[unix-history] / usr / src / sbin / init / init.8

.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Donn Seeley at Berkeley Software Design, Inc.
.\"
.\" %sccs.include.redist.roff%
.\"
.\"     @(#)init.8	8.4 (Berkeley) %G%
.\"
.Dd 
.Dt INIT 8
.Os BSD 4
.Sh NAME
.Nm init
.Nd process control initialization
.Sh SYNOPSIS
.Nm init
.Sh DESCRIPTION
The
.Nm init
program
is the last stage of the boot process.
It normally runs the automatic reboot sequence as described in
.Xr reboot 8 ,
and if this succeeds, begins multi-user operation.
If the reboot scripts fail,
.Nm init
commences single user operation by giving
the super-user a shell on the console.
The
.Nm init
program may be passed parameters
from the boot program to
prevent the system from going multi-user and to instead execute
a single user shell without starting the normal daemons.
The system is then quiescent for maintenance work and may
later be made to go to multi-user by exiting the
single-user shell (with ^D).
This
causes
.Nm init
to run the
.Pa /etc/rc
start up command file in fastboot mode (skipping disk checks).
.Pp
If the
.Nm console
entry in the
.Xr ttys 5
file is marked ``insecure'',
then
.Nm init
will require that the superuser password be
entered before the system will start a single-user shell.
The password check is skipped if the 
.Nm console
is marked as ``secure''.
.Pp
The kernel runs with four different levels of security.
Any superuser process can raise the security level, but only 
.Nm init
can lower it.
Security levels are defined as follows:
.Bl -tag -width flag
.It Ic -1
Permanently insecure mode \- always run system in level 0 mode.
.It Ic 0
Insecure mode \- immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
.It Ic 1
Secure mode \- immutable and append-only flags may not be changed;
disks for mounted filesystems,
.Pa /dev/mem ,
and
.Pa /dev/kmem
are read-only.
.It Ic 2
Highly secure mode \- same as secure mode, plus disks are always
read-only whether mounted or not.
This level precludes tampering with filesystems by unmounting them,
but also inhibits running
.Xr newfs 8
while the system is multi-user.
.El
.Pp
Normally, the system runs in level 0 mode while single user
and in level 1 mode while multiuser.
If the level 2 mode is desired while running multiuser,
it can be set in the startup script
.Pa /etc/rc
using
.Xr sysctl 8 .
If it is desired to run the system in level 0 mode while multiuser,
the administrator must build a kernel with the variable
.Nm securelevel
defined in the file
.Pa /sys/compile/MACHINE/param.c
and initialize it to -1.
.Pp
In multi-user operation, 
.Nm init
maintains
processes for the terminal ports found in the file
.Xr ttys 5 .
.Nm Init
reads this file, and executes the command found in the second field.
This command is usually
.Xr getty 8 ;
.Xr getty
opens and initializes the tty line
and
executes the
.Xr login
program.
The
.Xr login
program, when a valid user logs in,
executes a shell for that user.  When this shell
dies, either because the user logged out
or an abnormal termination occurred (a signal),
the
.Nm init
program wakes up, deletes the user
from the
.Xr utmp 5
file of current users and records the logout in the
.Xr wtmp
file.
The cycle is
then restarted by
.Nm init
executing a new
.Xr getty
for the line.
.pl +1
.Pp
Line status (on, off, secure, getty, or window information)
may be changed in the
.Xr ttys
file without a reboot by sending the signal
.Dv SIGHUP
to
.Nm init
with the command
.Dq Li "kill -HUP 1" .
On receipt of this signal,
.Nm init
re-reads the
.Xr ttys
file.
When a line is turned off in
.Xr ttys ,
.Nm init
will send a SIGHUP signal to the controlling process
for the session associated with the line.
For any lines that were previously turned off in the
.Xr ttys
file and are now on,
.Nm init
executes a new
.Xr getty
to enable a new login.
If the getty or window field for a line is changed,
the change takes effect at the end of the current
login session (e.g., the next time 
.Nm init
starts a process on the line).
If a line is commented out or deleted from
.Xr ttys ,
.Nm init
will not do anything at all to that line.
However, it will complain that the relationship between lines
in the
.Xr ttys
file and records in the
.Xr utmp
file is out of sync,
so this practice is not recommended.
.Pp
.Nm Init
will terminate multi-user operations and resume single-user mode
if sent a terminate
.Pq Dv TERM
signal, for example,
.Dq Li "kill \-TERM 1" .
If there are processes outstanding that are deadlocked (because of
hardware or software failure),
.Xr init
will not wait for them all to die (which might take forever), but
will time out after 30 seconds and print a warning message.
.Pp
.Nm Init
will cease creating new
.Xr getty Ns 's
and allow the system to slowly die away, if it is sent a terminal stop
.Pq Dv TSTP
signal, i.e.
.Dq Li "kill \-TSTP 1" .
A later hangup will resume full
multi-user operations, or a terminate will start a single user shell.
This hook is used by
.Xr reboot 8
and
.Xr halt 8 .
.Pp
The role of
.Nm init
is so critical that if it dies, the system will reboot itself
automatically.
If, at bootstrap time, the
.Xr init
process cannot be located, the system will panic with the message
``panic: "init died (signal %d, exit %d)''.
.Sh DIAGNOSTICS
.Bl -diag
.It "getty repeating too quickly on port %s, sleeping"
A process being started to service a line is exiting quickly
each time it is started.
This is often caused by a ringing or noisy terminal line.
.Em "Init will sleep for 10 seconds" ,
.Em "then continue trying to start the process" .
.Pp
.It "some processes would not die; ps axl advised."
A process
is hung and could not be killed when the system was shutting down.
This condition is usually caused by a process
that is stuck in a device driver because of
a persistent device error condition.
.El
.Sh FILES
.Bl -tag -width /var/log/wtmp -compact
.It Pa /dev/console
System console device.
.It Pa /dev/tty*
Terminal ports found in
.Xr ttys .
.It Pa /var/run/utmp
Record of Current users on the system.
.It Pa /var/log/wtmp
Record of all logins and logouts.
.It Pa /etc/ttys
The terminal initialization information file.
.It Pa /etc/rc
System startup commands.
.El
.Sh SEE ALSO
.Xr login 1 ,
.Xr kill 1 ,
.Xr sh 1 ,
.Xr ttys 5 ,
.Xr crash 8 ,
.Xr getty 8 ,
.Xr rc 8 ,
.Xr reboot 8 ,
.Xr halt 8 ,
.Xr shutdown 8
.Sh HISTORY
A
.Nm
command appeared in
.At v6 .
.Sh BUGS
Systems without
.Xr sysctl
behave as though they have security level \-1.
Commit	Line	Data
1250ce59 KB	1	.\" Copyright (c) 1980, 1991, 1993
1250ce59 KB	2	.\" The Regents of the University of California. All rights reserved.
b891f6cd	3	.\"
fc58d3fd KB	4	.\" This code is derived from software contributed to Berkeley by
	5	.\" Donn Seeley at Berkeley Software Design, Inc.
	6	.\"
e17b717a	7	.\" %sccs.include.redist.roff%
b891f6cd	8	.\"
2e55f625	9	.\" @(#)init.8 8.4 (Berkeley) %G%
e17b717a CL	10	.\"
	11	.Dd
	12	.Dt INIT 8
	13	.Os BSD 4
	14	.Sh NAME
	15	.Nm init
	16	.Nd process control initialization
	17	.Sh SYNOPSIS
	18	.Nm init
	19	.Sh DESCRIPTION
	20	The
	21	.Nm init
	22	program
	23	is the last stage of the boot process.
	24	It normally runs the automatic reboot sequence as described in
	25	.Xr reboot 8 ,
b891f6cd	26	and if this succeeds, begins multi-user operation.
9320bad9	27	If the reboot scripts fail,
a078837a	28	.Nm init
9320bad9	29	commences single user operation by giving
e17b717a CL	30	the super-user a shell on the console.
	31	The
	32	.Nm init
9320bad9	33	program may be passed parameters
b891f6cd	34	from the boot program to
e17b717a	35	prevent the system from going multi-user and to instead execute
9320bad9	36	a single user shell without starting the normal daemons.
e17b717a	37	The system is then quiescent for maintenance work and may
9320bad9	38	later be made to go to multi-user by exiting the
a078837a	39	single-user shell (with ^D).
e17b717a CL	40	This
	41	causes
	42	.Nm init
	43	to run the
	44	.Pa /etc/rc
9320bad9 KM	45	start up command file in fastboot mode (skipping disk checks).
	46	.Pp
	47	If the
	48	.Nm console
	49	entry in the
	50	.Xr ttys 5
	51	file is marked ``insecure'',
	52	then
	53	.Nm init
	54	will require that the superuser password be
	55	entered before the system will start a single-user shell.
	56	The password check is skipped if the
	57	.Nm console
	58	is marked as ``secure''.
	59	.Pp
	60	The kernel runs with four different levels of security.
	61	Any superuser process can raise the security level, but only
	62	.Nm init
	63	can lower it.
	64	Security levels are defined as follows:
	65	.Bl -tag -width flag
	66	.It Ic -1
	67	Permanently insecure mode \- always run system in level 0 mode.
	68	.It Ic 0
	69	Insecure mode \- immutable and append-only flags may be turned off.
	70	All devices may be read or written subject to their permissions.
	71	.It Ic 1
	72	Secure mode \- immutable and append-only flags may not be changed;
	73	disks for mounted filesystems,
	74	.Pa /dev/mem ,
	75	and
	76	.Pa /dev/kmem
	77	are read-only.
	78	.It Ic 2
	79	Highly secure mode \- same as secure mode, plus disks are always
	80	read-only whether mounted or not.
	81	This level precludes tampering with filesystems by unmounting them,
	82	but also inhibits running
	83	.Xr newfs 8
	84	while the system is multi-user.
	85	.El
	86	.Pp
	87	Normally, the system runs in level 0 mode while single user
	88	and in level 1 mode while multiuser.
	89	If the level 2 mode is desired while running multiuser,
	90	it can be set in the startup script
	91	.Pa /etc/rc
	92	using
2b0d6169	93	.Xr sysctl 8 .
9320bad9 KM	94	If it is desired to run the system in level 0 mode while multiuser,
	95	the administrator must build a kernel with the variable
	96	.Nm securelevel
d9cac9c5 KM	97	defined in the file
	98	.Pa /sys/compile/MACHINE/param.c
	99	and initialize it to -1.
e17b717a	100	.Pp
b891f6cd	101	In multi-user operation,
e17b717a CL	102	.Nm init
	103	maintains
	104	processes for the terminal ports found in the file
a078837a	105	.Xr ttys 5 .
e17b717a CL	106	.Nm Init
	107	reads this file, and executes the command found in the second field.
	108	This command is usually
	109	.Xr getty 8 ;
	110	.Xr getty
	111	opens and initializes the tty line
b891f6cd	112	and
e17b717a CL	113	executes the
	114	.Xr login
	115	program.
b891f6cd	116	The
e17b717a CL	117	.Xr login
e17b717a CL	118	program, when a valid user logs in,
9320bad9	119	executes a shell for that user. When this shell
e17b717a	120	dies, either because the user logged out
9320bad9	121	or an abnormal termination occurred (a signal),
e17b717a CL	122	the
	123	.Nm init
	124	program wakes up, deletes the user
	125	from the
	126	.Xr utmp 5
	127	file of current users and records the logout in the
	128	.Xr wtmp
	129	file.
	130	The cycle is
	131	then restarted by
	132	.Nm init
9320bad9	133	executing a new
e17b717a CL	134	.Xr getty
e17b717a CL	135	for the line.
2e55f625	136	.pl +1
e17b717a	137	.Pp
a078837a KM	138	Line status (on, off, secure, getty, or window information)
a078837a KM	139	may be changed in the
e17b717a CL	140	.Xr ttys
	141	file without a reboot by sending the signal
	142	.Dv SIGHUP
	143	to
	144	.Nm init
	145	with the command
a078837a	146	.Dq Li "kill -HUP 1" .
9320bad9	147	On receipt of this signal,
e17b717a CL	148	.Nm init
	149	re-reads the
	150	.Xr ttys
	151	file.
a078837a KM	152	When a line is turned off in
a078837a KM	153	.Xr ttys ,
e17b717a	154	.Nm init
a078837a KM	155	will send a SIGHUP signal to the controlling process
	156	for the session associated with the line.
	157	For any lines that were previously turned off in the
e17b717a	158	.Xr ttys
e7b9ee77	159	file and are now on,
e17b717a CL	160	.Nm init
e17b717a CL	161	executes a new
a078837a	162	.Xr getty
e7b9ee77	163	to enable a new login.
a078837a	164	If the getty or window field for a line is changed,
e7b9ee77	165	the change takes effect at the end of the current
a078837a KM	166	login session (e.g., the next time
	167	.Nm init
	168	starts a process on the line).
	169	If a line is commented out or deleted from
	170	.Xr ttys ,
	171	.Nm init
	172	will not do anything at all to that line.
e7b9ee77 KM	173	However, it will complain that the relationship between lines
	174	in the
	175	.Xr ttys
	176	file and records in the
	177	.Xr utmp
	178	file is out of sync,
a078837a	179	so this practice is not recommended.
e17b717a CL	180	.Pp
e17b717a CL	181	.Nm Init
b891f6cd	182	will terminate multi-user operations and resume single-user mode
e17b717a CL	183	if sent a terminate
	184	.Pq Dv TERM
	185	signal, for example,
	186	.Dq Li "kill \-TERM 1" .
9320bad9	187	If there are processes outstanding that are deadlocked (because of
b891f6cd	188	hardware or software failure),
e17b717a	189	.Xr init
b891f6cd KM	190	will not wait for them all to die (which might take forever), but
b891f6cd KM	191	will time out after 30 seconds and print a warning message.
e17b717a CL	192	.Pp
e17b717a CL	193	.Nm Init
b891f6cd	194	will cease creating new
e17b717a CL	195	.Xr getty Ns 's
	196	and allow the system to slowly die away, if it is sent a terminal stop
	197	.Pq Dv TSTP
	198	signal, i.e.
	199	.Dq Li "kill \-TSTP 1" .
	200	A later hangup will resume full
9320bad9	201	multi-user operations, or a terminate will start a single user shell.
b891f6cd	202	This hook is used by
e17b717a	203	.Xr reboot 8
b891f6cd	204	and
e17b717a CL	205	.Xr halt 8 .
	206	.Pp
	207	The role of
	208	.Nm init
	209	is so critical that if it dies, the system will reboot itself
b891f6cd KM	210	automatically.
b891f6cd KM	211	If, at bootstrap time, the
e17b717a	212	.Xr init
a078837a KM	213	process cannot be located, the system will panic with the message
a078837a KM	214	``panic: "init died (signal %d, exit %d)''.
e17b717a CL	215	.Sh DIAGNOSTICS
e17b717a CL	216	.Bl -diag
a078837a	217	.It "getty repeating too quickly on port %s, sleeping"
63c183b7 MK	218	A process being started to service a line is exiting quickly
	219	each time it is started.
	220	This is often caused by a ringing or noisy terminal line.
a078837a	221	.Em "Init will sleep for 10 seconds" ,
e17b717a CL	222	.Em "then continue trying to start the process" .
e17b717a CL	223	.Pp
a078837a	224	.It "some processes would not die; ps axl advised."
e17b717a	225	A process
b891f6cd	226	is hung and could not be killed when the system was shutting down.
9320bad9 KM	227	This condition is usually caused by a process
	228	that is stuck in a device driver because of
	229	a persistent device error condition.
e17b717a CL	230	.El
	231	.Sh FILES
	232	.Bl -tag -width /var/log/wtmp -compact
	233	.It Pa /dev/console
	234	System console device.
	235	.It Pa /dev/tty*
	236	Terminal ports found in
	237	.Xr ttys .
	238	.It Pa /var/run/utmp
	239	Record of Current users on the system.
	240	.It Pa /var/log/wtmp
	241	Record of all logins and logouts.
	242	.It Pa /etc/ttys
	243	The terminal initialization information file.
	244	.It Pa /etc/rc
	245	System startup commands.
	246	.El
	247	.Sh SEE ALSO
	248	.Xr login 1 ,
	249	.Xr kill 1 ,
	250	.Xr sh 1 ,
	251	.Xr ttys 5 ,
	252	.Xr crash 8 ,
	253	.Xr getty 8 ,
	254	.Xr rc 8 ,
	255	.Xr reboot 8 ,
	256	.Xr halt 8 ,
	257	.Xr shutdown 8
	258	.Sh HISTORY
	259	A
	260	.Nm
	261	command appeared in
	262	.At v6 .
e7b9ee77 KM	263	.Sh BUGS
	264	Systems without
	265	.Xr sysctl
	266	behave as though they have security level \-1.