xref: /freebsd/sbin/init/init.8 (revision 1f88aa09417f1cfb3929fd37531b1ab51213c2d6)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. Neither the name of the University nor the names of its contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\"     @(#)init.8	8.3 (Berkeley) 4/18/94
32.\" $FreeBSD$
33.\"
34.Dd July 22, 2021
35.Dt INIT 8
36.Os
37.Sh NAME
38.Nm init
39.Nd process control initialization
40.Sh SYNOPSIS
41.Nm
42.Nm
43.Oo
44.Cm 0 | 1 | 6 |
45.Cm c | q
46.Oc
47.Sh DESCRIPTION
48The
49.Nm
50utility
51is the last stage of the boot process.
52It normally runs the automatic reboot sequence as described in
53.Xr rc 8 ,
54and if this succeeds, begins multi-user operation.
55If the reboot scripts fail,
56.Nm
57commences single-user operation by giving
58the super-user a shell on the console.
59The
60.Nm
61utility may be passed parameters
62from the boot program to
63prevent the system from going multi-user and to instead execute
64a single-user shell without starting the normal daemons.
65The system is then quiescent for maintenance work and may
66later be made to go to multi-user by exiting the
67single-user shell (with ^D).
68This
69causes
70.Nm
71to run the
72.Pa /etc/rc
73start up command file in fastboot mode (skipping disk checks).
74.Pp
75If the
76.Em console
77entry in the
78.Xr ttys 5
79file is marked
80.Dq insecure ,
81then
82.Nm
83will require that the super-user password be
84entered before the system will start a single-user shell.
85The password check is skipped if the
86.Em console
87is marked as
88.Dq secure .
89Note that the password check does not protect from variables
90such as
91.Va init_script
92being set from the
93.Xr loader 8
94command line; see the
95.Sx SECURITY
96section of
97.Xr loader 8 .
98.Pp
99If the system security level (see
100.Xr security 7 )
101is initially nonzero, then
102.Nm
103leaves it unchanged.
104Otherwise,
105.Nm
106raises the level to 1 before going multi-user for the first time.
107Since the level cannot be reduced, it will be at least 1 for
108subsequent operation, even on return to single-user.
109If a level higher than 1 is desired while running multi-user,
110it can be set before going multi-user, e.g., by the startup script
111.Xr rc 8 ,
112using
113.Xr sysctl 8
114to set the
115.Va kern.securelevel
116variable to the required security level.
117.Pp
118If
119.Nm
120is run in a jail, the security level of the
121.Dq host system
122will not be affected.
123Part of the information set up in the kernel to support a jail
124is a per-jail security level.
125This allows running a higher security level inside of a jail
126than that of the host system.
127See
128.Xr jail 8
129for more information about jails.
130.Pp
131In multi-user operation,
132.Nm
133maintains
134processes for the terminal ports found in the file
135.Xr ttys 5 .
136The
137.Nm
138utility reads this file and executes the command found in the second field,
139unless the first field refers to a device in
140.Pa /dev
141which is not configured.
142The first field is supplied as the final argument to the command.
143This command is usually
144.Xr getty 8 ;
145.Nm getty
146opens and initializes the tty line
147and
148executes the
149.Xr login 1
150program.
151The
152.Nm login
153program, when a valid user logs in,
154executes a shell for that user.
155When this shell
156dies, either because the user logged out
157or an abnormal termination occurred (a signal),
158the cycle is restarted by
159executing a new
160.Nm getty
161for the line.
162.Pp
163The
164.Nm
165utility can also be used to keep arbitrary daemons running,
166automatically restarting them if they die.
167In this case, the first field in the
168.Xr ttys 5
169file must not reference the path to a configured device node
170and will be passed to the daemon
171as the final argument on its command line.
172This is similar to the facility offered in the
173.At V
174.Pa /etc/inittab .
175.Pp
176Line status (on, off, secure, getty, or window information)
177may be changed in the
178.Xr ttys 5
179file without a reboot by sending the signal
180.Dv SIGHUP
181to
182.Nm
183with the command
184.Dq Li "kill -HUP 1" .
185On receipt of this signal,
186.Nm
187re-reads the
188.Xr ttys 5
189file.
190When a line is turned off in
191.Xr ttys 5 ,
192.Nm
193will send a SIGHUP signal to the controlling process
194for the session associated with the line.
195For any lines that were previously turned off in the
196.Xr ttys 5
197file and are now on,
198.Nm
199executes the command specified in the second field.
200If the command or window field for a line is changed,
201the change takes effect at the end of the current
202login session (e.g., the next time
203.Nm
204starts a process on the line).
205If a line is commented out or deleted from
206.Xr ttys 5 ,
207.Nm
208will not do anything at all to that line.
209.Pp
210The
211.Nm
212utility will terminate multi-user operations and resume single-user mode
213if sent a terminate
214.Pq Dv TERM
215signal, for example,
216.Dq Li "kill \-TERM 1" .
217If there are processes outstanding that are deadlocked (because of
218hardware or software failure),
219.Nm
220will not wait for them all to die (which might take forever), but
221will time out after 30 seconds and print a warning message.
222.Pp
223The
224.Nm
225utility will cease creating new processes
226and allow the system to slowly die away, if it is sent a terminal stop
227.Pq Dv TSTP
228signal, i.e.\&
229.Dq Li "kill \-TSTP 1" .
230A later hangup will resume full
231multi-user operations, or a terminate will start a single-user shell.
232This hook is used by
233.Xr reboot 8
234and
235.Xr halt 8 .
236.Pp
237The
238.Nm
239utility will terminate all possible processes (again, it will not wait
240for deadlocked processes) and reboot the machine if sent the interrupt
241.Pq Dv INT
242signal, i.e.\&
243.Dq Li "kill \-INT 1".
244This is useful for shutting the machine down cleanly from inside the kernel
245or from X when the machine appears to be hung.
246.Pp
247The
248.Nm
249utility will do the same, except it will halt the machine if sent
250the user defined signal 1
251.Pq Dv USR1 ,
252or will halt and turn the power off (if hardware permits) if sent
253the user defined signal 2
254.Pq Dv USR2 .
255.Pp
256When shutting down the machine,
257.Nm
258will try to run the
259.Pa /etc/rc.shutdown
260script.
261This script can be used to cleanly terminate specific programs such
262as
263.Nm innd
264(the InterNetNews server).
265If this script does not terminate within 120 seconds,
266.Nm
267will terminate it.
268The timeout can be configured via the
269.Xr sysctl 8
270variable
271.Va kern.init_shutdown_timeout .
272.Pp
273.Nm init
274passes
275.Dq Li single
276as the argument to the shutdown script if return to single-user mode
277is requested.
278Otherwise,
279.Dq Li reboot
280argument is used.
281.Pp
282After all user processes have been terminated,
283.Nm
284will try to run the
285.Pa /etc/rc.final
286script.
287This script can be used to finally prepare and unmount filesystems that may have
288been needed during shutdown, for instance.
289.Pp
290The role of
291.Nm
292is so critical that if it dies, the system will reboot itself
293automatically.
294If, at bootstrap time, the
295.Nm
296process cannot be located, the system will panic with the message
297.Dq "panic: init died (signal %d, exit %d)" .
298.Pp
299If run as a user process as shown in the second synopsis line,
300.Nm
301will emulate
302.At V
303behavior, i.e., super-user can specify the desired
304.Em run-level
305on a command line, and
306.Nm
307will signal the original
308(PID 1)
309.Nm
310as follows:
311.Bl -column Run-level SIGTERM
312.It Sy "Run-level	Signal	Action"
313.It Cm 0 Ta Dv SIGUSR1 Ta "Halt"
314.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
315.It Cm 0 Ta Dv SIGWINCH Ta "Halt and turn the power off and then back on"
316.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
317.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
318.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
319.It Cm q Ta Dv SIGHUP Ta Rescan the
320.Xr ttys 5
321file
322.El
323.Sh KERNEL ENVIRONMENT VARIABLES
324The following
325.Xr kenv 2
326variables are available as
327.Xr loader 8
328tunables:
329.Bl -tag -width indent
330.It Va init_chroot
331If set to a valid directory in the root file system, it causes
332.Nm
333to perform a
334.Xr chroot 2
335operation on that directory, making it the new root directory.
336That happens before entering single-user mode or multi-user
337mode (but after executing the
338.Va init_script
339if enabled).
340This functionality has generally been eclipsed by rerooting.
341See
342.Xr reboot 8
343.Fl r
344for details.
345.It Va init_exec
346If set to a valid file name in the root file system,
347instructs
348.Nm
349to directly execute that file as the very first action,
350replacing
351.Nm
352as PID 1.
353.It Va init_script
354If set to a valid file name in the root file system,
355instructs
356.Nm
357to run that script as the very first action,
358before doing anything else.
359Signal handling and exit code interpretation is similar to
360running the
361.Pa /etc/rc
362script.
363In particular, single-user operation is enforced
364if the script terminates with a non-zero exit code,
365or if a SIGTERM is delivered to the
366.Nm
367process (PID 1).
368This functionality has generally been eclipsed by rerooting.
369See
370.Xr reboot 8
371.Fl r
372for details.
373.It Va init_shell
374Defines the shell binary to be used for executing the various shell scripts.
375The default is
376.Dq Li /bin/sh .
377It is used for running the
378.Va init_exec
379or
380.Va init_script
381if set, as well as for the
382.Pa /etc/rc ,
383.Pa /etc/rc.shutdown ,
384and
385.Pa /etc/rc.final
386scripts.
387The value of the corresponding
388.Xr kenv 2
389variable is evaluated every time
390.Nm
391calls a shell script, so it can be changed later on using the
392.Xr kenv 1
393utility.
394In particular, if a non-default shell is used for running an
395.Va init_script ,
396it might be desirable to have that script reset the value of
397.Va init_shell
398back to the default, so that the
399.Pa /etc/rc
400script is executed with the standard shell
401.Pa /bin/sh .
402.Sh FILES
403.Bl -tag -width /var/log/init.log -compact
404.It Pa /dev/console
405system console device
406.It Pa /dev/tty*
407terminal ports found in
408.Xr ttys 5
409.It Pa /etc/ttys
410the terminal initialization information file
411.It Pa /etc/rc
412system startup commands
413.It Pa /etc/rc.shutdown
414system shutdown commands
415.It Pa /etc/rc.final
416system shutdown commands (after process termination)
417.It Pa /var/log/init.log
418log of
419.Xr rc 8
420output if the system console device is not available
421.El
422.Sh DIAGNOSTICS
423.Bl -diag
424.It "getty repeating too quickly on port %s, sleeping."
425A process being started to service a line is exiting quickly
426each time it is started.
427This is often caused by a ringing or noisy terminal line.
428.Bf -emphasis
429Init will sleep for 30 seconds,
430then continue trying to start the process.
431.Ef
432.It "some processes would not die; ps axl advised."
433A process
434is hung and could not be killed when the system was shutting down.
435This condition is usually caused by a process
436that is stuck in a device driver because of
437a persistent device error condition.
438.El
439.Sh SEE ALSO
440.Xr kill 1 ,
441.Xr login 1 ,
442.Xr sh 1 ,
443.Xr ttys 5 ,
444.Xr security 7 ,
445.Xr getty 8 ,
446.Xr halt 8 ,
447.Xr jail 8 ,
448.Xr rc 8 ,
449.Xr reboot 8 ,
450.Xr shutdown 8 ,
451.Xr sysctl 8
452.Sh HISTORY
453An
454.Nm
455utility appeared in
456.At v1 .
457.Sh CAVEATS
458Systems without
459.Xr sysctl 8
460behave as though they have security level \-1.
461.Pp
462Setting the security level above 1 too early in the boot sequence can
463prevent
464.Xr fsck 8
465from repairing inconsistent file systems.
466The
467preferred location to set the security level is at the end of
468.Pa /etc/rc
469after all multi-user startup actions are complete.
470