> For the complete documentation index, see [llms.txt](https://book.bsdcn.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.bsdcn.org/ask/flat/chapter-15-system-booting/di-15.5-jie-guan-li-freebsd-zhong-de-fu-wu.md). # 15.5 Managing Services in FreeBSD ## Overview FreeBSD uses the traditional BSD init (initialization system) to manage system services. Unlike modern initialization systems such as systemd, BSD init employs a script-based service management approach. All other processes are started directly or indirectly by init. The rc startup script system is used for system initialization and service management. A simple script example is as follows: ```sh #!/bin/sh # # PROVIDE: utility # REQUIRE: DAEMON # KEYWORD: shutdown . /etc/rc.subr name=utility rcvar=utility_enable command="/usr/local/sbin/utility" load_rc_config $name # # Do not modify default values here; set them in /etc/rc.conf # utility_enable=${utility_enable-"NO"} pidfile=${utility_pidfile-"/var/run/utility.pid"} run_rc_command "$1" ``` FreeBSD provides two core service management commands: the `service` command is used to control startup scripts in the rc.d system, supporting operations such as `start`, `stop`, `restart`, `status`, and can list available services. The `sysrc` command is used to safely modify system configuration values in rc.conf(5). It reads the `rc_conf_files` variable from **/etc/defaults/rc.conf** to determine the list of files to operate on, with a default value of `/etc/rc.conf /etc/rc.conf.local`, avoiding syntax errors from manual editing. When modifying a variable, if the variable already exists in these files, the last occurrence is replaced; if it does not exist, it is appended to the first file in the `rc_conf_files` list. ## Directory Structure ```sh / ├── etc/ # See rc.conf(5) │ ├── defaults/ │ │ ├── rc.conf # System default rc configuration │ │ └── vendor.conf # Vendor default configuration (does not exist by default) │ ├── rc # System startup main script │ ├── rc.conf # User main configuration file │ ├── rc.conf.local # Local custom configuration (does not exist by default), for boot-time custom configuration │ ├── rc.conf.d/ # Directory for distributed user custom configuration files (empty by default) │ ├── rc.d/ # Base system service scripts, see rc.d(8) │ ├── rc.firewall # Firewall startup script │ ├── rc.local # Local custom startup script (does not exist by default) │ ├── rc.shutdown # System shutdown execution script │ ├── rc.suspend # Script executed before system suspend │ └── rc.subr # rc script common function library ├── var/ │ └── run/ │ └── dmesg.boot # dmesg(8) output at boot └── usr/ └── local/ └── etc/ └── rc.d/ # Third-party application service scripts ``` The above files are primarily located in the [libexec/rc](https://github.com/freebsd/freebsd-src/tree/main/libexec/rc) path in the FreeBSD source code. > **Note** > > You should not edit the default settings contained in **/etc/defaults/rc.conf**. All system-specific changes should be written to **/etc/rc.conf**. The **/etc/rc.conf** file takes precedence over the **/etc/defaults/rc.conf** file. In other words, **/etc/rc.conf** overrides configuration items with the same name in **/etc/defaults/rc.conf**. > **Tip** > > Both **/etc/rc.conf** and **/etc/rc.conf.local** are parsed by sh(1). This enables system operators to create complex configuration scenarios. ## Managing System-Specific Configuration The primary location for system configuration is **/etc/rc.conf**. This file contains extensive configuration information that is read at system startup to configure the system. It provides configuration information for rc\* files. Entries in **/etc/rc.conf** override the default settings in **/etc/defaults/rc.conf**. It is recommended to place system-specific configuration in the **/etc/rc.conf.local** file. > **Tip** > > System updates will not overwrite **/etc/rc.conf**, so system configuration information will not be lost. In cluster applications, various strategies can be employed to separate site-wide configuration from system-specific configuration to reduce management overhead. For example, these entries in the **/etc/rc.conf** file apply to all systems: ```ini sshd_enable="YES" defaultrouter="10.1.1.254" ``` While these entries in **/etc/rc.conf.local** apply only to this system: ```ini hostname="node1.example.org" ifconfig_fxp0="inet 10.1.1.1/8" ``` Use applications such as `rsync` or `puppet` to distribute **/etc/rc.conf** to each system, while **/etc/rc.conf.local** remains unique. ## Common Command Set The BSD init system provides the `service` command as a unified interface for service management, combined with the `sysrc` command to implement service startup, stopping, and boot-time auto-start configuration. The following is the common command set. Start a service: ```sh # service xxx start ``` Stop a service: ```sh # service xxx stop ``` Temporarily start a service (even if not enabled in the rc.conf file): ```sh # service XXX onestart ``` Temporarily stop a service (even if not enabled in the rc.conf file): ```sh # service XXX onestop ``` Restart a service: ```sh # service xxx restart ``` Add a service and set it to start at boot: ```sh # service xxx enable # sysrc xxx_enable="YES" ``` > **Note** > > The `service xxx enable` command is not applicable to all services and has limitations; see: FreeBSD Project. rc keywords: enable, disable, delete cannot manage certain built-in rc startup items.\[EB/OL]. \[2026-03-26]. . Same below. Disable boot-time startup: ```sh # service xxx disable # sysrc xxx_enable="NO" ``` Delete a boot entry: ```sh # service xxx delete ``` > **Note** > > The keywords `enable`, `disable`, and `delete` see: FreeBSD Project. Add new rc keywords: enable, disable, delete\[EB/OL]. \[2026-03-26]. . System services are not enabled by default after installation; the above commands cannot be executed directly without first enabling the service. Edit the **/etc/rc.conf** file and add a line: `XXX_enable="YES"`, where `XXX` represents the service name (e.g., `nginx`, `samba`, etc.); this is a fixed format. ```ini # Enable XXX service or function (replace XXX with the specific service name), similar format below XXX_enable="YES" ``` > **Tip** > > ```sh > # sysrc XXX_enable="YES" > ``` > > The double quotes around `"YES"` in the above command can be omitted; the system will add them automatically. The same applies to `"NO"`. The script path for base system services is **/etc/rc.d/**, and for third-party application services is **/usr/local/etc/rc.d/**. You can directly invoke scripts in these two directories. Reload service configuration: ```sh # /usr/local/etc/rc.d/XXX reload ``` Stop a service: ```sh # /usr/local/etc/rc.d/XXX stop ``` ## Content and Structure of the Default rc.conf Configuration File The source code for the default rc.conf configuration file is located at [libexec/rc/rc.conf](https://github.com/freebsd/freebsd-src/blob/main/libexec/rc/rc.conf), corresponding to the commit [Set virtual\_oss\_enable="NO" in **/etc/defaults/rc.conf**](https://github.com/freebsd/freebsd-src/commit/1b2d495a24c36d81b14178a2f898025946bff2d8). ```sh #!/bin/sh # This is rc.conf — a file containing many available variables that can be used to modify the system's default boot behavior. Do not edit this file directly! # Put those override configurations into ${rc_conf_files} (i.e., /etc/rc.conf, /etc/rc.conf.local), so that # you can retain custom settings when updating system defaults later without polluting the native configuration. # # ${rc_conf_files} files should only contain values that override settings in this file. # This makes the upgrade path simpler when defaults change or new features are added. # # All parameters must be enclosed in double or single quotes. # # For more detailed descriptions of rc.conf variables, please refer to the rc.conf(5) manual page. ############################################################## ### Important Boot-Time Initial Options #################### ############################################################## # Set default value for _localbase if not previously set # Try to get user.localbase value from sysctl, see getlocalbase(3) # This sets the base path for the local third-party software directory : ${_localbase:="$(/sbin/sysctl -n user.localbase 2> /dev/null)"} # If not available, default to /usr/local : ${_localbase:="/usr/local"} # rc_debug cannot be set here, otherwise it will interfere with rc.subr operations when kenv variable rc.debug is set #rc_debug="NO" # Set to YES to enable rc.d debug output rc_info="NO" # Enable informational messages display at boot rc_startmsgs="YES" # Display "Starting foo:" messages at boot rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown precious_machine="NO" # Set to YES to prevent accidental execution of shutdown(8) early_late_divider="FILESYSTEMS" # Script that separates early/late stages of the boot process; ensure you understand the impact before modifying, see rc.conf(5) always_force_depends="NO" # Set to YES to check whether dependent services have started during boot (may increase boot time) apm_enable="NO" # Set to YES to enable BIOS APM (Advanced Power Management), otherwise disable apmd_enable="NO" # Start apmd to handle user-space APM events apmd_flags="" # Additional flags passed when apmd is enabled ddb_enable="NO" # Set to YES to load ddb script at boot ddb_config="/etc/ddb.conf" # ddb(8) configuration file path devd_enable="YES" # Start devd for triggering programs on device tree changes devd_flags="" # Additional flags for devd(8) devmatch_enable="YES" # Load kernel modules on demand based on device ID devmatch_blocklist="" # List of modules excluded from devmatch loading (without .ko suffix) #kld_list="" # Kernel modules to load after local disk mount kldxref_enable="YES" # Build linker.hints file using kldxref(8) kldxref_clobber="NO" # Whether to overwrite old linker.hints at boot kldxref_module_path="" # Override kern.module_path; semicolon ';' separated list powerd_enable="NO" # Start powerd(8) to reduce power consumption, system power control management powerd_flags="" # Flags passed when powerd(8) is enabled tmpmfs="AUTO" # Set to YES to always create mfs /tmp, NO to never create tmpsize="20m" # Size when creating mfs /tmp tmpmfs_flags="-S" # Additional mdmfs options for mfs /tmp utx_enable="YES" # Enable user account management varmfs="AUTO" # Set to YES to always create mfs /var, NO to never create varsize="32m" # Size when creating mfs /var varmfs_flags="-S" # Additional mount options for mfs /var mfs_type="auto" # Optional "md", "tmpfs", "auto"; prefer tmpfs, md as fallback populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never populate cleanvar_enable="YES" # Clean /var directory var_run_enable="YES" # Save/restore /var/run structure on shutdown/reboot var_run_autosave="YES" # Only restore /var/run structure on shutdown/reboot; users can manually save via service var_run save var_run_mtree="/var/db/mtree/BSD.var-run.mtree" # Path to save /var/run mtree local_startup="${_localbase}/etc/rc.d" # Startup script directory script_name_sep=" " # If startup script names contain spaces, modify this separator rc_conf_files="/etc/rc.conf /etc/rc.conf.local" # List of rc.conf files to load # ZFS support zfs_enable="NO" # Set to YES to automatically mount ZFS file systems zfskeys_enable="NO" # Set to YES to automatically load ZFS encryption keys zfs_bootonce_activate="NO" # Set to YES to make successful bootonce ZFS boot environments permanent zpool_reguid="" # Specify zpool to replace GUID on first boot zpool_upgrade="" # Specify zpool to upgrade version on first boot # ZFSD support zfsd_enable="NO" # Set to YES to automatically start ZFS fault management daemon gptboot_enable="YES" # GPT boot success/failure reporting # GELI disk encryption configuration geli_devices="" # List of devices to automatically attach in addition to GELI devices in /etc/fstab geli_groups="" # Automatically attach devices in the same group using the same key or passphrase geli_tries="" # Number of attempts to attach geli devices; if empty, use kern.geom.eli.tries geli_default_flags="" # Default flags for geli(8) geli_autodetach="YES" # Automatically detach on last close. After all file systems are mounted, providers will be marked as auto-detachable # Example usage #geli_devices="da1 mirror/home" # Specify list of GELI encrypted devices to automatically attach #geli_da1_flags="-p -k /etc/geli/da1.keys" # Set additional flags and key file path for da1 device #geli_da1_autodetach="NO" # Set whether da1 device auto-detaches on last close (NO means no auto-detach) #geli_mirror_home_flags="-k /etc/geli/home.keys" # Set key file for mirror/home device #geli_groups="storage backup" # Define device groups for automatic attachment by group #geli_storage_flags="-k /etc/geli/storage.keys" # Set key file for devices in storage group #geli_storage_devices="ada0 ada1" # Physical devices included in storage group #geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys" # Set passphrase file and key file for devices in backup group #geli_backup_devices="ada2 ada3" # Physical devices included in backup group ## Disk-related options root_rw_mount="YES" # Set to YES to allow remounting root file system as read-write; NO to prohibit remounting as read-write root_hold_delay="30" # Time (seconds) to wait before releasing root file system mount hold lock fsck_flags="-p" # Default flags for fsck, -p means auto-fix repairable errors; can be changed to -f or -f -y for forced full check fsck_y_enable="NO" # Set to YES to automatically run fsck -y if initial preen fails fsck_y_flags="-T ffs:-R -T ufs:-R" # Additional flags for fsck -y background_fsck="YES" # Attempt to run fsck in background (if possible) background_fsck_delay="60" # Time (seconds) to wait before starting background fsck growfs_enable="NO" # Set to YES to attempt expanding root file system at boot growfs_swap_size="" # Specify swap size for growfs expansion, 0 means disabled, "" means use default size (unit: bytes) netfs_types="nfs:NFS smbfs:SMB" # Network file system type mapping extra_netfs_types="NO" # List of additional network file system types to mount with delay at boot, or NO for none ############################################################## ### Network Configuration Section ###################### ############################################################## ### Basic Network and Firewall/Security Options: ### hostname="" # Please set the hostname! hostid_enable="YES" # Enable host UUID hostid_file="/etc/hostid" # File storing hostuuid hostid_uuidgen_flags="-r" # Flags for uuidgen command machine_id_file="/etc/machine-id" # File storing machine-id nisdomainname="NO" # If using NIS, set NIS domain name, otherwise NO dhclient_program="/sbin/dhclient" # DHCP client program path dhclient_flags="" # Additional parameters passed to DHCP client #dhclient_flags_em0="" # Pass additional dhclient parameters only for em0 interface background_dhclient="NO" # Start DHCP client in background #background_dhclient_em0="YES" # Start DHCP client for em0 interface in background dhclient_arpwait="YES" # Wait for ARP resolution to complete synchronous_dhclient="NO" # Start dhclient directly on configured interfaces at boot defaultroute_delay="30" # Time (seconds) to wait for default route from DHCP interface defaultroute_carrier_delay="5" # Time (seconds) to wait for link signal netif_enable="YES" # Enable network interface initialization netif_ipexpand_max="2048" # Maximum number of IPs allowed in IP range specifications wpa_supplicant_program="/usr/sbin/wpa_supplicant" # WPA supplicant program path wpa_supplicant_flags="-s" # Additional parameters passed to wpa_supplicant wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" # WPA supplicant configuration file # IPFW firewall firewall_enable="NO" # Set to YES to enable firewall (IPFW) firewall_script="/etc/rc.firewall" # Set script to execute when starting firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress firewall rule display firewall_logging="NO" # Set to YES to enable firewall event logging firewall_flags="" # Flags passed to ipfw when type is file firewall_coscripts="" # List of executables or scripts to run after firewall start/stop firewall_client_net="192.0.2.0/24" # IPv4 network address for "client" firewall #firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for "client" firewall firewall_simple_iif="em1" # Internal network interface for "simple" firewall firewall_simple_inet="192.0.2.16/28" # Internal network address for "simple" firewall firewall_simple_oif="em0" # External network interface for "simple" firewall firewall_simple_onet="192.0.2.0/28" # External network address for "simple" firewall #firewall_simple_iif_ipv6="em1" # Internal IPv6 network interface for "simple" firewall #firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Internal IPv6 network prefix for "simple" firewall #firewall_simple_oif_ipv6="em0" # External IPv6 network interface for "simple" firewall #firewall_simple_onet_ipv6="2001:db8:2:0::/56" # External IPv6 network prefix for "simple" firewall firewall_myservices="" # List of ports/protocols served by this machine for "workstation" firewall firewall_allowservices="" # List of IPs allowed to access $firewall_myservices firewall_trusted="" # List of trusted IPs with full access to this machine firewall_logdeny="NO" # Set to YES to log denied default inbound packets firewall_nologports="135-139,445 1026,1027 1433,1434" # Do not log denied packets for these ports firewall_nat_enable="NO" # Enable kernel NAT (requires firewall_enable to be YES) firewall_nat_interface="" # Public interface or IP address for NAT firewall_nat_flags="" # Additional configuration parameters firewall_nat64_enable="NO" # Enable kernel NAT64 module firewall_nptv6_enable="NO" # Enable kernel NPTv6 module firewall_pmod_enable="NO" # Enable kernel protocol modification module dummynet_enable="NO" # Load dummynet(4) module ipfw_netflow_enable="NO" # Enable netflow logging via ng_netflow ip_portrange_first="NO" # Set starting port for dynamic port allocation ip_portrange_last="NO" # Set ending port for dynamic port allocation ike_enable="NO" # Enable IKE daemon (typically racoon or isakmpd) ike_program="${_localbase}/sbin/isakmpd" # IKE daemon path ike_flags="" # IKE daemon additional flags ipsec_enable="NO" # Set to YES to load ipsec_file using setkey ipsec_file="/etc/ipsec.conf" # Configuration file name for setkey natd_program="/sbin/natd" # natd program path natd_enable="NO" # Enable natd (requires firewall_enable to be YES) natd_interface="" # Public interface or IP address natd_flags="" # natd additional flags ipfilter_enable="NO" # Set to YES to enable ipfilter ipfilter_program="/sbin/ipf" # ipfilter program path ipfilter_rules="/etc/ipf.rules" # ipfilter rules file (see /usr/src/share/examples/ipfilter for examples) ipfilter_flags="" # ipfilter additional flags ipfilter_optionlist="" # optionlist for ipf(8) ippool_enable="NO" # Set to YES to enable ip filter pool ippool_program="/sbin/ippool" # ippool program path ippool_rules="/etc/ippool.tables" # ippool rules file ippool_flags="" # ippool additional flags ipnat_enable="NO" # Set to YES to enable ipnat ipnat_program="/sbin/ipnat" # ipnat program path ipnat_rules="/etc/ipnat.rules" # ipnat rules file ipnat_flags="" # ipnat additional flags ipmon_enable="NO" # Set to YES to enable ipmon; requires ipfilter or ipnat ipmon_program="/sbin/ipmon" # ipfilter monitoring program path ipmon_flags="-Ds" # Typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="NO" # Set to YES to enable saving/restoring state tables at shutdown and boot ipfs_program="/sbin/ipfs" # ipfs program path ipfs_flags="" # ipfs additional flags pf_enable="NO" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # pf rules file (does not exist by default) pf_program="/sbin/pfctl" # pfctl program path pf_flags="" # pfctl additional flags pf_fallback_rules_enable="NO" # Use fallback rules if ruleset loading fails pf_fallback_rules="block drop log all" # Rules to use when ruleset loading fails #pf_fallback_rules="block drop log all #pass quick on em4" # Multi-rule example pf_fallback_rules_file="/etc/pf-fallback.conf" # File to use when ruleset fails pflog_enable="NO" # Set to YES to enable pf logging pflog_logfile="/var/log/pflog" # pflogd log storage path pflog_program="/sbin/pflogd" # pflogd program path pflog_flags="" # pflogd additional flags dnctl_enable="NO" # Enable dnctl (pf state management tool) dnctl_program="/sbin/dnctl" # dnctl program path dnctl_rules="/etc/dnctl.conf" # dnctl rules file ftpproxy_enable="NO" # Set to YES to enable pf's ftp-proxy(8) ftpproxy_flags="" # ftp-proxy additional flags pfsync_enable="NO" # Sync pf state to other hosts pfsync_syncdev="" # Interface used by pfsync pfsync_syncpeer="" # pfsync peer host IP pfsync_ifconfig="" # Additional ifconfig(8) options for pfsync tcp_extensions="YES" # Set to NO to disable RFC1323 TCP high-performance extensions log_in_vain="0" # >=1 to log connections to ports with no listener tcp_keepalive="YES" # Enable TCP idle connection timeout detection (or NO) tcp_drop_synfin="NO" # Set to YES to drop SYN+FIN TCP packets # Note: Violates TCP protocol specification icmp_drop_redirect="auto" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets network_interfaces="auto" # Network interface list, or use "auto" for auto-detection cloned_interfaces="" # List of clone network interfaces to create #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-clone virtual interfaces for GENERIC configuration #ifconfig_lo0="inet 127.0.0.1/8" # Default loopback device configuration for local communication #ifconfig_lo0_alias0="inet 127.0.0.254/32" # Loopback device alias example for binding additional IPv4 address #ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Configure primary IPv6 address for em0, prefix length 64 #ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" # IPv6 alias for em0, for multi-address configuration #ifconfig_em0_name="net0" # Rename physical interface em0 to net0 for easier management #vlans_em0="101 vlan0" # Create VLAN 101 on em0 and name it vlan0 #create_args_vlan0="vlan 102" # Configure secondary VLAN tag 102 for vlan0 #wlans_ath0="wlan0" # Configure ath0 wireless interface as wlan0 #wlandebug_wlan0="scan+auth+assoc" # Set WLAN debug flags using wlandebug(8), including scan, authentication, and association #ipv4_addrs_em0="192.168.0.1/24 192.168.1.1-5/28" # Configure multiple IPv4 addresses for em0: 192.168.0.1/24 and 192.168.1.1 to 192.168.1.5/28 continuous range # #autobridge_interfaces="bridge0" # List of bridge interfaces to check #autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to bridge # User PPP configuration ppp_enable="NO" # Start user PPP (or NO) ppp_program="/usr/sbin/ppp" # User PPP program path ppp_mode="auto" # Mode selection: auto, ddial, direct, or dedicated, default auto ppp_nat="YES" # Use PPP internal NAT (or NO) ppp_profile="papchap" # Use configuration file /etc/ppp/ppp.conf ppp_user="root" # PPP running user # Start multiple PPP instances #ppp_profile="profile1 profile2 profile3" # PPP profiles to use #ppp_profile1_mode="ddial" # Override PPP mode for profile1 #ppp_profile2_nat="NO" # Override NAT mode for profile2 # profile3 uses default ppp_mode and ppp_nat ### Network Daemons (Miscellaneous) ### hostapd_program="/usr/sbin/hostapd" hostapd_enable="NO" # Start hostap daemon syslogd_enable="YES" # Start syslog daemon (or NO) syslogd_program="/usr/sbin/syslogd" # syslogd program path (replaceable) syslogd_flags="-s" # syslogd startup parameters syslogd_oomprotect="YES" # Do not kill syslogd when swap space is exhausted altlog_proglist="" # List of chroot applications under /var inetd_enable="NO" # Start internet daemon dispatcher (YES/NO) inetd_program="/usr/sbin/inetd" # inetd program path (replaceable) inetd_flags="-wW -C 60" # inetd optional startup parameters iscsid_enable="NO" # iSCSI initiator daemon iscsictl_enable="NO" # iSCSI initiator auto-start iscsictl_flags="-Aa" # iscsictl optional parameters hastd_enable="NO" # Start HAST daemon (YES/NO) hastd_program="/sbin/hastd" # hastd program path (replaceable) hastd_flags="" # hastd optional parameters ggated_enable="NO" # Start ggate daemon (YES/NO) ggated_config="/etc/gg.exports" # ggated(8) export file ggated_flags="" # Additional parameters, e.g., bind port ctld_enable="NO" # CAM Target Layer / iSCSI target daemon local_unbound_enable="NO" # Local caching DNS resolver local_unbound_oomprotect="YES" # Do not kill local_unbound when swap space is exhausted local_unbound_tls="NO" # Use DNS over TLS blacklistd_enable="NO" # Renamed to blocklistd_enable blacklistd_flags="" # Renamed to blocklistd_flags blocklistd_enable="NO" # Start blocklistd daemon (YES/NO) blocklistd_flags="" # blocklistd(8) optional parameters resolv_enable="YES" # Enable resolv / resolvconf # # Kerberos. Do not run admin daemon on slave servers # kdc_enable="NO" # Start Kerberos 5 KDC (or NO) kdc_program="" # Kerberos 5 KDC program path kdc_flags="" # Kerberos 5 KDC additional parameters kdc_restart="NO" # Auto-restart KDC on abnormal termination kdc_restart_delay="" # Auto-restart delay time (seconds) kadmind_enable="NO" # Start kadmind (or NO) kadmind_program="/usr/libexec/kadmind" # kadmind program path kpasswdd_enable="NO" # Start kpasswdd (or NO) kpasswdd_program="/usr/libexec/kpasswdd" # kpasswdd program path kfd_enable="NO" # Start kfd (or NO) kfd_program="/usr/libexec/kfd" # Kerberos 5 kfd daemon path kfd_flags="" # kfd additional parameters ipropd_master_enable="NO" # Start Heimdal incremental sync daemon (master node) ipropd_master_program="/usr/libexec/ipropd-master" ipropd_master_flags="" # ipropd-master parameters ipropd_master_keytab="/etc/krb5.keytab" # Master keytab ipropd_master_slaves="" # List of slave names used in /var/heimdal/slaves ipropd_slave_enable="NO" # Start Heimdal incremental sync daemon (slave node) ipropd_slave_program="/usr/libexec/ipropd-slave" ipropd_slave_flags="" # ipropd-slave parameters ipropd_slave_keytab="/etc/krb5.keytab" # Slave keytab ipropd_slave_master="" # Master node name gssd_enable="NO" # Start gssd daemon (or NO) gssd_program="/usr/sbin/gssd" # gssd program path gssd_flags="" # gssd parameters rwhod_enable="NO" # Start rwho daemon (or NO) rwhod_flags="" # rwho parameters rarpd_enable="NO" # Start rarpd (or NO) rarpd_flags="-a" # rarpd parameters bootparamd_enable="NO" # Start bootparamd (or NO) bootparamd_flags="" # bootparamd parameters pppoed_enable="NO" # Start PPP over Ethernet daemon pppoed_provider="*" # PPPoE provider and ppp(8) configuration file entry pppoed_flags="-P /var/run/pppoed.pid" # PPPoE parameters (if enabled) pppoed_interface="em0" # Interface for PPPoE sshd_enable="NO" # Enable sshd sshd_oomprotect="YES" # Do not kill sshd when swap space is exhausted sshd_program="/usr/sbin/sshd" # sshd program path sshd_flags="" # sshd additional parameters ### Network Daemons (NFS): All require rpcbind_enable="YES" ### autofs_enable="NO" # Start autofs daemon automount_flags="" # automount(8) parameters (if autofs is enabled) automountd_flags="" # automountd(8) parameters (if autofs is enabled) autounmountd_flags="" # autounmountd(8) parameters (if autofs is enabled) nfs_client_enable="NO" # This machine as NFS client (or NO) nfs_access_cache="60" # Client cache timeout (seconds) nfs_server_enable="NO" # This machine as NFS server (or NO) nfs_server_flags="-u -t" # nfsd parameters (if enabled) nfs_server_managegids="NO" # Whether NFS server maps AUTH_SYS gids (or NO) nfs_server_maxio="131072" # nfsd maximum I/O size mountd_enable="NO" # Start mountd (or NO) mountd_flags="-r -S" # mountd parameters (if NFS server is enabled) weak_mountd_authentication="NO" # Allow non-root mount requests nfs_reserved_port_only="YES" # Provide NFS only on secure ports (or NO) nfs_bufpackets="" # Client bufspace (in packets) rpc_lockd_enable="NO" # Start NFS rpc.lockd (needed by client/server) rpc_lockd_flags="" # rpc.lockd parameters (if enabled) rpc_statd_enable="NO" # Start NFS rpc.statd (needed by client/server) rpc_statd_flags="" # rpc.statd parameters (if enabled) rpcbind_enable="NO" # Start port mapping service (YES/NO) rpcbind_program="/usr/sbin/rpcbind" # rpcbind program path rpcbind_flags="" # rpcbind parameters (if enabled) rpc_ypupdated_enable="NO" # If NIS master and SecureRPC is enabled nfsv4_server_enable="NO" # Enable NFSv4 support nfsv4_server_only="NO" # Set NFS server to support NFSv4 only nfscbd_enable="NO" # NFSv4 client callback daemon nfscbd_flags="" # nfscbd parameters nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon nfsuserd_flags="" # nfsuserd parameters tlsclntd_enable="NO" # Start rpc.tlsclntd (required for NFS-over-TLS mounts) tlsclntd_flags="" # rpc.tlsclntd parameters tlsservd_enable="NO" # Start rpc.tlsservd (required for NFS-over-TLS nfsd) tlsservd_flags="" # rpc.tlsservd parameters ### Network Time Service Options ### ntpdate_enable="NO" # Start ntpdate to sync time at boot (or NO) ntpdate_program="/usr/sbin/ntpdate" # ntpdate program path (customizable) ntpdate_flags="-b" # ntpdate parameters (if enabled) ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file ntpdate_hosts="" # ntpdate(8) server list, space-separated ntpd_enable="NO" # Start ntpd network time protocol daemon (or NO) ntpd_program="/usr/sbin/ntpd" # ntpd program path (customizable) ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file ntpd_sync_on_start="NO" # Whether to sync time immediately when starting ntpd (even with large offset) ntpd_flags="" # ntpd additional parameters ntp_src_leapfile="/etc/ntp/leap-seconds" # Initial source for ntpd leapfile ntp_db_leapfile="/var/db/ntpd.leap-seconds.list" # Standard location for obtained leap seconds ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list https://data.iana.org/time-zones/tzdb/leap-seconds.list" # Sources for obtaining leapfile ntp_leapfile_fetch_opts="-mq" # Options used when fetching NTP leapfile, e.g., --no-verify-peer ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days before expiry ntp_leapfile_fetch_verbose="NO" # Whether to output verbose information when fetching NTP leapfile # Network Information Service (NIS) Options: All depend on rpcbind_enable="YES" ### nis_client_enable="NO" # Is NIS client (or NO) nis_client_flags="" # ypbind parameters (if enabled) nis_ypset_enable="NO" # Run ypset at boot (or NO) nis_ypset_flags="" # ypset parameters (if enabled) nis_server_enable="NO" # Is NIS server (or NO) nis_server_flags="" # ypserv parameters (if enabled) nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot (or NO) nis_ypxfrd_flags="" # rpc.ypxfrd parameters (if enabled) nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot (or NO) nis_yppasswdd_flags="" # rpc.yppasswdd parameters (if enabled) nis_ypldap_enable="NO" # Run ypldap at boot (or NO) nis_ypldap_flags="" # ypldap parameters (if enabled) ### SNMP Daemon ### # Ensure you understand the security implications of running SNMP v1/v2 on a network bsnmpd_enable="NO" # Start SNMP daemon (or NO) bsnmpd_flags="" # bsnmpd parameters ### Network Routing Options: ### defaultrouter="NO" # Set default gateway (or NO) #defaultrouter_fibN="192.0.2.1" # Use this form to set gateway for FIB N static_arp_pairs="" # Set static ARP list (or leave empty) static_ndp_pairs="" # Set static NDP list (or leave empty) static_routes="" # Set static route list (or leave empty) gateway_enable="NO" # Set to YES if this host will serve as a gateway routed_enable="NO" # Set to YES to enable routing daemon routed_program="/sbin/routed" # Routing daemon to use when enabled routed_flags="-q" # Routing daemon parameters arpproxy_all="NO" # Replaces obsolete kernel option ARP_PROXYALL forward_sourceroute="NO" # Perform source routing (only when gateway_enable is set to YES) accept_sourceroute="NO" # Accept source-routed packets addressed to this host ### Bluetooth ### hcsecd_enable="NO" # Enable hcsecd(8) (or NO) hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file sdpd_enable="NO" # Enable sdpd(8) (or NO) sdpd_control="/var/run/sdp" # sdpd(8) control socket sdpd_groupname="nobody" # Set user group for sdpd(8) to run as after initialization sdpd_username="nobody" # Set username for sdpd(8) to run as after initialization bthidd_enable="NO" # Enable bthidd(8) (or NO) bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file bthidd_evdev_support="AUTO" # AUTO depends on EVDEV_SUPPORT kernel option rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO) rfcomm_pppd_server_profile="one two" # Use profiles from /etc/ppp/ppp.conf #rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one' rfcomm_pppd_server_one_channel="1" # Override local channel for 'one' #rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN registration for 'one' #rfcomm_pppd_server_one_register_dun="NO" # For 'one' #rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two' rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' #rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN registration for 'two' #rfcomm_pppd_server_two_register_dun="NO" # For 'two' ubthidhci_enable="NO" # Switch existing USB Bluetooth controller from HID mode to HCI mode #ubthidhci_busnum="3" # Bus number 3 #ubthidhci_addr="2" # Address 2, use usbconfig list to check correct numbering for your system ### Network Connectivity/Availability Verification Options ### netwait_enable="NO" # Enable rc.d/netwait (or NO) #netwait_ip="" # Wait for ping response from any IP in this list netwait_timeout="60" # Total seconds to execute ping #netwait_if="" # Wait for active link on each interface in this list netwait_if_timeout="30" # Total seconds to monitor link status netwait_dad="NO" # Wait for DAD completion netwait_dad_timeout="" # Total seconds to wait for DAD, 0 or unset means auto-detect ### Miscellaneous Network Options ### icmp_bmcastecho="NO" # Respond to broadcast ping packets ### IPv6 Options ### ipv6_network_interfaces="auto" # IPv6 network interface list (or "auto" or "none") ipv6_activate_all_interfaces="NO" # If NO, interfaces without corresponding $ifconfig_IF_ipv6 will be marked IFDISABLED (for security reasons) ipv6_defaultrouter="NO" # Set IPv6 default gateway (or NO) #ipv6_defaultrouter="2002:c058:6301::" # For 6to4 (RFC 3068) #ipv6_defaultrouter_fibN="2001:db8::" # Set gateway for FIB N ipv6_static_routes="" # Static route list (or leave empty) #ipv6_static_routes="xxx" # Example: set fec0:0000:0000:0006::/64 route to loopback interface #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host serves as a gateway ipv6_cpe_wanif="NO" # If this node acts as a router forwarding IPv6 packets, set upstream interface name ipv6_privacy="NO" # Use privacy addresses on interfaces receiving RA (RFC 4941) route6d_enable="NO" # Set to YES to enable IPv6 routing daemon route6d_program="/usr/sbin/route6d" # IPv6 routing daemon name route6d_flags="" # IPv6 routing daemon parameters #route6d_flags="-l" # Listen only on link-local IPv6 addresses. (Router example) #route6d_flags="-q" # Quiet mode, disable router advertisements. Example: end node running routing daemon should stop advertising # Example: Configure static IPv6 for router or end node #ipv6_network_interfaces="em0 em1" # Specify IPv6-enabled network interfaces em0 and em1 (router example) #ipv6_prefix_em0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Assign static IPv6 prefixes/addresses to em0 interface (router example), 2 IPv6 addresses assigned here #ipv6_prefix_em1="fec0:0000:0000:0003 fec0:0000:0000:0004" # Assign static IPv6 prefixes/addresses to em1 interface (router example), 2 IPv6 addresses assigned here ipv6_default_interface="NO" # Default output interface (only effective when ipv6_gateway_enable="NO") rtsol_flags="-i" # IPv6 router solicitation flags rtsold_enable="NO" # Set to YES to enable IPv6 router solicitation daemon rtsold_flags="-a -i" # IPv6 router solicitation daemon parameters rtadvd_enable="NO" # Set to YES to enable IPv6 router advertisement daemon rtadvd_flags="" # IPv6 router advertisement daemon parameters rtadvd_interfaces="" # Interfaces on which rtadvd sends RA packets stf_interface_ipv4addr="" # Local IPv4 address for 6to4 IPv6 over IPv4 tunnel interface stf_interface_ipv4plen="0" # 6to4 IPv4 address prefix length, valid values 0-31 stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface ID for stf0, can be set to AUTO stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 ipv6_ipv4mapping="NO" # Set to YES to enable IPv4-mapped IPv6 address communication (::ffff:a.b.c.d) ip6addrctl_enable="YES" # Enable default IPv6 address selection ip6addrctl_verbose="NO" # Enable verbose configuration messages ip6addrctl_policy="AUTO" # Predefined address selection policy (ipv4_prefer, ipv6_prefer, or AUTO) ############################################################## ### System Console Options ################################# ############################################################## keyboard="" # Keyboard device to use (default /dev/kbd0) keymap="NO" # Keyboard map in /usr/share/{syscons,vt}/keymaps/* (or NO) keyrate="NO" # Keyboard rate: slow, normal, fast (or NO) keybell="NO" # Options in kbdcontrol(1), use "off" to disable keychange="NO" # Function key defaults (or NO) cursor="NO" # Cursor type {normal|blink|destructive} (or NO) scrnmap="NO" # Screen map in /usr/share/syscons/scrnmaps/* (or NO) font8x16="NO" # 8x16 font in /usr/share/{syscons,vt}/fonts/* (or NO) font8x14="NO" # 8x14 font in /usr/share/{syscons,vt}/fonts/* (or NO) font8x8="NO" # 8x8 font in /usr/share/{syscons,vt}/fonts/* (or NO) blanktime="300" # Blank time (seconds), or "NO" to disable saver="NO" # Screen saver: use /boot/kernel/${saver}_saver.ko moused_nondefault_enable="YES" # Unless explicitly overridden in rc.conf(5), non-default mice are considered enabled moused_enable="NO" # Run mouse daemon moused_type="evdev" # Available settings see rc.conf(5) manual moused_port="/dev/psm0" # Mouse port setting moused_flags="" # Additional parameters for moused mousechar_start="NO" # If 0xd0-0xd3 default range is occupied, specify other starting range, e.g., mousechar_start=3 msconvd_enable="NO" # Run mouse protocol conversion daemon msconvd_type="auto" # Available moused_type types see rc.conf(5) msconvd_ports="" # msconvd port list msconvd_flags="" # Additional parameters for msconvd allscreens_flags="" # Set vidcontrol mode for all virtual screens allscreens_kbdflags="" # Set kbdcontrol mode for all virtual screens ############################################################## ### Mail Transfer Agent (MTA) Options ###################### ############################################################## # Settings by /etc/rc.d/sendmail: sendmail_enable="NONE" # Run sendmail receive daemon (YES/NO/NONE) # If NONE, no sendmail processes are started sendmail_pidfile="/var/run/sendmail.pid" # sendmail PID file sendmail_procname="/usr/sbin/sendmail" # sendmail process name sendmail_flags="-L sm-mta -bd -q30m" # Parameters for running sendmail as server sendmail_cert_create="YES" # Create server certificate if none exists (YES/NO) #sendmail_cert_cn="CN" # CN (Common Name) for generated certificate sendmail_submit_enable="YES" # Start localhost-only MTA for mail submission sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" # Parameters for localhost MTA sendmail_outbound_enable="YES" # Dequeue stalled mail (YES/NO) sendmail_outbound_flags="-L sm-queue -q30m" # Outbound sendmail parameters sendmail_msp_queue_enable="YES" # Dequeue stalled clientmqueue mail (YES/NO) sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" # sendmail_msp_queue daemon parameters sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO) ############################################################## ### Miscellaneous Administrative Options ################### ############################################################## auditd_enable="NO" # Run audit daemon auditd_program="/usr/sbin/auditd" # Audit daemon path auditd_flags="" # Options passed to audit daemon auditdistd_enable="NO" # Run distributed audit daemon auditdistd_program="/usr/sbin/auditdistd" # auditdistd daemon path auditdistd_flags="" # Options passed to auditdistd cron_enable="YES" # Run periodic task daemon cron_program="/usr/sbin/cron" # Path to cron executable to use when enabled cron_dst="YES" # Smart handling of daylight saving time transitions (YES/NO) cron_flags="" # Options passed to cron daemon cfumass_enable="NO" # Create default LUN for cfumass(4) cfumass_dir="/var/cfumass" # Directory containing LUN content files cfumass_image="/var/tmp/cfumass.img" # LUN backing file path lpd_enable="NO" # Run line printer daemon lpd_program="/usr/sbin/lpd" # lpd executable path lpd_flags="" # Options passed to lpd nscd_enable="NO" # Run NSS cache daemon chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd chkprintcap_flags="-d" # Create missing directories by default dumpdev="AUTO" # Crash dump device (device name, AUTO, or NO); stable branch recommends commenting this to follow kenv dumpon_flags="" # Options passed to dumpon(8), immediately following dumpdev dumpdir="/var/crash" # Directory for storing crash dumps savecore_enable="YES" # Extract core dump from dump device if one exists savecore_flags="-m 10" # Use if dumpdev is enabled and exists. Default saves only the most recent 10 kernel dumps service_delete_empty="NO" # Let 'service delete' delete empty rc.conf.d files crashinfo_enable="YES" # Automatically generate crash dump summary crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary quota_enable="NO" # Enable disk quotas at boot (or NO) check_quotas="YES" # Check quotas at boot (or NO) quotaon_flags="-a" # Enable quotas for all file systems (if enabled) quotaoff_flags="-a" # Disable quotas for all file systems at shutdown. quotacheck_flags="-a" # Check quotas for all file systems (if enabled) accounting_enable="NO" # Enable process accounting (or NO) firstboot_sentinel="/firstboot" # If this file exists, run scripts with "firstboot" keyword. Should be on a read-write file system so it can be deleted after boot completes sysvipc_enable="NO" # Load System V IPC primitives at boot (or NO) linux_enable="NO" # Load Linux binary compatibility at boot (or NO) linux_mounts_enable="YES" # If linux_enable is YES, mount Linux-specific file systems at boot clear_tmp_enable="NO" # Clear /tmp at boot clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks ldconfig_paths="/usr/lib/compat ${_localbase}/lib ${_localbase}/lib/compat/pkg" # Shared library search paths ldconfig32_paths="/usr/lib32/compat" # 32-bit compatibility shared library search paths ldconfig_local_dirs="${_localbase}/libdata/ldconfig" # Local directories with ldconfig configuration files ldconfig_local32_dirs="${_localbase}/libdata/ldconfig32" # Local directories with 32-bit compatibility ldconfig configuration files kern_securelevel_enable="NO" # Kernel secure level (see security(7)) kern_securelevel="-1" # Range: -1..3; -1 is least secure. Note: Setting securelevel to 0 causes system to boot at secure level 1, because init(8) raises the level after rc(8) completes update_motd="YES" # Update version information in /var/run/motd (or NO) entropy_boot_file="/boot/entropy" # Set to NO to disable very early (boot-time) entropy caching via reboot entropy_file="/entropy" # Set to NO to disable late (multi-user mode) entropy caching via reboot. If / is unavailable, /var/db/entropy-file is recommended entropy_dir="/var/db/entropy" # Set to NO to disable entropy caching via cron entropy_save_sz="4096" # Entropy cache file size entropy_save_num="8" # Number of entropy cache files to save harvest_mask="4607" # Entropy device collects all sources except the most intrusive. (See 'sysctl kern.random.harvest' and random(4)) osrelease_enable="YES" # Update /var/run/os-release at boot (or NO) osrelease_file="/var/run/os-release" # File to update os-release osrelease_perms="444" # Default permissions for os-release file osrelease_home_url="https://FreeBSD.org" # HOME_URL in /var/run/os-release osrelease_documentation_url="https://docs.FreeBSD.org" # DOCUMENTATION_URL in /var/run/os-release osrelease_support_url="https://www.FreeBSD.org/support" # SUPPORT_URL in /var/run/os-release osrelease_bug_report_url="https://bugs.FreeBSD.org" # BUG_REPORT_URL in /var/run/os-release dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot dmesg_umask="022" # Default umask for /var/run/dmesg.boot file watchdogd_enable="NO" # Start software watchdog daemon watchdogd_flags="" # Parameters for watchdogd (if enabled) watchdogd_timeout="" # watchdogd timeout, overrides -t in watchdogd_flags watchdogd_shutdown_timeout="" # Timeout used after stopping watchdogd, only effective for system shutdown, overrides -x option in watchdogd_flags devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing devfs(8) rules devfs_system_ruleset="" # Name (not number) of ruleset to apply to /dev devfs_set_rulesets="" # List of /mount/dev=ruleset_name to apply (must be mounted, i.e., fstab(5)) devfs_load_rulesets="YES" # Always load default rulesets performance_cx_lowest="NONE" # Online CPU idle state performance_cpu_freq="NONE" # Online CPU frequency economy_cx_lowest="Cmax" # Offline CPU idle state economy_cpu_freq="NONE" # Offline CPU frequency virecover_enable="YES" # Perform maintenance operations for vi(1) editor ugidfw_enable="NO" # Load mac_bsdextended(4) rules at boot bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4) rules file newsyslog_enable="YES" # Run newsyslog at boot newsyslog_flags="-CN" # newsyslog parameters for creating marker files mixer_enable="YES" # Run volume mixer opensm_enable="NO" # Start Opensm for infiniband devices, disabled by default nuageinit_enable="NO" # Run nuageinit at boot virtual_oss_enable="NO" # Run virtual_oss at boot rctl_enable="YES" # Load rctl(8) rules at boot rctl_rules="/etc/rctl.conf" # rctl(8) rules file, see rctl.conf(5) iovctl_files="" # Configuration files for iovctl(8) ############################################################## ### Jail Configuration (see rc.conf(5) manual page) ########## ############################################################## jail_enable="NO" # Set to NO to prevent starting any jail jail_conf="/etc/jail.conf" # Configuration file for jail(8) jail_confwarn="YES" # Prevent warning about obsolete per-jail configuration jail_parallel_start="NO" # Start jails in background jail_list="" # Space-separated list of jail names jail_reverse_stop="NO" # Stop jails in reverse order ############################################################## ### Define source_rc_confs ### ### This is the mechanism used by /etc/rc.* scripts to safely reference rc_conf_files overrides ### ############################################################## # Define source_rc_confs if not already defined if [ -z "${source_rc_confs_defined}" ]; then source_rc_confs_defined=yes # Define source_rc_confs function to safely load configuration files listed in rc_conf_files source_rc_confs() { local i sourced_files # Iterate through rc_conf_files list for i in ${rc_conf_files}; do case ${sourced_files} in *:$i:*) # If this file has already been loaded, skip it ;; *) # Mark current file as loaded sourced_files="${sourced_files}:$i:" # If file is readable, load it if [ -r $i ]; then . $i fi ;; esac done # Iterate through rc_conf_files again, handling new files that may have been redefined during the first load for i in ${rc_conf_files}; do case ${sourced_files} in *:$i:*) # If this file has already been loaded, skip it ;; *) sourced_files="${sourced_files}:$i:" if [ -r $i ]; then . $i fi ;; esac done } fi # Allow vendors to override FreeBSD defaults in /etc/default/rc.conf # without needing to manually manage /etc/rc.conf. if [ -r /etc/defaults/vendor.conf ]; then . /etc/defaults/vendor.conf fi ``` ## Shutdown and Reboot `reboot` and `halt` are the same program in FreeBSD, exhibiting different behaviors depending on the name by which they are invoked. In Linux, these commands may be symlinks to systemd with different behaviors. FreeBSD's design is closer to traditional UNIX behavior. Shutdown: * Using `shutdown now` does not power off; instead, it switches to "single-user mode", displaying the prompt: `Enter full pathname of shell or RETURN for /bin/sh:` — press Enter to enter single-user mode; * Using `shutdown -h now` does not completely power off; it only stops the system, displaying: `The operating system has halted. Please press any key to reboot.` Press any key here to reboot the system; * For shutdown and power off, `shutdown -p now` is recommended; this command sends a signal to init(8) to run the `/etc/rc.shutdown` script (source located at `libexec/rc/rc.shutdown`) for orderly service shutdown before powering off. You can also use `halt -p`, which directly flushes the file system cache and sends SIGTERM and SIGKILL signals to all processes before powering off, without executing `/etc/rc.shutdown`. Reboot: * The reboot command is the same as on Linux, both using `reboot`, but the parameters are not interchangeable. * On FreeBSD, `reboot` directly flushes the file system cache, sends SIGTERM and SIGKILL signals to all processes, and then reboots the system without executing `/etc/rc.shutdown`. For orderly service shutdown followed by reboot, use `shutdown -r now`, which runs `/etc/rc.shutdown` through init(8). For a quick reboot (skipping signal sending to processes, which may cause data loss), use `reboot -q`, which only flushes the file system cache before immediately rebooting. `fastboot` is an alias for `reboot` with the same behavior. > **Note** > > On FreeBSD, the `shutdown` command can be executed by root users and members of the operator group; `reboot` and `halt` commands are restricted to root users only. ## Exercises 1. Create a custom service script in the **/usr/local/etc/rc.d/** directory, analyze the dependency checking implementation logic in `rc.subr`, and evaluate the differences compared to the systemd unit dependency model. 2. Modify `rc_debug` to YES, trace the complete process of a service startup, compare the output differences between normal and debug startup, and analyze the execution order of each stage in the debug output. 3. Disable `rc_startmsgs` and modify the startup order of key services (using `REQUIRE` and `BEFORE` keywords), and document the changes in system boot behavior. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.bsdcn.org/ask/flat/chapter-15-system-booting/di-15.5-jie-guan-li-freebsd-zhong-de-fu-wu.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.