1.\" $NetBSD: rc.conf.5,v 1.192 2022/02/20 14:43:39 alnsn Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd February 20, 2022 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy critical_filesystems_zfs 325A string. 326Mount non-legacy ZFS file systems right after mounting local 327file systems listed in 328.Sy critical_filesystems_local 329variable. 330An entry can be prefixed with 331.Ql "OPTIONAL:" 332which means that it is not an error if the file system is not present 333among available ZFS datasets. 334The default is ''. 335.It Sy fsck_flags 336A string. 337A file system is checked with 338.Xr fsck 8 339during boot before mounting it. 340This option may be used to override the default command-line options 341passed to the 342.Xr fsck 8 343program. 344.Pp 345When set to 346.Fl y , 347.Xr fsck 8 348assumes yes as the answer to all operator questions during file system checks. 349This might be important with hosts where the administrator does not have 350access to the console and an unsuccessful shutdown must not make the host 351unbootable even if the file system checks would fail in preen mode. 352.It Sy modules 353Boolean value. 354If true, loads the modules specified in 355.Xr modules.conf 5 . 356.It Sy no_swap 357Boolean value. 358Should be true if you have deliberately configured your system with no swap. 359If false and no swap devices are configured, the system will warn you. 360.It Sy resize_root 361Boolean value. 362Set to true to have the system resize the root file system to fill its 363partition. 364Will only attempt to resize the root file system if it is of type ffs and does 365not have logging enabled. 366Defaults to false. 367.It Sy swapoff 368Boolean value. 369Remove block-type swap devices at shutdown time. 370Useful if swapping onto RAIDframe devices. 371.It Sy swapoff_umount 372.Dq "auto" 373or 374.Dq "manual" . 375Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 376By default 377.Dq ( "auto" ) 378all tmpfs filesystems that contain no device nodes are unmounted. 379Set to 380.Dq "manual" 381to explicitly specify which filesystems to unmount before removing swap. 382.It Sy swapoff_umount_fs 383A space-separated list of absolute paths to tmpfs mount points. 384If 385.Sy swapoff_umount 386is set to 387.Dq "manual" , 388these tmpfs filesystems will be forcibly unmounted before removing block-type 389swap devices. 390.It Sy var_shm_symlink 391A path. 392If set, names a path that 393.Pa /var/shm 394will be symlinked to. 395.Pp 396The path needs to live on a tmpfs file system. 397A typical value (assuming 398.Pa /tmp 399is mounted on tmpfs) would be 400.Pa /tmp/.shm . 401.El 402.Ss Block device subsystems 403.Bl -tag -width net_interfaces 404.It Sy ccd 405Boolean value. 406Configures concatenated disk devices according to 407.Xr ccd.conf 5 . 408.It Sy cgd 409Boolean value. 410Configures cryptographic disk devices. 411Requires 412.Pa /etc/cgd/cgd.conf . 413See 414.Xr cgdconfig 8 415for additional details. 416.It Sy lvm 417Boolean value. 418Configures the logical volume manager. 419See 420.Xr lvm 8 421for additional details. 422.It Sy raidframe 423Boolean value. 424Configures 425.Xr raid 4 , 426RAIDframe disk devices. 427See 428.Xr raidctl 8 429for additional details. 430.It Sy zfs 431Boolean value. 432Configures ZFS storage pools and ZFS file systems. 433.El 434.Ss One-time actions to perform or programs to run on boot-up 435.Bl -tag -width net_interfaces 436.It Sy accounting 437Boolean value. 438Enables process accounting with 439.Xr accton 8 . 440Requires 441.Pa /var/account/acct 442to exist. 443.It Sy clear_tmp 444Boolean value. 445Clear 446.Pa /tmp 447after reboot. 448.It Sy dmesg 449Boolean value. 450Create 451.Pa /var/run/dmesg.boot 452from the output of 453.Xr dmesg 8 . 454Passes 455.Sy dmesg_flags . 456.It Sy entropy 457A string, 458.Sq Li check 459or 460.Sq Li wait . 461If set, then during boot-up, after 462.Sy random_seed 463and 464.Sy rndctl , 465check for or wait until enough entropy before any networking is 466enabled. 467.Pp 468If not enough entropy is available, then: 469.Bl -bullet -compact 470.It 471With 472.Sq Li entropy=check , 473stop multiuser boot and enter single-user mode instead. 474.It 475With 476.Sq Li entropy=wait , 477wait until enough entropy is available. 478.El 479.Pp 480Note that 481.Sq Li entropy=wait 482may cause the system to hang indefinitely at boot if it has neither a 483random seed nor any hardware random number generators \(em use with 484care. 485.Pp 486If empty or not set, the system may come to multiuser without entropy, 487which is unsafe to use on the internet; it is the operator's 488responsibility to heed warnings from the kernel and the daily 489.Xr security.conf 5 490report to remedy the problem \(em see 491.Xr entropy 7 . 492.It Sy envsys 493Boolean value. 494Sets preferences for the environmental systems framework, 495.Xr envsys 4 . 496Requires 497.Pa /etc/envsys.conf , 498which is described in 499.Xr envsys.conf 5 . 500.It Sy gpio 501Boolean value. 502Configure 503.Xr gpio 4 504devices. 505See 506.Xr gpio.conf 5 . 507.It Sy ldconfig 508Boolean value. 509Configures 510.Xr a.out 5 511runtime link editor directory cache. 512.It Sy mixerctl 513Boolean value. 514Read 515.Xr mixerctl.conf 5 516for how to set mixer values. 517List in 518.Sy mixerctl_mixers 519the devices whose settings are to be saved at shutdown and 520restored at start-up. 521.It Sy newsyslog 522Boolean value. 523Run 524.Nm newsyslog 525to trim log files before syslogd starts. 526Intended for laptop users. 527Passes 528.Sy newsyslog_flags . 529.It Sy per_user_tmp 530Boolean value. 531Enables a per-user 532.Pa /tmp 533directory. 534.Sy per_user_tmp_dir 535can be used to override the default location of the 536.Dq real 537temporary directories, 538.Pa /private/tmp . 539See 540.Xr security 7 541for additional details. 542.It Sy quota 543Boolean value. 544Checks and enables quotas by running 545.Xr quotacheck 8 546and 547.Xr quotaon 8 . 548.It Sy random_seed 549Boolean value. 550During boot-up, runs the 551.Xr rndctl 8 552utility with the 553.Fl L 554flag to seed the random number subsystem from an entropy file. 555During shutdown, runs the 556.Xr rndctl 8 557utility with the 558.Fl S 559flag to save some random information to the entropy file. 560The entropy file name is specified by the 561.Sy random_file 562variable, and defaults to 563.Pa /var/db/entropy-file . 564The entropy file must be on a local file system that is writable early during 565boot-up (just after the file systems specified in 566.Sy critical_filesystems_local 567have been mounted), and correspondingly late during shutdown. 568.It Sy rndctl 569Boolean value. 570Runs the 571.Xr rndctl 8 572utility one or more times according to the specification in 573.Sy rndctl_flags . 574.Pp 575If 576.Sy rndctl_flags 577does not contain a semicolon 578.Pq Ql \&; 579then it is expected to contain zero or more flags, 580followed by one or more device or type names. 581The 582.Xr rndctl 8 583command will be executed once for each device or type name. 584If the specified flags do not include any of 585.Fl c , C , e , 586or 587.Fl E , 588then the flags 589.Fl c 590and 591.Fl e 592are added, to specify that entropy from the relevant device or type 593should be both collected and estimated. 594If the specified flags do not include either of 595.Fl d 596or 597.Fl t , 598then the flag 599.Fl d 600is added, to specify that the non-flag arguments are device names, 601not type names. 602.Pp 603.Sy rndctl_flags 604may contain multiple semicolon-separated segments, in which each 605segment contains flags and device or type names as described above. 606This allows different flags to be associated with different 607device or type names. 608For example, given 609.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 610the following commands will be executed: 611.Li "rndctl -c -e -d wd0" ; 612.Li "rndctl -c -e -d wd1" ; 613.Li "rndctl -c -e -t tty" ; 614.Li "rndctl -c -t net" . 615.It Sy rtclocaltime 616Boolean value. 617Sets the real time clock to local time by adjusting the 618.Xr sysctl 7 619value of 620.Pa kern.rtc_offset . 621The offset from UTC is calculated automatically according 622to the time zone information in the file 623.Pa /etc/localtime . 624.It Sy savecore 625Boolean value. 626Runs the 627.Xr savecore 8 628utility. 629Passes 630.Sy savecore_flags . 631The directory where crash dumps are stored is specified by 632.Sy savecore_dir . 633The default setting is 634.Pa /var/crash . 635.It Sy sysdb 636Boolean value. 637Builds various system databases, including 638.Pa /var/run/dev.cdb , 639.Pa /etc/spwd.db , 640.Pa /var/db/netgroup.db , 641.Pa /var/db/services.cdb , 642and entries for 643.Xr utmp 5 . 644.It Sy tpctl 645Boolean value. 646Run 647.Xr tpctl 8 648to calibrate touch panel device. 649Passes 650.Sy tpctl_flags . 651.It Sy update_motd 652Boolean value. 653Updates the 654.Nx 655version string in the 656.Pa /etc/motd 657file to reflect the version of the running kernel. 658See 659.Xr motd 5 . 660.It Sy update_motd_release 661Boolean value. 662If enabled in addition to 663.Sy update_motd , 664updates a second 665.Nx 666version string in the 667.Pa /etc/motd 668file to reflect the version, architecture, and Build ID of 669the installed userland. 670An optional prefix can be provided for this version string in 671.Sy motd_release_tag . 672.It Sy virecover 673Boolean value. 674Send notification mail to users if any recoverable files exist in 675.Pa /var/tmp/vi.recover . 676Read 677.Xr virecover 8 678for more information. 679.It Sy wdogctl 680Boolean value. 681Configures watchdog timers. 682Passes 683.Sy wdogctl_flags . 684Refer to 685.Xr wdogctl 8 686for information on how to configure a timer. 687.El 688.Ss System security settings 689.Bl -tag -width net_interfaces 690.It Sy securelevel 691A number. 692The system securelevel is set to the specified value early 693in the boot process, before any external logins, or other programs 694that run users job, are started. 695If set to nothing, the default action is taken, as described in 696.Xr init 8 697and 698.Xr secmodel_securelevel 9 , 699which contains definitive information about the system securelevel. 700Note that setting 701.Sy securelevel 702to 0 in 703.Nm 704will actually result in the system booting with securelevel set to 1, as 705.Xr init 8 706will raise the level when 707.Xr rc 8 708completes. 709.It Sy permit_nonalpha 710Boolean value. 711Allow passwords to include non-alpha characters, usually to allow 712NIS/YP netgroups. 713.It Sy veriexec 714Boolean value. 715Load Veriexec fingerprints during startup. 716Read 717.Xr veriexecctl 8 718for more information. 719.It Sy veriexec_strict 720A number. 721Controls the strict level of Veriexec. 722Level 0 is learning mode, used when building the signatures file. 723It will only output messages but will not enforce anything. 724Level 1 will only prevent access to files with a fingerprint 725mismatch. 726Level 2 will also deny writing to and removing of 727monitored files, as well as enforce access type (as specified in 728the signatures file). 729Level 3 will take a step further and prevent 730access to files that are not monitored. 731.It Sy veriexec_verbose 732A number. 733Controls the verbosity of Veriexec. 734Recommended operation is at level 0, verbose output (mostly used when 735building the signatures file) is at level 1. 736Level 2 is for debugging only and should not be used. 737.It Sy veriexec_flags 738A string. 739Flags to pass to the 740.Nm veriexecctl 741command. 742.It Sy smtoff 743Boolean value. 744Disables SMT (Simultaneous Multi-Threading). 745.El 746.Ss Networking startup 747.Bl -tag -width net_interfaces 748.It Sy altqd 749Boolean value. 750ALTQ configuration/monitoring daemon. 751Passes 752.Sy altqd_flags . 753.It Sy auto_ifconfig 754Boolean value. 755Sets the 756.Sy net_interfaces 757variable (see below) to the output of 758.Xr ifconfig 8 759with the 760.Fl l 761flag and suppresses warnings about interfaces in this list that 762do not have an ifconfig file or variable. 763.It Sy blocklistd 764Boolean value. 765Runs 766.Xr blocklistd 8 767to dynamically block hosts on a DoS according to configuration set in 768.Xr blocklistd.conf 5 769Passes 770.Sy blocklistd_flags . 771.It Sy dhcpcd 772Boolean value. 773Set true to configure some or all network interfaces using dhcpcd. 774If you set 775.Sy dhcpcd 776true, then 777.Pa /var 778must be in 779.Sy critical_filesystems_local , 780or 781.Pa /var 782must be on the root file system. 783If you need to restrict dhcpcd to one or a number of interfaces, 784or need a separate configuration per interface, 785then this should be done in the configuration file - see 786.Xr dhcpcd.conf 5 787for details. 788dhcpcd presently ignores the 789.Sy wpa_supplicant 790variable in rc.conf and will start wpa_supplicant if a suitable 791wpa_supplicant.conf is found unless otherwise instructed in 792.Xr dhcpcd.conf 5 . 793.It Sy dhcpcd_flags 794Passes 795.Sy dhcpcd_flags 796to dhcpcd. 797See 798.Xr dhcpcd 8 799for complete documentation. 800.It Sy flushroutes 801Boolean value. 802Flushes the route table on networking startup. 803Useful when coming up to multiuser mode after going down to 804single-user mode. 805.It Sy ftp_proxy 806Boolean value. 807Runs 808.Xr ftp-proxy 8 , 809the proxy daemon for the Internet File Transfer Protocol. 810.It Sy hostapd 811Boolean value. 812Runs 813.Xr hostapd 8 , 814the authenticator for IEEE 802.11 networks. 815.It Sy ifaliases_* 816A string. 817List of 818.Sq Em "address netmask" 819pairs to configure additional network addresses for the given 820configured interface 821(e.g. 822.Sy ifaliases_le0 ) . 823If 824.Em netmask 825is 826.Ql - , 827then use the default netmask for the interface. 828.Pp 829.Sy ifaliases_* 830covers limited cases only and is considered unrecommended. 831We recommend using 832.Sy ifconfig_xxN 833variables or 834.Pa /etc/ifconfig. Ns Ar xxN 835files with multiple lines instead. 836.It Sy ifwatchd 837Boolean value. 838Monitor dynamic interfaces and perform actions upon address changes. 839Passes 840.Sy ifwatchd_flags . 841.It Sy ip6addrctl 842Boolean value. 843Fine grain control of address and routing priorities. 844.It Sy ip6addrctl_policy 845A string. 846Can be: 847.Bl -tag -width "Ql auto" -compact 848.It Ql auto 849automatically determine from system settings; will read priorities from 850.Pa /etc/ip6addrctl.conf 851or if that file does not exist it will default to IPv6 first, then IPv4. 852.It Ql ipv4_prefer 853try IPv4 before IPv6. 854.It Ql ipv6_prefer 855try IPv6 before IPv4. 856.El 857.It Sy ip6addrctl_verbose 858Boolean value. 859If set, print the resulting prefixes and priorities map. 860.It Sy ip6mode 861A string. 862An IPv6 node can be a router 863.Pq nodes that forward packet for others 864or a host 865.Pq nodes that do not forward . 866A host can be autoconfigured 867based on the information advertised by adjacent IPv6 routers. 868By setting 869.Sy ip6mode 870to 871.Ql router , 872.Ql host , 873or 874.Ql autohost , 875you can configure your node as a router, 876a non-autoconfigured host, or an autoconfigured host. 877Invalid values will be ignored, and the node will be configured as 878a non-autoconfigured host. 879.It Sy ip6uniquelocal 880Boolean value. 881If 882.Sy ip6mode 883is equal to 884.Ql router , 885and 886.Sy ip6uniquelocal 887is false, 888a reject route will be installed on boot to avoid misconfiguration relating 889to unique-local addresses. 890If 891.Sy ip6uniquelocal 892is true, the reject route won't be installed. 893.It Sy ipfilter 894Boolean value. 895Runs 896.Xr ipf 8 897to load in packet filter specifications from 898.Pa /etc/ipf.conf 899at network boot time, before any interfaces are configured. 900Passes 901.Sy ipfilter_flags . 902See 903.Xr ipf.conf 5 . 904.It Sy ipfs 905Boolean value. 906Runs 907.Xr ipfs 8 908to save and restore information for ipnat and ipfilter state tables. 909The information is stored in 910.Pa /var/db/ipf/ipstate.ipf 911and 912.Pa /var/db/ipf/ipnat.ipf . 913Passes 914.Sy ipfs_flags . 915.It Sy ipmon 916Boolean value. 917Runs 918.Xr ipmon 8 919to read 920.Xr ipf 8 921packet log information and log it to a file or the system log. 922Passes 923.Sy ipmon_flags . 924.It Sy ipmon_flags 925A string. 926Specifies arguments to supply to 927.Xr ipmon 8 . 928Defaults to 929.Ql -ns . 930A typical example would be 931.Ql "-nD /var/log/ipflog" 932to have 933.Xr ipmon 8 934log directly to a file bypassing 935.Xr syslogd 8 . 936If the 937.Fl D 938argument is used, remember to modify 939.Pa /etc/newsyslog.conf 940accordingly; for example: 941.Pp 942.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 943.It Sy ipnat 944Boolean value. 945Runs 946.Xr ipnat 8 947to load in the IP network address translation (NAT) rules from 948.Pa /etc/ipnat.conf 949at network boot time, before any interfaces are configured. 950See 951.Xr ipnat.conf 5 . 952.It Sy ipsec 953Boolean value. 954Runs 955.Xr setkey 8 956to load in IPsec manual keys and policies from 957.Pa /etc/ipsec.conf 958at network boot time, before any interfaces are configured. 959.It Sy npf 960Boolean value. 961Loads 962.Xr npf.conf 5 963at network boot time, and starts 964.Xr npf 7 . 965.It Sy npfd 966Boolean value. 967Runs 968.Xr npfd 8 , 969the NPF packet filter logging and state synchronization daemon. 970Passes 971.Sy npfd_flags . 972.It Sy net_interfaces 973A string. 974The list of network interfaces to be configured at boot time. 975For each interface "xxN", the system first looks for ifconfig 976parameters in the variable 977.Sy ifconfig_xxN , 978and then in the file 979.Pa /etc/ifconfig.xxN . 980If 981.Sy auto_ifconfig 982is false, and neither the variable nor the file is found, 983a warning is printed. 984Information in either the variable or the file is parsed identically, 985except that, if an 986.Sy ifconfig_xxN 987variable contains a single line with embedded semicolons, 988then the value is split into multiple lines prior to further parsing, 989treating the semicolon as a line separator. 990.Pp 991One common case it to set the 992.Sy ifconfig_xxN 993variable to a set of arguments to be passed to an 994.Xr ifconfig 8 995command after the interface name. 996Refer to 997.Xr ifconfig.if 5 998for more details on 999.Pa /etc/ifconfig.xxN 1000files, and note that the information there also applies to 1001.Sy ifconfig_xxN 1002variables (after the variables are split into lines). 1003.It Sy ntpdate 1004Boolean value. 1005Runs 1006.Xr ntpdate 8 1007to set the system time from one of the hosts in 1008.Sy ntpdate_hosts . 1009If 1010.Sy ntpdate_hosts 1011is empty, it will attempt to find a list of hosts in 1012.Pa /etc/ntp.conf . 1013Passes 1014.Sy ntpdate_flags . 1015.It Sy pf 1016Boolean value. 1017Enable 1018.Xr pf 4 1019at network boot time: 1020Load the initial configuration 1021.Xr pf.boot.conf 5 1022before the network is up. 1023After the network has been configured, then load the final rule set 1024.Xr pf.conf 5 . 1025.It Sy pf_rules 1026A string. 1027The path of the 1028.Xr pf.conf 5 1029rule set that will be used when loading the final rule set. 1030.It Sy pflogd 1031Boolean value. 1032Run 1033.Xr pflogd 8 1034for dumping packet filter logging information to a file. 1035.It Sy ppp 1036A boolean. 1037Toggles starting 1038.Xr pppd 8 1039on startup. 1040See 1041.Sy ppp_peers 1042below. 1043.It Sy ppp_peers 1044A string. 1045If 1046.Sy ppp 1047is true and 1048.Sy ppp_peers 1049is not empty, then 1050.Pa /etc/rc.d/ppp 1051will check each word in 1052.Sy ppp_peers 1053for a corresponding ppp configuration file in 1054.Pa /etc/ppp/peers 1055and will call 1056.Xr pppd 8 1057with the 1058.Dq Ic call Va peer 1059option. 1060.It Sy racoon 1061Boolean value. 1062Runs 1063.Xr racoon 8 , 1064the IKE (ISAKMP/Oakley) key management daemon. 1065.It Sy wpa_supplicant 1066Boolean value. 1067Run 1068.Xr wpa_supplicant 8 , 1069WPA/802.11i Supplicant for wireless network devices. 1070If you set 1071.Sy wpa_supplicant 1072true, then 1073.Pa /usr 1074must be in 1075.Sy critical_filesystems_local , 1076or 1077.Pa /usr 1078must be on the root file system. 1079dhcpcd ignores this variable, see the 1080.Sy dhcpcd 1081variable for details. 1082.El 1083.Ss Daemons required by other daemons 1084.Bl -tag -width net_interfaces 1085.It Sy inetd 1086Boolean value. 1087Runs the 1088.Xr inetd 8 1089daemon to start network server processes (as listed in 1090.Pa /etc/inetd.conf ) 1091as necessary. 1092Passes 1093.Sy inetd_flags . 1094The 1095.Fl l 1096flag turns on libwrap connection logging. 1097.It Sy rpcbind 1098Boolean value. 1099The 1100.Xr rpcbind 8 1101daemon is required for any 1102.Xr rpc 3 1103services. 1104These include NFS, NIS, 1105.Xr rpc.bootparamd 8 , 1106.Xr rpc.rstatd 8 , 1107.Xr rpc.rusersd 8 , 1108and 1109.Xr rpc.rwalld 8 . 1110Passes 1111.Sy rpcbind_flags . 1112.El 1113.Ss Commonly used daemons 1114.Bl -tag -width net_interfaces 1115.It Sy cron 1116Boolean value. 1117Run 1118.Xr cron 8 . 1119.It Sy ftpd 1120Boolean value. 1121Runs the 1122.Xr ftpd 8 1123daemon and passes 1124.Sy ftpd_flags . 1125.It Sy httpd 1126Boolean value. 1127Runs the 1128.Xr httpd 8 1129daemon and passes 1130.Sy httpd_flags . 1131.It Sy httpd_wwwdir 1132A string. 1133The 1134.Xr httpd 8 1135WWW root directory. 1136Used only if 1137.Sy httpd 1138is true. 1139The default setting is 1140.Pa /var/www . 1141.It Sy httpd_wwwuser 1142A string. 1143If non-blank and 1144.Sy httpd 1145is true, run 1146.Xr httpd 8 1147and cause it to switch to the specified user after initialization. 1148It is preferred to 1149.Sy httpd_user 1150because 1151.Xr httpd 8 1152is requiring extra privileges to start listening on default port 80. 1153The default setting is 1154.Ql _httpd . 1155.It Sy lpd 1156Boolean value. 1157Runs 1158.Xr lpd 8 1159and passes 1160.Sy lpd_flags . 1161The 1162.Fl l 1163flag will turn on extra logging. 1164.It Sy mdnsd 1165Boolean value. 1166Runs 1167.Xr mdnsd 8 . 1168.It Sy named 1169Boolean value. 1170Runs 1171.Xr named 8 1172and passes 1173.Sy named_flags . 1174.It Sy named_chrootdir 1175A string. 1176If non-blank and 1177.Sy named 1178is true, run 1179.Xr named 8 1180as the unprivileged user and group 1181.Sq named , 1182.Xr chroot 2 Ns ed 1183to 1184.Sy named_chrootdir . 1185.Li \&${named_chrootdir} Ns Pa /var/run/log 1186will be added to the list of log sockets that 1187.Xr syslogd 8 1188listens to. 1189.It Sy ntpd 1190Boolean value. 1191Runs 1192.Xr ntpd 8 1193and passes 1194.Sy ntpd_flags . 1195.It Sy ntpd_chrootdir 1196A string. 1197If non-blank and 1198.Sy ntpd 1199is true, run 1200.Xr ntpd 8 1201as the unprivileged user and group 1202.Sq ntpd , 1203.Xr chroot 2 Ns ed 1204to 1205.Sy ntpd_chrootdir . 1206.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1207will be added to the list of log sockets that 1208.Xr syslogd 8 1209listens to. 1210This option requires that the kernel has 1211.D1 Cd pseudo-device clockctl 1212compiled in, and that 1213.Pa /dev/clockctl 1214is present. 1215.It Sy postfix 1216Boolean value. 1217Starts 1218.Xr postfix 1 1219mail system. 1220.It Sy sshd 1221Boolean value. 1222Runs 1223.Xr sshd 8 1224and passes 1225.Sy sshd_flags . 1226.It Sy syslogd 1227Boolean value. 1228Runs 1229.Xr syslogd 8 1230and passes 1231.Sy syslogd_flags . 1232.It Sy timed 1233Boolean value. 1234Runs 1235.Xr timed 8 1236and passes 1237.Sy timed_flags . 1238The 1239.Fl M 1240option allows 1241.Xr timed 8 1242to be a master time source as well as a slave. 1243If you are also running 1244.Xr ntpd 8 , 1245only one machine running both should have the 1246.Fl M 1247flag given to 1248.Xr timed 8 . 1249.It Sy unbound 1250Boolean value. 1251Runs 1252.Xr unbound 8 . 1253.It Sy unbound_chrootdir 1254A string. 1255If non-blank and 1256.Sy unbound 1257is true, run 1258.Xr unbound 8 1259.Xr chroot 2 Ns ed 1260to 1261.Sy unbound_chrootdir . 1262.El 1263.Ss Routing daemons 1264.Bl -tag -width net_interfaces 1265.It Sy mrouted 1266Boolean value. 1267Runs 1268.Xr mrouted 8 , 1269the DVMRP multicast routing protocol daemon. 1270Passes 1271.Sy mrouted_flags . 1272.It Sy route6d 1273Boolean value. 1274Runs 1275.Xr route6d 8 , 1276the RIPng routing protocol daemon for IPv6. 1277Passes 1278.Sy route6d_flags . 1279.It Sy routed 1280Boolean value. 1281Runs 1282.Xr routed 8 , 1283the RIP routing protocol daemon. 1284Passes 1285.Sy routed_flags . 1286.\" This should be false 1287.\" if 1288.\" .Sy gated 1289.\" is true. 1290.El 1291.Ss Daemons used to boot other hosts over a network 1292.Bl -tag -width net_interfaces 1293.It Sy bootparamd 1294Boolean value. 1295Runs 1296.Xr bootparamd 8 , 1297the boot parameter server, with 1298.Sy bootparamd_flags 1299as options. 1300Used to boot 1301.Nx 1302and SunOS 4.x systems. 1303.It Sy dhcpd 1304Boolean value. 1305Runs 1306.Xr dhcpd 8 , 1307the Dynamic Host Configuration Protocol (DHCP) daemon, 1308for assigning IP addresses to hosts and passing boot information. 1309Passes 1310.Sy dhcpd_flags . 1311.It Sy dhcrelay 1312Boolean value. 1313Runs 1314.Xr dhcrelay 8 . 1315Passes 1316.Sy dhcrelay_flags . 1317.It Sy mopd 1318Boolean value. 1319Runs 1320.Xr mopd 8 , 1321the DEC MOP protocol daemon; used for booting VAX and other DEC 1322machines. 1323Passes 1324.Sy mopd_flags . 1325.It Sy ndbootd 1326Boolean value. 1327Runs 1328.Xr ndbootd 8 , 1329the Sun Network Disk (ND) Protocol server. 1330Passes 1331.Sy ndbootd_flags . 1332.It Sy rarpd 1333Boolean value. 1334Runs 1335.Xr rarpd 8 , 1336the reverse ARP daemon, often used to boot 1337.Nx 1338and Sun workstations. 1339Passes 1340.Sy rarpd_flags . 1341.It Sy rbootd 1342Boolean value. 1343Runs 1344.Xr rbootd 8 , 1345the HP boot protocol daemon; used for booting HP workstations. 1346Passes 1347.Sy rbootd_flags . 1348.It Sy rtadvd 1349Boolean value. 1350Runs 1351.Xr rtadvd 8 , 1352the IPv6 router advertisement daemon, which is used to advertise 1353information about the subnet to IPv6 end hosts. 1354Passes 1355.Sy rtadvd_flags . 1356This is only for IPv6 routers, so set 1357.Sy ip6mode 1358to 1359.Ql router 1360if you use it. 1361.El 1362.Ss X Window System daemons 1363.Bl -tag -width net_interfaces 1364.It Sy xdm 1365Boolean value. 1366Runs the 1367.Xr xdm 1 1368X display manager. 1369These X daemons are available only with the optional X distribution of 1370.Nx . 1371.It Sy xfs 1372Boolean value. 1373Runs the 1374.Xr xfs 1 1375X11 font server, which supplies local X font files to X terminals. 1376.El 1377.Ss NIS (YP) daemons 1378.Bl -tag -width net_interfaces 1379.It Sy ypbind 1380Boolean value. 1381Runs 1382.Xr ypbind 8 , 1383which lets NIS (YP) clients use information from a NIS server. 1384Passes 1385.Sy ypbind_flags . 1386.It Sy yppasswdd 1387Boolean value. 1388Runs 1389.Xr yppasswdd 8 , 1390which allows remote NIS users to update password on master server. 1391Passes 1392.Sy yppasswdd_flags . 1393.It Sy ypserv 1394Boolean value. 1395Runs 1396.Xr ypserv 8 , 1397the NIS (YP) server for distributing information from certain files 1398in 1399.Pa /etc . 1400Passes 1401.Sy ypserv_flags . 1402The 1403.Fl d 1404flag causes it to use DNS for lookups in 1405.Pa /etc/hosts 1406that fail. 1407.El 1408.Ss NFS daemons and parameters 1409.Bl -tag -width net_interfaces 1410.It Sy amd 1411Boolean value. 1412Runs 1413.Xr amd 8 , 1414the automounter daemon, which automatically mounts NFS file systems 1415whenever a file or directory within that file system is accessed. 1416Passes 1417.Sy amd_flags . 1418.It Sy amd_dir 1419A string. 1420The 1421.Xr amd 8 1422mount directory. 1423Used only if 1424.Sy amd 1425is true. 1426.It Sy lockd 1427Boolean value. 1428Runs 1429.Xr rpc.lockd 8 1430if 1431.Sy nfs_server 1432and/or 1433.Sy nfs_client 1434are true. 1435Passes 1436.Sy lockd_flags . 1437.It Sy mountd 1438Boolean value. 1439Runs 1440.Xr mountd 8 1441and passes 1442.Sy mountd_flags . 1443.It Sy nfs_client 1444Boolean value. 1445The number of local NFS asynchronous I/O server is now controlled via 1446.Xr sysctl 8 . 1447.It Sy nfs_server 1448Boolean value. 1449Sets up a host to be a NFS server by running 1450.Xr nfsd 8 1451and passing 1452.Sy nfsd_flags . 1453.It Sy statd 1454Boolean value. 1455Runs 1456.Xr rpc.statd 8 , 1457a status monitoring daemon used when 1458.Xr rpc.lockd 8 1459is running, if 1460.Sy nfs_server 1461and/or 1462.Sy nfs_client 1463are true. 1464Passes 1465.Sy statd_flags . 1466.El 1467.Ss Bluetooth support 1468.Bl -tag -width net_interfaces 1469.It Sy bluetooth 1470Boolean value. 1471Configure Bluetooth support, comprising the following tasks: 1472.Bl -dash -compact 1473.It 1474attach serial Bluetooth controllers as listed in the 1475.Pa /etc/bluetooth/btattach.conf 1476configuration file. 1477.It 1478enable Bluetooth controllers with useful defaults, plus 1479additional options as detailed below. 1480.It 1481optionally, start 1482.Xr bthcid 8 , 1483the Bluetooth Link Key/PIN Code manager, passing 1484.Sy bthcid_flags . 1485.It 1486configure local Bluetooth drivers as listed in the 1487.Pa /etc/bluetooth/btdevctl.conf 1488configuration file. 1489.It 1490optionally, start 1491.Xr sdpd 8 , 1492the Service Discovery server, passing 1493.Sy sdpd_flags . 1494.El 1495.It Sy btconfig_devices 1496A string. 1497An optional list of Bluetooth controllers to configure. 1498.It Sy btconfig_{dev} 1499A string. 1500Additional configuration options for specific Bluetooth controllers. 1501.It Sy btconfig_args 1502A string. 1503Additional configuration options for Bluetooth controllers without 1504specific options as above. 1505.It Sy bthcid 1506Boolean value. 1507If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1508.It Sy sdpd 1509Boolean value. 1510If set to false, disable starting the Bluetooth Service Discovery server. 1511.El 1512.Ss Other daemons 1513.Bl -tag -width net_interfaces 1514.It Sy identd 1515Boolean value. 1516Runs 1517.Xr identd 8 , 1518the daemon for the user identification protocol. 1519Passes 1520.Sy identd_flags . 1521.It Sy iscsi_target 1522Boolean value. 1523Runs the server for iSCSI requests, 1524.Xr iscsi-target 8 . 1525Passes 1526.Sy iscsi_target_flags . 1527.It Sy kdc 1528Boolean value. 1529Runs the 1530.Xr kdc 8 1531Kerberos v4 and v5 server. 1532This should be run on Kerberos master and slave servers. 1533.It Sy rwhod 1534Boolean value. 1535Runs 1536.Xr rwhod 8 1537to support the 1538.Xr rwho 1 1539and 1540.Xr ruptime 1 1541commands. 1542.It Sy autofs 1543Boolean value. 1544If set to 1545.Ql YES , 1546start the 1547.Xr automount 8 1548utility and the 1549.Xr automountd 8 1550and 1551.Xr autounmountd 8 1552daemons at boot time. 1553.It Sy automount_flags 1554A string. 1555If 1556.Sy autofs 1557is set to 1558.Ql YES , 1559these are the flags to pass to the 1560.Xr automount 8 1561program. 1562By default no flags are passed. 1563.It Sy automountd_flags 1564A string. 1565If 1566.Sy autofs 1567is set to 1568.Ql YES , 1569these are the flags to pass to the 1570.Xr automountd 8 1571daemon. 1572By default no flags are passed. 1573.It Sy autounmountd_flags 1574A string. 1575If 1576.Sy autofs 1577is set to 1578.Ql YES , 1579these are the flags to pass to the 1580.Xr autounmountd 8 1581daemon. 1582By default no flags are passed. 1583.El 1584.Ss Hardware daemons 1585.Bl -tag -width net_interfaces 1586.It Sy apmd 1587Boolean value. 1588Runs 1589.Xr apmd 8 1590and passes 1591.Sy apmd_flags . 1592.It Sy irdaattach 1593Boolean value. 1594Runs 1595.Xr irdaattach 8 1596and passes 1597.Sy irdaattach_flags . 1598.It Sy moused 1599Boolean value. 1600Runs 1601.Xr moused 8 , 1602to pass serial mouse data to the wscons mouse mux. 1603Passes 1604.Sy moused_flags . 1605.It Sy screenblank 1606Boolean value. 1607Runs 1608.Xr screenblank 1 1609and passes 1610.Sy screenblank_flags . 1611.It Sy wscons 1612Boolean value. 1613Configures the 1614.Xr wscons 4 1615console driver, from the configuration file 1616.Pa /etc/wscons.conf . 1617.It Sy wsmoused 1618Boolean value. 1619Runs 1620.Xr wsmoused 8 , 1621to provide copy and paste text support in wscons displays. 1622Passes 1623.Sy wsmoused_flags . 1624.El 1625.Sh FILES 1626.Bl -tag -width /etc/defaults/rc.conf -compact 1627.It Pa /etc/rc.conf 1628The file 1629.Nm 1630resides in 1631.Pa /etc . 1632.It Pa /etc/defaults/rc.conf 1633Default settings for 1634.Nm , 1635sourced by 1636.Nm 1637before the end-user configuration section. 1638.It Pa /etc/rc.conf.d/ Ns Ar foo 1639.Ar foo Ns No -specific 1640.Nm 1641overrides. 1642.El 1643.Sh SEE ALSO 1644.Xr boot 8 , 1645.Xr rc 8 , 1646.Xr rc.d 8 , 1647.Xr rc.subr 8 , 1648.Xr rcorder 8 1649.Sh HISTORY 1650The 1651.Nm 1652file appeared in 1653.Nx 1.3 . 1654