xref: /freebsd/sbin/init/init.8 (revision 41466b50c1d5bfd1cf6adaae547a579a75d7c04e)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. All advertising materials mentioning features or use of this software
16.\"    must display the following acknowledgement:
17.\"	This product includes software developed by the University of
18.\"	California, Berkeley and its contributors.
19.\" 4. Neither the name of the University nor the names of its contributors
20.\"    may be used to endorse or promote products derived from this software
21.\"    without specific prior written permission.
22.\"
23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33.\" SUCH DAMAGE.
34.\"
35.\"     @(#)init.8	8.3 (Berkeley) 4/18/94
36.\" $FreeBSD$
37.\"
38.Dd April 18, 1994
39.Dt INIT 8
40.Os
41.Sh NAME
42.Nm init
43.Nd process control initialization
44.Sh SYNOPSIS
45.Nm
46.Nm
47.Oo
48.Cm 0 | 1 | 6 |
49.Cm c | q
50.Oc
51.Sh DESCRIPTION
52The
53.Nm
54program
55is the last stage of the boot process.
56It normally runs the automatic reboot sequence as described in
57.Xr rc 8 ,
58and if this succeeds, begins multi-user operation.
59If the reboot scripts fail,
60.Nm
61commences single-user operation by giving
62the super-user a shell on the console.
63The
64.Nm
65program may be passed parameters
66from the boot program to
67prevent the system from going multi-user and to instead execute
68a single-user shell without starting the normal daemons.
69The system is then quiescent for maintenance work and may
70later be made to go to multi-user by exiting the
71single-user shell (with ^D).
72This
73causes
74.Nm
75to run the
76.Pa /etc/rc
77start up command file in fastboot mode (skipping disk checks).
78.Pp
79If the
80.Em console
81entry in the
82.Xr ttys 5
83file is marked
84.Dq insecure ,
85then
86.Nm
87will require that the super-user password be
88entered before the system will start a single-user shell.
89The password check is skipped if the
90.Em console
91is marked as
92.Dq secure .
93.Pp
94The kernel runs with four different levels of security.
95Any super-user process can raise the security level, but no process
96can lower it.
97The security levels are:
98.Bl -tag -width flag
99.It Ic -1
100Permanently insecure mode \- always run the system in level 0 mode.
101This is the default initial value.
102.It Ic 0
103Insecure mode \- immutable and append-only flags may be turned off.
104All devices may be read or written subject to their permissions.
105.It Ic 1
106Secure mode \- the system immutable and system append-only flags may not
107be turned off;
108disks for mounted filesystems,
109.Pa /dev/mem ,
110and
111.Pa /dev/kmem
112may not be opened for writing;
113kernel modules (see
114.Xr kld 4 )
115may not be loaded or unloaded.
116.It Ic 2
117Highly secure mode \- same as secure mode, plus disks may not be
118opened for writing (except by
119.Xr mount 2 )
120whether mounted or not.
121This level precludes tampering with filesystems by unmounting them,
122but also inhibits running
123.Xr newfs 8
124while the system is multi-user.
125.Pp
126In addition, kernel time changes are restricted to less than or equal to one
127second.  Attempts to change the time by more than this will log the message
128.Dq Time adjustment clamped to +1 second .
129.It Ic 3
130Network secure mode \- same as highly secure mode, plus
131IP packet filter rules (see
132.Xr ipfw 8
133and
134.Xr ipfirewall 4 )
135cannot be changed and
136.Xr dummynet 4
137configuration cannot be adjusted.
138.El
139.Pp
140If the security level is initially nonzero, then
141.Nm
142leaves it unchanged.
143Otherwise,
144.Nm
145raises the level to 1 before going multi-user for the first time.
146Since the level can not be reduced, it will be at least 1 for
147subsequent operation, even on return to single-user.
148If a level higher than 1 is desired while running multi-user,
149it can be set before going multi-user, e.g., by the startup script
150.Xr rc 8 ,
151using
152.Xr sysctl 8
153to set the
154.Dq kern.securelevel
155variable to the required security level.
156.Pp
157In multi-user operation,
158.Nm
159maintains
160processes for the terminal ports found in the file
161.Xr ttys 5 .
162.Nm Init
163reads this file and executes the command found in the second field,
164unless the first field refers to a device in
165.Pa /dev
166which is not configured.
167The first field is supplied as the final argument to the command.
168This command is usually
169.Xr getty 8 ;
170.Nm getty
171opens and initializes the tty line
172and
173executes the
174.Xr login 1
175program.
176The
177.Nm login
178program, when a valid user logs in,
179executes a shell for that user.  When this shell
180dies, either because the user logged out
181or an abnormal termination occurred (a signal),
182the
183.Nm
184program wakes up, deletes the user
185from the
186.Xr utmp 5
187file of current users and records the logout in the
188.Xr wtmp 5
189file.
190The cycle is
191then restarted by
192.Nm
193executing a new
194.Nm getty
195for the line.
196.Pp
197.Nm Init
198can also be used to keep arbitrary daemons running,
199automatically restarting them if they die.
200In this case, the first field in the
201.Xr ttys 5
202file must not reference the path to a configured device node
203and will be passed to the daemon
204as the final argument on its command line.
205This is similar to the facility offered in the
206.At V
207.Pa /etc/inittab .
208.Pp
209Line status (on, off, secure, getty, or window information)
210may be changed in the
211.Xr ttys 5
212file without a reboot by sending the signal
213.Dv SIGHUP
214to
215.Nm
216with the command
217.Dq Li "kill -HUP 1" .
218On receipt of this signal,
219.Nm
220re-reads the
221.Xr ttys 5
222file.
223When a line is turned off in
224.Xr ttys 5 ,
225.Nm
226will send a SIGHUP signal to the controlling process
227for the session associated with the line.
228For any lines that were previously turned off in the
229.Xr ttys 5
230file and are now on,
231.Nm
232executes the command specified in the second field.
233If the command or window field for a line is changed,
234the change takes effect at the end of the current
235login session (e.g., the next time
236.Nm
237starts a process on the line).
238If a line is commented out or deleted from
239.Xr ttys 5 ,
240.Nm
241will not do anything at all to that line.
242However, it will complain that the relationship between lines
243in the
244.Xr ttys 5
245file and records in the
246.Xr utmp 5
247file is out of sync,
248so this practice is not recommended.
249.Pp
250.Nm Init
251will terminate multi-user operations and resume single-user mode
252if sent a terminate
253.Pq Dv TERM
254signal, for example,
255.Dq Li "kill \-TERM 1" .
256If there are processes outstanding that are deadlocked (because of
257hardware or software failure),
258.Nm
259will not wait for them all to die (which might take forever), but
260will time out after 30 seconds and print a warning message.
261.Pp
262.Nm Init
263will cease creating new processes
264and allow the system to slowly die away, if it is sent a terminal stop
265.Pq Dv TSTP
266signal, i.e.\&
267.Dq Li "kill \-TSTP 1" .
268A later hangup will resume full
269multi-user operations, or a terminate will start a single-user shell.
270This hook is used by
271.Xr reboot 8
272and
273.Xr halt 8 .
274.Pp
275.Nm Init
276will terminate all possible processes (again, it will not wait
277for deadlocked processes) and reboot the machine if sent the interrupt
278.Pq Dv INT
279signal, i.e.\&
280.Dq Li "kill \-INT 1".
281This is useful for shutting the machine down cleanly from inside the kernel
282or from X when the machine appears to be hung.
283.Pp
284.Nm Init
285will do the same, except it will halt the machine if sent
286the user defined signal 1
287.Pq Dv USR1 ,
288or will halt and turn the power off (if hardware permits) if sent
289the user defined signal 2
290.Pq Dv USR2 .
291.Pp
292When shutting down the machine,
293.Nm
294will try to run the
295.Pa /etc/rc.shutdown
296script.
297This script can be used to cleanly terminate specific programs such
298as
299.Nm innd
300(the InterNetNews server).
301.Pp
302The role of
303.Nm
304is so critical that if it dies, the system will reboot itself
305automatically.
306If, at bootstrap time, the
307.Nm
308process cannot be located, the system will panic with the message
309.Dq "panic: init died (signal %d, exit %d)" .
310.Pp
311If run as a user process as shown in the second synopsis line,
312.Nm
313will emulate
314.At V
315behavior, i.e. super-user can specify the desired
316.Em run-level
317on a command line, and
318.Nm
319will signal the original
320(PID 1)
321.Nm
322as follows:
323.Bl -column Run-level SIGTERM
324.It Sy "Run-level	Signal	Action
325.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
326.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
327.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
328.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
329.It Cm q Ta Dv SIGHUP Ta Rescan the
330.Xr ttys 5
331file
332.El
333.Sh DIAGNOSTICS
334.Bl -diag
335.It "getty repeating too quickly on port %s, sleeping."
336A process being started to service a line is exiting quickly
337each time it is started.
338This is often caused by a ringing or noisy terminal line.
339.Em "Init will sleep for 30 seconds" ,
340.Em "then continue trying to start the process" .
341.It "some processes would not die; ps axl advised."
342A process
343is hung and could not be killed when the system was shutting down.
344This condition is usually caused by a process
345that is stuck in a device driver because of
346a persistent device error condition.
347.El
348.Sh FILES
349.Bl -tag -width /etc/rc.shutdown -compact
350.It Pa /dev/console
351system console device
352.It Pa /dev/tty*
353terminal ports found in
354.Xr ttys 5
355.It Pa /var/run/utmp
356record of current users on the system
357.It Pa /var/log/wtmp
358record of all logins and logouts
359.It Pa /etc/ttys
360the terminal initialization information file
361.It Pa /etc/rc
362system startup commands
363.It Pa /etc/rc.shutdown
364system shutdown commands
365.El
366.Sh SEE ALSO
367.Xr kill 1 ,
368.Xr login 1 ,
369.Xr sh 1 ,
370.Xr dummynet 4 ,
371.Xr ipfirewall 4 ,
372.Xr kld 4 ,
373.Xr ttys 5 ,
374.Xr crash 8 ,
375.Xr getty 8 ,
376.Xr halt 8 ,
377.Xr ipfw 8 ,
378.Xr rc 8 ,
379.Xr reboot 8 ,
380.Xr shutdown 8 ,
381.Xr sysctl 8
382.Sh HISTORY
383An
384.Nm
385command appeared in
386.At v6 .
387.Sh CAVEATS
388Systems without
389.Xr sysctl
390behave as though they have security level \-1.
391.Pp
392Setting the security level above 1 too early in the boot sequence can
393prevent
394.Xr fsck 8
395from repairing inconsistent filesystems.  The
396preferred location to set the security level is at the end of
397.Pa /etc/rc
398after all multi-user startup actions are complete.
399