xref: /freebsd/sbin/init/init.8 (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1.\" Copyright (c) 1980, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 3. Neither the name of the University nor the names of its contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\"     @(#)init.8	8.3 (Berkeley) 4/18/94
32.\"
33.Dd July 22, 2021
34.Dt INIT 8
35.Os
36.Sh NAME
37.Nm init
38.Nd process control initialization
39.Sh SYNOPSIS
40.Nm
41.Nm
42.Oo
43.Cm 0 | 1 | 6 |
44.Cm c | q
45.Oc
46.Sh DESCRIPTION
47The
48.Nm
49utility
50is the last stage of the boot process.
51It normally runs the automatic reboot sequence as described in
52.Xr rc 8 ,
53and if this succeeds, begins multi-user operation.
54If the reboot scripts fail,
55.Nm
56commences single-user operation by giving
57the super-user a shell on the console.
58The
59.Nm
60utility may be passed parameters
61from the boot program to
62prevent the system from going multi-user and to instead execute
63a single-user shell without starting the normal daemons.
64The system is then quiescent for maintenance work and may
65later be made to go to multi-user by exiting the
66single-user shell (with ^D).
67This
68causes
69.Nm
70to run the
71.Pa /etc/rc
72start up command file in fastboot mode (skipping disk checks).
73.Pp
74If the
75.Em console
76entry in the
77.Xr ttys 5
78file is marked
79.Dq insecure ,
80then
81.Nm
82will require that the super-user password be
83entered before the system will start a single-user shell.
84The password check is skipped if the
85.Em console
86is marked as
87.Dq secure .
88Note that the password check does not protect from variables
89such as
90.Va init_script
91being set from the
92.Xr loader 8
93command line; see the
94.Sx SECURITY
95section of
96.Xr loader 8 .
97.Pp
98If the system security level (see
99.Xr security 7 )
100is initially nonzero, then
101.Nm
102leaves it unchanged.
103Otherwise,
104.Nm
105raises the level to 1 before going multi-user for the first time.
106Since the level cannot be reduced, it will be at least 1 for
107subsequent operation, even on return to single-user.
108If a level higher than 1 is desired while running multi-user,
109it can be set before going multi-user, e.g., by the startup script
110.Xr rc 8 ,
111using
112.Xr sysctl 8
113to set the
114.Va kern.securelevel
115variable to the required security level.
116.Pp
117If
118.Nm
119is run in a jail, the security level of the
120.Dq host system
121will not be affected.
122Part of the information set up in the kernel to support a jail
123is a per-jail security level.
124This allows running a higher security level inside of a jail
125than that of the host system.
126See
127.Xr jail 8
128for more information about jails.
129.Pp
130In multi-user operation,
131.Nm
132maintains
133processes for the terminal ports found in the file
134.Xr ttys 5 .
135The
136.Nm
137utility reads this file and executes the command found in the second field,
138unless the first field refers to a device in
139.Pa /dev
140which is not configured.
141The first field is supplied as the final argument to the command.
142This command is usually
143.Xr getty 8 ;
144.Nm getty
145opens and initializes the tty line
146and
147executes the
148.Xr login 1
149program.
150The
151.Nm login
152program, when a valid user logs in,
153executes a shell for that user.
154When this shell
155dies, either because the user logged out
156or an abnormal termination occurred (a signal),
157the cycle is restarted by
158executing a new
159.Nm getty
160for the line.
161.Pp
162The
163.Nm
164utility can also be used to keep arbitrary daemons running,
165automatically restarting them if they die.
166In this case, the first field in the
167.Xr ttys 5
168file must not reference the path to a configured device node
169and will be passed to the daemon
170as the final argument on its command line.
171This is similar to the facility offered in the
172.At V
173.Pa /etc/inittab .
174.Pp
175Line status (on, off, secure, getty, or window information)
176may be changed in the
177.Xr ttys 5
178file without a reboot by sending the signal
179.Dv SIGHUP
180to
181.Nm
182with the command
183.Dq Li "kill -HUP 1" .
184On receipt of this signal,
185.Nm
186re-reads the
187.Xr ttys 5
188file.
189When a line is turned off in
190.Xr ttys 5 ,
191.Nm
192will send a SIGHUP signal to the controlling process
193for the session associated with the line.
194For any lines that were previously turned off in the
195.Xr ttys 5
196file and are now on,
197.Nm
198executes the command specified in the second field.
199If the command or window field for a line is changed,
200the change takes effect at the end of the current
201login session (e.g., the next time
202.Nm
203starts a process on the line).
204If a line is commented out or deleted from
205.Xr ttys 5 ,
206.Nm
207will not do anything at all to that line.
208.Pp
209The
210.Nm
211utility will terminate multi-user operations and resume single-user mode
212if sent a terminate
213.Pq Dv TERM
214signal, for example,
215.Dq Li "kill \-TERM 1" .
216If there are processes outstanding that are deadlocked (because of
217hardware or software failure),
218.Nm
219will not wait for them all to die (which might take forever), but
220will time out after 30 seconds and print a warning message.
221.Pp
222The
223.Nm
224utility will cease creating new processes
225and allow the system to slowly die away, if it is sent a terminal stop
226.Pq Dv TSTP
227signal, i.e.\&
228.Dq Li "kill \-TSTP 1" .
229A later hangup will resume full
230multi-user operations, or a terminate will start a single-user shell.
231This hook is used by
232.Xr reboot 8
233and
234.Xr halt 8 .
235.Pp
236The
237.Nm
238utility will terminate all possible processes (again, it will not wait
239for deadlocked processes) and reboot the machine if sent the interrupt
240.Pq Dv INT
241signal, i.e.\&
242.Dq Li "kill \-INT 1".
243This is useful for shutting the machine down cleanly from inside the kernel
244or from X when the machine appears to be hung.
245.Pp
246The
247.Nm
248utility will do the same, except it will halt the machine if sent
249the user defined signal 1
250.Pq Dv USR1 ,
251or will halt and turn the power off (if hardware permits) if sent
252the user defined signal 2
253.Pq Dv USR2 .
254.Pp
255When shutting down the machine,
256.Nm
257will try to run the
258.Pa /etc/rc.shutdown
259script.
260This script can be used to cleanly terminate specific programs such
261as
262.Nm innd
263(the InterNetNews server).
264If this script does not terminate within 120 seconds,
265.Nm
266will terminate it.
267The timeout can be configured via the
268.Xr sysctl 8
269variable
270.Va kern.init_shutdown_timeout .
271.Pp
272.Nm init
273passes
274.Dq Li single
275as the argument to the shutdown script if return to single-user mode
276is requested.
277Otherwise,
278.Dq Li reboot
279argument is used.
280.Pp
281After all user processes have been terminated,
282.Nm
283will try to run the
284.Pa /etc/rc.final
285script.
286This script can be used to finally prepare and unmount filesystems that may have
287been needed during shutdown, for instance.
288.Pp
289The role of
290.Nm
291is so critical that if it dies, the system will reboot itself
292automatically.
293If, at bootstrap time, the
294.Nm
295process cannot be located, the system will panic with the message
296.Dq "panic: init died (signal %d, exit %d)" .
297.Pp
298If run as a user process as shown in the second synopsis line,
299.Nm
300will emulate
301.At V
302behavior, i.e., super-user can specify the desired
303.Em run-level
304on a command line, and
305.Nm
306will signal the original
307(PID 1)
308.Nm
309as follows:
310.Bl -column Run-level SIGTERM
311.It Sy "Run-level	Signal	Action"
312.It Cm 0 Ta Dv SIGUSR1 Ta "Halt"
313.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
314.It Cm 0 Ta Dv SIGWINCH Ta "Halt and turn the power off and then back on"
315.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
316.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
317.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
318.It Cm q Ta Dv SIGHUP Ta Rescan the
319.Xr ttys 5
320file
321.El
322.Sh KERNEL ENVIRONMENT VARIABLES
323The following
324.Xr kenv 2
325variables are available as
326.Xr loader 8
327tunables:
328.Bl -tag -width indent
329.It Va init_chroot
330If set to a valid directory in the root file system, it causes
331.Nm
332to perform a
333.Xr chroot 2
334operation on that directory, making it the new root directory.
335That happens before entering single-user mode or multi-user
336mode (but after executing the
337.Va init_script
338if enabled).
339This functionality has generally been eclipsed by rerooting.
340See
341.Xr reboot 8
342.Fl r
343for details.
344.It Va init_exec
345If set to a valid file name in the root file system,
346instructs
347.Nm
348to directly execute that file as the very first action,
349replacing
350.Nm
351as PID 1.
352.It Va init_script
353If set to a valid file name in the root file system,
354instructs
355.Nm
356to run that script as the very first action,
357before doing anything else.
358Signal handling and exit code interpretation is similar to
359running the
360.Pa /etc/rc
361script.
362In particular, single-user operation is enforced
363if the script terminates with a non-zero exit code,
364or if a SIGTERM is delivered to the
365.Nm
366process (PID 1).
367This functionality has generally been eclipsed by rerooting.
368See
369.Xr reboot 8
370.Fl r
371for details.
372.It Va init_shell
373Defines the shell binary to be used for executing the various shell scripts.
374The default is
375.Dq Li /bin/sh .
376It is used for running the
377.Va init_exec
378or
379.Va init_script
380if set, as well as for the
381.Pa /etc/rc ,
382.Pa /etc/rc.shutdown ,
383and
384.Pa /etc/rc.final
385scripts.
386The value of the corresponding
387.Xr kenv 2
388variable is evaluated every time
389.Nm
390calls a shell script, so it can be changed later on using the
391.Xr kenv 1
392utility.
393In particular, if a non-default shell is used for running an
394.Va init_script ,
395it might be desirable to have that script reset the value of
396.Va init_shell
397back to the default, so that the
398.Pa /etc/rc
399script is executed with the standard shell
400.Pa /bin/sh .
401.Sh FILES
402.Bl -tag -width /var/log/init.log -compact
403.It Pa /dev/console
404system console device
405.It Pa /dev/tty*
406terminal ports found in
407.Xr ttys 5
408.It Pa /etc/ttys
409the terminal initialization information file
410.It Pa /etc/rc
411system startup commands
412.It Pa /etc/rc.shutdown
413system shutdown commands
414.It Pa /etc/rc.final
415system shutdown commands (after process termination)
416.It Pa /var/log/init.log
417log of
418.Xr rc 8
419output if the system console device is not available
420.El
421.Sh DIAGNOSTICS
422.Bl -diag
423.It "getty repeating too quickly on port %s, sleeping."
424A process being started to service a line is exiting quickly
425each time it is started.
426This is often caused by a ringing or noisy terminal line.
427.Bf -emphasis
428Init will sleep for 30 seconds,
429then continue trying to start the process.
430.Ef
431.It "some processes would not die; ps axl advised."
432A process
433is hung and could not be killed when the system was shutting down.
434This condition is usually caused by a process
435that is stuck in a device driver because of
436a persistent device error condition.
437.El
438.Sh SEE ALSO
439.Xr kill 1 ,
440.Xr login 1 ,
441.Xr sh 1 ,
442.Xr ttys 5 ,
443.Xr security 7 ,
444.Xr getty 8 ,
445.Xr halt 8 ,
446.Xr jail 8 ,
447.Xr rc 8 ,
448.Xr reboot 8 ,
449.Xr shutdown 8 ,
450.Xr sysctl 8
451.Sh HISTORY
452An
453.Nm
454utility appeared in
455.At v1 .
456.Sh CAVEATS
457Systems without
458.Xr sysctl 8
459behave as though they have security level \-1.
460.Pp
461Setting the security level above 1 too early in the boot sequence can
462prevent
463.Xr fsck 8
464from repairing inconsistent file systems.
465The
466preferred location to set the security level is at the end of
467.Pa /etc/rc
468after all multi-user startup actions are complete.
469