Bug #10980


rc.local is executed at login by rc.initial, and not at boot time.

Added by alzee bum over 2 years ago. Updated over 2 years ago.

Operating System
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


See for context.

/etc/skel/.profile is copied to .profile in all users home directories when they are created, including admin/root. This file contains a (incorrect? The test fails when you log in via SSH) test for interactive mode that executes /etc/rc.initial if the test returns false. In effect the goal seems to be to execute /etc/rc.initial whenever any user logs in non-interactively.

If this were working as intended the /etc/rc.initial script for every user who logs in, every time they log in, if that login was non-interactive. This seems like a mistake on it's face. However the script is not working as intended, and it is executed every time a user logs in, even interactively. This is easy to demonstrate by creating a simple /etc/rc.local script that echoes something to the console. The echoed message will be displayed every time you log in interactively.

The bigger issue is that /etc/rc.local should only be executed once, at boot. It should not be executed every time a user logs in, and it should not rely on a user to log in in order to be executed. This is a long-standing BSD init script that exists to facilitate simple startup routines that don't merit an entire rc.d style startup script in e.g. /usr/local/etc/rc.d/. I don't believe that pfSense ever uses /etc/rc.local for anything itself, and this bugs makes it difficult to use for admins as well.

Actions #1

Updated by Jim Pingle over 2 years ago

  • Subject changed from rc.initial, and thus rc.local, is executed every time someone logs on to the console instead of just once at boot to rc.local is executed at login by rc.initial, and not at boot time.
  • Category set to Operating System

Only the rc.local parts are relevant here.

Non-root/admin users don't need the menu since most of its options wouldn't work anyhow.

The rc.local* parts can be moved out of rc.initial into /etc/pfSense-rc


Also available in: Atom PDF