NetBSD/etc/rc
mrg eddf0f4e2c increase the securelevel (using the same rules as before) much earlier in the
boot process.  before cron, sendmail, inetd, etc, are run, but after lkms are
loaded.  this avoids the chances of `@reboot', mail .forwards, remote logins,
etc., happening before the securelevel has been raised.
1999-01-31 08:46:58 +00:00

525 lines
12 KiB
Plaintext

# $NetBSD: rc,v 1.112 1999/01/31 08:46:58 mrg Exp $
# originally from: @(#)rc 8.2 (Berkeley) 3/17/94
# System startup script run by init on autoboot
# or after single-user.
# Output and error are redirected to console by init,
# and the console is the controlling terminal.
stty status '^T'
# Set shell to ignore SIGINT (2), but not children;
# shell catches SIGQUIT (3) and returns to single user after fsck.
trap : 2
trap : 3 # shouldn't be needed
export HOME=/
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
# Configure ccd devices.
if [ -f /etc/ccd.conf ]; then
ccdconfig -C
fi
# Configure raid devices.
for dev in 0 1 2 3; do
if [ -f /etc/raid$dev.conf ]; then
raidctl -c /etc/raid$dev.conf raid$dev
raidctl -r raid$dev
fi
done
# Add all block-type swap devices; these might be necessary
# during disk checks.
swapctl -A -t blk
if [ -e /fastboot ]; then
echo "Fast boot: skipping disk checks."
elif [ "$1" = autoboot ]; then
echo "Automatic boot in progress: starting file system checks."
fsck -p
case $? in
0)
;;
2)
exit 1
;;
4)
echo "Rebooting..."
reboot
echo "Reboot failed; help!"
exit 1
;;
8)
echo "Automatic file system check failed; help!"
exit 1
;;
12)
echo "Boot interrupted."
exit 1
;;
130)
# interrupt before catcher installed
exit 1
;;
*)
echo "Unknown error; help!"
exit 1
;;
esac
fi
trap "echo 'Boot interrupted.'; exit 1" 3
umount -a >/dev/null 2>&1
mount /
rm -f /fastboot # XXX (root now writeable)
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
else
echo "Can't read /etc/rc.subr; aborting."
exit 1;
fi
if [ -f /etc/rc.conf ]; then
. /etc/rc.conf
fi
if [ "$rc_configured" != YES ]; then
echo "/etc/rc.conf is not configured. Multiuser boot aborted."
exit 1
fi
# set flags on ttys. (do early, in case they use tty for SLIP in netstart)
echo 'setting tty flags'
ttyflags -a
# load kernel modules specified in /etc/lkm.conf if the /usr filesystem
# is already present with "/" or can be mounted now
if checkyesno lkm && [ -f /etc/rc.lkm ]; then
mount /usr >/dev/null 2>&1
if [ -x /usr/bin/ld ]; then
lkmstage=BEFORENET
. /etc/rc.lkm
fi
fi
# set hostname, turn on network
echo 'starting network'
sh /etc/netstart
if [ $? -ne 0 ]; then
exit 1
fi
for fs in /usr /var $critical_filesystems; do
mount | (
ismounted=no
while read what _on on _type type; do
if [ $on = $fs ]; then
ismounted=yes
fi
done
if [ $ismounted = no ]; then
mount $fs >/dev/null 2>&1
fi
)
done
# Network Address Translation...
if checkyesno ipnat && [ -f /etc/ipnat.conf ]; then
echo 'installing NAT rules ... '
if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then
ipf -E -Fa
fi
ipnat -F -f /etc/ipnat.conf
fi
# "Critical" file systems are now mounted. Go ahead and swap
# to files now, since they will be residing in the critical file
# systems (or, at least, better).
swapctl -A -t noblk
# Check for no swap, and warn about it unless that is desired.
if ! checkyesno no_swap; then
swapctl -s | grep 'no swap devices configured' > /dev/null && \
echo "WARNING: no swap space configured!"
fi
# clean up left-over files
rm -f /etc/nologin
rm -f /var/spool/lock/LCK.*
rm -f /var/spool/uucp/STST/*
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })
# get the system dmesg output, hopefully containing the boot messages
# $dmesg_flags is imported from /etc/rc.conf
if checkyesno dmesg; then
dmesg $dmesg_flags > /var/run/dmesg.boot
fi
# start the system logger first, so that all messages from daemons
# are logged, then start savecore to get a dump on low memory systems
# and then start the name server.
if checkyesno syslogd; then
echo 'starting system logger'
rm -f /dev/log
syslogd $syslogd_flags
fi
# Enable ipmon (only useful if ipfilter is running)
# NOTE: requires the IPFILTER_LOG kernel option.
if checkyesno ipmon; then
echo 'starting ipmon'
ipmon $ipmon_flags &
fi
# /var/crash should be a directory or a symbolic link
# to the crash directory if core dumps are to be saved.
if checkyesno savecore; then
if [ -d /var/crash/. ]; then
echo checking for core dump...
savecore $savecore_flags /var/crash
else
logger -s "WARNING: no /var/crash directory; savecore not run."
fi
fi
if checkyesno named; then
echo 'starting name server'; named $named_flags
fi
# set time, if requested
if checkyesno ntpdate; then
if [ -z "$ntpdate_hosts" ]; then
ntpdate_hosts=`awk '
/^server[ \t]*127.127/ {next}
/^server/ {print $2}
' </etc/ntp.conf`
fi
if [ -n "$ntpdate_hosts" ]; then
echo 'Setting date via ntp.'
ntpdate -b -s $ntpdate_hosts
fi
fi
# now start the rpc servers, for YP server/client.
echo -n 'starting rpc daemons:'
# note that portmap is generally required for all other rpc services.
if checkyesno portmap; then
echo -n ' portmap'; portmap $portmap_flags
fi
if checkyesno ypserv; then
echo -n ' ypserv'; ypserv $ypserv_flags
fi
if checkyesno ypbind; then
echo -n ' ypbind'; ypbind $ypbind_flags
fi
if checkyesno yppasswdd; then
echo -n ' rpc.yppasswdd'; rpc.yppasswdd $yppasswdd_flags
fi
if checkyesno bootparamd; then
if [ -r /etc/bootparams ]; then
echo -n ' rpc.bootparamd'; rpc.bootparamd $bootparamd_flags
else
echo
logger -s "WARNING: /etc/bootparams not found. " \
"bootparamd not started."
fi
fi
echo '.'
# load kernel modules specified in /etc/lkm.conf
if checkyesno lkm; then
if [ -r /etc/rc.lkm ]; then
lkmstage=BEFOREMOUNT
. /etc/rc.lkm
else
logger -s "WARNING: /etc/rc.lkm not found; LKMs not loaded."
fi
fi
mount -a
# now start the rpc servers, for NFS server/client.
echo -n 'starting nfs daemons:'
nfs_locking=NO
if checkyesno nfs_server; then
if [ -r /etc/exports ]; then
rm -f /var/db/mountdtab
echo -n > /var/db/mountdtab
echo -n ' mountd'; mountd $mountd_flags
echo -n ' nfsd'; nfsd $nfsd_flags
nfs_locking=YES
else
echo
logger -s "WARNING: /etc/exports not readable; " \
"NFS server not started."
fi
fi
if checkyesno nfs_client; then
echo -n ' nfsiod'; nfsiod $nfsiod_flags
nfs_locking=YES
fi
if checkyesno nfs_locking; then
if checkyesno statd; then
echo -n ' rpc.statd'; rpc.statd $statd_flags
fi
if checkyesno lockd; then
echo -n ' rpc.lockd'; rpc.lockd $lockd_flags
fi
fi
if checkyesno amd; then
if [ -d "$amd_dir" ]; then
if [ -r "$amd_master" ]; then
echo -n ' amd'
amd $amd_flags -p -a $amd_dir \
`sed s/#.*$// <$amd_master` >/var/run/amd.pid
else
echo
logger -s "WARNING: \$amd_master ($amd_master)not " \
"readable; amd not started."
fi
else
echo
logger -s "WARNING: \$amd_dir ($amd_dir) not a directory; " \
"amd not started."
fi
fi
echo '.'
if [ -f /sbin/ldconfig ]; then
echo 'creating runtime link editor directory cache.'
ldconfig
fi
# load kernel modules specified in /etc/lkm.conf
if checkyesno lkm && [ -f /etc/rc.lkm ]; then
lkmstage=AFTERMOUNT
. /etc/rc.lkm
fi
# if $securelevel is set, change it here, else if it is 0, change
# it to 1 here, before we start login services.
if [ -z "$securelevel" ]; then
echo -n 'setting securelevel: '
sysctl -w kern.securelevel=$securelevel
else
securelevel=`sysctl kern.securelevel | awk { print $3 }`
if [ x"$securelevel" = x0 ]; then
echo -n 'setting securelevel: '
sysctl -w kern.securelevel=1
fi
fi
echo -n 'checking quotas:'; quotacheck -a; echo ' done.'
quotaon -a
# build ps databases
echo 'building databases...'
kvm_mkdb /netbsd
dev_mkdb
chmod 666 /dev/tty[pqrs]*
# check the password temp/lock file
if [ -f /etc/ptmp ]
then
logger -s -p auth.err \
'password file may be incorrect -- /etc/ptmp exists'
fi
# XXX replace me with a script that works!
virecovery=`echo /var/tmp/vi.recover/recover.*`
if [ "$virecovery" != "/var/tmp/vi.recover/recover.*" ]; then
echo preserving editor files
for i in $virecovery; do
sendmail -t < $i
done
fi
echo clearing /tmp
# Prune quickly with one rm, then use find to clean up /tmp/[lq]* (this
# is not needed with mfs /tmp, but doesn't hurt anything).
(cd /tmp && rm -rf [a-km-pr-zA-Z]* &&
find . ! -name . ! -name lost+found ! -name quota.user \
! -name quota.group -exec rm -rf -- {} \; -type d -prune)
# Update kernel info in /etc/motd
# Must be done *before* interactive logins are possible to prevent
# possible race conditions.
if checkyesno update_motd; then
echo 'updating motd.'
if [ ! -f /etc/motd ]; then
install -c -o root -g wheel -m 664 /dev/null /etc/motd
fi
T=/tmp/_motd
rm -f $T
sysctl -n kern.version | sed 1q > $T
echo "" >> $T
sed '1,/^$/d' < /etc/motd >> $T
cmp -s $T /etc/motd || cp $T /etc/motd
rm -f $T
fi
if [ -f /var/account/acct ]; then
echo 'turning on accounting'; accton /var/account/acct
fi
echo -n standard daemons:
if checkyesno update; then
echo -n ' update'; update $update_flags
fi
if checkyesno cron; then
echo -n ' cron'; cron
fi
echo '.'
# now start all the other daemons
echo -n starting network daemons:
if checkyesno gated && checkyesno routed; then
echo
logger -s "WARNING: gated and routed both requested to be run: " \
"running only gated."
routed=NO
fi
if checkyesno gated; then
if [ -r /etc/gated.conf ]; then
echo -n ' gated'; gated $gated_flags
else
logger -s "WARNING: no /etc/gated.conf; gated not started."
fi
fi
if checkyesno routed; then
echo -n ' routed'; routed $routed_flags
fi
if checkyesno mrouted; then
echo -n ' mrouted'; mrouted $mrouted_flags
fi
if checkyesno timed; then
echo -n ' timed'; timed $timed_flags
fi
if checkyesno xntpd; then
echo -n ' xntpd'; xntpd $xntpd_flags
fi
if checkyesno dhcpd; then
if [ -r /etc/dhcpd.conf ]; then
echo -n ' dhcpd'; dhcpd $dhcpd_flags
else
echo
logger -s "WARNING: /etc/dhcpd.conf not readable; " \
"dhcpd not started."
fi
fi
if checkyesno rwhod; then
echo -n ' rwhod'; rwhod
fi
if checkyesno lpd; then
echo -n ' lpd'; lpd $lpd_flags
fi
# We call sendmail with a full path so that SIGHUP works.
if checkyesno sendmail; then
if [ -r /etc/sendmail.cf ]; then
echo -n ' sendmail'; /usr/sbin/sendmail $sendmail_flags
else
echo
logger -s "WARNING: /etc/sendmail.cf not readable; " \
"sendmail not started."
fi
fi
# Start xfs before boot daemons, so its ready before client xterminals.
if checkyesno xfs; then
echo -n ' xfs'; xfs $xfs_flags &
sleep 2
fi
if checkyesno rarpd; then
if [ -r /etc/ethers ]; then
echo -n ' rarpd'; rarpd $rarpd_flags
else
echo
logger -s "WARNING: /etc/ethers not readable; " \
"rarpd not started."
fi
fi
if checkyesno rbootd; then
if [ -r /etc/rbootd.conf ]; then
echo -n ' rbootd'; rbootd $rbootd_flags
else
echo
logger -s "WARNING: /etc/rbootd.conf not readable; " \
"rbootd not started."
fi
fi
if checkyesno mopd; then
echo -n ' mopd'; mopd $mopd_flags
fi
if checkyesno apmd; then
echo -n ' apmd'; apmd $apmd_flags
fi
if checkyesno screenblank; then
echo -n ' screenblank'; screenblank $screenblank_flags
fi
if checkyesno inetd; then
if [ -r /etc/inetd.conf ]; then
echo -n ' inetd'; inetd $inetd_flags
else
echo
logger -s "WARNING: /etc/inetd.conf not readable; " \
"inetd not started."
fi
fi
if checkyesno usbd; then
echo -n ' usbd'; usbd $usbd_flags
fi
if checkyesno xdm; then
echo -n ' xdm'; xdm $xdm_flags
fi
echo '.'
# Kerberos runs ONLY on the Kerberos server machine
if checkyesno kerberos; then
echo -n 'starting kerberos daemons:'
echo -n ' kerberos'; kerberos >> /var/log/kerberos.log &
echo -n ' kadmind'; kadmind -n >> /var/log/kadmind.log &
echo '.'
fi
. /etc/rc.local
date
exit 0