1.\" $NetBSD: rc.conf.5,v 1.193 2023/06/30 21:44:09 riastradh Exp $ 2.\" 3.\" Copyright (c) 1996 Matthew R. Green 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 20.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 22.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 23.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" Copyright (c) 1997 Curt J. Sampson 28.\" Copyright (c) 1997 Michael W. Long 29.\" Copyright (c) 1998-2010 The NetBSD Foundation, Inc. 30.\" All rights reserved. 31.\" 32.\" This document is derived from works contributed to The NetBSD Foundation 33.\" by Luke Mewburn. 34.\" 35.\" Redistribution and use in source and binary forms, with or without 36.\" modification, are permitted provided that the following conditions 37.\" are met: 38.\" 1. Redistributions of source code must retain the above copyright 39.\" notice, this list of conditions and the following disclaimer. 40.\" 2. Redistributions in binary form must reproduce the above copyright 41.\" notice, this list of conditions and the following disclaimer in the 42.\" documentation and/or other materials provided with the distribution. 43.\" 3. The name of the author may not be used to endorse or promote products 44.\" derived from this software without specific prior written permission. 45.\" 46.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 47.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 48.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 49.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 50.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 51.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 52.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 53.\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 54.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56.\" SUCH DAMAGE. 57.\" 58.Dd February 20, 2022 59.Dt RC.CONF 5 60.Os 61.Sh NAME 62.Nm rc.conf 63.Nd system startup configuration file 64.Sh DESCRIPTION 65The 66.Nm 67file specifies which services are enabled during system startup by 68the startup scripts invoked by 69.Pa /etc/rc 70(see 71.Xr rc 8 ) , 72and the shutdown scripts invoked by 73.Pa /etc/rc.shutdown . 74The 75.Nm 76file is a shell script that is sourced by 77.Xr rc 8 , 78meaning that 79.Nm 80must contain valid shell commands. 81.Pp 82Listed below are the standard 83.Nm 84variables that may be set, the values to which each may be set, 85a brief description of what each variable does, and a reference to 86relevant manual pages. 87Third party packages may test for additional variables. 88.Pp 89By default, 90.Nm 91reads 92.Pa /etc/defaults/rc.conf 93(if it is readable) 94to obtain default values for various variables, and the end-user 95may override these by appending appropriate entries to the end of 96.Nm . 97.Pp 98.Xr rc.d 8 99scripts that use 100.Ic load_rc_config 101from 102.Xr rc.subr 8 103also support sourcing an optional end-user provided per-script override 104file 105.Pa /etc/rc.conf.d/ Ns Ar service , 106(where 107.Ar service 108is the contents of the 109.Sy name 110variable in the 111.Xr rc.d 8 112script). 113This may contain variable overrides, including allowing the end-user 114to override various 115.Ic run_rc_command 116.Xr rc.d 8 117control variables, and thus changing the operation of the script 118without requiring editing of the script. 119.Ss Variable naming conventions and data types 120Most variables are one of two types: enabling variables or flags 121variables. 122Enabling variables, such as 123.Sy inetd , 124are generally named after the program or the system they enable, 125and have boolean values (specified using 126.Ql YES , 127.Ql TRUE , 128.Ql ON 129or 130.Ql 1 131for true, and 132.Ql NO , 133.Ql FALSE , 134.Ql OFF 135or 136.Ql 0 137for false, with the values being case insensitive). 138Flags variables, such as 139.Sy inetd_flags 140have the same name with 141.Dq _flags 142appended, and determine what 143arguments are passed to the program if it is enabled. 144.Pp 145If a variable that 146.Xr rc 8 147expects to be set is not set, or the value is not one of the allowed 148values, a warning will be printed. 149.Ss Overall control 150.Bl -tag -width net_interfaces 151.It Sy do_rcshutdown 152Boolean value. 153If false, 154.Xr shutdown 8 155will not run 156.Pa /etc/rc.shutdown . 157.It Sy rcshutdown_rcorder_flags 158A string. 159Extra arguments to the 160.Xr rcorder 8 161run by 162.Pa /etc/rc.shutdown . 163.It Sy rcshutdown_timeout 164A number. 165If non-blank, use this as the number of seconds to run a watchdog timer for 166which will terminate 167.Pa /etc/rc.shutdown 168if the timer expires before the shutdown script completes. 169.It Sy rc_configured 170Boolean value. 171If false then the system will drop into single-user mode during boot. 172.It Sy rc_fast_and_loose 173If set to a non-empty string, 174each script in 175.Pa /etc/rc.d 176will be executed in the current shell rather than a sub shell. 177This may be faster on slow machines that have an expensive 178.Xr fork 2 179operation. 180.Bl -hang 181.It Em Note : 182Use this at your own risk! 183A rogue command or script may inadvertently prevent boot to multiuser. 184.El 185.It Sy rc_rcorder_flags 186A string. 187Extra arguments to the 188.Xr rcorder 8 189run by 190.Pa /etc/rc . 191.It Sy rc_directories 192A string. 193Space separated list of directories searched for rc scripts. 194The default is 195.Pa /etc/rc.d . 196All directories in 197.Ev rc_directories 198must be located in the root file system, otherwise they will be silently 199skipped. 200.It Sy rc_silent 201Boolean value. 202If true then the usual output is suppressed, and 203.Xr rc 8 204invokes the command specified in the 205.Va rc_silent_cmd 206variable once for each line of suppressed output. 207The default value of 208.Va rc_silent 209is set from the 210.Dv AB_SILENT 211flag in the kernel's 212.Va boothowto 213variable (see 214.Xr boot 8 , 215.Xr reboot 2 ) . 216.It Sy rc_silent_cmd 217A command to be executed once per line of suppressed output, when 218.Va rc_silent 219is true. 220The default value of 221.Va rc_silent_cmd 222is 223.Ql twiddle , 224which will display a spinning symbol instead of each line of output. 225Another useful value is 226.Ql \&: , 227which will display nothing at all. 228.El 229.Ss Basic network configuration 230.Bl -tag -width net_interfaces 231.It Sy defaultroute 232A string. 233Default IPv4 network route. 234If empty or not set, then the contents of 235.Pa /etc/mygate 236(if it exists) are used. 237.It Sy defaultroute6 238A string. 239Default IPv6 network route. 240If empty or not set, then the contents of 241.Pa /etc/mygate6 242(if it exists) are used. 243.It Sy domainname 244A string. 245NIS (YP) domain of host. 246If empty or not set, then the contents of 247.Pa /etc/defaultdomain 248(if it exists) are used. 249.It Sy force_down_interfaces 250A space separated list of interface names. 251These interfaces will be configured down when going from multiuser to single-user 252mode or on system shutdown. 253.It Sy dns_domain 254A string. 255Sets domain in 256.Pa /etc/resolv.conf . 257.It Sy dns_search 258A string. 259Sets search in 260.Pa /etc/resolv.conf . 261.It Sy dns_nameservers 262A string of space separated domain name servers. 263Sets nameserver for each value in 264.Pa /etc/resolv.conf . 265.It Sy dns_sortlist 266A string. 267Sets sortlist in 268.Pa /etc/resolv.conf . 269.It Sy dns_options 270A string. 271Sets options in 272.Pa /etc/resolv.conf . 273.It Sy dns_metric 274An unsigned integer. 275Sets the priority of the above DNS to other sources, lowest wins. 276Defaults to 0. 277.Pp 278This is important for some stateful interfaces, for example PPPoE interfaces 279which have no direct means of noticing 280.Dq disconnect 281events. 282.Pp 283All active 284.Xr pppoe 4 285interfaces will be automatically added to this list. 286.It Sy hostname 287A string. 288Name of host. 289If empty or not set, then the contents of 290.Pa /etc/myname 291(if it exists) are used. 292.El 293.Ss Boottime file-system and swap configuration 294.Bl -tag -width net_interfaces 295.It Sy critical_filesystems_local 296A string. 297File systems mounted very early in the system boot before networking 298services are available. 299Usually 300.Pa /var 301is part of this, because it is needed by services such as 302.Xr dhcpcd 8 303which may be required to get the network operational. 304The default is 305.Ql "OPTIONAL:" Ns Pa /var , 306where the 307.Ql "OPTIONAL:" 308prefix means that it's not an error if the file system is not 309present in 310.Xr fstab 5 . 311.It Sy critical_filesystems_remote 312A string. 313File systems such as 314.Pa /usr 315that may require network services to be available to mount, 316that must be available early in the system boot for general services to use. 317The default is 318.Ql "OPTIONAL:" Ns Pa /usr , 319where the 320.Ql "OPTIONAL:" 321prefix means that it is not an error if the file system is not 322present in 323.Xr fstab 5 . 324.It Sy critical_filesystems_zfs 325A string. 326Mount non-legacy ZFS file systems right after mounting local 327file systems listed in 328.Sy critical_filesystems_local 329variable. 330An entry can be prefixed with 331.Ql "OPTIONAL:" 332which means that it is not an error if the file system is not present 333among available ZFS datasets. 334The default is ''. 335.It Sy fsck_flags 336A string. 337A file system is checked with 338.Xr fsck 8 339during boot before mounting it. 340This option may be used to override the default command-line options 341passed to the 342.Xr fsck 8 343program. 344.Pp 345When set to 346.Fl y , 347.Xr fsck 8 348assumes yes as the answer to all operator questions during file system checks. 349This might be important with hosts where the administrator does not have 350access to the console and an unsuccessful shutdown must not make the host 351unbootable even if the file system checks would fail in preen mode. 352.It Sy modules 353Boolean value. 354If true, loads the modules specified in 355.Xr modules.conf 5 . 356.It Sy no_swap 357Boolean value. 358Should be true if you have deliberately configured your system with no swap. 359If false and no swap devices are configured, the system will warn you. 360.It Sy resize_root 361Boolean value. 362Set to true to have the system resize the root file system to fill its 363partition. 364Will only attempt to resize the root file system if it is of type ffs and does 365not have logging enabled. 366Defaults to false. 367.It Sy swapoff 368Boolean value. 369Remove block-type swap devices at shutdown time. 370Useful if swapping onto RAIDframe devices. 371.It Sy swapoff_umount 372.Dq "auto" 373or 374.Dq "manual" . 375Before removing block-type swap devices, it is wise to unmount tmpfs filesystems to avoid having to swap their contents back into RAM. 376By default 377.Dq ( "auto" ) 378all tmpfs filesystems that contain no device nodes are unmounted. 379Set to 380.Dq "manual" 381to explicitly specify which filesystems to unmount before removing swap. 382.It Sy swapoff_umount_fs 383A space-separated list of absolute paths to tmpfs mount points. 384If 385.Sy swapoff_umount 386is set to 387.Dq "manual" , 388these tmpfs filesystems will be forcibly unmounted before removing block-type 389swap devices. 390.It Sy var_shm_symlink 391A path. 392If set, names a path that 393.Pa /var/shm 394will be symlinked to. 395.Pp 396The path needs to live on a tmpfs file system. 397A typical value (assuming 398.Pa /tmp 399is mounted on tmpfs) would be 400.Pa /tmp/.shm . 401.El 402.Ss Block device subsystems 403.Bl -tag -width net_interfaces 404.It Sy ccd 405Boolean value. 406Configures concatenated disk devices according to 407.Xr ccd.conf 5 . 408.It Sy cgd 409Boolean value. 410Configures cryptographic disk devices. 411Requires 412.Pa /etc/cgd/cgd.conf . 413See 414.Xr cgdconfig 8 415for additional details. 416.It Sy lvm 417Boolean value. 418Configures the logical volume manager. 419See 420.Xr lvm 8 421for additional details. 422.It Sy raidframe 423Boolean value. 424Configures 425.Xr raid 4 , 426RAIDframe disk devices. 427See 428.Xr raidctl 8 429for additional details. 430.It Sy zfs 431Boolean value. 432Configures ZFS storage pools and ZFS file systems. 433.El 434.Ss One-time actions to perform or programs to run on boot-up 435.Bl -tag -width net_interfaces 436.It Sy accounting 437Boolean value. 438Enables process accounting with 439.Xr accton 8 . 440Requires 441.Pa /var/account/acct 442to exist. 443.It Sy clear_tmp 444Boolean value. 445Clear 446.Pa /tmp 447after reboot. 448.It Sy dmesg 449Boolean value. 450Create 451.Pa /var/run/dmesg.boot 452from the output of 453.Xr dmesg 8 . 454Passes 455.Sy dmesg_flags . 456.It Sy entropy 457A string, either 458.Sq Li check , 459.Sq Li wait , 460or 461.Sq Li "" 462(empty). 463If set and nonempty, then during boot-up, after 464.Sy random_seed 465and 466.Sy rndctl , 467check for or wait until enough entropy before any networking is 468enabled. 469.Pp 470If not enough entropy is available, then: 471.Bl -bullet -compact 472.It 473With 474.Sq Li entropy=check , 475stop multiuser boot and enter single-user mode instead. 476.It 477With 478.Sq Li entropy=wait , 479wait until enough entropy is available. 480.El 481.Pp 482Note that 483.Sq Li entropy=wait 484may cause the system to hang indefinitely at boot if it has neither a 485random seed nor any hardware random number generators \(em use with 486care. 487.Pp 488If empty or not set, the system may come to multiuser without entropy, 489which is unsafe to use on the internet; it is the operator's 490responsibility to heed warnings from the kernel and the daily 491.Xr security.conf 5 492report to remedy the problem \(em see 493.Xr entropy 7 . 494.It Sy envsys 495Boolean value. 496Sets preferences for the environmental systems framework, 497.Xr envsys 4 . 498Requires 499.Pa /etc/envsys.conf , 500which is described in 501.Xr envsys.conf 5 . 502.It Sy gpio 503Boolean value. 504Configure 505.Xr gpio 4 506devices. 507See 508.Xr gpio.conf 5 . 509.It Sy ldconfig 510Boolean value. 511Configures 512.Xr a.out 5 513runtime link editor directory cache. 514.It Sy mixerctl 515Boolean value. 516Read 517.Xr mixerctl.conf 5 518for how to set mixer values. 519List in 520.Sy mixerctl_mixers 521the devices whose settings are to be saved at shutdown and 522restored at start-up. 523.It Sy newsyslog 524Boolean value. 525Run 526.Nm newsyslog 527to trim log files before syslogd starts. 528Intended for laptop users. 529Passes 530.Sy newsyslog_flags . 531.It Sy per_user_tmp 532Boolean value. 533Enables a per-user 534.Pa /tmp 535directory. 536.Sy per_user_tmp_dir 537can be used to override the default location of the 538.Dq real 539temporary directories, 540.Pa /private/tmp . 541See 542.Xr security 7 543for additional details. 544.It Sy quota 545Boolean value. 546Checks and enables quotas by running 547.Xr quotacheck 8 548and 549.Xr quotaon 8 . 550.It Sy random_seed 551Boolean value. 552During boot-up, runs the 553.Xr rndctl 8 554utility with the 555.Fl L 556flag to seed the random number subsystem from an entropy file. 557During shutdown, runs the 558.Xr rndctl 8 559utility with the 560.Fl S 561flag to save some random information to the entropy file. 562The entropy file name is specified by the 563.Sy random_file 564variable, and defaults to 565.Pa /var/db/entropy-file . 566The entropy file must be on a local file system that is writable early during 567boot-up (just after the file systems specified in 568.Sy critical_filesystems_local 569have been mounted), and correspondingly late during shutdown. 570.It Sy rndctl 571Boolean value. 572Runs the 573.Xr rndctl 8 574utility one or more times according to the specification in 575.Sy rndctl_flags . 576.Pp 577If 578.Sy rndctl_flags 579does not contain a semicolon 580.Pq Ql \&; 581then it is expected to contain zero or more flags, 582followed by one or more device or type names. 583The 584.Xr rndctl 8 585command will be executed once for each device or type name. 586If the specified flags do not include any of 587.Fl c , C , e , 588or 589.Fl E , 590then the flags 591.Fl c 592and 593.Fl e 594are added, to specify that entropy from the relevant device or type 595should be both collected and estimated. 596If the specified flags do not include either of 597.Fl d 598or 599.Fl t , 600then the flag 601.Fl d 602is added, to specify that the non-flag arguments are device names, 603not type names. 604.Pp 605.Sy rndctl_flags 606may contain multiple semicolon-separated segments, in which each 607segment contains flags and device or type names as described above. 608This allows different flags to be associated with different 609device or type names. 610For example, given 611.Li rndctl_flags="wd0 wd1; -t tty; -c -t net" , 612the following commands will be executed: 613.Li "rndctl -c -e -d wd0" ; 614.Li "rndctl -c -e -d wd1" ; 615.Li "rndctl -c -e -t tty" ; 616.Li "rndctl -c -t net" . 617.It Sy rtclocaltime 618Boolean value. 619Sets the real time clock to local time by adjusting the 620.Xr sysctl 7 621value of 622.Pa kern.rtc_offset . 623The offset from UTC is calculated automatically according 624to the time zone information in the file 625.Pa /etc/localtime . 626.It Sy savecore 627Boolean value. 628Runs the 629.Xr savecore 8 630utility. 631Passes 632.Sy savecore_flags . 633The directory where crash dumps are stored is specified by 634.Sy savecore_dir . 635The default setting is 636.Pa /var/crash . 637.It Sy sysdb 638Boolean value. 639Builds various system databases, including 640.Pa /var/run/dev.cdb , 641.Pa /etc/spwd.db , 642.Pa /var/db/netgroup.db , 643.Pa /var/db/services.cdb , 644and entries for 645.Xr utmp 5 . 646.It Sy tpctl 647Boolean value. 648Run 649.Xr tpctl 8 650to calibrate touch panel device. 651Passes 652.Sy tpctl_flags . 653.It Sy update_motd 654Boolean value. 655Updates the 656.Nx 657version string in the 658.Pa /etc/motd 659file to reflect the version of the running kernel. 660See 661.Xr motd 5 . 662.It Sy update_motd_release 663Boolean value. 664If enabled in addition to 665.Sy update_motd , 666updates a second 667.Nx 668version string in the 669.Pa /etc/motd 670file to reflect the version, architecture, and Build ID of 671the installed userland. 672An optional prefix can be provided for this version string in 673.Sy motd_release_tag . 674.It Sy virecover 675Boolean value. 676Send notification mail to users if any recoverable files exist in 677.Pa /var/tmp/vi.recover . 678Read 679.Xr virecover 8 680for more information. 681.It Sy wdogctl 682Boolean value. 683Configures watchdog timers. 684Passes 685.Sy wdogctl_flags . 686Refer to 687.Xr wdogctl 8 688for information on how to configure a timer. 689.El 690.Ss System security settings 691.Bl -tag -width net_interfaces 692.It Sy securelevel 693A number. 694The system securelevel is set to the specified value early 695in the boot process, before any external logins, or other programs 696that run users job, are started. 697If set to nothing, the default action is taken, as described in 698.Xr init 8 699and 700.Xr secmodel_securelevel 9 , 701which contains definitive information about the system securelevel. 702Note that setting 703.Sy securelevel 704to 0 in 705.Nm 706will actually result in the system booting with securelevel set to 1, as 707.Xr init 8 708will raise the level when 709.Xr rc 8 710completes. 711.It Sy permit_nonalpha 712Boolean value. 713Allow passwords to include non-alpha characters, usually to allow 714NIS/YP netgroups. 715.It Sy veriexec 716Boolean value. 717Load Veriexec fingerprints during startup. 718Read 719.Xr veriexecctl 8 720for more information. 721.It Sy veriexec_strict 722A number. 723Controls the strict level of Veriexec. 724Level 0 is learning mode, used when building the signatures file. 725It will only output messages but will not enforce anything. 726Level 1 will only prevent access to files with a fingerprint 727mismatch. 728Level 2 will also deny writing to and removing of 729monitored files, as well as enforce access type (as specified in 730the signatures file). 731Level 3 will take a step further and prevent 732access to files that are not monitored. 733.It Sy veriexec_verbose 734A number. 735Controls the verbosity of Veriexec. 736Recommended operation is at level 0, verbose output (mostly used when 737building the signatures file) is at level 1. 738Level 2 is for debugging only and should not be used. 739.It Sy veriexec_flags 740A string. 741Flags to pass to the 742.Nm veriexecctl 743command. 744.It Sy smtoff 745Boolean value. 746Disables SMT (Simultaneous Multi-Threading). 747.El 748.Ss Networking startup 749.Bl -tag -width net_interfaces 750.It Sy altqd 751Boolean value. 752ALTQ configuration/monitoring daemon. 753Passes 754.Sy altqd_flags . 755.It Sy auto_ifconfig 756Boolean value. 757Sets the 758.Sy net_interfaces 759variable (see below) to the output of 760.Xr ifconfig 8 761with the 762.Fl l 763flag and suppresses warnings about interfaces in this list that 764do not have an ifconfig file or variable. 765.It Sy blocklistd 766Boolean value. 767Runs 768.Xr blocklistd 8 769to dynamically block hosts on a DoS according to configuration set in 770.Xr blocklistd.conf 5 771Passes 772.Sy blocklistd_flags . 773.It Sy dhcpcd 774Boolean value. 775Set true to configure some or all network interfaces using dhcpcd. 776If you set 777.Sy dhcpcd 778true, then 779.Pa /var 780must be in 781.Sy critical_filesystems_local , 782or 783.Pa /var 784must be on the root file system. 785If you need to restrict dhcpcd to one or a number of interfaces, 786or need a separate configuration per interface, 787then this should be done in the configuration file - see 788.Xr dhcpcd.conf 5 789for details. 790dhcpcd presently ignores the 791.Sy wpa_supplicant 792variable in rc.conf and will start wpa_supplicant if a suitable 793wpa_supplicant.conf is found unless otherwise instructed in 794.Xr dhcpcd.conf 5 . 795.It Sy dhcpcd_flags 796Passes 797.Sy dhcpcd_flags 798to dhcpcd. 799See 800.Xr dhcpcd 8 801for complete documentation. 802.It Sy flushroutes 803Boolean value. 804Flushes the route table on networking startup. 805Useful when coming up to multiuser mode after going down to 806single-user mode. 807.It Sy ftp_proxy 808Boolean value. 809Runs 810.Xr ftp-proxy 8 , 811the proxy daemon for the Internet File Transfer Protocol. 812.It Sy hostapd 813Boolean value. 814Runs 815.Xr hostapd 8 , 816the authenticator for IEEE 802.11 networks. 817.It Sy ifaliases_* 818A string. 819List of 820.Sq Em "address netmask" 821pairs to configure additional network addresses for the given 822configured interface 823(e.g. 824.Sy ifaliases_le0 ) . 825If 826.Em netmask 827is 828.Ql - , 829then use the default netmask for the interface. 830.Pp 831.Sy ifaliases_* 832covers limited cases only and is considered unrecommended. 833We recommend using 834.Sy ifconfig_xxN 835variables or 836.Pa /etc/ifconfig. Ns Ar xxN 837files with multiple lines instead. 838.It Sy ifwatchd 839Boolean value. 840Monitor dynamic interfaces and perform actions upon address changes. 841Passes 842.Sy ifwatchd_flags . 843.It Sy ip6addrctl 844Boolean value. 845Fine grain control of address and routing priorities. 846.It Sy ip6addrctl_policy 847A string. 848Can be: 849.Bl -tag -width "Ql auto" -compact 850.It Ql auto 851automatically determine from system settings; will read priorities from 852.Pa /etc/ip6addrctl.conf 853or if that file does not exist it will default to IPv6 first, then IPv4. 854.It Ql ipv4_prefer 855try IPv4 before IPv6. 856.It Ql ipv6_prefer 857try IPv6 before IPv4. 858.El 859.It Sy ip6addrctl_verbose 860Boolean value. 861If set, print the resulting prefixes and priorities map. 862.It Sy ip6mode 863A string. 864An IPv6 node can be a router 865.Pq nodes that forward packet for others 866or a host 867.Pq nodes that do not forward . 868A host can be autoconfigured 869based on the information advertised by adjacent IPv6 routers. 870By setting 871.Sy ip6mode 872to 873.Ql router , 874.Ql host , 875or 876.Ql autohost , 877you can configure your node as a router, 878a non-autoconfigured host, or an autoconfigured host. 879Invalid values will be ignored, and the node will be configured as 880a non-autoconfigured host. 881.It Sy ip6uniquelocal 882Boolean value. 883If 884.Sy ip6mode 885is equal to 886.Ql router , 887and 888.Sy ip6uniquelocal 889is false, 890a reject route will be installed on boot to avoid misconfiguration relating 891to unique-local addresses. 892If 893.Sy ip6uniquelocal 894is true, the reject route won't be installed. 895.It Sy ipfilter 896Boolean value. 897Runs 898.Xr ipf 8 899to load in packet filter specifications from 900.Pa /etc/ipf.conf 901at network boot time, before any interfaces are configured. 902Passes 903.Sy ipfilter_flags . 904See 905.Xr ipf.conf 5 . 906.It Sy ipfs 907Boolean value. 908Runs 909.Xr ipfs 8 910to save and restore information for ipnat and ipfilter state tables. 911The information is stored in 912.Pa /var/db/ipf/ipstate.ipf 913and 914.Pa /var/db/ipf/ipnat.ipf . 915Passes 916.Sy ipfs_flags . 917.It Sy ipmon 918Boolean value. 919Runs 920.Xr ipmon 8 921to read 922.Xr ipf 8 923packet log information and log it to a file or the system log. 924Passes 925.Sy ipmon_flags . 926.It Sy ipmon_flags 927A string. 928Specifies arguments to supply to 929.Xr ipmon 8 . 930Defaults to 931.Ql -ns . 932A typical example would be 933.Ql "-nD /var/log/ipflog" 934to have 935.Xr ipmon 8 936log directly to a file bypassing 937.Xr syslogd 8 . 938If the 939.Fl D 940argument is used, remember to modify 941.Pa /etc/newsyslog.conf 942accordingly; for example: 943.Pp 944.Dl /var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 945.It Sy ipnat 946Boolean value. 947Runs 948.Xr ipnat 8 949to load in the IP network address translation (NAT) rules from 950.Pa /etc/ipnat.conf 951at network boot time, before any interfaces are configured. 952See 953.Xr ipnat.conf 5 . 954.It Sy ipsec 955Boolean value. 956Runs 957.Xr setkey 8 958to load in IPsec manual keys and policies from 959.Pa /etc/ipsec.conf 960at network boot time, before any interfaces are configured. 961.It Sy npf 962Boolean value. 963Loads 964.Xr npf.conf 5 965at network boot time, and starts 966.Xr npf 7 . 967.It Sy npfd 968Boolean value. 969Runs 970.Xr npfd 8 , 971the NPF packet filter logging and state synchronization daemon. 972Passes 973.Sy npfd_flags . 974.It Sy net_interfaces 975A string. 976The list of network interfaces to be configured at boot time. 977For each interface "xxN", the system first looks for ifconfig 978parameters in the variable 979.Sy ifconfig_xxN , 980and then in the file 981.Pa /etc/ifconfig.xxN . 982If 983.Sy auto_ifconfig 984is false, and neither the variable nor the file is found, 985a warning is printed. 986Information in either the variable or the file is parsed identically, 987except that, if an 988.Sy ifconfig_xxN 989variable contains a single line with embedded semicolons, 990then the value is split into multiple lines prior to further parsing, 991treating the semicolon as a line separator. 992.Pp 993One common case it to set the 994.Sy ifconfig_xxN 995variable to a set of arguments to be passed to an 996.Xr ifconfig 8 997command after the interface name. 998Refer to 999.Xr ifconfig.if 5 1000for more details on 1001.Pa /etc/ifconfig.xxN 1002files, and note that the information there also applies to 1003.Sy ifconfig_xxN 1004variables (after the variables are split into lines). 1005.It Sy ntpdate 1006Boolean value. 1007Runs 1008.Xr ntpdate 8 1009to set the system time from one of the hosts in 1010.Sy ntpdate_hosts . 1011If 1012.Sy ntpdate_hosts 1013is empty, it will attempt to find a list of hosts in 1014.Pa /etc/ntp.conf . 1015Passes 1016.Sy ntpdate_flags . 1017.It Sy pf 1018Boolean value. 1019Enable 1020.Xr pf 4 1021at network boot time: 1022Load the initial configuration 1023.Xr pf.boot.conf 5 1024before the network is up. 1025After the network has been configured, then load the final rule set 1026.Xr pf.conf 5 . 1027.It Sy pf_rules 1028A string. 1029The path of the 1030.Xr pf.conf 5 1031rule set that will be used when loading the final rule set. 1032.It Sy pflogd 1033Boolean value. 1034Run 1035.Xr pflogd 8 1036for dumping packet filter logging information to a file. 1037.It Sy ppp 1038A boolean. 1039Toggles starting 1040.Xr pppd 8 1041on startup. 1042See 1043.Sy ppp_peers 1044below. 1045.It Sy ppp_peers 1046A string. 1047If 1048.Sy ppp 1049is true and 1050.Sy ppp_peers 1051is not empty, then 1052.Pa /etc/rc.d/ppp 1053will check each word in 1054.Sy ppp_peers 1055for a corresponding ppp configuration file in 1056.Pa /etc/ppp/peers 1057and will call 1058.Xr pppd 8 1059with the 1060.Dq Ic call Va peer 1061option. 1062.It Sy racoon 1063Boolean value. 1064Runs 1065.Xr racoon 8 , 1066the IKE (ISAKMP/Oakley) key management daemon. 1067.It Sy wpa_supplicant 1068Boolean value. 1069Run 1070.Xr wpa_supplicant 8 , 1071WPA/802.11i Supplicant for wireless network devices. 1072If you set 1073.Sy wpa_supplicant 1074true, then 1075.Pa /usr 1076must be in 1077.Sy critical_filesystems_local , 1078or 1079.Pa /usr 1080must be on the root file system. 1081dhcpcd ignores this variable, see the 1082.Sy dhcpcd 1083variable for details. 1084.El 1085.Ss Daemons required by other daemons 1086.Bl -tag -width net_interfaces 1087.It Sy inetd 1088Boolean value. 1089Runs the 1090.Xr inetd 8 1091daemon to start network server processes (as listed in 1092.Pa /etc/inetd.conf ) 1093as necessary. 1094Passes 1095.Sy inetd_flags . 1096The 1097.Fl l 1098flag turns on libwrap connection logging. 1099.It Sy rpcbind 1100Boolean value. 1101The 1102.Xr rpcbind 8 1103daemon is required for any 1104.Xr rpc 3 1105services. 1106These include NFS, NIS, 1107.Xr rpc.bootparamd 8 , 1108.Xr rpc.rstatd 8 , 1109.Xr rpc.rusersd 8 , 1110and 1111.Xr rpc.rwalld 8 . 1112Passes 1113.Sy rpcbind_flags . 1114.El 1115.Ss Commonly used daemons 1116.Bl -tag -width net_interfaces 1117.It Sy cron 1118Boolean value. 1119Run 1120.Xr cron 8 . 1121.It Sy ftpd 1122Boolean value. 1123Runs the 1124.Xr ftpd 8 1125daemon and passes 1126.Sy ftpd_flags . 1127.It Sy httpd 1128Boolean value. 1129Runs the 1130.Xr httpd 8 1131daemon and passes 1132.Sy httpd_flags . 1133.It Sy httpd_wwwdir 1134A string. 1135The 1136.Xr httpd 8 1137WWW root directory. 1138Used only if 1139.Sy httpd 1140is true. 1141The default setting is 1142.Pa /var/www . 1143.It Sy httpd_wwwuser 1144A string. 1145If non-blank and 1146.Sy httpd 1147is true, run 1148.Xr httpd 8 1149and cause it to switch to the specified user after initialization. 1150It is preferred to 1151.Sy httpd_user 1152because 1153.Xr httpd 8 1154is requiring extra privileges to start listening on default port 80. 1155The default setting is 1156.Ql _httpd . 1157.It Sy lpd 1158Boolean value. 1159Runs 1160.Xr lpd 8 1161and passes 1162.Sy lpd_flags . 1163The 1164.Fl l 1165flag will turn on extra logging. 1166.It Sy mdnsd 1167Boolean value. 1168Runs 1169.Xr mdnsd 8 . 1170.It Sy named 1171Boolean value. 1172Runs 1173.Xr named 8 1174and passes 1175.Sy named_flags . 1176.It Sy named_chrootdir 1177A string. 1178If non-blank and 1179.Sy named 1180is true, run 1181.Xr named 8 1182as the unprivileged user and group 1183.Sq named , 1184.Xr chroot 2 Ns ed 1185to 1186.Sy named_chrootdir . 1187.Li \&${named_chrootdir} Ns Pa /var/run/log 1188will be added to the list of log sockets that 1189.Xr syslogd 8 1190listens to. 1191.It Sy ntpd 1192Boolean value. 1193Runs 1194.Xr ntpd 8 1195and passes 1196.Sy ntpd_flags . 1197.It Sy ntpd_chrootdir 1198A string. 1199If non-blank and 1200.Sy ntpd 1201is true, run 1202.Xr ntpd 8 1203as the unprivileged user and group 1204.Sq ntpd , 1205.Xr chroot 2 Ns ed 1206to 1207.Sy ntpd_chrootdir . 1208.Li \&${ntpd_chrootdir} Ns Pa /var/run/log 1209will be added to the list of log sockets that 1210.Xr syslogd 8 1211listens to. 1212This option requires that the kernel has 1213.D1 Cd pseudo-device clockctl 1214compiled in, and that 1215.Pa /dev/clockctl 1216is present. 1217.It Sy postfix 1218Boolean value. 1219Starts 1220.Xr postfix 1 1221mail system. 1222.It Sy sshd 1223Boolean value. 1224Runs 1225.Xr sshd 8 1226and passes 1227.Sy sshd_flags . 1228.It Sy syslogd 1229Boolean value. 1230Runs 1231.Xr syslogd 8 1232and passes 1233.Sy syslogd_flags . 1234.It Sy timed 1235Boolean value. 1236Runs 1237.Xr timed 8 1238and passes 1239.Sy timed_flags . 1240The 1241.Fl M 1242option allows 1243.Xr timed 8 1244to be a master time source as well as a slave. 1245If you are also running 1246.Xr ntpd 8 , 1247only one machine running both should have the 1248.Fl M 1249flag given to 1250.Xr timed 8 . 1251.It Sy unbound 1252Boolean value. 1253Runs 1254.Xr unbound 8 . 1255.It Sy unbound_chrootdir 1256A string. 1257If non-blank and 1258.Sy unbound 1259is true, run 1260.Xr unbound 8 1261.Xr chroot 2 Ns ed 1262to 1263.Sy unbound_chrootdir . 1264.El 1265.Ss Routing daemons 1266.Bl -tag -width net_interfaces 1267.It Sy mrouted 1268Boolean value. 1269Runs 1270.Xr mrouted 8 , 1271the DVMRP multicast routing protocol daemon. 1272Passes 1273.Sy mrouted_flags . 1274.It Sy route6d 1275Boolean value. 1276Runs 1277.Xr route6d 8 , 1278the RIPng routing protocol daemon for IPv6. 1279Passes 1280.Sy route6d_flags . 1281.It Sy routed 1282Boolean value. 1283Runs 1284.Xr routed 8 , 1285the RIP routing protocol daemon. 1286Passes 1287.Sy routed_flags . 1288.\" This should be false 1289.\" if 1290.\" .Sy gated 1291.\" is true. 1292.El 1293.Ss Daemons used to boot other hosts over a network 1294.Bl -tag -width net_interfaces 1295.It Sy bootparamd 1296Boolean value. 1297Runs 1298.Xr bootparamd 8 , 1299the boot parameter server, with 1300.Sy bootparamd_flags 1301as options. 1302Used to boot 1303.Nx 1304and SunOS 4.x systems. 1305.It Sy dhcpd 1306Boolean value. 1307Runs 1308.Xr dhcpd 8 , 1309the Dynamic Host Configuration Protocol (DHCP) daemon, 1310for assigning IP addresses to hosts and passing boot information. 1311Passes 1312.Sy dhcpd_flags . 1313.It Sy dhcrelay 1314Boolean value. 1315Runs 1316.Xr dhcrelay 8 . 1317Passes 1318.Sy dhcrelay_flags . 1319.It Sy mopd 1320Boolean value. 1321Runs 1322.Xr mopd 8 , 1323the DEC MOP protocol daemon; used for booting VAX and other DEC 1324machines. 1325Passes 1326.Sy mopd_flags . 1327.It Sy ndbootd 1328Boolean value. 1329Runs 1330.Xr ndbootd 8 , 1331the Sun Network Disk (ND) Protocol server. 1332Passes 1333.Sy ndbootd_flags . 1334.It Sy rarpd 1335Boolean value. 1336Runs 1337.Xr rarpd 8 , 1338the reverse ARP daemon, often used to boot 1339.Nx 1340and Sun workstations. 1341Passes 1342.Sy rarpd_flags . 1343.It Sy rbootd 1344Boolean value. 1345Runs 1346.Xr rbootd 8 , 1347the HP boot protocol daemon; used for booting HP workstations. 1348Passes 1349.Sy rbootd_flags . 1350.It Sy rtadvd 1351Boolean value. 1352Runs 1353.Xr rtadvd 8 , 1354the IPv6 router advertisement daemon, which is used to advertise 1355information about the subnet to IPv6 end hosts. 1356Passes 1357.Sy rtadvd_flags . 1358This is only for IPv6 routers, so set 1359.Sy ip6mode 1360to 1361.Ql router 1362if you use it. 1363.El 1364.Ss X Window System daemons 1365.Bl -tag -width net_interfaces 1366.It Sy xdm 1367Boolean value. 1368Runs the 1369.Xr xdm 1 1370X display manager. 1371These X daemons are available only with the optional X distribution of 1372.Nx . 1373.It Sy xfs 1374Boolean value. 1375Runs the 1376.Xr xfs 1 1377X11 font server, which supplies local X font files to X terminals. 1378.El 1379.Ss NIS (YP) daemons 1380.Bl -tag -width net_interfaces 1381.It Sy ypbind 1382Boolean value. 1383Runs 1384.Xr ypbind 8 , 1385which lets NIS (YP) clients use information from a NIS server. 1386Passes 1387.Sy ypbind_flags . 1388.It Sy yppasswdd 1389Boolean value. 1390Runs 1391.Xr yppasswdd 8 , 1392which allows remote NIS users to update password on master server. 1393Passes 1394.Sy yppasswdd_flags . 1395.It Sy ypserv 1396Boolean value. 1397Runs 1398.Xr ypserv 8 , 1399the NIS (YP) server for distributing information from certain files 1400in 1401.Pa /etc . 1402Passes 1403.Sy ypserv_flags . 1404The 1405.Fl d 1406flag causes it to use DNS for lookups in 1407.Pa /etc/hosts 1408that fail. 1409.El 1410.Ss NFS daemons and parameters 1411.Bl -tag -width net_interfaces 1412.It Sy amd 1413Boolean value. 1414Runs 1415.Xr amd 8 , 1416the automounter daemon, which automatically mounts NFS file systems 1417whenever a file or directory within that file system is accessed. 1418Passes 1419.Sy amd_flags . 1420.It Sy amd_dir 1421A string. 1422The 1423.Xr amd 8 1424mount directory. 1425Used only if 1426.Sy amd 1427is true. 1428.It Sy lockd 1429Boolean value. 1430Runs 1431.Xr rpc.lockd 8 1432if 1433.Sy nfs_server 1434and/or 1435.Sy nfs_client 1436are true. 1437Passes 1438.Sy lockd_flags . 1439.It Sy mountd 1440Boolean value. 1441Runs 1442.Xr mountd 8 1443and passes 1444.Sy mountd_flags . 1445.It Sy nfs_client 1446Boolean value. 1447The number of local NFS asynchronous I/O server is now controlled via 1448.Xr sysctl 8 . 1449.It Sy nfs_server 1450Boolean value. 1451Sets up a host to be a NFS server by running 1452.Xr nfsd 8 1453and passing 1454.Sy nfsd_flags . 1455.It Sy statd 1456Boolean value. 1457Runs 1458.Xr rpc.statd 8 , 1459a status monitoring daemon used when 1460.Xr rpc.lockd 8 1461is running, if 1462.Sy nfs_server 1463and/or 1464.Sy nfs_client 1465are true. 1466Passes 1467.Sy statd_flags . 1468.El 1469.Ss Bluetooth support 1470.Bl -tag -width net_interfaces 1471.It Sy bluetooth 1472Boolean value. 1473Configure Bluetooth support, comprising the following tasks: 1474.Bl -dash -compact 1475.It 1476attach serial Bluetooth controllers as listed in the 1477.Pa /etc/bluetooth/btattach.conf 1478configuration file. 1479.It 1480enable Bluetooth controllers with useful defaults, plus 1481additional options as detailed below. 1482.It 1483optionally, start 1484.Xr bthcid 8 , 1485the Bluetooth Link Key/PIN Code manager, passing 1486.Sy bthcid_flags . 1487.It 1488configure local Bluetooth drivers as listed in the 1489.Pa /etc/bluetooth/btdevctl.conf 1490configuration file. 1491.It 1492optionally, start 1493.Xr sdpd 8 , 1494the Service Discovery server, passing 1495.Sy sdpd_flags . 1496.El 1497.It Sy btconfig_devices 1498A string. 1499An optional list of Bluetooth controllers to configure. 1500.It Sy btconfig_{dev} 1501A string. 1502Additional configuration options for specific Bluetooth controllers. 1503.It Sy btconfig_args 1504A string. 1505Additional configuration options for Bluetooth controllers without 1506specific options as above. 1507.It Sy bthcid 1508Boolean value. 1509If set to false, disable starting the Bluetooth Link Key/PIN Code manager. 1510.It Sy sdpd 1511Boolean value. 1512If set to false, disable starting the Bluetooth Service Discovery server. 1513.El 1514.Ss Other daemons 1515.Bl -tag -width net_interfaces 1516.It Sy identd 1517Boolean value. 1518Runs 1519.Xr identd 8 , 1520the daemon for the user identification protocol. 1521Passes 1522.Sy identd_flags . 1523.It Sy iscsi_target 1524Boolean value. 1525Runs the server for iSCSI requests, 1526.Xr iscsi-target 8 . 1527Passes 1528.Sy iscsi_target_flags . 1529.It Sy kdc 1530Boolean value. 1531Runs the 1532.Xr kdc 8 1533Kerberos v4 and v5 server. 1534This should be run on Kerberos master and slave servers. 1535.It Sy rwhod 1536Boolean value. 1537Runs 1538.Xr rwhod 8 1539to support the 1540.Xr rwho 1 1541and 1542.Xr ruptime 1 1543commands. 1544.It Sy autofs 1545Boolean value. 1546If set to 1547.Ql YES , 1548start the 1549.Xr automount 8 1550utility and the 1551.Xr automountd 8 1552and 1553.Xr autounmountd 8 1554daemons at boot time. 1555.It Sy automount_flags 1556A string. 1557If 1558.Sy autofs 1559is set to 1560.Ql YES , 1561these are the flags to pass to the 1562.Xr automount 8 1563program. 1564By default no flags are passed. 1565.It Sy automountd_flags 1566A string. 1567If 1568.Sy autofs 1569is set to 1570.Ql YES , 1571these are the flags to pass to the 1572.Xr automountd 8 1573daemon. 1574By default no flags are passed. 1575.It Sy autounmountd_flags 1576A string. 1577If 1578.Sy autofs 1579is set to 1580.Ql YES , 1581these are the flags to pass to the 1582.Xr autounmountd 8 1583daemon. 1584By default no flags are passed. 1585.El 1586.Ss Hardware daemons 1587.Bl -tag -width net_interfaces 1588.It Sy apmd 1589Boolean value. 1590Runs 1591.Xr apmd 8 1592and passes 1593.Sy apmd_flags . 1594.It Sy irdaattach 1595Boolean value. 1596Runs 1597.Xr irdaattach 8 1598and passes 1599.Sy irdaattach_flags . 1600.It Sy moused 1601Boolean value. 1602Runs 1603.Xr moused 8 , 1604to pass serial mouse data to the wscons mouse mux. 1605Passes 1606.Sy moused_flags . 1607.It Sy screenblank 1608Boolean value. 1609Runs 1610.Xr screenblank 1 1611and passes 1612.Sy screenblank_flags . 1613.It Sy wscons 1614Boolean value. 1615Configures the 1616.Xr wscons 4 1617console driver, from the configuration file 1618.Pa /etc/wscons.conf . 1619.It Sy wsmoused 1620Boolean value. 1621Runs 1622.Xr wsmoused 8 , 1623to provide copy and paste text support in wscons displays. 1624Passes 1625.Sy wsmoused_flags . 1626.El 1627.Sh FILES 1628.Bl -tag -width /etc/defaults/rc.conf -compact 1629.It Pa /etc/rc.conf 1630The file 1631.Nm 1632resides in 1633.Pa /etc . 1634.It Pa /etc/defaults/rc.conf 1635Default settings for 1636.Nm , 1637sourced by 1638.Nm 1639before the end-user configuration section. 1640.It Pa /etc/rc.conf.d/ Ns Ar foo 1641.Ar foo Ns No -specific 1642.Nm 1643overrides. 1644.El 1645.Sh SEE ALSO 1646.Xr boot 8 , 1647.Xr rc 8 , 1648.Xr rc.d 8 , 1649.Xr rc.subr 8 , 1650.Xr rcorder 8 1651.Sh HISTORY 1652The 1653.Nm 1654file appeared in 1655.Nx 1.3 . 1656