1.\" Copyright (c) 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd August 18, 2023 29.Dt SYSCTL 8 30.Os 31.Sh NAME 32.Nm sysctl 33.Nd get or set kernel state 34.Sh SYNOPSIS 35.Nm 36.Op Fl bdeFhilNnoTtqWx 37.Op Fl B Ar bufsize 38.Op Fl f Ar filename 39.Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value 40.Ar ... 41.Nm 42.Op Fl bdeFhlNnoTtqWx 43.Op Fl B Ar bufsize 44.Fl a 45.Sh DESCRIPTION 46The 47.Nm 48utility retrieves kernel state and allows processes with appropriate 49privilege to set kernel state. 50The state to be retrieved or set is described using a 51.Dq Management Information Base 52.Pq Dq MIB 53style name, described as a dotted set of 54components. 55.Pp 56The following options are available: 57.Bl -tag -width indent 58.It Fl A 59Equivalent to 60.Fl o a 61(for compatibility). 62.It Fl a 63List all the currently available values except for those which are 64opaque or excluded from listing via the 65.Dv CTLFLAG_SKIP 66flag. 67This option is ignored if one or more variable names are specified on 68the command line. 69.It Fl b 70Force the value of the variable(s) to be output in raw, binary format. 71No names are printed and no terminating newlines are output. 72This is mostly useful with a single variable. 73.It Fl B Ar bufsize 74Set the buffer size to read from the 75.Nm 76to 77.Ar bufsize . 78This is necessary for a 79.Nm 80that has variable length, and the probe value of 0 is a valid length, such as 81.Va kern.arandom . 82.It Fl d 83Print the description of the variable instead of its value. 84.It Fl e 85Separate the name and the value of the variable(s) with 86.Ql = . 87This is useful for producing output which can be fed back to the 88.Nm 89utility. 90This option is ignored if either 91.Fl N 92or 93.Fl n 94is specified, or a variable is being set. 95.It Fl f Ar filename 96Specify a file which contains a pair of name and value in each line. 97.Nm 98reads and processes the specified file first and then processes the name 99and value pairs in the command line argument. 100.It Fl F 101Print the format of the variable. 102This is additional information to describe the type of the variable and 103most useful with struct types such as clockinfo, timeval, and loadavg. 104.It Fl h 105Format output for human, rather than machine, readability. 106.It Fl i 107Ignore unknown OIDs. 108The purpose is to make use of 109.Nm 110for collecting data from a variety of machines (not all of which 111are necessarily running exactly the same software) easier. 112.It Fl l 113Show the length of variables along with their values. 114This option cannot be combined with the 115.Fl N 116option. 117.It Fl N 118Show only variable names, not their values. 119This is particularly useful with shells that offer programmable 120completion. 121To enable completion of variable names in 122.Xr zsh 1 Pq Pa ports/shells/zsh , 123use the following code: 124.Bd -literal -offset indent 125listsysctls () { set -A reply $(sysctl -AN ${1%.*}) } 126compctl -K listsysctls sysctl 127.Ed 128.Pp 129To enable completion of variable names in 130.Xr tcsh 1 , 131use: 132.Pp 133.Dl "complete sysctl 'n/*/`sysctl -Na`/'" 134.It Fl n 135Do not show variable names. 136This option is useful for setting shell variables. 137For instance, to save the pagesize in variable 138.Va psize , 139use: 140.Pp 141.Dl "set psize=`sysctl -n hw.pagesize`" 142.It Fl o 143Show opaque variables (which are normally suppressed). 144The format and length are printed, as well as a hex dump of the first 145sixteen bytes of the value. 146.It Fl q 147Suppress some warnings generated by 148.Nm 149to standard error. 150.It Fl T 151Display only variables that are settable via loader (CTLFLAG_TUN). 152.It Fl t 153Print the type of the variable. 154.It Fl W 155Display only writable variables that are not statistical. 156Useful for determining the set of runtime tunable sysctls. 157.It Fl X 158Equivalent to 159.Fl x a 160(for compatibility). 161.It Fl x 162As 163.Fl o , 164but prints a hex dump of the entire value instead of just the first 165few bytes. 166.El 167.Pp 168The information available from 169.Nm 170consists of integers, strings, and opaque types. 171The 172.Nm 173utility 174only knows about a couple of opaque types, and will resort to hexdumps 175for the rest. 176The opaque information is much more useful if retrieved by special 177purpose programs such as 178.Xr ps 1 , 179.Xr systat 1 , 180and 181.Xr netstat 1 . 182.Pp 183Some of the variables which cannot be modified during normal system 184operation can be initialized via 185.Xr loader 8 186tunables. 187This can for example be done by setting them in 188.Xr loader.conf 5 . 189Please refer to 190.Xr loader.conf 5 191for more information on which tunables are available and how to set them. 192.Pp 193The string and integer information is summarized below. 194For a detailed description of these variables see 195.Xr sysctl 3 196and 197.Xr security 7 . 198.Pp 199The changeable column indicates whether a process with appropriate 200privilege can change the value. 201String and integer values can be set using 202.Nm . 203.Bl -column security.bsd.unprivileged_read_msgbuf integerxxx 204.It Sy "Name Type Changeable" 205.It "kern.ostype string no" 206.It "kern.osrelease string no" 207.It "kern.osrevision integer no" 208.It "kern.version string no" 209.It "kern.maxvnodes integer yes" 210.It "kern.maxproc integer no" 211.It "kern.maxprocperuid integer yes" 212.It "kern.maxfiles integer yes" 213.It "kern.maxfilesperproc integer yes" 214.It "kern.argmax integer no" 215.It "kern.securelevel integer raise only" 216.It "kern.hostname string yes" 217.It "kern.hostid integer yes" 218.It "kern.clockrate struct no" 219.It "kern.posix1version integer no" 220.It "kern.ngroups integer no" 221.It "kern.job_control integer no" 222.It "kern.saved_ids integer no" 223.It "kern.boottime struct no" 224.It "kern.domainname string yes" 225.It "kern.filedelay integer yes" 226.It "kern.dirdelay integer yes" 227.It "kern.metadelay integer yes" 228.It "kern.osreldate integer no" 229.It "kern.bootfile string yes" 230.It "kern.corefile string yes" 231.It "kern.logsigexit integer yes" 232.It "security.bsd.suser_enabled integer yes" 233.It "security.bsd.see_other_uids integer yes" 234.It "security.bsd.see_other_gids integer yes" 235.It "security.bsd.see_jail_proc integer yes" 236.It "security.bsd.unprivileged_proc_debug integer yes" 237.It "security.bsd.unprivileged_read_msgbuf integer yes" 238.It "vm.loadavg struct no" 239.It "hw.machine string no" 240.It "hw.model string no" 241.It "hw.ncpu integer no" 242.It "hw.byteorder integer no" 243.It "hw.physmem integer no" 244.It "hw.usermem integer no" 245.It "hw.pagesize integer no" 246.It "hw.floatingpoint integer no" 247.It "hw.machine_arch string no" 248.It "hw.realmem integer no" 249.It "machdep.adjkerntz integer yes" 250.It "machdep.disable_rtc_set integer yes" 251.It "machdep.guessed_bootdev string no" 252.It "user.cs_path string no" 253.It "user.bc_base_max integer no" 254.It "user.bc_dim_max integer no" 255.It "user.bc_scale_max integer no" 256.It "user.bc_string_max integer no" 257.It "user.coll_weights_max integer no" 258.It "user.expr_nest_max integer no" 259.It "user.line_max integer no" 260.It "user.re_dup_max integer no" 261.It "user.posix2_version integer no" 262.It "user.posix2_c_bind integer no" 263.It "user.posix2_c_dev integer no" 264.It "user.posix2_char_term integer no" 265.It "user.posix2_fort_dev integer no" 266.It "user.posix2_fort_run integer no" 267.It "user.posix2_localedef integer no" 268.It "user.posix2_sw_dev integer no" 269.It "user.posix2_upe integer no" 270.It "user.stream_max integer no" 271.It "user.tzname_max integer no" 272.It "user.localbase string no" 273.El 274.Sh FILES 275.Bl -tag -width ".In netinet/icmp_var.h" -compact 276.It In sys/sysctl.h 277definitions for top level identifiers, second level kernel and hardware 278identifiers, and user level identifiers 279.It In sys/socket.h 280definitions for second level network identifiers 281.It In sys/gmon.h 282definitions for third level profiling identifiers 283.It In vm/vm_param.h 284definitions for second level virtual memory identifiers 285.It In netinet/in.h 286definitions for third level Internet identifiers and 287fourth level IP identifiers 288.It In netinet/icmp_var.h 289definitions for fourth level ICMP identifiers 290.It In netinet/udp_var.h 291definitions for fourth level UDP identifiers 292.El 293.Sh EXIT STATUS 294.Ex -std 295.Sh EXAMPLES 296For example, to retrieve the maximum number of processes allowed 297in the system, one would use the following request: 298.Pp 299.Dl "sysctl kern.maxproc" 300.Pp 301To set the maximum number of processes allowed 302per uid to 1000, one would use the following request: 303.Pp 304.Dl "sysctl kern.maxprocperuid=1000" 305.Pp 306Information about the system clock rate may be obtained with: 307.Pp 308.Dl "sysctl kern.clockrate" 309.Pp 310Information about the load average history may be obtained with: 311.Pp 312.Dl "sysctl vm.loadavg" 313.Pp 314More variables than these exist, and the best and likely only place 315to search for their deeper meaning is undoubtedly the source where 316they are defined. 317.Sh COMPATIBILITY 318The 319.Fl w 320option has been deprecated and is silently ignored. 321.Sh SEE ALSO 322.Xr sysctl 3 , 323.Xr loader.conf 5 , 324.Xr sysctl.conf 5 , 325.Xr security 7 , 326.Xr loader 8 327.Sh HISTORY 328A 329.Nm 330utility first appeared in 331.Bx 4.4 . 332.Pp 333In 334.Fx 2.2 , 335.Nm 336was significantly remodeled. 337.Sh BUGS 338The 339.Nm 340utility presently exploits an undocumented interface to the kernel 341.Xr sysctl 9 342facility to traverse the sysctl tree and to retrieve format 343and name information. 344This correct interface is being thought about for the time being. 345