1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $Id: init.8,v 1.14 1999/06/16 20:01:18 ru Exp $ 37.\" 38.Dd April 18, 1994 39.Dt INIT 8 40.Os BSD 4 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm init 46.Nm init 47.Oo 48.Cm 0 | 1 | 6 | 49.Cm c | q 50.Oc 51.Sh DESCRIPTION 52The 53.Nm 54program 55is the last stage of the boot process. 56It normally runs the automatic reboot sequence as described in 57.Xr rc 8 , 58and if this succeeds, begins multi-user operation. 59If the reboot scripts fail, 60.Nm 61commences single-user operation by giving 62the super-user a shell on the console. 63The 64.Nm 65program may be passed parameters 66from the boot program to 67prevent the system from going multi-user and to instead execute 68a single-user shell without starting the normal daemons. 69The system is then quiescent for maintenance work and may 70later be made to go to multi-user by exiting the 71single-user shell (with ^D). 72This 73causes 74.Nm 75to run the 76.Pa /etc/rc 77start up command file in fastboot mode (skipping disk checks). 78.Pp 79If the 80.Em console 81entry in the 82.Xr ttys 5 83file is marked 84.Dq insecure , 85then 86.Nm 87will require that the super-user password be 88entered before the system will start a single-user shell. 89The password check is skipped if the 90.Em console 91is marked as 92.Dq secure . 93.Pp 94The kernel runs with four different levels of security. 95Any super-user process can raise the security level, but only 96.Nm 97can lower it. 98The security levels are: 99.Bl -tag -width flag 100.It Ic -1 101Permanently insecure mode \- always run the system in level 0 mode. 102This is the default initial value. 103.It Ic 0 104Insecure mode \- immutable and append-only flags may be turned off. 105All devices may be read or written subject to their permissions. 106.It Ic 1 107Secure mode \- the system immutable and system append-only flags may not 108be turned off; 109disks for mounted filesystems, 110.Pa /dev/mem , 111and 112.Pa /dev/kmem 113may not be opened for writing. 114.It Ic 2 115Highly secure mode \- same as secure mode, plus disks may not be 116opened for writing (except by 117.Xr mount 2 ) 118whether mounted or not. 119This level precludes tampering with filesystems by unmounting them, 120but also inhibits running 121.Xr newfs 8 122while the system is multi-user. 123.It Ic 3 124Network secure mode \- same as highly secure mode, plus 125IP packet filter rules (see 126.Xr ipfw 8 127and 128.Xr ipfirewall 4 ) 129can not be changed and 130.Xr dummynet 4 131configuration can not be adjusted. 132.El 133.Pp 134If the security level is initially -1, then 135.Nm 136leaves it unchanged. 137Otherwise, 138.Nm 139arranges to run the system in level 0 mode while single-user 140and in level 1 mode while multi-user. 141If level 2 mode is desired while running multi-user, 142it can be set while single-user, e.g., in the startup script 143.Pa /etc/rc , 144using 145.Xr sysctl 8 146to set the 147.Dq kern.securelevel 148variable to the required security level. 149.Pp 150In multi-user operation, 151.Nm 152maintains 153processes for the terminal ports found in the file 154.Xr ttys 5 . 155.Nm Init 156reads this file, and executes the command found in the second field. 157This command is usually 158.Xr getty 8 ; 159.Nm getty 160opens and initializes the tty line 161and 162executes the 163.Xr login 1 164program. 165The 166.Nm login 167program, when a valid user logs in, 168executes a shell for that user. When this shell 169dies, either because the user logged out 170or an abnormal termination occurred (a signal), 171the 172.Nm 173program wakes up, deletes the user 174from the 175.Xr utmp 5 176file of current users and records the logout in the 177.Xr wtmp 5 178file. 179The cycle is 180then restarted by 181.Nm 182executing a new 183.Nm getty 184for the line. 185.Pp 186Line status (on, off, secure, getty, or window information) 187may be changed in the 188.Xr ttys 5 189file without a reboot by sending the signal 190.Dv SIGHUP 191to 192.Nm 193with the command 194.Dq Li "kill -HUP 1" . 195On receipt of this signal, 196.Nm 197re-reads the 198.Xr ttys 5 199file. 200When a line is turned off in 201.Xr ttys 5 , 202.Nm 203will send a SIGHUP signal to the controlling process 204for the session associated with the line. 205For any lines that were previously turned off in the 206.Xr ttys 5 207file and are now on, 208.Nm 209executes a new 210.Nm getty 211to enable a new login. 212If the getty or window field for a line is changed, 213the change takes effect at the end of the current 214login session (e.g., the next time 215.Nm 216starts a process on the line). 217If a line is commented out or deleted from 218.Xr ttys 5 , 219.Nm 220will not do anything at all to that line. 221However, it will complain that the relationship between lines 222in the 223.Xr ttys 5 224file and records in the 225.Xr utmp 5 226file is out of sync, 227so this practice is not recommended. 228.Pp 229.Nm Init 230will terminate multi-user operations and resume single-user mode 231if sent a terminate 232.Pq Dv TERM 233signal, for example, 234.Dq Li "kill \-TERM 1" . 235If there are processes outstanding that are deadlocked (because of 236hardware or software failure), 237.Nm 238will not wait for them all to die (which might take forever), but 239will time out after 30 seconds and print a warning message. 240.Pp 241.Nm Init 242will cease creating new 243.Nm getty Ns 's 244and allow the system to slowly die away, if it is sent a terminal stop 245.Pq Dv TSTP 246signal, i.e. 247.Dq Li "kill \-TSTP 1" . 248A later hangup will resume full 249multi-user operations, or a terminate will start a single-user shell. 250This hook is used by 251.Xr reboot 8 252and 253.Xr halt 8 . 254.Pp 255.Nm Init 256will terminate all possible processes (again, it will not wait 257for deadlocked processes) and reboot the machine if sent the interrupt 258.Pq Dv INT 259signal, i.e. 260.Dq Li "kill \-INT 1". 261This is useful for shutting the machine down cleanly from inside the kernel 262or from X when the machine appears to be hung. 263.Pp 264.Nm Init 265will do the same, except it will halt the machine if sent 266the user defined signal 1 267.Pq Dv USR1 , 268or will halt and turn the power off (if hardware permits) if sent 269the user defined signal 2 270.Pq Dv USR2 . 271.Pp 272When shutting down the machine, 273.Nm 274will try to run the 275.Pa /etc/rc.shutdown 276script. This script can be used to cleanly terminate specific programs such 277as 278.Nm innd 279(the InterNetNews server). 280.Pp 281The role of 282.Nm 283is so critical that if it dies, the system will reboot itself 284automatically. 285If, at bootstrap time, the 286.Nm 287process cannot be located, the system will panic with the message 288.Dq "panic: init died (signal %d, exit %d)" . 289.Pp 290The second synopsis form is only available if 291.Nm 292was compiled with the 293.Em COMPAT_SYSV_INIT 294option. 295In this case, 296.Nm 297will emulate 298.At V 299behavior, i.e. super-user can specify the desired 300.Em run-level 301on a command line, and 302.Nm 303will signal the original 304.Pq PID 1 305.Nm 306as follows: 307.Bl -column Run-level SIGTERM 308.It Sy Run-level Signal Action 309.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 310.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 311.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 312.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 313.It Cm q Ta Dv SIGHUP Ta Rescan the 314.Xr ttys 5 315file 316.El 317.Sh DIAGNOSTICS 318.Bl -diag 319.It "getty repeating too quickly on port %s, sleeping" 320A process being started to service a line is exiting quickly 321each time it is started. 322This is often caused by a ringing or noisy terminal line. 323.Em "Init will sleep for 30 seconds" , 324.Em "then continue trying to start the process" . 325.Pp 326.It "some processes would not die; ps axl advised." 327A process 328is hung and could not be killed when the system was shutting down. 329This condition is usually caused by a process 330that is stuck in a device driver because of 331a persistent device error condition. 332.El 333.Sh FILES 334.Bl -tag -width /etc/rc.shutdown -compact 335.It Pa /dev/console 336system console device 337.It Pa /dev/tty* 338terminal ports found in 339.Xr ttys 5 340.It Pa /var/run/utmp 341record of current users on the system 342.It Pa /var/log/wtmp 343record of all logins and logouts 344.It Pa /etc/ttys 345the terminal initialization information file 346.It Pa /etc/rc 347system startup commands 348.It Pa /etc/rc.shutdown 349system shutdown commands 350.El 351.Sh SEE ALSO 352.Xr kill 1 , 353.Xr login 1 , 354.Xr sh 1 , 355.Xr dummynet 4 , 356.Xr ipfirewall 4 , 357.Xr ttys 5 , 358.Xr crash 8 , 359.Xr getty 8 , 360.Xr halt 8 , 361.Xr ipfw 8 , 362.Xr rc 8 , 363.Xr reboot 8 , 364.Xr shutdown 8 , 365.Xr sysctl 8 366.Sh HISTORY 367An 368.Nm 369command appeared in 370.At v6 . 371.Sh CAVEATS 372Systems without 373.Xr sysctl 374behave as though they have security level \-1. 375.Pp 376Setting the security level above 1 too early in the boot sequence can 377prevent 378.Xr fsck 8 379from repairing inconsistent filesystems. The 380preferred location to set the security level is at the end of 381.Pa /etc/rc 382after all multi-user startup actions are complete. 383