xref: /src/etc/defaults/rc.conf

#	$NetBSD: rc.conf,v 1.63.2.3 2006/03/28 22:47:29 riz Exp $
#
# /etc/defaults/rc.conf --
#	default configuration of /etc/rc.conf
#
# see rc.conf(5) for more information.
#
# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
# EDIT /etc/rc.conf INSTEAD.
#
# DEVELOPERS:  Please edit share/sushi/system/rcconf/form when modifying this
# file to keep it in sync.

#
# Use program=YES to enable program, NO to disable it. program_flags are
# passed to the program on the command line.
#

# Uncomment this if you want to use local paths in rc.
#
#export PATH=$PATH:/usr/pkg/sbin:/usr/pkg/bin:/usr/local/sbin:/usr/local/bin

# Uncomment the following to execute each /etc/rc.d script in
# the current shell rather than in a subshell.  This may be
# faster on very slow machines that have an expensive fork(2).
#	NOTE:	USE THIS AT YOUR OWN RISK; A ROGUE COMMAND
#		MAY INADVERTENTLY PREVENT BOOT TO MULTIUSER.
#
#rc_fast_and_loose=YES

# Additional flags to the rcorder(8) that's run by /etc/rc.
#
rc_rcorder_flags=""

# If this is set to NO, shutdown(8) will not run /etc/rc.shutdown.
#
do_rcshutdown=YES

# Additional flags to the rcorder(8) that's run by /etc/rc.shutdown.
#
rcshutdown_rcorder_flags=""

# If this is non-blank, use as the number of seconds to run a watchdog
# timer which will terminate /etc/rc.shutdown if the timeout expires.
#
rcshutdown_timeout=""


# Basic network configuration
#

# Fully Qualified Internet Domain Name (a.k.a. hostname, e.g. foo.baz.edu).
# If blank, use /etc/myname.
#
hostname=""

# If there's only one way out of your IPv4 network, set this to the hostname
# or the IPv4 address of the router that will get your packets off the LAN.
# If blank, use /etc/mygate.
#
defaultroute=""

# Same thing for IPv6.  If blank, use /etc/mygate6.
#
defaultroute6=""

# The NIS domain name (formerly known as Yellow Pages); not in any way
# related to Internet domain names.
# If blank, use /etc/defaultdomain.
#
domainname=""

# Filesystems to mount early in boot-up.
# Note that `/var' is needed in $critical_filesystems_local (or
# implied as part of `/') as certain services that need /var (such as
# dhclient) may be needed to get the network operational enough to mount
# the $critical_filesystems_remote.
#
critical_filesystems_local="/var"
critical_filesystems_remote="/usr"

# Swap device controls.
#
no_swap=NO		# Set to YES if you have purposefully setup no swap
			# partitions and don't want to be warned about it.
swapoff=NO		# Remove block-type swap partitions upon shutdown

# Concatenated disk driver.
#
ccd=YES

# RAIDframe driver (manually configured devices).
#
raidframe=YES

# Crypto file system.
#
cgd=YES

# One-time actions and programs on boot-up.
#
lkm=NO			# Run /etc/rc.lkm.  /usr needs to be part of /, or
			# part of critical_filesystems_local.

savecore=YES		savecore_flags="-z"
			savecore_dir="/var/crash"
clear_tmp=YES					# clear /tmp after reboot
update_motd=YES					# updates /etc/motd
dmesg=YES		dmesg_flags=""		# write /var/run/dmesg.boot
accounting=NO					# uses /var/account/acct
newsyslog=NO		newsyslog_flags=""	# trim log files
quota=YES					# check and enable quotas
ldconfig=YES					# rebuild a.out ldconfig cache

# cope with other OSes using the real time clock at localtime on this
# machine (by adjusting kern.rtc_offset at boot)
rtclocaltime=NO

# NOTE: default coredump name now set in /etc/sysctl.conf

# Automatically check for and repair the botched superblock problem
fixsb=YES

#
# File system check flags; default to preen mode, checking filesystems
# that are listed in /etc/fstab in parallel as the fsck pass number
# permits. Fix minor faults automatically, and exit with non 0 only
# when major errors occur.
#
fsck_flags=-p

# Security setting.  If $securelevel is non-empty, the system securelevel
# is set to this value early in the boot sequence.  Otherwise the default
# action is taken (see init(8)).
#
securelevel=""					# securelevel to set to

# To set the IP address of an interface either use
#  ifconfig_xxN="IP-NO"
# where xxN is the interface.  If this variable is not set then
# contents of the file /etc/ifconfig.xxN is used.

# Networking startup.
#
ipfilter=NO					# uses /etc/ipf.conf
ipnat=NO					# uses /etc/ipnat.conf
ipfs=NO			ipfs_flags=""		# save/load ipnat and ipf states
ipsec=NO					# uses /etc/ipsec.conf
ipmon=NO		ipmon_flags="-Dns"	# syslog ipfilter messages
pf=NO			pf_rules="/etc/pf.conf"
pflogd=NO
racoon=NO					# IKE daemon
auto_ifconfig=YES				# config all avail. interfaces
net_interfaces=""				# used only if above is NO
flushroutes=YES					# flush routes in netstart
dhclient=NO					# behave as a DHCP client
			dhclient_flags=""	# blank: config all interfaces
ntpdate=NO  		ntpdate_flags="-b -s"	# May need '-u' thru firewall
ppp_peers=""					# /etc/ppp/peers to call
ip6mode=host					# host, autohost or router
ip6sitelocal=NO					# IPv6 sitelocal addrs
rtsol=NO		rtsol_flags="-a"	# for ip6mode=autohost only

# Special treatment for interfaces that need to be downed on
# shutdown (because they might cause unnecessary costs or block resources
# on the peer). All pppoe* interfaces are automatically included in this
# list, add others here manually.
#force_down_interfaces=""

ifwatchd=NO	# execute up/down scripts for in-kernel PPPoE interfaces
	ifwatchd_flags="-u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0"

# ALTQ configuration/monitoring daemon
altqd=NO		altqd_flags=""

# Daemons required by servers.  These are not needed for strictly client use.
#

# inetd is used to start the IP-based services enabled in /etc/inetd.conf
#
inetd=YES		inetd_flags="-l"	# -l logs libwrap

# identd
#
identd=NO		identd_flags="-b -l -u nobody"

# rpcbind (formerly known as 'portmap') is used to look up RPC-based services.
#
rpcbind=NO		rpcbind_flags="-l"	# -l logs libwrap

# Commonly used daemons.
#
syslogd=YES		syslogd_flags="-s"	# -s "secure" unix domain only
cron=YES
named=NO		named_flags=""		# see below for named_chrootdir
timed=NO		timed_flags=""
ntpd=NO			ntpd_flags=""		# see below for ntpd_chrootdir
postfix=NO
lpd=NO			lpd_flags="-s"		# -s "secure" unix domain only
sshd=NO			sshd_flags=""
ssh_keygen_flags="-b 1024"	# generate 1024 bit keys if host keys missing

# sendmail can now be run either as a suid root binary or as a sgid
# smmsp binary.  In the former case, you must not have the file
# /etc/mail/submit.cf, otherwise sendmail will behave as if it was
# sgid.  This can result in mail not being delivered.  You must also
# manually set the owner and mode on the sendmail binary.
#
# The smmsp process is a sendmail helper that periodically flushes the
# "client" queue in the sgid case.  If you are using sendmail as a
# suid root program, then smmsp is not needed.
#
# The default setting for sendmail here is NO, but gets re-examined by
# the rc.d/sendmail startup script when it runs.  The script sets
# _rc_d_sendmail to "check", and then causes all rc.conf settings to
# be re-evaluated.  If the value of $sendmail after this is "check",
# the script then checks to see if any changes have been made to the
# default mailer configuration.  If no changes are detected, the value
# of $sendmail is set to YES to cause the sendmail daemon to be
# started.  This is so that local processes can send mail without it
# getting left in the submission queue.  Changes are defined as any of
# the following:
#
#	* path to sendmail in mailer.conf is different
#	* sendmail not found at the default path
#	* sendmail_suidroot is yes
#	* if the binary is not sgid to smmsp
#
# If $sendmail is set to YES or NO in /etc/rc.conf, these checks are
# skipped.
#
sendmail=${_rc_d_sendmail:-NO}
			sendmail_flags="-Lsm-mta -bd -q30m"
sendmail_suidroot=NO
smmsp=NO		smmsp_flags="-Lsm-msp-queue -Ac -q30m"


# To run the named(8) DNS server as an unprivileged user under a
# chroot(2) cage, uncomment the following after migrating the contents
# of /etc/namedb to /var/chroot/named/etc/namedb
#
#named_chrootdir="/var/chroot/named"

# To run the ntpd(8) NTP server as an unprivileged user under a
# chroot(2) cage, uncomment the following, after ensuring that:
#	- The kernel has "pseudo-device clockctl" compiled in
#	- /dev/clockctl is present
#
#ntpd_chrootdir="/var/chroot/ntpd"

# Routing daemons.
#
routed=NO		routed_flags="-q"
gated=NO
mrouted=NO		mrouted_flags=""
route6d=NO		route6d_flags=""
rtsold=NO		rtsold_flags=""		# for ip6mode=autohost only

# Daemons used to boot other hosts over a network.
#
rarpd=NO		rarpd_flags="-a"
bootparamd=NO		bootparamd_flags=""
dhcpd=NO		dhcpd_flags="-q"
dhcrelay=NO		dhcrelay_flags=""
rbootd=NO		rbootd_flags=""
mopd=NO			mopd_flags="-a"
ndbootd=NO		ndbootd_flags="-s /tftpboot /tftpboot/bootyy"
rtadvd=NO		rtadvd_flags=""

# X11 daemons.
#
xfs=NO			xfs_flags=""		# X11 font server
xdm=NO			xdm_flags=""		# X11 display manager; needs
						# wscons=YES for local displays.

# YP (NIS) daemons.
#
ypbind=NO		ypbind_flags=""
ypserv=NO		ypserv_flags="-d"
yppasswdd=NO		yppasswdd_flags=""

# NFS daemons and parameters.
#
mountd=NO		mountd_flags=""		# NFS mount requests daemon
nfs_client=NO					# enable client daemons
nfs_server=NO					# enable server daemons
			nfsd_flags="-6tun 4"
lockd=NO		lockd_flags=""
statd=NO		statd_flags=""
amd=NO			amd_flags="-l syslog -x error,noinfo,nostats"
			amd_dir=/amd			# mount dir

# Heimdal Kerberos 5 KDC (with Kerberos IV compatibility)
kdc=NO			kdc_flags=""

# ISDN daemon
isdnd=NO		isdnd_flags=""

# Other daemons.
#
rwhod=NO

# Hardware daemons.
#
apmd=NO			apmd_flags=""		# APM power management daemon.
poffd=NO					# x68k power switch monitor
			poffd_flags="'shutdown -p now'"
powerd=NO		powerd_flags=""		# power management daemon
screenblank=NO		screenblank_flags=""	# wscons and FBIO screenblanker

moused=NO					# serial mouse handler
			moused_flags="-p /dev/tty00"

wdogctl=NO					# watchdog timer control
#			wdogctl_flags="-k devicename"

# Configuration of "wscons" console driver virtual screens.
#
wscons=NO		wscons_flags=""		# setup wscons from wscons.conf

# Configuration of "wsmoused" console driver cut-n-paste support
#
wsmoused=NO		wsmoused_flags=""

# Configuration of "tpctl" touch panel calibration utility
#
tpctl=NO		tpctl_flags=""

# Mixer setting
#
mixerctl=NO		mixerctl_mixers=""	# "mixer0 mixer1" means saving
						# and restoring their settings

# Vi recovery notification.  Vi(1)'s -r option can recover files which were
# accidentally closed.  See vi(1) for more details.
# 
virecover=YES

# Verified exec signature loading.
#
veriexec=NO
veriexec_strict=0
veriexec_verbose=0