1.\" Copyright (c) 1980, 1991 Regents of the University of California. 2.\" All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" %sccs.include.redist.roff% 8.\" 9.\" @(#)init.8 6.6 (Berkeley) 05/26/93 10.\" 11.Dd 12.Dt INIT 8 13.Os BSD 4 14.Sh NAME 15.Nm init 16.Nd process control initialization 17.Sh SYNOPSIS 18.Nm init 19.Sh DESCRIPTION 20The 21.Nm init 22program 23is the last stage of the boot process. 24It normally runs the automatic reboot sequence as described in 25.Xr reboot 8 , 26and if this succeeds, begins multi-user operation. 27If the reboot scripts fail, 28.Fn init 29commences single user operation by giving 30the super-user a shell on the console. 31The 32.Nm init 33program may be passed parameters 34from the boot program to 35prevent the system from going multi-user and to instead execute 36a single user shell without starting the normal daemons. 37The system is then quiescent for maintenance work and may 38later be made to go to multi-user by exiting the 39the single-user shell (with ^D). 40This 41causes 42.Nm init 43to run the 44.Pa /etc/rc 45start up command file in fastboot mode (skipping disk checks). 46.Pp 47If the 48.Nm console 49entry in the 50.Xr ttys 5 51file is marked ``insecure'', 52then 53.Nm init 54will require that the superuser password be 55entered before the system will start a single-user shell. 56The password check is skipped if the 57.Nm console 58is marked as ``secure''. 59.Pp 60The kernel runs with four different levels of security. 61Any superuser process can raise the security level, but only 62.Nm init 63can lower it. 64Security levels are defined as follows: 65.Bl -tag -width flag 66.It Ic -1 67Permanently insecure mode \- always run system in level 0 mode. 68.It Ic 0 69Insecure mode \- immutable and append-only flags may be turned off. 70All devices may be read or written subject to their permissions. 71.It Ic 1 72Secure mode \- immutable and append-only flags may not be changed; 73disks for mounted filesystems, 74.Pa /dev/mem , 75and 76.Pa /dev/kmem 77are read-only. 78.It Ic 2 79Highly secure mode \- same as secure mode, plus disks are always 80read-only whether mounted or not. 81This level precludes tampering with filesystems by unmounting them, 82but also inhibits running 83.Xr newfs 8 84while the system is multi-user. 85.El 86.Pp 87Normally, the system runs in level 0 mode while single user 88and in level 1 mode while multiuser. 89If the level 2 mode is desired while running multiuser, 90it can be set in the startup script 91.Pa /etc/rc 92using 93.Xr sysctl 1 . 94If it is desired to run the system in level 0 mode while multiuser, 95the administrator must build a kernel with the variable 96.Nm securelevel 97in the kernel source file 98.Pa /sys/kern/kern_sysctl.c 99initialized to -1. 100Note that it is NOT initialized to zero, as that would allow the 101.Nm securelevel 102variable in the 103.Nm vmunix 104binary to be patched to -1. 105Without initialization, 106.Nm securelevel 107loads in the initialized-to-zero region that only 108comes into existence when the kernel is loaded and 109hence cannot be patched by a stalking hacker. 110.Pp 111In multi-user operation, 112.Nm init 113maintains 114processes for the terminal ports found in the file 115.Xr ttys 5. 116.Nm Init 117reads this file, and executes the command found in the second field. 118This command is usually 119.Xr getty 8 ; 120.Xr getty 121opens and initializes the tty line 122and 123executes the 124.Xr login 125program. 126The 127.Xr login 128program, when a valid user logs in, 129executes a shell for that user. When this shell 130dies, either because the user logged out 131or an abnormal termination occurred (a signal), 132the 133.Nm init 134program wakes up, deletes the user 135from the 136.Xr utmp 5 137file of current users and records the logout in the 138.Xr wtmp 139file. 140The cycle is 141then restarted by 142.Nm init 143executing a new 144.Xr getty 145for the line. 146.Pp 147Lines may be added or deleted from the 148.Xr ttys 149file without a reboot by sending the signal 150.Dv SIGHUP 151to 152.Nm init 153with the command 154.Dq Li "kill -HUP 1" 155On receipt of this signal, 156.Nm init 157re-reads the 158.Xr ttys 159file. 160Engaged (in use) ports 161are not disturbed, 162and if an engaged port has been deleted from the 163file, it will only become inactive after the engaging process has 164terminated (the user has logged off). 165If a port is inactive (only a 166.Xr getty 167or terminated processes are attached to it) 168.Nm init 169eliminates these processes. 170For these ports and any new ports, for which a command is found 171in the 172.Xr ttys 173file, 174.Nm init 175executes a new 176.Xr getty . 177.Pp 178.Nm Init 179will terminate multi-user operations and resume single-user mode 180if sent a terminate 181.Pq Dv TERM 182signal, for example, 183.Dq Li "kill \-TERM 1" . 184If there are processes outstanding that are deadlocked (because of 185hardware or software failure), 186.Xr init 187will not wait for them all to die (which might take forever), but 188will time out after 30 seconds and print a warning message. 189.Pp 190.Nm Init 191will cease creating new 192.Xr getty Ns 's 193and allow the system to slowly die away, if it is sent a terminal stop 194.Pq Dv TSTP 195signal, i.e. 196.Dq Li "kill \-TSTP 1" . 197A later hangup will resume full 198multi-user operations, or a terminate will start a single user shell. 199This hook is used by 200.Xr reboot 8 201and 202.Xr halt 8 . 203.Pp 204The role of 205.Nm init 206is so critical that if it dies, the system will reboot itself 207automatically. 208If, at bootstrap time, the 209.Xr init 210process cannot be located, the system will loop in user mode at location 2110x13. 212.Sh DIAGNOSTICS 213.Bl -diag 214.It "/usr/libexec/getty \\*(eMgettyargs\\*(fP failing, sleeping." 215A process being started to service a line is exiting quickly 216each time it is started. 217This is often caused by a ringing or noisy terminal line. 218.Em "Init will sleep for 30 seconds" , 219.Em "then continue trying to start the process" . 220.Pp 221.It "WARNING: Something is hung (wont die); ps axl advised." 222A process 223is hung and could not be killed when the system was shutting down. 224This condition is usually caused by a process 225that is stuck in a device driver because of 226a persistent device error condition. 227.El 228.Sh FILES 229.Bl -tag -width /var/log/wtmp -compact 230.It Pa /dev/console 231System console device. 232.It Pa /dev/tty* 233Terminal ports found in 234.Xr ttys . 235.It Pa /var/run/utmp 236Record of Current users on the system. 237.It Pa /var/log/wtmp 238Record of all logins and logouts. 239.It Pa /etc/ttys 240The terminal initialization information file. 241.It Pa /etc/rc 242System startup commands. 243.El 244.Sh SEE ALSO 245.Xr login 1 , 246.Xr kill 1 , 247.Xr sh 1 , 248.Xr ttys 5 , 249.Xr crash 8 , 250.Xr getty 8 , 251.Xr rc 8 , 252.Xr reboot 8 , 253.Xr halt 8 , 254.Xr shutdown 8 255.Sh HISTORY 256A 257.Nm 258command appeared in 259.At v6 . 260