1.\" $NetBSD: init.8,v 1.25 2002/10/01 13:40:34 wiz Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" This code is derived from software contributed to Berkeley by 7.\" Donn Seeley at Berkeley Software Design, Inc. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the University of 20.\" California, Berkeley and its contributors. 21.\" 4. Neither the name of the University nor the names of its contributors 22.\" may be used to endorse or promote products derived from this software 23.\" without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35.\" SUCH DAMAGE. 36.\" 37.\" @(#)init.8 8.6 (Berkeley) 5/26/95 38.\" 39.Dd April 29, 2000 40.Dt INIT 8 41.Os 42.Sh NAME 43.Nm init 44.Nd process control initialization 45.Sh SYNOPSIS 46.Nm 47.Sh DESCRIPTION 48The 49.Nm 50program is the last stage of the boot process (after the kernel loads 51and initializes all the devices). 52It normally begins multi-user operation. 53.Pp 54The following table describes the state machine used by 55.Nm "" : 56.Bl -enum 57.It 58Single user shell. 59.Nm 60may be passed 61.Fl s 62from the boot program to prevent the system from going multi-user and 63to instead execute a single user shell without starting the normal 64daemons. 65The system is then quiescent for maintenance work and may 66later be made to go to state 2 (multi-user) by exiting the single-user 67shell (with ^D). 68.It 69Multi-user boot (default operation). 70Executes 71.Pa /etc/rc 72(see 73.Xr rc 8 ) . 74If this was the first state entered (as opposed to entering here after 75state 1), then 76.Pa /etc/rc 77will be invoked with its first argument being 78.Sq autoboot . 79If 80.Pa /etc/rc 81exits with a non-zero (error) exit code, commence single user 82operation by giving the super-user a shell on the console by going 83to state 1 (single user). 84Otherwise, proceed to state 3. 85.It 86Setup ttys as specified in 87.Xr ttys 5 . 88See below for more information. 89On completion, continue to state 4. 90.It 91Multi-user operation. 92Depending upon the signal received, change state appropriately; 93on 94.Dv SIGTERM , 95go to state 7; 96on 97.Dv SIGHUP , 98go to state 5; 99on 100.Dv SIGTSTP , 101go to state 6. 102.It 103Clean-up mode; re-read 104.Xr ttys 5 , 105killing off the controlling processes on lines that are now 106.Sq off , 107and starting processes that are newly 108.Sq on . 109On completion, go to state 4. 110.It 111.Sq Boring 112mode; no new sessions. 113Signals as per state 4. 114.It 115Shutdown mode. 116Send 117.Dv SIGHUP 118to all controlling processes, reap the processes for 30 seconds, 119and the go to state 1 (single user); warning if not all the processes died. 120.El 121.Pp 122If the 123.Sq console 124entry in the 125.Xr ttys 5 126file is marked ``insecure'', then 127.Nm 128will require that the superuser password be 129entered before the system will start a single-user shell. 130The password check is skipped if the 131.Sq console 132is marked as ``secure''. 133.Pp 134The kernel runs with four different levels of security. 135Any superuser process can raise the security level, but only 136.Nm 137can lower it. 138Security levels are defined as follows: 139.Bl -tag -width flag 140.It Ic -1 141Permanently insecure mode \- always run system in level 0 mode. 142.It Ic 0 143Insecure mode \- immutable and append-only flags may be changed. 144All devices may be read or written subject to their permissions. 145.It Ic 1 146Secure mode \- system immutable and system append-only flags may not 147be turned off; disks for mounted filesystems, 148.Pa /dev/mem , 149and 150.Pa /dev/kmem 151are read-only. 152.It Ic 2 153Highly secure mode \- same as secure mode, plus disks are always 154read-only whether mounted or not, new disks may not be mounted, 155and existing mounts may only be downgraded from read-write to read-only. 156This level precludes tampering with filesystems by unmounting them, 157but also inhibits running 158.Xr newfs 8 159while the system is multi-user. 160.Pp 161The 162.Xr settimeofday 2 163system call can only advance the time. 164.Pp 165The state of 166.Xr ipf 8 167(the in-kernel IP filtering facility) may not be changed. 168.Pp 169Users may not change the per-process core name template format, only the 170default can be changed. 171.Pp 172Downgrading from highly secure mode to insecure mode (that is, to single-user 173mode) always requires the root password to be entered on the console, whether 174the console is marked as 'secure' in 175.Pa /etc/ttys 176or not. 177.El 178.Pp 179Normally, the system runs in level 0 mode while single user 180and in level 1 mode while multi-user. 181If the level 2 mode is desired while running multi-user, 182it can be set in the startup script 183.Pa /etc/rc 184using 185.Xr sysctl 8 . 186If it is desired to run the system in level 0 mode while multi-user, 187the administrator must build a kernel with 188.Sy options INSECURE 189in the kernel configuration file, which initializes the kernel's 190.Va securelevel 191variable to -1. 192See 193.Xr options 4 194and 195.Xr config 8 196for details. 197.Pp 198In multi-user operation, 199.Nm 200maintains 201processes for the terminal ports found in the file 202.Xr ttys 5 . 203.Nm 204reads this file, and executes the command found in the second field. 205This command is usually 206.Xr getty 8 ; 207it opens and initializes the tty line and executes the 208.Xr login 1 209program. 210The 211.Xr login 1 212program, when a valid user logs in, executes a shell for that user. 213When this shell dies, either because the user logged out or an 214abnormal termination occurred (a signal), the 215.Nm 216program wakes up, deletes the user from the 217.Xr utmp 5 218file of current users and records the logout in the 219.Xr wtmp 5 220file. 221The cycle is 222then restarted by 223.Nm 224executing a new 225.Xr getty 8 226for the line. 227.pl +1 228.Pp 229Line status (on, off, secure, getty, or window information) 230may be changed in the 231.Xr ttys 5 232file without a reboot by sending the signal 233.Dv SIGHUP 234to 235.Nm 236with the command 237.Dq Li "kill \-s HUP 1" . 238This is referenced in the table above as state 5. 239On receipt of this signal, 240.Nm 241re-reads the 242.Xr ttys 5 243file. 244When a line is turned off in 245.Xr ttys 5 , 246.Nm 247will send a 248.Dv SIGHUP 249signal to the controlling process 250for the session associated with the line. 251For any lines that were previously turned off in the 252.Xr ttys 5 253file and are now on, 254.Nm 255executes a new 256.Xr getty 8 257to enable a new login. 258If the getty or window field for a line is changed, 259the change takes effect at the end of the current 260login session (e.g., the next time 261.Nm 262starts a process on the line). 263If a line is commented out or deleted from 264.Xr ttys 5 , 265.Nm 266will not do anything at all to that line. 267However, it will complain that the relationship between lines 268in the 269.Xr ttys 5 270file and records in the 271.Xr utmp 5 272file is out of sync, 273so this practice is not recommended. 274.Pp 275.Nm 276will terminate multi-user operations and resume single-user mode 277if sent a terminate 278.Pq Dv TERM 279signal, for example, 280.Dq Li "kill \-s TERM 1" . 281If there are processes outstanding that are deadlocked (because of 282hardware or software failure), 283.Nm 284will not wait for them all to die (which might take forever), but 285will time out after 30 seconds and print a warning message. 286.Pp 287.Nm 288will cease creating new 289.Xr getty 8 Ns 's 290and allow the system to slowly die away, if it is sent a terminal stop 291.Pq Dv TSTP 292signal, i.e. 293.Dq Li "kill \-s TSTP 1" . 294A later hangup will resume full 295multi-user operations, or a terminate will start a single user shell. 296This hook is used by 297.Xr reboot 8 298and 299.Xr halt 8 . 300.Pp 301The role of 302.Nm 303is so critical that if it dies, the system will reboot itself 304automatically. 305If, at bootstrap time, the 306.Nm 307process cannot be located, the system will panic with the message 308``panic: "init died (signal %d, exit %d)''. 309.Sh FILES 310.Bl -tag -width /var/log/wtmp -compact 311.It Pa /dev/console 312System console device. 313.It Pa /dev/tty* 314Terminal ports found in 315.Xr ttys 5 . 316.It Pa /var/run/utmp 317Record of Current users on the system. 318.It Pa /var/log/wtmp 319Record of all logins and logouts. 320.It Pa /etc/ttys 321The terminal initialization information file. 322.It Pa /etc/rc 323System startup commands. 324.El 325.Sh DIAGNOSTICS 326.Bl -diag 327.It "getty repeating too quickly on port %s, sleeping" 328A process being started to service a line is exiting quickly 329each time it is started. 330This is often caused by a ringing or noisy terminal line. 331.Em "Init will sleep for 10 seconds" , 332.Em "then continue trying to start the process" . 333.Pp 334.It "some processes would not die; ps axl advised." 335A process 336is hung and could not be killed when the system was shutting down. 337This condition is usually caused by a process 338that is stuck in a device driver because of 339a persistent device error condition. 340.El 341.Sh SEE ALSO 342.Xr kill 1 , 343.Xr login 1 , 344.Xr sh 1 , 345.Xr options 4 , 346.Xr ttys 5 , 347.Xr config 8 , 348.Xr getty 8 , 349.Xr halt 8 , 350.Xr rc 8 , 351.Xr reboot 8 , 352.Xr shutdown 8 353.Sh HISTORY 354A 355.Nm 356command appeared in 357.At v6 . 358.Sh BUGS 359Systems without 360.Xr sysctl 8 361behave as though they have security level \-1. 362