1.\" $NetBSD: init.8,v 1.24 2001/11/16 11:37:04 wiz Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" This code is derived from software contributed to Berkeley by 7.\" Donn Seeley at Berkeley Software Design, Inc. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the University of 20.\" California, Berkeley and its contributors. 21.\" 4. Neither the name of the University nor the names of its contributors 22.\" may be used to endorse or promote products derived from this software 23.\" without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35.\" SUCH DAMAGE. 36.\" 37.\" @(#)init.8 8.6 (Berkeley) 5/26/95 38.\" 39.Dd April 29, 2000 40.Dt INIT 8 41.Os 42.Sh NAME 43.Nm init 44.Nd process control initialization 45.Sh SYNOPSIS 46.Nm 47.Sh DESCRIPTION 48The 49.Nm 50program is the last stage of the boot process (after the kernel loads 51and initializes all the devices). 52It normally begins multi-user operation. 53.Pp 54The following table describes the state machine used by 55.Nm "" : 56.Bl -enum 57.It 58Single user shell. 59.Nm 60may be passed 61.Fl s 62from the boot program to prevent the system from going multi-user and 63to instead execute a single user shell without starting the normal 64daemons. The system is then quiescent for maintenance work and may 65later be made to go to state 2 (multi-user) by exiting the single-user 66shell (with ^D). 67.It 68Multi-user boot (default operation). 69Executes 70.Pa /etc/rc 71(see 72.Xr rc 8 ) . 73If this was the first state entered (as opposed to entering here after 74state 1), then 75.Pa /etc/rc 76will be invoked with its first argument being 77.Sq autoboot . 78If 79.Pa /etc/rc 80exits with a non-zero (error) exit code, commence single user 81operation by giving the super-user a shell on the console by going 82to state 1 (single user). 83Otherwise, proceed to state 3. 84.It 85Setup ttys as specified in 86.Xr ttys 5 . 87See below for more information. 88On completion, continue to state 4. 89.It 90Multi-user operation. 91Depending upon the signal received, change state appropriately; 92on 93.Dv SIGTERM , 94go to state 7; 95on 96.Dv SIGHUP , 97go to state 5; 98on 99.Dv SIGTSTP , 100go to state 6. 101.It 102Clean-up mode; re-read 103.Xr ttys 5 , 104killing off the controlling processes on lines that are now 105.Sq off , 106and starting processes that are newly 107.Sq on . 108On completion, go to state 4. 109.It 110.Sq Boring 111mode; no new sessions. 112Signals as per state 4. 113.It 114Shutdown mode. 115Send 116.Dv SIGHUP 117to all controlling processes, reap the processes for 30 seconds, 118and the go to state 1 (single user); warning if not all the processes died. 119.El 120.Pp 121If the 122.Sq console 123entry in the 124.Xr ttys 5 125file is marked ``insecure'', then 126.Nm 127will require that the superuser password be 128entered before the system will start a single-user shell. 129The password check is skipped if the 130.Sq console 131is marked as ``secure''. 132.Pp 133The kernel runs with four different levels of security. 134Any superuser process can raise the security level, but only 135.Nm 136can lower it. 137Security levels are defined as follows: 138.Bl -tag -width flag 139.It Ic -1 140Permanently insecure mode \- always run system in level 0 mode. 141.It Ic 0 142Insecure mode \- immutable and append-only flags may be changed. 143All devices may be read or written subject to their permissions. 144.It Ic 1 145Secure mode \- system immutable and system append-only flags may not 146be turned off; disks for mounted filesystems, 147.Pa /dev/mem , 148and 149.Pa /dev/kmem 150are read-only. 151.It Ic 2 152Highly secure mode \- same as secure mode, plus disks are always 153read-only whether mounted or not, new disks may not be mounted, 154and existing mounts may only be downgraded from read-write to read-only. 155This level precludes tampering with filesystems by unmounting them, 156but also inhibits running 157.Xr newfs 8 158while the system is multi-user. 159.Pp 160The 161.Xr settimeofday 2 162system call can only advance the time. 163.Pp 164The state of 165.Xr ipf 8 166(the in-kernel IP filtering facility) may not be changed. 167.Pp 168Users may not change the per-process core name template format, only the 169default can be changed. 170.Pp 171Downgrading from highly secure mode to insecure mode (that is, to single-user 172mode) always requires the root password to be entered on the console, whether 173the console is marked as 'secure' in 174.Pa /etc/ttys 175or not. 176.El 177.Pp 178Normally, the system runs in level 0 mode while single user 179and in level 1 mode while multi-user. 180If the level 2 mode is desired while running multi-user, 181it can be set in the startup script 182.Pa /etc/rc 183using 184.Xr sysctl 8 . 185If it is desired to run the system in level 0 mode while multi-user, 186the administrator must build a kernel with 187.Sy options INSECURE 188in the kernel configuration file, which initializes the kernel's 189.Va securelevel 190variable to -1. 191See 192.Xr options 4 193and 194.Xr config 8 195for details. 196.Pp 197In multi-user operation, 198.Nm 199maintains 200processes for the terminal ports found in the file 201.Xr ttys 5 . 202.Nm 203reads this file, and executes the command found in the second field. 204This command is usually 205.Xr getty 8 ; 206it opens and initializes the tty line and executes the 207.Xr login 1 208program. 209The 210.Xr login 1 211program, when a valid user logs in, executes a shell for that user. 212When this shell dies, either because the user logged out or an 213abnormal termination occurred (a signal), the 214.Nm 215program wakes up, deletes the user from the 216.Xr utmp 5 217file of current users and records the logout in the 218.Xr wtmp 5 219file. 220The cycle is 221then restarted by 222.Nm 223executing a new 224.Xr getty 8 225for the line. 226.pl +1 227.Pp 228Line status (on, off, secure, getty, or window information) 229may be changed in the 230.Xr ttys 5 231file without a reboot by sending the signal 232.Dv SIGHUP 233to 234.Nm 235with the command 236.Dq Li "kill \-s HUP 1" . 237This is referenced in the table above as state 5. 238On receipt of this signal, 239.Nm 240re-reads the 241.Xr ttys 5 242file. 243When a line is turned off in 244.Xr ttys 5 , 245.Nm 246will send a 247.Dv SIGHUP 248signal to the controlling process 249for the session associated with the line. 250For any lines that were previously turned off in the 251.Xr ttys 5 252file and are now on, 253.Nm 254executes a new 255.Xr getty 8 256to enable a new login. 257If the getty or window field for a line is changed, 258the change takes effect at the end of the current 259login session (e.g., the next time 260.Nm 261starts a process on the line). 262If a line is commented out or deleted from 263.Xr ttys 5 , 264.Nm 265will not do anything at all to that line. 266However, it will complain that the relationship between lines 267in the 268.Xr ttys 5 269file and records in the 270.Xr utmp 5 271file is out of sync, 272so this practice is not recommended. 273.Pp 274.Nm 275will terminate multi-user operations and resume single-user mode 276if sent a terminate 277.Pq Dv TERM 278signal, for example, 279.Dq Li "kill \-s TERM 1" . 280If there are processes outstanding that are deadlocked (because of 281hardware or software failure), 282.Nm 283will not wait for them all to die (which might take forever), but 284will time out after 30 seconds and print a warning message. 285.Pp 286.Nm 287will cease creating new 288.Xr getty 8 Ns 's 289and allow the system to slowly die away, if it is sent a terminal stop 290.Pq Dv TSTP 291signal, i.e. 292.Dq Li "kill \-s TSTP 1" . 293A later hangup will resume full 294multi-user operations, or a terminate will start a single user shell. 295This hook is used by 296.Xr reboot 8 297and 298.Xr halt 8 . 299.Pp 300The role of 301.Nm 302is so critical that if it dies, the system will reboot itself 303automatically. 304If, at bootstrap time, the 305.Nm 306process cannot be located, the system will panic with the message 307``panic: "init died (signal %d, exit %d)''. 308.Sh FILES 309.Bl -tag -width /var/log/wtmp -compact 310.It Pa /dev/console 311System console device. 312.It Pa /dev/tty* 313Terminal ports found in 314.Xr ttys 5 . 315.It Pa /var/run/utmp 316Record of Current users on the system. 317.It Pa /var/log/wtmp 318Record of all logins and logouts. 319.It Pa /etc/ttys 320The terminal initialization information file. 321.It Pa /etc/rc 322System startup commands. 323.El 324.Sh DIAGNOSTICS 325.Bl -diag 326.It "getty repeating too quickly on port %s, sleeping" 327A process being started to service a line is exiting quickly 328each time it is started. 329This is often caused by a ringing or noisy terminal line. 330.Em "Init will sleep for 10 seconds" , 331.Em "then continue trying to start the process" . 332.Pp 333.It "some processes would not die; ps axl advised." 334A process 335is hung and could not be killed when the system was shutting down. 336This condition is usually caused by a process 337that is stuck in a device driver because of 338a persistent device error condition. 339.El 340.Sh SEE ALSO 341.Xr kill 1 , 342.Xr login 1 , 343.Xr sh 1 , 344.Xr options 4 , 345.Xr ttys 5 , 346.Xr config 8 , 347.Xr getty 8 , 348.Xr halt 8 , 349.Xr rc 8 , 350.Xr reboot 8 , 351.Xr shutdown 8 352.Sh HISTORY 353A 354.Nm 355command appeared in 356.At v6 . 357.Sh BUGS 358Systems without 359.Xr sysctl 8 360behave as though they have security level \-1. 361