2Apr il 2003, 17:00:47 The Complete FreeBSD (configfiles.mm), page 545 30 FreeBSD configuration files In this chapter: • /etc/rc.conf • Files you need to change • Files you might need to change • Files you should not change • Obsolete configuration files In this chapter: • /etc/rc.conf • Files you need to change • Files you might need to change • Files you should not change • Obsolete configuration files One of the outstanding things about UNIX is that all system configuration information is stored in text files, usually in the directory /etc or its subdirectories. Some people consider this method primitive bycomparison with a flashyGUI configuration editor or a ‘‘registry,’’but it has significant advantages. In particular,you see the exact system configuration. With a GUI editor,the real configuration is usually stored in a format that you can’tread, and evenwhen you can, it’sundocumented. Also, you can see more of the configuration at a time: a GUI editor usually presents you with only small parts of the configuration, and it’sdifficult to see the relationships (‘‘standing outside and looking in through a window’’). In the Microsoft world, one of the most common methods of problem resolution is to reinstall the system. This is a declaration of bankruptcy: it’svery slow, you’re liable to cause other problems on the way,and you neverfind out what the problem was. If you have problems with your FreeBSD system configuration, don’treinstall the system.Take alook at the configuration files, and there’sagood chance that you’ll find the problem there. Manyconfiguration files are the same across all versions of UNIX. This chapter touches on them briefly,but in manycase you can get additional information in books such as the UNIX System Administration Handbook,byEvi Nemeth, Garth Snyder,Scott Seebass, and Trent R. Hein. In all cases, you can get more information from section 5 of the man pages. In the following section, we’ll first look at /etc/rc.conf,the main configuration file. We’ll look at the remaining configuration files on page 559. configfiles.mm,v v4.16 (2003/04/02 04:41:37) 545 The Complete FreeBSD 546 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 546 /etc/rc.conf /etc/rc.conf is the main system configuration file. In older releases of FreeBSD, this file wascalled /etc/sysconfig. /etc/rc.conf is a shell script that is intended to be the one file that defines the configuration of your system—that is to say,what the system needs to do when it starts up. It’snot quite that simple, but nearly all site-dependent information is stored here. We’llwalk through the version that was current at the time of writing. The files will change as time goes on, but most of the information will remain relevant. /etc/rc.conf is completely your work. When you install the system, there is no such file: you create it, usually implicitly with the aid of sysinstall.The system supplies a script /etc/defaults/rc.conf that contains default values for everything you might put in /etc/rc.conf,and which the other configuration files read to get their definitions. When the system starts, it first reads /etc/defaults/rc.conf.Commands at the end of this file check for the existence of the file /etc/rc.conf and read it in if theyfind it, so that the definitions in /etc/rc.conf override the defaults in /etc/defaults/rc.conf.This makes it easier to upgrade: just change the file with the defaults, and leave the site-specific configuration alone. Youmay still need to change some things, but it’ll be a lot easier. In this section we’ll walk through /etc/defaults/rc.conf.Aswedo, we’ll build up two different /etc/rc.conf files, one for a server and one for a laptop connected with an 802.11b wireless card. To avoid too much confusion, I showthe text that goes into /etc/rc.conf in constant width bold font, whereas the text in /etc/defaults/rc.conf is in constant width font. #!/bin/sh # #This is rc.conf - a file full of useful variables that you can set #tochange the default startup behavior of your system. You should #not edit this file! Put any overrides into one of the ${rc_conf_files} #instead and you will be able to update these defaults later without #spamming your local configuration information. # #The ${rc_conf_files} files should only contain values which override #values set in this file. This eases the upgrade path when defaults #are changed and new features are added. # #All arguments must be in double or single quotes. # #$FreeBSD: src/etc/defaults/rc.conf,v 1.159 2002/09/05 20:14:40 gordon Exp $ The claim that all arguments must be in double or single quotes is incorrect. Both this file and /etc/rc.conf are Bourne shell scripts, and you only need quotes if the values you include contain spaces. It’sagood idea to stick to this convention, though, in case the representation changes. Note the version information on the previous line (1.159). Your /etc/defaults/rc.conf will almost certainly have a different revision. If you have a CVS repository on line (see Chapter 31), you can see what is changed with the following commands: configfiles.mm,v v4.16 (2003/04/02 04:41:37) 547 Chapter 30: FreeBSD configuration files 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 547 $ cd /usr/src/etc/defaults $ cvs diff -wu -r1.159 rc.conf Continuing, ############################################################## ### Important initial Boot-time options #################### ############################################################## rc_ng="YES" # Set to NO to disable new-style rc scripts. rc_info="YES" # Enables display of informational messages at boot. rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown FreeBSD Release 5 has a newmethod of system startup, called RCng (run commands, next generation). This method was originally introduced in NetBSD. Don’tchange these values unless you know exactly what you are doing. If you makeamistake, you may find it impossible to start the system. swapfile="NO" # Set to name of swapfile if aux swapfile desired. Normally you set up entries for swap partitions in /etc/fstab.This entry refers only to swapping on files, not for partitions. It requires the md driver, which we looked at on page 245. apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). These parameters cover APM, Advanced Power Management. devd_enable="NO" # Run devd, to trigger programs on device tree changes. pccard_enable="NO" # Set to YES if you want to configure PCCARD devices. pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address. pccard_beep="2" # pccard beep type. pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO). pccardd_flags="-z" # Additional flags for pccardd. pccard_conf="/etc/defaults/pccard.conf" # pccardd(8) config file pccard_ether_delay="5" # Delay before trying to start dhclient in pccard_ether These parameters control devd,the device daemon used primarily for hot-pluggable devices such as USB and PC Card, and pccardd,the daemon for the old PC Card code. See page 159 for more details of devd,and page 161 for a brief description of pccardd and the old PC Card code. If you’re running PC Card devices, you would start devd.That’swhat we put in the /etc/rc.conf for andante: devd_enable="YES" Next comes a list of directories that are searched for startup scripts: configfiles.mm,v v4.16 (2003/04/02 04:41:37) /etc/rc.conf 548 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 548 local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. script_name_sep=" " #Change if startup scripts’ names contain spaces If you come from a System V background, you would expect to find these scripts in the directories such as /etc/rc2.d. rc_conf_files="/etc/rc.conf /etc/rc.conf.local" rc_conf_files is a list of files to read after this file. You’ll recognize /etc/rc.conf, which we discussed above. /etc/rc.conf.local is an idea that hasn’tcompletely died, but there’sagood chance that it will. You’dbebest offnot to use it until you’re sure it’s going to stay. Forobvious reasons, this is one entry in /etc/defaults/rc.conf that you can’toverride in /etc/rc.conf.Ifyou really want to search other files, you’ll have tomodify /etc/de- faults/rc.conf.It’sstill not a good idea. fsck_y_enable="NO" # Set to YES to fsck -y if the initial preen fails. background_fsck="YES" # Attempt to run fsck in the background extra_netfs_types="NO" # List of network extra filesystem types for delayed #mount at startup (or NO). On system startup, the system checks the integrity of all file systems. It does this in a number of steps: • First, it checks the superblock,the key tothe file system, to see whether it was unmounted before the system stopped. If so, it assumes that the file systems are consistent and continues with the startup. • If anyfile system was not unmounted, the system probably crashed or was turned off without proper shutdown. The file system could contain inconsistent data, so the startup scripts run fsck against the file system. • If you’re running with soft updates and checkpointing, you may be able to perform the fsck in the background,inother words in parallel with other activities. If you have a good reason, you can inhibit this behaviour by setting background_fsck to NO. • If the file system is badly damaged, the ‘‘standard strength’’fsck may not be able to recoverthe file system. In this case, the normal action is to drop into single-user mode and let a human takealook at it. The usual first action of the human is to run fsck with the -y option, meaning ‘‘answer yes to all questions from fsck’’.Ifyou set fsck_y_enable to YES,the startup scripts will perform this task for you. It’sstill possible that the check will fail, so this is not enough to ensure that you will always pass fsck,but it helps. ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network and firewall/security options: ### hostname="" # Set this! configfiles.mm,v v4.16 (2003/04/02 04:41:37) 549 Chapter 30: FreeBSD configuration files 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 549 hostname is the fully qualified name of the host. Always set it in /etc/rc.conf.See page 302 for more details. In our /etc/rc.conf we’ll put: hostname="gw.example.org" hostname="andante.example.org" Continuing in /etc/defaults/rc.conf, nisdomainname="NO" # Set to NIS domain if using NIS (or NO). If you’re using Sun’sNIS, set this. We don’tdiscuss NIS in this book. dhcp_program="/sbin/dhclient" # Path to dhcp client program. dhcp_flags="" # Additional flags to pass to dhcp client. The settings for the DHCP client, dhclient.Normally you won’tneed to change them. We talked about DHCP on page 302. firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging Parameters for the ipfw firewall. See page 389, where we set the following flags in the /etc/rc.conf for gw: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_type="client" # Firewall type (see /etc/rc.firewall) Youdon’tnormally run firewalls on laptops, though there’snotechnical reason whynot. The problem with firewalls on laptops is that the configuration files are dependent on where the system is located, which makes it a pain for systems that frequently change locations. As aresult, we won’tadd anyfirewall parameters to the /etc/rc.conf for andante. ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port These values are used to set the numbers of ports that are dynamically allocated. Normally theywon’tneed changing. ipsec_enable="NO" # Set to YES to run setkey on ipsec_file ipsec_file="/etc/ipsec.conf" # Name of config file for setkey Parameters for IPSec. We don’tdiscuss IPSec in this book. natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. configfiles.mm,v v4.16 (2003/04/02 04:41:37) /etc/rc.conf 550 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 550 Parameters for natd.See page 394 for more details. In the example there, we’ll add these lines to gw’s /etc/rc.conf : firewall_enable=YES gateway_enable="YES" # Set to YES if this host is a gateway. natd_enable="YES" natd_interface="dc0" firewall_script="/etc/rc.nat" # script for NAT only firewall_type="client" # firewall type if running a firewall Continuing with /etc/defaults/rc.conf, ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see #/usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter ipnat_enable="NO" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="NO" # Set to YES to enable saving and restoring #ofstate tables at shutdown and boot ipfs_program="/sbin/ipfs" # where the ipfs program lives ipfs_flags="" # additional flags for ipfs These entries define defaults for ipfilter,another firewall package, ipnat,another NAT package, ipmon,anIPmonitor package, and ipfs,autility for saving the state tables of ipfilter, ipnat and ipfilter.Wedon’tdiscuss anyofthem in this book. tcp_extensions="NO" # Disallow RFC1323 extensions (or YES). log_in_vain="0" # >=1 to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). #For the following option you need to have TCP_DROP_SYNFIN set in your #kernel. Please refer to LINT and NOTES for details. tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN #NOTE: this violates the TCP specification icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets These are some of the more obscure IP configuration variables. You can find more about them in tcp(4) and icmp(4). network_interfaces="auto" # List of network interfaces (or "auto"). cloned_interfaces="" # List of cloned network interfaces to create. #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. ifconfig_lo0="inet 127.0.0.1" #default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" #Sample IPX address family entry. In previous releases of FreeBSD, you had to set network_interfaces to a list of the interfaces on the machine. Nowadays the value auto enables the startup scripts to find them by themselves, so you don’tneed to change this variable. You still need to set the interface addresses, of course. For gw,weadd the following entry to /etc/rc.conf : configfiles.mm,v v4.16 (2003/04/02 04:41:37) 551 Chapter 30: FreeBSD configuration files 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 551 ifconfig_ed0="inet 223.147.37.5 netmask 255.255.255.0" We don’tneed to do anything here for andante:its Ethernet interface is a PC Card card. We looked at that on page 304. If you’re using DHCP,you don’thav e an address to specify,ofcourse. You still need to tell the startup scripts to use DHCP,howev er. Doitlikethis: ifconfig_ed0="DHCP" Continuing, #Ifyou have any sppp(4) interfaces above, you might also want to set #the following parameters. Refer to spppcontrol(8) for their meaning. sppp_interfaces="" # List of sppp interfaces. #sppp_interfaces="isp0" # example: sppp over ISDN #spppconfig_isp0="authproto=chap myauthname=foo myauthsecret=’top secret’ hisauthnam e=some-gw hisauthsecret=’another secret’" gif_interfaces="NO" # List of GIF tunnels (or "NO"). #gif_interfaces="gif0 gif1" #Examples typically for a router. #Choose correct tunnel addrs. #gifconfig_gif0="10.1.1.1 10.1.2.1" #Examples typically for a router. #gifconfig_gif1="10.1.1.2 10.1.2.2" #Examples typically for a router. These are parameters for the sppp implementation for isdn4bsd and the Generic Tunnel Interface,both of which we won’tdiscuss here. See the man pages spp(4) and gif(4) for more details. #User ppp configuration. ppp_enable="NO" # Start user-ppp (or NO). ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated". #For details see man page for ppp(8). Default is auto. ppp_nat="YES" # Use PPP’s internal network address translation or NO. ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. ppp_user="root" # Which user to run ppp as These parameters relate to running user PPP,which we discussed in Chapter 20, on page 348. ### Network daemon (miscellaneous) ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). #syslogd_flags="-ss" # Syslogd flags to not bind an inet socket Youshould always run syslogd unless you have a very good reason not to. In previous releases of FreeBSD, syslogd_flags wasempty,but security concerns have changed that, and nowbydefault syslogd is started with the -s flag, which stops syslogd from accepting remote messages. If you specify the -ss flag, as suggested in the comment, you will also not be able to log to remote systems. Sometimes it’svery useful to log to a remote system. Forexample, you might want all systems in example.org to log to gw.That way you get one set of log files for the entire network. Todothis, you would add the following line at the beginning of /etc/syslog.conf on each machine: configfiles.mm,v v4.16 (2003/04/02 04:41:37) /etc/rc.conf 552 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 552 *.* @gw Forthis to work, add the following to /etc/rc.conf on gw: syslogd_flags="" Next come some parameters relating to inetd,the Internet Daemon,sometimes called the super-server.It’sresponsible for starting services on behalf of remote clients. inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. inetd_flags="-wW" # Optional flags to inetd We looked at inetd on page 446. Normally you will want to have itenabled, but you won’tneed to change the flags. Add this line to the /etc/rc.conf for both gw and andante: inetd_enable="YES" Continuing, we see: named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # path to named, if you want a different one. #named_flags="-u bind -g bind" #Flags for named These parameters specify whether we should run the name server,and what flags we should use if we do. See page 366 for more details. Previous versions of named required a flag to specify the location of the configuration file, but the location FreeBSD uses has nowbecome the standard, so we no longer need to specify anyflags. All we put in /etc/rc.conf for gw is: named_enable="YES" # Run named, the DNS server (or NO). Continuing with /etc/defaults/rc.conf, kerberos4_server_enable="NO" # Run a kerberos IV master server (or NO). kerberos4_server="/usr/sbin/kerberos" # path to kerberos IV KDC kadmind4_server_enable="NO" # Run kadmind (or NO) kadmind4_server="/usr/sbin/kadmind" # path to kerberos IV admin daemon kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC kadmind5_server_enable="NO" # Run kadmind (or NO) kadmind5_server="/usr/libexec/k5admind" # path to kerberos 5 admin daemon kerberos_stash="NO" # Is the kerberos master key stashed? Set these if you want to run Kerberos. Wedon’tdiscuss Kerberos in this book. rwhod_enable="NO" # Run the rwho daemon (or NO). rwhod_flags="" # Flags for rwhod Set this if you want to run the rwhod daemon, which broadcasts information about the system load. configfiles.mm,v v4.16 (2003/04/02 04:41:37) 553 Chapter 30: FreeBSD configuration files 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 553 rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. bootparamd_enable="NO" # Run bootparamd (or NO). bootparamd_flags="" # Flags to bootparamd xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). These entries relate to the rarpd, bootparamd and the X-10 daemons, which we don’t discuss in this book. See the respective man pages. pppoed_enable="NO" # Run the PPP over Ethernet daemon. pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" #Flags to pppoed (if enabled). pppoed_interface="fxp0" # The interface that pppoed runs on. pppoed is the PPP Over Ethernet daemon. Wediscussed it briefly on page 348. sshd_enable="NO" # Enable sshd sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. sshd is the SecureShell Daemon which we talked about on page 451. Youdon’tneed to change anything here to run ssh,but if you want to connect to this system with ssh,you’ll need to run sshd.Ingw’s /etc/rc.conf we put: sshd_enable="YES" Next, we see: amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" These entries relate to the automounter,which we don’tdiscuss in this book. See amd(8) for details. nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_access_cache="2" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t -n 4" #Flags to nfsd (if enabled). mountd_enable="NO" # Run mountd (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). weak_mountd_authentication="NO" # Allow non-root mount requests to be served. nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="DEFAULT" # bufspace (in packets) for client (or DEFAULT) rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server. rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server. rpcbind_enable="NO" # Run the portmapper service (YES/NO). rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. rpcbind_flags="" # Flags to rpcbind (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). Flags for NFS. Some of these have changed from previous releases of FreeBSD. In particular, single_mountd_enable is nowcalled mountd_enable,and portmap has been replaced by rpcbind,soportmap_enable is nowcalled rpcbind_enable, portmap_program is nowcalled rpcbind_program and portmap_flag is nowcalled configfiles.mm,v v4.16 (2003/04/02 04:41:37) /etc/rc.conf 554 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 554 rpcbind_flags.See page 438. We set the following values in /etc/rc.conf for gw: nfs_client_enable="YES" # This host is an NFS client (or NO). nfs_server_enable="YES" # This host is an NFS server (or NO). For andante,weenable only the client (the first line). Next, we see: keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). These entries refer to the Secure RPC key server,which we don’tdiscuss in this book. See the man pages keyserv(8) for more details. ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="-b" # Flags to ntpdate (if enabled). ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one. ntpd_flags="-p /var/run/ntpd.pid" #Flags to ntpd (if enabled). timed, ntpdate and ntpd are three different ways of synchronizing your machine with the current date and time. As we sawonpage 155, we’ll use ntpd.Weadd the following line to /etc/rc.conf for each system: ntpd_enable="YES" # Run ntpd Network Time Protocol (or NO). Continuing with /etc/defaults/rc.conf, #Network Information Services (NIS) options: All need rpcbind_enable="YES" ### nis_client_enable="NO" # We’re an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We’re an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). More parameters for configuring NIS. As mentioned above,this book does not deal with NIS. ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. See page 310 for more information on routing. On gw we add the following line to /etc/rc.conf : configfiles.mm,v v4.16 (2003/04/02 04:41:37) [...]... # # # # # # # # # print unaligned access warnings on the alpha Set to NO disables caching entropy through reboots Set to NO to disable caching entropy via cron Size of the entropy cache files Number of entropy cache files to save Entropy device harvests interrupt randomness Entropy device harvests ethernet randomness Entropy device harvests point-to-point randomness Save dmesg(8) to /var/run/dmesg.boot... /usr/local/bi n /usr/X11R6/bin ˜/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ :datasize=unlimited:\ :stacksize=unlimited:\ :memorylocked=unlimited:\ :memoryuse=unlimited:\ :filesize=unlimited:\ :coredumpsize=unlimited:\ :openfiles=unlimited:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: As in the password file, the fields are delimited by... (configfiles.mm), page 570 Files you might need to change controller controller controller controller disk disk disk tape device cd0 at scbus0 scbus1 scbus3 scbus2 da0 at da1 at da2 at sa1 at scbus? at ahc0 at ahc1 bus 0 at ahc2 bus 0 at ahc2 bus 1 scbus0 target scbus3 target scbus2 target scbus1 target 570 # Single bus device # Single bus device # Twin bus device # Twin bus device 0 unit 0 1 3 6 Files you should... configuration information for some MTAs, including sendmail /etc/master.passwd /etc/master.passwd is the real password file Like /etc/group, you update with vipw or adduser See page 144 for more details Files you might need to change You don’t need to customize any of the following files to get the system up and running You may find it necessary to change them to do specific things, however /etc/crontab... Chapter 21, it’s far preferable to run named, even if you’re not connected to the Internet configfiles.mm,v v4.16 (2003/04/02 04:41:37) 2 April 2003, 17:00:47 The Complete FreeBSD (configfiles.mm), page 564 Files you might need to change 564 /etc/hosts.equiv /etc/hosts.equiv is a list of hosts whose users may use rsh to access this system without supplying a password rsh is now obsolete, so it’s unlikely... lpd_enable="YES" start_vinum="YES" # # # # # # Run inetd This host is an NFS client (or NO) Run ntpd Network Time Protocol (or NO) Run the mouse daemon Run the line printer daemon set to YES to start vinum Files you need to change rc.conf is only part of the story, of course The /etc directory contains a large number of other files, nearly all of them relating to the configuration Some of them, like /etc/amd.map... home directory • By default, the umask is set to 022 See page 184 for more details of umask configfiles.mm,v v4.16 (2003/04/02 04:41:37) 2 April 2003, 17:00:47 The Complete FreeBSD (configfiles.mm), page 566 Files you might need to change • 566 The system uses the default authentication scheme for this user See the man page login.conf(5) for further details /etc/motd /etc/motd (message of the day) is a file... Solaris and replaces the older /etc/host.conf It gives you the flexibility to use both /etc/hosts and DNS lookups, for example You specify the lookup sequence for hostnames with a line like this: hosts: files dns The word hosts here specifies the type of lookup (for host names, not NIS, password entries or something else) The keyword file represents the /etc/hosts file in this case This file is not installed... secure Each virtual terminal can support either a login or an X server The default /etc/ttys configfiles.mm,v v4.16 (2003/04/02 04:41:37) 2 April 2003, 17:00:47 The Complete FreeBSD (configfiles.mm), page 568 Files you might need to change 568 enables getty on the first eight virtual terminals and reserves /dev/ttyv8 for X If you don’t enable xdm on this terminal, you start X with startx The default kernel supports... with the noauto keyword? If you don’t bother to mount them, why bother to mention them? configfiles.mm,v v4.16 (2003/04/02 04:41:37) 2 April 2003, 17:00:47 The Complete FreeBSD (configfiles.mm), page 562 Files you need to change 562 If file system has an entry in /etc/fstab, mount is clever enough to get all the information it needs from this file You just need to specify the name of the mount point or the . ${rc_conf _files} #instead and you will be able to update these defaults later without #spamming your local configuration information. # #The ${rc_conf _files} files. configuration files In this chapter: • /etc/rc.conf • Files you need to change • Files you might need to change • Files you should not change • Obsolete configuration