xref: /freebsd/sbin/init/init.8 (revision 6e8394b8baa7d5d9153ab90de6824bcd19b3b4e1)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. All advertising materials mentioning features or use of this software
16.\"    must display the following acknowledgement:
17.\"	This product includes software developed by the University of
18.\"	California, Berkeley and its contributors.
19.\" 4. Neither the name of the University nor the names of its contributors
20.\"    may be used to endorse or promote products derived from this software
21.\"    without specific prior written permission.
22.\"
23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33.\" SUCH DAMAGE.
34.\"
35.\"     @(#)init.8	8.3 (Berkeley) 4/18/94
36.\"	$Id: init.8,v 1.14 1999/06/16 20:01:18 ru Exp $
37.\"
38.Dd April 18, 1994
39.Dt INIT 8
40.Os BSD 4
41.Sh NAME
42.Nm init
43.Nd process control initialization
44.Sh SYNOPSIS
45.Nm init
46.Nm init
47.Oo
48.Cm 0 | 1 | 6 |
49.Cm c | q
50.Oc
51.Sh DESCRIPTION
52The
53.Nm
54program
55is the last stage of the boot process.
56It normally runs the automatic reboot sequence as described in
57.Xr rc 8 ,
58and if this succeeds, begins multi-user operation.
59If the reboot scripts fail,
60.Nm
61commences single-user operation by giving
62the super-user a shell on the console.
63The
64.Nm
65program may be passed parameters
66from the boot program to
67prevent the system from going multi-user and to instead execute
68a single-user shell without starting the normal daemons.
69The system is then quiescent for maintenance work and may
70later be made to go to multi-user by exiting the
71single-user shell (with ^D).
72This
73causes
74.Nm
75to run the
76.Pa /etc/rc
77start up command file in fastboot mode (skipping disk checks).
78.Pp
79If the
80.Em console
81entry in the
82.Xr ttys 5
83file is marked
84.Dq insecure ,
85then
86.Nm
87will require that the super-user password be
88entered before the system will start a single-user shell.
89The password check is skipped if the
90.Em console
91is marked as
92.Dq secure .
93.Pp
94The kernel runs with four different levels of security.
95Any super-user process can raise the security level, but only
96.Nm
97can lower it.
98The security levels are:
99.Bl -tag -width flag
100.It Ic -1
101Permanently insecure mode \- always run the system in level 0 mode.
102This is the default initial value.
103.It Ic 0
104Insecure mode \- immutable and append-only flags may be turned off.
105All devices may be read or written subject to their permissions.
106.It Ic 1
107Secure mode \- the system immutable and system append-only flags may not
108be turned off;
109disks for mounted filesystems,
110.Pa /dev/mem ,
111and
112.Pa /dev/kmem
113may not be opened for writing.
114.It Ic 2
115Highly secure mode \- same as secure mode, plus disks may not be
116opened for writing (except by
117.Xr mount 2 )
118whether mounted or not.
119This level precludes tampering with filesystems by unmounting them,
120but also inhibits running
121.Xr newfs 8
122while the system is multi-user.
123.It Ic 3
124Network secure mode \- same as highly secure mode, plus
125IP packet filter rules (see
126.Xr ipfw 8
127and
128.Xr ipfirewall 4 )
129can not be changed and
130.Xr dummynet 4
131configuration can not be adjusted.
132.El
133.Pp
134If the security level is initially -1, then
135.Nm
136leaves it unchanged.
137Otherwise,
138.Nm
139arranges to run the system in level 0 mode while single-user
140and in level 1 mode while multi-user.
141If level 2 mode is desired while running multi-user,
142it can be set while single-user, e.g., in the startup script
143.Pa /etc/rc ,
144using
145.Xr sysctl 8
146to set the
147.Dq kern.securelevel
148variable to the required security level.
149.Pp
150In multi-user operation,
151.Nm
152maintains
153processes for the terminal ports found in the file
154.Xr ttys 5 .
155.Nm Init
156reads this file, and executes the command found in the second field.
157This command is usually
158.Xr getty 8 ;
159.Nm getty
160opens and initializes the tty line
161and
162executes the
163.Xr login 1
164program.
165The
166.Nm login
167program, when a valid user logs in,
168executes a shell for that user.  When this shell
169dies, either because the user logged out
170or an abnormal termination occurred (a signal),
171the
172.Nm
173program wakes up, deletes the user
174from the
175.Xr utmp 5
176file of current users and records the logout in the
177.Xr wtmp 5
178file.
179The cycle is
180then restarted by
181.Nm
182executing a new
183.Nm getty
184for the line.
185.Pp
186Line status (on, off, secure, getty, or window information)
187may be changed in the
188.Xr ttys 5
189file without a reboot by sending the signal
190.Dv SIGHUP
191to
192.Nm
193with the command
194.Dq Li "kill -HUP 1" .
195On receipt of this signal,
196.Nm
197re-reads the
198.Xr ttys 5
199file.
200When a line is turned off in
201.Xr ttys 5 ,
202.Nm
203will send a SIGHUP signal to the controlling process
204for the session associated with the line.
205For any lines that were previously turned off in the
206.Xr ttys 5
207file and are now on,
208.Nm
209executes a new
210.Nm getty
211to enable a new login.
212If the getty or window field for a line is changed,
213the change takes effect at the end of the current
214login session (e.g., the next time
215.Nm
216starts a process on the line).
217If a line is commented out or deleted from
218.Xr ttys 5 ,
219.Nm
220will not do anything at all to that line.
221However, it will complain that the relationship between lines
222in the
223.Xr ttys 5
224file and records in the
225.Xr utmp 5
226file is out of sync,
227so this practice is not recommended.
228.Pp
229.Nm Init
230will terminate multi-user operations and resume single-user mode
231if sent a terminate
232.Pq Dv TERM
233signal, for example,
234.Dq Li "kill \-TERM 1" .
235If there are processes outstanding that are deadlocked (because of
236hardware or software failure),
237.Nm
238will not wait for them all to die (which might take forever), but
239will time out after 30 seconds and print a warning message.
240.Pp
241.Nm Init
242will cease creating new
243.Nm getty Ns 's
244and allow the system to slowly die away, if it is sent a terminal stop
245.Pq Dv TSTP
246signal, i.e.
247.Dq Li "kill \-TSTP 1" .
248A later hangup will resume full
249multi-user operations, or a terminate will start a single-user shell.
250This hook is used by
251.Xr reboot 8
252and
253.Xr halt 8 .
254.Pp
255.Nm Init
256will terminate all possible processes (again, it will not wait
257for deadlocked processes) and reboot the machine if sent the interrupt
258.Pq Dv INT
259signal, i.e.
260.Dq Li "kill \-INT 1".
261This is useful for shutting the machine down cleanly from inside the kernel
262or from X when the machine appears to be hung.
263.Pp
264.Nm Init
265will do the same, except it will halt the machine if sent
266the user defined signal 1
267.Pq Dv USR1 ,
268or will halt and turn the power off (if hardware permits) if sent
269the user defined signal 2
270.Pq Dv USR2 .
271.Pp
272When shutting down the machine,
273.Nm
274will try to run the
275.Pa /etc/rc.shutdown
276script. This script can be used to cleanly terminate specific programs such
277as
278.Nm innd
279(the InterNetNews server).
280.Pp
281The role of
282.Nm
283is so critical that if it dies, the system will reboot itself
284automatically.
285If, at bootstrap time, the
286.Nm
287process cannot be located, the system will panic with the message
288.Dq "panic: init died (signal %d, exit %d)" .
289.Pp
290The second synopsis form is only available if
291.Nm
292was compiled with the
293.Em COMPAT_SYSV_INIT
294option.
295In this case,
296.Nm
297will emulate
298.At V
299behavior, i.e. super-user can specify the desired
300.Em run-level
301on a command line, and
302.Nm
303will signal the original
304.Pq PID 1
305.Nm
306as follows:
307.Bl -column Run-level SIGTERM
308.It Sy Run-level	Signal	Action
309.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
310.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
311.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
312.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
313.It Cm q Ta Dv SIGHUP Ta Rescan the
314.Xr ttys 5
315file
316.El
317.Sh DIAGNOSTICS
318.Bl -diag
319.It "getty repeating too quickly on port %s, sleeping"
320A process being started to service a line is exiting quickly
321each time it is started.
322This is often caused by a ringing or noisy terminal line.
323.Em "Init will sleep for 30 seconds" ,
324.Em "then continue trying to start the process" .
325.Pp
326.It "some processes would not die; ps axl advised."
327A process
328is hung and could not be killed when the system was shutting down.
329This condition is usually caused by a process
330that is stuck in a device driver because of
331a persistent device error condition.
332.El
333.Sh FILES
334.Bl -tag -width /etc/rc.shutdown -compact
335.It Pa /dev/console
336system console device
337.It Pa /dev/tty*
338terminal ports found in
339.Xr ttys 5
340.It Pa /var/run/utmp
341record of current users on the system
342.It Pa /var/log/wtmp
343record of all logins and logouts
344.It Pa /etc/ttys
345the terminal initialization information file
346.It Pa /etc/rc
347system startup commands
348.It Pa /etc/rc.shutdown
349system shutdown commands
350.El
351.Sh SEE ALSO
352.Xr kill 1 ,
353.Xr login 1 ,
354.Xr sh 1 ,
355.Xr dummynet 4 ,
356.Xr ipfirewall 4 ,
357.Xr ttys 5 ,
358.Xr crash 8 ,
359.Xr getty 8 ,
360.Xr halt 8 ,
361.Xr ipfw 8 ,
362.Xr rc 8 ,
363.Xr reboot 8 ,
364.Xr shutdown 8 ,
365.Xr sysctl 8
366.Sh HISTORY
367An
368.Nm
369command appeared in
370.At v6 .
371.Sh CAVEATS
372Systems without
373.Xr sysctl
374behave as though they have security level \-1.
375.Pp
376Setting the security level above 1 too early in the boot sequence can
377prevent
378.Xr fsck 8
379from repairing inconsistent filesystems.  The
380preferred location to set the security level is at the end of
381.Pa /etc/rc
382after all multi-user startup actions are complete.
383