1.\" $NetBSD: rc.conf.5,v 1.146 2011/03/18 16:21:46 jruoho Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd March 18, 2011 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq OPTIONAL: 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq OPTIONAL: 299prefix means that it is not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy swapoff 324Boolean value. 325Remove block-type swap devices at shutdown time. 326Useful if swapping onto RAIDframe devices. 327.El 328.Ss One-time actions to perform or programs to run on boot-up 329.Bl -tag -width net_interfaces 330.It Sy accounting 331Boolean value. 332Enables process accounting with 333.Xr accton 8 . 334Requires 335.Pa /var/account/acct 336to exist. 337.It Sy ccd 338Boolean value. 339Configures concatenated disk devices according to 340.Xr ccd.conf 5 . 341.It Sy cgd 342Boolean value. 343Configures cryptographic disk devices. 344Requires 345.Pa /etc/cgd/cgd.conf . 346See 347.Xr cgdconfig 8 348for additional details. 349.It Sy clear_tmp 350Boolean value. 351Clear 352.Pa /tmp 353after reboot. 354.It Sy dmesg 355Boolean value. 356Create 357.Pa /var/run/dmesg.boot 358from the output of 359.Xr dmesg 8 . 360Passes 361.Sy dmesg_flags . 362.It Sy envsys 363Boolean value. 364Sets preferences for the environmental systems framework, 365.Xr envsys 4 . 366Requires 367.Pa /etc/envsys.conf , 368which is described in 369.Xr envsys.conf 5 . 370.It Sy gpio 371Boolean value. 372Configure 373.Xr gpio 4 374devices. 375See 376.Xr gpio.conf 5 . 377.It Sy ldconfig 378Boolean value. 379Configures 380.Xr a.out 5 381runtime link editor directory cache. 382.It Sy mixerctl 383Boolean value. 384Read 385.Xr mixerctl.conf 5 386for how to set mixer values. 387List in 388.Sy mixerctl_mixers 389the devices whose settings are to be saved at shutdown and 390restored at start-up. 391.It Sy newsyslog 392Boolean value. 393Run 394.Nm newsyslog 395to trim logfiles before syslogd starts. 396Intended for laptop users. 397Passes 398.Sy newsyslog_flags . 399.It Sy per_user_tmp 400Boolean value. 401Enables a per-user 402.Pa /tmp 403directory. 404.Sy per_user_tmp_dir 405can be used to override the default location of the 406.Dq real 407temporary directories, 408.Dq Pa /private/tmp . 409See 410.Xr security 7 411for additional details. 412.It Sy quota 413Boolean value. 414Checks and enables quotas by running 415.Xr quotacheck 8 416and 417.Xr quotaon 8 . 418.It Sy raidframe 419Boolean value. 420Configures 421.Xr raid 4 , 422RAIDframe disk devices. 423See 424.Xr raidctl 8 425for additional details. 426.It Sy rndctl 427Boolean value. 428Runs the 429.Xr rndctl 8 430utility one or more times according to the specification in 431.Sy rndctl_flags . 432.Pp 433If 434.Sy rndctl_flags 435does not contain a semicolon 436.Pq Ql \&; 437then it is expected to contain zero or more flags, 438followed by one or more device or type names. 439The 440.Xr rndctl 8 441command will be executed once for each device or type name. 442If the specified flags do not include any of 443.Fl c , C , e , 444or 445.Fl E , 446then the flags 447.Fl c 448and 449.Fl e 450are added, to specify that entropy from the relevant device or type 451should be both collected and estimated. 452If the specified flags do not include either of 453.Fl d 454or 455.Fl t , 456then the flag 457.Fl d 458is added, to specify that the non-flag arguments are device names, 459not type names. 460.Pp 461.Sy rndctl_flags 462may contain multiple semicolon-separated segments, in which each 463segment contains flags and device or type names as described above. 464This allows different flags to be associated with different 465device or type names. 466For example, given 467.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 468the following commands will be executed: 469.Li "rndctl -c -e -d wd0" ; 470.Li "rndctl -c -e -d wd1" ; 471.Li "rndctl -c -e -t tty" ; 472.Li "rndctl -c -t net" . 473.It Sy rtclocaltime 474Boolean value. 475Sets the real time clock to local time by adjusting the 476.Xr sysctl 7 477value of 478.Pa kern.rtc_offset . 479The offset from UTC is calculated automatically according 480to the time zone information in the file 481.Pa /etc/localtime . 482.It Sy savecore 483Boolean value. 484Runs the 485.Xr savecore 8 486utility. 487Passes 488.Sy savecore_flags . 489The directory where crash dumps are stored is specified by 490.Sy savecore_dir . 491The default setting is 492.Dq Pa /var/crash . 493.It Sy sysdb 494Boolean value. 495Builds various system databases, including 496.Pa /var/run/dev.db , 497.Pa /etc/spwd.db , 498.Pa /var/db/netgroup.db , 499.Pa /var/db/services.db , 500and entries for 501.Xr utmp 5 . 502.It Sy tpctl 503Boolean value. 504Run 505.Xr tpctl 8 506to calibrate touch panel device. 507Passes 508.Sy tpctl_flags . 509.It Sy update_motd 510Boolean value. 511Updates the 512.Nx 513version string in the 514.Pa /etc/motd 515file to reflect the version of the running kernel. 516See 517.Xr motd 5 . 518.It Sy veriexec 519Boolean value. 520Load Veriexec fingerprints during startup. 521Read 522.Xr veriexecctl 8 523for more information. 524.It Sy virecover 525Boolean value. 526Send notification mail to users if any recoverable files exist in 527.Pa /var/tmp/vi.recover . 528Read 529.Xr virecover 8 530for more information. 531.It Sy wdogctl 532Boolean value. 533Configures watchdog timers. 534Passes 535.Sy wdogctl_flags . 536Refer to 537.Xr wdogctl 8 538for information on how to configure a timer. 539.El 540.Ss System security setting 541.Bl -tag -width net_interfaces 542.It Sy securelevel 543A number. 544The system securelevel is set to the specified value early 545in the boot process, before any external logins, or other programs 546that run users job, are started. 547If set to nothing, the default action is taken, as described in 548.Xr init 8 549and 550.Xr secmodel_securelevel 9 , 551which contains definitive information about the system securelevel. 552Note that setting 553.Sy securelevel 554to 0 in 555.Nm 556will actually result in the system booting with securelevel set to 1, as 557.Xr init 8 558will raise the level when 559.Xr rc 8 560completes. 561.It Sy permit_nonalpha 562Allow passwords to include non-alpha characters, usually to allow 563NIS/YP netgroups. 564.It Sy veriexec_strict 565A number. 566Controls the strict level of Veriexec. 567Level 0 is learning mode, used when building the signatures file. 568It will only output messages but will not enforce anything. 569Level 1 will only prevent access to files with a fingerprint 570mismatch. 571Level 2 will also deny writing to and removing of 572monitored files, as well as enforce access type (as specified in 573the signatures file). 574Level 3 will take a step further and prevent 575access to files that are not monitored. 576.It Sy veriexec_verbose 577A number. 578Controls the verbosity of Veriexec. 579Recommended operation is at level 0, verbose output (mostly used when 580building the signatures file) is at level 1. 581Level 2 is for debugging only and should not be used. 582.It Sy veriexec_flags 583A string. 584Flags to pass to the 585.Nm veriexecctl 586command. 587.El 588.Ss Networking startup 589.Bl -tag -width net_interfaces 590.It Sy altqd 591Boolean value. 592ALTQ configuration/monitoring daemon. 593Passes 594.Sy altqd_flags . 595.It Sy auto_ifconfig 596Boolean value. 597Sets the 598.Sy net_interfaces 599variable (see below) to the output of 600.Xr ifconfig 8 601with the 602.Dq Li -l 603flag and suppresses warnings about interfaces in this list that 604do not have an ifconfig file or variable. 605.It Sy dhclient 606Boolean value. 607Set true to configure some or all network interfaces using 608the ISC DHCP client. 609If you set 610.Sy dhclient 611true, then 612.Pa /var 613must be in 614.Sy critical_filesystems_local , 615or 616.Pa /var 617must be on the root file system, 618or you must modify the 619.Sy dhclient_flags 620variable to direct the DHCP client to store the leases file 621in some other directory on the root file system. 622You must not provide ifconfig information or ifaliases 623information for any interface that is to be configured using the DHCP client. 624Interface aliases can be set up in the DHCP client configuration 625file if needed - see 626.Xr dhclient.conf 5 627for details. 628.Pp 629Passes 630.Sy dhclient_flags 631to the DHCP client. 632See 633.Xr dhclient 8 634for complete documentation. 635If you wish to configure all broadcast 636network interfaces using the DHCP client, you can leave this blank. 637To configure only specific interfaces, name the interfaces to be configured 638on the command line. 639.Pp 640If you must run the DHCP client before mounting critical file systems, 641then you should specify an alternate location for the DHCP client's lease 642file in the 643.Sy dhclient_flags 644variable - for example, "-lf /tmp/dhclient.leases". 645.It Sy dhcpcd_flags 646Additional arguments to pass to 647.Xr dhcpcd 8 648when requesting configuration via 649.Sy ifconfig_xxN 650or 651.Pa /etc/ifconfig.xxN . 652.It Sy flushroutes 653Boolean value. 654Flushes the route table on networking startup. 655Useful when coming up to multiuser mode after going down to 656single-user mode. 657.It Sy ftp_proxy 658Boolean value. 659Runs 660.Xr ftp-proxy 8 , 661the proxy daemon for the Internet File Transfer Protocol. 662.It Sy hostapd 663Boolean value. 664Runs 665.Xr hostapd 8 , 666the authenticator for IEEE 802.11 networks. 667.It Sy ifaliases_* 668A string. 669List of 670.Sq Em "address netmask" 671pairs to configure additional network addresses for the given 672configured interface 673.Dq * 674(e.g. 675.Sy ifaliases_le0 ) . 676If 677.Em netmask 678is 679.Dq - , 680then use the default netmask for the interface. 681.Pp 682.Sy ifaliases_* 683covers limited cases only and considered unrecommended. 684We recommend using 685.Sy ifconfig_nnX 686variables or 687.Pa /etc/ifconfig.xxN 688files with multiple lines instead. 689.It Sy ifwatchd 690Boolean value. 691Monitor dynamic interfaces and perform actions upon address changes. 692Passes 693.Sy ifwatchd_flags . 694.It Sy ip6mode 695A string. 696An IPv6 node can be a router 697.Pq nodes that forward packet for others 698or a host 699.Pq nodes that do not forward . 700A host can be autoconfigured 701based on the information advertised by adjacent IPv6 routers. 702By setting 703.Sy ip6mode 704to 705.Dq Li router , 706.Dq Li host , 707or 708.Dq Li autohost , 709you can configure your node as a router, 710a non-autoconfigured host, or an autoconfigured host. 711Invalid values will be ignored, and the node will be configured as 712a non-autoconfigured host. 713You may want to check 714.Sy rtsol 715and 716.Sy rtsold 717as well, if you set the variable to 718.Dq Li autohost . 719.It Sy ip6uniquelocal 720Boolean value. 721If 722.Sy ip6mode 723is equal to 724.Dq Li router , 725and 726.Sy ip6uniquelocal 727is false, 728a reject route will be installed on boot to avoid misconfiguration relating 729to unique-local addresses. 730If 731.Sy ip6uniquelocal 732is true, the reject route won't be installed. 733.It Sy ipfilter 734Boolean value. 735Runs 736.Xr ipf 8 737to load in packet filter specifications from 738.Pa /etc/ipf.conf 739at network boot time, before any interfaces are configured. 740Passes 741.Sy ipfilter_flags . 742See 743.Xr ipf.conf 5 . 744.It Sy ipfs 745Boolean value. 746Runs 747.Xr ipfs 8 748to save and restore information for ipnat and ipfilter state tables. 749The information is stored in 750.Pa /var/db/ipf/ipstate.ipf 751and 752.Pa /var/db/ipf/ipnat.ipf . 753Passes 754.Sy ipfs_flags . 755.It Sy ipmon 756Boolean value. 757Runs 758.Xr ipmon 8 759to read 760.Xr ipf 8 761packet log information and log it to a file or the system log. 762Passes 763.Sy ipmon_flags . 764.It Sy ipmon_flags 765A string. 766Specifies arguments to supply to 767.Xr ipmon 8 . 768Defaults to 769.Dq Li -ns . 770A typical example would be 771.Dq Fl nD Pa /var/log/ipflog 772to have 773.Xr ipmon 8 774log directly to a file bypassing 775.Xr syslogd 8 . 776If the 777.Dq -D 778argument is used, remember to modify 779.Pa /etc/newsyslog.conf 780accordingly; for example: 781.Bd -literal 782/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 783.Ed 784.It Sy ipnat 785Boolean value. 786Runs 787.Xr ipnat 8 788to load in the IP network address translation (NAT) rules from 789.Pa /etc/ipnat.conf 790at network boot time, before any interfaces are configured. 791See 792.Xr ipnat.conf 5 . 793.It Sy ipsec 794Boolean value. 795Runs 796.Xr setkey 8 797to load in IPsec manual keys and policies from 798.Pa /etc/ipsec.conf 799at network boot time, before any interfaces are configured. 800.It Sy net_interfaces 801A string. 802The list of network interfaces to be configured at boot time. 803For each interface "xxN", the system first looks for ifconfig 804parameters in the variable 805.Sy ifconfig_xxN , 806and then in the file 807.Pa /etc/ifconfig.xxN . 808If 809.Sy auto_ifconfig 810is false, and neither the variable nor the file is found, 811a warning is printed. 812Information in either the variable or the file is parsed identically, 813except that, if an 814.Sy ifconfig_xxN 815variable contains a single line with embedded semicolons, 816then the value is split into multiple lines prior to further parsing, 817treating the semicolon as a line separator. 818One common case it to set 819.Sy ifconfig_xxN Ns Li \&= Ns Qq dhcp , 820which will cause 821.Xr dhcpcd 8 822to be started for the interface. 823Another common case it to set the 824.Sy ifconfig_xxN 825variable to a set of arguments to be passed to an 826.Xr ifconfig 8 827command after the interface name. 828Refer to 829.Xr ifconfig.if 5 830for more details on 831.Pa /etc/ifconfig.xxN 832files, and note that the information there also applies to 833.Sy ifconfig_xxN 834variables (after the variables are split into lines). 835.It Sy ntpdate 836Boolean value. 837Runs 838.Xr ntpdate 8 839to set the system time from one of the hosts in 840.Sy ntpdate_hosts . 841If 842.Sy ntpdate_hosts 843is empty, it will attempt to find a list of hosts in 844.Pa /etc/ntp.conf . 845Passes 846.Sy ntpdate_flags . 847.It Sy pf 848Boolean value. 849Enable 850.Xr pf 4 851at network boot time: 852Load the initial configuration 853.Xr pf.boot.conf 5 854before the network is up. 855After the network has been configured, then load the final ruleset 856.Xr pf.conf 5 . 857.It Sy pf_rules 858A string. 859The path of the 860.Xr pf.conf 5 861ruleset that will be used when loading the final ruleset. 862.It Sy pflogd 863Boolean value. 864Run 865.Xr pflogd 8 866for dumping packet filter logging information to a file. 867.It Sy ppp_peers 868A string. 869If 870.Sy ppp_peers 871is not empty, then 872.Pa /etc/rc.d/ppp 873will check each word in 874.Sy ppp_peers 875for a corresponding ppp configuration file in 876.Pa /etc/ppp/peers 877and will call 878.Xr pppd 8 879with the 880.Dq call Sy peer 881option. 882.It Sy racoon 883Boolean value. 884Runs 885.Xr racoon 8 , 886the IKE (ISAKMP/Oakley) key management daemon. 887.It Sy rtsol 888Boolean value. 889Run 890.Xr rtsol 8 , 891router solicitation command for IPv6 hosts. 892On nomadic hosts like notebook computers, you may want to enable 893.Sy rtsold 894as well. 895Passes 896.Sy rtsol_flags . 897This is only for autoconfigured IPv6 hosts, so set 898.Sy ip6mode 899to 900.Dq Li autohost 901if you use it. 902.It Sy wpa_supplicant 903Boolean value. 904Run 905.Xr wpa_supplicant 8 , 906WPA/802.11i Supplicant for wireless network devices. 907If you set 908.Sy wpa_supplicant 909true, then 910.Pa /usr 911must be in 912.Sy critical_filesystems_local , 913or 914.Pa /usr 915must be on the root file system. 916.El 917.Ss Daemons required by other daemons 918.Bl -tag -width net_interfaces 919.It Sy inetd 920Boolean value. 921Runs the 922.Xr inetd 8 923daemon to start network server processes (as listed in 924.Pa /etc/inetd.conf ) 925as necessary. 926Passes 927.Sy inetd_flags . 928The 929.Dq Li -l 930flag turns on libwrap connection logging. 931.It Sy rpcbind 932Boolean value. 933The 934.Xr rpcbind 8 935daemon is required for any 936.Xr rpc 3 937services. 938These include NFS, 939.Tn NIS , 940.Xr rpc.bootparamd 8 , 941.Xr rpc.rstatd 8 , 942.Xr rpc.rusersd 8 , 943and 944.Xr rpc.rwalld 8 . 945Passes 946.Sy rpcbind_flags . 947.El 948.Ss Commonly used daemons 949.Bl -tag -width net_interfaces 950.It Sy cron 951Boolean value. 952Run 953.Xr cron 8 . 954.It Sy ftpd 955Runs the 956.Xr ftpd 8 957daemon and passes 958.Sy ftpd_flags . 959.It Sy httpd 960Boolean value. 961Runs the 962.Xr httpd 8 963daemon and passes 964.Sy httpd_flags . 965.It Sy httpd_wwwdir 966A string. 967The 968.Xr httpd 8 969WWW root directory. 970Used only if 971.Sy httpd 972is true. 973The default setting is 974.Dq Pa /var/www . 975.It Sy httpd_wwwuser 976A string. 977If non-blank and 978.Sy httpd 979is true, run 980.Xr httpd 8 981and cause it to switch to the specified user after initialization. 982It is preferred to 983.Sy httpd_user 984because 985.Xr httpd 8 986is requiring extra privileges to start listening on default port 80. 987The default setting is 988.Dq Dv _httpd . 989.It Sy lpd 990Boolean value. 991Runs 992.Xr lpd 8 993and passes 994.Sy lpd_flags . 995The 996.Dq Li -l 997flag will turn on extra logging. 998.It Sy mdnsd 999Boolean value. 1000Runs 1001.Xr mdnsd 8 . 1002.It Sy named 1003Boolean value. 1004Runs 1005.Xr named 8 1006and passes 1007.Sy named_flags . 1008.It Sy named_chrootdir 1009A string. 1010If non-blank and 1011.Sy named 1012is true, run 1013.Xr named 8 1014as the unprivileged user and group 1015.Sq named , 1016.Xr chroot 2 Ns ed 1017to 1018.Sy named_chrootdir . 1019.Sy named_chrootdir Ns Pa /var/run/log 1020will be added to the list of log sockets that 1021.Xr syslogd 8 1022listens to. 1023.It Sy ntpd 1024Boolean value. 1025Runs 1026.Xr ntpd 8 1027and passes 1028.Sy ntpd_flags . 1029.It Sy ntpd_chrootdir 1030A string. 1031If non-blank and 1032.Sy ntpd 1033is true, run 1034.Xr ntpd 8 1035as the unprivileged user and group 1036.Sq ntpd , 1037.Xr chroot 2 Ns ed 1038to 1039.Sy ntpd_chrootdir . 1040.Sy ntpd_chrootdir Ns Pa /var/run/log 1041will be added to the list of log sockets that 1042.Xr syslogd 8 1043listens to. 1044This option requires that the kernel has 1045.Dl pseudo-device clockctl 1046compiled in, and that 1047.Pa /dev/clockctl 1048is present. 1049.It Sy postfix 1050Boolean value. 1051Starts 1052.Xr postfix 1 1053mail system. 1054.It Sy sshd 1055Boolean value. 1056Runs 1057.Xr sshd 8 1058and passes 1059.Sy sshd_flags . 1060.It Sy syslogd 1061Boolean value. 1062Runs 1063.Xr syslogd 8 1064and passes 1065.Sy syslogd_flags . 1066.It Sy timed 1067Boolean value. 1068Runs 1069.Xr timed 8 1070and passes 1071.Sy timed_flags . 1072The 1073.Dq Li -M 1074option allows 1075.Xr timed 8 1076to be a master time source as well as a slave. 1077If you are also running 1078.Xr ntpd 8 , 1079only one machine running both should have the 1080.Dq Li -M 1081flag given to 1082.Xr timed 8 . 1083.El 1084.Ss Routing daemons 1085.Bl -tag -width net_interfaces 1086.It Sy mrouted 1087Boolean value. 1088Runs 1089.Xr mrouted 8 , 1090the DVMRP multicast routing protocol daemon. 1091Passes 1092.Sy mrouted_flags . 1093.It Sy route6d 1094Boolean value. 1095Runs 1096.Xr route6d 8 , 1097the RIPng routing protocol daemon for IPv6. 1098Passes 1099.Sy route6d_flags . 1100.It Sy routed 1101Boolean value. 1102Runs 1103.Xr routed 8 , 1104the RIP routing protocol daemon. 1105Passes 1106.Sy routed_flags . 1107.\" This should be false 1108.\" if 1109.\" .Sy gated 1110.\" is true. 1111.It Sy rtsold 1112Boolean value. 1113Runs 1114.Xr rtsold 8 , 1115the IPv6 router solicitation daemon. 1116.Xr rtsold 8 1117periodically transmits router solicitation packets 1118to find IPv6 routers on the network. 1119This configuration is mainly for nomadic hosts like notebook computers. 1120Stationary hosts should work fine with just 1121.Sy rtsol . 1122Passes 1123.Sy rtsold_flags . 1124This is only for autoconfigured IPv6 hosts, so set 1125.Sy ip6mode 1126to 1127.Dq Li autohost 1128if you use it. 1129.El 1130.Ss Daemons used to boot other hosts over a network 1131.Bl -tag -width net_interfaces 1132.It Sy bootparamd 1133Boolean value. 1134Runs 1135.Xr bootparamd 8 , 1136the boot parameter server, with 1137.Sy bootparamd_flags 1138as options. 1139Used to boot 1140.Nx 1141and 1142.Tn "SunOS 4.x" 1143systems. 1144.It Sy dhcpd 1145Boolean value. 1146Runs 1147.Xr dhcpd 8 , 1148the Dynamic Host Configuration Protocol (DHCP) daemon, 1149for assigning IP addresses to hosts and passing boot information. 1150Passes 1151.Sy dhcpd_flags . 1152.It Sy dhcrelay 1153Boolean value. 1154Runs 1155.Xr dhcrelay 8 . 1156Passes 1157.Sy dhcrelay_flags . 1158.It Sy mopd 1159Boolean value. 1160Runs 1161.Xr mopd 8 , 1162the 1163.Tn DEC 1164.Tn MOP 1165protocol daemon; used for booting 1166.Tn VAX 1167and other 1168.Tn DEC 1169machines. 1170Passes 1171.Sy mopd_flags . 1172.It Sy ndbootd 1173Boolean value. 1174Runs 1175.Xr ndbootd 8 , 1176the Sun Network Disk (ND) Protocol server. 1177Passes 1178.Sy ndbootd_flags . 1179.It Sy rarpd 1180Boolean value. 1181Runs 1182.Xr rarpd 8 , 1183the reverse ARP daemon, often used to boot 1184.Nx 1185and Sun workstations. 1186Passes 1187.Sy rarpd_flags . 1188.It Sy rbootd 1189Boolean value. 1190Runs 1191.Xr rbootd 8 , 1192the 1193.Tn HP 1194boot protocol daemon; used for booting 1195.Tn HP 1196workstations. 1197Passes 1198.Sy rbootd_flags . 1199.It Sy rtadvd 1200Boolean value. 1201Runs 1202.Xr rtadvd 8 , 1203the IPv6 router advertisement daemon, which is used to advertise 1204information about the subnet to IPv6 end hosts. 1205Passes 1206.Sy rtadvd_flags . 1207This is only for IPv6 routers, so set 1208.Sy ip6mode 1209to 1210.Dq Li router 1211if you use it. 1212.El 1213.Ss X Window System daemons 1214.Bl -tag -width net_interfaces 1215.It Sy xdm 1216Boolean value. 1217Runs the 1218.Xr xdm 1 1219X display manager. 1220These X daemons are available only with the optional X distribution of 1221.Nx . 1222.It Sy xfs 1223Boolean value. 1224Runs the 1225.Xr xfs 1 1226X11 font server, which supplies local X font files to X terminals. 1227.El 1228.Ss NIS (YP) daemons 1229.Bl -tag -width net_interfaces 1230.It Sy ypbind 1231Boolean value. 1232Runs 1233.Xr ypbind 8 , 1234which lets 1235.Tn NIS 1236(YP) clients use information from a 1237.Tn NIS 1238server. 1239Passes 1240.Sy ypbind_flags . 1241.It Sy yppasswdd 1242Boolean value. 1243Runs 1244.Xr yppasswdd 8 , 1245which allows remote 1246.Tn NIS 1247users to update password on master server. 1248Passes 1249.Sy yppasswdd_flags . 1250.It Sy ypserv 1251Boolean value. 1252Runs 1253.Xr ypserv 8 , 1254the 1255.Tn NIS 1256(YP) server for distributing information from certain files in 1257.Pa /etc . 1258Passes 1259.Sy ypserv_flags . 1260The 1261.Dq Li -d 1262flag causes it to use DNS for lookups in 1263.Pa /etc/hosts 1264that fail. 1265.El 1266.Ss NFS daemons and parameters 1267.Bl -tag -width net_interfaces 1268.It Sy amd 1269Boolean value. 1270Runs 1271.Xr amd 8 , 1272the automounter daemon, which automatically mounts NFS file systems 1273whenever a file or directory within that file system is accessed. 1274Passes 1275.Sy amd_flags . 1276.It Sy amd_dir 1277A string. 1278The 1279.Xr amd 8 1280mount directory. 1281Used only if 1282.Sy amd 1283is true. 1284.It Sy lockd 1285Boolean value. 1286Runs 1287.Xr rpc.lockd 8 1288if 1289.Sy nfs_server 1290and/or 1291.Sy nfs_client 1292are true. 1293Passes 1294.Sy lockd_flags . 1295.It Sy mountd 1296Boolean value. 1297Runs 1298.Xr mountd 8 1299and passes 1300.Sy mountd_flags . 1301.It Sy nfs_client 1302Boolean value. 1303The number of local NFS asynchronous I/O server is now controlled via 1304.Xr sysctl 8 . 1305.It Sy nfs_server 1306Boolean value. 1307Sets up a host to be a NFS server by running 1308.Xr nfsd 8 1309and passing 1310.Sy nfsd_flags . 1311.It Sy statd 1312Boolean value. 1313Runs 1314.Xr rpc.statd 8 , 1315a status monitoring daemon used when 1316.Xr rpc.lockd 8 1317is running, if 1318.Sy nfs_server 1319and/or 1320.Sy nfs_client 1321are true. 1322Passes 1323.Sy statd_flags . 1324.El 1325.Ss Bluetooth configuration and daemons 1326.Bl -tag -width net_interfaces 1327.It Sy btattach 1328Boolean value. 1329Attach serial bluetooth interfaces as listed in the configuration file 1330.Pa /etc/bluetooth/btdevctl.conf . 1331.It Sy btconfig 1332Boolean value. 1333Configure bluetooth devices. 1334If the 1335.Sy btconfig_devices 1336variable below is not specified, all devices known to the system 1337will be configured. 1338For each device, configuration arguments are first looked for 1339in the 1340.Sy btconfig_{dev} 1341variable, otherwise the value of the 1342.Sy btconfig_args 1343variable will be used, and if that is not specified the default string is 1344.Sq enable . 1345.It Sy btconfig_devices 1346An optional space separated list of bluetooth devices to be configured at 1347boot time. 1348.It Sy btconfig_args 1349An optional string, containing default arguments for bluetooth devices to 1350be configured. 1351.It Sy btdevctl 1352Boolean value. 1353Configure Bluetooth devices as listed in the configuration file 1354.Pa /etc/bluetooth/btdevctl.conf . 1355.It Sy bthcid 1356Boolean value. 1357Runs 1358.Xr bthcid 8 , 1359the Bluetooth HCI daemon, which manages link keys and PIN codes for 1360Bluetooth links. 1361Passes 1362.Sy bthcid_flags . 1363.It Sy sdpd 1364Boolean value. 1365Runs the Service Discovery Profile daemon, 1366.Xr sdpd 8 . 1367Passes 1368.Sy sdpd_flags . 1369.El 1370.Ss Other daemons 1371.Bl -tag -width net_interfaces 1372.It Sy identd 1373Boolean value. 1374Runs 1375.Xr identd 8 , 1376the daemon for the user identification protocol. 1377Passes 1378.Sy identd_flags . 1379.It Sy iscsi_target 1380Boolean value. 1381Runs the server for iSCSI requests, 1382.Xr iscsi-target 8 . 1383Passes 1384.Sy iscsi_target_flags . 1385.It Sy isdnd 1386Boolean value. 1387Runs 1388.Xr isdnd 8 , 1389the isdn4bsd ISDN connection management daemon. 1390Passes 1391.Sy isdnd_flags . 1392.It Sy isdn_autoupdown 1393Boolean value. 1394Set all configured ISDN interfaces to 1395.Dq up . 1396If 1397.Sy isdn_interfaces 1398is not blank, only the listed interfaces will be modified. 1399Used only if 1400.Sy isdnd 1401is true. 1402.It Sy kdc 1403Boolean value. 1404Runs the 1405.Xr kdc 8 1406Kerberos v4 and v5 server. 1407This should be run on Kerberos master and slave servers. 1408.It Sy rwhod 1409Boolean value. 1410Runs 1411.Xr rwhod 8 1412to support the 1413.Xr rwho 1 1414and 1415.Xr ruptime 1 1416commands. 1417.El 1418.Ss Hardware daemons 1419.Bl -tag -width net_interfaces 1420.It Sy apmd 1421Boolean value. 1422Runs 1423.Xr apmd 8 1424and passes 1425.Sy apmd_flags . 1426.It Sy irdaattach 1427Boolean value. 1428Runs 1429.Xr irdaattach 8 1430and passes 1431.Sy irdaattach_flags . 1432.It Sy moused 1433Boolean value. 1434Runs 1435.Xr moused 8 , 1436to pass serial mouse data to the wscons mouse mux. 1437Passes 1438.Sy moused_flags . 1439.It Sy screenblank 1440Boolean value. 1441Runs 1442.Xr screenblank 1 1443and passes 1444.Sy screenblank_flags . 1445.It Sy wscons 1446Boolean value. 1447Configures the 1448.Xr wscons 4 1449console driver, from the configuration file 1450.Pa /etc/wscons.conf . 1451.It Sy wsmoused 1452Boolean value. 1453Runs 1454.Xr wsmoused 8 , 1455to provide copy and paste text support in wscons displays. 1456Passes 1457.Sy wsmoused_flags . 1458.El 1459.Sh FILES 1460.Bl -tag -width /etc/defaults/rc.conf -compact 1461.It Pa /etc/rc.conf 1462The file 1463.Nm 1464resides in 1465.Pa /etc . 1466.It Pa /etc/defaults/rc.conf 1467Default settings for 1468.Nm , 1469sourced by 1470.Nm 1471before the end-user configuration section. 1472.It Pa /etc/rc.conf.d/ Ns Ar foo 1473.Ar foo Ns No -specific 1474.Nm 1475overrides. 1476.El 1477.Sh SEE ALSO 1478.Xr boot 8 , 1479.Xr rc 8 , 1480.Xr rc.d 8 , 1481.Xr rc.subr 8 , 1482.Xr rcorder 8 1483.Sh HISTORY 1484The 1485.Nm 1486file appeared in 1487.Nx 1.3 . 1488