Editing etcrc Scripts


Editing /etc/rc Scripts

Well, now that you know how the files fit together, what are you supposed to do with them? While OpenBSD's integrated software is started by /etc/rc, add-on software needs to be started separately. The ports and packages system tells you how to create these script commands and where to put them. If you install your own software, however, you need to create a script that handles its startup and shutdown process. Plus, to change an existing add-on package's startup process, you must understand how the script works.

Port-Based Software Startup

A port (or package) is a piece of add-on software that has been configured for OpenBSD. We discuss ports and packages at great length in Chapter 13. If your port needs to have a startup sequence added to an /etc/rc script to work, the installation process will tell you exactly what to add to which /etc/rc file. It should tell you to add some lines of shell script to either /etc/rc.local or /etc/rc. securelevel. For example, if you install the SNMP port, ucd-snmp, you'll see the following message at the end of the install process:

 ... | To have snmpd start at boot time, you must have an entry similiar to the | following in /etc/rc.local. | |        1 if [ -x /usr/local/sbin/snmpd ]; then |                  2 /usr/local/sbin/snmpd 3 -c /etc/snmpd.conf && 4 echo -n ' snmpd' |       5 fi | | This will start snmpd and use /etc/snmpd.conf for the configuration. | (see snmpd(1) and snmpd.conf(5) for more options) 

You can literally just copy the text you're given and add it to /etc/rc.local, and it will work. But understanding what you're looking at here, and why it works, will make you a better sysadmin. If you want to start your program in a slightly different manner, you'll have to edit this.

The first line 1 checks for the existence of the /usr/local/bin/snmpd file. If that file exists, the script executes the next lines, up until the 5 fi (or "finish") entry. If there is no such program, then the rest of this little script is skipped entirely. The next line has the real meat of the script. The startup system will run 2 /usr/local/bin/snmpd, with the arguments 3 -c /etc/snmpd.conf, and it will print to the console 4 "snmpd" so you'll know it started.

It would be simple enough to have a port automatically add its startup information to /etc/rc.local or /etc/rc.securelevel and save you a step. This could potentially be a security hole, however! For example, I frequently install the net-snmp package just to get the cool SNMP client tools it includes. I don't want the SNMP server daemon to be running. More than once, on other UNIX-like operating systems, I've installed this package and completely forgotten about its daemon portion. My system is running a daemon I don't want it to be running, until I either remember or notice and manually shut it off. OpenBSD absolutely requires you to enable every daemon that runs on the system, even once you've installed the binaries for it.

Uninstalls

When you uninstall this piece of software, remove the corresponding startup entry from the /etc/rc script. The script will not cause even minor problems by being there, but it is rather sloppy to not clean up after yourself.

Custom Software Startup

Suppose you install a piece of software by hand, not using a port or package, and need to have it start automatically? That's simple enough to deal with. Just write a bit of shell code much like the entry a port gives. Your startup command doesn't have to bother checking to see if the piece of software is installed, mind you. You could just add the line to start the program to /etc/rc.local.

 /usr/local/sbin/snmpd -c /etc/snmpd.conf 

It's not that much harder to add a notification that the program started to your console messages.

 /usr/local/sbin/snmpd -c /etc/snmpd.conf && echo -n ' snmpd' 

If you stop here, your program will run just fine.

Uninstalls

When you uninstall the program, be sure to remove the matching /etc/rc.local entry.

If you uninstall the program without removing the /etc/rc.local entry, you'll start to see errors on boot complaining that "/usr/local/sbin/snmpd" does not exist. In my opinion, this is actually desirable behavior — all that the fancy check to see if a program exists really does is silence warnings when the program is gone, but the /etc/rc.local entry remains. I'm not sure how anyone could actually exploit such a script check without already having fairly deep access to the system, but it's sloppy in any event. And sloppiness is the biggest cause of system break-ins.




Absolute Openbsd(c) Unix for the Practical Paranoid
Absolute OpenBSD: Unix for the Practical Paranoid
ISBN: 1886411999
EAN: 2147483647
Year: 2005
Pages: 298

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net