Disable kernel_secure_level unless explicitly set in rc.conf. Previously,

[FreeBSD/FreeBSD.git] / etc / rc

#!/bin/sh
#       $Id: rc,v 1.153 1998/09/07 17:18:36 cracauer Exp $
#       From: @(#)rc    5.27 (Berkeley) 6/5/91

# System startup script run by init on autoboot
# or after single-user.
# Output and error are redirected to console by init,
# and the console is the controlling terminal.

# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check this file
# first before contemplating any changes here.

stty status '^T'

# Set shell to ignore SIGINT (2), but not children;
# shell catches SIGQUIT (3) and returns to single user after fsck.
trap : 2
trap : 3        # shouldn't be needed

HOME=/; export HOME
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
export PATH

# Configure ccd devices.
if [ -f /etc/ccd.conf ]; then
        ccdconfig -C
fi

swapon -a

if [ $1x = autobootx ]; then
        echo Automatic reboot in progress...
        fsck -p
        case $? in
        0)
                ;;
        2)
                exit 1
                ;;
        4)
                reboot
                echo "reboot failed... help!"
                exit 1
                ;;
        8)
                echo "Automatic file system check failed... help!"
                exit 1
                ;;
        12)
                echo "Reboot interrupted"
                exit 1
                ;;
        130)
                # interrupt before catcher installed
                exit 1
                ;;
        *)
                echo "Unknown error in reboot"
                exit 1
                ;;
        esac
else
        echo Skipping disk checks ...
fi

trap "echo 'Reboot interrupted'; exit 1" 3

# root must be read/write both for NFS diskless and for VFS LKMs before
# proceeding any further.
mount -u -o rw /
if [ $? != 0 ]; then
        echo "Filesystem mount failed, startup aborted"
        exit 1
fi

umount -a >/dev/null 2>&1

mount -a -t nonfs
if [ $? != 0 ]; then
        echo "Filesystem mount failed, startup aborted"
        exit 1
fi

# If there is a global system configuration file, suck it in.
if [ -f /etc/rc.conf ]; then
    . /etc/rc.conf
fi

# If old file exists, whine until they fix it.
if [ -f /etc/sysconfig ]; then
        echo "Warning: /etc/sysconfig has been replaced by /etc/rc.conf."
        echo "You should switch to /etc/rc.conf ASAP to eliminate this warning."
fi

adjkerntz -i

clean_var() {
  if [ ! -f /var/run/clean_var ]; then
    rm -rf /var/run/*
    rm -f /var/spool/lock/*
    rm -rf /var/spool/uucp/.Temp/*
    # Keep a copy of the boot messages around
    dmesg >/var/run/dmesg.boot
    # And an initial utmp file
    (cd /var/run && cp /dev/null utmp && chmod 644 utmp; )
    touch /var/run/clean_var
  fi
}

if [ -d /var/run -a -d /var/spool/lock -a -d /var/spool/uucp/.Temp ]; then
  # network_pass1() *may* end up writing stuff to /var - we don't want to
  # remove it immediately afterwards - *nor* to we want to fail to clean
  # an nfs-mounted /var.
  clean_var
fi

# Add additional swapfile, if configured.
if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then
        echo "Adding $swapfile as additional swap."
        vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b
fi

# configure serial devices
if [ -f /etc/rc.serial ]; then
        . /etc/rc.serial
fi

# start up PC-card configuration
if [ -f /etc/rc.pccard ]; then
        . /etc/rc.pccard
fi

# start up the initial network configuration.
if [ -f /etc/rc.network ]; then
        . /etc/rc.network       # We only need to do this once.
        network_pass1
fi

echo -n "Mounting NFS file systems"
mount -a -t nfs
echo .

# Whack the pty perms back into shape.
chmod 666 /dev/tty[pqrsPQRS]*

# clean up left-over files
rm -f /etc/nologin

clean_var                       # If it hasn't already been done
rm /var/run/clean_var

#
# Clearing /tmp at boot-time seems to have a long tradition.  It doesn't
# help in any way for long-living systems, and it might accidentally
# clobber files you would rather like to have preserved after a crash
# (if not using mfs /tmp anyway).
#
# See also the example of another cleanup policy in /etc/periodic/daily.
#
if [ "X${clear_tmp_enable}" = X"YES" ]; then
        echo clearing /tmp

        # prune quickly with one rm, then use find to clean up /tmp/[lq]*
        # (not needed with mfs /tmp, but doesn't hurt there...)
        (cd /tmp && rm -rf [a-km-pr-zA-Z]* &&
            find -d . ! -name . ! -name lost+found ! -name quotas -exec rm -rf -- {} \;)

fi

# Remove X lock files, since they will prevent you from restarting X11 
# after a system crash.
rm -f /tmp/.X*-lock /tmp/.X11-unix/*

# snapshot any kernel -c changes back to disk
echo 'recording kernel -c changes'
dset -q

echo -n 'additional daemons:'
# start system logging and name service (named needs to start before syslogd
# if you don't have a /etc/resolv.conf)
#
if [ "X${syslogd_enable}" = X"YES" ]; then
        # Transitional symlink (for the next couple of years :) until all
        # binaries had a chance to move towards /var/run/log.
        if [ ! -h /dev/log ] ; then
                # might complain for r/o root f/s
                ln -sf /var/run/log /dev/log
        fi

        rm -f /var/run/log
        echo -n ' syslogd';             syslogd ${syslogd_flags}
fi

if [ "X${tickadj_enable}" = X"YES" ]; then
        echo -n ' tickadj';     tickadj ${tickadj_flags--Aq}
fi
echo '.'

# enable dumpdev so that savecore can see it
# /var/crash should be a directory or a symbolic link
# to the crash directory if core dumps are to be saved.
if [ "X${dumpdev}" != X"NO" -a -e ${dumpdev} -a -d /var/crash ]; then
        dumpon ${dumpdev}
        echo -n checking for core dump...
        savecore /var/crash
fi

if [ -n "$network_pass1_done" ]; then
    network_pass2
fi

# Check the quotas (must be after ypbind if using NIS)
if [ "X${check_quotas}" = X"YES" ]; then
        echo -n 'checking quotas:'
        quotacheck -a
        echo ' done.'
        quotaon -a
fi

if [ -n "$network_pass2_done" ]; then
    network_pass3
fi


# build ps databases
kvm_mkdb 
dev_mkdb

# check the password temp/lock file
if [ -f /etc/ptmp ]
then
        logger -s -p auth.err \
        "password file may be incorrect -- /etc/ptmp exists"
fi

if [ "X${accounting_enable}" = X"YES" -a -d /var/account ]; then
        echo 'turning on accounting'
        if [ ! -e /var/account/acct ]; then
                touch /var/account/acct
        fi
        accton /var/account/acct
fi

# Make shared lib searching a little faster.  Leave /usr/lib first if you
# add your own entries or you may come to grief.
if [ -x /sbin/ldconfig ]; then
        _LDC=/usr/lib/aout
        for i in $ldconfig_paths; do
                if test -d $i; then
                        _LDC="${_LDC} $i"
                fi
        done
        echo 'setting a.out ldconfig path:' ${_LDC}
        ldconfig -aout ${_LDC}
fi

# Now start up miscellaneous daemons that don't belong anywhere else
#
echo -n starting standard daemons:
if [ "X${inetd_enable}" != X"NO" ]; then
        echo -n ' inetd';       inetd ${inetd_flags}
fi

if [ "X${cron_enable}" != X"NO" ]; then
        echo -n ' cron';        cron
fi

if [ "X${lpd_enable}" = X"YES" ]; then
        echo -n ' printer';             lpd ${lpd_flags}
fi

if [ "X${sendmail_enable}" = X"YES" -a -r /etc/sendmail.cf ]; then
        echo -n ' sendmail';    /usr/sbin/sendmail ${sendmail_flags}
fi

echo '.'

# configure implementation specific stuff
arch=`uname -m`
if [ -f /etc/rc.${arch} ]; then
        . /etc/rc.${arch}
fi

# Recover vi editor files.
vibackup=`echo /var/tmp/vi.recover/vi.*`
if [ "$vibackup" != '/var/tmp/vi.recover/vi.*' ]; then
        echo 'Recovering vi editor sessions'
        for i in $vibackup; do
                # Only test files that are readable.
                if test ! -r $i; then
                        continue
                fi

                # Unmodified nvi editor backup files either have the
                # execute bit set or are zero length.  Delete them.
                if test -x $i -o ! -s $i; then
                        rm -f $i
                fi
        done

        # It is possible to get incomplete recovery files, if the editor
        # crashes at the right time.
        virecovery=`echo /var/tmp/vi.recover/recover.*`
        if [ "$virecovery" != "/var/tmp/vi.recover/recover.*" ]; then
                for i in $virecovery; do
                        # Only test files that are readable.
                        if test ! -r $i; then
                                continue
                        fi

                        # Delete any recovery files that are zero length,
                        # corrupted, or that have no corresponding backup file.
                        # Else send mail to the user.
                        recfile=`awk '/^X-vi-recover-path:/{print $2}' < $i`
                        if test -n "$recfile" -a -s "$recfile"; then
                                sendmail -t < $i
                        else
                                rm -f $i
                        fi
                done
        fi
fi

# make a bounds file for msgs(1) if there isn't one already
if [ ! -f /var/msgs/bounds ]; then
        echo 0 > /var/msgs/bounds
fi

# for each valid dir in $local_startup, search for init scripts matching *.sh
if [ "X${local_startup}" != X"NO" ]; then
        echo -n 'Local package initialization:'
        for dir in ${local_startup}; do
                [ -d ${dir} ] && for script in ${dir}/*.sh; do
                        [ -x ${script} ] && ${script} start
                done
        done
        echo .
fi

# Do traditional (but rather obsolete) rc.local file if it exists.
[ -f /etc/rc.local ] && sh /etc/rc.local

# Raise kernel security level.  This should be done only after `fsck' has
# repaired local file systems if you want the securelevel to be greater than 1.
if [ "X${kern_securelevel_enable}" = X"YES" -a "${kern_securelevel}" -ge 0 ]; 
then
        echo 'Raising kernel security level'
        sysctl -w kern.securelevel=${kern_securelevel}
fi

date
exit 0