1.\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" This code is derived from software contributed to Berkeley by 7.\" Donn Seeley at Berkeley Software Design, Inc. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the University of 20.\" California, Berkeley and its contributors. 21.\" 4. Neither the name of the University nor the names of its contributors 22.\" may be used to endorse or promote products derived from this software 23.\" without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35.\" SUCH DAMAGE. 36.\" 37.\" @(#)init.8 8.3 (Berkeley) 4/18/94 38.\" 39.Dd April 18, 1994 40.Dt INIT 8 41.Os BSD 4 42.Sh NAME 43.Nm init 44.Nd process control initialization 45.Sh SYNOPSIS 46.Nm init 47.Sh DESCRIPTION 48The 49.Nm init 50program 51is the last stage of the boot process. 52It normally runs the automatic reboot sequence as described in 53.Xr reboot 8 , 54and if this succeeds, begins multi-user operation. 55If the reboot scripts fail, 56.Nm init 57commences single user operation by giving 58the super-user a shell on the console. 59The 60.Nm init 61program may be passed parameters 62from the boot program to 63prevent the system from going multi-user and to instead execute 64a single user shell without starting the normal daemons. 65The system is then quiescent for maintenance work and may 66later be made to go to multi-user by exiting the 67single-user shell (with ^D). 68This 69causes 70.Nm init 71to run the 72.Pa /etc/rc 73start up command file in fastboot mode (skipping disk checks). 74.Pp 75If the 76.Nm console 77entry in the 78.Xr ttys 5 79file is marked ``insecure'', 80then 81.Nm init 82will require that the superuser password be 83entered before the system will start a single-user shell. 84The password check is skipped if the 85.Nm console 86is marked as ``secure''. 87.Pp 88The kernel runs with four different levels of security. 89Any superuser process can raise the security level, but only 90.Nm init 91can lower it. 92Security levels are defined as follows: 93.Bl -tag -width flag 94.It Ic -1 95Permanently insecure mode \- always run system in level 0 mode. 96.It Ic 0 97Insecure mode \- immutable and append-only flags may be turned off. 98All devices may be read or written subject to their permissions. 99.It Ic 1 100Secure mode \- immutable and append-only flags may not be changed; 101disks for mounted filesystems, 102.Pa /dev/mem , 103and 104.Pa /dev/kmem 105are read-only. 106.It Ic 2 107Highly secure mode \- same as secure mode, plus disks are always 108read-only whether mounted or not. 109This level precludes tampering with filesystems by unmounting them, 110but also inhibits running 111.Xr newfs 8 112while the system is multi-user. 113.El 114.Pp 115Normally, the system runs in level 0 mode while single user 116and in level 1 mode while multiuser. 117If the level 2 mode is desired while running multiuser, 118it can be set in the startup script 119.Pa /etc/rc 120using 121.Xr sysctl 8 . 122If it is desired to run the system in level 0 mode while multiuser, 123the administrator must build a kernel with the variable 124.Nm securelevel 125defined in the file 126.Pa /sys/arch/compile/MACHINE/param.c 127and initialize it to -1. 128.Pp 129In multi-user operation, 130.Nm init 131maintains 132processes for the terminal ports found in the file 133.Xr ttys 5 . 134.Nm Init 135reads this file, and executes the command found in the second field. 136This command is usually 137.Xr getty 8 ; 138.Xr getty 139opens and initializes the tty line 140and 141executes the 142.Xr login 143program. 144The 145.Xr login 146program, when a valid user logs in, 147executes a shell for that user. When this shell 148dies, either because the user logged out 149or an abnormal termination occurred (a signal), 150the 151.Nm init 152program wakes up, deletes the user 153from the 154.Xr utmp 5 155file of current users and records the logout in the 156.Xr wtmp 157file. 158The cycle is 159then restarted by 160.Nm init 161executing a new 162.Xr getty 163for the line. 164.Pp 165Line status (on, off, secure, getty, or window information) 166may be changed in the 167.Xr ttys 168file without a reboot by sending the signal 169.Dv SIGHUP 170to 171.Nm init 172with the command 173.Dq Li "kill \-s HUP 1" . 174On receipt of this signal, 175.Nm init 176re-reads the 177.Xr ttys 178file. 179When a line is turned off in 180.Xr ttys , 181.Nm init 182will send a SIGHUP signal to the controlling process 183for the session associated with the line. 184For any lines that were previously turned off in the 185.Xr ttys 186file and are now on, 187.Nm init 188executes a new 189.Xr getty 190to enable a new login. 191If the getty or window field for a line is changed, 192the change takes effect at the end of the current 193login session (e.g., the next time 194.Nm init 195starts a process on the line). 196If a line is commented out or deleted from 197.Xr ttys , 198.Nm init 199will not do anything at all to that line. 200However, it will complain that the relationship between lines 201in the 202.Xr ttys 203file and records in the 204.Xr utmp 205file is out of sync, 206so this practice is not recommended. 207.Pp 208.Nm Init 209will terminate multi-user operations and resume single-user mode 210if sent a terminate 211.Pq Dv TERM 212signal, for example, 213.Dq Li "kill \-s TERM 1" . 214If there are processes outstanding that are deadlocked (because of 215hardware or software failure), 216.Xr init 217will not wait for them all to die (which might take forever), but 218will time out after 30 seconds and print a warning message. 219.Pp 220.Nm Init 221will cease creating new 222.Xr getty Ns 's 223and allow the system to slowly die away, if it is sent a terminal stop 224.Pq Dv TSTP 225signal, i.e. 226.Dq Li "kill \-s TSTP 1" . 227A later hangup will resume full 228multi-user operations, or a terminate will start a single user shell. 229This hook is used by 230.Xr reboot 8 231and 232.Xr halt 8 . 233.Pp 234The role of 235.Nm init 236is so critical that if it dies, the system will reboot itself 237automatically. 238If, at bootstrap time, the 239.Xr init 240process cannot be located, the system will panic with the message 241``panic: "init died (signal %d, exit %d)''. 242.Sh DIAGNOSTICS 243.Bl -diag 244.It "getty repeating too quickly on port %s, sleeping" 245A process being started to service a line is exiting quickly 246each time it is started. 247This is often caused by a ringing or noisy terminal line. 248.Em "Init will sleep for 10 seconds" , 249.Em "then continue trying to start the process" . 250.Pp 251.It "some processes would not die; ps axl advised." 252A process 253is hung and could not be killed when the system was shutting down. 254This condition is usually caused by a process 255that is stuck in a device driver because of 256a persistent device error condition. 257.El 258.Sh FILES 259.Bl -tag -width /var/log/wtmp -compact 260.It Pa /dev/console 261System console device. 262.It Pa /dev/tty* 263Terminal ports found in 264.Xr ttys . 265.It Pa /var/run/utmp 266Record of Current users on the system. 267.It Pa /var/log/wtmp 268Record of all logins and logouts. 269.It Pa /etc/ttys 270The terminal initialization information file. 271.It Pa /etc/rc 272System startup commands. 273.El 274.Sh SEE ALSO 275.Xr login 1 , 276.Xr kill 1 , 277.Xr sh 1 , 278.Xr ttys 5 , 279.Xr crash 8 , 280.Xr getty 8 , 281.Xr rc 8 , 282.Xr reboot 8 , 283.Xr halt 8 , 284.Xr shutdown 8 285.Sh HISTORY 286A 287.Nm 288command appeared in 289.At v6 . 290.Sh BUGS 291Systems without 292.Xr sysctl 293behave as though they have security level \-1. 294