1.\" $NetBSD: rc.conf.5,v 1.171 2018/07/13 21:46:58 maya Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd July 14, 2018 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Sq Ic YES , 127.Sq Ic TRUE , 128.Sq Ic ON 129or 130.Sq Ic 1 131for true, and 132.Sq Ic NO , 133.Sq Ic FALSE , 134.Sq Ic OFF 135or 136.Sq Ic 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with "_flags" appended, and determine what 141arguments are passed to the program if it is enabled. 142.Pp 143If a variable that 144.Xr rc 8 145expects to be set is not set, or the value is not one of the allowed 146values, a warning will be printed. 147.Ss Overall control 148.Bl -tag -width net_interfaces 149.It Sy do_rcshutdown 150Boolean value. 151If false, 152.Xr shutdown 8 153will not run 154.Pa /etc/rc.shutdown . 155.It Sy rcshutdown_rcorder_flags 156A string. 157Extra arguments to the 158.Xr rcorder 8 159run by 160.Pa /etc/rc.shutdown . 161.It Sy rcshutdown_timeout 162A number. 163If non-blank, use this as the number of seconds to run a watchdog timer for 164which will terminate 165.Pa /etc/rc.shutdown 166if the timer expires before the shutdown script completes. 167.It Sy rc_configured 168Boolean value. 169If false then the system will drop into single-user mode during boot. 170.It Sy rc_fast_and_loose 171If set to a non-empty string, 172each script in 173.Pa /etc/rc.d 174will be executed in the current shell rather than a sub shell. 175This may be faster on slow machines that have an expensive 176.Xr fork 2 177operation. 178.Bl -hang 179.It Em Note : 180Use this at your own risk! 181A rogue command or script may inadvertently prevent boot to multiuser. 182.El 183.It Sy rc_rcorder_flags 184A string. 185Extra arguments to the 186.Xr rcorder 8 187run by 188.Pa /etc/rc . 189.It Sy rc_directories 190A string. 191Space separated list of directories searched for rc scripts. 192The default is 193.Pa /etc/rc.d . 194All directories in 195.Ev rc_directories 196must be located in the root file system, otherwise they will be silently 197skipped. 198.It Sy rc_silent 199Boolean value. 200If true then the usual output is suppressed, and 201.Xr rc 8 202invokes the command specified in the 203.Va rc_silent_cmd 204variable once for each line of suppressed output. 205The default value of 206.Va rc_silent 207is set from the 208.Dv AB_SILENT 209flag in the kernel's 210.Va boothowto 211variable (see 212.Xr boot 8 , 213.Xr reboot 2 ) . 214.It Sy rc_silent_cmd 215A command to be executed once per line of suppressed output, when 216.Va rc_silent 217is true. 218The default value of 219.Va rc_silent_cmd 220is 221.Dq twiddle , 222which will display a spinning symbol instead of each line of output. 223Another useful value is 224.Dq \&: , 225which will display nothing at all. 226.El 227.Ss Basic network configuration 228.Bl -tag -width net_interfaces 229.It Sy defaultroute 230A string. 231Default IPv4 network route. 232If empty or not set, then the contents of 233.Pa /etc/mygate 234(if it exists) are used. 235.It Sy defaultroute6 236A string. 237Default IPv6 network route. 238If empty or not set, then the contents of 239.Pa /etc/mygate6 240(if it exists) are used. 241.It Sy domainname 242A string. 243NIS (YP) domain of host. 244If empty or not set, then the contents of 245.Pa /etc/defaultdomain 246(if it exists) are used. 247.It Sy force_down_interfaces 248A space separated list of interface names. 249These interfaces will be configured down when going from multiuser to single-user 250mode or on system shutdown. 251.Pp 252This is important for some stateful interfaces, for example PPP over ISDN 253connections that cost money by connection time or PPPoE interfaces which 254have no direct means of noticing 255.Dq disconnect 256events. 257.Pp 258All active 259.Xr pppoe 4 260and 261.Xr ippp 4 262interfaces will be automatically added to this list. 263.It Sy hostname 264A string. 265Name of host. 266If empty or not set, then the contents of 267.Pa /etc/myname 268(if it exists) are used. 269.El 270.Ss Boottime file-system and swap configuration 271.Bl -tag -width net_interfaces 272.It Sy critical_filesystems_local 273A string. 274File systems mounted very early in the system boot before networking 275services are available. 276Usually 277.Pa /var 278is part of this, because it is needed by services such as 279.Xr dhcpcd 8 280which may be required to get the network operational. 281The default is 282.Dq "OPTIONAL:/var" , 283where the 284.Dq "OPTIONAL:" 285prefix means that it's not an error if the file system is not 286present in 287.Xr fstab 5 . 288.It Sy critical_filesystems_remote 289A string. 290File systems such as 291.Pa /usr 292that may require network services to be available to mount, 293that must be available early in the system boot for general services to use. 294The default is 295.Dq "OPTIONAL:/usr" , 296where the 297.Dq "OPTIONAL:" 298prefix means that it is not an error if the file system is not 299present in 300.Xr fstab 5 . 301.It Sy fsck_flags 302A string. 303A file system is checked with 304.Xr fsck 8 305during boot before mounting it. 306This option may be used to override the default command-line options 307passed to the 308.Xr fsck 8 309program. 310.Pp 311When set to 312.Fl y , 313.Xr fsck 8 314assumes yes as the answer to all operator questions during file system checks. 315This might be important with hosts where the administrator does not have 316access to the console and an unsuccessful shutdown must not make the host 317unbootable even if the file system checks would fail in preen mode. 318.It Sy no_swap 319Boolean value. 320Should be true if you have deliberately configured your system with no swap. 321If false and no swap devices are configured, the system will warn you. 322.It Sy resize_root 323Boolean value. 324Set to true to have the system resize the root file system to fill its 325partition. 326Will only attempt to resize the root file system if it is of type ffs and does 327not have logging enabled. 328Defaults to false. 329.It Sy swapoff 330Boolean value. 331Remove block-type swap devices at shutdown time. 332Useful if swapping onto RAIDframe devices. 333.El 334.Ss Block device subsystems 335.Bl -tag -width net_interfaces 336.It Sy ccd 337Boolean value. 338Configures concatenated disk devices according to 339.Xr ccd.conf 5 . 340.It Sy cgd 341Boolean value. 342Configures cryptographic disk devices. 343Requires 344.Pa /etc/cgd/cgd.conf . 345See 346.Xr cgdconfig 8 347for additional details. 348.It Sy lvm 349Boolean value. 350Configures the logical volume manager. 351See 352.Xr lvm 8 353for additional details. 354.It Sy raidframe 355Boolean value. 356Configures 357.Xr raid 4 , 358RAIDframe disk devices. 359See 360.Xr raidctl 8 361for additional details. 362.El 363.Ss One-time actions to perform or programs to run on boot-up 364.Bl -tag -width net_interfaces 365.It Sy accounting 366Boolean value. 367Enables process accounting with 368.Xr accton 8 . 369Requires 370.Pa /var/account/acct 371to exist. 372.It Sy clear_tmp 373Boolean value. 374Clear 375.Pa /tmp 376after reboot. 377.It Sy dmesg 378Boolean value. 379Create 380.Pa /var/run/dmesg.boot 381from the output of 382.Xr dmesg 8 . 383Passes 384.Sy dmesg_flags . 385.It Sy envsys 386Boolean value. 387Sets preferences for the environmental systems framework, 388.Xr envsys 4 . 389Requires 390.Pa /etc/envsys.conf , 391which is described in 392.Xr envsys.conf 5 . 393.It Sy gpio 394Boolean value. 395Configure 396.Xr gpio 4 397devices. 398See 399.Xr gpio.conf 5 . 400.It Sy ldconfig 401Boolean value. 402Configures 403.Xr a.out 5 404runtime link editor directory cache. 405.It Sy mixerctl 406Boolean value. 407Read 408.Xr mixerctl.conf 5 409for how to set mixer values. 410List in 411.Sy mixerctl_mixers 412the devices whose settings are to be saved at shutdown and 413restored at start-up. 414.It Sy newsyslog 415Boolean value. 416Run 417.Nm newsyslog 418to trim log files before syslogd starts. 419Intended for laptop users. 420Passes 421.Sy newsyslog_flags . 422.It Sy per_user_tmp 423Boolean value. 424Enables a per-user 425.Pa /tmp 426directory. 427.Sy per_user_tmp_dir 428can be used to override the default location of the 429.Dq real 430temporary directories, 431.Dq Pa /private/tmp . 432See 433.Xr security 7 434for additional details. 435.It Sy quota 436Boolean value. 437Checks and enables quotas by running 438.Xr quotacheck 8 439and 440.Xr quotaon 8 . 441.It Sy random_seed 442Boolean value. 443During boot-up, runs the 444.Xr rndctl 8 445utility with the 446.Fl L 447flag to seed the random number subsystem from an entropy file. 448During shutdown, runs the 449.Xr rndctl 8 450utility with the 451.Fl S 452flag to save some random information to the entropy file. 453The entropy file name is specified by the 454.Sy random_file 455variable, and defaults to 456.Pa /var/db/entropy-file . 457The entropy file must be on a local file system that is writable early during 458boot-up (just after the file systems specified in 459.Sy critical_filesystems_local 460have been mounted), and correspondingly late during shutdown. 461.It Sy rndctl 462Boolean value. 463Runs the 464.Xr rndctl 8 465utility one or more times according to the specification in 466.Sy rndctl_flags . 467.Pp 468If 469.Sy rndctl_flags 470does not contain a semicolon 471.Pq Ql \&; 472then it is expected to contain zero or more flags, 473followed by one or more device or type names. 474The 475.Xr rndctl 8 476command will be executed once for each device or type name. 477If the specified flags do not include any of 478.Fl c , C , e , 479or 480.Fl E , 481then the flags 482.Fl c 483and 484.Fl e 485are added, to specify that entropy from the relevant device or type 486should be both collected and estimated. 487If the specified flags do not include either of 488.Fl d 489or 490.Fl t , 491then the flag 492.Fl d 493is added, to specify that the non-flag arguments are device names, 494not type names. 495.Pp 496.Sy rndctl_flags 497may contain multiple semicolon-separated segments, in which each 498segment contains flags and device or type names as described above. 499This allows different flags to be associated with different 500device or type names. 501For example, given 502.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 503the following commands will be executed: 504.Li "rndctl -c -e -d wd0" ; 505.Li "rndctl -c -e -d wd1" ; 506.Li "rndctl -c -e -t tty" ; 507.Li "rndctl -c -t net" . 508.It Sy rtclocaltime 509Boolean value. 510Sets the real time clock to local time by adjusting the 511.Xr sysctl 7 512value of 513.Pa kern.rtc_offset . 514The offset from UTC is calculated automatically according 515to the time zone information in the file 516.Pa /etc/localtime . 517.It Sy savecore 518Boolean value. 519Runs the 520.Xr savecore 8 521utility. 522Passes 523.Sy savecore_flags . 524The directory where crash dumps are stored is specified by 525.Sy savecore_dir . 526The default setting is 527.Dq Pa /var/crash . 528.It Sy sysdb 529Boolean value. 530Builds various system databases, including 531.Pa /var/run/dev.cdb , 532.Pa /etc/spwd.db , 533.Pa /var/db/netgroup.db , 534.Pa /var/db/services.cdb , 535and entries for 536.Xr utmp 5 . 537.It Sy tpctl 538Boolean value. 539Run 540.Xr tpctl 8 541to calibrate touch panel device. 542Passes 543.Sy tpctl_flags . 544.It Sy update_motd 545Boolean value. 546Updates the 547.Nx 548version string in the 549.Pa /etc/motd 550file to reflect the version of the running kernel. 551See 552.Xr motd 5 . 553.It Sy virecover 554Boolean value. 555Send notification mail to users if any recoverable files exist in 556.Pa /var/tmp/vi.recover . 557Read 558.Xr virecover 8 559for more information. 560.It Sy wdogctl 561Boolean value. 562Configures watchdog timers. 563Passes 564.Sy wdogctl_flags . 565Refer to 566.Xr wdogctl 8 567for information on how to configure a timer. 568.El 569.Ss System security settings 570.Bl -tag -width net_interfaces 571.It Sy securelevel 572A number. 573The system securelevel is set to the specified value early 574in the boot process, before any external logins, or other programs 575that run users job, are started. 576If set to nothing, the default action is taken, as described in 577.Xr init 8 578and 579.Xr secmodel_securelevel 9 , 580which contains definitive information about the system securelevel. 581Note that setting 582.Sy securelevel 583to 0 in 584.Nm 585will actually result in the system booting with securelevel set to 1, as 586.Xr init 8 587will raise the level when 588.Xr rc 8 589completes. 590.It Sy permit_nonalpha 591Boolean value. 592Allow passwords to include non-alpha characters, usually to allow 593NIS/YP netgroups. 594.It Sy veriexec 595Boolean value. 596Load Veriexec fingerprints during startup. 597Read 598.Xr veriexecctl 8 599for more information. 600.It Sy veriexec_strict 601A number. 602Controls the strict level of Veriexec. 603Level 0 is learning mode, used when building the signatures file. 604It will only output messages but will not enforce anything. 605Level 1 will only prevent access to files with a fingerprint 606mismatch. 607Level 2 will also deny writing to and removing of 608monitored files, as well as enforce access type (as specified in 609the signatures file). 610Level 3 will take a step further and prevent 611access to files that are not monitored. 612.It Sy veriexec_verbose 613A number. 614Controls the verbosity of Veriexec. 615Recommended operation is at level 0, verbose output (mostly used when 616building the signatures file) is at level 1. 617Level 2 is for debugging only and should not be used. 618.It Sy veriexec_flags 619A string. 620Flags to pass to the 621.Nm veriexecctl 622command. 623.El 624.Ss Networking startup 625.Bl -tag -width net_interfaces 626.It Sy altqd 627Boolean value. 628ALTQ configuration/monitoring daemon. 629Passes 630.Sy altqd_flags . 631.It Sy auto_ifconfig 632Boolean value. 633Sets the 634.Sy net_interfaces 635variable (see below) to the output of 636.Xr ifconfig 8 637with the 638.Dq Li -l 639flag and suppresses warnings about interfaces in this list that 640do not have an ifconfig file or variable. 641.It Sy blacklistd 642Boolean value. 643Runs 644.Xr blacklistd 8 645to dynamically block hosts on a DoS according to configuration set in 646.Xr blacklistd.conf 5 647.It Sy dhcpcd 648Boolean value. 649Set true to configure some or all network interfaces using dhcpcd. 650If you set 651.Sy dhcpcd 652true, then 653.Pa /var 654must be in 655.Sy critical_filesystems_local , 656or 657.Pa /var 658must be on the root file system. 659If you need to restrict dhcpcd to one or a number of interfaces, 660or need a separate configuration per interface, 661then this should be done in the configuration file - see 662.Xr dhcpcd.conf 5 663for details. 664dhcpcd presently ignores the 665.Sy wpa_supplicant 666variable in rc.conf and will start wpa_supplicant if a suitable 667wpa_supplicant.conf is found unless otherwise instructed in 668.Xr dhcpcd.conf 5 . 669.It Sy dhcpcd_flags 670Passes 671.Sy dhcpcd_flags 672to dhcpcd. 673See 674.Xr dhcpcd 8 675for complete documentation. 676.It Sy flushroutes 677Boolean value. 678Flushes the route table on networking startup. 679Useful when coming up to multiuser mode after going down to 680single-user mode. 681.It Sy ftp_proxy 682Boolean value. 683Runs 684.Xr ftp-proxy 8 , 685the proxy daemon for the Internet File Transfer Protocol. 686.It Sy hostapd 687Boolean value. 688Runs 689.Xr hostapd 8 , 690the authenticator for IEEE 802.11 networks. 691.It Sy ifaliases_* 692A string. 693List of 694.Sq Em "address netmask" 695pairs to configure additional network addresses for the given 696configured interface 697.Dq * 698(e.g. 699.Sy ifaliases_le0 ) . 700If 701.Em netmask 702is 703.Dq - , 704then use the default netmask for the interface. 705.Pp 706.Sy ifaliases_* 707covers limited cases only and is considered unrecommended. 708We recommend using 709.Sy ifconfig_nnX 710variables or 711.Pa /etc/ifconfig.xxN 712files with multiple lines instead. 713.It Sy ifwatchd 714Boolean value. 715Monitor dynamic interfaces and perform actions upon address changes. 716Passes 717.Sy ifwatchd_flags . 718.It Sy ip6addrctl 719Boolean value. 720Fine grain control of address and routing priorities. 721.It Sy ip6addrctl_policy 722A string. 723Can be: 724.Bl -tag -width auto -compact 725.It Li auto 726automatically determine from system settings; will read priorities from 727.Pa /etc/ip6addrctl.conf 728or if that file does not exist it will default to IPv6 first, then IPv4. 729.It Li ipv4_prefer 730try IPv4 before IPv6. 731.It Li ipv6_prefer 732try IPv6 before IPv4. 733.El 734.It Sy ip6addrctl_verbose 735Boolean value. 736If set, print the resulting prefixes and priorities map. 737.It Sy ip6mode 738A string. 739An IPv6 node can be a router 740.Pq nodes that forward packet for others 741or a host 742.Pq nodes that do not forward . 743A host can be autoconfigured 744based on the information advertised by adjacent IPv6 routers. 745By setting 746.Sy ip6mode 747to 748.Dq Li router , 749.Dq Li host , 750or 751.Dq Li autohost , 752you can configure your node as a router, 753a non-autoconfigured host, or an autoconfigured host. 754Invalid values will be ignored, and the node will be configured as 755a non-autoconfigured host. 756.It Sy ip6uniquelocal 757Boolean value. 758If 759.Sy ip6mode 760is equal to 761.Dq Li router , 762and 763.Sy ip6uniquelocal 764is false, 765a reject route will be installed on boot to avoid misconfiguration relating 766to unique-local addresses. 767If 768.Sy ip6uniquelocal 769is true, the reject route won't be installed. 770.It Sy ipfilter 771Boolean value. 772Runs 773.Xr ipf 8 774to load in packet filter specifications from 775.Pa /etc/ipf.conf 776at network boot time, before any interfaces are configured. 777Passes 778.Sy ipfilter_flags . 779See 780.Xr ipf.conf 5 . 781.It Sy ipfs 782Boolean value. 783Runs 784.Xr ipfs 8 785to save and restore information for ipnat and ipfilter state tables. 786The information is stored in 787.Pa /var/db/ipf/ipstate.ipf 788and 789.Pa /var/db/ipf/ipnat.ipf . 790Passes 791.Sy ipfs_flags . 792.It Sy ipmon 793Boolean value. 794Runs 795.Xr ipmon 8 796to read 797.Xr ipf 8 798packet log information and log it to a file or the system log. 799Passes 800.Sy ipmon_flags . 801.It Sy ipmon_flags 802A string. 803Specifies arguments to supply to 804.Xr ipmon 8 . 805Defaults to 806.Dq Li -ns . 807A typical example would be 808.Dq Fl nD Pa /var/log/ipflog 809to have 810.Xr ipmon 8 811log directly to a file bypassing 812.Xr syslogd 8 . 813If the 814.Dq -D 815argument is used, remember to modify 816.Pa /etc/newsyslog.conf 817accordingly; for example: 818.Bd -literal 819/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 820.Ed 821.It Sy ipnat 822Boolean value. 823Runs 824.Xr ipnat 8 825to load in the IP network address translation (NAT) rules from 826.Pa /etc/ipnat.conf 827at network boot time, before any interfaces are configured. 828See 829.Xr ipnat.conf 5 . 830.It Sy ipsec 831Boolean value. 832Runs 833.Xr setkey 8 834to load in IPsec manual keys and policies from 835.Pa /etc/ipsec.conf 836at network boot time, before any interfaces are configured. 837.It Sy npf 838Boolean value. 839Loads 840.Xr npf.conf 5 841at network boot time, and starts 842.Xr npf 7 . 843.It Sy npfd 844Boolean value. 845Runs 846.Xr npfd 8 , 847the NPF packet filter logging and state synchronization daemon. 848.It Sy net_interfaces 849A string. 850The list of network interfaces to be configured at boot time. 851For each interface "xxN", the system first looks for ifconfig 852parameters in the variable 853.Sy ifconfig_xxN , 854and then in the file 855.Pa /etc/ifconfig.xxN . 856If 857.Sy auto_ifconfig 858is false, and neither the variable nor the file is found, 859a warning is printed. 860Information in either the variable or the file is parsed identically, 861except that, if an 862.Sy ifconfig_xxN 863variable contains a single line with embedded semicolons, 864then the value is split into multiple lines prior to further parsing, 865treating the semicolon as a line separator. 866.Pp 867One common case it to set the 868.Sy ifconfig_xxN 869variable to a set of arguments to be passed to an 870.Xr ifconfig 8 871command after the interface name. 872Refer to 873.Xr ifconfig.if 5 874for more details on 875.Pa /etc/ifconfig.xxN 876files, and note that the information there also applies to 877.Sy ifconfig_xxN 878variables (after the variables are split into lines). 879.It Sy ntpdate 880Boolean value. 881Runs 882.Xr ntpdate 8 883to set the system time from one of the hosts in 884.Sy ntpdate_hosts . 885If 886.Sy ntpdate_hosts 887is empty, it will attempt to find a list of hosts in 888.Pa /etc/ntp.conf . 889Passes 890.Sy ntpdate_flags . 891.It Sy pf 892Boolean value. 893Enable 894.Xr pf 4 895at network boot time: 896Load the initial configuration 897.Xr pf.boot.conf 5 898before the network is up. 899After the network has been configured, then load the final rule set 900.Xr pf.conf 5 . 901.It Sy pf_rules 902A string. 903The path of the 904.Xr pf.conf 5 905rule set that will be used when loading the final rule set. 906.It Sy pflogd 907Boolean value. 908Run 909.Xr pflogd 8 910for dumping packet filter logging information to a file. 911.It Sy ppp 912A boolean. 913Toggles starting 914.Xr pppd 8 915on startup. 916See 917.Sy ppp_peers 918below. 919.It Sy ppp_peers 920A string. 921If 922.Sy ppp 923is true and 924.Sy ppp_peers 925is not empty, then 926.Pa /etc/rc.d/ppp 927will check each word in 928.Sy ppp_peers 929for a corresponding ppp configuration file in 930.Pa /etc/ppp/peers 931and will call 932.Xr pppd 8 933with the 934.Dq call Sy peer 935option. 936.It Sy racoon 937Boolean value. 938Runs 939.Xr racoon 8 , 940the IKE (ISAKMP/Oakley) key management daemon. 941.It Sy wpa_supplicant 942Boolean value. 943Run 944.Xr wpa_supplicant 8 , 945WPA/802.11i Supplicant for wireless network devices. 946If you set 947.Sy wpa_supplicant 948true, then 949.Pa /usr 950must be in 951.Sy critical_filesystems_local , 952or 953.Pa /usr 954must be on the root file system. 955dhcpcd ignores this variable, see the 956.Sy dhcpcd 957variable for details. 958.El 959.Ss Daemons required by other daemons 960.Bl -tag -width net_interfaces 961.It Sy inetd 962Boolean value. 963Runs the 964.Xr inetd 8 965daemon to start network server processes (as listed in 966.Pa /etc/inetd.conf ) 967as necessary. 968Passes 969.Sy inetd_flags . 970The 971.Dq Li -l 972flag turns on libwrap connection logging. 973.It Sy rpcbind 974Boolean value. 975The 976.Xr rpcbind 8 977daemon is required for any 978.Xr rpc 3 979services. 980These include NFS, NIS, 981.Xr rpc.bootparamd 8 , 982.Xr rpc.rstatd 8 , 983.Xr rpc.rusersd 8 , 984and 985.Xr rpc.rwalld 8 . 986Passes 987.Sy rpcbind_flags . 988.El 989.Ss Commonly used daemons 990.Bl -tag -width net_interfaces 991.It Sy cron 992Boolean value. 993Run 994.Xr cron 8 . 995.It Sy ftpd 996Boolean value. 997Runs the 998.Xr ftpd 8 999daemon and passes 1000.Sy ftpd_flags . 1001.It Sy httpd 1002Boolean value. 1003Runs the 1004.Xr httpd 8 1005daemon and passes 1006.Sy httpd_flags . 1007.It Sy httpd_wwwdir 1008A string. 1009The 1010.Xr httpd 8 1011WWW root directory. 1012Used only if 1013.Sy httpd 1014is true. 1015The default setting is 1016.Dq Pa /var/www . 1017.It Sy httpd_wwwuser 1018A string. 1019If non-blank and 1020.Sy httpd 1021is true, run 1022.Xr httpd 8 1023and cause it to switch to the specified user after initialization. 1024It is preferred to 1025.Sy httpd_user 1026because 1027.Xr httpd 8 1028is requiring extra privileges to start listening on default port 80. 1029The default setting is 1030.Dq Dv _httpd . 1031.It Sy lpd 1032Boolean value. 1033Runs 1034.Xr lpd 8 1035and passes 1036.Sy lpd_flags . 1037The 1038.Dq Li -l 1039flag will turn on extra logging. 1040.It Sy mdnsd 1041Boolean value. 1042Runs 1043.Xr mdnsd 8 . 1044.It Sy named 1045Boolean value. 1046Runs 1047.Xr named 8 1048and passes 1049.Sy named_flags . 1050.It Sy named_chrootdir 1051A string. 1052If non-blank and 1053.Sy named 1054is true, run 1055.Xr named 8 1056as the unprivileged user and group 1057.Sq named , 1058.Xr chroot 2 Ns ed 1059to 1060.Sy named_chrootdir . 1061.Sy named_chrootdir Ns Pa /var/run/log 1062will be added to the list of log sockets that 1063.Xr syslogd 8 1064listens to. 1065.It Sy ntpd 1066Boolean value. 1067Runs 1068.Xr ntpd 8 1069and passes 1070.Sy ntpd_flags . 1071.It Sy ntpd_chrootdir 1072A string. 1073If non-blank and 1074.Sy ntpd 1075is true, run 1076.Xr ntpd 8 1077as the unprivileged user and group 1078.Sq ntpd , 1079.Xr chroot 2 Ns ed 1080to 1081.Sy ntpd_chrootdir . 1082.Sy ntpd_chrootdir Ns Pa /var/run/log 1083will be added to the list of log sockets that 1084.Xr syslogd 8 1085listens to. 1086This option requires that the kernel has 1087.Dl pseudo-device clockctl 1088compiled in, and that 1089.Pa /dev/clockctl 1090is present. 1091.It Sy postfix 1092Boolean value. 1093Starts 1094.Xr postfix 1 1095mail system. 1096.It Sy sshd 1097Boolean value. 1098Runs 1099.Xr sshd 8 1100and passes 1101.Sy sshd_flags . 1102.It Sy syslogd 1103Boolean value. 1104Runs 1105.Xr syslogd 8 1106and passes 1107.Sy syslogd_flags . 1108.It Sy timed 1109Boolean value. 1110Runs 1111.Xr timed 8 1112and passes 1113.Sy timed_flags . 1114The 1115.Dq Li -M 1116option allows 1117.Xr timed 8 1118to be a master time source as well as a slave. 1119If you are also running 1120.Xr ntpd 8 , 1121only one machine running both should have the 1122.Dq Li -M 1123flag given to 1124.Xr timed 8 . 1125.El 1126.Ss Routing daemons 1127.Bl -tag -width net_interfaces 1128.It Sy mrouted 1129Boolean value. 1130Runs 1131.Xr mrouted 8 , 1132the DVMRP multicast routing protocol daemon. 1133Passes 1134.Sy mrouted_flags . 1135.It Sy route6d 1136Boolean value. 1137Runs 1138.Xr route6d 8 , 1139the RIPng routing protocol daemon for IPv6. 1140Passes 1141.Sy route6d_flags . 1142.It Sy routed 1143Boolean value. 1144Runs 1145.Xr routed 8 , 1146the RIP routing protocol daemon. 1147Passes 1148.Sy routed_flags . 1149.\" This should be false 1150.\" if 1151.\" .Sy gated 1152.\" is true. 1153.El 1154.Ss Daemons used to boot other hosts over a network 1155.Bl -tag -width net_interfaces 1156.It Sy bootparamd 1157Boolean value. 1158Runs 1159.Xr bootparamd 8 , 1160the boot parameter server, with 1161.Sy bootparamd_flags 1162as options. 1163Used to boot 1164.Nx 1165and SunOS 4.x systems. 1166.It Sy dhcpd 1167Boolean value. 1168Runs 1169.Xr dhcpd 8 , 1170the Dynamic Host Configuration Protocol (DHCP) daemon, 1171for assigning IP addresses to hosts and passing boot information. 1172Passes 1173.Sy dhcpd_flags . 1174.It Sy dhcrelay 1175Boolean value. 1176Runs 1177.Xr dhcrelay 8 . 1178Passes 1179.Sy dhcrelay_flags . 1180.It Sy mopd 1181Boolean value. 1182Runs 1183.Xr mopd 8 , 1184the DEC MOP protocol daemon; used for booting VAX and other DEC 1185machines. 1186Passes 1187.Sy mopd_flags . 1188.It Sy ndbootd 1189Boolean value. 1190Runs 1191.Xr ndbootd 8 , 1192the Sun Network Disk (ND) Protocol server. 1193Passes 1194.Sy ndbootd_flags . 1195.It Sy rarpd 1196Boolean value. 1197Runs 1198.Xr rarpd 8 , 1199the reverse ARP daemon, often used to boot 1200.Nx 1201and Sun workstations. 1202Passes 1203.Sy rarpd_flags . 1204.It Sy rbootd 1205Boolean value. 1206Runs 1207.Xr rbootd 8 , 1208the HP boot protocol daemon; used for booting HP workstations. 1209Passes 1210.Sy rbootd_flags . 1211.It Sy rtadvd 1212Boolean value. 1213Runs 1214.Xr rtadvd 8 , 1215the IPv6 router advertisement daemon, which is used to advertise 1216information about the subnet to IPv6 end hosts. 1217Passes 1218.Sy rtadvd_flags . 1219This is only for IPv6 routers, so set 1220.Sy ip6mode 1221to 1222.Dq Li router 1223if you use it. 1224.El 1225.Ss X Window System daemons 1226.Bl -tag -width net_interfaces 1227.It Sy xdm 1228Boolean value. 1229Runs the 1230.Xr xdm 1 1231X display manager. 1232These X daemons are available only with the optional X distribution of 1233.Nx . 1234.It Sy xfs 1235Boolean value. 1236Runs the 1237.Xr xfs 1 1238X11 font server, which supplies local X font files to X terminals. 1239.El 1240.Ss NIS (YP) daemons 1241.Bl -tag -width net_interfaces 1242.It Sy ypbind 1243Boolean value. 1244Runs 1245.Xr ypbind 8 , 1246which lets NIS (YP) clients use information from a NIS server. 1247Passes 1248.Sy ypbind_flags . 1249.It Sy yppasswdd 1250Boolean value. 1251Runs 1252.Xr yppasswdd 8 , 1253which allows remote NIS users to update password on master server. 1254Passes 1255.Sy yppasswdd_flags . 1256.It Sy ypserv 1257Boolean value. 1258Runs 1259.Xr ypserv 8 , 1260the NIS (YP) server for distributing information from certain files 1261in 1262.Pa /etc . 1263Passes 1264.Sy ypserv_flags . 1265The 1266.Dq Li -d 1267flag causes it to use DNS for lookups in 1268.Pa /etc/hosts 1269that fail. 1270.El 1271.Ss NFS daemons and parameters 1272.Bl -tag -width net_interfaces 1273.It Sy amd 1274Boolean value. 1275Runs 1276.Xr amd 8 , 1277the automounter daemon, which automatically mounts NFS file systems 1278whenever a file or directory within that file system is accessed. 1279Passes 1280.Sy amd_flags . 1281.It Sy amd_dir 1282A string. 1283The 1284.Xr amd 8 1285mount directory. 1286Used only if 1287.Sy amd 1288is true. 1289.It Sy lockd 1290Boolean value. 1291Runs 1292.Xr rpc.lockd 8 1293if 1294.Sy nfs_server 1295and/or 1296.Sy nfs_client 1297are true. 1298Passes 1299.Sy lockd_flags . 1300.It Sy mountd 1301Boolean value. 1302Runs 1303.Xr mountd 8 1304and passes 1305.Sy mountd_flags . 1306.It Sy nfs_client 1307Boolean value. 1308The number of local NFS asynchronous I/O server is now controlled via 1309.Xr sysctl 8 . 1310.It Sy nfs_server 1311Boolean value. 1312Sets up a host to be a NFS server by running 1313.Xr nfsd 8 1314and passing 1315.Sy nfsd_flags . 1316.It Sy statd 1317Boolean value. 1318Runs 1319.Xr rpc.statd 8 , 1320a status monitoring daemon used when 1321.Xr rpc.lockd 8 1322is running, if 1323.Sy nfs_server 1324and/or 1325.Sy nfs_client 1326are true. 1327Passes 1328.Sy statd_flags . 1329.El 1330.Ss Bluetooth support 1331.Bl -tag -width net_interfaces 1332.It Sy bluetooth 1333Boolean value. 1334Configure Bluetooth support, comprising the following tasks: 1335.Bl -dash -compact 1336.It 1337attach serial Bluetooth controllers as listed in the 1338.Pa /etc/bluetooth/btattach.conf 1339configuration file. 1340.It 1341enable Bluetooth controllers with useful defaults, plus 1342additional options as detailed below. 1343.It 1344optionally, start 1345.Xr bthcid 8 , 1346the Bluetooth Link Key/PIN Code manager, passing 1347.Sy bthcid_flags . 1348.It 1349configure local Bluetooth drivers as listed in the 1350.Pa /etc/bluetooth/btdevctl.conf 1351configuration file. 1352.It 1353optionally, start 1354.Xr sdpd 8 , 1355the Service Discovery server, passing 1356.Sy sdpd_flags . 1357.El 1358.It Sy btconfig_devices 1359A string. 1360An optional list of Bluetooth controllers to configure. 1361.It Sy btconfig_{dev} 1362A string. 1363Additional configuration options for specific Bluetooth controllers. 1364.It Sy btconfig_args 1365A string. 1366Additional configuration options for Bluetooth controllers without 1367specific options as above. 1368.It Sy bthcid 1369Boolean value. 1370If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1371.It Sy sdpd 1372Boolean value. 1373If set to false, disable starting the Bluetooth Service Discovery server. 1374.El 1375.Ss Other daemons 1376.Bl -tag -width net_interfaces 1377.It Sy identd 1378Boolean value. 1379Runs 1380.Xr identd 8 , 1381the daemon for the user identification protocol. 1382Passes 1383.Sy identd_flags . 1384.It Sy iscsi_target 1385Boolean value. 1386Runs the server for iSCSI requests, 1387.Xr iscsi-target 8 . 1388Passes 1389.Sy iscsi_target_flags . 1390.It Sy isdnd 1391Boolean value. 1392Runs 1393.Xr isdnd 8 , 1394the isdn4bsd ISDN connection management daemon. 1395Passes 1396.Sy isdnd_flags . 1397.It Sy isdn_autoupdown 1398Boolean value. 1399Set all configured ISDN interfaces to 1400.Dq up . 1401If 1402.Sy isdn_interfaces 1403is not blank, only the listed interfaces will be modified. 1404Used only if 1405.Sy isdnd 1406is true. 1407.It Sy kdc 1408Boolean value. 1409Runs the 1410.Xr kdc 8 1411Kerberos v4 and v5 server. 1412This should be run on Kerberos master and slave servers. 1413.It Sy rwhod 1414Boolean value. 1415Runs 1416.Xr rwhod 8 1417to support the 1418.Xr rwho 1 1419and 1420.Xr ruptime 1 1421commands. 1422.It Sy autofs 1423Boolean value. 1424If set to 1425.Dq Li YES , 1426start the 1427.Xr automount 8 1428utility and the 1429.Xr automountd 8 1430and 1431.Xr autounmountd 8 1432daemons at boot time. 1433.It Sy automount_flags 1434A string. 1435If 1436.Sy autofs 1437is set to 1438.Dq Li YES , 1439these are the flags to pass to the 1440.Xr automount 8 1441program. 1442By default no flags are passed. 1443.It Sy automountd_flags 1444A string. 1445If 1446.Sy autofs 1447is set to 1448.Dq Li YES , 1449these are the flags to pass to the 1450.Xr automountd 8 1451daemon. 1452By default no flags are passed. 1453.It Sy autounmountd_flags 1454A string. 1455If 1456.Sy autofs 1457is set to 1458.Dq Li YES , 1459these are the flags to pass to the 1460.Xr autounmountd 8 1461daemon. 1462By default no flags are passed. 1463.El 1464.Ss Hardware daemons 1465.Bl -tag -width net_interfaces 1466.It Sy apmd 1467Boolean value. 1468Runs 1469.Xr apmd 8 1470and passes 1471.Sy apmd_flags . 1472.It Sy irdaattach 1473Boolean value. 1474Runs 1475.Xr irdaattach 8 1476and passes 1477.Sy irdaattach_flags . 1478.It Sy moused 1479Boolean value. 1480Runs 1481.Xr moused 8 , 1482to pass serial mouse data to the wscons mouse mux. 1483Passes 1484.Sy moused_flags . 1485.It Sy screenblank 1486Boolean value. 1487Runs 1488.Xr screenblank 1 1489and passes 1490.Sy screenblank_flags . 1491.It Sy wscons 1492Boolean value. 1493Configures the 1494.Xr wscons 4 1495console driver, from the configuration file 1496.Pa /etc/wscons.conf . 1497.It Sy wsmoused 1498Boolean value. 1499Runs 1500.Xr wsmoused 8 , 1501to provide copy and paste text support in wscons displays. 1502Passes 1503.Sy wsmoused_flags . 1504.El 1505.Sh FILES 1506.Bl -tag -width /etc/defaults/rc.conf -compact 1507.It Pa /etc/rc.conf 1508The file 1509.Nm 1510resides in 1511.Pa /etc . 1512.It Pa /etc/defaults/rc.conf 1513Default settings for 1514.Nm , 1515sourced by 1516.Nm 1517before the end-user configuration section. 1518.It Pa /etc/rc.conf.d/ Ns Ar foo 1519.Ar foo Ns No -specific 1520.Nm 1521overrides. 1522.El 1523.Sh SEE ALSO 1524.Xr boot 8 , 1525.Xr rc 8 , 1526.Xr rc.d 8 , 1527.Xr rc.subr 8 , 1528.Xr rcorder 8 1529.Sh HISTORY 1530The 1531.Nm 1532file appeared in 1533.Nx 1.3 . 1534