1*95d52386Snorby# $OpenBSD: rc,v 1.285 2006/06/01 21:37:43 norby Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 976be3177eSmillert eval /sbin/wsconsctl -w $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1025420764bSmillert# End subroutines 1035420764bSmillert 104df930be7Sderaadtstty status '^T' 105df930be7Sderaadt 106df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 107df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 108df930be7Sderaadttrap : 2 109df930be7Sderaadttrap : 3 # shouldn't be needed 110df930be7Sderaadt 111df930be7SderaadtHOME=/; export HOME 112df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 113df930be7Sderaadtexport PATH 114df930be7Sderaadt 1159969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 11675a54d2eSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1 11775a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 11875a54d2eSderaadt if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then 11975a54d2eSderaadt echo /etc/rc.shutdown in progress... 12075a54d2eSderaadt . /etc/rc.shutdown 12175a54d2eSderaadt echo /etc/rc.shutdown complete. 1229e07bef9Smcbride 1239e07bef9Smcbride # bring carp interfaces down gracefully 1249e07bef9Smcbride for hn in /etc/hostname.carp[0-9]*; do 1259e07bef9Smcbride # Strip off /etc/hostname. prefix 1269e07bef9Smcbride if=${hn#/etc/hostname.} 1279efb36b9Scedric test "$if" = "carp[0-9]*" && continue 1289e07bef9Smcbride 1291f22cd84Sderaadt ifconfig $if > /dev/null 2>&1 130b844ef19Smcbride if [ $? -eq 0 ]; then 1319e07bef9Smcbride ifconfig $if down 1321f22cd84Sderaadt fi 1339e07bef9Smcbride done 1342ee46d13Smcbride 1359969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 1362ee46d13Smcbride exit 2 1372ee46d13Smcbride fi 1382ee46d13Smcbride 13975a54d2eSderaadt else 14075a54d2eSderaadt echo single user: not running /etc/rc.shutdown 14175a54d2eSderaadt fi 14275a54d2eSderaadt exit 0 14375a54d2eSderaadtfi 14475a54d2eSderaadt 145df930be7Sderaadt# Configure ccd devices. 1468b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then 147df930be7Sderaadt ccdconfig -C 148df930be7Sderaadtfi 149df930be7Sderaadt 150c5858a2aSjakob# Configure raid devices. 151c5858a2aSjakobfor dev in 0 1 2 3; do 152c5858a2aSjakob if [ -f /etc/raid$dev.conf ]; then 153c5858a2aSjakob raidctl -c /etc/raid$dev.conf raid$dev 154c5858a2aSjakob fi 155c5858a2aSjakobdone 156c5858a2aSjakob 1575a87f599Stdeval# Check parity on raid devices. 1584d6c2f1bSderaadtraidctl -P all 1595a87f599Stdeval 160638be0f1Smiodswapctl -A -t blk 161920abb1bSderaadt 1628b7444a6Sderaadtif [ -e /fastboot ]; then 163df930be7Sderaadt echo "Fast boot: skipping disk checks." 1649969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 165df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 166b39bbe87Smillert fsck -p 167df930be7Sderaadt case $? in 168df930be7Sderaadt 0) 169df930be7Sderaadt ;; 170df930be7Sderaadt 2) 171df930be7Sderaadt exit 1 172df930be7Sderaadt ;; 173df930be7Sderaadt 4) 174df930be7Sderaadt echo "Rebooting..." 175df930be7Sderaadt reboot 176df930be7Sderaadt echo "Reboot failed; help!" 177df930be7Sderaadt exit 1 178df930be7Sderaadt ;; 179df930be7Sderaadt 8) 180df930be7Sderaadt echo "Automatic file system check failed; help!" 181df930be7Sderaadt exit 1 182df930be7Sderaadt ;; 183df930be7Sderaadt 12) 184df930be7Sderaadt echo "Boot interrupted." 185df930be7Sderaadt exit 1 186df930be7Sderaadt ;; 187df930be7Sderaadt 130) 188df930be7Sderaadt # interrupt before catcher installed 189df930be7Sderaadt exit 1 190df930be7Sderaadt ;; 191df930be7Sderaadt *) 192df930be7Sderaadt echo "Unknown error; help!" 193df930be7Sderaadt exit 1 194df930be7Sderaadt ;; 195df930be7Sderaadt esac 196df930be7Sderaadtfi 197df930be7Sderaadt 198df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 199df930be7Sderaadt 200df930be7Sderaadtumount -a >/dev/null 2>&1 201df930be7Sderaadtmount -a -t nonfs 2024515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 203df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 204df930be7Sderaadt 205d3ae8907Sderaadt# pick up option configuration 206d3ae8907Sderaadt. /etc/rc.conf 207d3ae8907Sderaadt 208df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 209df930be7Sderaadtecho 'setting tty flags' 210df930be7Sderaadtttyflags -a 211df930be7Sderaadt 21248390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 21348390b59Smcbride kbd `cat /etc/kbdtype` 21448390b59Smcbridefi 21548390b59Smcbride 216cc294143Sderaadtwsconsctl_conf 217cc294143Sderaadt 2189969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2197b24ca9eSmcbride RULES="block all" 2204dd40d42Shenning RULES="$RULES\npass on lo0" 2217637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 222ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 2233dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 224e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 225ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 226ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 22763c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 22863c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 229e24e98b3Sgrange fi 2309e07bef9Smcbride RULES="$RULES\npass proto { pfsync, carp }" 2313dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 23218db1430Sderaadt *[1-9]*) 23318db1430Sderaadt # don't kill NFS 234086485f4Scedric RULES="scrub in all no-df\n$RULES" 23518db1430Sderaadt RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" 23618db1430Sderaadt RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" 23718db1430Sderaadt ;; 23818db1430Sderaadt esac 2394616f5d9Sdhartmei echo $RULES | pfctl -f - 2404616f5d9Sdhartmei pfctl -e 2411097c023Skjellfi 2421097c023Skjell 2430e47d797Smillertsysctl_conf 244f753b29fSderaadt 245df930be7Sderaadt# set hostname, turn on network 246df930be7Sderaadtecho 'starting network' 247053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 248053628caSderaadt mv /etc/resolv.conf.save /etc/resolv.conf 249053628caSderaadt touch /etc/resolv.conf 250053628caSderaadtfi 251df930be7Sderaadt. /etc/netstart 252df930be7Sderaadt 2539969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2541097c023Skjell if [ -f ${pf_rules} ]; then 255616367a9Sdhartmei pfctl -f ${pf_rules} 2561097c023Skjell fi 2571097c023Skjellfi 2581097c023Skjell 259cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 260cc3d9aa9Sottomount -s /var >/dev/null 2>&1 261df930be7Sderaadt 262f26db62bSderaadt# if there's no /var/db/host.random, make one through /dev/urandom 263f26db62bSderaadtif [ ! -f /var/db/host.random ]; then 264f26db62bSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 265f26db62bSderaadt >/dev/null 2>&1 266f26db62bSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 267f26db62bSderaadtelse 268f26db62bSderaadt dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \ 269f26db62bSderaadt > /dev/null 2>&1 270f26db62bSderaadt dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \ 271f26db62bSderaadt > /dev/null 2>&1 272f26db62bSderaadtfi 273f26db62bSderaadt 27474af54b4Sderaadt# reset seed file, so that if a shutdown-less reboot occurs, 27574af54b4Sderaadt# the next seed is not a repeat 27674af54b4Sderaadtdd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 27774af54b4Sderaadt > /dev/null 2>&1 27874af54b4Sderaadt 279f0550eb3Sderaadt# clean up left-over files 280f0550eb3Sderaadtrm -f /etc/nologin 281f0550eb3Sderaadtrm -f /var/spool/lock/LCK.* 282f0550eb3Sderaadtrm -f /var/spool/uucp/STST/* 2832402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 28423d49488Sbeck(cd /var/authpf && rm -rf -- *) 28523d49488Sbeck 2866c0a0b4aSalex# save a copy of the boot messages 2876c0a0b4aSalexdmesg >/var/run/dmesg.boot 2886c0a0b4aSalex 2893ca632e7Sderaadtecho 'starting system logger' 2903ca632e7Sderaadtrm -f /dev/log 2919969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 2927078508dSjakob rm -f /var/named/dev/log 2937078508dSjakob syslogd_flags="${syslogd_flags} -a /var/named/dev/log" 294b025dbf1Smillertfi 295f65d7fb6Smillertif [ -d /var/empty ]; then 296f65d7fb6Smillert rm -f /var/empty/dev/log 297f65d7fb6Smillert mkdir -p -m 0555 /var/empty/dev 298f65d7fb6Smillert syslogd_flags="${syslogd_flags} -a /var/empty/dev/log" 299f65d7fb6Smillertfi 3001dabce80Smarcsyslogd ${syslogd_flags} 3013ca632e7Sderaadt 302f4029872Sderaadtif [ X"${pf}" != X"NO" -a X"${pflogd_flags}" != X"NO" ]; then 3039a5df41aSmillert if ifconfig pflog0 >/dev/null 2>&1; then 30418db1430Sderaadt ifconfig pflog0 up 30518db1430Sderaadt pflogd ${pflogd_flags} 30618db1430Sderaadt fi 3079a5df41aSmillertfi 30818db1430Sderaadt 30966ccf3e0Stodd# $named_flags is imported from /etc/rc.conf; 310d8a0d55aSjakob# if $named_flags != NO, named is run. 3119969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 3120abe9ed7Sdanh if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 3133a98a453Sjakob echo -n "rndc-confgen: generating new shared secret... " 3140abe9ed7Sdanh if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then 3150abe9ed7Sdanh chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1 3163a98a453Sjakob echo done. 3173a98a453Sjakob else 3183a98a453Sjakob echo failed. 3193a98a453Sjakob fi 3203a98a453Sjakob fi 3213a98a453Sjakob 3223ca632e7Sderaadt echo 'starting named'; named $named_flags 323759e03b2Sderaadtfi 324759e03b2Sderaadt 325096ed560Sderaadt# $isakmpd_flags is imported from /etc/rc.conf; 326763d5844Shshoexer# If $isakmpd_flags == NO, isakmpd isn't run. 3279969bcb5Smillertif [ X"${isakmpd_flags}" != X"NO" ]; then 328096ed560Sderaadt echo 'starting isakmpd'; isakmpd ${isakmpd_flags} 329096ed560Sderaadtfi 330096ed560Sderaadt 33179ec6e47Shshoexer# $ipsec is imported from /etc/rc.conf; 33279ec6e47Shshoexer# if $ipsec == NO or /etc/ipsec.conf doesn't exist, then 33379ec6e47Shshoexer# ipsecctl isn't run. 33479ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 33579ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 33679ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 33779ec6e47Shshoexer fi 33879ec6e47Shshoexerfi 33979ec6e47Shshoexer 3402f413fd2Stomecho -n 'starting initial daemons:' 3418e74b1f0Smillert 342edae963cSderaadt# $portmap is imported from /etc/rc.conf; 3438e74b1f0Smillert# if $portmap == YES, the portmapper is started. 3448e74b1f0Smillertif [ X"${portmap}" = X"YES" ]; then 345df930be7Sderaadt echo -n ' portmap'; portmap 346423a3640Sderaadtfi 347df930be7Sderaadt 348052fe65bSderaadtif [ X`domainname` != X ]; then 3492d5ee5bcSderaadt if [ -d /var/yp/`domainname` ]; then 350052fe65bSderaadt # YP server capabilities needed... 351d6518a3fSniklas echo -n ' ypserv'; ypserv ${ypserv_flags} 352d52cd61fSderaadt #echo -n ' ypxfrd'; ypxfrd 3537f2d1b00Sderaadt fi 354b25099beSderaadt 355052fe65bSderaadt if [ -d /var/yp/binding ]; then 356052fe65bSderaadt # YP client capabilities needed... 3577f2d1b00Sderaadt echo -n ' ypbind'; ypbind 358052fe65bSderaadt fi 3597f2d1b00Sderaadt 360621a5fbaSderaadt if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then 361b25099beSderaadt # if we are the master server, run rpc.yppasswdd 362b25099beSderaadt _host1=`ypwhich -m passwd 2> /dev/null` 363b25099beSderaadt _host2=`hostname` 364fd917f6eSderaadt if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then 365b25099beSderaadt _host1=`ypmatch $_host1 hosts | cut -d' ' -f2` 366b25099beSderaadt _host2=`ypmatch $_host2 hosts | cut -d' ' -f2 | head -1` 367b25099beSderaadt else 368214f531bSderaadt _host1=`echo $_host1 | nslookup | grep '^Name: ' | \ 369b25099beSderaadt sed -e 's/^Name: //'` 370214f531bSderaadt _host2=`echo $_host2 | nslookup | grep '^Name: ' | \ 371b25099beSderaadt sed -e 's/^Name: //'` 372b25099beSderaadt fi 373234efc0eSderaadt if [ "$_host2" = "$_host1" ]; then 37413f82310Sniklas echo -n ' rpc.yppasswdd' 37513f82310Sniklas rpc.yppasswdd ${yppasswdd_flags} 3762d5ee5bcSderaadt fi 3772d5ee5bcSderaadt fi 378df930be7Sderaadtfi 379df930be7Sderaadt 380edae963cSderaadt# $nfs_server is imported from /etc/rc.conf; 381df930be7Sderaadt# if $nfs_server == YES, the machine is setup for being an nfs server 3829969bcb5Smillertif [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ 383d54d80fbSderaadt `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then 384df930be7Sderaadt rm -f /var/db/mountdtab 385df930be7Sderaadt echo -n > /var/db/mountdtab 386fbb065beSavsm echo -n ' mountd'; mountd 387e6d41a0aSniklas echo -n ' nfsd'; nfsd ${nfsd_flags} 3889969bcb5Smillert if [ X"${lockd}" = X"YES" ]; then 389e6d41a0aSniklas echo -n ' rpc.lockd'; rpc.lockd 390e6d41a0aSniklas fi 391df930be7Sderaadtfi 392df930be7Sderaadt 3939969bcb5Smillertif [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then 394df930be7Sderaadt echo -n ' amd' 395d988480bSderaadt (cd /etc/amd; amd -l syslog -x error,noinfo,nostats -p \ 396d988480bSderaadt -a ${amd_dir} `cat ${amd_master}` > /var/run/amd.pid ) 397df930be7Sderaadtfi 398df930be7Sderaadt 399cb033641Shenning# run rdate before timed/ntpd 400cb033641Shenningif [ X"${rdate_flags}" != X"NO" ]; then 401cb033641Shenning echo -n ' rdate'; rdate -s ${rdate_flags} 402cb033641Shenningfi 403cb033641Shenning 404cb033641Shenning# $timed_flags is imported from /etc/rc.conf; 405cb033641Shenning# if $timed_flags == NO, timed isn't run. 4069969bcb5Smillertif [ X"${timed_flags}" != X"NO" ]; then 407cb033641Shenning echo -n ' timed'; timed $timed_flags 408cb033641Shenningfi 409cb033641Shenning 4109969bcb5Smillertif [ X"${ntpd_flags}" != X"NO" ]; then 411117259d9Sderaadt echo -n ' ntpd'; ntpd $ntpd_flags 412cb033641Shenningfi 413df930be7Sderaadtecho '.' 414df930be7Sderaadt 415cc3d9aa9Sottomount -a 4163ca632e7Sderaadt 417638be0f1Smiodswapctl -A -t noblk 418638be0f1Smiod 419df930be7Sderaadt# /var/crash should be a directory or a symbolic link 420df930be7Sderaadt# to the crash directory if core dumps are to be saved. 421df930be7Sderaadtif [ -d /var/crash ]; then 4229d112a13Stholo savecore ${savecore_flags} /var/crash 423df930be7Sderaadtfi 424df930be7Sderaadt 4259969bcb5Smillertif [ X"${afs}" = X"YES" -a -c /dev/xfs0 ]; then 4268b757a89Sart echo -n 'mounting afs:' 427dd435269Sbeck mkdir -p -m 0755 /afs 428dd435269Sbeck mount -t xfs /dev/xfs0 /afs 429dd435269Sbeck /usr/libexec/afsd ${afsd_flags} 4308b757a89Sart echo ' done.' 4318b757a89Sartfi 4328b757a89Sart 4339969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 434df930be7Sderaadt echo -n 'checking quotas:' 435df930be7Sderaadt quotacheck -a 436df930be7Sderaadt echo ' done.' 437df930be7Sderaadt quotaon -a 43836a647e7Sdownsjfi 439df930be7Sderaadt 440df930be7Sderaadt# build ps databases 441fb69824dSderaadtecho -n 'building ps databases:' 442fb69824dSderaadtecho -n " kvm" 443004fa836Smillertkvm_mkdb 444fb69824dSderaadtecho -n " dev" 445df930be7Sderaadtdev_mkdb 446fb69824dSderaadtecho "." 447df930be7Sderaadt 448e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 449a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 450df930be7Sderaadt 451df930be7Sderaadt# check the password temp/lock file 4528b7444a6Sderaadtif [ -f /etc/ptmp ]; then 453df930be7Sderaadt logger -s -p auth.err \ 454df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 455df930be7Sderaadtfi 456df930be7Sderaadt 457e65724e6Smillertecho clearing /tmp 458e65724e6Smillert 459e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 460e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 461e65724e6Smillert(cd /tmp && rm -rf [a-km-pr-zA-Z]* && 462e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4638b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 464e65724e6Smillert 465f8310bdcShugh# create Unix sockets directories for X if needed and make sure they have 466f8310bdcShugh# correct permissions 467f8310bdcShughif [ -d /usr/X11R6/lib ]; then 468f8310bdcShugh for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 469f8310bdcShugh if [ -d $d ]; then 470f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f4` != root ]; then 471f8310bdcShugh chown root $d 472f8310bdcShugh fi 473f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then 474f8310bdcShugh chmod 1777 $d 475f8310bdcShugh fi 476f8310bdcShugh elif [ -e $d ]; then 477f8310bdcShugh echo "Error: $d exists and isn't a directory." 478f8310bdcShugh else 479f8310bdcShugh mkdir -m 1777 $d 480f8310bdcShugh fi 481f8310bdcShugh done 482f8310bdcShughfi 483f8310bdcShugh 4842f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 4859969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 486e31a5b5aSmillert echo -n 'setting kernel security level: ' 4876a337e36Sjmc sysctl kern.securelevel=${securelevel} 48841406ee4Sderaadtfi 48941406ee4Sderaadt 490dc279d04Sderaadt# patch /etc/motd 491dc279d04Sderaadtif [ ! -f /etc/motd ]; then 492dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 493dc279d04Sderaadtfi 494d243dabcSmillertT=`mktemp /tmp/_motd.XXXXXXXXXX` 495499eb670Smillertif [ $? -eq 0 ]; then 496dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 497dc279d04Sderaadt echo "" >> $T 498dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 499dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 500dc279d04Sderaadt rm -f $T 5015b45527eSmillertfi 502dc279d04Sderaadt 503df930be7Sderaadtif [ -f /var/account/acct ]; then 504df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 505df930be7Sderaadtfi 506df930be7Sderaadt 5077e42516dSderaadtif [ -f /sbin/ldconfig ]; then 5087e42516dSderaadt echo 'creating runtime link editor directory cache.' 5097e42516dSderaadt if [ -d /usr/local/lib ]; then 5105881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 5117e42516dSderaadt fi 5127e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 5135881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 5147e42516dSderaadt fi 5157e42516dSderaadt ldconfig $shlib_dirs 5167e42516dSderaadtfi 5177e42516dSderaadt 518f57929bcSmillertif [ -x /usr/libexec/vi.recover ]; then 519f57929bcSmillert echo 'preserving editor files'; /usr/libexec/vi.recover 520f57929bcSmillertfi 521f57929bcSmillert 5220662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 52334c0b73eSderaadt echo -n "ssh-keygen: generating new DSA host key... " 5240662dc2cSderaadt if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then 525b05748d5Sderaadt echo done. 526b05748d5Sderaadt else 527b05748d5Sderaadt echo failed. 528b05748d5Sderaadt fi 529b05748d5Sderaadtfi 5300662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_rsa_key ]; then 531b05748d5Sderaadt echo -n "ssh-keygen: generating new RSA host key... " 5320662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then 53334c0b73eSderaadt echo done. 53434c0b73eSderaadt else 53534c0b73eSderaadt echo failed. 53634c0b73eSderaadt fi 53734c0b73eSderaadtfi 5380662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_key ]; then 539d5166b8fSmarkus echo -n "ssh-keygen: generating new RSA1 host key... " 5400662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then 5416d6e0cf6Sderaadt echo done. 5426d6e0cf6Sderaadt else 5436d6e0cf6Sderaadt echo failed. 5446d6e0cf6Sderaadt fi 5456d6e0cf6Sderaadtfi 5466d6e0cf6Sderaadt 547c0a201cfSmarkusif [ ! -f /etc/isakmpd/private/local.key ]; then 548c0a201cfSmarkus echo -n "openssl: generating new isakmpd RSA key... " 549c0a201cfSmarkus if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 1024 \ 550c0a201cfSmarkus > /dev/null 2>&1; then 551c0a201cfSmarkus chmod 600 /etc/isakmpd/private/local.key 552c0a201cfSmarkus openssl rsa -out /etc/isakmpd/private/local.pub \ 553c0a201cfSmarkus -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 554c0a201cfSmarkus echo done. 555c0a201cfSmarkus else 556c0a201cfSmarkus echo failed. 557c0a201cfSmarkus fi 558c0a201cfSmarkusfi 559c0a201cfSmarkus 560df930be7Sderaadtecho -n starting network daemons: 561df930be7Sderaadt 56269f602d6Sian# $routed_flags are imported from /etc/rc.conf. 563df930be7Sderaadt# If $routed_flags == NO, routed isn't run. 5649969bcb5Smillertif [ X"${routed_flags}" != X"NO" ]; then 565df930be7Sderaadt echo -n ' routed'; routed $routed_flags 566df930be7Sderaadtfi 567df930be7Sderaadt 568edae963cSderaadt# $mrouted_flags is imported from /etc/rc.conf; 56969b30726Sderaadt# If $mrouted_flags == NO, then mrouted isn't run. 5709969bcb5Smillertif [ X"${mrouted_flags}" != X"NO" ]; then 57169b30726Sderaadt echo -n ' mrouted'; mrouted $mrouted_flags 57269b30726Sderaadtfi 57369b30726Sderaadt 57480302420Snorbyif [ X"${dvmrpd_flags}" != X"NO" ]; then 57580302420Snorby echo -n ' dvmrpd'; /usr/sbin/dvmrpd $dvmrpd_flags 57680302420Snorbyfi 57780302420Snorby 5789969bcb5Smillertif [ X"${ospfd_flags}" != X"NO" ]; then 579c7f4bdaaShenning echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags 580c7f4bdaaShenningfi 581c7f4bdaaShenning 5829969bcb5Smillertif [ X"${bgpd_flags}" != X"NO" ]; then 583220f3b8dShenning echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags 584220f3b8dShenningfi 585220f3b8dShenning 58630a2245dSform# $dhcpd_flags is imported from /etc/rc.conf 58730a2245dSform# If $dhcpd_flags == NO or /etc/dhcpd.conf doesn't exist, then dhcpd isn't run. 5889969bcb5Smillertif [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then 58930a2245dSform touch /var/db/dhcpd.leases 59030a2245dSform if [ -f /etc/dhcpd.interfaces ]; then 59178a6b8a8Smpech dhcpd_ifs=`stripcom /etc/dhcpd.interfaces` 59230a2245dSform fi 59330a2245dSform echo -n ' dhcpd'; /usr/sbin/dhcpd ${dhcpd_flags} ${dhcpd_ifs} 59430a2245dSformfi 59530a2245dSform 596*95d52386Snorbyif [ X"${dhcrelay_flags}" != X"NO" ]; then 597*95d52386Snorby echo -n ' dhcrelay'; /usr/sbin/dhcrelay $dhcrelay_flags 598*95d52386Snorbyfi 599*95d52386Snorby 60033a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 60133a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 6029969bcb5Smillert if [ X"${fw}" = X"0" ]; then 60333a0f254Sitojun # $rtsold_flags is imported from /etc/rc.conf; 60433a0f254Sitojun # If $rtsold_flags == NO, then rtsold isn't run. 6059969bcb5Smillert if [ X"${rtsold_flags}" != X"NO" ]; then 60633a0f254Sitojun echo -n ' rtsold' 60733a0f254Sitojun /usr/sbin/rtsold ${rtsold_flags} 60833a0f254Sitojun fi 60933a0f254Sitojun else 61033a0f254Sitojun # $route6d_flags is imported from /etc/rc.conf; 61133a0f254Sitojun # If $route6d_flags == NO, then route6d isn't run. 6129969bcb5Smillert if [ X"${route6d_flags}" != X"NO" ]; then 61333a0f254Sitojun echo -n ' route6d' 61433a0f254Sitojun /usr/sbin/route6d ${route6d_flags} 61533a0f254Sitojun fi 61633a0f254Sitojun # $rtadvd_flags is imported from /etc/rc.conf; 61706347140Sitojun # If $rtadvd_flags == NO, then rtadvd isn't run. 6189969bcb5Smillert if [ X"${rtadvd_flags}" != X"NO" ]; then 61933a0f254Sitojun echo -n ' rtadvd' 62033a0f254Sitojun /usr/sbin/rtadvd ${rtadvd_flags} 62133a0f254Sitojun fi 62233a0f254Sitojun fi 62333a0f254Sitojunfi 62433a0f254Sitojun 625797ee821Sreykif [ X"${hostapd_flags}" != X"NO" ]; then 626797ee821Sreyk echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags}; 627797ee821Sreykfi 628797ee821Sreyk 629edae963cSderaadt# $rwhod is imported from /etc/rc.conf; 630df930be7Sderaadt# if $rwhod == YES, rwhod is run. 6319969bcb5Smillertif [ X"${rwhod}" = X"YES" ]; then 632df930be7Sderaadt echo -n ' rwhod'; rwhod 633df930be7Sderaadtfi 634df930be7Sderaadt 635423a3640Sderaadt 6369969bcb5Smillertif [ X"${lpd_flags}" != X"NO" ]; then 6377c143c5dSfgsch echo -n ' lpd'; lpd ${lpd_flags} 638423a3640Sderaadtfi 639df930be7Sderaadt 640edae963cSderaadt# $sendmail_flags is imported from /etc/rc.conf; 6410e208981Smillert# If $sendmail_flags == NO or /etc/mailer.conf doesn't exist, then 6424844ae79Sderaadt# sendmail isn't run. We call sendmail with a full path so that 6430e208981Smillert# SIGHUP works. Note that /usr/sbin/sendmail may actually call a 6440e208981Smillert# mailer other than sendmail, depending on /etc/mailer.conf. 6459969bcb5Smillertif [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then 646e18bddb2Smillert echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & ) 647df930be7Sderaadtfi 648df930be7Sderaadt 6499969bcb5Smillertif [ X"${httpd_flags}" != X"NO" ]; then 650205e112eSespie # Clean up left-over httpd locks 651205e112eSespie rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* 652f3079313Sangelos echo -n ' httpd'; /usr/sbin/httpd ${httpd_flags} 65352e6779cSderaadtfi 65452e6779cSderaadt 6559969bcb5Smillertif [ X"${ftpd_flags}" != X"NO" ]; then 656b6330bccSdownsj echo -n ' ftpd'; /usr/libexec/ftpd ${ftpd_flags} 657b6330bccSdownsjfi 658b6330bccSdownsj 65989b602d7Scamieldif [ X"${ftpproxy_flags}" != X"NO" ]; then 66089b602d7Scamield echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags} 66189b602d7Scamieldfi 66289b602d7Scamield 6639969bcb5Smillertif [ X"${identd_flags}" != X"NO" ]; then 6644265ef72Sfgsch echo -n ' identd'; /usr/libexec/identd ${identd_flags} 6654265ef72Sfgschfi 6664265ef72Sfgsch 6679969bcb5Smillertif [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then 668df930be7Sderaadt echo -n ' inetd'; inetd 669423a3640Sderaadtfi 670df930be7Sderaadt 67136fdfb26Sderaadtif [ X"${sshd_flags}" != X"NO" ]; then 67236fdfb26Sderaadt echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags}; 67336fdfb26Sderaadtfi 67436fdfb26Sderaadt 6759969bcb5Smillertif [ X"${spamd_flags}" != X"NO" ]; then 6769969bcb5Smillert if [ X"${spamd_grey}" != X"NO" ]; then 677116d9528Sderaadt spamd_flags="${spamd_flags} -g" 678116d9528Sderaadt fi 6796856ca63Sotto echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags} 680116d9528Sderaadt /usr/libexec/spamd-setup 6819969bcb5Smillert if [ X"${spamd_grey}" != X"NO" ]; then 682116d9528Sderaadt echo -n ' spamlogd' 6831b86c533Shenning /usr/libexec/spamlogd ${spamlogd_flags} 684116d9528Sderaadt fi 685116d9528Sderaadtfi 686116d9528Sderaadt 687edae963cSderaadt# $rarpd_flags is imported from /etc/rc.conf; 688df930be7Sderaadt# If $rarpd_flags == NO or /etc/ethers doesn't exist, then 689df930be7Sderaadt# rarpd isn't run. 6909969bcb5Smillertif [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then 691df930be7Sderaadt echo -n ' rarpd'; rarpd ${rarpd_flags} 692df930be7Sderaadtfi 693df930be7Sderaadt 694edae963cSderaadt# $bootparamd_flags is imported from /etc/rc.conf; 695df930be7Sderaadt# If $bootparamd_flags == NO or /etc/bootparams doesn't exist, then 696df930be7Sderaadt# bootparamd isn't run. 6979969bcb5Smillertif [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then 698df930be7Sderaadt echo -n ' rpc.bootparamd'; rpc.bootparamd ${bootparamd_flags} 699df930be7Sderaadtfi 700df930be7Sderaadt 701edae963cSderaadt# $rbootd_flags is imported from /etc/rc.conf; 702df930be7Sderaadt# If $rbootd_flags == NO or /etc/rbootd.conf doesn't exist, then 703df930be7Sderaadt# rbootd isn't run. 7049969bcb5Smillertif [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then 705df930be7Sderaadt echo -n ' rbootd'; rbootd ${rbootd_flags} 706df930be7Sderaadtfi 707df930be7Sderaadt 708df4692e3Smaja# $mopd_flags is imported from /etc/rc.conf; 709df4692e3Smaja# If $mopd_flags == NO or /tftpboot/mop doesn't exist, then 710df4692e3Smaja# mopd isn't run. 7119969bcb5Smillertif [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then 712df4692e3Smaja echo -n ' mopd'; mopd ${mopd_flags} 713df4692e3Smajafi 714df4692e3Smaja 715df930be7Sderaadtecho '.' 716df930be7Sderaadt 717c86c53eeSderaadtmixerctl_conf 718c86c53eeSderaadt 719fde3f312Shin# KerberosV master KDC 7209969bcb5Smillertif [ X"${krb5_master_kdc}" = X"YES" ]; then 721fde3f312Shin echo 'KerberosV master KDC' 722fde3f312Shin /usr/libexec/kdc & 723fde3f312Shin /usr/libexec/kadmind & 724fde3f312Shin /usr/libexec/kpasswdd & 725fde3f312Shinfi 726fde3f312Shin 727fde3f312Shin# KerberosV slave KDC 7289969bcb5Smillertif [ X"${krb5_slave_kdc}" = X"YES" ]; then 729fde3f312Shin echo 'KerberosV slave KDC' 730fde3f312Shin /usr/libexec/kdc & 731fde3f312Shin # Remember to enable hpropd in inetd.conf 732fde3f312Shinfi 733fde3f312Shin 7342f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 7358b7444a6Sderaadt 73674491808Smillertecho -n standard daemons: 737f026f8beSmarc 738f026f8beSmarc# $apmd_flags is imported from /etc/rc.conf; 739f026f8beSmarc# don't run daemon if $apmd_flags == NO or /usr/sbin/apmd doesn't exist 7409969bcb5Smillertif [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then 741f026f8beSmarc echo -n ' apmd'; /usr/sbin/apmd ${apmd_flags} 742f026f8beSmarcfi 743f026f8beSmarc 7447934d707Stholoif [ X"${acpid_flags}" != X"NO" -a -x /usr/sbin/acpid ]; then 7457934d707Stholo echo -n ' acpid'; /usr/sbin/acpid ${acpid_flags} 7467934d707Stholofi 7477934d707Stholo 748793d0ae6Shenningif [ X"${sensorsd_flags}" != X"NO" ]; then 749793d0ae6Shenning echo -n ' sensorsd'; /usr/sbin/sensorsd ${sensorsd_flags} 750793d0ae6Shenningfi 751793d0ae6Shenning 752f255c293Sgrangeif [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then 753f255c293Sgrange echo -n ' hotplugd'; /usr/sbin/hotplugd ${hotplugd_flags} 754f255c293Sgrangefi 755f255c293Sgrange 7562e3327d2Shenningif [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then 7572e3327d2Shenning echo -n ' watchdogd'; /usr/sbin/watchdogd ${watchdogd_flags} 7582e3327d2Shenningfi 7592e3327d2Shenning 76074491808Smillertecho -n ' cron'; cron 761f026f8beSmarc 76274491808Smillertecho '.' 76374491808Smillert 764df930be7Sderaadtdate 7658569782fSderaadt 7669969bcb5Smillertif [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then 7674a4c21d8Sderaadt echo 'starting wsmoused...'; /usr/sbin/wsmoused ${wsmoused_flags} 76896ac2838Saaronfi 769f8810935Saaron 770f8810935Saaron# Alternatively, on some architectures, xdm may be started in /etc/ttys. 7719969bcb5Smillertif [ X"${xdm_flags}" != X"NO" ]; then 772f8810935Saaron echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags} 7738569782fSderaadtfi 7748569782fSderaadt 775df930be7Sderaadtexit 0 7768b757a89Sart 777