO . 1129Runs 1130.Xr mopd 8 , 1131the 1132.Tn DEC 1133.Tn MOP 1134protocol daemon; used for booting 1135.Tn VAX 1136and other 1137.Tn DEC 1138machines. 1139Passes 1140.Sy mopd_flags . 1141.It Sy ndbootd 1142.Sq YES 1143or 1144.Sq NO . 1145Runs 1146.Xr ndbootd 8 , 1147the Sun Network Disk (ND) Protocol server. 1148Passes 1149.Sy ndbootd_flags . 1150.It Sy rarpd 1151.Sq YES 1152or 1153.Sq NO . 1154Runs 1155.Xr rarpd 8 , 1156the reverse ARP daemon, often used to boot 1157.Nx 1158and Sun workstations. 1159Passes 1160.Sy rarpd_flags . 1161.It Sy rbootd 1162.Sq YES 1163or 1164.Sq NO . 1165Runs 1166.Xr rbootd 8 , 1167the 1168.Tn HP 1169boot protocol daemon; used for booting 1170.Tn HP 1171workstations. 1172Passes 1173.Sy rbootd_flags . 1174.It Sy rtadvd 1175.Sq YES 1176or 1177.Sq NO . 1178Runs 1179.Xr rtadvd 8 , 1180the IPv6 router advertisement daemon, which is used to advertise 1181information about the subnet to IPv6 end hosts. 1182Passes 1183.Sy rtadvd_flags . 1184This is only for IPv6 routers, so set 1185.Sy ip6mode 1186to 1187.Dq Li router 1188if you use it. 1189.El 1190.Ss X Window System daemons 1191.Bl -tag -width net_interfaces 1192.It Sy xdm 1193.Sq YES 1194or 1195.Sq NO . 1196Runs the 1197.Xr xdm 1 1198X display manager. 1199These X daemons are available only with the optional X distribution of 1200.Nx . 1201.It Sy xfs 1202.Sq YES 1203or 1204.Sq NO . 1205Runs the 1206.Xr xfs 1 1207X11 font server, which supplies local X font files to X terminals. 1208.El 1209.Ss NIS (YP) daemons 1210.Bl -tag -width net_interfaces 1211.It Sy ypbind 1212.Sq YES 1213or 1214.Sq NO . 1215Runs 1216.Xr ypbind 8 , 1217which lets 1218.Tn NIS 1219(YP) clients use information from a 1220.Tn NIS 1221server. 1222Passes 1223.Sy ypbind_flags . 1224.It Sy yppasswdd 1225.Sq YES 1226or 1227.Sq NO . 1228Runs 1229.Xr yppasswdd 8 , 1230which allows remote 1231.Tn NIS 1232users to update password on master server. 1233Passes 1234.Sy yppasswdd_flags . 1235.It Sy ypserv 1236.Sq YES 1237or 1238.Sq NO . 1239Runs 1240.Xr ypserv 8 , 1241the 1242.Tn NIS 1243(YP) server for distributing information from certain files in 1244.Pa /etc . 1245Passes 1246.Sy ypserv_flags . 1247The 1248.Dq Li -d 1249flag causes it to use DNS for lookups in 1250.Pa /etc/hosts 1251that fail. 1252.El 1253.Ss NFS daemons and parameters 1254.Bl -tag -width net_interfaces 1255.It Sy amd 1256.Sq YES 1257or 1258.Sq NO . 1259Runs 1260.Xr amd 8 , 1261the automounter daemon, which automatically mounts NFS file systems 1262whenever a file or directory within that file system is accessed. 1263Passes 1264.Sy amd_flags . 1265.It Sy amd_dir 1266A string. 1267The 1268.Xr amd 8 1269mount directory. 1270Used only if 1271.Sy amd 1272is set to 1273.Sq YES . 1274.It Sy lockd 1275.Sq YES 1276or 1277.Sq NO . 1278Runs 1279.Xr rpc.lockd 8 1280if 1281.Sy nfs_server 1282and/or 1283.Sy nfs_client 1284are set to 1285.Sq YES . 1286Passes 1287.Sy lockd_flags . 1288.It Sy mountd 1289.Sq YES 1290or 1291.Sq NO . 1292Runs 1293.Xr mountd 8 1294and passes 1295.Sy mountd_flags . 1296.It Sy nfs_client 1297.Sq YES 1298or 1299.Sq NO . 1300The number of local NFS asynchronous I/O server is now controlled via 1301.Xr sysctl 8 . 1302.It Sy nfs_server 1303.Sq YES 1304or 1305.Sq NO . 1306Sets up a host to be a NFS server by running 1307.Xr nfsd 8 1308and passing 1309.Sy nfsd_flags . 1310.It Sy statd 1311.Sq YES 1312or 1313.Sq NO . 1314Runs 1315.Xr rpc.statd 8 , 1316a status monitoring daemon used when 1317.Xr rpc.lockd 8 1318is running, if 1319.Sy nfs_server 1320and/or 1321.Sy nfs_client 1322are set to 1323.Sq YES . 1324Passes 1325.Sy statd_flags . 1326.El 1327.Ss Bluetooth configuration and daemons 1328.Bl -tag -width net_interfaces 1329.It Sy btattach 1330.Sq YES 1331or 1332.Sq NO . 1333Attach serial bluetooth interfaces as listed in the configuration file 1334.Pa /etc/bluetooth/btdevctl.conf . 1335.It Sy btconfig 1336.Sq YES 1337or 1338.Sq NO . 1339Configure bluetooth devices. 1340If the 1341.Sy btconfig_devices 1342variable below is not specified, all devices known to the system 1343will be configured. 1344For each device, configuration arguments are first looked for 1345in the 1346.Sy btconfig_{dev} 1347variable, otherwise the value of the 1348.Sy btconfig_args 1349variable will be used, and if that is not specified the default string is 1350.Sq enable . 1351.It Sy btconfig_devices 1352An optional space separated list of bluetooth devices to be configured at 1353boot time. 1354.It Sy btconfig_args 1355An optional string, containing default arguments for bluetooth devices to 1356be configured. 1357.It Sy btdevctl 1358.Sq YES 1359or 1360.Sq NO . 1361Configure Bluetooth devices as listed in the configuration file 1362.Pa /etc/bluetooth/btdevctl.conf . 1363.It Sy bthcid 1364.Sq YES 1365or 1366.Sq NO . 1367Runs 1368.Xr bthcid 8 , 1369the Bluetooth HCI daemon, which manages link keys and PIN codes for 1370Bluetooth links. 1371Passes 1372.Sy bthcid_flags . 1373.It Sy sdpd 1374.Sq YES 1375or 1376.Sq NO . 1377Runs the Service Discovery Profile daemon, 1378.Xr sdpd 8 . 1379Passes 1380.Sy sdpd_flags . 1381.El 1382.Ss Other daemons 1383.Bl -tag -width net_interfaces 1384.It Sy isdnd 1385.Sq YES 1386or 1387.Sq NO . 1388Runs 1389.Xr isdnd 8 , 1390the isdn4bsd ISDN connection management daemon. 1391Passes 1392.Sy isdnd_flags . 1393.It Sy isdn_autoupdown 1394.Sq YES 1395or 1396.Sq NO . 1397Set all configured ISDN interfaces to 1398.Dq up . 1399If 1400.Sy isdn_interfaces 1401is not blank, only the listed interfaces will be modified. 1402Used only if 1403.Sy isdnd 1404is set to 1405.Sq YES . 1406.It Sy kdc 1407.Sq YES 1408or 1409.Sq NO . 1410Runs the 1411.Xr kdc 8 1412Kerberos v4 and v5 server. 1413This should be run on Kerberos master and slave servers. 1414.It Sy rwhod 1415.Sq YES 1416or 1417.Sq NO . 1418Runs 1419.Xr rwhod 8 1420to support the 1421.Xr rwho 1 1422and 1423.Xr ruptime 1 1424commands. 1425.El 1426.Ss Hardware daemons 1427.Bl -tag -width net_interfaces 1428.It Sy apmd 1429.Sq YES 1430or 1431.Sq NO . 1432Runs 1433.Xr apmd 8 1434and passes 1435.Sy apmd_flags . 1436.It Sy irdaattach 1437.Sq YES 1438or 1439.Sq NO . 1440Runs 1441.Xr irdaattach 8 1442and passes 1443.Sy irdaattach_flags . 1444.It Sy moused 1445.Sq YES 1446or 1447.Sq NO . 1448Runs 1449.Xr moused 8 , 1450to pass serial mouse data to the wscons mouse mux. 1451Passes 1452.Sy moused_flags . 1453.It Sy screenblank 1454.Sq YES 1455or 1456.Sq NO . 1457Runs 1458.Xr screenblank 1 1459and passes 1460.Sy screenblank_flags . 1461.It Sy wscons 1462.Sq YES 1463or 1464.Sq NO . 1465Configures the 1466.Xr wscons 4 1467console driver, from the configuration file 1468.Pa /etc/wscons.conf . 1469.It Sy wsmoused 1470.Sq YES 1471or 1472.Sq NO . 1473Runs 1474.Xr wsmoused 8 , 1475to provide copy and paste text support in wscons displays. 1476Passes 1477.Sy wsmoused_flags . 1478.El 1479.Sh FILES 1480.Bl -tag -width /etc/defaults/rc.conf -compact 1481.It Pa /etc/rc.conf 1482The file 1483.Nm 1484resides in 1485.Pa /etc . 1486.It Pa /etc/defaults/rc.conf 1487Default settings for 1488.Nm , 1489sourced by 1490.Nm 1491before the end-user configuration section. 1492.It Pa /etc/rc.conf.d/ Ns Ar foo 1493.Ar foo Ns No -specific 1494.Nm 1495overrides. 1496.El 1497.Sh SEE ALSO 1498.Xr boot 8 , 1499.Xr rc 8 , 1500.Xr rc.d 8 , 1501.Xr rc.subr 8 , 1502.Xr rcorder 8 1503.Sh HISTORY 1504The 1505.Nm 1506file appeared in 1507.Nx 1.3 . 1508