1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 4. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)init.8 8.3 (Berkeley) 4/18/94 32.\" $FreeBSD$ 33.\" 34.Dd April 18, 1994 35.Dt INIT 8 36.Os 37.Sh NAME 38.Nm init 39.Nd process control initialization 40.Sh SYNOPSIS 41.Nm 42.Nm 43.Oo 44.Cm 0 | 1 | 6 | 45.Cm c | q 46.Oc 47.Sh DESCRIPTION 48The 49.Nm 50utility 51is the last stage of the boot process. 52It normally runs the automatic reboot sequence as described in 53.Xr rc 8 , 54and if this succeeds, begins multi-user operation. 55If the reboot scripts fail, 56.Nm 57commences single-user operation by giving 58the super-user a shell on the console. 59The 60.Nm 61utility may be passed parameters 62from the boot program to 63prevent the system from going multi-user and to instead execute 64a single-user shell without starting the normal daemons. 65The system is then quiescent for maintenance work and may 66later be made to go to multi-user by exiting the 67single-user shell (with ^D). 68This 69causes 70.Nm 71to run the 72.Pa /etc/rc 73start up command file in fastboot mode (skipping disk checks). 74.Pp 75If the 76.Em console 77entry in the 78.Xr ttys 5 79file is marked 80.Dq insecure , 81then 82.Nm 83will require that the super-user password be 84entered before the system will start a single-user shell. 85The password check is skipped if the 86.Em console 87is marked as 88.Dq secure . 89.Pp 90The kernel runs with five different levels of security. 91Any super-user process can raise the security level, but no process 92can lower it. 93The security levels are: 94.Bl -tag -width flag 95.It Ic -1 96Permanently insecure mode \- always run the system in level 0 mode. 97This is the default initial value. 98.It Ic 0 99Insecure mode \- immutable and append-only flags may be turned off. 100All devices may be read or written subject to their permissions. 101.It Ic 1 102Secure mode \- the system immutable and system append-only flags may not 103be turned off; 104disks for mounted file systems, 105.Pa /dev/mem , 106.Pa /dev/kmem 107and 108.Pa /dev/io 109(if your platform has it) may not be opened for writing; 110kernel modules (see 111.Xr kld 4 ) 112may not be loaded or unloaded. 113.It Ic 2 114Highly secure mode \- same as secure mode, plus disks may not be 115opened for writing (except by 116.Xr mount 2 ) 117whether mounted or not. 118This level precludes tampering with file systems by unmounting them, 119but also inhibits running 120.Xr newfs 8 121while the system is multi-user. 122.Pp 123In addition, kernel time changes are restricted to less than or equal to one 124second. 125Attempts to change the time by more than this will log the message 126.Dq Time adjustment clamped to +1 second . 127.It Ic 3 128Network secure mode \- same as highly secure mode, plus 129IP packet filter rules (see 130.Xr ipfw 8 , 131.Xr ipfirewall 4 132and 133.Xr pfctl 8 ) 134cannot be changed and 135.Xr dummynet 4 136or 137.Xr pf 4 138configuration cannot be adjusted. 139.El 140.Pp 141If the security level is initially nonzero, then 142.Nm 143leaves it unchanged. 144Otherwise, 145.Nm 146raises the level to 1 before going multi-user for the first time. 147Since the level cannot be reduced, it will be at least 1 for 148subsequent operation, even on return to single-user. 149If a level higher than 1 is desired while running multi-user, 150it can be set before going multi-user, e.g., by the startup script 151.Xr rc 8 , 152using 153.Xr sysctl 8 154to set the 155.Va kern.securelevel 156variable to the required security level. 157.Pp 158If 159.Nm 160is run in a jail, the security level of the 161.Dq host system 162will not be effected. 163Part of the information set up in the kernel to support a jail 164is a per-jail 165.Dq securelevel 166setting. 167This allows running a higher security level inside of a jail 168than that of the host system. 169See 170.Xr jail 8 171for more information about jails. 172.Pp 173In multi-user operation, 174.Nm 175maintains 176processes for the terminal ports found in the file 177.Xr ttys 5 . 178The 179.Nm 180utility reads this file and executes the command found in the second field, 181unless the first field refers to a device in 182.Pa /dev 183which is not configured. 184The first field is supplied as the final argument to the command. 185This command is usually 186.Xr getty 8 ; 187.Nm getty 188opens and initializes the tty line 189and 190executes the 191.Xr login 1 192program. 193The 194.Nm login 195program, when a valid user logs in, 196executes a shell for that user. 197When this shell 198dies, either because the user logged out 199or an abnormal termination occurred (a signal), 200the 201.Nm 202utility wakes up, deletes the user 203from the 204.Xr utmp 5 205file of current users and records the logout in the 206.Xr wtmp 5 207file. 208The cycle is 209then restarted by 210.Nm 211executing a new 212.Nm getty 213for the line. 214.Pp 215The 216.Nm 217utility can also be used to keep arbitrary daemons running, 218automatically restarting them if they die. 219In this case, the first field in the 220.Xr ttys 5 221file must not reference the path to a configured device node 222and will be passed to the daemon 223as the final argument on its command line. 224This is similar to the facility offered in the 225.At V 226.Pa /etc/inittab . 227.Pp 228Line status (on, off, secure, getty, or window information) 229may be changed in the 230.Xr ttys 5 231file without a reboot by sending the signal 232.Dv SIGHUP 233to 234.Nm 235with the command 236.Dq Li "kill -HUP 1" . 237On receipt of this signal, 238.Nm 239re-reads the 240.Xr ttys 5 241file. 242When a line is turned off in 243.Xr ttys 5 , 244.Nm 245will send a SIGHUP signal to the controlling process 246for the session associated with the line. 247For any lines that were previously turned off in the 248.Xr ttys 5 249file and are now on, 250.Nm 251executes the command specified in the second field. 252If the command or window field for a line is changed, 253the change takes effect at the end of the current 254login session (e.g., the next time 255.Nm 256starts a process on the line). 257If a line is commented out or deleted from 258.Xr ttys 5 , 259.Nm 260will not do anything at all to that line. 261However, it will complain that the relationship between lines 262in the 263.Xr ttys 5 264file and records in the 265.Xr utmp 5 266file is out of sync, 267so this practice is not recommended. 268.Pp 269The 270.Nm 271utility will terminate multi-user operations and resume single-user mode 272if sent a terminate 273.Pq Dv TERM 274signal, for example, 275.Dq Li "kill \-TERM 1" . 276If there are processes outstanding that are deadlocked (because of 277hardware or software failure), 278.Nm 279will not wait for them all to die (which might take forever), but 280will time out after 30 seconds and print a warning message. 281.Pp 282The 283.Nm 284utility will cease creating new processes 285and allow the system to slowly die away, if it is sent a terminal stop 286.Pq Dv TSTP 287signal, i.e.\& 288.Dq Li "kill \-TSTP 1" . 289A later hangup will resume full 290multi-user operations, or a terminate will start a single-user shell. 291This hook is used by 292.Xr reboot 8 293and 294.Xr halt 8 . 295.Pp 296The 297.Nm 298utility will terminate all possible processes (again, it will not wait 299for deadlocked processes) and reboot the machine if sent the interrupt 300.Pq Dv INT 301signal, i.e.\& 302.Dq Li "kill \-INT 1". 303This is useful for shutting the machine down cleanly from inside the kernel 304or from X when the machine appears to be hung. 305.Pp 306The 307.Nm 308utility will do the same, except it will halt the machine if sent 309the user defined signal 1 310.Pq Dv USR1 , 311or will halt and turn the power off (if hardware permits) if sent 312the user defined signal 2 313.Pq Dv USR2 . 314.Pp 315When shutting down the machine, 316.Nm 317will try to run the 318.Pa /etc/rc.shutdown 319script. 320This script can be used to cleanly terminate specific programs such 321as 322.Nm innd 323(the InterNetNews server). 324.Pp 325The role of 326.Nm 327is so critical that if it dies, the system will reboot itself 328automatically. 329If, at bootstrap time, the 330.Nm 331process cannot be located, the system will panic with the message 332.Dq "panic: init died (signal %d, exit %d)" . 333.Pp 334If run as a user process as shown in the second synopsis line, 335.Nm 336will emulate 337.At V 338behavior, i.e., super-user can specify the desired 339.Em run-level 340on a command line, and 341.Nm 342will signal the original 343(PID 1) 344.Nm 345as follows: 346.Bl -column Run-level SIGTERM 347.It Sy "Run-level Signal Action 348.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 349.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 350.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 351.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 352.It Cm q Ta Dv SIGHUP Ta Rescan the 353.Xr ttys 5 354file 355.El 356.Sh DIAGNOSTICS 357.Bl -diag 358.It "getty repeating too quickly on port %s, sleeping." 359A process being started to service a line is exiting quickly 360each time it is started. 361This is often caused by a ringing or noisy terminal line. 362.Bf -emphasis 363Init will sleep for 30 seconds, 364then continue trying to start the process. 365.Ef 366.It "some processes would not die; ps axl advised." 367A process 368is hung and could not be killed when the system was shutting down. 369This condition is usually caused by a process 370that is stuck in a device driver because of 371a persistent device error condition. 372.El 373.Sh FILES 374.Bl -tag -width /etc/rc.shutdown -compact 375.It Pa /dev/console 376system console device 377.It Pa /dev/tty* 378terminal ports found in 379.Xr ttys 5 380.It Pa /var/run/utmp 381record of current users on the system 382.It Pa /var/log/wtmp 383record of all logins and logouts 384.It Pa /etc/ttys 385the terminal initialization information file 386.It Pa /etc/rc 387system startup commands 388.It Pa /etc/rc.shutdown 389system shutdown commands 390.El 391.Sh SEE ALSO 392.Xr kill 1 , 393.Xr login 1 , 394.Xr sh 1 , 395.Xr dummynet 4 , 396.Xr ipfirewall 4 , 397.Xr kld 4 , 398.Xr pf 4 , 399.Xr ttys 5 , 400.Xr crash 8 , 401.Xr getty 8 , 402.Xr halt 8 , 403.Xr ipfw 8 , 404.Xr jail 8 , 405.Xr pfctl 8 , 406.Xr rc 8 , 407.Xr reboot 8 , 408.Xr shutdown 8 , 409.Xr sysctl 8 410.Sh HISTORY 411An 412.Nm 413utility appeared in 414.At v6 . 415.Sh CAVEATS 416Systems without 417.Xr sysctl 8 418behave as though they have security level \-1. 419.Pp 420Setting the security level above 1 too early in the boot sequence can 421prevent 422.Xr fsck 8 423from repairing inconsistent file systems. 424The 425preferred location to set the security level is at the end of 426.Pa /etc/rc 427after all multi-user startup actions are complete. 428