1*cc294143Sderaadt# $OpenBSD: rc,v 1.279 2006/03/14 22:48:46 deraadt Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 976be3177eSmillert eval /sbin/wsconsctl -w $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1025420764bSmillert# End subroutines 1035420764bSmillert 104df930be7Sderaadtstty status '^T' 105df930be7Sderaadt 106df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 107df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 108df930be7Sderaadttrap : 2 109df930be7Sderaadttrap : 3 # shouldn't be needed 110df930be7Sderaadt 111df930be7SderaadtHOME=/; export HOME 112df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 113df930be7Sderaadtexport PATH 114df930be7Sderaadt 1159969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 11675a54d2eSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1 11775a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 11875a54d2eSderaadt if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then 11975a54d2eSderaadt echo /etc/rc.shutdown in progress... 12075a54d2eSderaadt . /etc/rc.shutdown 12175a54d2eSderaadt echo /etc/rc.shutdown complete. 1229e07bef9Smcbride 1239e07bef9Smcbride # bring carp interfaces down gracefully 1249e07bef9Smcbride for hn in /etc/hostname.carp[0-9]*; do 1259e07bef9Smcbride # Strip off /etc/hostname. prefix 1269e07bef9Smcbride if=${hn#/etc/hostname.} 1279efb36b9Scedric test "$if" = "carp[0-9]*" && continue 1289e07bef9Smcbride 1291f22cd84Sderaadt ifconfig $if > /dev/null 2>&1 130b844ef19Smcbride if [ $? -eq 0 ]; then 1319e07bef9Smcbride ifconfig $if down 1321f22cd84Sderaadt fi 1339e07bef9Smcbride done 1342ee46d13Smcbride 1359969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 1362ee46d13Smcbride exit 2 1372ee46d13Smcbride fi 1382ee46d13Smcbride 13975a54d2eSderaadt else 14075a54d2eSderaadt echo single user: not running /etc/rc.shutdown 14175a54d2eSderaadt fi 14275a54d2eSderaadt exit 0 14375a54d2eSderaadtfi 14475a54d2eSderaadt 145df930be7Sderaadt# Configure ccd devices. 1468b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then 147df930be7Sderaadt ccdconfig -C 148df930be7Sderaadtfi 149df930be7Sderaadt 150c5858a2aSjakob# Configure raid devices. 151c5858a2aSjakobfor dev in 0 1 2 3; do 152c5858a2aSjakob if [ -f /etc/raid$dev.conf ]; then 153c5858a2aSjakob raidctl -c /etc/raid$dev.conf raid$dev 154c5858a2aSjakob fi 155c5858a2aSjakobdone 156c5858a2aSjakob 1575a87f599Stdeval# Check parity on raid devices. 1584d6c2f1bSderaadtraidctl -P all 1595a87f599Stdeval 160638be0f1Smiodswapctl -A -t blk 161920abb1bSderaadt 1628b7444a6Sderaadtif [ -e /fastboot ]; then 163df930be7Sderaadt echo "Fast boot: skipping disk checks." 1649969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 165df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 166b39bbe87Smillert fsck -p 167df930be7Sderaadt case $? in 168df930be7Sderaadt 0) 169df930be7Sderaadt ;; 170df930be7Sderaadt 2) 171df930be7Sderaadt exit 1 172df930be7Sderaadt ;; 173df930be7Sderaadt 4) 174df930be7Sderaadt echo "Rebooting..." 175df930be7Sderaadt reboot 176df930be7Sderaadt echo "Reboot failed; help!" 177df930be7Sderaadt exit 1 178df930be7Sderaadt ;; 179df930be7Sderaadt 8) 180df930be7Sderaadt echo "Automatic file system check failed; help!" 181df930be7Sderaadt exit 1 182df930be7Sderaadt ;; 183df930be7Sderaadt 12) 184df930be7Sderaadt echo "Boot interrupted." 185df930be7Sderaadt exit 1 186df930be7Sderaadt ;; 187df930be7Sderaadt 130) 188df930be7Sderaadt # interrupt before catcher installed 189df930be7Sderaadt exit 1 190df930be7Sderaadt ;; 191df930be7Sderaadt *) 192df930be7Sderaadt echo "Unknown error; help!" 193df930be7Sderaadt exit 1 194df930be7Sderaadt ;; 195df930be7Sderaadt esac 196df930be7Sderaadtfi 197df930be7Sderaadt 198df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 199df930be7Sderaadt 200df930be7Sderaadtumount -a >/dev/null 2>&1 201df930be7Sderaadtmount -a -t nonfs 2024515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 203df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 204df930be7Sderaadt 205d3ae8907Sderaadt# pick up option configuration 206d3ae8907Sderaadt. /etc/rc.conf 207d3ae8907Sderaadt 208df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 209df930be7Sderaadtecho 'setting tty flags' 210df930be7Sderaadtttyflags -a 211df930be7Sderaadt 21248390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 21348390b59Smcbride kbd `cat /etc/kbdtype` 21448390b59Smcbridefi 21548390b59Smcbride 216*cc294143Sderaadtwsconsctl_conf 217*cc294143Sderaadt 2189969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2197b24ca9eSmcbride RULES="block all" 2204dd40d42Shenning RULES="$RULES\npass on lo0" 2217637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 222ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 2233dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 224e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 225ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 226ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 22763c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 22863c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 229e24e98b3Sgrange fi 2309e07bef9Smcbride RULES="$RULES\npass proto { pfsync, carp }" 2313dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 23218db1430Sderaadt *[1-9]*) 23318db1430Sderaadt # don't kill NFS 234086485f4Scedric RULES="scrub in all no-df\n$RULES" 23518db1430Sderaadt RULES="$RULES\npass in proto udp from any port { 111, 2049 } to any" 23618db1430Sderaadt RULES="$RULES\npass out proto udp from any to any port { 111, 2049 }" 23718db1430Sderaadt ;; 23818db1430Sderaadt esac 2394616f5d9Sdhartmei echo $RULES | pfctl -f - 2404616f5d9Sdhartmei pfctl -e 2411097c023Skjellfi 2421097c023Skjell 2430e47d797Smillertsysctl_conf 244f753b29fSderaadt 245df930be7Sderaadt# set hostname, turn on network 246df930be7Sderaadtecho 'starting network' 247053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 248053628caSderaadt mv /etc/resolv.conf.save /etc/resolv.conf 249053628caSderaadt touch /etc/resolv.conf 250053628caSderaadtfi 251df930be7Sderaadt. /etc/netstart 252df930be7Sderaadt 2539969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2541097c023Skjell if [ -f ${pf_rules} ]; then 255616367a9Sdhartmei pfctl -f ${pf_rules} 2561097c023Skjell fi 2571097c023Skjellfi 2581097c023Skjell 259cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 260cc3d9aa9Sottomount -s /var >/dev/null 2>&1 261df930be7Sderaadt 262f26db62bSderaadt# if there's no /var/db/host.random, make one through /dev/urandom 263f26db62bSderaadtif [ ! -f /var/db/host.random ]; then 264f26db62bSderaadt dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 265f26db62bSderaadt >/dev/null 2>&1 266f26db62bSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 267f26db62bSderaadtelse 268f26db62bSderaadt dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \ 269f26db62bSderaadt > /dev/null 2>&1 270f26db62bSderaadt dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \ 271f26db62bSderaadt > /dev/null 2>&1 272f26db62bSderaadtfi 273f26db62bSderaadt 27474af54b4Sderaadt# reset seed file, so that if a shutdown-less reboot occurs, 27574af54b4Sderaadt# the next seed is not a repeat 27674af54b4Sderaadtdd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \ 27774af54b4Sderaadt > /dev/null 2>&1 27874af54b4Sderaadt 279f0550eb3Sderaadt# clean up left-over files 280f0550eb3Sderaadtrm -f /etc/nologin 281f0550eb3Sderaadtrm -f /var/spool/lock/LCK.* 282f0550eb3Sderaadtrm -f /var/spool/uucp/STST/* 2832402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 28423d49488Sbeck(cd /var/authpf && rm -rf -- *) 28523d49488Sbeck 2866c0a0b4aSalex# save a copy of the boot messages 2876c0a0b4aSalexdmesg >/var/run/dmesg.boot 2886c0a0b4aSalex 2893ca632e7Sderaadtecho 'starting system logger' 2903ca632e7Sderaadtrm -f /dev/log 2919969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 2927078508dSjakob rm -f /var/named/dev/log 2937078508dSjakob syslogd_flags="${syslogd_flags} -a /var/named/dev/log" 294b025dbf1Smillertfi 295f65d7fb6Smillertif [ -d /var/empty ]; then 296f65d7fb6Smillert rm -f /var/empty/dev/log 297f65d7fb6Smillert mkdir -p -m 0555 /var/empty/dev 298f65d7fb6Smillert syslogd_flags="${syslogd_flags} -a /var/empty/dev/log" 299f65d7fb6Smillertfi 3001dabce80Smarcsyslogd ${syslogd_flags} 3013ca632e7Sderaadt 302f4029872Sderaadtif [ X"${pf}" != X"NO" -a X"${pflogd_flags}" != X"NO" ]; then 3039a5df41aSmillert if ifconfig pflog0 >/dev/null 2>&1; then 30418db1430Sderaadt ifconfig pflog0 up 30518db1430Sderaadt pflogd ${pflogd_flags} 30618db1430Sderaadt fi 3079a5df41aSmillertfi 30818db1430Sderaadt 30966ccf3e0Stodd# $named_flags is imported from /etc/rc.conf; 310d8a0d55aSjakob# if $named_flags != NO, named is run. 3119969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 3120abe9ed7Sdanh if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 3133a98a453Sjakob echo -n "rndc-confgen: generating new shared secret... " 3140abe9ed7Sdanh if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then 3150abe9ed7Sdanh chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1 3163a98a453Sjakob echo done. 3173a98a453Sjakob else 3183a98a453Sjakob echo failed. 3193a98a453Sjakob fi 3203a98a453Sjakob fi 3213a98a453Sjakob 3223ca632e7Sderaadt echo 'starting named'; named $named_flags 323759e03b2Sderaadtfi 324759e03b2Sderaadt 325096ed560Sderaadt# $isakmpd_flags is imported from /etc/rc.conf; 326763d5844Shshoexer# If $isakmpd_flags == NO, isakmpd isn't run. 3279969bcb5Smillertif [ X"${isakmpd_flags}" != X"NO" ]; then 328096ed560Sderaadt echo 'starting isakmpd'; isakmpd ${isakmpd_flags} 329096ed560Sderaadtfi 330096ed560Sderaadt 3312f413fd2Stomecho -n 'starting initial daemons:' 3328e74b1f0Smillert 333edae963cSderaadt# $portmap is imported from /etc/rc.conf; 3348e74b1f0Smillert# if $portmap == YES, the portmapper is started. 3358e74b1f0Smillertif [ X"${portmap}" = X"YES" ]; then 336df930be7Sderaadt echo -n ' portmap'; portmap 337423a3640Sderaadtfi 338df930be7Sderaadt 339052fe65bSderaadtif [ X`domainname` != X ]; then 3402d5ee5bcSderaadt if [ -d /var/yp/`domainname` ]; then 341052fe65bSderaadt # YP server capabilities needed... 342d6518a3fSniklas echo -n ' ypserv'; ypserv ${ypserv_flags} 343d52cd61fSderaadt #echo -n ' ypxfrd'; ypxfrd 3447f2d1b00Sderaadt fi 345b25099beSderaadt 346052fe65bSderaadt if [ -d /var/yp/binding ]; then 347052fe65bSderaadt # YP client capabilities needed... 3487f2d1b00Sderaadt echo -n ' ypbind'; ypbind 349052fe65bSderaadt fi 3507f2d1b00Sderaadt 351621a5fbaSderaadt if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then 352b25099beSderaadt # if we are the master server, run rpc.yppasswdd 353b25099beSderaadt _host1=`ypwhich -m passwd 2> /dev/null` 354b25099beSderaadt _host2=`hostname` 355fd917f6eSderaadt if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then 356b25099beSderaadt _host1=`ypmatch $_host1 hosts | cut -d' ' -f2` 357b25099beSderaadt _host2=`ypmatch $_host2 hosts | cut -d' ' -f2 | head -1` 358b25099beSderaadt else 359214f531bSderaadt _host1=`echo $_host1 | nslookup | grep '^Name: ' | \ 360b25099beSderaadt sed -e 's/^Name: //'` 361214f531bSderaadt _host2=`echo $_host2 | nslookup | grep '^Name: ' | \ 362b25099beSderaadt sed -e 's/^Name: //'` 363b25099beSderaadt fi 364234efc0eSderaadt if [ "$_host2" = "$_host1" ]; then 36513f82310Sniklas echo -n ' rpc.yppasswdd' 36613f82310Sniklas rpc.yppasswdd ${yppasswdd_flags} 3672d5ee5bcSderaadt fi 3682d5ee5bcSderaadt fi 369df930be7Sderaadtfi 370df930be7Sderaadt 371edae963cSderaadt# $nfs_server is imported from /etc/rc.conf; 372df930be7Sderaadt# if $nfs_server == YES, the machine is setup for being an nfs server 3739969bcb5Smillertif [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ 374d54d80fbSderaadt `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then 375df930be7Sderaadt rm -f /var/db/mountdtab 376df930be7Sderaadt echo -n > /var/db/mountdtab 377df930be7Sderaadt echo -n ' mountd'; mountd 378e6d41a0aSniklas echo -n ' nfsd'; nfsd ${nfsd_flags} 3799969bcb5Smillert if [ X"${lockd}" = X"YES" ]; then 380e6d41a0aSniklas echo -n ' rpc.lockd'; rpc.lockd 381e6d41a0aSniklas fi 382df930be7Sderaadtfi 383df930be7Sderaadt 3849969bcb5Smillertif [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then 385df930be7Sderaadt echo -n ' amd' 386d988480bSderaadt (cd /etc/amd; amd -l syslog -x error,noinfo,nostats -p \ 387d988480bSderaadt -a ${amd_dir} `cat ${amd_master}` > /var/run/amd.pid ) 388df930be7Sderaadtfi 389df930be7Sderaadt 390cb033641Shenning# run rdate before timed/ntpd 391cb033641Shenningif [ X"${rdate_flags}" != X"NO" ]; then 392cb033641Shenning echo -n ' rdate'; rdate -s ${rdate_flags} 393cb033641Shenningfi 394cb033641Shenning 395cb033641Shenning# $timed_flags is imported from /etc/rc.conf; 396cb033641Shenning# if $timed_flags == NO, timed isn't run. 3979969bcb5Smillertif [ X"${timed_flags}" != X"NO" ]; then 398cb033641Shenning echo -n ' timed'; timed $timed_flags 399cb033641Shenningfi 400cb033641Shenning 4019969bcb5Smillertif [ X"${ntpd_flags}" != X"NO" ]; then 402117259d9Sderaadt echo -n ' ntpd'; ntpd $ntpd_flags 403cb033641Shenningfi 404df930be7Sderaadtecho '.' 405df930be7Sderaadt 406cc3d9aa9Sottomount -a 4073ca632e7Sderaadt 408638be0f1Smiodswapctl -A -t noblk 409638be0f1Smiod 410df930be7Sderaadt# /var/crash should be a directory or a symbolic link 411df930be7Sderaadt# to the crash directory if core dumps are to be saved. 412df930be7Sderaadtif [ -d /var/crash ]; then 4139d112a13Stholo savecore ${savecore_flags} /var/crash 414df930be7Sderaadtfi 415df930be7Sderaadt 4169969bcb5Smillertif [ X"${afs}" = X"YES" -a -c /dev/xfs0 ]; then 4178b757a89Sart echo -n 'mounting afs:' 418dd435269Sbeck mkdir -p -m 0755 /afs 419dd435269Sbeck mount -t xfs /dev/xfs0 /afs 420dd435269Sbeck /usr/libexec/afsd ${afsd_flags} 4218b757a89Sart echo ' done.' 4228b757a89Sartfi 4238b757a89Sart 4249969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 425df930be7Sderaadt echo -n 'checking quotas:' 426df930be7Sderaadt quotacheck -a 427df930be7Sderaadt echo ' done.' 428df930be7Sderaadt quotaon -a 42936a647e7Sdownsjfi 430df930be7Sderaadt 431df930be7Sderaadt# build ps databases 432fb69824dSderaadtecho -n 'building ps databases:' 433fb69824dSderaadtecho -n " kvm" 434004fa836Smillertkvm_mkdb 435fb69824dSderaadtecho -n " dev" 436df930be7Sderaadtdev_mkdb 437fb69824dSderaadtecho "." 438df930be7Sderaadt 439e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 440a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 441df930be7Sderaadt 442df930be7Sderaadt# check the password temp/lock file 4438b7444a6Sderaadtif [ -f /etc/ptmp ]; then 444df930be7Sderaadt logger -s -p auth.err \ 445df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 446df930be7Sderaadtfi 447df930be7Sderaadt 448e65724e6Smillertecho clearing /tmp 449e65724e6Smillert 450e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 451e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 452e65724e6Smillert(cd /tmp && rm -rf [a-km-pr-zA-Z]* && 453e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4548b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 455e65724e6Smillert 456f8310bdcShugh# create Unix sockets directories for X if needed and make sure they have 457f8310bdcShugh# correct permissions 458f8310bdcShughif [ -d /usr/X11R6/lib ]; then 459f8310bdcShugh for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 460f8310bdcShugh if [ -d $d ]; then 461f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f4` != root ]; then 462f8310bdcShugh chown root $d 463f8310bdcShugh fi 464f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then 465f8310bdcShugh chmod 1777 $d 466f8310bdcShugh fi 467f8310bdcShugh elif [ -e $d ]; then 468f8310bdcShugh echo "Error: $d exists and isn't a directory." 469f8310bdcShugh else 470f8310bdcShugh mkdir -m 1777 $d 471f8310bdcShugh fi 472f8310bdcShugh done 473f8310bdcShughfi 474f8310bdcShugh 4752f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 4769969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 477e31a5b5aSmillert echo -n 'setting kernel security level: ' 4786a337e36Sjmc sysctl kern.securelevel=${securelevel} 47941406ee4Sderaadtfi 48041406ee4Sderaadt 481dc279d04Sderaadt# patch /etc/motd 482dc279d04Sderaadtif [ ! -f /etc/motd ]; then 483dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 484dc279d04Sderaadtfi 485d243dabcSmillertT=`mktemp /tmp/_motd.XXXXXXXXXX` 486499eb670Smillertif [ $? -eq 0 ]; then 487dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 488dc279d04Sderaadt echo "" >> $T 489dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 490dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 491dc279d04Sderaadt rm -f $T 4925b45527eSmillertfi 493dc279d04Sderaadt 494df930be7Sderaadtif [ -f /var/account/acct ]; then 495df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 496df930be7Sderaadtfi 497df930be7Sderaadt 4987e42516dSderaadtif [ -f /sbin/ldconfig ]; then 4997e42516dSderaadt echo 'creating runtime link editor directory cache.' 5007e42516dSderaadt if [ -d /usr/local/lib ]; then 5015881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 5027e42516dSderaadt fi 5037e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 5045881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 5057e42516dSderaadt fi 5067e42516dSderaadt ldconfig $shlib_dirs 5077e42516dSderaadtfi 5087e42516dSderaadt 509f57929bcSmillertif [ -x /usr/libexec/vi.recover ]; then 510f57929bcSmillert echo 'preserving editor files'; /usr/libexec/vi.recover 511f57929bcSmillertfi 512f57929bcSmillert 5130662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 51434c0b73eSderaadt echo -n "ssh-keygen: generating new DSA host key... " 5150662dc2cSderaadt if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then 516b05748d5Sderaadt echo done. 517b05748d5Sderaadt else 518b05748d5Sderaadt echo failed. 519b05748d5Sderaadt fi 520b05748d5Sderaadtfi 5210662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_rsa_key ]; then 522b05748d5Sderaadt echo -n "ssh-keygen: generating new RSA host key... " 5230662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then 52434c0b73eSderaadt echo done. 52534c0b73eSderaadt else 52634c0b73eSderaadt echo failed. 52734c0b73eSderaadt fi 52834c0b73eSderaadtfi 5290662dc2cSderaadtif [ ! -f /etc/ssh/ssh_host_key ]; then 530d5166b8fSmarkus echo -n "ssh-keygen: generating new RSA1 host key... " 5310662dc2cSderaadt if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then 5326d6e0cf6Sderaadt echo done. 5336d6e0cf6Sderaadt else 5346d6e0cf6Sderaadt echo failed. 5356d6e0cf6Sderaadt fi 5366d6e0cf6Sderaadtfi 5376d6e0cf6Sderaadt 538c0a201cfSmarkusif [ ! -f /etc/isakmpd/private/local.key ]; then 539c0a201cfSmarkus echo -n "openssl: generating new isakmpd RSA key... " 540c0a201cfSmarkus if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 1024 \ 541c0a201cfSmarkus > /dev/null 2>&1; then 542c0a201cfSmarkus chmod 600 /etc/isakmpd/private/local.key 543c0a201cfSmarkus openssl rsa -out /etc/isakmpd/private/local.pub \ 544c0a201cfSmarkus -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 545c0a201cfSmarkus echo done. 546c0a201cfSmarkus else 547c0a201cfSmarkus echo failed. 548c0a201cfSmarkus fi 549c0a201cfSmarkusfi 550c0a201cfSmarkus 551df930be7Sderaadtecho -n starting network daemons: 552df930be7Sderaadt 55369f602d6Sian# $routed_flags are imported from /etc/rc.conf. 554df930be7Sderaadt# If $routed_flags == NO, routed isn't run. 5559969bcb5Smillertif [ X"${routed_flags}" != X"NO" ]; then 556df930be7Sderaadt echo -n ' routed'; routed $routed_flags 557df930be7Sderaadtfi 558df930be7Sderaadt 559edae963cSderaadt# $mrouted_flags is imported from /etc/rc.conf; 56069b30726Sderaadt# If $mrouted_flags == NO, then mrouted isn't run. 5619969bcb5Smillertif [ X"${mrouted_flags}" != X"NO" ]; then 56269b30726Sderaadt echo -n ' mrouted'; mrouted $mrouted_flags 56369b30726Sderaadtfi 56469b30726Sderaadt 5659969bcb5Smillertif [ X"${ospfd_flags}" != X"NO" ]; then 566c7f4bdaaShenning echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags 567c7f4bdaaShenningfi 568c7f4bdaaShenning 5699969bcb5Smillertif [ X"${bgpd_flags}" != X"NO" ]; then 570220f3b8dShenning echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags 571220f3b8dShenningfi 572220f3b8dShenning 57330a2245dSform# $dhcpd_flags is imported from /etc/rc.conf 57430a2245dSform# If $dhcpd_flags == NO or /etc/dhcpd.conf doesn't exist, then dhcpd isn't run. 5759969bcb5Smillertif [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then 57630a2245dSform touch /var/db/dhcpd.leases 57730a2245dSform if [ -f /etc/dhcpd.interfaces ]; then 57878a6b8a8Smpech dhcpd_ifs=`stripcom /etc/dhcpd.interfaces` 57930a2245dSform fi 58030a2245dSform echo -n ' dhcpd'; /usr/sbin/dhcpd ${dhcpd_flags} ${dhcpd_ifs} 58130a2245dSformfi 58230a2245dSform 58333a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 58433a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 5859969bcb5Smillert if [ X"${fw}" = X"0" ]; then 58633a0f254Sitojun # $rtsold_flags is imported from /etc/rc.conf; 58733a0f254Sitojun # If $rtsold_flags == NO, then rtsold isn't run. 5889969bcb5Smillert if [ X"${rtsold_flags}" != X"NO" ]; then 58933a0f254Sitojun echo -n ' rtsold' 59033a0f254Sitojun /usr/sbin/rtsold ${rtsold_flags} 59133a0f254Sitojun fi 59233a0f254Sitojun else 59333a0f254Sitojun # $route6d_flags is imported from /etc/rc.conf; 59433a0f254Sitojun # If $route6d_flags == NO, then route6d isn't run. 5959969bcb5Smillert if [ X"${route6d_flags}" != X"NO" ]; then 59633a0f254Sitojun echo -n ' route6d' 59733a0f254Sitojun /usr/sbin/route6d ${route6d_flags} 59833a0f254Sitojun fi 59933a0f254Sitojun # $rtadvd_flags is imported from /etc/rc.conf; 60006347140Sitojun # If $rtadvd_flags == NO, then rtadvd isn't run. 6019969bcb5Smillert if [ X"${rtadvd_flags}" != X"NO" ]; then 60233a0f254Sitojun echo -n ' rtadvd' 60333a0f254Sitojun /usr/sbin/rtadvd ${rtadvd_flags} 60433a0f254Sitojun fi 60533a0f254Sitojun fi 60633a0f254Sitojunfi 60733a0f254Sitojun 608edae963cSderaadt# $rwhod is imported from /etc/rc.conf; 609df930be7Sderaadt# if $rwhod == YES, rwhod is run. 6109969bcb5Smillertif [ X"${rwhod}" = X"YES" ]; then 611df930be7Sderaadt echo -n ' rwhod'; rwhod 612df930be7Sderaadtfi 613df930be7Sderaadt 614423a3640Sderaadt 6159969bcb5Smillertif [ X"${lpd_flags}" != X"NO" ]; then 6167c143c5dSfgsch echo -n ' lpd'; lpd ${lpd_flags} 617423a3640Sderaadtfi 618df930be7Sderaadt 619edae963cSderaadt# $sendmail_flags is imported from /etc/rc.conf; 6200e208981Smillert# If $sendmail_flags == NO or /etc/mailer.conf doesn't exist, then 6214844ae79Sderaadt# sendmail isn't run. We call sendmail with a full path so that 6220e208981Smillert# SIGHUP works. Note that /usr/sbin/sendmail may actually call a 6230e208981Smillert# mailer other than sendmail, depending on /etc/mailer.conf. 6249969bcb5Smillertif [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then 625e18bddb2Smillert echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & ) 626df930be7Sderaadtfi 627df930be7Sderaadt 6289969bcb5Smillertif [ X"${httpd_flags}" != X"NO" ]; then 629205e112eSespie # Clean up left-over httpd locks 630205e112eSespie rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* 631f3079313Sangelos echo -n ' httpd'; /usr/sbin/httpd ${httpd_flags} 63252e6779cSderaadtfi 63352e6779cSderaadt 6349969bcb5Smillertif [ X"${ftpd_flags}" != X"NO" ]; then 635b6330bccSdownsj echo -n ' ftpd'; /usr/libexec/ftpd ${ftpd_flags} 636b6330bccSdownsjfi 637b6330bccSdownsj 63889b602d7Scamieldif [ X"${ftpproxy_flags}" != X"NO" ]; then 63989b602d7Scamield echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags} 64089b602d7Scamieldfi 64189b602d7Scamield 6429969bcb5Smillertif [ X"${identd_flags}" != X"NO" ]; then 6434265ef72Sfgsch echo -n ' identd'; /usr/libexec/identd ${identd_flags} 6444265ef72Sfgschfi 6454265ef72Sfgsch 6469969bcb5Smillertif [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then 647df930be7Sderaadt echo -n ' inetd'; inetd 648423a3640Sderaadtfi 649df930be7Sderaadt 65036fdfb26Sderaadtif [ X"${sshd_flags}" != X"NO" ]; then 65136fdfb26Sderaadt echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags}; 65236fdfb26Sderaadtfi 65336fdfb26Sderaadt 6549969bcb5Smillertif [ X"${spamd_flags}" != X"NO" ]; then 6559969bcb5Smillert if [ X"${spamd_grey}" != X"NO" ]; then 656116d9528Sderaadt spamd_flags="${spamd_flags} -g" 657116d9528Sderaadt fi 6586856ca63Sotto echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags} 659116d9528Sderaadt /usr/libexec/spamd-setup 6609969bcb5Smillert if [ X"${spamd_grey}" != X"NO" ]; then 661116d9528Sderaadt echo -n ' spamlogd' 6621b86c533Shenning /usr/libexec/spamlogd ${spamlogd_flags} 663116d9528Sderaadt fi 664116d9528Sderaadtfi 665116d9528Sderaadt 666edae963cSderaadt# $rarpd_flags is imported from /etc/rc.conf; 667df930be7Sderaadt# If $rarpd_flags == NO or /etc/ethers doesn't exist, then 668df930be7Sderaadt# rarpd isn't run. 6699969bcb5Smillertif [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then 670df930be7Sderaadt echo -n ' rarpd'; rarpd ${rarpd_flags} 671df930be7Sderaadtfi 672df930be7Sderaadt 673edae963cSderaadt# $bootparamd_flags is imported from /etc/rc.conf; 674df930be7Sderaadt# If $bootparamd_flags == NO or /etc/bootparams doesn't exist, then 675df930be7Sderaadt# bootparamd isn't run. 6769969bcb5Smillertif [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then 677df930be7Sderaadt echo -n ' rpc.bootparamd'; rpc.bootparamd ${bootparamd_flags} 678df930be7Sderaadtfi 679df930be7Sderaadt 680edae963cSderaadt# $rbootd_flags is imported from /etc/rc.conf; 681df930be7Sderaadt# If $rbootd_flags == NO or /etc/rbootd.conf doesn't exist, then 682df930be7Sderaadt# rbootd isn't run. 6839969bcb5Smillertif [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then 684df930be7Sderaadt echo -n ' rbootd'; rbootd ${rbootd_flags} 685df930be7Sderaadtfi 686df930be7Sderaadt 687df4692e3Smaja# $mopd_flags is imported from /etc/rc.conf; 688df4692e3Smaja# If $mopd_flags == NO or /tftpboot/mop doesn't exist, then 689df4692e3Smaja# mopd isn't run. 6909969bcb5Smillertif [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then 691df4692e3Smaja echo -n ' mopd'; mopd ${mopd_flags} 692df4692e3Smajafi 693df4692e3Smaja 694df930be7Sderaadtecho '.' 695df930be7Sderaadt 696c86c53eeSderaadtmixerctl_conf 697c86c53eeSderaadt 698fde3f312Shin# KerberosV master KDC 6999969bcb5Smillertif [ X"${krb5_master_kdc}" = X"YES" ]; then 700fde3f312Shin echo 'KerberosV master KDC' 701fde3f312Shin /usr/libexec/kdc & 702fde3f312Shin /usr/libexec/kadmind & 703fde3f312Shin /usr/libexec/kpasswdd & 704fde3f312Shinfi 705fde3f312Shin 706fde3f312Shin# KerberosV slave KDC 7079969bcb5Smillertif [ X"${krb5_slave_kdc}" = X"YES" ]; then 708fde3f312Shin echo 'KerberosV slave KDC' 709fde3f312Shin /usr/libexec/kdc & 710fde3f312Shin # Remember to enable hpropd in inetd.conf 711fde3f312Shinfi 712fde3f312Shin 7132f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 7148b7444a6Sderaadt 71574491808Smillertecho -n standard daemons: 716f026f8beSmarc 717f026f8beSmarc# $apmd_flags is imported from /etc/rc.conf; 718f026f8beSmarc# don't run daemon if $apmd_flags == NO or /usr/sbin/apmd doesn't exist 7199969bcb5Smillertif [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then 720f026f8beSmarc echo -n ' apmd'; /usr/sbin/apmd ${apmd_flags} 721f026f8beSmarcfi 722f026f8beSmarc 7237934d707Stholoif [ X"${acpid_flags}" != X"NO" -a -x /usr/sbin/acpid ]; then 7247934d707Stholo echo -n ' acpid'; /usr/sbin/acpid ${acpid_flags} 7257934d707Stholofi 7267934d707Stholo 727793d0ae6Shenningif [ X"${sensorsd_flags}" != X"NO" ]; then 728793d0ae6Shenning echo -n ' sensorsd'; /usr/sbin/sensorsd ${sensorsd_flags} 729793d0ae6Shenningfi 730793d0ae6Shenning 731f255c293Sgrangeif [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then 732f255c293Sgrange echo -n ' hotplugd'; /usr/sbin/hotplugd ${hotplugd_flags} 733f255c293Sgrangefi 734f255c293Sgrange 7352e3327d2Shenningif [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then 7362e3327d2Shenning echo -n ' watchdogd'; /usr/sbin/watchdogd ${watchdogd_flags} 7372e3327d2Shenningfi 7382e3327d2Shenning 73974491808Smillertecho -n ' cron'; cron 740f026f8beSmarc 74174491808Smillertecho '.' 74274491808Smillert 743df930be7Sderaadtdate 7448569782fSderaadt 7459969bcb5Smillertif [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then 7464a4c21d8Sderaadt echo 'starting wsmoused...'; /usr/sbin/wsmoused ${wsmoused_flags} 74796ac2838Saaronfi 748f8810935Saaron 749f8810935Saaron# Alternatively, on some architectures, xdm may be started in /etc/ttys. 7509969bcb5Smillertif [ X"${xdm_flags}" != X"NO" ]; then 751f8810935Saaron echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags} 7528569782fSderaadtfi 7538569782fSderaadt 754df930be7Sderaadtexit 0 7558b757a89Sart 756