1*e6e4e4c9Sderaadt# $OpenBSD: rc,v 1.363 2011/07/07 22:57:29 deraadt Exp $ 2df930be7Sderaadt 3df930be7Sderaadt# System startup script run by init on autoboot 4df930be7Sderaadt# or after single-user. 5df930be7Sderaadt# Output and error are redirected to console by init, 6df930be7Sderaadt# and the console is the controlling terminal. 7df930be7Sderaadt 85420764bSmillert# Subroutines (have to come first). 95420764bSmillert 105420764bSmillert# Strip comments (and leading/trailing whitespace if IFS is set) 115420764bSmillert# from a file and spew to stdout 125420764bSmillertstripcom() { 135420764bSmillert local _file="$1" 145420764bSmillert local _line 155420764bSmillert 165420764bSmillert { 175420764bSmillert while read _line ; do 185420764bSmillert _line=${_line%%#*} # strip comments 195420764bSmillert test -z "$_line" && continue 205420764bSmillert echo $_line 215420764bSmillert done 225420764bSmillert } < $_file 235420764bSmillert} 245420764bSmillert 250e47d797Smillert# Update resource limits when sysctl changes 260e47d797Smillert# Usage: update_limit -X loginconf_name 270e47d797Smillertupdate_limit() { 280e47d797Smillert local _fl="$1" # ulimit flag 290e47d797Smillert local _lc="$2" # login.conf name 300e47d797Smillert local _new _suf 310e47d797Smillert 320e47d797Smillert for _suf in "" -cur -max; do 330e47d797Smillert _new=`getcap -f /etc/login.conf -s ${_lc}${_suf} daemon 2>/dev/null` 340e47d797Smillert if [ X"$_new" != X"" ]; then 350e47d797Smillert if [ X"$_new" = X"infinity" ]; then 360e47d797Smillert _new=unlimited 370e47d797Smillert fi 380e47d797Smillert case "$_suf" in 390e47d797Smillert -cur) 400e47d797Smillert ulimit -S $_fl $_new 410e47d797Smillert ;; 420e47d797Smillert -max) 430e47d797Smillert ulimit -H $_fl $_new 440e47d797Smillert ;; 450e47d797Smillert *) 460e47d797Smillert ulimit $_fl $_new 470e47d797Smillert return 480e47d797Smillert ;; 490e47d797Smillert esac 500e47d797Smillert fi 510e47d797Smillert done 520e47d797Smillert} 530e47d797Smillert 540e47d797Smillertsysctl_conf() { 556be3177eSmillert test -s /etc/sysctl.conf || return 566be3177eSmillert 570e47d797Smillert # delete comments and blank lines 580e47d797Smillert set -- `stripcom /etc/sysctl.conf` 590e47d797Smillert while [ $# -ge 1 ] ; do 600e47d797Smillert sysctl $1 610e47d797Smillert # update limits if needed 620e47d797Smillert case $1 in 630e47d797Smillert kern.maxproc=*) 640e47d797Smillert update_limit -p maxproc 650e47d797Smillert ;; 660e47d797Smillert kern.maxfiles=*) 670e47d797Smillert update_limit -n openfiles 680e47d797Smillert ;; 690e47d797Smillert esac 700e47d797Smillert shift 710e47d797Smillert done 720e47d797Smillert} 730e47d797Smillert 740e47d797Smillertmixerctl_conf() 750e47d797Smillert{ 766be3177eSmillert test -s /etc/mixerctl.conf || return 776be3177eSmillert 780e47d797Smillert # delete comments and blank lines 790e47d797Smillert set -- `stripcom /etc/mixerctl.conf` 800e47d797Smillert while [ $# -ge 1 ] ; do 810e47d797Smillert mixerctl -q $1 > /dev/null 2>&1 820e47d797Smillert shift 830e47d797Smillert done 840e47d797Smillert} 850e47d797Smillert 866be3177eSmillertwsconsctl_conf() 876be3177eSmillert{ 886be3177eSmillert local save_IFS="$IFS" 896be3177eSmillert 906be3177eSmillert test -x /sbin/wsconsctl -a -s /etc/wsconsctl.conf || return 916be3177eSmillert # delete comments and blank lines 926be3177eSmillert IFS=" 936be3177eSmillert" 946be3177eSmillert set -- `stripcom /etc/wsconsctl.conf` 956be3177eSmillert IFS="$save_IFS" 966be3177eSmillert while [ $# -ge 1 ] ; do 97cffa29c0Sderaadt eval wsconsctl $1 986be3177eSmillert shift 996be3177eSmillert done 1006be3177eSmillert} 1016be3177eSmillert 1028f0921ecSdjmrandom_seed() 1038f0921ecSdjm{ 1048f0921ecSdjm if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then 10595800214Sderaadt dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \ 1068f0921ecSdjm > /dev/null 2>&1 1078f0921ecSdjm 1088f0921ecSdjm # reset seed file, so that if a shutdown-less reboot occurs, 1098f0921ecSdjm # the next seed is not a repeat 11095800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ 1118f0921ecSdjm > /dev/null 2>&1 1128f0921ecSdjm 1138f0921ecSdjm random_seed_done=1 1148f0921ecSdjm fi 1158f0921ecSdjm} 1168f0921ecSdjm 117e27ad5ceSdjmfill_baddynamic() 118e27ad5ceSdjm{ 119e27ad5ceSdjm local _service="$1" 120e27ad5ceSdjm local _sysctl="net.inet.${_service}.baddynamic" 121e27ad5ceSdjm local _name _port _srv _junk _ban 122e27ad5ceSdjm local _i=0 123e27ad5ceSdjm grep "/${_service}" /etc/services | { 124e27ad5ceSdjm IFS=" /" 125e27ad5ceSdjm while read _name _port _srv _junk; do 126e27ad5ceSdjm [ "x${_srv}" = "x${_service}" ] || continue; 127e27ad5ceSdjm if [ "x${_ban}" = "x" ]; then 128e27ad5ceSdjm _ban="+${_port}" 129e27ad5ceSdjm else 130e27ad5ceSdjm _ban="${_ban},+${_port}" 131e27ad5ceSdjm fi 132e27ad5ceSdjm # Flush before argv gets too long 133e27ad5ceSdjm if [ $((++_i)) -gt 128 ]; then 134e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 135e27ad5ceSdjm _ban="" 136e27ad5ceSdjm _i=0 137e27ad5ceSdjm fi 138e27ad5ceSdjm done; 139e27ad5ceSdjm if [ "x${_ban}" != "x" ]; then 140e27ad5ceSdjm sysctl ${_sysctl}=${_ban} >/dev/null 141e27ad5ceSdjm fi 142e27ad5ceSdjm } 143e27ad5ceSdjm} 144e27ad5ceSdjm 145833ea469Srobertstart_daemon() 146833ea469Srobert{ 147598b0ae3Srobert local _n 148833ea469Srobert for _n; do 149833ea469Srobert eval _do=\${${_n}_flags} 150833ea469Srobert if [ X"${_do}" != X"NO" ]; then 151833ea469Srobert /etc/rc.d/${_n} start 152833ea469Srobert fi 153833ea469Srobert done 154833ea469Srobert} 155833ea469Srobert 1565420764bSmillert# End subroutines 1575420764bSmillert 158df930be7Sderaadtstty status '^T' 159df930be7Sderaadt 160df930be7Sderaadt# Set shell to ignore SIGINT (2), but not children; 161df930be7Sderaadt# shell catches SIGQUIT (3) and returns to single user after fsck. 162df930be7Sderaadttrap : 2 163df930be7Sderaadttrap : 3 # shouldn't be needed 164df930be7Sderaadt 165df930be7SderaadtHOME=/; export HOME 166102e9b47SrobertINRC=1; export INRC 167df930be7SderaadtPATH=/sbin:/bin:/usr/sbin:/usr/bin 168df930be7Sderaadtexport PATH 169df930be7Sderaadt 170d9f03edaSrobert# pick up option configuration 171d9f03edaSrobert. /etc/rc.conf 172d9f03edaSrobert 1739969bcb5Smillertif [ X"$1" = X"shutdown" ]; then 17495800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1 17575a54d2eSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 176bbe1205bSajacoutot local _c=$? 177bbe1205bSajacoutot if [ ${_c} -eq 0 -a -n "${rc_scripts}" ]; then 178bbe1205bSajacoutot echo -n 'stopping package daemons:' 179bbe1205bSajacoutot while [ -n "${rc_scripts}" ]; do 180bbe1205bSajacoutot _r=${rc_scripts##* } 181bbe1205bSajacoutot rc_scripts=${rc_scripts%%*( )${_r}} 182bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop 183bbe1205bSajacoutot done 184bbe1205bSajacoutot echo '.' 185bbe1205bSajacoutot fi 186bbe1205bSajacoutot if [ ${_c} -eq 0 -a -f /etc/rc.shutdown ]; then 18775a54d2eSderaadt echo /etc/rc.shutdown in progress... 18875a54d2eSderaadt . /etc/rc.shutdown 18975a54d2eSderaadt echo /etc/rc.shutdown complete. 1909e07bef9Smcbride 1919e07bef9Smcbride # bring carp interfaces down gracefully 1924375b688Ssthen ifconfig | while read a b; do 1934375b688Ssthen case $a in 1944375b688Ssthen carp+([0-9]):) ifconfig ${a%:} down ;; 195b7f7a928Ssthen esac 1969e07bef9Smcbride done 1972ee46d13Smcbride 1989969bcb5Smillert if [ X"${powerdown}" = X"YES" ]; then 1992ee46d13Smcbride exit 2 2002ee46d13Smcbride fi 2012ee46d13Smcbride 20275a54d2eSderaadt else 20375a54d2eSderaadt echo single user: not running /etc/rc.shutdown 20475a54d2eSderaadt fi 20575a54d2eSderaadt exit 0 20675a54d2eSderaadtfi 20775a54d2eSderaadt 208df930be7Sderaadt# Configure ccd devices. 2098b7444a6Sderaadtif [ -f /etc/ccd.conf ]; then 210df930be7Sderaadt ccdconfig -C 211df930be7Sderaadtfi 212df930be7Sderaadt 213c5858a2aSjakob# Configure raid devices. 214c5858a2aSjakobfor dev in 0 1 2 3; do 215c5858a2aSjakob if [ -f /etc/raid$dev.conf ]; then 216c5858a2aSjakob raidctl -c /etc/raid$dev.conf raid$dev 217c5858a2aSjakob fi 218c5858a2aSjakobdone 219c5858a2aSjakob 2205a87f599Stdeval# Check parity on raid devices. 2214d6c2f1bSderaadtraidctl -P all 2225a87f599Stdeval 223638be0f1Smiodswapctl -A -t blk 224920abb1bSderaadt 2258b7444a6Sderaadtif [ -e /fastboot ]; then 226df930be7Sderaadt echo "Fast boot: skipping disk checks." 2279969bcb5Smillertelif [ X"$1" = X"autoboot" ]; then 228df930be7Sderaadt echo "Automatic boot in progress: starting file system checks." 229b39bbe87Smillert fsck -p 230df930be7Sderaadt case $? in 231df930be7Sderaadt 0) 232df930be7Sderaadt ;; 233df930be7Sderaadt 2) 234df930be7Sderaadt exit 1 235df930be7Sderaadt ;; 236df930be7Sderaadt 4) 237df930be7Sderaadt echo "Rebooting..." 238df930be7Sderaadt reboot 239df930be7Sderaadt echo "Reboot failed; help!" 240df930be7Sderaadt exit 1 241df930be7Sderaadt ;; 242df930be7Sderaadt 8) 243df930be7Sderaadt echo "Automatic file system check failed; help!" 244df930be7Sderaadt exit 1 245df930be7Sderaadt ;; 246df930be7Sderaadt 12) 247df930be7Sderaadt echo "Boot interrupted." 248df930be7Sderaadt exit 1 249df930be7Sderaadt ;; 250df930be7Sderaadt 130) 251df930be7Sderaadt # interrupt before catcher installed 252df930be7Sderaadt exit 1 253df930be7Sderaadt ;; 254df930be7Sderaadt *) 255df930be7Sderaadt echo "Unknown error; help!" 256df930be7Sderaadt exit 1 257df930be7Sderaadt ;; 258df930be7Sderaadt esac 259df930be7Sderaadtfi 260df930be7Sderaadt 261df930be7Sderaadttrap "echo 'Boot interrupted.'; exit 1" 3 262df930be7Sderaadt 263df930be7Sderaadtumount -a >/dev/null 2>&1 2646e571508Sgrunkmount -a -t nonfs,vnd 2654515901dSniklasmount -uw / # root on nfs requires this, others aren't hurt 266df930be7Sderaadtrm -f /fastboot # XXX (root now writeable) 267df930be7Sderaadt 2688f0921ecSdjmrandom_seed 2698f0921ecSdjm 270df930be7Sderaadt# set flags on ttys. (do early, in case they use tty for SLIP in netstart) 271df930be7Sderaadtecho 'setting tty flags' 272df930be7Sderaadtttyflags -a 273df930be7Sderaadt 27448390b59Smcbrideif [ -f /sbin/kbd -a -f /etc/kbdtype ]; then 27548390b59Smcbride kbd `cat /etc/kbdtype` 27648390b59Smcbridefi 27748390b59Smcbride 278cc294143Sderaadtwsconsctl_conf 279cc294143Sderaadt 2809969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 2817b24ca9eSmcbride RULES="block all" 2824dd40d42Shenning RULES="$RULES\npass on lo0" 2837637f7daSdhartmei RULES="$RULES\npass in proto tcp from any to any port 22 keep state" 284ae072502Scamield RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" 2853dadfb84Scamield RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" 286e24e98b3Sgrange if ifconfig lo0 inet6 >/dev/null 2>&1; then 287ff3da558Sitojun RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" 288ff3da558Sitojun RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" 28963c4fe5eSderaadt RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" 29063c4fe5eSderaadt RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" 291e24e98b3Sgrange fi 292c9c12644Smcbride RULES="$RULES\npass proto carp keep state (no-sync)" 2933dda96c1Sderaadt case `sysctl vfs.mounts.nfs 2>/dev/null` in 29418db1430Sderaadt *[1-9]*) 29518db1430Sderaadt # don't kill NFS 296649b49daShenning RULES="set reassemble yes no-df\n$RULES" 297befcbaa2Sderaadt RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" 298befcbaa2Sderaadt RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" 29918db1430Sderaadt ;; 30018db1430Sderaadt esac 3014616f5d9Sdhartmei echo $RULES | pfctl -f - 3024616f5d9Sdhartmei pfctl -e 3031097c023Skjellfi 3041097c023Skjell 305e27ad5ceSdjm# Fill net.inet.(tcp|udp).baddynamic lists from /etc/services 306e27ad5ceSdjmfill_baddynamic udp 307e27ad5ceSdjmfill_baddynamic tcp 308e27ad5ceSdjm 3090e47d797Smillertsysctl_conf 310f753b29fSderaadt 311df930be7Sderaadt# set hostname, turn on network 312df930be7Sderaadtecho 'starting network' 313a1f52e7fShenningifconfig -g carp carpdemote 128 314053628caSderaadtif [ -f /etc/resolv.conf.save ]; then 3157d2d953cSderaadt mv -f /etc/resolv.conf.save /etc/resolv.conf 316053628caSderaadt touch /etc/resolv.conf 317053628caSderaadtfi 318df930be7Sderaadt. /etc/netstart 319c5f87768Sderaadtecho rekey > /dev/arandom # any write triggers an RC4 rekey 320df930be7Sderaadt 3219969bcb5Smillertif [ X"${pf}" != X"NO" ]; then 3221097c023Skjell if [ -f ${pf_rules} ]; then 323616367a9Sdhartmei pfctl -f ${pf_rules} 3241097c023Skjell fi 325f5262b16Smpf # bring up pfsync after the working ruleset has been loaded 326f5262b16Smpf . /etc/netstart pfsync0 327f5262b16Smpffi 3281097c023Skjell 329cc3d9aa9Sottomount -s /usr >/dev/null 2>&1 330cc3d9aa9Sottomount -s /var >/dev/null 2>&1 331df930be7Sderaadt 332939aa86aSderaadt# if there's no /var/db/host.random, use /dev/arandom to create one 333f26db62bSderaadtif [ ! -f /var/db/host.random ]; then 33495800214Sderaadt dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ 335f26db62bSderaadt >/dev/null 2>&1 336f26db62bSderaadt chmod 600 /var/db/host.random >/dev/null 2>&1 337f26db62bSderaadtelse 3388f0921ecSdjm # Try to read seed if it was not initially present (e.g. /var on NFS) 3398f0921ecSdjm random_seed 340f8a8db05Sderaadtfi 34174af54b4Sderaadt 342f0550eb3Sderaadt# clean up left-over files 343f0550eb3Sderaadtrm -f /etc/nologin 344f0550eb3Sderaadtrm -f /var/spool/lock/LCK.* 345f0550eb3Sderaadtrm -f /var/spool/uucp/STST/* 3462402d49fShenning(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 34723d49488Sbeck(cd /var/authpf && rm -rf -- *) 34823d49488Sbeck 3496c0a0b4aSalex# save a copy of the boot messages 3506c0a0b4aSalexdmesg >/var/run/dmesg.boot 3516c0a0b4aSalex 352833ea469Srobertecho -n 'starting system logger: ' 353833ea469Srobertstart_daemon syslogd 354833ea469Srobertecho '.' 3553ca632e7Sderaadt 3563d5b0696Ssthenif [ X"${pf}" != X"NO" ]; then 35762b797a9Shenning ifconfig pflog0 create >/dev/null 2>&1 3589a5df41aSmillert if ifconfig pflog0 >/dev/null 2>&1; then 35918db1430Sderaadt ifconfig pflog0 up 3603d5b0696Ssthen if [ X"${pflogd_flags}" != X"NO" ]; then 36118db1430Sderaadt pflogd ${pflogd_flags} 36218db1430Sderaadt fi 3639a5df41aSmillert fi 3643d5b0696Ssthenfi 36518db1430Sderaadt 3669969bcb5Smillertif [ X"${named_flags}" != X"NO" ]; then 3670abe9ed7Sdanh if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then 3683a98a453Sjakob echo -n "rndc-confgen: generating new shared secret... " 369cffa29c0Sderaadt if rndc-confgen -a -t /var/named >/dev/null 2>&1; then 3700abe9ed7Sdanh chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1 3713a98a453Sjakob echo done. 3723a98a453Sjakob else 3733a98a453Sjakob echo failed. 3743a98a453Sjakob fi 3753a98a453Sjakob fi 376759e03b2Sderaadtfi 377759e03b2Sderaadt 378833ea469Srobertecho -n 'starting name service daemons:' 379833ea469Srobertstart_daemon named nsd 380833ea469Srobertecho '.' 381481f977cSjakob 38259fef5bcSderaadtif [ ! -f /etc/isakmpd/private/local.key ]; then 38354a18615Sreyk echo -n "openssl: generating new isakmpd/iked RSA key... " 384cffa29c0Sderaadt if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ 38559fef5bcSderaadt > /dev/null 2>&1; then 38659fef5bcSderaadt chmod 600 /etc/isakmpd/private/local.key 38759fef5bcSderaadt openssl rsa -out /etc/isakmpd/local.pub \ 38859fef5bcSderaadt -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 38959fef5bcSderaadt echo done. 39059fef5bcSderaadt else 39159fef5bcSderaadt echo failed. 39259fef5bcSderaadt fi 39359fef5bcSderaadtfi 39459fef5bcSderaadt 39554a18615Sreykif [ ! -f /etc/iked/private/local.key ]; then 39654a18615Sreyk # Just copy the generated isakmpd key 39754a18615Sreyk cp /etc/isakmpd/private/local.key /etc/iked/private/local.key 39854a18615Sreyk chmod 600 /etc/iked/private/local.key 39954a18615Sreyk cp /etc/isakmpd/local.pub /etc/iked/local.pub 40054a18615Sreykfi 40154a18615Sreyk 402833ea469Srobertecho -n 'starting IPsec daemons:' 403833ea469Srobertstart_daemon isakmpd iked sasyncd 404833ea469Srobertecho '.' 405096ed560Sderaadt 40679ec6e47Shshoexerif [ X"${ipsec}" != X"NO" ]; then 40779ec6e47Shshoexer if [ -f ${ipsec_rules} ]; then 40879ec6e47Shshoexer ipsecctl -f ${ipsec_rules} 40979ec6e47Shshoexer fi 41079ec6e47Shshoexerfi 41179ec6e47Shshoexer 4122f413fd2Stomecho -n 'starting initial daemons:' 4138e74b1f0Smillert 414ca760277Srobertstart_daemon portmap 415df930be7Sderaadt 416ca760277Srobert[ X"`domainname`" != X"" ] && \ 417ca760277Srobert start_daemon ypserv ypldap ypbind yppasswdd 418df930be7Sderaadt 4199969bcb5Smillertif [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ 420d54d80fbSderaadt `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then 421df930be7Sderaadt rm -f /var/db/mountdtab 422df930be7Sderaadt echo -n > /var/db/mountdtab 423fbb065beSavsm echo -n ' mountd'; mountd 424e6d41a0aSniklas echo -n ' nfsd'; nfsd ${nfsd_flags} 4259969bcb5Smillert if [ X"${lockd}" = X"YES" ]; then 426e6d41a0aSniklas echo -n ' rpc.lockd'; rpc.lockd 427d45eaf81Ssturm echo -n ' rpc.statd'; rpc.statd 428e6d41a0aSniklas fi 429df930be7Sderaadtfi 430df930be7Sderaadt 4319969bcb5Smillertif [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then 432df930be7Sderaadt echo -n ' amd' 433495c03deSderaadt (cd /etc/amd; amd `cat ${amd_master}`) 434df930be7Sderaadtfi 435df930be7Sderaadt 436dd715b7bSderaadt# run rdate before ntpd 437cb033641Shenningif [ X"${rdate_flags}" != X"NO" ]; then 438cb033641Shenning echo -n ' rdate'; rdate -s ${rdate_flags} 439cb033641Shenningfi 440cb033641Shenning 441dd715b7bSderaadtstart_daemon ldattach ntpd 442cb033641Shenning 443df930be7Sderaadtecho '.' 444df930be7Sderaadt 445cc3d9aa9Sottomount -a 4463ca632e7Sderaadt 447638be0f1Smiodswapctl -A -t noblk 448638be0f1Smiod 449df930be7Sderaadt# /var/crash should be a directory or a symbolic link 450df930be7Sderaadt# to the crash directory if core dumps are to be saved. 451df930be7Sderaadtif [ -d /var/crash ]; then 4529d112a13Stholo savecore ${savecore_flags} /var/crash 453df930be7Sderaadtfi 454df930be7Sderaadt 455f64d9cd6Sjjif [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then 4568b757a89Sart echo -n 'mounting afs:' 457dd435269Sbeck mkdir -p -m 0755 /afs 458f64d9cd6Sjj mount -t nnpfs /dev/nnpfs0 /afs 459dd435269Sbeck /usr/libexec/afsd ${afsd_flags} 4608b757a89Sart echo ' done.' 4618b757a89Sartfi 4628b757a89Sart 4639969bcb5Smillertif [ X"${check_quotas}" = X"YES" ]; then 464df930be7Sderaadt echo -n 'checking quotas:' 465df930be7Sderaadt quotacheck -a 466df930be7Sderaadt echo ' done.' 467df930be7Sderaadt quotaon -a 46836a647e7Sdownsjfi 469df930be7Sderaadt 470d4d409c5Sderaadt# build kvm(3) databases 471004fa836Smillertkvm_mkdb 472df930be7Sderaadtdev_mkdb 473df930be7Sderaadt 474e860cdbaSderaadtchmod 666 /dev/tty[pqrstuvwxyzPQRST]* 475a293d798Smillertchown root:wheel /dev/tty[pqrstuvwxyzPQRST]* 476df930be7Sderaadt 477df930be7Sderaadt# check the password temp/lock file 4788b7444a6Sderaadtif [ -f /etc/ptmp ]; then 479df930be7Sderaadt logger -s -p auth.err \ 480df930be7Sderaadt 'password file may be incorrect -- /etc/ptmp exists' 481df930be7Sderaadtfi 482df930be7Sderaadt 483e65724e6Smillertecho clearing /tmp 484e65724e6Smillert 485e65724e6Smillert# prune quickly with one rm, then use find to clean up /tmp/[lq]* 486e65724e6Smillert# (not needed with mfs /tmp, but doesn't hurt there...) 48768b9454cSsthen(cd /tmp && rm -rf [a-km-pr-zA-Z]*) 48868b9454cSsthen(cd /tmp && 489e65724e6Smillert find . ! -name . ! -name lost+found ! -name quota.user \ 4908b0a8653Smillert ! -name quota.group -execdir rm -rf -- {} \; -type d -prune) 491e65724e6Smillert 492f8310bdcShugh# create Unix sockets directories for X if needed and make sure they have 493f8310bdcShugh# correct permissions 494f8310bdcShughif [ -d /usr/X11R6/lib ]; then 495f8310bdcShugh for d in /tmp/.X11-unix /tmp/.ICE-unix ; do 496f8310bdcShugh if [ -d $d ]; then 497f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f4` != root ]; then 498f8310bdcShugh chown root $d 499f8310bdcShugh fi 500f8310bdcShugh if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then 501f8310bdcShugh chmod 1777 $d 502f8310bdcShugh fi 503f8310bdcShugh elif [ -e $d ]; then 504f8310bdcShugh echo "Error: $d exists and isn't a directory." 505f8310bdcShugh else 506f8310bdcShugh mkdir -m 1777 $d 507f8310bdcShugh fi 508f8310bdcShugh done 509f8310bdcShughfi 510f8310bdcShugh 5112f33850bSderaadt[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel 5129969bcb5Smillertif [ X"${securelevel}" != X"" ]; then 513e31a5b5aSmillert echo -n 'setting kernel security level: ' 5146a337e36Sjmc sysctl kern.securelevel=${securelevel} 51541406ee4Sderaadtfi 51641406ee4Sderaadt 517dc279d04Sderaadt# patch /etc/motd 518dc279d04Sderaadtif [ ! -f /etc/motd ]; then 519dc279d04Sderaadt install -c -o root -g wheel -m 664 /dev/null /etc/motd 520dc279d04Sderaadtfi 521d243dabcSmillertT=`mktemp /tmp/_motd.XXXXXXXXXX` 522499eb670Smillertif [ $? -eq 0 ]; then 523dc279d04Sderaadt sysctl -n kern.version | sed 1q > $T 524dc279d04Sderaadt echo "" >> $T 525dc279d04Sderaadt sed '1,/^$/d' < /etc/motd >> $T 526dc279d04Sderaadt cmp -s $T /etc/motd || cp $T /etc/motd 527dc279d04Sderaadt rm -f $T 5285b45527eSmillertfi 529dc279d04Sderaadt 530f0d9a157Sajacoutotif [ X"${accounting}" = X"YES" ]; then 531f0d9a157Sajacoutot if [ ! -f /var/account/acct ]; then 532f0d9a157Sajacoutot touch /var/account/acct 533f0d9a157Sajacoutot fi 534df930be7Sderaadt echo 'turning on accounting'; accton /var/account/acct 535df930be7Sderaadtfi 536df930be7Sderaadt 537*e6e4e4c9Sderaadtif [ -f /sbin/ldconfig ]; then 5387e42516dSderaadt echo 'creating runtime link editor directory cache.' 5397e42516dSderaadt if [ -d /usr/local/lib ]; then 5405881fc76Stodd shlib_dirs="/usr/local/lib $shlib_dirs" 5417e42516dSderaadt fi 5427e42516dSderaadt if [ -d /usr/X11R6/lib ]; then 5435881fc76Stodd shlib_dirs="/usr/X11R6/lib $shlib_dirs" 5447e42516dSderaadt fi 5457e42516dSderaadt ldconfig $shlib_dirs 5467e42516dSderaadtfi 5477e42516dSderaadt 548f57929bcSmillertif [ -x /usr/libexec/vi.recover ]; then 549747e271cSjasper echo 'preserving editor files.'; /usr/libexec/vi.recover 550f57929bcSmillertfi 551f57929bcSmillert 552cffa29c0Sderaadtssh-keygen -A 5536d6e0cf6Sderaadt 554833ea469Srobertecho -n 'starting network daemons:' 555df930be7Sderaadt 556833ea469Srobertstart_daemon sshd snmpd ldpd ripd bgpd ifstated relayd dhcpd \ 557833ea469Srobert dhcrelay mrouted dvmrpd 55895d52386Snorby 55933a0f254Sitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 56033a0f254Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 5619969bcb5Smillert if [ X"${fw}" = X"0" ]; then 562833ea469Srobert start_daemon rtsold 56333a0f254Sitojun else 564833ea469Srobert start_daemon route6d 565833ea469Srobert start_daemon rtadvd 56633a0f254Sitojun fi 56733a0f254Sitojunfi 56833a0f254Sitojun 569833ea469Srobertstart_daemon hostapd rwhod lpd ldapd sendmail smtpd httpd ftpd \ 5700e978d1aSrobert ftpproxy identd inetd rarpd bootparamd rbootd mopd btd 571797ee821Sreyk 5720e978d1aSrobert[ X"${bt}" != X"NO" -a -f ${bt_rules} ] && \ 573580c64f7Suwe btctl -f ${bt_rules} 574580c64f7Suwe 5759969bcb5Smillertif [ X"${spamd_flags}" != X"NO" ]; then 576bf3c08c2Sbeck if [ X"${spamd_black}" != X"NO" ]; then 57732cdaddfSbeck spamd_flags="${spamd_flags} -b" 578116d9528Sderaadt fi 5796856ca63Sotto echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags} 5800fad963aSderaadt /usr/libexec/spamd-setup -D 5818e25c0d1Sbeck if [ X"${spamd_black}" = X"NO" ]; then 582116d9528Sderaadt echo -n ' spamlogd' 5831b86c533Shenning /usr/libexec/spamlogd ${spamlogd_flags} 584116d9528Sderaadt fi 585116d9528Sderaadtfi 586116d9528Sderaadt 587df930be7Sderaadtecho '.' 588df930be7Sderaadt 589ca760277Srobertif [ X"${kdc_flags}" != X"NO" ]; then 590ca760277Srobert echo -n 'starting KerberosV daemons:' 591ca760277Srobert start_daemon kdc kadmind kpasswdd 592ca760277Srobert echo '.' 593fde3f312Shinfi 594fde3f312Shin 595fcbaa02fSderaadt# If rc.firstime exists, run it just once, and make sure it is deleted 596fcbaa02fSderaadtif [ -f /etc/rc.firsttime ]; then 597fcbaa02fSderaadt mv /etc/rc.firsttime /etc/rc.firsttime.run 598636d74c5Sajacoutot . /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null 599fcbaa02fSderaadtfi 600fcbaa02fSderaadtrm -f /etc/rc.firsttime.run 601fcbaa02fSderaadt 602bbe1205bSajacoutot# Run rc.d(8) scripts from packages 603bbe1205bSajacoutotif [ -n "${rc_scripts}" ]; then 604bbe1205bSajacoutot echo -n 'starting package daemons:' 605bbe1205bSajacoutot for _r in $rc_scripts; do 606bbe1205bSajacoutot [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} start 607bbe1205bSajacoutot done 608bbe1205bSajacoutot echo '.' 609bbe1205bSajacoutotfi 610bbe1205bSajacoutot 6112f33850bSderaadt[ -f /etc/rc.local ] && . /etc/rc.local 6128b7444a6Sderaadt 613833ea469Srobertecho -n 'starting standard daemons:' 614f026f8beSmarc 615833ea469Srobertstart_daemon apmd sensorsd hotplugd watchdogd cron 616f026f8beSmarc 617ce6634dfSmcbride# disable carp interlock 618a1f52e7fShenningifconfig -g carp -carpdemote 128 619ce6634dfSmcbride 62074491808Smillertecho '.' 62174491808Smillert 622df930be7Sderaadtdate 6238569782fSderaadt 624b51cb908Sderaadtmixerctl_conf 625b51cb908Sderaadtecho -n 'starting console services:' 626b51cb908Sderaadt 627b51cb908Sderaadtif [ X"${aucat_flags}" != X"NO" ]; then 628b51cb908Sderaadt echo -n ' aucat'; aucat -l ${aucat_flags} 629b51cb908Sderaadtfi 630b51cb908Sderaadt 63161d5fb31Srobertstart_daemon wsmoused xdm 632b51cb908Sderaadtecho '.' 6338569782fSderaadt 634df930be7Sderaadtexit 0 635