xref: /freebsd/sbin/init/init.8 (revision 2e3f49888ec8851bafb22011533217487764fdb0)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. Neither the name of the University nor the names of its contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.Dd July 22, 2021
32.Dt INIT 8
33.Os
34.Sh NAME
35.Nm init
36.Nd process control initialization
37.Sh SYNOPSIS
38.Nm
39.Nm
40.Oo
41.Cm 0 | 1 | 6 |
42.Cm c | q
43.Oc
44.Sh DESCRIPTION
45The
46.Nm
47utility
48is the last stage of the boot process.
49It normally runs the automatic reboot sequence as described in
50.Xr rc 8 ,
51and if this succeeds, begins multi-user operation.
52If the reboot scripts fail,
53.Nm
54commences single-user operation by giving
55the super-user a shell on the console.
56The
57.Nm
58utility may be passed parameters
59from the boot program to
60prevent the system from going multi-user and to instead execute
61a single-user shell without starting the normal daemons.
62The system is then quiescent for maintenance work and may
63later be made to go to multi-user by exiting the
64single-user shell (with ^D).
65This
66causes
67.Nm
68to run the
69.Pa /etc/rc
70start up command file in fastboot mode (skipping disk checks).
71.Pp
72If the
73.Em console
74entry in the
75.Xr ttys 5
76file is marked
77.Dq insecure ,
78then
79.Nm
80will require that the super-user password be
81entered before the system will start a single-user shell.
82The password check is skipped if the
83.Em console
84is marked as
85.Dq secure .
86Note that the password check does not protect from variables
87such as
88.Va init_script
89being set from the
90.Xr loader 8
91command line; see the
92.Sx SECURITY
93section of
94.Xr loader 8 .
95.Pp
96If the system security level (see
97.Xr security 7 )
98is initially nonzero, then
99.Nm
100leaves it unchanged.
101Otherwise,
102.Nm
103raises the level to 1 before going multi-user for the first time.
104Since the level cannot be reduced, it will be at least 1 for
105subsequent operation, even on return to single-user.
106If a level higher than 1 is desired while running multi-user,
107it can be set before going multi-user, e.g., by the startup script
108.Xr rc 8 ,
109using
110.Xr sysctl 8
111to set the
112.Va kern.securelevel
113variable to the required security level.
114.Pp
115If
116.Nm
117is run in a jail, the security level of the
118.Dq host system
119will not be affected.
120Part of the information set up in the kernel to support a jail
121is a per-jail security level.
122This allows running a higher security level inside of a jail
123than that of the host system.
124See
125.Xr jail 8
126for more information about jails.
127.Pp
128In multi-user operation,
129.Nm
130maintains
131processes for the terminal ports found in the file
132.Xr ttys 5 .
133The
134.Nm
135utility reads this file and executes the command found in the second field,
136unless the first field refers to a device in
137.Pa /dev
138which is not configured.
139The first field is supplied as the final argument to the command.
140This command is usually
141.Xr getty 8 ;
142.Nm getty
143opens and initializes the tty line
144and
145executes the
146.Xr login 1
147program.
148The
149.Nm login
150program, when a valid user logs in,
151executes a shell for that user.
152When this shell
153dies, either because the user logged out
154or an abnormal termination occurred (a signal),
155the cycle is restarted by
156executing a new
157.Nm getty
158for the line.
159.Pp
160The
161.Nm
162utility can also be used to keep arbitrary daemons running,
163automatically restarting them if they die.
164In this case, the first field in the
165.Xr ttys 5
166file must not reference the path to a configured device node
167and will be passed to the daemon
168as the final argument on its command line.
169This is similar to the facility offered in the
170.At V
171.Pa /etc/inittab .
172.Pp
173Line status (on, off, secure, getty, or window information)
174may be changed in the
175.Xr ttys 5
176file without a reboot by sending the signal
177.Dv SIGHUP
178to
179.Nm
180with the command
181.Dq Li "kill -HUP 1" .
182On receipt of this signal,
183.Nm
184re-reads the
185.Xr ttys 5
186file.
187When a line is turned off in
188.Xr ttys 5 ,
189.Nm
190will send a SIGHUP signal to the controlling process
191for the session associated with the line.
192For any lines that were previously turned off in the
193.Xr ttys 5
194file and are now on,
195.Nm
196executes the command specified in the second field.
197If the command or window field for a line is changed,
198the change takes effect at the end of the current
199login session (e.g., the next time
200.Nm
201starts a process on the line).
202If a line is commented out or deleted from
203.Xr ttys 5 ,
204.Nm
205will not do anything at all to that line.
206.Pp
207The
208.Nm
209utility will terminate multi-user operations and resume single-user mode
210if sent a terminate
211.Pq Dv TERM
212signal, for example,
213.Dq Li "kill \-TERM 1" .
214If there are processes outstanding that are deadlocked (because of
215hardware or software failure),
216.Nm
217will not wait for them all to die (which might take forever), but
218will time out after 30 seconds and print a warning message.
219.Pp
220The
221.Nm
222utility will cease creating new processes
223and allow the system to slowly die away, if it is sent a terminal stop
224.Pq Dv TSTP
225signal, i.e.\&
226.Dq Li "kill \-TSTP 1" .
227A later hangup will resume full
228multi-user operations, or a terminate will start a single-user shell.
229This hook is used by
230.Xr reboot 8
231and
232.Xr halt 8 .
233.Pp
234The
235.Nm
236utility will terminate all possible processes (again, it will not wait
237for deadlocked processes) and reboot the machine if sent the interrupt
238.Pq Dv INT
239signal, i.e.\&
240.Dq Li "kill \-INT 1".
241This is useful for shutting the machine down cleanly from inside the kernel
242or from X when the machine appears to be hung.
243.Pp
244The
245.Nm
246utility will do the same, except it will halt the machine if sent
247the user defined signal 1
248.Pq Dv USR1 ,
249or will halt and turn the power off (if hardware permits) if sent
250the user defined signal 2
251.Pq Dv USR2 .
252.Pp
253When shutting down the machine,
254.Nm
255will try to run the
256.Pa /etc/rc.shutdown
257script.
258This script can be used to cleanly terminate specific programs such
259as
260.Nm innd
261(the InterNetNews server).
262If this script does not terminate within 120 seconds,
263.Nm
264will terminate it.
265The timeout can be configured via the
266.Xr sysctl 8
267variable
268.Va kern.init_shutdown_timeout .
269.Pp
270.Nm init
271passes
272.Dq Li single
273as the argument to the shutdown script if return to single-user mode
274is requested.
275Otherwise,
276.Dq Li reboot
277argument is used.
278.Pp
279After all user processes have been terminated,
280.Nm
281will try to run the
282.Pa /etc/rc.final
283script.
284This script can be used to finally prepare and unmount filesystems that may have
285been needed during shutdown, for instance.
286.Pp
287The role of
288.Nm
289is so critical that if it dies, the system will reboot itself
290automatically.
291If, at bootstrap time, the
292.Nm
293process cannot be located, the system will panic with the message
294.Dq "panic: init died (signal %d, exit %d)" .
295.Pp
296If run as a user process as shown in the second synopsis line,
297.Nm
298will emulate
299.At V
300behavior, i.e., super-user can specify the desired
301.Em run-level
302on a command line, and
303.Nm
304will signal the original
305(PID 1)
306.Nm
307as follows:
308.Bl -column Run-level SIGTERM
309.It Sy "Run-level	Signal	Action"
310.It Cm 0 Ta Dv SIGUSR1 Ta "Halt"
311.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
312.It Cm 0 Ta Dv SIGWINCH Ta "Halt and turn the power off and then back on"
313.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
314.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
315.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
316.It Cm q Ta Dv SIGHUP Ta Rescan the
317.Xr ttys 5
318file
319.El
320.Sh KERNEL ENVIRONMENT VARIABLES
321The following
322.Xr kenv 2
323variables are available as
324.Xr loader 8
325tunables:
326.Bl -tag -width indent
327.It Va init_chroot
328If set to a valid directory in the root file system, it causes
329.Nm
330to perform a
331.Xr chroot 2
332operation on that directory, making it the new root directory.
333That happens before entering single-user mode or multi-user
334mode (but after executing the
335.Va init_script
336if enabled).
337This functionality has generally been eclipsed by rerooting.
338See
339.Xr reboot 8
340.Fl r
341for details.
342.It Va init_exec
343If set to a valid file name in the root file system,
344instructs
345.Nm
346to directly execute that file as the very first action,
347replacing
348.Nm
349as PID 1.
350.It Va init_script
351If set to a valid file name in the root file system,
352instructs
353.Nm
354to run that script as the very first action,
355before doing anything else.
356Signal handling and exit code interpretation is similar to
357running the
358.Pa /etc/rc
359script.
360In particular, single-user operation is enforced
361if the script terminates with a non-zero exit code,
362or if a SIGTERM is delivered to the
363.Nm
364process (PID 1).
365This functionality has generally been eclipsed by rerooting.
366See
367.Xr reboot 8
368.Fl r
369for details.
370.It Va init_shell
371Defines the shell binary to be used for executing the various shell scripts.
372The default is
373.Dq Li /bin/sh .
374It is used for running the
375.Va init_exec
376or
377.Va init_script
378if set, as well as for the
379.Pa /etc/rc ,
380.Pa /etc/rc.shutdown ,
381and
382.Pa /etc/rc.final
383scripts.
384The value of the corresponding
385.Xr kenv 2
386variable is evaluated every time
387.Nm
388calls a shell script, so it can be changed later on using the
389.Xr kenv 1
390utility.
391In particular, if a non-default shell is used for running an
392.Va init_script ,
393it might be desirable to have that script reset the value of
394.Va init_shell
395back to the default, so that the
396.Pa /etc/rc
397script is executed with the standard shell
398.Pa /bin/sh .
399.Sh FILES
400.Bl -tag -width /var/log/init.log -compact
401.It Pa /dev/console
402system console device
403.It Pa /dev/tty*
404terminal ports found in
405.Xr ttys 5
406.It Pa /etc/ttys
407the terminal initialization information file
408.It Pa /etc/rc
409system startup commands
410.It Pa /etc/rc.shutdown
411system shutdown commands
412.It Pa /etc/rc.final
413system shutdown commands (after process termination)
414.It Pa /var/log/init.log
415log of
416.Xr rc 8
417output if the system console device is not available
418.El
419.Sh DIAGNOSTICS
420.Bl -diag
421.It "getty repeating too quickly on port %s, sleeping."
422A process being started to service a line is exiting quickly
423each time it is started.
424This is often caused by a ringing or noisy terminal line.
425.Bf -emphasis
426Init will sleep for 30 seconds,
427then continue trying to start the process.
428.Ef
429.It "some processes would not die; ps axl advised."
430A process
431is hung and could not be killed when the system was shutting down.
432This condition is usually caused by a process
433that is stuck in a device driver because of
434a persistent device error condition.
435.El
436.Sh SEE ALSO
437.Xr kill 1 ,
438.Xr login 1 ,
439.Xr sh 1 ,
440.Xr ttys 5 ,
441.Xr security 7 ,
442.Xr getty 8 ,
443.Xr halt 8 ,
444.Xr jail 8 ,
445.Xr rc 8 ,
446.Xr reboot 8 ,
447.Xr shutdown 8 ,
448.Xr sysctl 8
449.Sh HISTORY
450An
451.Nm
452utility appeared in
453.At v1 .
454.Sh CAVEATS
455Systems without
456.Xr sysctl 8
457behave as though they have security level \-1.
458.Pp
459Setting the security level above 1 too early in the boot sequence can
460prevent
461.Xr fsck 8
462from repairing inconsistent file systems.
463The
464preferred location to set the security level is at the end of
465.Pa /etc/rc
466after all multi-user startup actions are complete.
467