rc (revision 95d52386) - OpenGrok cross reference for /openbsd/etc/rc

*95d52386Snorby#	$OpenBSD: rc,v 1.285 2006/06/01 21:37:43 norby Exp $
df930be7Sderaadt
df930be7Sderaadt# System startup script run by init on autoboot
df930be7Sderaadt# or after single-user.
df930be7Sderaadt# Output and error are redirected to console by init,
df930be7Sderaadt# and the console is the controlling terminal.
df930be7Sderaadt
5420764bSmillert# Subroutines (have to come first).
5420764bSmillert
5420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set)
5420764bSmillert# from a file and spew to stdout
5420764bSmillertstripcom() {
5420764bSmillert	local _file="$1"
5420764bSmillert	local _line
5420764bSmillert
5420764bSmillert	{
5420764bSmillert		while read _line ; do
5420764bSmillert			_line=${_line%%#*}		# strip comments
5420764bSmillert			test -z "$_line" && continue
5420764bSmillert			echo $_line
5420764bSmillert		done
5420764bSmillert	} < $_file
5420764bSmillert}
5420764bSmillert
0e47d797Smillert# Update resource limits when sysctl changes
0e47d797Smillert# Usage: update_limit -X loginconf_name
0e47d797Smillertupdate_limit() {
0e47d797Smillert	local _fl="$1"	# ulimit flag
0e47d797Smillert	local _lc="$2"	# login.conf name
0e47d797Smillert	local _new _suf
0e47d797Smillert
0e47d797Smillert	for _suf in "" -cur -max; do
0e47d797Smillert		_new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null`
0e47d797Smillert		if [ X"$_new" != X"" ]; then
0e47d797Smillert			if [ X"$_new" = X"infinity" ]; then
0e47d797Smillert				_new=unlimited
0e47d797Smillert			fi
0e47d797Smillert			case "$_suf" in
0e47d797Smillert			-cur)
0e47d797Smillert				ulimit -S $_fl $_new
0e47d797Smillert				;;
0e47d797Smillert			-max)
0e47d797Smillert				ulimit -H $_fl $_new
0e47d797Smillert				;;
0e47d797Smillert			*)
0e47d797Smillert				ulimit $_fl $_new
0e47d797Smillert				return
0e47d797Smillert				;;
0e47d797Smillert			esac
0e47d797Smillert		fi
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
0e47d797Smillertsysctl_conf() {
6be3177eSmillert	test -s /etc/sysctl.conf || return
6be3177eSmillert
0e47d797Smillert	# delete comments and blank lines
0e47d797Smillert	set -- `stripcom /etc/sysctl.conf`
0e47d797Smillert	while [ $# -ge 1 ] ; do
0e47d797Smillert		sysctl $1
0e47d797Smillert		# update limits if needed
0e47d797Smillert		case $1 in
0e47d797Smillert		kern.maxproc=*)
0e47d797Smillert			update_limit -p maxproc
0e47d797Smillert			;;
0e47d797Smillert		kern.maxfiles=*)
0e47d797Smillert			update_limit -n openfiles
0e47d797Smillert			;;
0e47d797Smillert		esac
0e47d797Smillert		shift
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
0e47d797Smillertmixerctl_conf()
0e47d797Smillert{
6be3177eSmillert	test -s /etc/mixerctl.conf || return
6be3177eSmillert
0e47d797Smillert	# delete comments and blank lines
0e47d797Smillert	set -- `stripcom /etc/mixerctl.conf`
0e47d797Smillert	while [ $# -ge 1 ] ; do
0e47d797Smillert		mixerctl -q $1 > /dev/null 2>&1
0e47d797Smillert		shift
0e47d797Smillert	done
0e47d797Smillert}
0e47d797Smillert
6be3177eSmillertwsconsctl_conf()
6be3177eSmillert{
6be3177eSmillert	local save_IFS="$IFS"
6be3177eSmillert
6be3177eSmillert	test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return
6be3177eSmillert	# delete comments and blank lines
6be3177eSmillert	IFS="
6be3177eSmillert"
6be3177eSmillert	set -- `stripcom /etc/wsconsctl.conf`
6be3177eSmillert	IFS="$save_IFS"
6be3177eSmillert	while [ $# -ge 1 ] ; do
6be3177eSmillert		eval /sbin/wsconsctl -w $1
6be3177eSmillert		shift
6be3177eSmillert	done
6be3177eSmillert}
6be3177eSmillert
5420764bSmillert# End subroutines
5420764bSmillert
df930be7Sderaadtstty status '^T'
df930be7Sderaadt
df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children;
df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck.
df930be7Sderaadttrap : 2
df930be7Sderaadttrap : 3	# shouldn't be needed
df930be7Sderaadt
df930be7SderaadtHOME=/; export HOME
df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin
df930be7Sderaadtexport PATH
df930be7Sderaadt
9969bcb5Smillertif [ X"$1" = X"shutdown" ]; then
75a54d2eSderaadt	dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1
75a54d2eSderaadt	chmod 600 /var/db/host.random >/dev/null 2>&1
75a54d2eSderaadt	if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
75a54d2eSderaadt		echo /etc/rc.shutdown in progress...
75a54d2eSderaadt		. /etc/rc.shutdown
75a54d2eSderaadt		echo /etc/rc.shutdown complete.
9e07bef9Smcbride
9e07bef9Smcbride		# bring carp interfaces down gracefully
9e07bef9Smcbride		for hn in /etc/hostname.carp[0-9]*; do
9e07bef9Smcbride			# Strip off /etc/hostname. prefix
9e07bef9Smcbride			if=${hn#/etc/hostname.}
9efb36b9Scedric			test "$if" = "carp[0-9]*" && continue
9e07bef9Smcbride
1f22cd84Sderaadt			ifconfig $if > /dev/null 2>&1
b844ef19Smcbride			if [ $? -eq 0 ]; then
9e07bef9Smcbride				ifconfig $if down
1f22cd84Sderaadt			fi
9e07bef9Smcbride		done
2ee46d13Smcbride
9969bcb5Smillert		if [ X"${powerdown}" = X"YES" ]; then
2ee46d13Smcbride			exit 2
2ee46d13Smcbride		fi
2ee46d13Smcbride
75a54d2eSderaadt	else
75a54d2eSderaadt		echo single user: not running /etc/rc.shutdown
75a54d2eSderaadt	fi
75a54d2eSderaadt	exit 0
75a54d2eSderaadtfi
75a54d2eSderaadt
df930be7Sderaadt# Configure ccd devices.
8b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then
df930be7Sderaadt	ccdconfig -C
df930be7Sderaadtfi
df930be7Sderaadt
c5858a2aSjakob# Configure raid devices.
c5858a2aSjakobfor dev in 0 1 2 3; do
c5858a2aSjakob	if [ -f /etc/raid$dev.conf ]; then
c5858a2aSjakob		raidctl -c /etc/raid$dev.conf raid$dev
c5858a2aSjakob	fi
c5858a2aSjakobdone
c5858a2aSjakob
5a87f599Stdeval# Check parity on raid devices.
4d6c2f1bSderaadtraidctl -P all
5a87f599Stdeval
638be0f1Smiodswapctl -A -t blk
920abb1bSderaadt
8b7444a6Sderaadtif [ -e /fastboot ]; then
df930be7Sderaadt	echo "Fast boot: skipping disk checks."
9969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then
df930be7Sderaadt	echo "Automatic boot in progress: starting file system checks."
b39bbe87Smillert	fsck -p
df930be7Sderaadt	case $? in
df930be7Sderaadt	0)
df930be7Sderaadt		;;
df930be7Sderaadt	2)
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	4)
df930be7Sderaadt		echo "Rebooting..."
df930be7Sderaadt		reboot
df930be7Sderaadt		echo "Reboot failed; help!"
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	8)
df930be7Sderaadt		echo "Automatic file system check failed; help!"
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	12)
df930be7Sderaadt		echo "Boot interrupted."
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	130)
df930be7Sderaadt		# interrupt before catcher installed
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	*)
df930be7Sderaadt		echo "Unknown error; help!"
df930be7Sderaadt		exit 1
df930be7Sderaadt		;;
df930be7Sderaadt	esac
df930be7Sderaadtfi
df930be7Sderaadt
df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3
df930be7Sderaadt
df930be7Sderaadtumount -a >/dev/null 2>&1
df930be7Sderaadtmount -a -t nonfs
4515901dSniklasmount -uw /		# root on nfs requires this, others aren't hurt
df930be7Sderaadtrm -f /fastboot		# XXX (root now writeable)
df930be7Sderaadt
d3ae8907Sderaadt# pick up option configuration
d3ae8907Sderaadt. /etc/rc.conf
d3ae8907Sderaadt
df930be7Sderaadt# set flags on ttys.  (do early, in case they use tty for SLIP in netstart)
df930be7Sderaadtecho 'setting tty flags'
df930be7Sderaadtttyflags -a
df930be7Sderaadt
48390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then
48390b59Smcbride	kbd `cat /etc/kbdtype`
48390b59Smcbridefi
48390b59Smcbride
cc294143Sderaadtwsconsctl_conf
cc294143Sderaadt
9969bcb5Smillertif [ X"${pf}" != X"NO" ]; then
7b24ca9eSmcbride	RULES="block all"
4dd40d42Shenning	RULES="$RULES\npass on lo0"
7637f7daSdhartmei	RULES="$RULES\npass in proto tcp from any to any port 22 keep state"
ae072502Scamield	RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state"
3dadfb84Scamield	RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state"
e24e98b3Sgrange	if ifconfig lo0 inet6 >/dev/null 2>&1; then
ff3da558Sitojun		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol"
ff3da558Sitojun		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv"
63c4fe5eSderaadt		RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol"
63c4fe5eSderaadt		RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv"
e24e98b3Sgrange	fi
9e07bef9Smcbride	RULES="$RULES\npass proto { pfsync, carp }"
3dda96c1Sderaadt	case `sysctl vfs.mounts.nfs 2>/dev/null` in
18db1430Sderaadt	*[1-9]*)
18db1430Sderaadt		# don't kill NFS
086485f4Scedric		RULES="scrub in all no-df\n$RULES"
18db1430Sderaadt		RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any"
18db1430Sderaadt		RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }"
18db1430Sderaadt		;;
18db1430Sderaadt	esac
4616f5d9Sdhartmei	echo $RULES | pfctl -f -
4616f5d9Sdhartmei	pfctl -e
1097c023Skjellfi
1097c023Skjell
0e47d797Smillertsysctl_conf
f753b29fSderaadt
df930be7Sderaadt# set hostname, turn on network
df930be7Sderaadtecho 'starting network'
053628caSderaadtif [ -f /etc/resolv.conf.save ]; then
053628caSderaadt	mv /etc/resolv.conf.save /etc/resolv.conf
053628caSderaadt	touch /etc/resolv.conf
053628caSderaadtfi
df930be7Sderaadt. /etc/netstart
df930be7Sderaadt
9969bcb5Smillertif [ X"${pf}" != X"NO" ]; then
1097c023Skjell	if [ -f ${pf_rules} ]; then
616367a9Sdhartmei		pfctl -f ${pf_rules}
1097c023Skjell	fi
1097c023Skjellfi
1097c023Skjell
cc3d9aa9Sottomount -s /usr >/dev/null 2>&1
cc3d9aa9Sottomount -s /var >/dev/null 2>&1
df930be7Sderaadt
f26db62bSderaadt# if there's no /var/db/host.random, make one through /dev/urandom
f26db62bSderaadtif [ ! -f /var/db/host.random ]; then
f26db62bSderaadt	dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
f26db62bSderaadt		>/dev/null 2>&1
f26db62bSderaadt	chmod 600 /var/db/host.random >/dev/null 2>&1
f26db62bSderaadtelse
f26db62bSderaadt	dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \
f26db62bSderaadt	    > /dev/null 2>&1
f26db62bSderaadt	dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \
f26db62bSderaadt	    > /dev/null 2>&1
f26db62bSderaadtfi
f26db62bSderaadt
74af54b4Sderaadt# reset seed file, so that if a shutdown-less reboot occurs,
74af54b4Sderaadt# the next seed is not a repeat
74af54b4Sderaadtdd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
74af54b4Sderaadt    > /dev/null 2>&1
74af54b4Sderaadt
f0550eb3Sderaadt# clean up left-over files
f0550eb3Sderaadtrm -f /etc/nologin
f0550eb3Sderaadtrm -f /var/spool/lock/LCK.*
f0550eb3Sderaadtrm -f /var/spool/uucp/STST/*
2402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })
23d49488Sbeck(cd /var/authpf && rm -rf -- *)
23d49488Sbeck
6c0a0b4aSalex# save a copy of the boot messages
6c0a0b4aSalexdmesg >/var/run/dmesg.boot
6c0a0b4aSalex
3ca632e7Sderaadtecho 'starting system logger'
3ca632e7Sderaadtrm -f /dev/log
9969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then
7078508dSjakob	rm -f /var/named/dev/log
7078508dSjakob	syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
b025dbf1Smillertfi
f65d7fb6Smillertif [ -d /var/empty ]; then
f65d7fb6Smillert	rm -f /var/empty/dev/log
f65d7fb6Smillert	mkdir -p -m 0555 /var/empty/dev
f65d7fb6Smillert	syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
f65d7fb6Smillertfi
1dabce80Smarcsyslogd ${syslogd_flags}
3ca632e7Sderaadt
f4029872Sderaadtif [ X"${pf}" != X"NO" -a X"${pflogd_flags}" != X"NO" ]; then
9a5df41aSmillert	if ifconfig pflog0 >/dev/null 2>&1; then
18db1430Sderaadt		ifconfig pflog0 up
18db1430Sderaadt		pflogd ${pflogd_flags}
18db1430Sderaadt	fi
9a5df41aSmillertfi
18db1430Sderaadt
66ccf3e0Stodd# $named_flags is imported from /etc/rc.conf;
d8a0d55aSjakob# if $named_flags != NO, named is run.
9969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then
0abe9ed7Sdanh	if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
3a98a453Sjakob		echo -n "rndc-confgen: generating new shared secret... "
0abe9ed7Sdanh		if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then
0abe9ed7Sdanh			chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1
3a98a453Sjakob			echo done.
3a98a453Sjakob		else
3a98a453Sjakob			echo failed.
3a98a453Sjakob		fi
3a98a453Sjakob	fi
3a98a453Sjakob
3ca632e7Sderaadt	echo 'starting named';		named $named_flags
759e03b2Sderaadtfi
759e03b2Sderaadt
096ed560Sderaadt# $isakmpd_flags is imported from /etc/rc.conf;
763d5844Shshoexer# If $isakmpd_flags == NO, isakmpd isn't run.
9969bcb5Smillertif [ X"${isakmpd_flags}" != X"NO" ]; then
096ed560Sderaadt	echo 'starting isakmpd';	isakmpd ${isakmpd_flags}
096ed560Sderaadtfi
096ed560Sderaadt
79ec6e47Shshoexer# $ipsec is imported from /etc/rc.conf;
79ec6e47Shshoexer# if $ipsec == NO or /etc/ipsec.conf doesn't exist, then
79ec6e47Shshoexer# ipsecctl isn't run.
79ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then
79ec6e47Shshoexer	if [ -f ${ipsec_rules} ]; then
79ec6e47Shshoexer		ipsecctl -f ${ipsec_rules}
79ec6e47Shshoexer	fi
79ec6e47Shshoexerfi
79ec6e47Shshoexer
2f413fd2Stomecho -n 'starting initial daemons:'
8e74b1f0Smillert
edae963cSderaadt# $portmap is imported from /etc/rc.conf;
8e74b1f0Smillert# if $portmap == YES, the portmapper is started.
8e74b1f0Smillertif [ X"${portmap}" = X"YES" ]; then
df930be7Sderaadt	echo -n ' portmap';		portmap
423a3640Sderaadtfi
df930be7Sderaadt
052fe65bSderaadtif [ X`domainname` != X ]; then
2d5ee5bcSderaadt	if [ -d /var/yp/`domainname` ]; then
052fe65bSderaadt		# YP server capabilities needed...
d6518a3fSniklas		echo -n ' ypserv';		ypserv ${ypserv_flags}
d52cd61fSderaadt		#echo -n ' ypxfrd';		ypxfrd
7f2d1b00Sderaadt	fi
b25099beSderaadt
052fe65bSderaadt	if [ -d /var/yp/binding ]; then
052fe65bSderaadt		# YP client capabilities needed...
7f2d1b00Sderaadt		echo -n ' ypbind';		ypbind
052fe65bSderaadt	fi
7f2d1b00Sderaadt
621a5fbaSderaadt	if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then
b25099beSderaadt		# if we are the master server, run rpc.yppasswdd
b25099beSderaadt		_host1=`ypwhich -m passwd 2> /dev/null`
b25099beSderaadt		_host2=`hostname`
fd917f6eSderaadt		if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then
b25099beSderaadt			_host1=`ypmatch $_host1 hosts | cut -d'	' -f2`
b25099beSderaadt			_host2=`ypmatch $_host2 hosts | cut -d'	' -f2 | head -1`
b25099beSderaadt		else
214f531bSderaadt			_host1=`echo $_host1 | nslookup | grep '^Name: ' | \
b25099beSderaadt			    sed -e 's/^Name:    //'`
214f531bSderaadt			_host2=`echo $_host2 | nslookup | grep '^Name: ' | \
b25099beSderaadt			    sed -e 's/^Name:    //'`
b25099beSderaadt		fi
234efc0eSderaadt		if [ "$_host2" = "$_host1" ]; then
13f82310Sniklas			echo -n ' rpc.yppasswdd'
13f82310Sniklas			rpc.yppasswdd ${yppasswdd_flags}
2d5ee5bcSderaadt		fi
2d5ee5bcSderaadt	fi
df930be7Sderaadtfi
df930be7Sderaadt
edae963cSderaadt# $nfs_server is imported from /etc/rc.conf;
df930be7Sderaadt# if $nfs_server == YES, the machine is setup for being an nfs server
9969bcb5Smillertif [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \
d54d80fbSderaadt    `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then
df930be7Sderaadt	rm -f /var/db/mountdtab
df930be7Sderaadt	echo -n > /var/db/mountdtab
fbb065beSavsm	echo -n ' mountd';		mountd
e6d41a0aSniklas	echo -n ' nfsd';		nfsd ${nfsd_flags}
9969bcb5Smillert	if [ X"${lockd}" = X"YES" ]; then
e6d41a0aSniklas		echo -n ' rpc.lockd';	rpc.lockd
e6d41a0aSniklas	fi
df930be7Sderaadtfi
df930be7Sderaadt
9969bcb5Smillertif [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then
df930be7Sderaadt	echo -n ' amd'
d988480bSderaadt	(cd /etc/amd; amd -l syslog -x error,noinfo,nostats -p \
d988480bSderaadt	    -a ${amd_dir} `cat ${amd_master}` > /var/run/amd.pid )
df930be7Sderaadtfi
df930be7Sderaadt
cb033641Shenning# run rdate before timed/ntpd
cb033641Shenningif [ X"${rdate_flags}" != X"NO" ]; then
cb033641Shenning	echo -n ' rdate';	rdate -s ${rdate_flags}
cb033641Shenningfi
cb033641Shenning
cb033641Shenning# $timed_flags is imported from /etc/rc.conf;
cb033641Shenning# if $timed_flags == NO, timed isn't run.
9969bcb5Smillertif [ X"${timed_flags}" != X"NO" ]; then
cb033641Shenning	echo -n ' timed'; timed $timed_flags
cb033641Shenningfi
cb033641Shenning
9969bcb5Smillertif [ X"${ntpd_flags}" != X"NO" ]; then
117259d9Sderaadt	echo -n ' ntpd'; ntpd $ntpd_flags
cb033641Shenningfi
df930be7Sderaadtecho '.'
df930be7Sderaadt
cc3d9aa9Sottomount -a
3ca632e7Sderaadt
638be0f1Smiodswapctl -A -t noblk
638be0f1Smiod
df930be7Sderaadt# /var/crash should be a directory or a symbolic link
df930be7Sderaadt# to the crash directory if core dumps are to be saved.
df930be7Sderaadtif [ -d /var/crash ]; then
9d112a13Stholo	savecore ${savecore_flags} /var/crash
df930be7Sderaadtfi
df930be7Sderaadt
9969bcb5Smillertif [ X"${afs}" = X"YES" -a -c /dev/xfs0 ]; then
8b757a89Sart	echo -n 'mounting afs:'
dd435269Sbeck	mkdir -p -m 0755 /afs
dd435269Sbeck	mount -t xfs /dev/xfs0 /afs
dd435269Sbeck	/usr/libexec/afsd ${afsd_flags}
8b757a89Sart	echo ' done.'
8b757a89Sartfi
8b757a89Sart
9969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then
df930be7Sderaadt	echo -n 'checking quotas:'
df930be7Sderaadt	quotacheck -a
df930be7Sderaadt	echo ' done.'
df930be7Sderaadt	quotaon -a
36a647e7Sdownsjfi
df930be7Sderaadt
df930be7Sderaadt# build ps databases
fb69824dSderaadtecho -n 'building ps databases:'
fb69824dSderaadtecho -n " kvm"
004fa836Smillertkvm_mkdb
fb69824dSderaadtecho -n " dev"
df930be7Sderaadtdev_mkdb
fb69824dSderaadtecho "."
df930be7Sderaadt
e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]*
a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]*
df930be7Sderaadt
df930be7Sderaadt# check the password temp/lock file
8b7444a6Sderaadtif [ -f /etc/ptmp ]; then
df930be7Sderaadt	logger -s -p auth.err \
df930be7Sderaadt	'password file may be incorrect -- /etc/ptmp exists'
df930be7Sderaadtfi
df930be7Sderaadt
e65724e6Smillertecho clearing /tmp
e65724e6Smillert
e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]*
e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...)
e65724e6Smillert(cd /tmp && rm -rf [a-km-pr-zA-Z]* &&
e65724e6Smillert    find . ! -name . ! -name lost+found ! -name quota.user \
8b0a8653Smillert	! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
e65724e6Smillert
f8310bdcShugh# create Unix sockets directories for X if needed and make sure they have
f8310bdcShugh# correct permissions
f8310bdcShughif [ -d /usr/X11R6/lib ]; then
f8310bdcShugh	for d in /tmp/.X11-unix /tmp/.ICE-unix ; do
f8310bdcShugh		if [ -d $d ]; then
f8310bdcShugh			if [ `ls -ld $d | cut -d' ' -f4` != root ]; then
f8310bdcShugh				chown root $d
f8310bdcShugh			fi
f8310bdcShugh			if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then
f8310bdcShugh				chmod 1777 $d
f8310bdcShugh			fi
f8310bdcShugh		elif [ -e $d ]; then
f8310bdcShugh			echo "Error: $d exists and isn't a directory."
f8310bdcShugh		else
f8310bdcShugh			mkdir -m 1777 $d
f8310bdcShugh		fi
f8310bdcShugh	done
f8310bdcShughfi
f8310bdcShugh
2f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel
9969bcb5Smillertif [ X"${securelevel}" != X"" ]; then
e31a5b5aSmillert	echo -n 'setting kernel security level: '
6a337e36Sjmc	sysctl kern.securelevel=${securelevel}
41406ee4Sderaadtfi
41406ee4Sderaadt
dc279d04Sderaadt# patch /etc/motd
dc279d04Sderaadtif [ ! -f /etc/motd ]; then
dc279d04Sderaadt	install -c -o root -g wheel -m 664 /dev/null /etc/motd
dc279d04Sderaadtfi
d243dabcSmillertT=`mktemp /tmp/_motd.XXXXXXXXXX`
499eb670Smillertif [ $? -eq 0 ]; then
dc279d04Sderaadt	sysctl -n kern.version | sed 1q > $T
dc279d04Sderaadt	echo "" >> $T
dc279d04Sderaadt	sed '1,/^$/d' < /etc/motd >> $T
dc279d04Sderaadt	cmp -s $T /etc/motd || cp $T /etc/motd
dc279d04Sderaadt	rm -f $T
5b45527eSmillertfi
dc279d04Sderaadt
df930be7Sderaadtif [ -f /var/account/acct ]; then
df930be7Sderaadt	echo 'turning on accounting';	accton /var/account/acct
df930be7Sderaadtfi
df930be7Sderaadt
7e42516dSderaadtif [ -f /sbin/ldconfig ]; then
7e42516dSderaadt	echo 'creating runtime link editor directory cache.'
7e42516dSderaadt	if [ -d /usr/local/lib ]; then
5881fc76Stodd		shlib_dirs="/usr/local/lib $shlib_dirs"
7e42516dSderaadt	fi
7e42516dSderaadt	if [ -d /usr/X11R6/lib ]; then
5881fc76Stodd		shlib_dirs="/usr/X11R6/lib $shlib_dirs"
7e42516dSderaadt	fi
7e42516dSderaadt	ldconfig $shlib_dirs
7e42516dSderaadtfi
7e42516dSderaadt
f57929bcSmillertif [ -x /usr/libexec/vi.recover ]; then
f57929bcSmillert	echo 'preserving editor files';	/usr/libexec/vi.recover
f57929bcSmillertfi
f57929bcSmillert
0662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
34c0b73eSderaadt	echo -n "ssh-keygen: generating new DSA host key... "
0662dc2cSderaadt	if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then
b05748d5Sderaadt		echo done.
b05748d5Sderaadt	else
b05748d5Sderaadt		echo failed.
b05748d5Sderaadt	fi
b05748d5Sderaadtfi
0662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
b05748d5Sderaadt	echo -n "ssh-keygen: generating new RSA host key... "
0662dc2cSderaadt	if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
34c0b73eSderaadt		echo done.
34c0b73eSderaadt	else
34c0b73eSderaadt		echo failed.
34c0b73eSderaadt	fi
34c0b73eSderaadtfi
0662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_key ]; then
d5166b8fSmarkus	echo -n "ssh-keygen: generating new RSA1 host key... "
0662dc2cSderaadt	if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then
6d6e0cf6Sderaadt		echo done.
6d6e0cf6Sderaadt	else
6d6e0cf6Sderaadt		echo failed.
6d6e0cf6Sderaadt	fi
6d6e0cf6Sderaadtfi
6d6e0cf6Sderaadt
c0a201cfSmarkusif [ ! -f /etc/isakmpd/private/local.key ]; then
c0a201cfSmarkus	echo -n "openssl: generating new isakmpd RSA key... "
c0a201cfSmarkus	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 1024 \
c0a201cfSmarkus	    > /dev/null 2>&1; then
c0a201cfSmarkus		chmod 600 /etc/isakmpd/private/local.key
c0a201cfSmarkus		openssl rsa -out /etc/isakmpd/private/local.pub \
c0a201cfSmarkus		    -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1
c0a201cfSmarkus		echo done.
c0a201cfSmarkus	else
c0a201cfSmarkus		echo failed.
c0a201cfSmarkus	fi
c0a201cfSmarkusfi
c0a201cfSmarkus
df930be7Sderaadtecho -n starting network daemons:
df930be7Sderaadt
69f602d6Sian# $routed_flags are imported from /etc/rc.conf.
df930be7Sderaadt# If $routed_flags == NO, routed isn't run.
9969bcb5Smillertif [ X"${routed_flags}" != X"NO" ]; then
df930be7Sderaadt	echo -n ' routed';		routed $routed_flags
df930be7Sderaadtfi
df930be7Sderaadt
edae963cSderaadt# $mrouted_flags is imported from /etc/rc.conf;
69b30726Sderaadt# If $mrouted_flags == NO, then mrouted isn't run.
9969bcb5Smillertif [ X"${mrouted_flags}" != X"NO" ]; then
69b30726Sderaadt	echo -n ' mrouted';		mrouted $mrouted_flags
69b30726Sderaadtfi
69b30726Sderaadt
80302420Snorbyif [ X"${dvmrpd_flags}" != X"NO" ]; then
80302420Snorby	echo -n ' dvmrpd';		/usr/sbin/dvmrpd $dvmrpd_flags
80302420Snorbyfi
80302420Snorby
9969bcb5Smillertif [ X"${ospfd_flags}" != X"NO" ]; then
c7f4bdaaShenning	echo -n ' ospfd';		/usr/sbin/ospfd $ospfd_flags
c7f4bdaaShenningfi
c7f4bdaaShenning
9969bcb5Smillertif [ X"${bgpd_flags}" != X"NO" ]; then
220f3b8dShenning	echo -n ' bgpd';		/usr/sbin/bgpd $bgpd_flags
220f3b8dShenningfi
220f3b8dShenning
30a2245dSform# $dhcpd_flags is imported from /etc/rc.conf
30a2245dSform# If $dhcpd_flags == NO or /etc/dhcpd.conf doesn't exist, then dhcpd isn't run.
9969bcb5Smillertif [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then
30a2245dSform	touch /var/db/dhcpd.leases
30a2245dSform	if [ -f /etc/dhcpd.interfaces ]; then
78a6b8a8Smpech		dhcpd_ifs=`stripcom /etc/dhcpd.interfaces`
30a2245dSform	fi
30a2245dSform	echo -n ' dhcpd';	/usr/sbin/dhcpd ${dhcpd_flags} ${dhcpd_ifs}
30a2245dSformfi
30a2245dSform
*95d52386Snorbyif [ X"${dhcrelay_flags}" != X"NO" ]; then
*95d52386Snorby	echo -n ' dhcrelay';		/usr/sbin/dhcrelay $dhcrelay_flags
*95d52386Snorbyfi
*95d52386Snorby
33a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then
33a0f254Sitojun	fw=`sysctl -n net.inet6.ip6.forwarding`
9969bcb5Smillert	if [ X"${fw}" = X"0" ]; then
33a0f254Sitojun		# $rtsold_flags is imported from /etc/rc.conf;
33a0f254Sitojun		# If $rtsold_flags == NO, then rtsold isn't run.
9969bcb5Smillert		if [ X"${rtsold_flags}" != X"NO" ]; then
33a0f254Sitojun			echo -n ' rtsold'
33a0f254Sitojun			/usr/sbin/rtsold ${rtsold_flags}
33a0f254Sitojun		fi
33a0f254Sitojun	else
33a0f254Sitojun		# $route6d_flags is imported from /etc/rc.conf;
33a0f254Sitojun		# If $route6d_flags == NO, then route6d isn't run.
9969bcb5Smillert		if [ X"${route6d_flags}" != X"NO" ]; then
33a0f254Sitojun			echo -n ' route6d'
33a0f254Sitojun			/usr/sbin/route6d ${route6d_flags}
33a0f254Sitojun		fi
33a0f254Sitojun		# $rtadvd_flags is imported from /etc/rc.conf;
06347140Sitojun		# If $rtadvd_flags == NO, then rtadvd isn't run.
9969bcb5Smillert		if [ X"${rtadvd_flags}" != X"NO" ]; then
33a0f254Sitojun			echo -n ' rtadvd'
33a0f254Sitojun			/usr/sbin/rtadvd ${rtadvd_flags}
33a0f254Sitojun		fi
33a0f254Sitojun	fi
33a0f254Sitojunfi
33a0f254Sitojun
797ee821Sreykif [ X"${hostapd_flags}" != X"NO" ]; then
797ee821Sreyk	echo -n ' hostapd';		/usr/sbin/hostapd ${hostapd_flags};
797ee821Sreykfi
797ee821Sreyk
edae963cSderaadt# $rwhod is imported from /etc/rc.conf;
df930be7Sderaadt# if $rwhod == YES, rwhod is run.
9969bcb5Smillertif [ X"${rwhod}" = X"YES" ]; then
df930be7Sderaadt	echo -n ' rwhod';		rwhod
df930be7Sderaadtfi
df930be7Sderaadt
423a3640Sderaadt
9969bcb5Smillertif [ X"${lpd_flags}" != X"NO" ]; then
7c143c5dSfgsch	echo -n ' lpd';			lpd ${lpd_flags}
423a3640Sderaadtfi
df930be7Sderaadt
edae963cSderaadt# $sendmail_flags is imported from /etc/rc.conf;
0e208981Smillert# If $sendmail_flags == NO or /etc/mailer.conf doesn't exist, then
4844ae79Sderaadt# sendmail isn't run.  We call sendmail with a full path so that
0e208981Smillert# SIGHUP works.  Note that /usr/sbin/sendmail may actually call a
0e208981Smillert# mailer other than sendmail, depending on /etc/mailer.conf.
9969bcb5Smillertif [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then
e18bddb2Smillert	echo -n ' sendmail';		( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & )
df930be7Sderaadtfi
df930be7Sderaadt
9969bcb5Smillertif [ X"${httpd_flags}" != X"NO" ]; then
205e112eSespie	# Clean up left-over httpd locks
205e112eSespie	rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.*
f3079313Sangelos	echo -n ' httpd';		/usr/sbin/httpd ${httpd_flags}
52e6779cSderaadtfi
52e6779cSderaadt
9969bcb5Smillertif [ X"${ftpd_flags}" != X"NO" ]; then
b6330bccSdownsj	echo -n ' ftpd';		/usr/libexec/ftpd ${ftpd_flags}
b6330bccSdownsjfi
b6330bccSdownsj
89b602d7Scamieldif [ X"${ftpproxy_flags}" != X"NO" ]; then
89b602d7Scamield	echo -n ' ftp-proxy';		/usr/sbin/ftp-proxy ${ftpproxy_flags}
89b602d7Scamieldfi
89b602d7Scamield
9969bcb5Smillertif [ X"${identd_flags}" != X"NO" ]; then
4265ef72Sfgsch	echo -n ' identd';		/usr/libexec/identd ${identd_flags}
4265ef72Sfgschfi
4265ef72Sfgsch
9969bcb5Smillertif [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then
df930be7Sderaadt	echo -n ' inetd';		inetd
423a3640Sderaadtfi
df930be7Sderaadt
36fdfb26Sderaadtif [ X"${sshd_flags}" != X"NO" ]; then
36fdfb26Sderaadt	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags};
36fdfb26Sderaadtfi
36fdfb26Sderaadt
9969bcb5Smillertif [ X"${spamd_flags}" != X"NO" ]; then
9969bcb5Smillert	if [ X"${spamd_grey}" != X"NO" ]; then
116d9528Sderaadt		spamd_flags="${spamd_flags} -g"
116d9528Sderaadt	fi
6856ca63Sotto	echo -n ' spamd';		eval /usr/libexec/spamd ${spamd_flags}
116d9528Sderaadt	/usr/libexec/spamd-setup
9969bcb5Smillert	if [ X"${spamd_grey}" != X"NO" ]; then
116d9528Sderaadt		echo -n ' spamlogd'
1b86c533Shenning		/usr/libexec/spamlogd ${spamlogd_flags}
116d9528Sderaadt	fi
116d9528Sderaadtfi
116d9528Sderaadt
edae963cSderaadt# $rarpd_flags is imported from /etc/rc.conf;
df930be7Sderaadt# If $rarpd_flags == NO or /etc/ethers doesn't exist, then
df930be7Sderaadt# rarpd isn't run.
9969bcb5Smillertif [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then
df930be7Sderaadt	echo -n ' rarpd';		rarpd ${rarpd_flags}
df930be7Sderaadtfi
df930be7Sderaadt
edae963cSderaadt# $bootparamd_flags is imported from /etc/rc.conf;
df930be7Sderaadt# If $bootparamd_flags == NO or /etc/bootparams doesn't exist, then
df930be7Sderaadt# bootparamd isn't run.
9969bcb5Smillertif [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then
df930be7Sderaadt	echo -n ' rpc.bootparamd';	rpc.bootparamd ${bootparamd_flags}
df930be7Sderaadtfi
df930be7Sderaadt
edae963cSderaadt# $rbootd_flags is imported from /etc/rc.conf;
df930be7Sderaadt# If $rbootd_flags == NO or /etc/rbootd.conf doesn't exist, then
df930be7Sderaadt# rbootd isn't run.
9969bcb5Smillertif [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then
df930be7Sderaadt	echo -n ' rbootd';		rbootd ${rbootd_flags}
df930be7Sderaadtfi
df930be7Sderaadt
df4692e3Smaja# $mopd_flags is imported from /etc/rc.conf;
df4692e3Smaja# If $mopd_flags == NO or /tftpboot/mop doesn't exist, then
df4692e3Smaja# mopd isn't run.
9969bcb5Smillertif [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then
df4692e3Smaja	echo -n ' mopd';		mopd ${mopd_flags}
df4692e3Smajafi
df4692e3Smaja
df930be7Sderaadtecho '.'
df930be7Sderaadt
c86c53eeSderaadtmixerctl_conf
c86c53eeSderaadt
fde3f312Shin# KerberosV master KDC
9969bcb5Smillertif [ X"${krb5_master_kdc}" = X"YES" ]; then
fde3f312Shin	echo 'KerberosV master KDC'
fde3f312Shin	/usr/libexec/kdc &
fde3f312Shin	/usr/libexec/kadmind &
fde3f312Shin	/usr/libexec/kpasswdd &
fde3f312Shinfi
fde3f312Shin
fde3f312Shin# KerberosV slave KDC
9969bcb5Smillertif [ X"${krb5_slave_kdc}" = X"YES" ]; then
fde3f312Shin	echo 'KerberosV slave KDC'
fde3f312Shin	/usr/libexec/kdc &
fde3f312Shin	# Remember to enable hpropd in inetd.conf
fde3f312Shinfi
fde3f312Shin
2f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local
8b7444a6Sderaadt
74491808Smillertecho -n standard daemons:
f026f8beSmarc
f026f8beSmarc# $apmd_flags is imported from /etc/rc.conf;
f026f8beSmarc# don't run daemon if $apmd_flags == NO or /usr/sbin/apmd doesn't exist
9969bcb5Smillertif [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then
f026f8beSmarc	echo -n ' apmd';	/usr/sbin/apmd ${apmd_flags}
f026f8beSmarcfi
f026f8beSmarc
7934d707Stholoif [ X"${acpid_flags}" != X"NO" -a -x /usr/sbin/acpid ]; then
7934d707Stholo	echo -n ' acpid';	/usr/sbin/acpid ${acpid_flags}
7934d707Stholofi
7934d707Stholo
793d0ae6Shenningif [ X"${sensorsd_flags}" != X"NO" ]; then
793d0ae6Shenning	echo -n ' sensorsd';	/usr/sbin/sensorsd ${sensorsd_flags}
793d0ae6Shenningfi
793d0ae6Shenning
f255c293Sgrangeif [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then
f255c293Sgrange	echo -n ' hotplugd';	/usr/sbin/hotplugd ${hotplugd_flags}
f255c293Sgrangefi
f255c293Sgrange
2e3327d2Shenningif [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then
2e3327d2Shenning	echo -n ' watchdogd';	/usr/sbin/watchdogd ${watchdogd_flags}
2e3327d2Shenningfi
2e3327d2Shenning
74491808Smillertecho -n ' cron';		cron
f026f8beSmarc
74491808Smillertecho '.'
74491808Smillert
df930be7Sderaadtdate
8569782fSderaadt
9969bcb5Smillertif [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then
4a4c21d8Sderaadt	echo 'starting wsmoused...';	/usr/sbin/wsmoused ${wsmoused_flags}
96ac2838Saaronfi
f8810935Saaron
f8810935Saaron# Alternatively, on some architectures, xdm may be started in /etc/ttys.
9969bcb5Smillertif [ X"${xdm_flags}" != X"NO" ]; then
f8810935Saaron	echo 'starting xdm...';		/usr/X11R6/bin/xdm ${xdm_flags}
8569782fSderaadtfi
8569782fSderaadt
df930be7Sderaadtexit 0
8b757a89Sart