1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.Dd July 22, 2021 32.Dt INIT 8 33.Os 34.Sh NAME 35.Nm init 36.Nd process control initialization 37.Sh SYNOPSIS 38.Nm 39.Nm 40.Oo 41.Cm 0 | 1 | 6 | 42.Cm c | q 43.Oc 44.Sh DESCRIPTION 45The 46.Nm 47utility 48is the last stage of the boot process. 49It normally runs the automatic reboot sequence as described in 50.Xr rc 8 , 51and if this succeeds, begins multi-user operation. 52If the reboot scripts fail, 53.Nm 54commences single-user operation by giving 55the super-user a shell on the console. 56The 57.Nm 58utility may be passed parameters 59from the boot program to 60prevent the system from going multi-user and to instead execute 61a single-user shell without starting the normal daemons. 62The system is then quiescent for maintenance work and may 63later be made to go to multi-user by exiting the 64single-user shell (with ^D). 65This 66causes 67.Nm 68to run the 69.Pa /etc/rc 70start up command file in fastboot mode (skipping disk checks). 71.Pp 72If the 73.Em console 74entry in the 75.Xr ttys 5 76file is marked 77.Dq insecure , 78then 79.Nm 80will require that the super-user password be 81entered before the system will start a single-user shell. 82The password check is skipped if the 83.Em console 84is marked as 85.Dq secure . 86Note that the password check does not protect from variables 87such as 88.Va init_script 89being set from the 90.Xr loader 8 91command line; see the 92.Sx SECURITY 93section of 94.Xr loader 8 . 95.Pp 96If the system security level (see 97.Xr security 7 ) 98is initially nonzero, then 99.Nm 100leaves it unchanged. 101Otherwise, 102.Nm 103raises the level to 1 before going multi-user for the first time. 104Since the level cannot be reduced, it will be at least 1 for 105subsequent operation, even on return to single-user. 106If a level higher than 1 is desired while running multi-user, 107it can be set before going multi-user, e.g., by the startup script 108.Xr rc 8 , 109using 110.Xr sysctl 8 111to set the 112.Va kern.securelevel 113variable to the required security level. 114.Pp 115If 116.Nm 117is run in a jail, the security level of the 118.Dq host system 119will not be affected. 120Part of the information set up in the kernel to support a jail 121is a per-jail security level. 122This allows running a higher security level inside of a jail 123than that of the host system. 124See 125.Xr jail 8 126for more information about jails. 127.Pp 128In multi-user operation, 129.Nm 130maintains 131processes for the terminal ports found in the file 132.Xr ttys 5 . 133The 134.Nm 135utility reads this file and executes the command found in the second field, 136unless the first field refers to a device in 137.Pa /dev 138which is not configured. 139The first field is supplied as the final argument to the command. 140This command is usually 141.Xr getty 8 ; 142.Nm getty 143opens and initializes the tty line 144and 145executes the 146.Xr login 1 147program. 148The 149.Nm login 150program, when a valid user logs in, 151executes a shell for that user. 152When this shell 153dies, either because the user logged out 154or an abnormal termination occurred (a signal), 155the cycle is restarted by 156executing a new 157.Nm getty 158for the line. 159.Pp 160The 161.Nm 162utility can also be used to keep arbitrary daemons running, 163automatically restarting them if they die. 164In this case, the first field in the 165.Xr ttys 5 166file must not reference the path to a configured device node 167and will be passed to the daemon 168as the final argument on its command line. 169This is similar to the facility offered in the 170.At V 171.Pa /etc/inittab . 172.Pp 173Line status (on, off, secure, getty, or window information) 174may be changed in the 175.Xr ttys 5 176file without a reboot by sending the signal 177.Dv SIGHUP 178to 179.Nm 180with the command 181.Dq Li "kill -HUP 1" . 182On receipt of this signal, 183.Nm 184re-reads the 185.Xr ttys 5 186file. 187When a line is turned off in 188.Xr ttys 5 , 189.Nm 190will send a SIGHUP signal to the controlling process 191for the session associated with the line. 192For any lines that were previously turned off in the 193.Xr ttys 5 194file and are now on, 195.Nm 196executes the command specified in the second field. 197If the command or window field for a line is changed, 198the change takes effect at the end of the current 199login session (e.g., the next time 200.Nm 201starts a process on the line). 202If a line is commented out or deleted from 203.Xr ttys 5 , 204.Nm 205will not do anything at all to that line. 206.Pp 207The 208.Nm 209utility will terminate multi-user operations and resume single-user mode 210if sent a terminate 211.Pq Dv TERM 212signal, for example, 213.Dq Li "kill \-TERM 1" . 214If there are processes outstanding that are deadlocked (because of 215hardware or software failure), 216.Nm 217will not wait for them all to die (which might take forever), but 218will time out after 30 seconds and print a warning message. 219.Pp 220The 221.Nm 222utility will cease creating new processes 223and allow the system to slowly die away, if it is sent a terminal stop 224.Pq Dv TSTP 225signal, i.e.\& 226.Dq Li "kill \-TSTP 1" . 227A later hangup will resume full 228multi-user operations, or a terminate will start a single-user shell. 229This hook is used by 230.Xr reboot 8 231and 232.Xr halt 8 . 233.Pp 234The 235.Nm 236utility will terminate all possible processes (again, it will not wait 237for deadlocked processes) and reboot the machine if sent the interrupt 238.Pq Dv INT 239signal, i.e.\& 240.Dq Li "kill \-INT 1". 241This is useful for shutting the machine down cleanly from inside the kernel 242or from X when the machine appears to be hung. 243.Pp 244The 245.Nm 246utility will do the same, except it will halt the machine if sent 247the user defined signal 1 248.Pq Dv USR1 , 249or will halt and turn the power off (if hardware permits) if sent 250the user defined signal 2 251.Pq Dv USR2 . 252.Pp 253When shutting down the machine, 254.Nm 255will try to run the 256.Pa /etc/rc.shutdown 257script. 258This script can be used to cleanly terminate specific programs such 259as 260.Nm innd 261(the InterNetNews server). 262If this script does not terminate within 120 seconds, 263.Nm 264will terminate it. 265The timeout can be configured via the 266.Xr sysctl 8 267variable 268.Va kern.init_shutdown_timeout . 269.Pp 270.Nm init 271passes 272.Dq Li single 273as the argument to the shutdown script if return to single-user mode 274is requested. 275Otherwise, 276.Dq Li reboot 277argument is used. 278.Pp 279After all user processes have been terminated, 280.Nm 281will try to run the 282.Pa /etc/rc.final 283script. 284This script can be used to finally prepare and unmount filesystems that may have 285been needed during shutdown, for instance. 286.Pp 287The role of 288.Nm 289is so critical that if it dies, the system will reboot itself 290automatically. 291If, at bootstrap time, the 292.Nm 293process cannot be located, the system will panic with the message 294.Dq "panic: init died (signal %d, exit %d)" . 295.Pp 296If run as a user process as shown in the second synopsis line, 297.Nm 298will emulate 299.At V 300behavior, i.e., super-user can specify the desired 301.Em run-level 302on a command line, and 303.Nm 304will signal the original 305(PID 1) 306.Nm 307as follows: 308.Bl -column Run-level SIGTERM 309.It Sy "Run-level Signal Action" 310.It Cm 0 Ta Dv SIGUSR1 Ta "Halt" 311.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 312.It Cm 0 Ta Dv SIGWINCH Ta "Halt and turn the power off and then back on" 313.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 314.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 315.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 316.It Cm q Ta Dv SIGHUP Ta Rescan the 317.Xr ttys 5 318file 319.El 320.Sh KERNEL ENVIRONMENT VARIABLES 321The following 322.Xr kenv 2 323variables are available as 324.Xr loader 8 325tunables: 326.Bl -tag -width indent 327.It Va init_chroot 328If set to a valid directory in the root file system, it causes 329.Nm 330to perform a 331.Xr chroot 2 332operation on that directory, making it the new root directory. 333That happens before entering single-user mode or multi-user 334mode (but after executing the 335.Va init_script 336if enabled). 337This functionality has generally been eclipsed by rerooting. 338See 339.Xr reboot 8 340.Fl r 341for details. 342.It Va init_exec 343If set to a valid file name in the root file system, 344instructs 345.Nm 346to directly execute that file as the very first action, 347replacing 348.Nm 349as PID 1. 350.It Va init_script 351If set to a valid file name in the root file system, 352instructs 353.Nm 354to run that script as the very first action, 355before doing anything else. 356Signal handling and exit code interpretation is similar to 357running the 358.Pa /etc/rc 359script. 360In particular, single-user operation is enforced 361if the script terminates with a non-zero exit code, 362or if a SIGTERM is delivered to the 363.Nm 364process (PID 1). 365This functionality has generally been eclipsed by rerooting. 366See 367.Xr reboot 8 368.Fl r 369for details. 370.It Va init_shell 371Defines the shell binary to be used for executing the various shell scripts. 372The default is 373.Dq Li /bin/sh . 374It is used for running the 375.Va init_exec 376or 377.Va init_script 378if set, as well as for the 379.Pa /etc/rc , 380.Pa /etc/rc.shutdown , 381and 382.Pa /etc/rc.final 383scripts. 384The value of the corresponding 385.Xr kenv 2 386variable is evaluated every time 387.Nm 388calls a shell script, so it can be changed later on using the 389.Xr kenv 1 390utility. 391In particular, if a non-default shell is used for running an 392.Va init_script , 393it might be desirable to have that script reset the value of 394.Va init_shell 395back to the default, so that the 396.Pa /etc/rc 397script is executed with the standard shell 398.Pa /bin/sh . 399.Sh FILES 400.Bl -tag -width /var/log/init.log -compact 401.It Pa /dev/console 402system console device 403.It Pa /dev/tty* 404terminal ports found in 405.Xr ttys 5 406.It Pa /etc/ttys 407the terminal initialization information file 408.It Pa /etc/rc 409system startup commands 410.It Pa /etc/rc.shutdown 411system shutdown commands 412.It Pa /etc/rc.final 413system shutdown commands (after process termination) 414.It Pa /var/log/init.log 415log of 416.Xr rc 8 417output if the system console device is not available 418.El 419.Sh DIAGNOSTICS 420.Bl -diag 421.It "getty repeating too quickly on port %s, sleeping." 422A process being started to service a line is exiting quickly 423each time it is started. 424This is often caused by a ringing or noisy terminal line. 425.Bf -emphasis 426Init will sleep for 30 seconds, 427then continue trying to start the process. 428.Ef 429.It "some processes would not die; ps axl advised." 430A process 431is hung and could not be killed when the system was shutting down. 432This condition is usually caused by a process 433that is stuck in a device driver because of 434a persistent device error condition. 435.El 436.Sh SEE ALSO 437.Xr kill 1 , 438.Xr login 1 , 439.Xr sh 1 , 440.Xr ttys 5 , 441.Xr security 7 , 442.Xr getty 8 , 443.Xr halt 8 , 444.Xr jail 8 , 445.Xr rc 8 , 446.Xr reboot 8 , 447.Xr shutdown 8 , 448.Xr sysctl 8 449.Sh HISTORY 450An 451.Nm 452utility appeared in 453.At v1 . 454.Sh CAVEATS 455Systems without 456.Xr sysctl 8 457behave as though they have security level \-1. 458.Pp 459Setting the security level above 1 too early in the boot sequence can 460prevent 461.Xr fsck 8 462from repairing inconsistent file systems. 463The 464preferred location to set the security level is at the end of 465.Pa /etc/rc 466after all multi-user startup actions are complete. 467