1.\" Copyright (c) 1980, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Donn Seeley at Berkeley Software Design, Inc. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" from: @(#)init.8 8.3 (Berkeley) 4/18/94 36.\" $Id: init.8,v 1.5 1994/09/23 23:18:36 mycroft Exp $ 37.\" 38.Dd April 18, 1994 39.Dt INIT 8 40.Os BSD 4 41.Sh NAME 42.Nm init 43.Nd process control initialization 44.Sh SYNOPSIS 45.Nm init 46.Sh DESCRIPTION 47The 48.Nm init 49program 50is the last stage of the boot process. 51It normally runs the automatic reboot sequence as described in 52.Xr reboot 8 , 53and if this succeeds, begins multi-user operation. 54If the reboot scripts fail, 55.Nm init 56commences single user operation by giving 57the super-user a shell on the console. 58The 59.Nm init 60program may be passed parameters 61from the boot program to 62prevent the system from going multi-user and to instead execute 63a single user shell without starting the normal daemons. 64The system is then quiescent for maintenance work and may 65later be made to go to multi-user by exiting the 66single-user shell (with ^D). 67This 68causes 69.Nm init 70to run the 71.Pa /etc/rc 72start up command file in fastboot mode (skipping disk checks). 73.Pp 74If the 75.Nm console 76entry in the 77.Xr ttys 5 78file is marked ``insecure'', 79then 80.Nm init 81will require that the superuser password be 82entered before the system will start a single-user shell. 83The password check is skipped if the 84.Nm console 85is marked as ``secure''. 86.Pp 87The kernel runs with four different levels of security. 88Any superuser process can raise the security level, but only 89.Nm init 90can lower it. 91Security levels are defined as follows: 92.Bl -tag -width flag 93.It Ic -1 94Permanently insecure mode \- always run system in level 0 mode. 95.It Ic 0 96Insecure mode \- immutable and append-only flags may be turned off. 97All devices may be read or written subject to their permissions. 98.It Ic 1 99Secure mode \- immutable and append-only flags may not be changed; 100disks for mounted filesystems, 101.Pa /dev/mem , 102and 103.Pa /dev/kmem 104are read-only. 105.It Ic 2 106Highly secure mode \- same as secure mode, plus disks are always 107read-only whether mounted or not. 108This level precludes tampering with filesystems by unmounting them, 109but also inhibits running 110.Xr newfs 8 111while the system is multi-user. 112.El 113.Pp 114Normally, the system runs in level 0 mode while single user 115and in level 1 mode while multiuser. 116If the level 2 mode is desired while running multiuser, 117it can be set in the startup script 118.Pa /etc/rc 119using 120.Xr sysctl 8 . 121If it is desired to run the system in level 0 mode while multiuser, 122the administrator must build a kernel with the variable 123.Nm securelevel 124defined in the file 125.Pa /sys/arch/compile/MACHINE/param.c 126and initialize it to -1. 127.Pp 128In multi-user operation, 129.Nm init 130maintains 131processes for the terminal ports found in the file 132.Xr ttys 5 . 133.Nm Init 134reads this file, and executes the command found in the second field. 135This command is usually 136.Xr getty 8 ; 137.Xr getty 138opens and initializes the tty line 139and 140executes the 141.Xr login 142program. 143The 144.Xr login 145program, when a valid user logs in, 146executes a shell for that user. When this shell 147dies, either because the user logged out 148or an abnormal termination occurred (a signal), 149the 150.Nm init 151program wakes up, deletes the user 152from the 153.Xr utmp 5 154file of current users and records the logout in the 155.Xr wtmp 156file. 157The cycle is 158then restarted by 159.Nm init 160executing a new 161.Xr getty 162for the line. 163.Pp 164Line status (on, off, secure, getty, or window information) 165may be changed in the 166.Xr ttys 167file without a reboot by sending the signal 168.Dv SIGHUP 169to 170.Nm init 171with the command 172.Dq Li "kill \-s HUP 1" . 173On receipt of this signal, 174.Nm init 175re-reads the 176.Xr ttys 177file. 178When a line is turned off in 179.Xr ttys , 180.Nm init 181will send a SIGHUP signal to the controlling process 182for the session associated with the line. 183For any lines that were previously turned off in the 184.Xr ttys 185file and are now on, 186.Nm init 187executes a new 188.Xr getty 189to enable a new login. 190If the getty or window field for a line is changed, 191the change takes effect at the end of the current 192login session (e.g., the next time 193.Nm init 194starts a process on the line). 195If a line is commented out or deleted from 196.Xr ttys , 197.Nm init 198will not do anything at all to that line. 199However, it will complain that the relationship between lines 200in the 201.Xr ttys 202file and records in the 203.Xr utmp 204file is out of sync, 205so this practice is not recommended. 206.Pp 207.Nm Init 208will terminate multi-user operations and resume single-user mode 209if sent a terminate 210.Pq Dv TERM 211signal, for example, 212.Dq Li "kill \-s TERM 1" . 213If there are processes outstanding that are deadlocked (because of 214hardware or software failure), 215.Xr init 216will not wait for them all to die (which might take forever), but 217will time out after 30 seconds and print a warning message. 218.Pp 219.Nm Init 220will cease creating new 221.Xr getty Ns 's 222and allow the system to slowly die away, if it is sent a terminal stop 223.Pq Dv TSTP 224signal, i.e. 225.Dq Li "kill \-s TSTP 1" . 226A later hangup will resume full 227multi-user operations, or a terminate will start a single user shell. 228This hook is used by 229.Xr reboot 8 230and 231.Xr halt 8 . 232.Pp 233The role of 234.Nm init 235is so critical that if it dies, the system will reboot itself 236automatically. 237If, at bootstrap time, the 238.Xr init 239process cannot be located, the system will panic with the message 240``panic: "init died (signal %d, exit %d)''. 241.Sh DIAGNOSTICS 242.Bl -diag 243.It "getty repeating too quickly on port %s, sleeping" 244A process being started to service a line is exiting quickly 245each time it is started. 246This is often caused by a ringing or noisy terminal line. 247.Em "Init will sleep for 10 seconds" , 248.Em "then continue trying to start the process" . 249.Pp 250.It "some processes would not die; ps axl advised." 251A process 252is hung and could not be killed when the system was shutting down. 253This condition is usually caused by a process 254that is stuck in a device driver because of 255a persistent device error condition. 256.El 257.Sh FILES 258.Bl -tag -width /var/log/wtmp -compact 259.It Pa /dev/console 260System console device. 261.It Pa /dev/tty* 262Terminal ports found in 263.Xr ttys . 264.It Pa /var/run/utmp 265Record of Current users on the system. 266.It Pa /var/log/wtmp 267Record of all logins and logouts. 268.It Pa /etc/ttys 269The terminal initialization information file. 270.It Pa /etc/rc 271System startup commands. 272.El 273.Sh SEE ALSO 274.Xr login 1 , 275.Xr kill 1 , 276.Xr sh 1 , 277.Xr ttys 5 , 278.Xr crash 8 , 279.Xr getty 8 , 280.Xr rc 8 , 281.Xr reboot 8 , 282.Xr halt 8 , 283.Xr shutdown 8 284.Sh HISTORY 285A 286.Nm 287command appeared in 288.At v6 . 289.Sh BUGS 290Systems without 291.Xr sysctl 292behave as though they have security level \-1. 293