1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)init.8 8.3 (Berkeley) 4/18/94 32.\" 33.Dd July 22, 2021 34.Dt INIT 8 35.Os 36.Sh NAME 37.Nm init 38.Nd process control initialization 39.Sh SYNOPSIS 40.Nm 41.Nm 42.Oo 43.Cm 0 | 1 | 6 | 44.Cm c | q 45.Oc 46.Sh DESCRIPTION 47The 48.Nm 49utility 50is the last stage of the boot process. 51It normally runs the automatic reboot sequence as described in 52.Xr rc 8 , 53and if this succeeds, begins multi-user operation. 54If the reboot scripts fail, 55.Nm 56commences single-user operation by giving 57the super-user a shell on the console. 58The 59.Nm 60utility may be passed parameters 61from the boot program to 62prevent the system from going multi-user and to instead execute 63a single-user shell without starting the normal daemons. 64The system is then quiescent for maintenance work and may 65later be made to go to multi-user by exiting the 66single-user shell (with ^D). 67This 68causes 69.Nm 70to run the 71.Pa /etc/rc 72start up command file in fastboot mode (skipping disk checks). 73.Pp 74If the 75.Em console 76entry in the 77.Xr ttys 5 78file is marked 79.Dq insecure , 80then 81.Nm 82will require that the super-user password be 83entered before the system will start a single-user shell. 84The password check is skipped if the 85.Em console 86is marked as 87.Dq secure . 88Note that the password check does not protect from variables 89such as 90.Va init_script 91being set from the 92.Xr loader 8 93command line; see the 94.Sx SECURITY 95section of 96.Xr loader 8 . 97.Pp 98If the system security level (see 99.Xr security 7 ) 100is initially nonzero, then 101.Nm 102leaves it unchanged. 103Otherwise, 104.Nm 105raises the level to 1 before going multi-user for the first time. 106Since the level cannot be reduced, it will be at least 1 for 107subsequent operation, even on return to single-user. 108If a level higher than 1 is desired while running multi-user, 109it can be set before going multi-user, e.g., by the startup script 110.Xr rc 8 , 111using 112.Xr sysctl 8 113to set the 114.Va kern.securelevel 115variable to the required security level. 116.Pp 117If 118.Nm 119is run in a jail, the security level of the 120.Dq host system 121will not be affected. 122Part of the information set up in the kernel to support a jail 123is a per-jail security level. 124This allows running a higher security level inside of a jail 125than that of the host system. 126See 127.Xr jail 8 128for more information about jails. 129.Pp 130In multi-user operation, 131.Nm 132maintains 133processes for the terminal ports found in the file 134.Xr ttys 5 . 135The 136.Nm 137utility reads this file and executes the command found in the second field, 138unless the first field refers to a device in 139.Pa /dev 140which is not configured. 141The first field is supplied as the final argument to the command. 142This command is usually 143.Xr getty 8 ; 144.Nm getty 145opens and initializes the tty line 146and 147executes the 148.Xr login 1 149program. 150The 151.Nm login 152program, when a valid user logs in, 153executes a shell for that user. 154When this shell 155dies, either because the user logged out 156or an abnormal termination occurred (a signal), 157the cycle is restarted by 158executing a new 159.Nm getty 160for the line. 161.Pp 162The 163.Nm 164utility can also be used to keep arbitrary daemons running, 165automatically restarting them if they die. 166In this case, the first field in the 167.Xr ttys 5 168file must not reference the path to a configured device node 169and will be passed to the daemon 170as the final argument on its command line. 171This is similar to the facility offered in the 172.At V 173.Pa /etc/inittab . 174.Pp 175Line status (on, off, secure, getty, or window information) 176may be changed in the 177.Xr ttys 5 178file without a reboot by sending the signal 179.Dv SIGHUP 180to 181.Nm 182with the command 183.Dq Li "kill -HUP 1" . 184On receipt of this signal, 185.Nm 186re-reads the 187.Xr ttys 5 188file. 189When a line is turned off in 190.Xr ttys 5 , 191.Nm 192will send a SIGHUP signal to the controlling process 193for the session associated with the line. 194For any lines that were previously turned off in the 195.Xr ttys 5 196file and are now on, 197.Nm 198executes the command specified in the second field. 199If the command or window field for a line is changed, 200the change takes effect at the end of the current 201login session (e.g., the next time 202.Nm 203starts a process on the line). 204If a line is commented out or deleted from 205.Xr ttys 5 , 206.Nm 207will not do anything at all to that line. 208.Pp 209The 210.Nm 211utility will terminate multi-user operations and resume single-user mode 212if sent a terminate 213.Pq Dv TERM 214signal, for example, 215.Dq Li "kill \-TERM 1" . 216If there are processes outstanding that are deadlocked (because of 217hardware or software failure), 218.Nm 219will not wait for them all to die (which might take forever), but 220will time out after 30 seconds and print a warning message. 221.Pp 222The 223.Nm 224utility will cease creating new processes 225and allow the system to slowly die away, if it is sent a terminal stop 226.Pq Dv TSTP 227signal, i.e.\& 228.Dq Li "kill \-TSTP 1" . 229A later hangup will resume full 230multi-user operations, or a terminate will start a single-user shell. 231This hook is used by 232.Xr reboot 8 233and 234.Xr halt 8 . 235.Pp 236The 237.Nm 238utility will terminate all possible processes (again, it will not wait 239for deadlocked processes) and reboot the machine if sent the interrupt 240.Pq Dv INT 241signal, i.e.\& 242.Dq Li "kill \-INT 1". 243This is useful for shutting the machine down cleanly from inside the kernel 244or from X when the machine appears to be hung. 245.Pp 246The 247.Nm 248utility will do the same, except it will halt the machine if sent 249the user defined signal 1 250.Pq Dv USR1 , 251or will halt and turn the power off (if hardware permits) if sent 252the user defined signal 2 253.Pq Dv USR2 . 254.Pp 255When shutting down the machine, 256.Nm 257will try to run the 258.Pa /etc/rc.shutdown 259script. 260This script can be used to cleanly terminate specific programs such 261as 262.Nm innd 263(the InterNetNews server). 264If this script does not terminate within 120 seconds, 265.Nm 266will terminate it. 267The timeout can be configured via the 268.Xr sysctl 8 269variable 270.Va kern.init_shutdown_timeout . 271.Pp 272.Nm init 273passes 274.Dq Li single 275as the argument to the shutdown script if return to single-user mode 276is requested. 277Otherwise, 278.Dq Li reboot 279argument is used. 280.Pp 281After all user processes have been terminated, 282.Nm 283will try to run the 284.Pa /etc/rc.final 285script. 286This script can be used to finally prepare and unmount filesystems that may have 287been needed during shutdown, for instance. 288.Pp 289The role of 290.Nm 291is so critical that if it dies, the system will reboot itself 292automatically. 293If, at bootstrap time, the 294.Nm 295process cannot be located, the system will panic with the message 296.Dq "panic: init died (signal %d, exit %d)" . 297.Pp 298If run as a user process as shown in the second synopsis line, 299.Nm 300will emulate 301.At V 302behavior, i.e., super-user can specify the desired 303.Em run-level 304on a command line, and 305.Nm 306will signal the original 307(PID 1) 308.Nm 309as follows: 310.Bl -column Run-level SIGTERM 311.It Sy "Run-level Signal Action" 312.It Cm 0 Ta Dv SIGUSR1 Ta "Halt" 313.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 314.It Cm 0 Ta Dv SIGWINCH Ta "Halt and turn the power off and then back on" 315.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 316.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 317.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 318.It Cm q Ta Dv SIGHUP Ta Rescan the 319.Xr ttys 5 320file 321.El 322.Sh KERNEL ENVIRONMENT VARIABLES 323The following 324.Xr kenv 2 325variables are available as 326.Xr loader 8 327tunables: 328.Bl -tag -width indent 329.It Va init_chroot 330If set to a valid directory in the root file system, it causes 331.Nm 332to perform a 333.Xr chroot 2 334operation on that directory, making it the new root directory. 335That happens before entering single-user mode or multi-user 336mode (but after executing the 337.Va init_script 338if enabled). 339This functionality has generally been eclipsed by rerooting. 340See 341.Xr reboot 8 342.Fl r 343for details. 344.It Va init_exec 345If set to a valid file name in the root file system, 346instructs 347.Nm 348to directly execute that file as the very first action, 349replacing 350.Nm 351as PID 1. 352.It Va init_script 353If set to a valid file name in the root file system, 354instructs 355.Nm 356to run that script as the very first action, 357before doing anything else. 358Signal handling and exit code interpretation is similar to 359running the 360.Pa /etc/rc 361script. 362In particular, single-user operation is enforced 363if the script terminates with a non-zero exit code, 364or if a SIGTERM is delivered to the 365.Nm 366process (PID 1). 367This functionality has generally been eclipsed by rerooting. 368See 369.Xr reboot 8 370.Fl r 371for details. 372.It Va init_shell 373Defines the shell binary to be used for executing the various shell scripts. 374The default is 375.Dq Li /bin/sh . 376It is used for running the 377.Va init_exec 378or 379.Va init_script 380if set, as well as for the 381.Pa /etc/rc , 382.Pa /etc/rc.shutdown , 383and 384.Pa /etc/rc.final 385scripts. 386The value of the corresponding 387.Xr kenv 2 388variable is evaluated every time 389.Nm 390calls a shell script, so it can be changed later on using the 391.Xr kenv 1 392utility. 393In particular, if a non-default shell is used for running an 394.Va init_script , 395it might be desirable to have that script reset the value of 396.Va init_shell 397back to the default, so that the 398.Pa /etc/rc 399script is executed with the standard shell 400.Pa /bin/sh . 401.Sh FILES 402.Bl -tag -width /var/log/init.log -compact 403.It Pa /dev/console 404system console device 405.It Pa /dev/tty* 406terminal ports found in 407.Xr ttys 5 408.It Pa /etc/ttys 409the terminal initialization information file 410.It Pa /etc/rc 411system startup commands 412.It Pa /etc/rc.shutdown 413system shutdown commands 414.It Pa /etc/rc.final 415system shutdown commands (after process termination) 416.It Pa /var/log/init.log 417log of 418.Xr rc 8 419output if the system console device is not available 420.El 421.Sh DIAGNOSTICS 422.Bl -diag 423.It "getty repeating too quickly on port %s, sleeping." 424A process being started to service a line is exiting quickly 425each time it is started. 426This is often caused by a ringing or noisy terminal line. 427.Bf -emphasis 428Init will sleep for 30 seconds, 429then continue trying to start the process. 430.Ef 431.It "some processes would not die; ps axl advised." 432A process 433is hung and could not be killed when the system was shutting down. 434This condition is usually caused by a process 435that is stuck in a device driver because of 436a persistent device error condition. 437.El 438.Sh SEE ALSO 439.Xr kill 1 , 440.Xr login 1 , 441.Xr sh 1 , 442.Xr ttys 5 , 443.Xr security 7 , 444.Xr getty 8 , 445.Xr halt 8 , 446.Xr jail 8 , 447.Xr rc 8 , 448.Xr reboot 8 , 449.Xr shutdown 8 , 450.Xr sysctl 8 451.Sh HISTORY 452An 453.Nm 454utility appeared in 455.At v1 . 456.Sh CAVEATS 457Systems without 458.Xr sysctl 8 459behave as though they have security level \-1. 460.Pp 461Setting the security level above 1 too early in the boot sequence can 462prevent 463.Xr fsck 8 464from repairing inconsistent file systems. 465The 466preferred location to set the security level is at the end of 467.Pa /etc/rc 468after all multi-user startup actions are complete. 469