1.\" $NetBSD: init.8,v 1.8 1997/06/30 20:30:06 phil Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" This code is derived from software contributed to Berkeley by 7.\" Donn Seeley at Berkeley Software Design, Inc. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the University of 20.\" California, Berkeley and its contributors. 21.\" 4. Neither the name of the University nor the names of its contributors 22.\" may be used to endorse or promote products derived from this software 23.\" without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35.\" SUCH DAMAGE. 36.\" 37.\" @(#)init.8 8.3 (Berkeley) 4/18/94 38.\" 39.Dd April 18, 1994 40.Dt INIT 8 41.Os BSD 4 42.Sh NAME 43.Nm init 44.Nd process control initialization 45.Sh SYNOPSIS 46.Nm init 47.Sh DESCRIPTION 48The 49.Nm init 50program 51is the last stage of the boot process. 52It normally runs the automatic reboot sequence as described in 53.Xr reboot 8 , 54and if this succeeds, begins multi-user operation. 55If the reboot scripts fail, 56.Nm init 57commences single user operation by giving 58the super-user a shell on the console. 59The 60.Nm init 61program may be passed parameters 62from the boot program to 63prevent the system from going multi-user and to instead execute 64a single user shell without starting the normal daemons. 65The system is then quiescent for maintenance work and may 66later be made to go to multi-user by exiting the 67single-user shell (with ^D). 68This 69causes 70.Nm init 71to run the 72.Pa /etc/rc 73start up command file in fastboot mode (skipping disk checks). 74.Pp 75If the 76.Nm console 77entry in the 78.Xr ttys 5 79file is marked ``insecure'', 80then 81.Nm init 82will require that the superuser password be 83entered before the system will start a single-user shell. 84The password check is skipped if the 85.Nm console 86is marked as ``secure''. 87.Pp 88The kernel runs with four different levels of security. 89Any superuser process can raise the security level, but only 90.Nm init 91can lower it. 92Security levels are defined as follows: 93.Bl -tag -width flag 94.It Ic -1 95Permanently insecure mode \- always run system in level 0 mode. 96.It Ic 0 97Insecure mode \- immutable and append-only flags may changed. 98All devices may be read or written subject to their permissions. 99.It Ic 1 100Secure mode \- system immutable and system append-only flags may not 101be turned off; disks for mounted filesystems, 102.Pa /dev/mem , 103and 104.Pa /dev/kmem 105are read-only. 106.It Ic 2 107Highly secure mode \- same as secure mode, plus disks are always 108read-only whether mounted or not. 109This level precludes tampering with filesystems by unmounting them, 110but also inhibits running 111.Xr newfs 8 112while the system is multi-user. 113.El 114.Pp 115Normally, the system runs in level 0 mode while single user 116and in level 1 mode while multi-user. 117If the level 2 mode is desired while running multi-user, 118it can be set in the startup script 119.Pa /etc/rc 120using 121.Xr sysctl 8 . 122If it is desired to run the system in level 0 mode while multi-user, 123the administrator must build a kernel with 124.Sy options INSECURE 125in the kernel configuration file, which initializes the kernel's 126.Va securelevel 127variable to -1. See 128.Xr options 4 129and 130.Xr config 8 131for details. 132.Pp 133In multi-user operation, 134.Nm init 135maintains 136processes for the terminal ports found in the file 137.Xr ttys 5 . 138.Nm Init 139reads this file, and executes the command found in the second field. 140This command is usually 141.Xr getty 8 ; 142.Xr getty 143opens and initializes the tty line 144and 145executes the 146.Xr login 147program. 148The 149.Xr login 150program, when a valid user logs in, 151executes a shell for that user. When this shell 152dies, either because the user logged out 153or an abnormal termination occurred (a signal), 154the 155.Nm init 156program wakes up, deletes the user 157from the 158.Xr utmp 5 159file of current users and records the logout in the 160.Xr wtmp 161file. 162The cycle is 163then restarted by 164.Nm init 165executing a new 166.Xr getty 167for the line. 168.Pp 169Line status (on, off, secure, getty, or window information) 170may be changed in the 171.Xr ttys 172file without a reboot by sending the signal 173.Dv SIGHUP 174to 175.Nm init 176with the command 177.Dq Li "kill \-s HUP 1" . 178On receipt of this signal, 179.Nm init 180re-reads the 181.Xr ttys 182file. 183When a line is turned off in 184.Xr ttys , 185.Nm init 186will send a SIGHUP signal to the controlling process 187for the session associated with the line. 188For any lines that were previously turned off in the 189.Xr ttys 190file and are now on, 191.Nm init 192executes a new 193.Xr getty 194to enable a new login. 195If the getty or window field for a line is changed, 196the change takes effect at the end of the current 197login session (e.g., the next time 198.Nm init 199starts a process on the line). 200If a line is commented out or deleted from 201.Xr ttys , 202.Nm init 203will not do anything at all to that line. 204However, it will complain that the relationship between lines 205in the 206.Xr ttys 207file and records in the 208.Xr utmp 209file is out of sync, 210so this practice is not recommended. 211.Pp 212.Nm Init 213will terminate multi-user operations and resume single-user mode 214if sent a terminate 215.Pq Dv TERM 216signal, for example, 217.Dq Li "kill \-s TERM 1" . 218If there are processes outstanding that are deadlocked (because of 219hardware or software failure), 220.Xr init 221will not wait for them all to die (which might take forever), but 222will time out after 30 seconds and print a warning message. 223.Pp 224.Nm Init 225will cease creating new 226.Xr getty Ns 's 227and allow the system to slowly die away, if it is sent a terminal stop 228.Pq Dv TSTP 229signal, i.e. 230.Dq Li "kill \-s TSTP 1" . 231A later hangup will resume full 232multi-user operations, or a terminate will start a single user shell. 233This hook is used by 234.Xr reboot 8 235and 236.Xr halt 8 . 237.Pp 238The role of 239.Nm init 240is so critical that if it dies, the system will reboot itself 241automatically. 242If, at bootstrap time, the 243.Xr init 244process cannot be located, the system will panic with the message 245``panic: "init died (signal %d, exit %d)''. 246.Sh DIAGNOSTICS 247.Bl -diag 248.It "getty repeating too quickly on port %s, sleeping" 249A process being started to service a line is exiting quickly 250each time it is started. 251This is often caused by a ringing or noisy terminal line. 252.Em "Init will sleep for 10 seconds" , 253.Em "then continue trying to start the process" . 254.Pp 255.It "some processes would not die; ps axl advised." 256A process 257is hung and could not be killed when the system was shutting down. 258This condition is usually caused by a process 259that is stuck in a device driver because of 260a persistent device error condition. 261.El 262.Sh FILES 263.Bl -tag -width /var/log/wtmp -compact 264.It Pa /dev/console 265System console device. 266.It Pa /dev/tty* 267Terminal ports found in 268.Xr ttys . 269.It Pa /var/run/utmp 270Record of Current users on the system. 271.It Pa /var/log/wtmp 272Record of all logins and logouts. 273.It Pa /etc/ttys 274The terminal initialization information file. 275.It Pa /etc/rc 276System startup commands. 277.El 278.Sh SEE ALSO 279.Xr login 1 , 280.Xr kill 1 , 281.Xr sh 1 , 282.Xr options 4 , 283.Xr ttys 5 , 284.Xr config 8 , 285.Xr crash 8 , 286.Xr getty 8 , 287.Xr rc 8 , 288.Xr reboot 8 , 289.Xr halt 8 , 290.Xr shutdown 8 291.Sh HISTORY 292A 293.Nm 294command appeared in 295.At v6 . 296.Sh BUGS 297Systems without 298.Xr sysctl 299behave as though they have security level \-1. 300