1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $FreeBSD: src/sbin/init/init.8,v 1.22.2.11 2003/05/03 22:19:20 keramida Exp $ 37.\" 38.Dd November 14, 2012 39.Dt INIT 8 40.Os 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm 46.Nm 47.Oo 48.Cm 0 | 1 | 6 | 49.Cm c | q 50.Oc 51.Sh DESCRIPTION 52The 53.Nm 54utility 55is the last stage of the boot process. 56It normally runs the automatic reboot sequence as described in 57.Xr rc 8 , 58and if this succeeds, begins multi-user operation. 59If the reboot scripts fail, 60.Nm 61commences single-user operation by giving 62the super-user a shell on the console. 63The 64.Nm 65utility may be passed parameters 66from the boot program to 67prevent the system from going multi-user and to instead execute 68a single-user shell without starting the normal daemons. 69The system is then quiescent for maintenance work and may 70later be made to go to multi-user by exiting the 71single-user shell (with ^D). 72This 73causes 74.Nm 75to run the 76.Pa /etc/rc 77start up command file in fastboot mode (skipping disk checks). 78.Pp 79If the 80.Em console 81entry in the 82.Xr ttys 5 83file is marked 84.Dq insecure , 85then 86.Nm 87will require that the super-user password be 88entered before the system will start a single-user shell. 89The password check is skipped if the 90.Em console 91is marked as 92.Dq secure . 93.Pp 94The kernel runs with five different levels of security. 95Any super-user process can raise the security level, but no process 96can lower it. 97The security levels are: 98.Bl -tag -width flag 99.It Ic -1 100Permanently insecure mode \- always run the system in level 0 mode. 101This is the default initial value. 102.It Ic 0 103Insecure mode \- immutable and append-only flags may be turned off. 104All devices may be read or written subject to their permissions. 105.It Ic 1 106Secure mode \- the system immutable and system append-only flags may not 107be turned off; 108disks for mounted file systems, 109.Pa /dev/mem , 110and 111.Pa /dev/kmem 112may not be opened for writing; 113kernel modules (see 114.Xr kld 4 ) 115may not be loaded or unloaded. 116.It Ic 2 117Highly secure mode \- same as secure mode, plus disks may not be 118opened for writing (except by 119.Xr mount 2 ) 120whether mounted or not. 121This level precludes tampering with file systems by unmounting them, 122but also inhibits running 123.Xr newfs 8 124while the system is multi-user. 125.Pp 126In addition, kernel time changes are restricted to less than or equal to one 127second. Attempts to change the time by more than this will log the message 128.Dq Time adjustment clamped to +1 second . 129.It Ic 3 130Network secure mode \- same as highly secure mode, plus 131IP packet filter rules (see 132.Xr ipfw 8 133and 134.Xr ipfirewall 4 ) 135cannot be changed and 136.Xr dummynet 4 137configuration cannot be adjusted. 138.El 139.Pp 140If the security level is initially nonzero, then 141.Nm 142leaves it unchanged. 143Otherwise, 144.Nm 145raises the level to 1 before going multi-user for the first time. 146Since the level cannot be reduced, it will be at least 1 for 147subsequent operation, even on return to single-user. 148If a level higher than 1 is desired while running multi-user, 149it can be set before going multi-user, e.g., by the startup script 150.Xr rc 8 , 151using 152.Xr sysctl 8 153to set the 154.Va kern.securelevel 155variable to the required security level. 156.Pp 157In multi-user operation, 158.Nm 159maintains 160processes for the terminal ports found in the file 161.Xr ttys 5 . 162The 163.Nm 164utility reads this file and executes the command found in the second field, 165unless the first field refers to a device in 166.Pa /dev 167which is not configured. 168The first field is supplied as the final argument to the command. 169This command is usually 170.Xr getty 8 ; 171.Nm getty 172opens and initializes the tty line 173and 174executes the 175.Xr login 1 176program. 177The 178.Nm login 179program, when a valid user logs in, 180executes a shell for that user. When this shell 181dies, either because the user logged out 182or an abnormal termination occurred (a signal), 183the 184.Nm 185utility wakes up, deletes the user 186from the 187.Xr utmp 5 188file of current users and records the logout in the 189.Xr wtmp 5 190file. 191The cycle is 192then restarted by 193.Nm 194executing a new 195.Nm getty 196for the line. 197.Pp 198The 199.Nm 200utility can also be used to keep arbitrary daemons running, 201automatically restarting them if they die. 202In this case, the first field in the 203.Xr ttys 5 204file must not reference the path to a configured device node 205and will be passed to the daemon 206as the final argument on its command line. 207This is similar to the facility offered in the 208.At V 209.Pa /etc/inittab . 210.Pp 211Line status (on, off, secure, getty, or window information) 212may be changed in the 213.Xr ttys 5 214file without a reboot by sending the signal 215.Dv SIGHUP 216to 217.Nm 218with the command 219.Dq Li "kill -HUP 1" . 220On receipt of this signal, 221.Nm 222re-reads the 223.Xr ttys 5 224file. 225When a line is turned off in 226.Xr ttys 5 , 227.Nm 228will send a 229.Dv SIGHUP 230signal to the controlling process for the session associated with the line. 231For any lines that were previously turned off in the 232.Xr ttys 5 233file and are now on, 234.Nm 235executes the command specified in the second field. 236If the command or window field for a line is changed, 237the change takes effect at the end of the current 238login session (e.g., the next time 239.Nm 240starts a process on the line). 241If a line is commented out or deleted from 242.Xr ttys 5 , 243.Nm 244will not do anything at all to that line. 245However, it will complain that the relationship between lines 246in the 247.Xr ttys 5 248file and records in the 249.Xr utmp 5 250file is out of sync, 251so this practice is not recommended. 252.Pp 253The 254.Nm 255utility will terminate multi-user operations and resume single-user mode 256if sent a terminate 257.Pq Dv TERM 258signal, for example, 259.Dq Li "kill \-TERM 1" . 260If there are processes outstanding that are deadlocked (because of 261hardware or software failure), 262.Nm 263will not wait for them all to die (which might take forever), but 264will time out after 30 seconds and print a warning message. 265.Pp 266The 267.Nm 268utility will cease creating new processes 269and allow the system to slowly die away, if it is sent a terminal stop 270.Pq Dv TSTP 271signal, i.e.\& 272.Dq Li "kill \-TSTP 1" . 273A later hangup will resume full 274multi-user operations, or a terminate will start a single-user shell. 275This hook is used by 276.Xr reboot 8 277and 278.Xr halt 8 . 279.Pp 280The 281.Nm 282utility will terminate all possible processes (again, it will not wait 283for deadlocked processes) and reboot the machine if sent the interrupt 284.Pq Dv INT 285signal, i.e.\& 286.Dq Li "kill \-INT 1". 287This is useful for shutting the machine down cleanly from inside the kernel 288or from X when the machine appears to be hung. 289.Pp 290The 291.Nm 292utility will do the same, except it will halt the machine if sent 293the user defined signal 1 294.Pq Dv USR1 , 295or will halt and turn the power off (if hardware permits) if sent 296the user defined signal 2 297.Pq Dv USR2 . 298.Pp 299When shutting down the machine, 300.Nm 301will try to run the 302.Pa /etc/rc.shutdown 303script. 304This script can be used to cleanly terminate specific programs such 305as 306.Nm innd 307(the InterNetNews server). 308If this script does not terminate within 120 seconds, 309.Nm 310will terminate it. The timeout can be configured via the 311.Xr sysctl 8 312variable 313.Va kern.init_shutdown_timeout . 314.Pp 315The role of 316.Nm 317is so critical that if it dies, the system will reboot itself 318automatically. 319If, at bootstrap time, the 320.Nm 321process cannot be located, the system will panic with the message 322.Dq "panic: init died (signal %d, exit %d)" . 323.Pp 324If run as a user process as shown in the second synopsis line, 325.Nm 326will emulate 327.At V 328behavior, i.e. super-user can specify the desired 329.Em run-level 330on a command line, and 331.Nm 332will signal the original 333(PID 1) 334.Nm 335as follows: 336.Bl -column Run-level SIGTERM 337.It Sy "Run-level Signal Action" 338.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 339.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 340.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 341.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 342.It Cm q Ta Dv SIGHUP Ta Rescan the 343.Xr ttys 5 344file 345.El 346.Sh FILES 347.Bl -tag -width /etc/rc.shutdown -compact 348.It Pa /dev/console 349system console device 350.It Pa /dev/tty* 351terminal ports found in 352.Xr ttys 5 353.It Pa /var/run/utmp 354record of current users on the system 355.It Pa /var/log/wtmp 356record of all logins and logouts 357.It Pa /etc/ttys 358the terminal initialization information file 359.It Pa /etc/rc 360system startup commands 361.It Pa /etc/rc.shutdown 362system shutdown commands 363.El 364.Sh DIAGNOSTICS 365.Bl -diag 366.It "getty repeating too quickly on port %s, sleeping." 367A process being started to service a line is exiting quickly 368each time it is started. 369This is often caused by a ringing or noisy terminal line. 370.Bf -emphasis 371Init will sleep for 30 seconds, 372then continue trying to start the process. 373.Ef 374.It "some processes would not die; ps axl advised." 375A process 376is hung and could not be killed when the system was shutting down. 377This condition is usually caused by a process 378that is stuck in a device driver because of 379a persistent device error condition. 380.El 381.Sh SEE ALSO 382.Xr kill 1 , 383.Xr login 1 , 384.Xr sh 1 , 385.Xr dummynet 4 , 386.Xr ipfirewall 4 , 387.Xr kld 4 , 388.Xr ttys 5 , 389.Xr crash 8 , 390.Xr getty 8 , 391.Xr halt 8 , 392.Xr ipfw 8 , 393.Xr rc 8 , 394.Xr reboot 8 , 395.Xr shutdown 8 , 396.Xr sysctl 8 397.Sh HISTORY 398An 399.Nm 400utility appeared in 401.At v6 . 402.Sh CAVEATS 403Systems without 404.Xr sysctl 8 405behave as though they have security level \-1. 406.Pp 407Setting the security level above 1 too early in the boot sequence can 408prevent 409.Xr fsck 8 410from repairing inconsistent file systems. The 411preferred location to set the security level is at the end of 412.Pa /etc/rc 413after all multi-user startup actions are complete. 414