1.\" $NetBSD: rc.conf.5,v 1.138 2009/10/24 11:22:48 reed Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2009 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd September 30, 2009 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq OPTIONAL: 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq OPTIONAL: 299prefix means that it's not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy swapoff 324Boolean value. 325Remove block-type swap devices at shutdown time. 326Useful if swapping onto RAIDframe devices. 327.El 328.Ss One-time actions to perform or programs to run on boot-up 329.Bl -tag -width net_interfaces 330.It Sy accounting 331Boolean value. 332Enables process accounting with 333.Xr accton 8 . 334Requires 335.Pa /var/account/acct 336to exist. 337.It Sy clear_tmp 338Boolean value. 339Clear /tmp after reboot. 340.It Sy dmesg 341Boolean value. 342Create 343.Pa /var/run/dmesg.boot 344from the output of 345.Xr dmesg 8 . 346Passes 347.Sy dmesg_flags . 348.It Sy gpio 349Boolean value. 350Configure 351.Xr gpio 4 352devices . 353See 354.Xr gpio.conf 5 . 355.It Sy mixerctl 356Boolean value. 357Read 358.Xr mixerctl.conf 5 359for how to set mixer values. 360List in 361.Sy mixerctl_mixers 362the devices whose settings are to be saved at shutdown and 363restored at start-up. 364.It Sy newsyslog 365Boolean value. 366Run 367.Nm newsyslog 368to trim logfiles before syslogd starts. 369Intended for laptop users. 370Passes 371.Sy newsyslog_flags . 372.It Sy per_user_tmp 373Boolean value. 374Enables a per-user 375.Pa /tmp 376directory. 377.Sy per_user_tmp_dir 378can be used to override the default location of the 379.Dq real 380temporary directories, 381.Dq Pa /private/tmp . 382.It Sy rndctl 383Boolean value. 384Runs the 385.Xr rndctl 8 386utility one or more times according to the specification in 387.Sy rndctl_flags . 388.Pp 389If 390.Sy rndctl_flags 391does not contain a semicolon 392.Pq Ql \&; 393then it is expected to contain zero or more flags, 394followed by one or more device or type names. 395The 396.Xr rndctl 8 397command will be executed once for each device or type name. 398If the specified flags do not include any of 399.Fl c , C , e , 400or 401.Fl E , 402then the flags 403.Fl c 404and 405.Fl e 406are added, to specify that entropy from the relevant device or type 407should be both collected and estimated. 408If the specified flags do not include either of 409.Fl d 410or 411.Fl t , 412then the flag 413.Fl d 414is added, to specify that the non-flag arguments are device names, 415not type names. 416.Pp 417.Sy rndctl_flags 418may contain multiple semicolon-separated segments, in which each 419segment contains flags and device or type names as described above. 420This allows different flags to be associated with different 421device or type names. 422For example, given 423.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 424the following commands will be executed: 425.Li "rndctl -c -e -d wd0" ; 426.Li "rndctl -c -e -d wd1" ; 427.Li "rndctl -c -e -t tty" ; 428.Li "rndctl -c -t net" . 429.It Sy savecore 430Boolean value. 431Runs the 432.Xr savecore 8 433utility. 434Passes 435.Sy savecore_flags . 436The directory where crash dumps are stored is specified by 437.Sy savecore_dir . 438The default setting is 439.Dq Pa /var/crash . 440.It Sy tpctl 441Boolean value. 442Run 443.Xr tpctl 8 444to calibrate touch panel device. 445Passes 446.Sy tpctl_flags . 447.It Sy update_motd 448Boolean value. 449Updates the 450.Nx 451version string in the 452.Pa /etc/motd 453file to reflect the version of the running kernel. 454See 455.Xr motd 5 . 456.It Sy veriexec 457Boolean value. 458Load Veriexec fingerprints during startup. 459Read 460.Xr veriexecctl 8 461for more information. 462.It Sy virecover 463Boolean value. 464Send notification mail to users if any recoverable files exist in 465.Pa /var/tmp/vi.recover . 466Read 467.Xr virecover 8 468for more information. 469.El 470.Ss System security setting 471.Bl -tag -width net_interfaces 472.It Sy securelevel 473A number. 474The system securelevel is set to the specified value early 475in the boot process, before any external logins, or other programs 476that run users job, are started. 477If set to nothing, the default action is taken, as described in 478.Xr init 8 479and 480.Xr secmodel_securelevel 9 , 481which contains definitive information about the system securelevel. 482Note that setting 483.Sy securelevel 484to 0 in 485.Nm 486will actually result in the system booting with securelevel set to 1, as 487.Xr init 8 488will raise the level when 489.Xr rc 8 490completes. 491.It Sy permit_nonalpha 492Allow passwords to include non-alpha characters, usually to allow 493NIS/YP netgroups. 494.It Sy veriexec_strict 495A number. 496Controls the strict level of Veriexec. 497Level 0 is learning mode, used when building the signatures file. 498It will only output messages but will not enforce anything. 499Level 1 will only prevent access to files with a fingerprint 500mismatch. 501Level 2 will also deny writing to and removing of 502monitored files, as well as enforce access type (as specified in 503the signatures file). 504Level 3 will take a step further and prevent 505access to files that are not monitored. 506.It Sy veriexec_verbose 507A number. 508Controls the verbosity of Veriexec. 509Recommended operation is at level 0, verbose output (mostly used when 510building the signatures file) is at level 1. 511Level 2 is for debugging only and should not be used. 512.It Sy veriexec_flags 513A string. 514Flags to pass to the 515.Nm veriexecctl 516command. 517.El 518.Ss Networking startup 519.Bl -tag -width net_interfaces 520.It Sy altqd 521Boolean value. 522ALTQ configuration/monitoring daemon. 523Passes 524.Sy altqd_flags . 525.It Sy auto_ifconfig 526Boolean value. 527Sets the 528.Sy net_interfaces 529variable (see below) to the output of 530.Xr ifconfig 8 531with the 532.Dq Li -l 533flag and suppresses warnings about interfaces in this list that 534do not have an ifconfig file or variable. 535.It Sy dhclient 536Boolean value. 537Set true to configure some or all network interfaces using 538the ISC DHCP client. 539If you set 540.Sy dhclient 541true, then 542.Pa /var 543must be in 544.Sy critical_filesystems_local , 545or 546.Pa /var 547must be on the root file system, 548or you must modify the 549.Sy dhclient_flags 550variable to direct the DHCP client to store the leases file 551in some other directory on the root file system. 552You must not provide ifconfig information or ifaliases 553information for any interface that is to be configured using the DHCP client. 554Interface aliases can be set up in the DHCP client configuration 555file if needed - see 556.Xr dhclient.conf 5 557for details. 558.Pp 559Passes 560.Sy dhclient_flags 561to the DHCP client. 562See 563.Xr dhclient 8 564for complete documentation. 565If you wish to configure all broadcast 566network interfaces using the DHCP client, you can leave this blank. 567To configure only specific interfaces, name the interfaces to be configured 568on the command line. 569.Pp 570If you must run the DHCP client before mounting critical file systems, 571then you should specify an alternate location for the DHCP client's lease 572file in the 573.Sy dhclient_flags 574variable - for example, "-lf /tmp/dhclient.leases". 575.It Sy dhcpcd_flags 576Additional arguments to pass to 577.Xr dhcpcd 8 578when requesting configuration via 579.Sy ifconfig_xxN 580or 581.Pa /etc/ifconfig.xxN . 582.It Sy flushroutes 583Boolean value. 584Flushes the route table on networking startup. 585Useful when coming up to multiuser mode after going down to 586single-user mode. 587.It Sy hostapd 588Boolean value. 589Runs 590.Xr hostapd 8 , 591the authenticator for IEEE 802.11 networks. 592.It Sy ifaliases_* 593A string. 594List of 595.Sq Em "address netmask" 596pairs to configure additional network addresses for the given 597configured interface 598.Dq * 599(e.g. 600.Sy ifaliases_le0 ) . 601If 602.Em netmask 603is 604.Dq - , 605then use the default netmask for the interface. 606.Pp 607.Sy ifaliases_* 608covers limited cases only and considered unrecommended. 609We recommend using 610.Sy ifconfig_nnX 611variables or 612.Pa /etc/ifconfig.xxN 613files with multiple lines instead. 614.It Sy ifwatchd 615Boolean value. 616Monitor dynamic interfaces and perform actions upon address changes. 617Passes 618.Sy ifwatchd_flags . 619.It Sy ip6mode 620A string. 621An IPv6 node can be a router 622.Pq nodes that forward packet for others 623or a host 624.Pq nodes that do not forward . 625A host can be autoconfigured 626based on the information advertised by adjacent IPv6 routers. 627By setting 628.Sy ip6mode 629to 630.Dq Li router , 631.Dq Li host , 632or 633.Dq Li autohost , 634you can configure your node as a router, 635a non-autoconfigured host, or an autoconfigured host. 636Invalid values will be ignored, and the node will be configured as 637a non-autoconfigured host. 638You may want to check 639.Sy rtsol 640and 641.Sy rtsold 642as well, if you set the variable to 643.Dq Li autohost . 644.It Sy ip6uniquelocal 645Boolean value. 646If 647.Sy ip6mode 648is equal to 649.Dq Li router , 650and 651.Sy ip6uniquelocal 652is false, 653a reject route will be installed on boot to avoid misconfiguration relating 654to unique-local addresses. 655If 656.Sy ip6uniquelocal 657is true, the reject route won't be installed. 658.It Sy ipfilter 659Boolean value. 660Runs 661.Xr ipf 8 662to load in packet filter specifications from 663.Pa /etc/ipf.conf 664at network boot time, before any interfaces are configured. 665Passes 666.Sy ipfilter_flags . 667See 668.Xr ipf.conf 5 . 669.It Sy ipfs 670Boolean value. 671Runs 672.Xr ipfs 8 673to save and restore information for ipnat and ipfilter state tables. 674The information is stored in 675.Pa /var/db/ipf/ipstate.ipf 676and 677.Pa /var/db/ipf/ipnat.ipf . 678Passes 679.Sy ipfs_flags . 680.It Sy ipmon 681Boolean value. 682Runs 683.Xr ipmon 8 684to read 685.Xr ipf 8 686packet log information and log it to a file or the system log. 687Passes 688.Sy ipmon_flags . 689.It Sy ipmon_flags 690A string. 691Specifies arguments to supply to 692.Xr ipmon 8 . 693Defaults to 694.Dq Li -ns . 695A typical example would be 696.Dq Fl nD Pa /var/log/ipflog 697to have 698.Xr ipmon 8 699log directly to a file bypassing 700.Xr syslogd 8 . 701If the 702.Dq -D 703argument is used, remember to modify 704.Pa /etc/newsyslog.conf 705accordingly; for example: 706.Bd -literal 707/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 708.Ed 709.It Sy ipnat 710Boolean value. 711Runs 712.Xr ipnat 8 713to load in the IP network address translation (NAT) rules from 714.Pa /etc/ipnat.conf 715at network boot time, before any interfaces are configured. 716See 717.Xr ipnat.conf 5 . 718.It Sy ipsec 719Boolean value. 720Runs 721.Xr setkey 8 722to load in IPsec manual keys and policies from 723.Pa /etc/ipsec.conf 724at network boot time, before any interfaces are configured. 725.It Sy net_interfaces 726A string. 727The list of network interfaces to be configured at boot time. 728For each interface "xxN", the system first looks for ifconfig 729parameters in the variable 730.Sy ifconfig_xxN , 731and then in the file 732.Pa /etc/ifconfig.xxN . 733If 734.Sy auto_ifconfig 735is false, and neither the variable nor the file is found, 736a warning is printed. 737Information in either the variable or the file is parsed identically, 738except that, if an 739.Sy ifconfig_xxN 740variable contains a single line with embedded semicolons, 741then the value is split into multiple lines prior to further parsing, 742treating the semicolon as a line separator. 743One common case it to set 744.Sy ifconfig_xxN Ns Li \&= Ns Qq dhcp , 745which will cause 746.Xr dhcpcd 8 747to be started for the interface. 748Another common case it to set the 749.Sy ifconfig_xxN 750variable to a set of arguments to be passed to an 751.Xr ifconfig 8 752command after the interface name. 753Refer to 754.Xr ifconfig.if 5 755for more details on 756.Pa /etc/ifconfig.xxN 757files, and note that the information there also applies to 758.Sy ifconfig_xxN 759variables (after the variables are split into lines). 760.It Sy ntpdate 761Boolean value. 762Runs 763.Xr ntpdate 8 764to set the system time from one of the hosts in 765.Sy ntpdate_hosts . 766If 767.Sy ntpdate_hosts 768is empty, it will attempt to find a list of hosts in 769.Pa /etc/ntp.conf . 770Passes 771.Sy ntpdate_flags . 772.It Sy pf 773Boolean value. 774Enable 775.Xr pf 4 776at network boot time: 777Load the initial configuration 778.Xr pf.boot.conf 5 779before the network is up. 780After the network has been configured, then load the final ruleset 781.Xr pf.conf 5 . 782.It Sy pf_rules 783A string. 784The path of the 785.Xr pf.conf 5 786ruleset that will be used when loading the final ruleset. 787.It Sy pflogd 788Boolean value. 789Run 790.Xr pflogd 8 791for dumping packet filter logging information to a file. 792.It Sy ppp_peers 793A string. 794If 795.Sy ppp_peers 796is not empty, then 797.Pa /etc/rc.d/ppp 798will check each word in 799.Sy ppp_peers 800for a corresponding ppp configuration file in 801.Pa /etc/ppp/peers 802and will call 803.Xr pppd 8 804with the 805.Dq call Sy peer 806option. 807.It Sy racoon 808Boolean value. 809Runs 810.Xr racoon 8 , 811the IKE (ISAKMP/Oakley) key management daemon. 812.It Sy rtsol 813Boolean value. 814Run 815.Xr rtsol 8 , 816router solicitation command for IPv6 hosts. 817On nomadic hosts like notebook computers, you may want to enable 818.Sy rtsold 819as well. 820Passes 821.Sy rtsol_flags . 822This is only for autoconfigured IPv6 hosts, so set 823.Sy ip6mode 824to 825.Dq Li autohost 826if you use it. 827.It Sy wpa_supplicant 828Boolean value. 829Run 830.Xr wpa_supplicant 8 , 831WPA/802.11i Supplicant for wireless network devices. 832If you set 833.Sy wpa_suplicant 834true, then 835.Pa /usr 836must be in 837.Sy critical_filesystems_local , 838or 839.Pa /usr 840must be on the root file system. 841.El 842.Ss Daemons required by other daemons 843.Bl -tag -width net_interfaces 844.It Sy inetd 845Boolean value. 846Runs the 847.Xr inetd 8 848daemon to start network server processes (as listed in 849.Pa /etc/inetd.conf ) 850as necessary. 851Passes 852.Sy inetd_flags . 853The 854.Dq Li -l 855flag turns on libwrap connection logging. 856.It Sy rpcbind 857Boolean value. 858The 859.Xr rpcbind 8 860daemon is required for any 861.Xr rpc 3 862services. 863These include NFS, 864.Tn NIS , 865.Xr rpc.bootparamd 8 , 866.Xr rpc.rstatd 8 , 867.Xr rpc.rusersd 8 , 868and 869.Xr rpc.rwalld 8 . 870Passes 871.Sy rpcbind_flags . 872.El 873.Ss Commonly used daemons 874.Bl -tag -width net_interfaces 875.It Sy cron 876Boolean value. 877Run 878.Xr cron 8 . 879.It Sy httpd 880Boolean value. 881Runs the 882.Xr httpd 8 883daemon and passes 884.Sy httpd_flags . 885.It Sy httpd_wwwdir 886A string. 887The 888.Xr httpd 8 889WWW root directory. 890Used only if 891.Sy httpd 892is true. 893The default setting is 894.Dq Pa /var/www . 895.It Sy httpd_wwwuser 896A string. 897If non-blank and 898.Sy httpd 899is true, run 900.Xr httpd 8 901and cause it to switch to the specified user after initialization. 902It is preferred to 903.Sy httpd_user 904because 905.Xr httpd 8 906is requiring extra privileges to start listening on default port 80. 907The default setting is 908.Dq Dv _httpd . 909.It Sy lpd 910Boolean value. 911Runs 912.Xr lpd 8 913and passes 914.Sy lpd_flags . 915The 916.Dq Li -l 917flag will turn on extra logging. 918.It Sy named 919Boolean value. 920Runs 921.Xr named 8 922and passes 923.Sy named_flags . 924.It Sy named_chrootdir 925A string. 926If non-blank and 927.Sy named 928is true, run 929.Xr named 8 930as the unprivileged user and group 931.Sq named , 932.Xr chroot 2 Ns ed 933to 934.Sy named_chrootdir . 935.Sy named_chrootdir Ns Pa /var/run/log 936will be added to the list of log sockets that 937.Xr syslogd 8 938listens to. 939.It Sy ntpd 940Boolean value. 941Runs 942.Xr ntpd 8 943and passes 944.Sy ntpd_flags . 945.It Sy ntpd_chrootdir 946A string. 947If non-blank and 948.Sy ntpd 949is true, run 950.Xr ntpd 8 951as the unprivileged user and group 952.Sq ntpd , 953.Xr chroot 2 Ns ed 954to 955.Sy ntpd_chrootdir . 956.Sy ntpd_chrootdir Ns Pa /var/run/log 957will be added to the list of log sockets that 958.Xr syslogd 8 959listens to. 960This option requires that the kernel has 961.Dl pseudo-device clockctl 962compiled in, and that 963.Pa /dev/clockctl 964is present. 965.It Sy postfix 966Boolean value. 967Starts 968.Xr postfix 1 969mail system. 970.It Sy sshd 971Boolean value. 972Runs 973.Xr sshd 8 974and passes 975.Sy sshd_flags . 976.It Sy syslogd 977Boolean value. 978Runs 979.Xr syslogd 8 980and passes 981.Sy syslogd_flags . 982.It Sy timed 983Boolean value. 984Runs 985.Xr timed 8 986and passes 987.Sy timed_flags . 988The 989.Dq Li -M 990option allows 991.Xr timed 8 992to be a master time source as well as a slave. 993If you are also running 994.Xr ntpd 8 , 995only one machine running both should have the 996.Dq Li -M 997flag given to 998.Xr timed 8 . 999.El 1000.Ss Routing daemons 1001.Bl -tag -width net_interfaces 1002.It Sy mrouted 1003Boolean value. 1004Runs 1005.Xr mrouted 8 , 1006the DVMRP multicast routing protocol daemon. 1007Passes 1008.Sy mrouted_flags . 1009.It Sy route6d 1010Boolean value. 1011Runs 1012.Xr route6d 8 , 1013the RIPng routing protocol daemon for IPv6. 1014Passes 1015.Sy route6d_flags . 1016.It Sy routed 1017Boolean value. 1018Runs 1019.Xr routed 8 , 1020the RIP routing protocol daemon. 1021Passes 1022.Sy routed_flags . 1023.\" This should be false 1024.\" if 1025.\" .Sy gated 1026.\" is true. 1027.It Sy rtsold 1028Boolean value. 1029Runs 1030.Xr rtsold 8 , 1031the IPv6 router solicitation daemon. 1032.Xr rtsold 8 1033periodically transmits router solicitation packets 1034to find IPv6 routers on the network. 1035This configuration is mainly for nomadic hosts like notebook computers. 1036Stationary hosts should work fine with just 1037.Sy rtsol . 1038Passes 1039.Sy rtsold_flags . 1040This is only for autoconfigured IPv6 hosts, so set 1041.Sy ip6mode 1042to 1043.Dq Li autohost 1044if you use it. 1045.El 1046.Ss Daemons used to boot other hosts over a network 1047.Bl -tag -width net_interfaces 1048.It Sy bootparamd 1049Boolean value. 1050Runs 1051.Xr bootparamd 8 , 1052the boot parameter server, with 1053.Sy bootparamd_flags 1054as options. 1055Used to boot 1056.Nx 1057and 1058.Tn "SunOS 4.x" 1059systems. 1060.It Sy dhcpd 1061Boolean value. 1062Runs 1063.Xr dhcpd 8 , 1064the Dynamic Host Configuration Protocol (DHCP) daemon, 1065for assigning IP addresses to hosts and passing boot information. 1066Passes 1067.Sy dhcpd_flags . 1068.It Sy dhcrelay 1069Boolean value. 1070Runs 1071.Xr dhcrelay 8 . 1072Passes 1073.Sy dhcrelay_flags . 1074.It Sy mopd 1075Boolean value. 1076Runs 1077.Xr mopd 8 , 1078the 1079.Tn DEC 1080.Tn MOP 1081protocol daemon; used for booting 1082.Tn VAX 1083and other 1084.Tn DEC 1085machines. 1086Passes 1087.Sy mopd_flags . 1088.It Sy ndbootd 1089Boolean value. 1090Runs 1091.Xr ndbootd 8 , 1092the Sun Network Disk (ND) Protocol server. 1093Passes 1094.Sy ndbootd_flags . 1095.It Sy rarpd 1096Boolean value. 1097Runs 1098.Xr rarpd 8 , 1099the reverse ARP daemon, often used to boot 1100.Nx 1101and Sun workstations. 1102Passes 1103.Sy rarpd_flags . 1104.It Sy rbootd 1105Boolean value. 1106Runs 1107.Xr rbootd 8 , 1108the 1109.Tn HP 1110boot protocol daemon; used for booting 1111.Tn HP 1112workstations. 1113Passes 1114.Sy rbootd_flags . 1115.It Sy rtadvd 1116Boolean value. 1117Runs 1118.Xr rtadvd 8 , 1119the IPv6 router advertisement daemon, which is used to advertise 1120information about the subnet to IPv6 end hosts. 1121Passes 1122.Sy rtadvd_flags . 1123This is only for IPv6 routers, so set 1124.Sy ip6mode 1125to 1126.Dq Li router 1127if you use it. 1128.El 1129.Ss X Window System daemons 1130.Bl -tag -width net_interfaces 1131.It Sy xdm 1132Boolean value. 1133Runs the 1134.Xr xdm 1 1135X display manager. 1136These X daemons are available only with the optional X distribution of 1137.Nx . 1138.It Sy xfs 1139Boolean value. 1140Runs the 1141.Xr xfs 1 1142X11 font server, which supplies local X font files to X terminals. 1143.El 1144.Ss NIS (YP) daemons 1145.Bl -tag -width net_interfaces 1146.It Sy ypbind 1147Boolean value. 1148Runs 1149.Xr ypbind 8 , 1150which lets 1151.Tn NIS 1152(YP) clients use information from a 1153.Tn NIS 1154server. 1155Passes 1156.Sy ypbind_flags . 1157.It Sy yppasswdd 1158Boolean value. 1159Runs 1160.Xr yppasswdd 8 , 1161which allows remote 1162.Tn NIS 1163users to update password on master server. 1164Passes 1165.Sy yppasswdd_flags . 1166.It Sy ypserv 1167Boolean value. 1168Runs 1169.Xr ypserv 8 , 1170the 1171.Tn NIS 1172(YP) server for distributing information from certain files in 1173.Pa /etc . 1174Passes 1175.Sy ypserv_flags . 1176The 1177.Dq Li -d 1178flag causes it to use DNS for lookups in 1179.Pa /etc/hosts 1180that fail. 1181.El 1182.Ss NFS daemons and parameters 1183.Bl -tag -width net_interfaces 1184.It Sy amd 1185Boolean value. 1186Runs 1187.Xr amd 8 , 1188the automounter daemon, which automatically mounts NFS file systems 1189whenever a file or directory within that file system is accessed. 1190Passes 1191.Sy amd_flags . 1192.It Sy amd_dir 1193A string. 1194The 1195.Xr amd 8 1196mount directory. 1197Used only if 1198.Sy amd 1199is true. 1200.It Sy lockd 1201Boolean value. 1202Runs 1203.Xr rpc.lockd 8 1204if 1205.Sy nfs_server 1206and/or 1207.Sy nfs_client 1208are true. 1209Passes 1210.Sy lockd_flags . 1211.It Sy mountd 1212Boolean value. 1213Runs 1214.Xr mountd 8 1215and passes 1216.Sy mountd_flags . 1217.It Sy nfs_client 1218Boolean value. 1219The number of local NFS asynchronous I/O server is now controlled via 1220.Xr sysctl 8 . 1221.It Sy nfs_server 1222Boolean value. 1223Sets up a host to be a NFS server by running 1224.Xr nfsd 8 1225and passing 1226.Sy nfsd_flags . 1227.It Sy statd 1228Boolean value. 1229Runs 1230.Xr rpc.statd 8 , 1231a status monitoring daemon used when 1232.Xr rpc.lockd 8 1233is running, if 1234.Sy nfs_server 1235and/or 1236.Sy nfs_client 1237are true. 1238Passes 1239.Sy statd_flags . 1240.El 1241.Ss Bluetooth configuration and daemons 1242.Bl -tag -width net_interfaces 1243.It Sy btattach 1244Boolean value. 1245Attach serial bluetooth interfaces as listed in the configuration file 1246.Pa /etc/bluetooth/btdevctl.conf . 1247.It Sy btconfig 1248Boolean value. 1249Configure bluetooth devices. 1250If the 1251.Sy btconfig_devices 1252variable below is not specified, all devices known to the system 1253will be configured. 1254For each device, configuration arguments are first looked for 1255in the 1256.Sy btconfig_{dev} 1257variable, otherwise the value of the 1258.Sy btconfig_args 1259variable will be used, and if that is not specified the default string is 1260.Sq enable . 1261.It Sy btconfig_devices 1262An optional space separated list of bluetooth devices to be configured at 1263boot time. 1264.It Sy btconfig_args 1265An optional string, containing default arguments for bluetooth devices to 1266be configured. 1267.It Sy btdevctl 1268Boolean value. 1269Configure Bluetooth devices as listed in the configuration file 1270.Pa /etc/bluetooth/btdevctl.conf . 1271.It Sy bthcid 1272Boolean value. 1273Runs 1274.Xr bthcid 8 , 1275the Bluetooth HCI daemon, which manages link keys and PIN codes for 1276Bluetooth links. 1277Passes 1278.Sy bthcid_flags . 1279.It Sy sdpd 1280Boolean value. 1281Runs the Service Discovery Profile daemon, 1282.Xr sdpd 8 . 1283Passes 1284.Sy sdpd_flags . 1285.El 1286.Ss Other daemons 1287.Bl -tag -width net_interfaces 1288.It Sy isdnd 1289Boolean value. 1290Runs 1291.Xr isdnd 8 , 1292the isdn4bsd ISDN connection management daemon. 1293Passes 1294.Sy isdnd_flags . 1295.It Sy isdn_autoupdown 1296Boolean value. 1297Set all configured ISDN interfaces to 1298.Dq up . 1299If 1300.Sy isdn_interfaces 1301is not blank, only the listed interfaces will be modified. 1302Used only if 1303.Sy isdnd 1304is true. 1305.It Sy kdc 1306Boolean value. 1307Runs the 1308.Xr kdc 8 1309Kerberos v4 and v5 server. 1310This should be run on Kerberos master and slave servers. 1311.It Sy rwhod 1312Boolean value. 1313Runs 1314.Xr rwhod 8 1315to support the 1316.Xr rwho 1 1317and 1318.Xr ruptime 1 1319commands. 1320.El 1321.Ss Hardware daemons 1322.Bl -tag -width net_interfaces 1323.It Sy apmd 1324Boolean value. 1325Runs 1326.Xr apmd 8 1327and passes 1328.Sy apmd_flags . 1329.It Sy irdaattach 1330Boolean value. 1331Runs 1332.Xr irdaattach 8 1333and passes 1334.Sy irdaattach_flags . 1335.It Sy moused 1336Boolean value. 1337Runs 1338.Xr moused 8 , 1339to pass serial mouse data to the wscons mouse mux. 1340Passes 1341.Sy moused_flags . 1342.It Sy screenblank 1343Boolean value. 1344Runs 1345.Xr screenblank 1 1346and passes 1347.Sy screenblank_flags . 1348.It Sy wscons 1349Boolean value. 1350Configures the 1351.Xr wscons 4 1352console driver, from the configuration file 1353.Pa /etc/wscons.conf . 1354.It Sy wsmoused 1355Boolean value. 1356Runs 1357.Xr wsmoused 8 , 1358to provide copy and paste text support in wscons displays. 1359Passes 1360.Sy wsmoused_flags . 1361.El 1362.Sh FILES 1363.Bl -tag -width /etc/defaults/rc.conf -compact 1364.It Pa /etc/rc.conf 1365The file 1366.Nm 1367resides in 1368.Pa /etc . 1369.It Pa /etc/defaults/rc.conf 1370Default settings for 1371.Nm , 1372sourced by 1373.Nm 1374before the end-user configuration section. 1375.It Pa /etc/rc.conf.d/ Ns Ar foo 1376.Ar foo Ns No -specific 1377.Nm 1378overrides. 1379.El 1380.Sh SEE ALSO 1381.Xr boot 8 , 1382.Xr rc 8 , 1383.Xr rc.d 8 , 1384.Xr rc.subr 8 , 1385.Xr rcorder 8 1386.Sh HISTORY 1387The 1388.Nm 1389file appeared in 1390.Nx 1.3 . 1391