1.\" $NetBSD: rc.conf.5,v 1.141 2010/03/20 11:23:37 wiz Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd March 19, 2010 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root filesystem, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243.Tn NIS 244(YP) domain of host. 245If empty or not set, then the contents of 246.Pa /etc/defaultdomain 247(if it exists) are used. 248.It Sy force_down_interfaces 249A space separated list of interface names. 250These interfaces will be configured down when going from multiuser to singleuser 251mode or on system shutdown. 252.Pp 253This is important for some stateful interfaces, for example PPP over ISDN 254connections that cost money by connection time or PPPoE interfaces which 255have no direct means of noticing 256.Dq disconnect 257events. 258.Pp 259All active 260.Xr pppoe 4 261and 262.Xr ippp 4 263interfaces will be automatically added to this list. 264.It Sy hostname 265A string. 266Name of host. 267If empty or not set, then the contents of 268.Pa /etc/myname 269(if it exists) are used. 270.El 271.Ss Boottime file-system and swap configuration 272.Bl -tag -width net_interfaces 273.It Sy critical_filesystems_local 274A string. 275File systems mounted very early in the system boot before networking 276services are available. 277Usually 278.Pa /var 279is part of this, because it is needed by services such as 280.Xr dhclient 8 281which may be required to get the network operational. 282The default is 283.Dq "OPTIONAL:/var" , 284where the 285.Dq OPTIONAL: 286prefix means that it's not an error if the file system is not 287present in 288.Xr fstab 5 . 289.It Sy critical_filesystems_remote 290A string. 291File systems such as 292.Pa /usr 293that may require network services to be available to mount, 294that must be available early in the system boot for general services to use. 295The default is 296.Dq "OPTIONAL:/usr" , 297where the 298.Dq OPTIONAL: 299prefix means that it's not an error if the file system is not 300present in 301.Xr fstab 5 . 302.It Sy fsck_flags 303A string. 304A file system is checked with 305.Xr fsck 8 306during boot before mounting it. 307This option may be used to override the default command-line options 308passed to the 309.Xr fsck 8 310program. 311.Pp 312When set to 313.Fl y , 314.Xr fsck 8 315assumes yes as the answer to all operator questions during file system checks. 316This might be important with hosts where the administrator does not have 317access to the console and an unsuccessful shutdown must not make the host 318unbootable even if the file system checks would fail in preen mode. 319.It Sy no_swap 320Boolean value. 321Should be true if you have deliberately configured your system with no swap. 322If false and no swap devices are configured, the system will warn you. 323.It Sy swapoff 324Boolean value. 325Remove block-type swap devices at shutdown time. 326Useful if swapping onto RAIDframe devices. 327.El 328.Ss One-time actions to perform or programs to run on boot-up 329.Bl -tag -width net_interfaces 330.It Sy accounting 331Boolean value. 332Enables process accounting with 333.Xr accton 8 . 334Requires 335.Pa /var/account/acct 336to exist. 337.It Sy ccd 338Boolean value. 339Configures concatenated disk devices according to 340.Xr ccd.conf 5 . 341.It Sy cgd 342Boolean value. 343Configures cryptographic disk devices. 344Requires 345.Pa /etc/cgd/cgd.conf . 346See 347.Xr cgdconfig 8 348for additional details. 349.It Sy clear_tmp 350Boolean value. 351Clear 352.Pa /tmp 353after reboot. 354.It Sy dmesg 355Boolean value. 356Create 357.Pa /var/run/dmesg.boot 358from the output of 359.Xr dmesg 8 . 360Passes 361.Sy dmesg_flags . 362.It Sy envsys 363Boolean value. 364Sets preferences for the environmental systems framework, 365.Xr envsys 4 . 366Requires 367.Pa /etc/envsys.conf , 368which is described in 369.Xr envsys.conf 5 . 370.It Sy gpio 371Boolean value. 372Configure 373.Xr gpio 4 374devices. 375See 376.Xr gpio.conf 5 . 377.It Sy ldconfig 378Boolean value. 379Configures 380.Xr a.out 5 381runtime link editor directory cache. 382.It Sy mixerctl 383Boolean value. 384Read 385.Xr mixerctl.conf 5 386for how to set mixer values. 387List in 388.Sy mixerctl_mixers 389the devices whose settings are to be saved at shutdown and 390restored at start-up. 391.It Sy newsyslog 392Boolean value. 393Run 394.Nm newsyslog 395to trim logfiles before syslogd starts. 396Intended for laptop users. 397Passes 398.Sy newsyslog_flags . 399.It Sy per_user_tmp 400Boolean value. 401Enables a per-user 402.Pa /tmp 403directory. 404.Sy per_user_tmp_dir 405can be used to override the default location of the 406.Dq real 407temporary directories, 408.Dq Pa /private/tmp . 409.It Sy quota 410Boolean value. 411Checks and enables quotas by running 412.Xr quotacheck 1 413and 414.Xr quotaon 8 . 415.It Sy raidframe 416Boolean value. 417Configures 418.Xr raid 4 , 419RAIDframe disk devices. 420See 421.Xr raidctl 8 422for additional details. 423.It Sy rndctl 424Boolean value. 425Runs the 426.Xr rndctl 8 427utility one or more times according to the specification in 428.Sy rndctl_flags . 429.Pp 430If 431.Sy rndctl_flags 432does not contain a semicolon 433.Pq Ql \&; 434then it is expected to contain zero or more flags, 435followed by one or more device or type names. 436The 437.Xr rndctl 8 438command will be executed once for each device or type name. 439If the specified flags do not include any of 440.Fl c , C , e , 441or 442.Fl E , 443then the flags 444.Fl c 445and 446.Fl e 447are added, to specify that entropy from the relevant device or type 448should be both collected and estimated. 449If the specified flags do not include either of 450.Fl d 451or 452.Fl t , 453then the flag 454.Fl d 455is added, to specify that the non-flag arguments are device names, 456not type names. 457.Pp 458.Sy rndctl_flags 459may contain multiple semicolon-separated segments, in which each 460segment contains flags and device or type names as described above. 461This allows different flags to be associated with different 462device or type names. 463For example, given 464.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 465the following commands will be executed: 466.Li "rndctl -c -e -d wd0" ; 467.Li "rndctl -c -e -d wd1" ; 468.Li "rndctl -c -e -t tty" ; 469.Li "rndctl -c -t net" . 470.It Sy rtclocaltime 471Boolean value. 472Sets the real time clock to local time by adjusting the 473.Xr sysctl 7 474value of 475.Pa kern.rtc_offset . 476The offset from UTC is calculated automatically according 477to the time zone information in the file 478.Pa /etc/localtime . 479.It Sy savecore 480Boolean value. 481Runs the 482.Xr savecore 8 483utility. 484Passes 485.Sy savecore_flags . 486The directory where crash dumps are stored is specified by 487.Sy savecore_dir . 488The default setting is 489.Dq Pa /var/crash . 490.It Sy sysdb 491Boolean value. 492Builds various system databases, including 493.Pa /var/run/dev.db , 494.Pa /etc/spwd.db , 495.Pa /var/db/netgroup.db , 496.Pa /var/db/services.db , 497and entries for 498.Xr utmp 5 . 499.It Sy tpctl 500Boolean value. 501Run 502.Xr tpctl 8 503to calibrate touch panel device. 504Passes 505.Sy tpctl_flags . 506.It Sy update_motd 507Boolean value. 508Updates the 509.Nx 510version string in the 511.Pa /etc/motd 512file to reflect the version of the running kernel. 513See 514.Xr motd 5 . 515.It Sy veriexec 516Boolean value. 517Load Veriexec fingerprints during startup. 518Read 519.Xr veriexecctl 8 520for more information. 521.It Sy virecover 522Boolean value. 523Send notification mail to users if any recoverable files exist in 524.Pa /var/tmp/vi.recover . 525Read 526.Xr virecover 8 527for more information. 528.It Sy wdogctl 529Boolean value. 530Configures watchdog timers. 531Passes 532.Sy wdogctl_flags . 533Refer to 534.Xr wdogctl 8 535for information on how to configure a timer. 536.El 537.Ss System security setting 538.Bl -tag -width net_interfaces 539.It Sy securelevel 540A number. 541The system securelevel is set to the specified value early 542in the boot process, before any external logins, or other programs 543that run users job, are started. 544If set to nothing, the default action is taken, as described in 545.Xr init 8 546and 547.Xr secmodel_securelevel 9 , 548which contains definitive information about the system securelevel. 549Note that setting 550.Sy securelevel 551to 0 in 552.Nm 553will actually result in the system booting with securelevel set to 1, as 554.Xr init 8 555will raise the level when 556.Xr rc 8 557completes. 558.It Sy permit_nonalpha 559Allow passwords to include non-alpha characters, usually to allow 560NIS/YP netgroups. 561.It Sy veriexec_strict 562A number. 563Controls the strict level of Veriexec. 564Level 0 is learning mode, used when building the signatures file. 565It will only output messages but will not enforce anything. 566Level 1 will only prevent access to files with a fingerprint 567mismatch. 568Level 2 will also deny writing to and removing of 569monitored files, as well as enforce access type (as specified in 570the signatures file). 571Level 3 will take a step further and prevent 572access to files that are not monitored. 573.It Sy veriexec_verbose 574A number. 575Controls the verbosity of Veriexec. 576Recommended operation is at level 0, verbose output (mostly used when 577building the signatures file) is at level 1. 578Level 2 is for debugging only and should not be used. 579.It Sy veriexec_flags 580A string. 581Flags to pass to the 582.Nm veriexecctl 583command. 584.El 585.Ss Networking startup 586.Bl -tag -width net_interfaces 587.It Sy altqd 588Boolean value. 589ALTQ configuration/monitoring daemon. 590Passes 591.Sy altqd_flags . 592.It Sy auto_ifconfig 593Boolean value. 594Sets the 595.Sy net_interfaces 596variable (see below) to the output of 597.Xr ifconfig 8 598with the 599.Dq Li -l 600flag and suppresses warnings about interfaces in this list that 601do not have an ifconfig file or variable. 602.It Sy dhclient 603Boolean value. 604Set true to configure some or all network interfaces using 605the ISC DHCP client. 606If you set 607.Sy dhclient 608true, then 609.Pa /var 610must be in 611.Sy critical_filesystems_local , 612or 613.Pa /var 614must be on the root file system, 615or you must modify the 616.Sy dhclient_flags 617variable to direct the DHCP client to store the leases file 618in some other directory on the root file system. 619You must not provide ifconfig information or ifaliases 620information for any interface that is to be configured using the DHCP client. 621Interface aliases can be set up in the DHCP client configuration 622file if needed - see 623.Xr dhclient.conf 5 624for details. 625.Pp 626Passes 627.Sy dhclient_flags 628to the DHCP client. 629See 630.Xr dhclient 8 631for complete documentation. 632If you wish to configure all broadcast 633network interfaces using the DHCP client, you can leave this blank. 634To configure only specific interfaces, name the interfaces to be configured 635on the command line. 636.Pp 637If you must run the DHCP client before mounting critical file systems, 638then you should specify an alternate location for the DHCP client's lease 639file in the 640.Sy dhclient_flags 641variable - for example, "-lf /tmp/dhclient.leases". 642.It Sy dhcpcd_flags 643Additional arguments to pass to 644.Xr dhcpcd 8 645when requesting configuration via 646.Sy ifconfig_xxN 647or 648.Pa /etc/ifconfig.xxN . 649.It Sy flushroutes 650Boolean value. 651Flushes the route table on networking startup. 652Useful when coming up to multiuser mode after going down to 653single-user mode. 654.It Sy ftp_proxy 655Boolean value. 656Runs 657.Xr ftp-proxy 8 , 658the proxy daemon for the Internet File Transfer Protocol. 659.It Sy hostapd 660Boolean value. 661Runs 662.Xr hostapd 8 , 663the authenticator for IEEE 802.11 networks. 664.It Sy ifaliases_* 665A string. 666List of 667.Sq Em "address netmask" 668pairs to configure additional network addresses for the given 669configured interface 670.Dq * 671(e.g. 672.Sy ifaliases_le0 ) . 673If 674.Em netmask 675is 676.Dq - , 677then use the default netmask for the interface. 678.Pp 679.Sy ifaliases_* 680covers limited cases only and considered unrecommended. 681We recommend using 682.Sy ifconfig_nnX 683variables or 684.Pa /etc/ifconfig.xxN 685files with multiple lines instead. 686.It Sy ifwatchd 687Boolean value. 688Monitor dynamic interfaces and perform actions upon address changes. 689Passes 690.Sy ifwatchd_flags . 691.It Sy ip6mode 692A string. 693An IPv6 node can be a router 694.Pq nodes that forward packet for others 695or a host 696.Pq nodes that do not forward . 697A host can be autoconfigured 698based on the information advertised by adjacent IPv6 routers. 699By setting 700.Sy ip6mode 701to 702.Dq Li router , 703.Dq Li host , 704or 705.Dq Li autohost , 706you can configure your node as a router, 707a non-autoconfigured host, or an autoconfigured host. 708Invalid values will be ignored, and the node will be configured as 709a non-autoconfigured host. 710You may want to check 711.Sy rtsol 712and 713.Sy rtsold 714as well, if you set the variable to 715.Dq Li autohost . 716.It Sy ip6uniquelocal 717Boolean value. 718If 719.Sy ip6mode 720is equal to 721.Dq Li router , 722and 723.Sy ip6uniquelocal 724is false, 725a reject route will be installed on boot to avoid misconfiguration relating 726to unique-local addresses. 727If 728.Sy ip6uniquelocal 729is true, the reject route won't be installed. 730.It Sy ipfilter 731Boolean value. 732Runs 733.Xr ipf 8 734to load in packet filter specifications from 735.Pa /etc/ipf.conf 736at network boot time, before any interfaces are configured. 737Passes 738.Sy ipfilter_flags . 739See 740.Xr ipf.conf 5 . 741.It Sy ipfs 742Boolean value. 743Runs 744.Xr ipfs 8 745to save and restore information for ipnat and ipfilter state tables. 746The information is stored in 747.Pa /var/db/ipf/ipstate.ipf 748and 749.Pa /var/db/ipf/ipnat.ipf . 750Passes 751.Sy ipfs_flags . 752.It Sy ipmon 753Boolean value. 754Runs 755.Xr ipmon 8 756to read 757.Xr ipf 8 758packet log information and log it to a file or the system log. 759Passes 760.Sy ipmon_flags . 761.It Sy ipmon_flags 762A string. 763Specifies arguments to supply to 764.Xr ipmon 8 . 765Defaults to 766.Dq Li -ns . 767A typical example would be 768.Dq Fl nD Pa /var/log/ipflog 769to have 770.Xr ipmon 8 771log directly to a file bypassing 772.Xr syslogd 8 . 773If the 774.Dq -D 775argument is used, remember to modify 776.Pa /etc/newsyslog.conf 777accordingly; for example: 778.Bd -literal 779/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 780.Ed 781.It Sy ipnat 782Boolean value. 783Runs 784.Xr ipnat 8 785to load in the IP network address translation (NAT) rules from 786.Pa /etc/ipnat.conf 787at network boot time, before any interfaces are configured. 788See 789.Xr ipnat.conf 5 . 790.It Sy ipsec 791Boolean value. 792Runs 793.Xr setkey 8 794to load in IPsec manual keys and policies from 795.Pa /etc/ipsec.conf 796at network boot time, before any interfaces are configured. 797.It Sy net_interfaces 798A string. 799The list of network interfaces to be configured at boot time. 800For each interface "xxN", the system first looks for ifconfig 801parameters in the variable 802.Sy ifconfig_xxN , 803and then in the file 804.Pa /etc/ifconfig.xxN . 805If 806.Sy auto_ifconfig 807is false, and neither the variable nor the file is found, 808a warning is printed. 809Information in either the variable or the file is parsed identically, 810except that, if an 811.Sy ifconfig_xxN 812variable contains a single line with embedded semicolons, 813then the value is split into multiple lines prior to further parsing, 814treating the semicolon as a line separator. 815One common case it to set 816.Sy ifconfig_xxN Ns Li \&= Ns Qq dhcp , 817which will cause 818.Xr dhcpcd 8 819to be started for the interface. 820Another common case it to set the 821.Sy ifconfig_xxN 822variable to a set of arguments to be passed to an 823.Xr ifconfig 8 824command after the interface name. 825Refer to 826.Xr ifconfig.if 5 827for more details on 828.Pa /etc/ifconfig.xxN 829files, and note that the information there also applies to 830.Sy ifconfig_xxN 831variables (after the variables are split into lines). 832.It Sy ntpdate 833Boolean value. 834Runs 835.Xr ntpdate 8 836to set the system time from one of the hosts in 837.Sy ntpdate_hosts . 838If 839.Sy ntpdate_hosts 840is empty, it will attempt to find a list of hosts in 841.Pa /etc/ntp.conf . 842Passes 843.Sy ntpdate_flags . 844.It Sy pf 845Boolean value. 846Enable 847.Xr pf 4 848at network boot time: 849Load the initial configuration 850.Xr pf.boot.conf 5 851before the network is up. 852After the network has been configured, then load the final ruleset 853.Xr pf.conf 5 . 854.It Sy pf_rules 855A string. 856The path of the 857.Xr pf.conf 5 858ruleset that will be used when loading the final ruleset. 859.It Sy pflogd 860Boolean value. 861Run 862.Xr pflogd 8 863for dumping packet filter logging information to a file. 864.It Sy ppp_peers 865A string. 866If 867.Sy ppp_peers 868is not empty, then 869.Pa /etc/rc.d/ppp 870will check each word in 871.Sy ppp_peers 872for a corresponding ppp configuration file in 873.Pa /etc/ppp/peers 874and will call 875.Xr pppd 8 876with the 877.Dq call Sy peer 878option. 879.It Sy racoon 880Boolean value. 881Runs 882.Xr racoon 8 , 883the IKE (ISAKMP/Oakley) key management daemon. 884.It Sy rtsol 885Boolean value. 886Run 887.Xr rtsol 8 , 888router solicitation command for IPv6 hosts. 889On nomadic hosts like notebook computers, you may want to enable 890.Sy rtsold 891as well. 892Passes 893.Sy rtsol_flags . 894This is only for autoconfigured IPv6 hosts, so set 895.Sy ip6mode 896to 897.Dq Li autohost 898if you use it. 899.It Sy wpa_supplicant 900Boolean value. 901Run 902.Xr wpa_supplicant 8 , 903WPA/802.11i Supplicant for wireless network devices. 904If you set 905.Sy wpa_suplicant 906true, then 907.Pa /usr 908must be in 909.Sy critical_filesystems_local , 910or 911.Pa /usr 912must be on the root file system. 913.El 914.Ss Daemons required by other daemons 915.Bl -tag -width net_interfaces 916.It Sy inetd 917Boolean value. 918Runs the 919.Xr inetd 8 920daemon to start network server processes (as listed in 921.Pa /etc/inetd.conf ) 922as necessary. 923Passes 924.Sy inetd_flags . 925The 926.Dq Li -l 927flag turns on libwrap connection logging. 928.It Sy rpcbind 929Boolean value. 930The 931.Xr rpcbind 8 932daemon is required for any 933.Xr rpc 3 934services. 935These include NFS, 936.Tn NIS , 937.Xr rpc.bootparamd 8 , 938.Xr rpc.rstatd 8 , 939.Xr rpc.rusersd 8 , 940and 941.Xr rpc.rwalld 8 . 942Passes 943.Sy rpcbind_flags . 944.El 945.Ss Commonly used daemons 946.Bl -tag -width net_interfaces 947.It Sy cron 948Boolean value. 949Run 950.Xr cron 8 . 951.It Sy ftpd 952Runs the 953.Xr ftpd 8 954daemon and passes 955.Sy ftpd_flags . 956.It Sy httpd 957Boolean value. 958Runs the 959.Xr httpd 8 960daemon and passes 961.Sy httpd_flags . 962.It Sy httpd_wwwdir 963A string. 964The 965.Xr httpd 8 966WWW root directory. 967Used only if 968.Sy httpd 969is true. 970The default setting is 971.Dq Pa /var/www . 972.It Sy httpd_wwwuser 973A string. 974If non-blank and 975.Sy httpd 976is true, run 977.Xr httpd 8 978and cause it to switch to the specified user after initialization. 979It is preferred to 980.Sy httpd_user 981because 982.Xr httpd 8 983is requiring extra privileges to start listening on default port 80. 984The default setting is 985.Dq Dv _httpd . 986.It Sy lpd 987Boolean value. 988Runs 989.Xr lpd 8 990and passes 991.Sy lpd_flags . 992The 993.Dq Li -l 994flag will turn on extra logging. 995.It Sy named 996Boolean value. 997Runs 998.Xr named 8 999and passes 1000.Sy named_flags . 1001.It Sy named_chrootdir 1002A string. 1003If non-blank and 1004.Sy named 1005is true, run 1006.Xr named 8 1007as the unprivileged user and group 1008.Sq named , 1009.Xr chroot 2 Ns ed 1010to 1011.Sy named_chrootdir . 1012.Sy named_chrootdir Ns Pa /var/run/log 1013will be added to the list of log sockets that 1014.Xr syslogd 8 1015listens to. 1016.It Sy ntpd 1017Boolean value. 1018Runs 1019.Xr ntpd 8 1020and passes 1021.Sy ntpd_flags . 1022.It Sy ntpd_chrootdir 1023A string. 1024If non-blank and 1025.Sy ntpd 1026is true, run 1027.Xr ntpd 8 1028as the unprivileged user and group 1029.Sq ntpd , 1030.Xr chroot 2 Ns ed 1031to 1032.Sy ntpd_chrootdir . 1033.Sy ntpd_chrootdir Ns Pa /var/run/log 1034will be added to the list of log sockets that 1035.Xr syslogd 8 1036listens to. 1037This option requires that the kernel has 1038.Dl pseudo-device clockctl 1039compiled in, and that 1040.Pa /dev/clockctl 1041is present. 1042.It Sy postfix 1043Boolean value. 1044Starts 1045.Xr postfix 1 1046mail system. 1047.It Sy sshd 1048Boolean value. 1049Runs 1050.Xr sshd 8 1051and passes 1052.Sy sshd_flags . 1053.It Sy syslogd 1054Boolean value. 1055Runs 1056.Xr syslogd 8 1057and passes 1058.Sy syslogd_flags . 1059.It Sy timed 1060Boolean value. 1061Runs 1062.Xr timed 8 1063and passes 1064.Sy timed_flags . 1065The 1066.Dq Li -M 1067option allows 1068.Xr timed 8 1069to be a master time source as well as a slave. 1070If you are also running 1071.Xr ntpd 8 , 1072only one machine running both should have the 1073.Dq Li -M 1074flag given to 1075.Xr timed 8 . 1076.El 1077.Ss Routing daemons 1078.Bl -tag -width net_interfaces 1079.It Sy mrouted 1080Boolean value. 1081Runs 1082.Xr mrouted 8 , 1083the DVMRP multicast routing protocol daemon. 1084Passes 1085.Sy mrouted_flags . 1086.It Sy route6d 1087Boolean value. 1088Runs 1089.Xr route6d 8 , 1090the RIPng routing protocol daemon for IPv6. 1091Passes 1092.Sy route6d_flags . 1093.It Sy routed 1094Boolean value. 1095Runs 1096.Xr routed 8 , 1097the RIP routing protocol daemon. 1098Passes 1099.Sy routed_flags . 1100.\" This should be false 1101.\" if 1102.\" .Sy gated 1103.\" is true. 1104.It Sy rtsold 1105Boolean value. 1106Runs 1107.Xr rtsold 8 , 1108the IPv6 router solicitation daemon. 1109.Xr rtsold 8 1110periodically transmits router solicitation packets 1111to find IPv6 routers on the network. 1112This configuration is mainly for nomadic hosts like notebook computers. 1113Stationary hosts should work fine with just 1114.Sy rtsol . 1115Passes 1116.Sy rtsold_flags . 1117This is only for autoconfigured IPv6 hosts, so set 1118.Sy ip6mode 1119to 1120.Dq Li autohost 1121if you use it. 1122.El 1123.Ss Daemons used to boot other hosts over a network 1124.Bl -tag -width net_interfaces 1125.It Sy bootparamd 1126Boolean value. 1127Runs 1128.Xr bootparamd 8 , 1129the boot parameter server, with 1130.Sy bootparamd_flags 1131as options. 1132Used to boot 1133.Nx 1134and 1135.Tn "SunOS 4.x" 1136systems. 1137.It Sy dhcpd 1138Boolean value. 1139Runs 1140.Xr dhcpd 8 , 1141the Dynamic Host Configuration Protocol (DHCP) daemon, 1142for assigning IP addresses to hosts and passing boot information. 1143Passes 1144.Sy dhcpd_flags . 1145.It Sy dhcrelay 1146Boolean value. 1147Runs 1148.Xr dhcrelay 8 . 1149Passes 1150.Sy dhcrelay_flags . 1151.It Sy mopd 1152Boolean value. 1153Runs 1154.Xr mopd 8 , 1155the 1156.Tn DEC 1157.Tn MOP 1158protocol daemon; used for booting 1159.Tn VAX 1160and other 1161.Tn DEC 1162machines. 1163Passes 1164.Sy mopd_flags . 1165.It Sy ndbootd 1166Boolean value. 1167Runs 1168.Xr ndbootd 8 , 1169the Sun Network Disk (ND) Protocol server. 1170Passes 1171.Sy ndbootd_flags . 1172.It Sy rarpd 1173Boolean value. 1174Runs 1175.Xr rarpd 8 , 1176the reverse ARP daemon, often used to boot 1177.Nx 1178and Sun workstations. 1179Passes 1180.Sy rarpd_flags . 1181.It Sy rbootd 1182Boolean value. 1183Runs 1184.Xr rbootd 8 , 1185the 1186.Tn HP 1187boot protocol daemon; used for booting 1188.Tn HP 1189workstations. 1190Passes 1191.Sy rbootd_flags . 1192.It Sy rtadvd 1193Boolean value. 1194Runs 1195.Xr rtadvd 8 , 1196the IPv6 router advertisement daemon, which is used to advertise 1197information about the subnet to IPv6 end hosts. 1198Passes 1199.Sy rtadvd_flags . 1200This is only for IPv6 routers, so set 1201.Sy ip6mode 1202to 1203.Dq Li router 1204if you use it. 1205.El 1206.Ss X Window System daemons 1207.Bl -tag -width net_interfaces 1208.It Sy xdm 1209Boolean value. 1210Runs the 1211.Xr xdm 1 1212X display manager. 1213These X daemons are available only with the optional X distribution of 1214.Nx . 1215.It Sy xfs 1216Boolean value. 1217Runs the 1218.Xr xfs 1 1219X11 font server, which supplies local X font files to X terminals. 1220.El 1221.Ss NIS (YP) daemons 1222.Bl -tag -width net_interfaces 1223.It Sy ypbind 1224Boolean value. 1225Runs 1226.Xr ypbind 8 , 1227which lets 1228.Tn NIS 1229(YP) clients use information from a 1230.Tn NIS 1231server. 1232Passes 1233.Sy ypbind_flags . 1234.It Sy yppasswdd 1235Boolean value. 1236Runs 1237.Xr yppasswdd 8 , 1238which allows remote 1239.Tn NIS 1240users to update password on master server. 1241Passes 1242.Sy yppasswdd_flags . 1243.It Sy ypserv 1244Boolean value. 1245Runs 1246.Xr ypserv 8 , 1247the 1248.Tn NIS 1249(YP) server for distributing information from certain files in 1250.Pa /etc . 1251Passes 1252.Sy ypserv_flags . 1253The 1254.Dq Li -d 1255flag causes it to use DNS for lookups in 1256.Pa /etc/hosts 1257that fail. 1258.El 1259.Ss NFS daemons and parameters 1260.Bl -tag -width net_interfaces 1261.It Sy amd 1262Boolean value. 1263Runs 1264.Xr amd 8 , 1265the automounter daemon, which automatically mounts NFS file systems 1266whenever a file or directory within that file system is accessed. 1267Passes 1268.Sy amd_flags . 1269.It Sy amd_dir 1270A string. 1271The 1272.Xr amd 8 1273mount directory. 1274Used only if 1275.Sy amd 1276is true. 1277.It Sy lockd 1278Boolean value. 1279Runs 1280.Xr rpc.lockd 8 1281if 1282.Sy nfs_server 1283and/or 1284.Sy nfs_client 1285are true. 1286Passes 1287.Sy lockd_flags . 1288.It Sy mountd 1289Boolean value. 1290Runs 1291.Xr mountd 8 1292and passes 1293.Sy mountd_flags . 1294.It Sy nfs_client 1295Boolean value. 1296The number of local NFS asynchronous I/O server is now controlled via 1297.Xr sysctl 8 . 1298.It Sy nfs_server 1299Boolean value. 1300Sets up a host to be a NFS server by running 1301.Xr nfsd 8 1302and passing 1303.Sy nfsd_flags . 1304.It Sy statd 1305Boolean value. 1306Runs 1307.Xr rpc.statd 8 , 1308a status monitoring daemon used when 1309.Xr rpc.lockd 8 1310is running, if 1311.Sy nfs_server 1312and/or 1313.Sy nfs_client 1314are true. 1315Passes 1316.Sy statd_flags . 1317.El 1318.Ss Bluetooth configuration and daemons 1319.Bl -tag -width net_interfaces 1320.It Sy btattach 1321Boolean value. 1322Attach serial bluetooth interfaces as listed in the configuration file 1323.Pa /etc/bluetooth/btdevctl.conf . 1324.It Sy btconfig 1325Boolean value. 1326Configure bluetooth devices. 1327If the 1328.Sy btconfig_devices 1329variable below is not specified, all devices known to the system 1330will be configured. 1331For each device, configuration arguments are first looked for 1332in the 1333.Sy btconfig_{dev} 1334variable, otherwise the value of the 1335.Sy btconfig_args 1336variable will be used, and if that is not specified the default string is 1337.Sq enable . 1338.It Sy btconfig_devices 1339An optional space separated list of bluetooth devices to be configured at 1340boot time. 1341.It Sy btconfig_args 1342An optional string, containing default arguments for bluetooth devices to 1343be configured. 1344.It Sy btdevctl 1345Boolean value. 1346Configure Bluetooth devices as listed in the configuration file 1347.Pa /etc/bluetooth/btdevctl.conf . 1348.It Sy bthcid 1349Boolean value. 1350Runs 1351.Xr bthcid 8 , 1352the Bluetooth HCI daemon, which manages link keys and PIN codes for 1353Bluetooth links. 1354Passes 1355.Sy bthcid_flags . 1356.It Sy sdpd 1357Boolean value. 1358Runs the Service Discovery Profile daemon, 1359.Xr sdpd 8 . 1360Passes 1361.Sy sdpd_flags . 1362.El 1363.Ss Other daemons 1364.Bl -tag -width net_interfaces 1365.It Sy identd 1366Boolean value. 1367Runs 1368.Xr identd 8 , 1369the daemon for the user identification protocol. 1370Passes 1371.Sy identd_flags . 1372.It Sy iscsi_target 1373Boolean value. 1374Runs the server for iSCSI requests, 1375.Xr iscsi-target 8 . 1376Passes 1377.Sy iscsi_target_flags . 1378.It Sy isdnd 1379Boolean value. 1380Runs 1381.Xr isdnd 8 , 1382the isdn4bsd ISDN connection management daemon. 1383Passes 1384.Sy isdnd_flags . 1385.It Sy isdn_autoupdown 1386Boolean value. 1387Set all configured ISDN interfaces to 1388.Dq up . 1389If 1390.Sy isdn_interfaces 1391is not blank, only the listed interfaces will be modified. 1392Used only if 1393.Sy isdnd 1394is true. 1395.It Sy kdc 1396Boolean value. 1397Runs the 1398.Xr kdc 8 1399Kerberos v4 and v5 server. 1400This should be run on Kerberos master and slave servers. 1401.It Sy rwhod 1402Boolean value. 1403Runs 1404.Xr rwhod 8 1405to support the 1406.Xr rwho 1 1407and 1408.Xr ruptime 1 1409commands. 1410.El 1411.Ss Hardware daemons 1412.Bl -tag -width net_interfaces 1413.It Sy apmd 1414Boolean value. 1415Runs 1416.Xr apmd 8 1417and passes 1418.Sy apmd_flags . 1419.It Sy irdaattach 1420Boolean value. 1421Runs 1422.Xr irdaattach 8 1423and passes 1424.Sy irdaattach_flags . 1425.It Sy moused 1426Boolean value. 1427Runs 1428.Xr moused 8 , 1429to pass serial mouse data to the wscons mouse mux. 1430Passes 1431.Sy moused_flags . 1432.It Sy screenblank 1433Boolean value. 1434Runs 1435.Xr screenblank 1 1436and passes 1437.Sy screenblank_flags . 1438.It Sy wscons 1439Boolean value. 1440Configures the 1441.Xr wscons 4 1442console driver, from the configuration file 1443.Pa /etc/wscons.conf . 1444.It Sy wsmoused 1445Boolean value. 1446Runs 1447.Xr wsmoused 8 , 1448to provide copy and paste text support in wscons displays. 1449Passes 1450.Sy wsmoused_flags . 1451.El 1452.Sh FILES 1453.Bl -tag -width /etc/defaults/rc.conf -compact 1454.It Pa /etc/rc.conf 1455The file 1456.Nm 1457resides in 1458.Pa /etc . 1459.It Pa /etc/defaults/rc.conf 1460Default settings for 1461.Nm , 1462sourced by 1463.Nm 1464before the end-user configuration section. 1465.It Pa /etc/rc.conf.d/ Ns Ar foo 1466.Ar foo Ns No -specific 1467.Nm 1468overrides. 1469.El 1470.Sh SEE ALSO 1471.Xr boot 8 , 1472.Xr rc 8 , 1473.Xr rc.d 8 , 1474.Xr rc.subr 8 , 1475.Xr rcorder 8 1476.Sh HISTORY 1477The 1478.Nm 1479file appeared in 1480.Nx 1.3 . 1481