1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)init.8 8.3 (Berkeley) 4/18/94 32.\" $FreeBSD: src/sbin/init/init.8,v 1.22.2.11 2003/05/03 22:19:20 keramida Exp $ 33.\" 34.Dd September 11, 2019 35.Dt INIT 8 36.Os 37.Sh NAME 38.Nm init 39.Nd process control initialization 40.Sh SYNOPSIS 41.Nm 42.Nm 43.Oo 44.Cm 0 | 1 | 6 | 45.Cm c | q 46.Oc 47.Sh DESCRIPTION 48The 49.Nm 50utility 51is the last stage of the boot process. 52It normally runs the automatic reboot sequence as described in 53.Xr rc 8 , 54and if this succeeds, begins multi-user operation. 55If the reboot scripts fail, 56.Nm 57commences single-user operation by giving 58the super-user a shell on the console. 59The 60.Nm 61utility may be passed parameters 62from the boot program to 63prevent the system from going multi-user and to instead execute 64a single-user shell without starting the normal daemons. 65The system is then quiescent for maintenance work and may 66later be made to go to multi-user by exiting the 67single-user shell (with ^D). 68This 69causes 70.Nm 71to run the 72.Pa /etc/rc 73start up command file in fastboot mode (skipping disk checks). 74.Pp 75If the 76.Em console 77entry in the 78.Xr ttys 5 79file is marked 80.Dq insecure , 81then 82.Nm 83will require that the super-user password be 84entered before the system will start a single-user shell. 85The password check is skipped if the 86.Em console 87is marked as 88.Dq secure . 89.Pp 90The kernel runs with five different levels of security. 91Any super-user process can raise the security level, but no process 92can lower it. 93The security levels are: 94.Bl -tag -width flag 95.It Ic -1 96Permanently insecure mode \- always run the system in level 0 mode. 97This is the default initial value. 98.It Ic 0 99Insecure mode \- immutable and append-only flags may be turned off. 100All devices may be read or written subject to their permissions. 101.It Ic 1 102Secure mode \- the system immutable and system append-only flags may not 103be turned off; 104disks for mounted file systems, 105.Pa /dev/mem , 106and 107.Pa /dev/kmem 108may not be opened for writing; 109kernel modules (see 110.Xr kld 4 ) 111may not be loaded or unloaded. 112.It Ic 2 113Highly secure mode \- same as secure mode, plus disks may not be 114opened for writing (except by 115.Xr mount 2 ) 116whether mounted or not. 117This level precludes tampering with file systems by unmounting them, 118but also inhibits running 119.Xr newfs 8 120while the system is multi-user. 121.Pp 122In addition, kernel time changes are restricted to less than or equal to one 123second. Attempts to change the time by more than this will log the message 124.Dq Time adjustment clamped to +1 second . 125.It Ic 3 126Network secure mode \- same as highly secure mode, plus 127IP packet filter rules (see 128.Xr ipfw 8 129and 130.Xr ipfirewall 4 ) 131cannot be changed and 132.Xr dummynet 4 133configuration cannot be adjusted. 134.El 135.Pp 136If the security level is initially nonzero, then 137.Nm 138leaves it unchanged. 139Otherwise, 140.Nm 141raises the level to 1 before going multi-user for the first time. 142Since the level cannot be reduced, it will be at least 1 for 143subsequent operation, even on return to single-user. 144If a level higher than 1 is desired while running multi-user, 145it can be set before going multi-user, e.g., by the startup script 146.Xr rc 8 , 147using 148.Xr sysctl 8 149to set the 150.Va kern.securelevel 151variable to the required security level. 152.Pp 153In multi-user operation, 154.Nm 155maintains 156processes for the terminal ports found in the file 157.Xr ttys 5 . 158The 159.Nm 160utility reads this file and executes the command found in the second field, 161unless the first field refers to a device in 162.Pa /dev 163which is not configured. 164The first field is supplied as the final argument to the command. 165This command is usually 166.Xr getty 8 ; 167.Nm getty 168opens and initializes the tty line 169and 170executes the 171.Xr login 1 172program. 173The 174.Nm login 175program, when a valid user logs in, 176executes a shell for that user. When this shell 177dies, either because the user logged out 178or an abnormal termination occurred (a signal), 179the 180.Nm 181utility wakes up, deletes the user 182from the 183.Xr utmpx 5 184file of current users and records the logout in the 185.Xr wtmpx 5 186file. 187The cycle is 188then restarted by 189.Nm 190executing a new 191.Nm getty 192for the line. 193.Pp 194The 195.Nm 196utility can also be used to keep arbitrary daemons running, 197automatically restarting them if they die. 198In this case, the first field in the 199.Xr ttys 5 200file must not reference the path to a configured device node 201and will be passed to the daemon 202as the final argument on its command line. 203This is similar to the facility offered in the 204.At V 205.Pa /etc/inittab . 206.Pp 207Line status (on, off, secure, getty, or window information) 208may be changed in the 209.Xr ttys 5 210file without a reboot by sending the signal 211.Dv SIGHUP 212to 213.Nm 214with the command 215.Dq Li "kill -HUP 1" . 216On receipt of this signal, 217.Nm 218re-reads the 219.Xr ttys 5 220file. 221When a line is turned off in 222.Xr ttys 5 , 223.Nm 224will send a 225.Dv SIGHUP 226signal to the controlling process for the session associated with the line. 227For any lines that were previously turned off in the 228.Xr ttys 5 229file and are now on, 230.Nm 231executes the command specified in the second field. 232If the command or window field for a line is changed, 233the change takes effect at the end of the current 234login session (e.g., the next time 235.Nm 236starts a process on the line). 237If a line is commented out or deleted from 238.Xr ttys 5 , 239.Nm 240will not do anything at all to that line. 241However, it will complain that the relationship between lines 242in the 243.Xr ttys 5 244file and records in the 245.Xr utmpx 5 246file is out of sync, 247so this practice is not recommended. 248.Pp 249The 250.Nm 251utility will terminate multi-user operations and resume single-user mode 252if sent a terminate 253.Pq Dv TERM 254signal, for example, 255.Dq Li "kill \-TERM 1" . 256If there are processes outstanding that are deadlocked (because of 257hardware or software failure), 258.Nm 259will not wait for them all to die (which might take forever), but 260will time out after 30 seconds and print a warning message. 261.Pp 262The 263.Nm 264utility will cease creating new processes 265and allow the system to slowly die away, if it is sent a terminal stop 266.Pq Dv TSTP 267signal, i.e.\& 268.Dq Li "kill \-TSTP 1" . 269A later hangup will resume full 270multi-user operations, or a terminate will start a single-user shell. 271This hook is used by 272.Xr reboot 8 273and 274.Xr halt 8 . 275.Pp 276The 277.Nm 278utility will terminate all possible processes (again, it will not wait 279for deadlocked processes) and reboot the machine if sent the interrupt 280.Pq Dv INT 281signal, i.e.\& 282.Dq Li "kill \-INT 1". 283This is useful for shutting the machine down cleanly from inside the kernel 284or from X when the machine appears to be hung. 285.Pp 286The 287.Nm 288utility will do the same, except it will halt the machine if sent 289the user defined signal 1 290.Pq Dv USR1 , 291or will halt and turn the power off (if hardware permits) if sent 292the user defined signal 2 293.Pq Dv USR2 . 294.Pp 295When shutting down the machine, 296.Nm 297will try to run the 298.Pa /etc/rc.shutdown 299script. 300This script can be used to cleanly terminate specific programs such 301as 302.Nm innd 303(the InterNetNews server). 304If this script does not terminate within 120 seconds, 305.Nm 306will terminate it. The timeout can be configured via the 307.Xr sysctl 8 308variable 309.Va kern.init_shutdown_timeout . 310.Pp 311The role of 312.Nm 313is so critical that if it dies, the system will reboot itself 314automatically. 315If, at bootstrap time, the 316.Nm 317process cannot be located, the system will panic with the message 318.Dq "panic: init died (signal %d, exit %d)" . 319.Pp 320If run as a user process as shown in the second synopsis line, 321.Nm 322will emulate 323.At V 324behavior, i.e. super-user can specify the desired 325.Em run-level 326on a command line, and 327.Nm 328will signal the original 329(PID 1) 330.Nm 331as follows: 332.Bl -column Run-level SIGTERM 333.It Sy "Run-level Signal Action" 334.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off" 335.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode" 336.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine" 337.It Cm c Ta Dv SIGTSTP Ta "Block further logins" 338.It Cm q Ta Dv SIGHUP Ta Rescan the 339.Xr ttys 5 340file 341.El 342.Sh FILES 343.Bl -tag -width /etc/rc.shutdown -compact 344.It Pa /dev/console 345system console device 346.It Pa /dev/tty* 347terminal ports found in 348.Xr ttys 5 349.It Pa /var/run/utmpx 350record of current users on the system 351.It Pa /var/log/wtmpx 352record of all logins and logouts 353.It Pa /etc/ttys 354the terminal initialization information file 355.It Pa /etc/rc 356system startup commands 357.It Pa /etc/rc.shutdown 358system shutdown commands 359.El 360.Sh DIAGNOSTICS 361.Bl -diag 362.It "getty repeating too quickly on port %s, sleeping." 363A process being started to service a line is exiting quickly 364each time it is started. 365This is often caused by a ringing or noisy terminal line. 366.Bf -emphasis 367Init will sleep for 30 seconds, 368then continue trying to start the process. 369.Ef 370.It "some processes would not die; ps axl advised." 371A process 372is hung and could not be killed when the system was shutting down. 373This condition is usually caused by a process 374that is stuck in a device driver because of 375a persistent device error condition. 376.El 377.Sh SEE ALSO 378.Xr kill 1 , 379.Xr login 1 , 380.Xr sh 1 , 381.Xr dummynet 4 , 382.Xr ipfirewall 4 , 383.Xr kld 4 , 384.Xr ttys 5 , 385.Xr crash 8 , 386.Xr getty 8 , 387.Xr halt 8 , 388.Xr ipfw 8 , 389.Xr rc 8 , 390.Xr reboot 8 , 391.Xr shutdown 8 , 392.Xr sysctl 8 393.Sh HISTORY 394An 395.Nm 396utility appeared in 397.At v1 . 398.Sh CAVEATS 399Systems without 400.Xr sysctl 8 401behave as though they have security level \-1. 402.Pp 403Setting the security level above 1 too early in the boot sequence can 404prevent 405.Xr fsck 8 406from repairing inconsistent file systems. The 407preferred location to set the security level is at the end of 408.Pa /etc/rc 409after all multi-user startup actions are complete. 410