1.\" $NetBSD: rc.conf.5,v 1.129 2009/04/10 16:18:04 joerg Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2009 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd April 5, 2009 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89Most variables are one of two types: enabling variables or flags 90variables. 91Enabling variables, such as 92.Sy inetd , 93are generally named after the program or the system they enable, 94and are set to 95.Sq YES 96or 97.Sq NO . 98Flags variables, such as 99.Sy inetd_flags 100have the same name with "_flags" appended, and determine what 101arguments are passed to the program if it is enabled. 102.Pp 103If a variable that 104.Xr rc 8 105expects to be set is not set, or the value is not one of the allowed 106values, a warning will be printed. 107.Pp 108By default, 109.Nm 110reads 111.Pa /etc/defaults/rc.conf 112(if it is readable) 113to obtain default values for various variables, and the end-user 114may override these by appending appropriate entries to the end of 115.Nm . 116.Pp 117.Xr rc.d 8 118scripts that use 119.Ic load_rc_config 120from 121.Xr rc.subr 8 122also support sourcing an optional end-user provided per-script override 123file 124.Pa /etc/rc.conf.d/ Ns Ar service , 125(where 126.Ar service 127is the contents of the 128.Sy name 129variable in the 130.Xr rc.d 8 131script). 132This may contain variable overrides, including allowing the end-user 133to override various 134.Ic run_rc_command 135.Xr rc.d 8 136control variables, and thus changing the operation of the script 137without requiring editing of the script. 138.Ss Overall control 139.Bl -tag -width net_interfaces 140.It Sy do_rcshutdown 141.Sq YES 142or 143.Sq NO . 144If set to 145.Sq NO , 146.Xr shutdown 8 147will not run 148.Pa /etc/rc.shutdown . 149.It Sy rcshutdown_rcorder_flags 150A string. 151Extra arguments to the 152.Xr rcorder 8 153run by 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_timeout 156A number. 157If non-blank, use this as the number of seconds to run a watchdog timer for 158which will terminate 159.Pa /etc/rc.shutdown 160if the timer expires before the shutdown script completes. 161.It Sy rc_configured 162.Sq YES 163or 164.Sq NO . 165If not set to 166.Sq YES 167then the system will drop into single-user mode during boot. 168.It Sy rc_fast_and_loose 169If set to a non-empty string, 170each script in 171.Pa /etc/rc.d 172will be executed in the current shell rather than a sub shell. 173This may be faster on slow machines that have an expensive 174.Xr fork 2 175operation. 176.Bl -hang 177.It Em Note : 178Use this at your own risk! 179A rogue command or script may inadvertently prevent boot to multiuser. 180.El 181.It Sy rc_rcorder_flags 182A string. 183Extra arguments to the 184.Xr rcorder 8 185run by 186.Pa /etc/rc . 187.It Sy rc_directories 188A string. 189Space separated list of directories searched for rc scripts. 190The default is 191.Pa /etc/rc.d . 192All directories in 193.Ev rc_directories 194must be located in the root filesystem, otherwise they will be silently 195skipped. 196.El 197.Ss Basic network configuration 198.Bl -tag -width net_interfaces 199.It Sy defaultroute 200A string. 201Default IPv4 network route. 202If empty or not set, then the contents of 203.Pa /etc/mygate 204(if it exists) are used. 205.It Sy defaultroute6 206A string. 207Default IPv6 network route. 208If empty or not set, then the contents of 209.Pa /etc/mygate6 210(if it exists) are used. 211.It Sy domainname 212A string. 213.Tn NIS 214(YP) domain of host. 215If empty or not set, then the contents of 216.Pa /etc/defaultdomain 217(if it exists) are used. 218.It Sy force_down_interfaces 219A space separated list of interface names. 220These interfaces will be configured down when going from multiuser to singleuser 221mode or on system shutdown. 222.Pp 223This is important for some stateful interfaces, for example PPP over ISDN 224connections that cost money by connection time or PPPoE interfaces which 225have no direct means of noticing 226.Dq disconnect 227events. 228.Pp 229All active 230.Xr pppoe 4 231and 232.Xr ippp 4 233interfaces will be automatically added to this list. 234.It Sy hostname 235A string. 236Name of host. 237If empty or not set, then the contents of 238.Pa /etc/myname 239(if it exists) are used. 240.El 241.Ss Boottime file-system and swap configuration 242.Bl -tag -width net_interfaces 243.It Sy critical_filesystems_local 244A string. 245File systems mounted very early in the system boot before networking 246services are available. 247Usually 248.Pa /var 249is part of this, because it is needed by services such as 250.Xr dhclient 8 251which may be required to get the network operational. 252.It Sy critical_filesystems_remote 253A string. 254File systems such as 255.Pa /usr 256that may require network services to be available to mount, 257that must be available early in the system boot for general services to use. 258.It Sy fsck_flags 259A string. 260A file system is checked with 261.Xr fsck 8 262during boot before mounting it. 263This option may be used to override the default command-line options 264passed to the 265.Xr fsck 8 266program. 267.Pp 268When set to 269.Fl y , 270.Xr fsck 8 271assumes yes as the answer to all operator questions during file system checks. 272This might be important with hosts where the administrator does not have 273access to the console and an unsuccessful shutdown must not make the host 274unbootable even if the file system checks would fail in preen mode. 275.It Sy no_swap 276.Sq YES 277or 278.Sq NO . 279Set the 280.Sy no_swap 281variable to 282.Sq YES 283if you have configured your system with no swap on purpose. 284If not set to 285.Sq YES , 286and no swap devices 287are configured, the system will warn you. 288.It Sy swapoff 289.Sq YES 290or 291.Sq NO . 292Remove block-type swap devices at shutdown time. 293Useful if swapping onto RAIDframe devices. 294.El 295.Ss One-time actions to perform or programs to run on boot-up 296.Bl -tag -width net_interfaces 297.It Sy accounting 298.Sq YES 299or 300.Sq NO . 301Enables process accounting with 302.Xr accton 8 . 303Requires 304.Pa /var/account/acct 305to exist. 306.It Sy clear_tmp 307.Sq YES 308or 309.Sq NO . 310Clear /tmp after reboot. 311.It Sy dmesg 312.Sq YES 313or 314.Sq NO . 315Create 316.Pa /var/run/dmesg.boot 317from the output of 318.Xr dmesg 8 . 319Passes 320.Sy dmesg_flags . 321.It Sy mixerctl 322.Sq YES 323or 324.Sq NO . 325Read 326.Xr mixerctl.conf 5 327for how to set mixer values. 328List in 329.Sy mixerctl_mixers 330the devices whose settings are to be saved at shutdown and 331restored at start-up. 332.It Sy newsyslog 333.Sq YES 334or 335.Sq NO . 336Run 337.Nm newsyslog 338to trim logfiles before syslogd starts. 339Intended for laptop users. 340Passes 341.Sy newsyslog_flags . 342.It Sy per_user_tmp 343.Sq YES 344or 345.Sq NO . 346Enables a per-user 347.Pa /tmp 348directory. 349.Sy per_user_tmp_dir 350can be used to override the default location of the 351.Dq real 352temporary directories, 353.Dq Pa /private/tmp . 354.It Sy rndctl 355.Sq YES 356or 357.Sq NO . 358Runs the 359.Xr rndctl 8 360utility one or more times according to the specification in 361.Sy rndctl_flags . 362.Pp 363If 364.Sy rndctl_flags 365does not contain a semicolon 366.Pq Ql \&; 367then it is expected to contain zero or more flags, 368followed by one or more device or type names. 369The 370.Xr rndctl 8 371command will be executed once for each device or type name. 372If the specified flags do not include any of 373.Fl c , C , e , 374or 375.Fl E , 376then the flags 377.Fl c 378and 379.Fl e 380are added, to specify that entropy from the relevant device or type 381should be both collected and estimated. 382If the specified flags do not include either of 383.Fl d 384or 385.Fl t , 386then the flag 387.Fl d 388is added, to specify that the non-flag arguments are device names, 389not type names. 390.Pp 391.Sy rndctl_flags 392may contain multiple semicolon-separated segments, in which each 393segment contains flags and device or type names as described above. 394This allows different flags to be associated with different 395device or type names. 396For example, given 397.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 398the following commands will be executed: 399.Li "rndctl -c -e -d wd0" ; 400.Li "rndctl -c -e -d wd1" ; 401.Li "rndctl -c -e -t tty" ; 402.Li "rndctl -c -t net" . 403.It Sy savecore 404.Sq YES 405or 406.Sq NO . 407Runs the 408.Xr savecore 8 409utility. 410Passes 411.Sy savecore_flags . 412The directory where crash dumps are stored is specified by 413.Sy savecore_dir . 414The default setting is 415.Dq Pa /var/crash . 416.It Sy tpctl 417.Sq YES 418or 419.Sq NO . 420Run 421.Xr tpctl 8 422to calibrate touch panel device. 423Passes 424.Sy tpctl_flags . 425.It Sy update_motd 426.Sq YES 427or 428.Sq NO . 429Updates the 430.Nx 431version string in the 432.Pa /etc/motd 433file to reflect the version of the running kernel. 434See 435.Xr motd 5 . 436.It Sy veriexec 437.Sq YES 438or 439.Sq NO . 440Load Veriexec fingerprints during startup. 441Read 442.Xr veriexecctl 8 443for more information. 444.It Sy virecover 445.Sq YES 446or 447.Sq NO . 448Send notification mail to users if any recoverable files exist in 449.Pa /var/tmp/vi.recover . 450Read 451.Xr virecover 8 452for more information. 453.El 454.Ss System security setting 455.Bl -tag -width net_interfaces 456.It Sy securelevel 457A number. 458The system securelevel is set to the specified value early 459in the boot process, before any external logins, or other programs 460that run users job, are started. 461If set to nothing, the default action is taken, as described in 462.Xr init 8 463and 464.Xr secmodel_securelevel 9 , 465which contains definitive information about the system securelevel. 466Note that setting 467.Sy securelevel 468to 0 in 469.Nm 470will actually result in the system booting with securelevel set to 1, as 471.Xr init 8 472will raise the level when 473.Xr rc 8 474completes. 475.It Sy permit_nonalpha 476Allow passwords to include non-alpha characters, usually to allow 477NIS/YP netgroups. 478.It Sy veriexec_strict 479A number. 480Controls the strict level of Veriexec. 481Level 0 is learning mode, used when building the signatures file. 482It will only output messages but will not enforce anything. 483Level 1 will only prevent access to files with a fingerprint 484mismatch. 485Level 2 will also deny writing to and removing of 486monitored files, as well as enforce access type (as specified in 487the signatures file). 488Level 3 will take a step further and prevent 489access to files that are not monitored. 490.It Sy veriexec_verbose 491A number. 492Controls the verbosity of Veriexec. 493Recommended operation is at level 0, verbose output (mostly used when 494building the signatures file) is at level 1. 495Level 2 is for debugging only and should not be used. 496.It Sy veriexec_flags 497A string. 498Flags to pass to the 499.Nm veriexecctl 500command. 501.El 502.Ss Networking startup 503.Bl -tag -width net_interfaces 504.It Sy altqd 505.Sq YES 506or 507.Sq NO . 508ALTQ configuration/monitoring daemon. 509Passes 510.Sy altqd_flags . 511.It Sy auto_ifconfig 512.Sq YES 513or 514.Sq NO . 515Sets the 516.Sy net_interfaces 517variable (see below) to the output of 518.Xr ifconfig 8 519with the 520.Dq Li -l 521flag and suppresses warnings about interfaces in this list that 522do not have an ifconfig file or variable. 523.It Sy dhclient 524.Sq YES 525or 526.Sq NO . 527Set to 528.Sq YES 529to configure some or all network interfaces using 530the ISC DHCP client. 531If you set 532.Sy dhclient 533to 534.Sq YES , 535you must either have 536.Pa /var 537in 538.Sy critical_filesystems_local , 539as part of 540.Pa / , 541or direct the DHCP client to store the leases file on the root 542file system by modifying the 543.Sy dhclient_flags 544variable. 545You must not provide ifconfig information or ifaliases 546information for any interface that is to be configured using the DHCP client. 547Interface aliases can be set up in the DHCP client configuration 548file if needed - see 549.Xr dhclient.conf 5 550for details. 551.Pp 552Passes 553.Sy dhclient_flags 554to the DHCP client. 555See 556.Xr dhclient 8 557for complete documentation. 558If you wish to configure all broadcast 559network interfaces using the DHCP client, you can leave this blank. 560To configure only specific interfaces, name the interfaces to be configured 561on the command line. 562.Pp 563If you must run the DHCP client before mounting critical file systems, 564then you should specify an alternate location for the DHCP client's lease 565file in the 566.Sy dhclient_flags 567variable - for example, "-lf /tmp/dhclient.leases". 568.It Sy dhcpcd_flags 569Additional arguments to pass to 570.Xr dhcpcd 8 571when requesting configuration via 572.Sy ifconfig_xxN 573or 574.Pa /etc/ifconfig.xxN . 575.It Sy flushroutes 576.Sq YES 577or 578.Sq NO . 579Flushes the route table on networking startup. 580Useful when coming up to multiuser mode after going down to 581single-user mode. 582.It Sy hostapd 583.Sq YES 584or 585.Sq NO . 586Runs 587.Xr hostapd 8 , 588the authenticator for IEEE 802.11 networks. 589.It Sy ifaliases_* 590A string. 591List of 592.Sq Em "address netmask" 593pairs to configure additional network addresses for the given 594configured interface 595.Dq * 596(e.g. 597.Sy ifaliases_le0 ) . 598If 599.Em netmask 600is 601.Dq - , 602then use the default netmask for the interface. 603.Pp 604.Sy ifaliases_* 605covers limited cases only and considered unrecommended. 606We recommend using 607.Sy ifconfig_nnX 608variables or 609.Pa /etc/ifconfig.xxN 610files with multiple lines instead. 611.It Sy ifwatchd 612.Sq YES 613or 614.Sq NO . 615Monitor dynamic interfaces and perform actions upon address changes. 616Passes 617.Sy ifwatchd_flags . 618.It Sy ip6mode 619A string. 620An IPv6 node can be a router 621.Pq nodes that forward packet for others 622or a host 623.Pq nodes that do not forward . 624A host can be autoconfigured 625based on the information advertised by adjacent IPv6 routers. 626By setting 627.Sy ip6mode 628to 629.Dq Li router , 630.Dq Li host , 631or 632.Dq Li autohost , 633you can configure your node as a router, 634a non-autoconfigured host, or an autoconfigured host. 635Invalid values will be ignored, and the node will be configured as 636a non-autoconfigured host. 637You may want to check 638.Sy rtsol 639and 640.Sy rtsold 641as well, if you set the variable to 642.Dq Li autohost . 643.It Sy ip6uniquelocal 644.Sq YES 645or 646.Sq NO . 647If 648.Sy ip6mode 649is equal to 650.Dq Li router 651and 652.Sy ip6uniquelocal 653is set to 654.Sq NO 655a reject route will be installed on boot to avoid misconfiguration relating 656to unique-local addresses. 657If set to 658.Sq YES 659the reject route won't be installed. 660.It Sy ipfilter 661.Sq YES 662or 663.Sq NO . 664Runs 665.Xr ipf 8 666to load in packet filter specifications from 667.Pa /etc/ipf.conf 668at network boot time, before any interfaces are configured. 669Passes 670.Sy ipfilter_flags . 671See 672.Xr ipf.conf 5 . 673.It Sy ipfs 674.Sq YES 675or 676.Sq NO . 677Runs 678.Xr ipfs 8 679to save and restore information for ipnat and ipfilter state tables. 680The information is stored in 681.Pa /var/db/ipf/ipstate.ipf 682and 683.Pa /var/db/ipf/ipnat.ipf . 684Passes 685.Sy ipfs_flags . 686.It Sy ipmon 687.Sq YES 688or 689.Sq NO . 690Runs 691.Xr ipmon 8 692to read 693.Xr ipf 8 694packet log information and log it to a file or the system log. 695Passes 696.Sy ipmon_flags . 697.It Sy ipmon_flags 698A string. 699Specifies arguments to supply to 700.Xr ipmon 8 . 701Defaults to 702.Dq Li -ns . 703A typical example would be 704.Dq Fl nD Pa /var/log/ipflog 705to have 706.Xr ipmon 8 707log directly to a file bypassing 708.Xr syslogd 8 . 709If the 710.Dq -D 711argument is used, remember to modify 712.Pa /etc/newsyslog.conf 713accordingly; for example: 714.Bd -literal 715/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 716.Ed 717.It Sy ipnat 718.Sq YES 719or 720.Sq NO . 721Runs 722.Xr ipnat 8 723to load in the IP network address translation (NAT) rules from 724.Pa /etc/ipnat.conf 725at network boot time, before any interfaces are configured. 726See 727.Xr ipnat.conf 5 . 728.It Sy ipsec 729.Sq YES 730or 731.Sq NO . 732Runs 733.Xr setkey 8 734to load in IPsec manual keys and policies from 735.Pa /etc/ipsec.conf 736at network boot time, before any interfaces are configured. 737.It Sy net_interfaces 738A string. 739The list of network interfaces to be configured at boot time. 740For each interface "xxN", the system first looks for ifconfig 741parameters in the variable 742.Sy ifconfig_xxN , 743and then in the file 744.Pa /etc/ifconfig.xxN . 745If 746.Sy auto_ifconfig 747is set to "NO" and neither the file nor the variable is found, 748a warning is printed. 749Information in either the variable or the file is parsed identically, 750except that, if an 751.Sy ifconfig_xxN 752variable contains a single line with embedded semicolons, 753then the value is split into multiple lines prior to further parsing, 754treating the semicolon as a line separator. 755One common case it to set 756.Sy ifconfig_xxN Ns Li \&= Ns Qq dhcp , 757which will cause 758.Xr dhcpcd 8 759to be started for the interface. 760Another common case it to set the 761.Sy ifconfig_xxN 762variable to a set of arguments to be passed to an 763.Xr ifconfig 8 764command after the interface name. 765Refer to 766.Xr ifconfig.if 5 767for more details on 768.Pa /etc/ifconfig.xxN 769files, and note that the information there also applies to 770.Sy ifconfig_xxN 771variables (after the variables are split into lines). 772.It Sy ntpdate 773.Sq YES 774or 775.Sq NO . 776Runs 777.Xr ntpdate 8 778to set the system time from one of the hosts in 779.Sy ntpdate_hosts . 780If 781.Sy ntpdate_hosts 782is empty, it will attempt to find a list of hosts in 783.Pa /etc/ntp.conf . 784Passes 785.Sy ntpdate_flags . 786.It Sy pf 787.Sq YES 788or 789.Sq NO . 790Enable 791.Xr pf 4 792at network boot time: 793Load the initial configuration 794.Xr pf.boot.conf 5 795before the network is up. 796After the network has been configured, then load the final ruleset 797.Xr pf.conf 5 . 798.It Sy pf_rules 799A string. 800The path of the 801.Xr pf.conf 5 802ruleset that will be used when loading the final ruleset. 803.It Sy pflogd 804.Sq YES 805or 806.Sq NO . 807Run 808.Xr pflogd 8 809for dumping packet filter logging information to a file. 810.It Sy ppp_peers 811A string. 812If 813.Sy ppp_peers 814is not empty, then 815.Pa /etc/rc.d/ppp 816will check each word in 817.Sy ppp_peers 818for a corresponding ppp configuration file in 819.Pa /etc/ppp/peers 820and will call 821.Xr pppd 8 822with the 823.Dq call Sy peer 824option. 825.It Sy racoon 826.Sq YES 827or 828.Sq NO . 829Runs 830.Xr racoon 8 , 831the IKE (ISAKMP/Oakley) key management daemon. 832.It Sy rtsol 833.Sq YES 834or 835.Sq NO . 836Run 837.Xr rtsol 8 , 838router solicitation command for IPv6 hosts. 839On nomadic hosts like notebook computers, you may want to enable 840.Sy rtsold 841as well. 842Passes 843.Sy rtsol_flags . 844This is only for autoconfigured IPv6 hosts, so set 845.Sy ip6mode 846to 847.Dq Li autohost 848if you use it. 849.It Sy wpa_supplicant 850.Sq YES 851or 852.Sq NO . 853Run 854.Xr wpa_supplicant 8 , 855WPA/802.11i Supplicant for wireless network devices. 856.El 857.Ss Daemons required by other daemons 858.Bl -tag -width net_interfaces 859.It Sy inetd 860.Sq YES 861or 862.Sq NO . 863Runs the 864.Xr inetd 8 865daemon to start network server processes (as listed in 866.Pa /etc/inetd.conf ) 867as necessary. 868Passes 869.Sy inetd_flags . 870The 871.Dq Li -l 872flag turns on libwrap connection logging. 873.It Sy rpcbind 874.Sq YES 875or 876.Sq NO . 877The 878.Xr rpcbind 8 879daemon is required for any 880.Xr rpc 3 881services. 882These include NFS, 883.Tn NIS , 884.Xr bootparamd 8 , 885.Xr rstatd 8 , 886.Xr rusersd 8 , 887and 888.Xr rwalld 8 . 889Passes 890.Sy rpcbind_flags . 891.El 892.Ss Commonly used daemons 893.Bl -tag -width net_interfaces 894.It Sy cron 895.Sq YES 896or 897.Sq NO . 898Run 899.Xr cron 8 . 900.It Sy httpd 901.Sq YES 902or 903.Sq NO . 904Runs the 905.Xr httpd 8 906daemon and passes 907.Sy httpd_flags . 908.It Sy httpd_wwwdir 909A string. 910The 911.Xr httpd 8 912WWW root directory. 913Used only if 914.Sy httpd 915is set to 916.Sq YES . 917The default setting is 918.Dq Pa /var/www . 919.It Sy httpd_wwwuser 920A string. 921If non-blank and 922.Sy httpd 923is 924.Sq YES , 925run 926.Xr httpd 8 927and cause it to switch to the specified user after initialization. 928It is preferred to 929.Sy httpd_user 930because 931.Xr httpd 8 932is requiring extra privileges to start listening on default port 80. 933The default setting is 934.Dq Dv _httpd . 935.It Sy lpd 936.Sq YES 937or 938.Sq NO . 939Runs 940.Xr lpd 8 941and passes 942.Sy lpd_flags . 943The 944.Dq Li -l 945flag will turn on extra logging. 946.It Sy named 947.Sq YES 948or 949.Sq NO . 950Runs 951.Xr named 8 952and passes 953.Sy named_flags . 954.It Sy named_chrootdir 955A string. 956If non-blank and 957.Sy named 958is 959.Sq YES , 960run 961.Xr named 8 962as the unprivileged user and group 963.Sq named , 964.Xr chroot 2 Ns ed 965to 966.Sy named_chrootdir . 967.Sy named_chrootdir Ns Pa /var/run/log 968will be added to the list of log sockets that 969.Xr syslogd 8 970listens to. 971.It Sy ntpd 972.Sq YES 973or 974.Sq NO . 975Runs 976.Xr ntpd 8 977and passes 978.Sy ntpd_flags . 979.It Sy ntpd_chrootdir 980A string. 981If non-blank and 982.Sy ntpd 983is 984.Sq YES , 985run 986.Xr ntpd 8 987as the unprivileged user and group 988.Sq ntpd , 989.Xr chroot 2 Ns ed 990to 991.Sy ntpd_chrootdir . 992.Sy ntpd_chrootdir Ns Pa /var/run/log 993will be added to the list of log sockets that 994.Xr syslogd 8 995listens to. 996This option requires that the kernel has 997.Dl pseudo-device clockctl 998compiled in, and that 999.Pa /dev/clockctl 1000is present. 1001.It Sy postfix 1002.Sq YES 1003or 1004.Sq NO . 1005Starts 1006.Xr postfix 1 1007mail system. 1008.It Sy sshd 1009.Sq YES 1010or 1011.Sq NO . 1012Runs 1013.Xr sshd 8 1014and passes 1015.Sy sshd_flags . 1016.It Sy syslogd 1017.Sq YES 1018or 1019.Sq NO . 1020Runs 1021.Xr syslogd 8 1022and passes 1023.Sy syslogd_flags . 1024.It Sy timed 1025.Sq YES 1026or 1027.Sq NO . 1028Runs 1029.Xr timed 8 1030and passes 1031.Sy timed_flags . 1032The 1033.Dq Li -M 1034option allows 1035.Xr timed 8 1036to be a master time source as well as a slave. 1037If you are also running 1038.Xr ntpd 8 , 1039only one machine running both should have the 1040.Dq Li -M 1041flag given to 1042.Xr timed 8 . 1043.El 1044.Ss Routing daemons 1045.Bl -tag -width net_interfaces 1046.It Sy mrouted 1047.Sq YES 1048or 1049.Sq NO . 1050Runs 1051.Xr mrouted 8 , 1052the DVMRP multicast routing protocol daemon. 1053Passes 1054.Sy mrouted_flags . 1055.It Sy route6d 1056.Sq YES 1057or 1058.Sq NO . 1059Runs 1060.Xr route6d 8 , 1061the RIPng routing protocol daemon for IPv6. 1062Passes 1063.Sy route6d_flags . 1064.It Sy routed 1065.Sq YES 1066or 1067.Sq NO . 1068Runs 1069.Xr routed 8 , 1070the RIP routing protocol daemon. 1071Passes 1072.Sy routed_flags . 1073.\" This should be 1074.\" .Sq NO 1075.\" if 1076.\" .Sy gated 1077.\" is 1078.\" .Sq YES . 1079.It Sy rtsold 1080.Sq YES 1081or 1082.Sq NO . 1083Runs 1084.Xr rtsold 8 , 1085the IPv6 router solicitation daemon. 1086.Xr rtsold 8 1087periodically transmits router solicitation packets 1088to find IPv6 routers on the network. 1089This configuration is mainly for nomadic hosts like notebook computers. 1090Stationary hosts should work fine with just 1091.Sy rtsol . 1092Passes 1093.Sy rtsold_flags . 1094This is only for autoconfigured IPv6 hosts, so set 1095.Sy ip6mode 1096to 1097.Dq Li autohost 1098if you use it. 1099.El 1100.Ss Daemons used to boot other hosts over a network 1101.Bl -tag -width net_interfaces 1102.It Sy bootparamd 1103.Sq YES 1104or 1105.Sq NO . 1106Runs 1107.Xr bootparamd 8 , 1108the boot parameter server, with 1109.Sy bootparamd_flags 1110as options. 1111Used to boot 1112.Nx 1113and 1114.Tn "SunOS 4.x" 1115systems. 1116.It Sy dhcpd 1117.Sq YES 1118or 1119.Sq NO . 1120Runs 1121.Xr dhcpd 8 , 1122the Dynamic Host Configuration Protocol (DHCP) daemon, 1123for assigning IP addresses to hosts and passing boot information. 1124Passes 1125.Sy dhcpd_flags . 1126.It Sy dhcrelay 1127.Sq YES 1128or 1129.Sq NO . 1130Runs 1131.Xr dhcrelay 8 . 1132Passes 1133.Sy dhcrelay_flags . 1134.It Sy mopd 1135.Sq YES 1136or 1137.Sq NO . 1138Runs 1139.Xr mopd 8 , 1140the 1141.Tn DEC 1142.Tn MOP 1143protocol daemon; used for booting 1144.Tn VAX 1145and other 1146.Tn DEC 1147machines. 1148Passes 1149.Sy mopd_flags . 1150.It Sy ndbootd 1151.Sq YES 1152or 1153.Sq NO . 1154Runs 1155.Xr ndbootd 8 , 1156the Sun Network Disk (ND) Protocol server. 1157Passes 1158.Sy ndbootd_flags . 1159.It Sy rarpd 1160.Sq YES 1161or 1162.Sq NO . 1163Runs 1164.Xr rarpd 8 , 1165the reverse ARP daemon, often used to boot 1166.Nx 1167and Sun workstations. 1168Passes 1169.Sy rarpd_flags . 1170.It Sy rbootd 1171.Sq YES 1172or 1173.Sq NO . 1174Runs 1175.Xr rbootd 8 , 1176the 1177.Tn HP 1178boot protocol daemon; used for booting 1179.Tn HP 1180workstations. 1181Passes 1182.Sy rbootd_flags . 1183.It Sy rtadvd 1184.Sq YES 1185or 1186.Sq NO . 1187Runs 1188.Xr rtadvd 8 , 1189the IPv6 router advertisement daemon, which is used to advertise 1190information about the subnet to IPv6 end hosts. 1191Passes 1192.Sy rtadvd_flags . 1193This is only for IPv6 routers, so set 1194.Sy ip6mode 1195to 1196.Dq Li router 1197if you use it. 1198.El 1199.Ss X Window System daemons 1200.Bl -tag -width net_interfaces 1201.It Sy xdm 1202.Sq YES 1203or 1204.Sq NO . 1205Runs the 1206.Xr xdm 1 1207X display manager. 1208These X daemons are available only with the optional X distribution of 1209.Nx . 1210.It Sy xfs 1211.Sq YES 1212or 1213.Sq NO . 1214Runs the 1215.Xr xfs 1 1216X11 font server, which supplies local X font files to X terminals. 1217.El 1218.Ss NIS (YP) daemons 1219.Bl -tag -width net_interfaces 1220.It Sy ypbind 1221.Sq YES 1222or 1223.Sq NO . 1224Runs 1225.Xr ypbind 8 , 1226which lets 1227.Tn NIS 1228(YP) clients use information from a 1229.Tn NIS 1230server. 1231Passes 1232.Sy ypbind_flags . 1233.It Sy yppasswdd 1234.Sq YES 1235or 1236.Sq NO . 1237Runs 1238.Xr yppasswdd 8 , 1239which allows remote 1240.Tn NIS 1241users to update password on master server. 1242Passes 1243.Sy yppasswdd_flags . 1244.It Sy ypserv 1245.Sq YES 1246or 1247.Sq NO . 1248Runs 1249.Xr ypserv 8 , 1250the 1251.Tn NIS 1252(YP) server for distributing information from certain files in 1253.Pa /etc . 1254Passes 1255.Sy ypserv_flags . 1256The 1257.Dq Li -d 1258flag causes it to use DNS for lookups in 1259.Pa /etc/hosts 1260that fail. 1261.El 1262.Ss NFS daemons and parameters 1263.Bl -tag -width net_interfaces 1264.It Sy amd 1265.Sq YES 1266or 1267.Sq NO . 1268Runs 1269.Xr amd 8 , 1270the automounter daemon, which automatically mounts NFS file systems 1271whenever a file or directory within that file system is accessed. 1272Passes 1273.Sy amd_flags . 1274.It Sy amd_dir 1275A string. 1276The 1277.Xr amd 8 1278mount directory. 1279Used only if 1280.Sy amd 1281is set to 1282.Sq YES . 1283.It Sy lockd 1284.Sq YES 1285or 1286.Sq NO . 1287Runs 1288.Xr rpc.lockd 8 1289if 1290.Sy nfs_server 1291and/or 1292.Sy nfs_client 1293are set to 1294.Sq YES . 1295Passes 1296.Sy lockd_flags . 1297.It Sy mountd 1298.Sq YES 1299or 1300.Sq NO . 1301Runs 1302.Xr mountd 8 1303and passes 1304.Sy mountd_flags . 1305.It Sy nfs_client 1306.Sq YES 1307or 1308.Sq NO . 1309The number of local NFS asynchronous I/O server is now controlled via 1310.Xr sysctl 8 . 1311.It Sy nfs_server 1312.Sq YES 1313or 1314.Sq NO . 1315Sets up a host to be a NFS server by running 1316.Xr nfsd 8 1317and passing 1318.Sy nfsd_flags . 1319.It Sy statd 1320.Sq YES 1321or 1322.Sq NO . 1323Runs 1324.Xr rpc.statd 8 , 1325a status monitoring daemon used when 1326.Xr rpc.lockd 8 1327is running, if 1328.Sy nfs_server 1329and/or 1330.Sy nfs_client 1331are set to 1332.Sq YES . 1333Passes 1334.Sy statd_flags . 1335.El 1336.Ss Bluetooth configuration and daemons 1337.Bl -tag -width net_interfaces 1338.It Sy btattach 1339.Sq YES 1340or 1341.Sq NO . 1342Attach serial bluetooth interfaces as listed in the configuration file 1343.Pa /etc/bluetooth/btdevctl.conf . 1344.It Sy btconfig 1345.Sq YES 1346or 1347.Sq NO . 1348Configure bluetooth devices. 1349If the 1350.Sy btconfig_devices 1351variable below is not specified, all devices known to the system 1352will be configured. 1353For each device, configuration arguments are first looked for 1354in the 1355.Sy btconfig_{dev} 1356variable, otherwise the value of the 1357.Sy btconfig_args 1358variable will be used, and if that is not specified the default string is 1359.Sq enable . 1360.It Sy btconfig_devices 1361An optional space separated list of bluetooth devices to be configured at 1362boot time. 1363.It Sy btconfig_args 1364An optional string, containing default arguments for bluetooth devices to 1365be configured. 1366.It Sy btdevctl 1367.Sq YES 1368or 1369.Sq NO . 1370Configure Bluetooth devices as listed in the configuration file 1371.Pa /etc/bluetooth/btdevctl.conf . 1372.It Sy bthcid 1373.Sq YES 1374or 1375.Sq NO . 1376Runs 1377.Xr bthcid 8 , 1378the Bluetooth HCI daemon, which manages link keys and PIN codes for 1379Bluetooth links. 1380Passes 1381.Sy bthcid_flags . 1382.It Sy sdpd 1383.Sq YES 1384or 1385.Sq NO . 1386Runs the Service Discovery Profile daemon, 1387.Xr sdpd 8 . 1388Passes 1389.Sy sdpd_flags . 1390.El 1391.Ss Other daemons 1392.Bl -tag -width net_interfaces 1393.It Sy isdnd 1394.Sq YES 1395or 1396.Sq NO . 1397Runs 1398.Xr isdnd 8 , 1399the isdn4bsd ISDN connection management daemon. 1400Passes 1401.Sy isdnd_flags . 1402.It Sy isdn_autoupdown 1403.Sq YES 1404or 1405.Sq NO . 1406Set all configured ISDN interfaces to 1407.Dq up . 1408If 1409.Sy isdn_interfaces 1410is not blank, only the listed interfaces will be modified. 1411Used only if 1412.Sy isdnd 1413is set to 1414.Sq YES . 1415.It Sy kdc 1416.Sq YES 1417or 1418.Sq NO . 1419Runs the 1420.Xr kdc 8 1421Kerberos v4 and v5 server. 1422This should be run on Kerberos master and slave servers. 1423.It Sy rwhod 1424.Sq YES 1425or 1426.Sq NO . 1427Runs 1428.Xr rwhod 8 1429to support the 1430.Xr rwho 1 1431and 1432.Xr ruptime 1 1433commands. 1434.El 1435.Ss Hardware daemons 1436.Bl -tag -width net_interfaces 1437.It Sy apmd 1438.Sq YES 1439or 1440.Sq NO . 1441Runs 1442.Xr apmd 8 1443and passes 1444.Sy apmd_flags . 1445.It Sy irdaattach 1446.Sq YES 1447or 1448.Sq NO . 1449Runs 1450.Xr irdaattach 8 1451and passes 1452.Sy irdaattach_flags . 1453.It Sy moused 1454.Sq YES 1455or 1456.Sq NO . 1457Runs 1458.Xr moused 8 , 1459to pass serial mouse data to the wscons mouse mux. 1460Passes 1461.Sy moused_flags . 1462.It Sy screenblank 1463.Sq YES 1464or 1465.Sq NO . 1466Runs 1467.Xr screenblank 1 1468and passes 1469.Sy screenblank_flags . 1470.It Sy wscons 1471.Sq YES 1472or 1473.Sq NO . 1474Configures the 1475.Xr wscons 4 1476console driver, from the configuration file 1477.Pa /etc/wscons.conf . 1478.It Sy wsmoused 1479.Sq YES 1480or 1481.Sq NO . 1482Runs 1483.Xr wsmoused 8 , 1484to provide copy and paste text support in wscons displays. 1485Passes 1486.Sy wsmoused_flags . 1487.El 1488.Sh FILES 1489.Bl -tag -width /etc/defaults/rc.conf -compact 1490.It Pa /etc/rc.conf 1491The file 1492.Nm 1493resides in 1494.Pa /etc . 1495.It Pa /etc/defaults/rc.conf 1496Default settings for 1497.Nm , 1498sourced by 1499.Nm 1500before the end-user configuration section. 1501.It Pa /etc/rc.conf.d/ Ns Ar foo 1502.Ar foo Ns No -specific 1503.Nm 1504overrides. 1505.El 1506.Sh SEE ALSO 1507.Xr boot 8 , 1508.Xr rc 8 , 1509.Xr rc.d 8 , 1510.Xr rc.subr 8 , 1511.Xr rcorder 8 1512.Sh HISTORY 1513The 1514.Nm 1515file appeared in 1516.Nx 1.3 . 1517