Ian Darwin: OpenBSD: Administration Functionality

And hey, this is about OpenBSD, and has only some similarities with Apple's Darwin, which is the bottom half of Mac OS X. So if you're looking for Apple's Darwin System and a web search engine got you here, tough luck, because Apple chose my last name for their OS many years after I had been contributing to the Internet. Go complain to Steve Jobs.

Warning: the OpenBSD man pages are very good! This warning is for those from other UNIX-like systems where man pages are a bottom priority. The OpenBSD developers' passion for completeness and accuracy shows in many facets of the system, including the man pages.

New administrators are particularly admonished to read the man page afterboot early on in your days as an OpenBSD administrator.

Also, remember to peruse the Frequently Asked Questions, since new administrators almost all ask the same questions.

Please use the mailing lists as a last resort, after consulting the man pages (perhaps aided and abetted by the table below), and RTFM (Read The FAQ, man).

This web page is copyright (c) 2000 by Ian F. Darwin. It may be printed or referred to for use in learning or using OpenBSD. It may not be copied for use with operating systems other than OpenBSD.

The following table is being reorganized to have separate columns for programs and config files; for now, take with grain of salt.
ServiceProgramEnable/Disable inConfig FileReloadNotes
Add useradduser(8)-/etc/adduser.conf-Interactive; useradd batch
Admin privs, getsee sudo
AFS (Andrew File System)-rc.confafs=YES/etc/afs?-
AMD (Auto Mount Daemon)amd(8)rc.confamd=YES
Apachesee httpd
APM (APM daemon,
for notebooks and ATX PCs)
backupsdump(8), restore(8)---See also in ports/sysutils/*
biff servicecomsat(8)inetd.conf-HUP inetd
BINDsee named
bootpsbootps(8)inetd.conf?HUP inetd
Build a kernelconfig(8)--rebootHardly ever necessary!
CCD (Concat. Disk)-rc.conf/etc/ccd.conf
chargeninetd internalinetd.conf-HUP inetd
console loginsee tty login---Switch with CTRL/ALT/F[1-8]
CUPScupsd--- print/cups
daytime serviceinetd internalinetd.conf-HUP inetd
DHCP serverdhcpd(8)rc.confdhcpd.conf + dhcpd.interfaceHUP dhcpd
DHCP, clientdhclient(8)-/etc/dhclient.conf
discard serviceinetd internalinetd.conf-HUP inetd
DNSsee named
dns resolver-/etc/resolv.conf/etc/resolv.conf
domain, settingdomainname-/etc/defaultdomain
echo serverinetd internalinetd.conf-HUP inetd
Eclipse IDE----ports devel/eclipse
finger serverfingerd(8)inetd.conf-HUP inetd
FireFox----ports www/mozilla-firefox
firewallsee ip filtering
ftp, anonymoussee ftpd(8)
GNOME-.xinit/.xsession-loginports x11/gnome/*
hostname, settinghostname(8)/etc/myname-hostname command
httpdhttpd(8)rc.conf/var/www/conf/apachectl restartApache 1.3.12
identdidentd(8)rc.conf or inetd.conf
IDS (Intrusion Detection)----See ports/net/{snort,nfr, ...}
inetdinetd(8)rc.confinetd.confHUP inetd
IP addressifconfig/etc/hostname.xxyifconfigMin. format: inet 192.168.n.n
IP aliasesifconfig/etc/ifaliasesifconfig alias
IP masqueradingSee NAT
ipfilterReplaced by pf
IPMON logging-rc.conf
ipnatsee NAT
IPV6-rc.confvarious, and kernel config
isakmp key exchangeisakmpdrc.conf?
JavaJDK---jdk1.6 (or later) package, or build from ports devel/jdk*
kauthkauthdinetd.conf-HUP inetd
KDEKDE.xinit/.xsession/usr/ports/x11/kde/*loginkde3* packages
kerberos serverkerbd?rc.conf?HUP inetdSee 'info kth-krb'
kernel configurationconfig(8)--config;make;rebootconfig(8)
kloginklogininetd.conf-HUP inetd
ksh (Korn shell)/bin/kshpdksh in base --/usr/ports/shells
kshell(Kerberos rsh)kshelld-inetd.confHUP inetd
kx (Kerberos X11)kxdinetd.conf-HUP inetd
LDAPldapd---OpenLDAP package
Linux binaries----See compat_linux(8)
lpdlpdrc.confprintcaplpcSee also ports/printing/*
mail transport, map names to commands--/etc/mailer.conf
man, sections, orderingman(1)-/etc/man.conf
mopd (DEC boot)mopd(8)rc.conf?
Multicast routingmrouted(8)rc.conf-- See also netstart
namednamed(8)rc.conf/var/named/namedb/*HUP named
NATpfctl(8)rc.confnat.confre-run itNeed sysctl.conf
network addresssee IP address
network address translationsee NAT
network time protocolsee ntpd(8)
NFS client-rc.conf fstabre-mountalso yp_init
NFS lockdlockd(8)rc.conf
nfs servermountd(8)rc.conf/etc/exportsHUP mountdalso yp_init
nsswitch.conf-/etc/resolv.conf-Only "lookup"; see resolv.conf(5)
ntalkntalkd(8)inetd.conf-HUP inetd
NTPsee xntpd
ntpdntpdrc.conf/etc/ntp.confHUP xntpd
Oakley key exchangesee iskamp
OpenVPN----ports security/openvpn
packagespkg_*---pkg_add, pkg_delete, pkg_info etc (like RPM/apt-get)
passwd commandpasswd(1)-/etc/passwd.conf-Multiple encryption algorithms
passwd file editvipw(8)---Edits master.passwd (extra fields, see master.passwd(5))
perlperl(1)---Included with base system
pfpfctl(8)rc.confpf.rulesrun itKernel option and sysctl.conf
pf per-userauthpf(8)login?loginNew in 3.1
PHP----ports/packages www/PHP*
printingsee lpd, cups
python- /usr/ports/lang/pythonAdd from ports/packages
quotas-rc.conf-edquota each f/sys
quote of the day service-inetd.conf-HUP inetd
RAIDvarious---Many controllers supported, also RAIDFrame; see man -k raid
rexec-inetd.confHUP inetd
rlogin-inetd.confHUP inetd
route, defaultroute(8)-/etc/mygateroute add default-
RPCportmap(8)rc.conf /etc/rpcrestart portmapneeded for NFS, NIS, rusers, ...
rquotadinetd.confedquota in each filesystemHUP inetd
rshrshd(8)inetd.conf-HUP inetd
rstatdrstatd(8)inetd.conf-HUP inetd
rusersdrpc.rusersdinetd.conf-HUP inetd
rwho servicerwhodrc.conf-HUP inetd
sendmailsendmail(8)rc.conf/etc/mail/sendmail.cfHUP sendmail
shadow passwdspwd.db---Maintained by passwd, vipw
shared libs, adding directoryrc.confshlib_dirs=
smtpfwddsmtpfwdd(8)rc.conf--And smtpd in inetd.conf
spraydsprayd(8)inetd.conf--HUP inetd
SSH servicesshd(8)rc.conf
sudo (become root)sudo(8)-/etc/sudoerssudo or su
syslog, message filing/etc/syslog.conf
syslog, rotation/etc/newsyslog.conf
system options-Kernel config, and /etc/sysctl.conf
Talk servicesee ntalkd
TCP options--/etc/sysctl.confsysctl -w
telnetdinetd.confHUP inetd
tftp servertftpd(8)inetd.confHUP inetd
Thunderbird----ports/packages mail/thunderbird
time server, newSee xntpd
time server, oldSee timed
tty login/usr/libexec/getty-/etc/ttys-Set "insecure" to refuse root login, use sudo
user-see also passwd file
uucpdinetd.confHUP inetd
Video, V4L2See web cam
VPNSee isakmpd, OpenVPN
walld/usr/libexec/rpc.rwalldinetd.conf-HUP inetdportmap=yes in rc.conf
web camuvideo(4)--Supports UVC webcams only
web serversee httpd
XDMrc.conf---maybe disable getty in ttys
YP system/usr/sbin/ypinit--To disable, rm -r /var/yp/binding