Absolute OpenBSD: Unix for the Practical Paranoid

OpenBSD includes a wide variety of programs that have been hooked into the operating system, for ease of management. These are programs that both are widely useful and can be secured in a sensible manner. These programs are enabled, disabled, and (to some extent) configured via /etc/rc.conf.

When the OpenBSD kernel finishes its initial system setup and hands control of the system over to userland, init(8) runs the shell script /etc/rc. This script starts all the programs that are integrated with the system and performs general system configuration, such as configuring network interfaces and starting servers. It also has hooks to identify programs that you add commonly, but which are not part of the base system. When /etc/rc finishes, the system is considered "fully booted" and is ready for general use.

/etc/rc.conf contains shell script variable assignments. These assignments control what /etc/rc runs and the command-line options those programs receive. Each variable assignment has three legitimate values: a NO in all upper case, empty quote marks (""), or command-line flags in quote marks ("-D"). Each variable looks something like this:

ftpd_flags=NO # for non-inetd use: "-D"

A NO means that this particular piece of functionality is not enabled. In our example above, the FTP server is not running in standalone mode.

If you just use empty quote marks, /etc/rc will try to start the program controlled by that variable without any command-line arguments. This may or may not be appropriate, depending on the program you're trying to run.

Anything within quote marks is used as command-line arguments to the program run by /etc/rc.conf. If the program has typical "default" flags, they're usually given in the comment after the variable assignment. In our example above, if we were to enable ftpd in standalone mode, "-D" would be a sensible value for this flag.

/etc/rc Daemon Configuration

The /etc/rc script only performs command-line configuration. It does not affect any configuration files used by the programs it starts. For example, OpenBSD includes the Apache web server. /etc/rc.conf contains command-line arguments used to start the httpd process, but it does not affect the httpd.conf file used by Apache. Edit a daemon's configuration files appropriately before enabling it!

Категории