init.tproj/init.8

   1 .\" Copyright (c) 1980, 1991, 1993
   2 .\"     The Regents of the University of California.  All rights reserved.
   3 .\"
   4 .\" This code is derived from software contributed to Berkeley by
   5 .\" Donn Seeley at Berkeley Software Design, Inc.
   6 .\"
   7 .\" Redistribution and use in source and binary forms, with or without
   8 .\" modification, are permitted provided that the following conditions
   9 .\" are met:
  10 .\" 1. Redistributions of source code must retain the above copyright
  11 .\"    notice, this list of conditions and the following disclaimer.
  12 .\" 2. Redistributions in binary form must reproduce the above copyright
  13 .\"    notice, this list of conditions and the following disclaimer in the
  14 .\"    documentation and/or other materials provided with the distribution.
  15 .\" 3. All advertising materials mentioning features or use of this software
  16 .\"    must display the following acknowledgement:
  17 .\"     This product includes software developed by the University of
  18 .\"     California, Berkeley and its contributors.
  19 .\" 4. Neither the name of the University nor the names of its contributors
  20 .\"    may be used to endorse or promote products derived from this software
  21 .\"    without specific prior written permission.
  22 .\"
  23 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  24 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  27 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33 .\" SUCH DAMAGE.
  34 .\"
  35 .\"     @(#)init.8      8.6 (Berkeley) 5/26/95
  36 .\"
  37 .Dd May 26, 1995
  38 .Dt INIT 8
  39 .Os BSD 4
  40 .Sh NAME
  41 .Nm init
  42 .Nd process control initialization
  43 .Sh SYNOPSIS
  44 .Nm init
  45 .Sh DESCRIPTION
  46 The
  47 .Nm init
  48 program
  49 is the last stage of the boot process.
  50 It normally runs the automatic reboot sequence as described in
  51 .Xr reboot 8 ,
  52 and if this succeeds, begins multi-user operation.
  53 If the reboot scripts fail,
  54 .Nm init
  55 commences single user operation by giving
  56 the super-user a shell on the console.
  57 The
  58 .Nm init
  59 program may be passed parameters
  60 from the boot program to
  61 prevent the system from going multi-user and to instead execute
  62 a single user shell without starting the normal daemons.
  63 The system is then quiescent for maintenance work and may
  64 later be made to go to multi-user by exiting the
  65 single-user shell (with ^D).
  66 This
  67 causes
  68 .Nm init
  69 to run the
  70 .Pa /etc/rc
  71 start up command file in fastboot mode (skipping disk checks).
  72 .Pp
  73 If the
  74 .Nm console
  75 entry in the
  76 .Xr ttys 5
  77 file is marked ``insecure'',
  78 then
  79 .Nm init
  80 will require that the superuser password be
  81 entered before the system will start a single-user shell.
  82 The password check is skipped if the
  83 .Nm console
  84 is marked as ``secure''.
  85 .Pp
  86 The kernel runs with four different levels of security.
  87 Any superuser process can raise the security level, but only
  88 .Nm init
  89 can lower it.
  90 Security levels are defined as follows:
  91 .Bl -tag -width flag
  92 .It Ic -1
  93 Permanently insecure mode \- always run system in level 0 mode.
  94 .It Ic 0
  95 Insecure mode \- immutable and append-only flags may be turned off.
  96 All devices may be read or written subject to their permissions.
  97 .It Ic 1
  98 Secure mode \- immutable and append-only flags may not be changed;
  99 disks for mounted filesystems,
 100 .Pa /dev/mem ,
 101 and
 102 .Pa /dev/kmem
 103 are read-only.
 104 The
 105 .Xr settimeofday 2
 106 system call can only advance the time.
 107 .It Ic 2
 108 Highly secure mode \- same as secure mode, plus disks are always
 109 read-only whether mounted or not.
 110 This level precludes tampering with filesystems by unmounting them,
 111 but also inhibits running
 112 .Xr newfs 8
 113 while the system is multi-user.
 114 .El
 115 .Pp
 116 Normally, the system runs in level 0 mode while single user
 117 and in level 1 mode while multiuser.
 118 If the level 2 mode is desired while running multiuser,
 119 it can be set in the startup script
 120 .Pa /etc/rc
 121 using
 122 .Xr sysctl 8 .
 123 If it is desired to run the system in level 0 mode while multiuser,
 124 the administrator must build a kernel with the variable
 125 .Nm securelevel
 126 defined in the file
 127 .Pa /sys/compile/MACHINE/param.c
 128 and initialize it to -1.
 129 .Pp
 130 In multi-user operation,
 131 .Nm init
 132 maintains
 133 processes for the terminal ports found in the file
 134 .Xr ttys 5 .
 135 .Nm Init
 136 reads this file, and executes the command found in the second field.
 137 This command is usually
 138 .Xr getty 8 ;
 139 .Xr getty
 140 opens and initializes the tty line
 141 and
 142 executes the
 143 .Xr login
 144 program.
 145 The
 146 .Xr login
 147 program, when a valid user logs in,
 148 executes a shell for that user.  When this shell
 149 dies, either because the user logged out
 150 or an abnormal termination occurred (a signal),
 151 the
 152 .Nm init
 153 program wakes up, deletes the user
 154 from the
 155 .Xr utmp 5
 156 file of current users and records the logout in the
 157 .Xr wtmp
 158 file.
 159 The cycle is
 160 then restarted by
 161 .Nm init
 162 executing a new
 163 .Xr getty
 164 for the line.
 165 .pl +1
 166 .Pp
 167 Line status (on, off, secure, getty, or window information)
 168 may be changed in the
 169 .Xr ttys
 170 file without a reboot by sending the signal
 171 .Dv SIGHUP
 172 to
 173 .Nm init
 174 with the command
 175 .Dq Li "kill \-s HUP 1" .
 176 On receipt of this signal,
 177 .Nm init
 178 re-reads the
 179 .Xr ttys
 180 file.
 181 When a line is turned off in
 182 .Xr ttys ,
 183 .Nm init
 184 will send a SIGHUP signal to the controlling process
 185 for the session associated with the line.
 186 For any lines that were previously turned off in the
 187 .Xr ttys
 188 file and are now on,
 189 .Nm init
 190 executes a new
 191 .Xr getty
 192 to enable a new login.
 193 If the getty or window field for a line is changed,
 194 the change takes effect at the end of the current
 195 login session (e.g., the next time
 196 .Nm init
 197 starts a process on the line).
 198 If a line is commented out or deleted from
 199 .Xr ttys ,
 200 .Nm init
 201 will not do anything at all to that line.
 202 However, it will complain that the relationship between lines
 203 in the
 204 .Xr ttys
 205 file and records in the
 206 .Xr utmp
 207 file is out of sync,
 208 so this practice is not recommended.
 209 .Pp
 210 .Nm Init
 211 will terminate multi-user operations and resume single-user mode
 212 if sent a terminate
 213 .Pq Dv TERM
 214 signal, for example,
 215 .Dq Li "kill \-s TERM 1" .
 216 If there are processes outstanding that are deadlocked (because of
 217 hardware or software failure),
 218 .Xr init
 219 will not wait for them all to die (which might take forever), but
 220 will time out after 30 seconds and print a warning message.
 221 .Pp
 222 .Nm Init
 223 will cease creating new
 224 .Xr getty Ns 's
 225 and allow the system to slowly die away, if it is sent a terminal stop
 226 .Pq Dv TSTP
 227 signal, i.e.
 228 .Dq Li "kill \-s TSTP 1" .
 229 A later hangup will resume full
 230 multi-user operations, or a terminate will start a single user shell.
 231 This hook is used by
 232 .Xr reboot 8
 233 and
 234 .Xr halt 8 .
 235 .Pp
 236 The role of
 237 .Nm init
 238 is so critical that if it dies, the system will reboot itself
 239 automatically.
 240 If, at bootstrap time, the
 241 .Xr init
 242 process cannot be located, the system will panic with the message
 243 ``panic: "init died (signal %d, exit %d)''.
 244 .Sh DIAGNOSTICS
 245 .Bl -diag
 246 .It "getty repeating too quickly on port %s, sleeping"
 247 A process being started to service a line is exiting quickly
 248 each time it is started.
 249 This is often caused by a ringing or noisy terminal line.
 250 .Em "Init will sleep for 10 seconds" ,
 251 .Em "then continue trying to start the process" .
 252 .Pp
 253 .It "some processes would not die; ps axl advised."
 254 A process
 255 is hung and could not be killed when the system was shutting down.
 256 This condition is usually caused by a process
 257 that is stuck in a device driver because of
 258 a persistent device error condition.
 259 .El
 260 .Sh FILES
 261 .Bl -tag -width /var/log/wtmp -compact
 262 .It Pa /dev/console
 263 System console device.
 264 .It Pa /dev/tty*
 265 Terminal ports found in
 266 .Xr ttys .
 267 .It Pa /var/run/utmp
 268 Record of Current users on the system.
 269 .It Pa /var/log/wtmp
 270 Record of all logins and logouts.
 271 .It Pa /etc/ttys
 272 The terminal initialization information file.
 273 .It Pa /etc/rc
 274 System startup commands.
 275 .El
 276 .Sh SEE ALSO
 277 .Xr login 1 ,
 278 .Xr kill 1 ,
 279 .Xr sh 1 ,
 280 .Xr ttys 5 ,
 281 .Xr crash 8 ,
 282 .Xr getty 8 ,
 283 .Xr rc 8 ,
 284 .Xr reboot 8 ,
 285 .Xr halt 8 ,
 286 .Xr shutdown 8
 287 .Sh HISTORY
 288 A
 289 .Nm
 290 command appeared in
 291 .At v6 .
 292 .Sh BUGS
 293 Systems without
 294 .Xr sysctl
 295 behave as though they have security level \-1.