1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $FreeBSD$ 37.\" 38.Dd April 18, 1994 39.Dt INIT 8 40.Os BSD 4 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm init 46.Nm init 47.Oo 48.Cm 0 | 1 | 6 | 49.Cm c | q 50.Oc 51.Sh DESCRIPTION 52The 53.Nm 54program 55is the last stage of the boot process. 56It normally runs the automatic reboot sequence as described in 57.Xr rc 8 , 58and if this succeeds, begins multi-user operation. 59If the reboot scripts fail, 60.Nm 61commences single-user operation by giving 62the super-user a shell on the console. 63The 64.Nm 65program may be passed parameters 66from the boot program to 67prevent the system from going multi-user and to instead execute 68a single-user shell without starting the normal daemons. 69The system is then quiescent for maintenance work and may 70later be made to go to multi-user by exiting the 71single-user shell (with ^D). 72This 73causes 74.Nm 75to run the 76.Pa /etc/rc 77start up command file in fastboot mode (skipping disk checks). 78.Pp 79If the 80.Em console 81entry in the 82.Xr ttys 5 83file is marked 84.Dq insecure , 85then 86.Nm 87will require that the super-user password be 88entered before the system will start a single-user shell. 89The password check is skipped if the 90.Em console 91is marked as 92.Dq secure . 93.Pp 94The kernel runs with four different levels of security. 95Any super-user process can raise the security level, but no process 96can lower it. 97The security levels are: 98.Bl -tag -width flag 99.It Ic -1 100Permanently insecure mode \- always run the system in level 0 mode. 101This is the default initial value. 102.It Ic 0 103Insecure mode \- immutable and append-only flags may be turned off. 104All devices may be read or written subject to their permissions. 105.It Ic 1 106Secure mode \- the system immutable and system append-only flags may not 107be turned off; 108disks for mounted filesystems, 109.Pa /dev/mem , 110and 111.Pa /dev/kmem 112may not be opened for writing. 113.It Ic 2 114Highly secure mode \- same as secure mode, plus disks may not be 115opened for writing (except by 116.Xr mount 2 ) 117whether mounted or not. 118This level precludes tampering with filesystems by unmounting them, 119but also inhibits running 120.Xr newfs 8 121while the system is multi-user. 122.Pp 123In addition, kernel time changes are restricted to less than or equal to one 124second. Attempts to change the time by more than this will log the message 125.Dq Time adjustment clamped to +1 second . 126.It Ic 3 127Network secure mode \- same as highly secure mode, plus 128IP packet filter rules (see 129.Xr ipfw 8 130and 131.Xr ipfirewall 4 ) 132cannot be changed and 133.Xr dummynet 4 134configuration cannot be adjusted. 135.El 136.Pp 137If the security level is initially -1, then 138.Nm 139leaves it unchanged. 140Otherwise, 141.Nm 142arranges to run the system in level 0 mode while single-user 143and in level 1 mode while multi-user. 144If level 2 mode is desired while running multi-user, 145it can be set while single-user, e.g., in the startup script 146.Pa /etc/rc , 147using 148.Xr sysctl 8 149to set the 150.Dq kern.securelevel 151variable to the required security level. 152.Pp 153In multi-user operation, 154.Nm 155maintains 156processes for the terminal ports found in the file 157.Xr ttys 5 . 158.Nm Init 159reads this file and executes the command found in the second field, 160unless the first field refers to a device in 161.Pa /dev 162which is not configured. 163The first field is supplied as the final argument to the command. 164This command is usually 165.Xr getty 8 ; 166.Nm getty 167opens and initializes the tty line 168and 169executes the 170.Xr login 1 171program. 172The 173.Nm login 174program, when a valid user logs in, 175executes a shell for that user. When this shell 176dies, either because the user logged out 177or an abnormal termination occurred (a signal), 178the 179.Nm 180program wakes up, deletes the user 181from the 182.Xr utmp 5 183file of current users and records the logout in the 184.Xr wtmp 5 185file. 186The cycle is 187then restarted by 188.Nm 189executing a new 190.Nm getty 191for the line. 192.Pp 193.Nm Init 194can also be used to keep arbitrary daemons running, 195automatically restarting them if they die. 196In this case, the first field in the 197.Xr ttys 5 198file must not reference the path to a configured device node 199and will be passed to the daemon 200as the final argument on its command line. 201This is similar to the facility offered in the 202.At V 203.Pa /etc/inittab . 204.Pp 205Line status (on, off, secure, getty, or window information) 206may be changed in the 207.Xr ttys 5 208file without a reboot by sending the signal 209.Dv SIGHUP 210to 211.Nm 212with the command 213.Dq Li "kill -HUP 1" . 214On receipt of this signal, 215.Nm 216re-reads the 217.Xr ttys 5 218file. 219When a line is turned off in 220.Xr ttys 5 , 221.Nm 222will send a SIGHUP signal to the controlling process 223for the session associated with the line. 224For any lines that were previously turned off in the 225.Xr ttys 5 226file and are now on, 227.Nm 228executes the command specified in the second field. 229If the command or window field for a line is changed, 230the change takes effect at the end of the current 231login session (e.g., the next time 232.Nm 233starts a process on the line). 234If a line is commented out or deleted from 235.Xr ttys 5 , 236.Nm 237will not do anything at all to that line. 238However, it will complain that the relationship between lines 239in the 240.Xr ttys 5 241file and records in the 242.Xr utmp 5 243file is out of sync, 244so this practice is not recommended. 245.Pp 246.Nm Init 247will terminate multi-user operations and resume single-user mode 248if sent a terminate 249.Pq Dv TERM 250signal, for example, 251.Dq Li "kill \-TERM 1" . 252If there are processes outstanding that are deadlocked (because of 253hardware or software failure), 254.Nm 255will not wait for them all to die (which might take forever), but 256will time out after 30 seconds and print a warning message. 257.Pp 258.Nm Init 259will cease creating new processes 260and allow the system to slowly die away, if it is sent a terminal stop 261.Pq Dv TSTP 262signal, i.e. 263.Dq Li "kill \-TSTP 1" . 264A later hangup will resume full 265multi-user operations, or a terminate will start a single-user shell. 266This hook is used by 267.Xr reboot 8 268and 269.Xr halt 8 . 270.Pp 271.Nm Init 272will terminate all possible processes (again, it will not wait 273for deadlocked processes) and reboot the machine if sent the interrupt 274.Pq Dv INT 275signal, i.e. 276.Dq Li "kill \-INT 1". 277This is useful for shutting the machine down cleanly from inside the kernel 278or from X when the machine appears to be hung. 279.Pp 280.Nm Init 281will do the same, except it will halt the machine if sent 282the user defined signal 1 283.Pq Dv USR1 , 284or will halt and turn the power off (if hardware permits) if sent 285the user defined signal 2 286.Pq Dv USR2 . 287.Pp 288When shutting down the machine, 289.Nm 290will try to run the 291.Pa /etc/rc.shutdown 292script. This script can be used to cleanly terminate specific programs such 293as 294.Nm innd 295(the InterNetNews server). 296.Pp 297The role of 298.Nm 299is so critical that if it dies, the system will reboot itself 300automatically. 301If, at bootstrap time, the 302.Nm 303process cannot be located, the system will panic with the message 304.Dq "panic: init died (signal %d, exit %d)" . 305.Pp 306If run as a user process as shown in the second synopsis line, 307.Nm 308will emulate 309.At V 310behavior, i.e. super-user can specify the desired 311.Em run-level 312on a command line, and 313.Nm 314will signal the original 315.Pq PID 1 316.Nm 317as follows: 318.Bl -column Run-level SIGTERM 319.It Sy Run-level Signal Action 320.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 321.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 322.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 323.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 324.It Cm q Ta Dv SIGHUP Ta Rescan the 325.Xr ttys 5 326file 327.El 328.Sh DIAGNOSTICS 329.Bl -diag 330.It "getty repeating too quickly on port %s, sleeping" 331A process being started to service a line is exiting quickly 332each time it is started. 333This is often caused by a ringing or noisy terminal line. 334.Em "Init will sleep for 30 seconds" , 335.Em "then continue trying to start the process" . 336.Pp 337.It "some processes would not die; ps axl advised." 338A process 339is hung and could not be killed when the system was shutting down. 340This condition is usually caused by a process 341that is stuck in a device driver because of 342a persistent device error condition. 343.El 344.Sh FILES 345.Bl -tag -width /etc/rc.shutdown -compact 346.It Pa /dev/console 347system console device 348.It Pa /dev/tty* 349terminal ports found in 350.Xr ttys 5 351.It Pa /var/run/utmp 352record of current users on the system 353.It Pa /var/log/wtmp 354record of all logins and logouts 355.It Pa /etc/ttys 356the terminal initialization information file 357.It Pa /etc/rc 358system startup commands 359.It Pa /etc/rc.shutdown 360system shutdown commands 361.El 362.Sh SEE ALSO 363.Xr kill 1 , 364.Xr login 1 , 365.Xr sh 1 , 366.Xr dummynet 4 , 367.Xr ipfirewall 4 , 368.Xr ttys 5 , 369.Xr crash 8 , 370.Xr getty 8 , 371.Xr halt 8 , 372.Xr ipfw 8 , 373.Xr rc 8 , 374.Xr reboot 8 , 375.Xr shutdown 8 , 376.Xr sysctl 8 377.Sh HISTORY 378An 379.Nm 380command appeared in 381.At v6 . 382.Sh CAVEATS 383Systems without 384.Xr sysctl 385behave as though they have security level \-1. 386.Pp 387Setting the security level above 1 too early in the boot sequence can 388prevent 389.Xr fsck 8 390from repairing inconsistent filesystems. The 391preferred location to set the security level is at the end of 392.Pa /etc/rc 393after all multi-user startup actions are complete. 394