1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $FreeBSD$ 37.\" 38.Dd April 18, 1994 39.Dt INIT 8 40.Os 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm 46.Nm 47.Oo 48.Cm 0 | 1 | 6 | 49.Cm c | q 50.Oc 51.Sh DESCRIPTION 52The 53.Nm 54utility 55is the last stage of the boot process. 56It normally runs the automatic reboot sequence as described in 57.Xr rc 8 , 58and if this succeeds, begins multi-user operation. 59If the reboot scripts fail, 60.Nm 61commences single-user operation by giving 62the super-user a shell on the console. 63The 64.Nm 65utility may be passed parameters 66from the boot program to 67prevent the system from going multi-user and to instead execute 68a single-user shell without starting the normal daemons. 69The system is then quiescent for maintenance work and may 70later be made to go to multi-user by exiting the 71single-user shell (with ^D). 72This 73causes 74.Nm 75to run the 76.Pa /etc/rc 77start up command file in fastboot mode (skipping disk checks). 78.Pp 79If the 80.Em console 81entry in the 82.Xr ttys 5 83file is marked 84.Dq insecure , 85then 86.Nm 87will require that the super-user password be 88entered before the system will start a single-user shell. 89The password check is skipped if the 90.Em console 91is marked as 92.Dq secure . 93.Pp 94The kernel runs with five different levels of security. 95Any super-user process can raise the security level, but no process 96can lower it. 97The security levels are: 98.Bl -tag -width flag 99.It Ic -1 100Permanently insecure mode \- always run the system in level 0 mode. 101This is the default initial value. 102.It Ic 0 103Insecure mode \- immutable and append-only flags may be turned off. 104All devices may be read or written subject to their permissions. 105.It Ic 1 106Secure mode \- the system immutable and system append-only flags may not 107be turned off; 108disks for mounted file systems, 109.Pa /dev/mem , 110.Pa /dev/kmem 111and 112.Pa /dev/io 113(if your platform has it) may not be opened for writing; 114kernel modules (see 115.Xr kld 4 ) 116may not be loaded or unloaded. 117.It Ic 2 118Highly secure mode \- same as secure mode, plus disks may not be 119opened for writing (except by 120.Xr mount 2 ) 121whether mounted or not. 122This level precludes tampering with file systems by unmounting them, 123but also inhibits running 124.Xr newfs 8 125while the system is multi-user. 126.Pp 127In addition, kernel time changes are restricted to less than or equal to one 128second. Attempts to change the time by more than this will log the message 129.Dq Time adjustment clamped to +1 second . 130.It Ic 3 131Network secure mode \- same as highly secure mode, plus 132IP packet filter rules (see 133.Xr ipfw 8 134and 135.Xr ipfirewall 4 ) 136cannot be changed and 137.Xr dummynet 4 138configuration cannot be adjusted. 139.El 140.Pp 141If the security level is initially nonzero, then 142.Nm 143leaves it unchanged. 144Otherwise, 145.Nm 146raises the level to 1 before going multi-user for the first time. 147Since the level cannot be reduced, it will be at least 1 for 148subsequent operation, even on return to single-user. 149If a level higher than 1 is desired while running multi-user, 150it can be set before going multi-user, e.g., by the startup script 151.Xr rc 8 , 152using 153.Xr sysctl 8 154to set the 155.Va kern.securelevel 156variable to the required security level. 157.Pp 158If 159.Nm 160is run in a jail the security level of the 161.Dq host system 162will not be effected. 163Part of the information set up in the kernel to support a jail 164is a per-jail 165.Dq securelevel 166setting. 167This allows running a higher security level inside of a jail 168than that of the host system. 169See 170.Xr jail 8 171for more information about jails. 172.Pp 173In multi-user operation, 174.Nm 175maintains 176processes for the terminal ports found in the file 177.Xr ttys 5 . 178The 179.Nm 180utility reads this file and executes the command found in the second field, 181unless the first field refers to a device in 182.Pa /dev 183which is not configured. 184The first field is supplied as the final argument to the command. 185This command is usually 186.Xr getty 8 ; 187.Nm getty 188opens and initializes the tty line 189and 190executes the 191.Xr login 1 192program. 193The 194.Nm login 195program, when a valid user logs in, 196executes a shell for that user. When this shell 197dies, either because the user logged out 198or an abnormal termination occurred (a signal), 199the 200.Nm 201utility wakes up, deletes the user 202from the 203.Xr utmp 5 204file of current users and records the logout in the 205.Xr wtmp 5 206file. 207The cycle is 208then restarted by 209.Nm 210executing a new 211.Nm getty 212for the line. 213.Pp 214The 215.Nm 216utility can also be used to keep arbitrary daemons running, 217automatically restarting them if they die. 218In this case, the first field in the 219.Xr ttys 5 220file must not reference the path to a configured device node 221and will be passed to the daemon 222as the final argument on its command line. 223This is similar to the facility offered in the 224.At V 225.Pa /etc/inittab . 226.Pp 227Line status (on, off, secure, getty, or window information) 228may be changed in the 229.Xr ttys 5 230file without a reboot by sending the signal 231.Dv SIGHUP 232to 233.Nm 234with the command 235.Dq Li "kill -HUP 1" . 236On receipt of this signal, 237.Nm 238re-reads the 239.Xr ttys 5 240file. 241When a line is turned off in 242.Xr ttys 5 , 243.Nm 244will send a SIGHUP signal to the controlling process 245for the session associated with the line. 246For any lines that were previously turned off in the 247.Xr ttys 5 248file and are now on, 249.Nm 250executes the command specified in the second field. 251If the command or window field for a line is changed, 252the change takes effect at the end of the current 253login session (e.g., the next time 254.Nm 255starts a process on the line). 256If a line is commented out or deleted from 257.Xr ttys 5 , 258.Nm 259will not do anything at all to that line. 260However, it will complain that the relationship between lines 261in the 262.Xr ttys 5 263file and records in the 264.Xr utmp 5 265file is out of sync, 266so this practice is not recommended. 267.Pp 268The 269.Nm 270utility will terminate multi-user operations and resume single-user mode 271if sent a terminate 272.Pq Dv TERM 273signal, for example, 274.Dq Li "kill \-TERM 1" . 275If there are processes outstanding that are deadlocked (because of 276hardware or software failure), 277.Nm 278will not wait for them all to die (which might take forever), but 279will time out after 30 seconds and print a warning message. 280.Pp 281The 282.Nm 283utility will cease creating new processes 284and allow the system to slowly die away, if it is sent a terminal stop 285.Pq Dv TSTP 286signal, i.e.\& 287.Dq Li "kill \-TSTP 1" . 288A later hangup will resume full 289multi-user operations, or a terminate will start a single-user shell. 290This hook is used by 291.Xr reboot 8 292and 293.Xr halt 8 . 294.Pp 295The 296.Nm 297utility will terminate all possible processes (again, it will not wait 298for deadlocked processes) and reboot the machine if sent the interrupt 299.Pq Dv INT 300signal, i.e.\& 301.Dq Li "kill \-INT 1". 302This is useful for shutting the machine down cleanly from inside the kernel 303or from X when the machine appears to be hung. 304.Pp 305The 306.Nm 307utility will do the same, except it will halt the machine if sent 308the user defined signal 1 309.Pq Dv USR1 , 310or will halt and turn the power off (if hardware permits) if sent 311the user defined signal 2 312.Pq Dv USR2 . 313.Pp 314When shutting down the machine, 315.Nm 316will try to run the 317.Pa /etc/rc.shutdown 318script. 319This script can be used to cleanly terminate specific programs such 320as 321.Nm innd 322(the InterNetNews server). 323.Pp 324The role of 325.Nm 326is so critical that if it dies, the system will reboot itself 327automatically. 328If, at bootstrap time, the 329.Nm 330process cannot be located, the system will panic with the message 331.Dq "panic: init died (signal %d, exit %d)" . 332.Pp 333If run as a user process as shown in the second synopsis line, 334.Nm 335will emulate 336.At V 337behavior, i.e. super-user can specify the desired 338.Em run-level 339on a command line, and 340.Nm 341will signal the original 342(PID 1) 343.Nm 344as follows: 345.Bl -column Run-level SIGTERM 346.It Sy "Run-level Signal Action 347.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 348.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 349.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 350.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 351.It Cm q Ta Dv SIGHUP Ta Rescan the 352.Xr ttys 5 353file 354.El 355.Sh DIAGNOSTICS 356.Bl -diag 357.It "getty repeating too quickly on port %s, sleeping." 358A process being started to service a line is exiting quickly 359each time it is started. 360This is often caused by a ringing or noisy terminal line. 361.Bf -emphasis 362Init will sleep for 30 seconds, 363then continue trying to start the process. 364.Ef 365.It "some processes would not die; ps axl advised." 366A process 367is hung and could not be killed when the system was shutting down. 368This condition is usually caused by a process 369that is stuck in a device driver because of 370a persistent device error condition. 371.El 372.Sh FILES 373.Bl -tag -width /etc/rc.shutdown -compact 374.It Pa /dev/console 375system console device 376.It Pa /dev/tty* 377terminal ports found in 378.Xr ttys 5 379.It Pa /var/run/utmp 380record of current users on the system 381.It Pa /var/log/wtmp 382record of all logins and logouts 383.It Pa /etc/ttys 384the terminal initialization information file 385.It Pa /etc/rc 386system startup commands 387.It Pa /etc/rc.shutdown 388system shutdown commands 389.El 390.Sh SEE ALSO 391.Xr kill 1 , 392.Xr login 1 , 393.Xr sh 1 , 394.Xr dummynet 4 , 395.Xr ipfirewall 4 , 396.Xr kld 4 , 397.Xr ttys 5 , 398.Xr crash 8 , 399.Xr getty 8 , 400.Xr halt 8 , 401.Xr ipfw 8 , 402.Xr jail 8 , 403.Xr rc 8 , 404.Xr reboot 8 , 405.Xr shutdown 8 , 406.Xr sysctl 8 407.Sh HISTORY 408An 409.Nm 410utility appeared in 411.At v6 . 412.Sh CAVEATS 413Systems without 414.Xr sysctl 8 415behave as though they have security level \-1. 416.Pp 417Setting the security level above 1 too early in the boot sequence can 418prevent 419.Xr fsck 8 420from repairing inconsistent file systems. The 421preferred location to set the security level is at the end of 422.Pa /etc/rc 423after all multi-user startup actions are complete. 424