1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $Id: init.8,v 1.11 1998/06/19 08:34:52 jkoshy Exp $ 37.\" 38.Dd April 18, 1994 39.Dt INIT 8 40.Os BSD 4 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm init 46.Sh DESCRIPTION 47The 48.Nm 49program 50is the last stage of the boot process. 51It normally runs the automatic reboot sequence as described in 52.Xr reboot 8 , 53and if this succeeds, begins multi-user operation. 54If the reboot scripts fail, 55.Nm 56commences single user operation by giving 57the super-user a shell on the console. 58The 59.Nm 60program may be passed parameters 61from the boot program to 62prevent the system from going multi-user and to instead execute 63a single user shell without starting the normal daemons. 64The system is then quiescent for maintenance work and may 65later be made to go to multi-user by exiting the 66single-user shell (with ^D). 67This 68causes 69.Nm 70to run the 71.Pa /etc/rc 72start up command file in fastboot mode (skipping disk checks). 73.Pp 74If the 75.Em console 76entry in the 77.Xr ttys 5 78file is marked ``insecure'', 79then 80.Nm 81will require that the superuser password be 82entered before the system will start a single-user shell. 83The password check is skipped if the 84.Em console 85is marked as ``secure''. 86.Pp 87The kernel runs with four different levels of security. 88Any superuser process can raise the security level, but only 89.Nm 90can lower it. 91The security levels are: 92.Bl -tag -width flag 93.It Ic -1 94Permanently insecure mode \- always run the system in level 0 mode. 95This is the default initial value. 96.It Ic 0 97Insecure mode \- immutable and append-only flags may be turned off. 98All devices may be read or written subject to their permissions. 99.It Ic 1 100Secure mode \- the system immutable and system append-only flags may not 101be turned off; 102disks for mounted filesystems, 103.Pa /dev/mem , 104and 105.Pa /dev/kmem 106may not be opened for writing. 107.It Ic 2 108Highly secure mode \- same as secure mode, plus disks may not be 109opened for writing (except by 110.Xr mount 2 ) 111whether mounted or not. 112This level precludes tampering with filesystems by unmounting them, 113but also inhibits running 114.Xr newfs 8 115while the system is multi-user. 116.El 117.Pp 118If the security level is initially -1, then 119.Nm 120leaves it unchanged. 121Otherwise, 122.Nm 123arranges to run the system in level 0 mode while single user 124and in level 1 mode while multiuser. 125If level 2 mode is desired while running multiuser, 126it can be set while single user, e.g., in the startup script 127.Pa /etc/rc , 128using 129.Xr sysctl 8 130to set the 131.Dq kern.securelevel 132variable to the required security level. 133.Pp 134In multi-user operation, 135.Nm 136maintains 137processes for the terminal ports found in the file 138.Xr ttys 5 . 139.Nm Init 140reads this file, and executes the command found in the second field. 141This command is usually 142.Xr getty 8 ; 143.Nm getty 144opens and initializes the tty line 145and 146executes the 147.Xr login 1 148program. 149The 150.Nm login 151program, when a valid user logs in, 152executes a shell for that user. When this shell 153dies, either because the user logged out 154or an abnormal termination occurred (a signal), 155the 156.Nm 157program wakes up, deletes the user 158from the 159.Xr utmp 5 160file of current users and records the logout in the 161.Xr wtmp 5 162file. 163The cycle is 164then restarted by 165.Nm 166executing a new 167.Nm getty 168for the line. 169.Pp 170Line status (on, off, secure, getty, or window information) 171may be changed in the 172.Xr ttys 5 173file without a reboot by sending the signal 174.Dv SIGHUP 175to 176.Nm 177with the command 178.Dq Li "kill -HUP 1" . 179On receipt of this signal, 180.Nm 181re-reads the 182.Xr ttys 5 183file. 184When a line is turned off in 185.Xr ttys 5 , 186.Nm 187will send a SIGHUP signal to the controlling process 188for the session associated with the line. 189For any lines that were previously turned off in the 190.Xr ttys 5 191file and are now on, 192.Nm 193executes a new 194.Nm getty 195to enable a new login. 196If the getty or window field for a line is changed, 197the change takes effect at the end of the current 198login session (e.g., the next time 199.Nm 200starts a process on the line). 201If a line is commented out or deleted from 202.Xr ttys 5 , 203.Nm 204will not do anything at all to that line. 205However, it will complain that the relationship between lines 206in the 207.Xr ttys 5 208file and records in the 209.Xr utmp 5 210file is out of sync, 211so this practice is not recommended. 212.Pp 213.Nm Init 214will terminate multi-user operations and resume single-user mode 215if sent a terminate 216.Pq Dv TERM 217signal, for example, 218.Dq Li "kill \-TERM 1" . 219If there are processes outstanding that are deadlocked (because of 220hardware or software failure), 221.Nm 222will not wait for them all to die (which might take forever), but 223will time out after 30 seconds and print a warning message. 224.Pp 225.Nm Init 226will cease creating new 227.Nm getty Ns 's 228and allow the system to slowly die away, if it is sent a terminal stop 229.Pq Dv TSTP 230signal, i.e. 231.Dq Li "kill \-TSTP 1" . 232A later hangup will resume full 233multi-user operations, or a terminate will start a single user shell. 234This hook is used by 235.Xr reboot 8 236and 237.Xr halt 8 . 238.Pp 239.Nm Init 240will terminate all possible processes (again, it will not wait 241for deadlocked processes) and reboot the machine if sent the interrupt 242.Pq Dv INT 243signal, i.e. 244.Dq Li "kill \-INT 1". 245This is useful for shutting the machine down cleanly from inside the kernel 246or from X when the machine appears to be hung. 247.Pp 248When shutting down the machine, 249.Nm 250will try to run the 251.Pa /etc/rc.shutdown 252script. This script can be used to cleanly terminate specific programs such 253as 254.Nm innd 255(the InterNetNews server). 256.Pp 257The role of 258.Nm 259is so critical that if it dies, the system will reboot itself 260automatically. 261If, at bootstrap time, the 262.Nm 263process cannot be located, the system will panic with the message 264``panic: "init died (signal %d, exit %d)''. 265.Sh DIAGNOSTICS 266.Bl -diag 267.It "getty repeating too quickly on port %s, sleeping" 268A process being started to service a line is exiting quickly 269each time it is started. 270This is often caused by a ringing or noisy terminal line. 271.Em "Init will sleep for 10 seconds" , 272.Em "then continue trying to start the process" . 273.Pp 274.It "some processes would not die; ps axl advised." 275A process 276is hung and could not be killed when the system was shutting down. 277This condition is usually caused by a process 278that is stuck in a device driver because of 279a persistent device error condition. 280.El 281.Sh FILES 282.Bl -tag -width /var/log/wtmp -compact 283.It Pa /dev/console 284system console device 285.It Pa /dev/tty* 286terminal ports found in 287.Xr ttys 5 288.It Pa /var/run/utmp 289record of current users on the system 290.It Pa /var/log/wtmp 291record of all logins and logouts 292.It Pa /etc/ttys 293the terminal initialization information file 294.It Pa /etc/rc 295system startup commands 296.It Pa /etc/rc.shutdown 297system shutdown commands 298.El 299.Sh SEE ALSO 300.Xr kill 1 , 301.Xr login 1 , 302.Xr sh 1 , 303.Xr ttys 5 , 304.Xr crash 8 , 305.Xr getty 8 , 306.Xr halt 8 , 307.Xr rc 8 , 308.Xr reboot 8 , 309.Xr shutdown 8 , 310.Xr sysctl 8 311.Sh HISTORY 312A 313.Nm 314command appeared in 315.At v6 . 316.Sh CAVEATS 317Systems without 318.Xr sysctl 319behave as though they have security level \-1. 320.Pp 321Setting the security level to 2 too early in the boot sequence can 322prevent 323.Xr fsck 8 324from repairing inconsistent filesystems. The 325preferred location to set the security level is at the end of 326.Pa /etc/rc 327after all multi-user startup actions are complete. 328