GC !__DragonFly__ section.
[dragonfly.git] / sbin / init / init.8
CommitLineData
984263bc
MD
1.\" Copyright (c) 1980, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" This code is derived from software contributed to Berkeley by
5.\" Donn Seeley at Berkeley Software Design, Inc.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\" notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\" notice, this list of conditions and the following disclaimer in the
14.\" documentation and/or other materials provided with the distribution.
15.\" 3. All advertising materials mentioning features or use of this software
16.\" must display the following acknowledgement:
17.\" This product includes software developed by the University of
18.\" California, Berkeley and its contributors.
19.\" 4. Neither the name of the University nor the names of its contributors
20.\" may be used to endorse or promote products derived from this software
21.\" without specific prior written permission.
22.\"
23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33.\" SUCH DAMAGE.
34.\"
35.\" @(#)init.8 8.3 (Berkeley) 4/18/94
36.\" $FreeBSD: src/sbin/init/init.8,v 1.22.2.11 2003/05/03 22:19:20 keramida Exp $
1de703da 37.\" $DragonFly: src/sbin/init/init.8,v 1.2 2003/06/17 04:27:33 dillon Exp $
984263bc
MD
38.\"
39.Dd April 18, 1994
40.Dt INIT 8
41.Os
42.Sh NAME
43.Nm init
44.Nd process control initialization
45.Sh SYNOPSIS
46.Nm
47.Nm
48.Oo
49.Cm 0 | 1 | 6 |
50.Cm c | q
51.Oc
52.Sh DESCRIPTION
53The
54.Nm
55utility
56is the last stage of the boot process.
57It normally runs the automatic reboot sequence as described in
58.Xr rc 8 ,
59and if this succeeds, begins multi-user operation.
60If the reboot scripts fail,
61.Nm
62commences single-user operation by giving
63the super-user a shell on the console.
64The
65.Nm
66utility may be passed parameters
67from the boot program to
68prevent the system from going multi-user and to instead execute
69a single-user shell without starting the normal daemons.
70The system is then quiescent for maintenance work and may
71later be made to go to multi-user by exiting the
72single-user shell (with ^D).
73This
74causes
75.Nm
76to run the
77.Pa /etc/rc
78start up command file in fastboot mode (skipping disk checks).
79.Pp
80If the
81.Em console
82entry in the
83.Xr ttys 5
84file is marked
85.Dq insecure ,
86then
87.Nm
88will require that the super-user password be
89entered before the system will start a single-user shell.
90The password check is skipped if the
91.Em console
92is marked as
93.Dq secure .
94.Pp
95The kernel runs with five different levels of security.
96Any super-user process can raise the security level, but no process
97can lower it.
98The security levels are:
99.Bl -tag -width flag
100.It Ic -1
101Permanently insecure mode \- always run the system in level 0 mode.
102This is the default initial value.
103.It Ic 0
104Insecure mode \- immutable and append-only flags may be turned off.
105All devices may be read or written subject to their permissions.
106.It Ic 1
107Secure mode \- the system immutable and system append-only flags may not
108be turned off;
109disks for mounted file systems,
110.Pa /dev/mem ,
111and
112.Pa /dev/kmem
113may not be opened for writing;
114kernel modules (see
115.Xr kld 4 )
116may not be loaded or unloaded.
117.It Ic 2
118Highly secure mode \- same as secure mode, plus disks may not be
119opened for writing (except by
120.Xr mount 2 )
121whether mounted or not.
122This level precludes tampering with file systems by unmounting them,
123but also inhibits running
124.Xr newfs 8
125while the system is multi-user.
126.Pp
127In addition, kernel time changes are restricted to less than or equal to one
128second. Attempts to change the time by more than this will log the message
129.Dq Time adjustment clamped to +1 second .
130.It Ic 3
131Network secure mode \- same as highly secure mode, plus
132IP packet filter rules (see
133.Xr ipfw 8
134and
135.Xr ipfirewall 4 )
136cannot be changed and
137.Xr dummynet 4
138configuration cannot be adjusted.
139.El
140.Pp
141If the security level is initially nonzero, then
142.Nm
143leaves it unchanged.
144Otherwise,
145.Nm
146raises the level to 1 before going multi-user for the first time.
147Since the level cannot be reduced, it will be at least 1 for
148subsequent operation, even on return to single-user.
149If a level higher than 1 is desired while running multi-user,
150it can be set before going multi-user, e.g., by the startup script
151.Xr rc 8 ,
152using
153.Xr sysctl 8
154to set the
155.Dq kern.securelevel
156variable to the required security level.
157.Pp
158In multi-user operation,
159.Nm
160maintains
161processes for the terminal ports found in the file
162.Xr ttys 5 .
163The
164.Nm
165utility reads this file and executes the command found in the second field,
166unless the first field refers to a device in
167.Pa /dev
168which is not configured.
169The first field is supplied as the final argument to the command.
170This command is usually
171.Xr getty 8 ;
172.Nm getty
173opens and initializes the tty line
174and
175executes the
176.Xr login 1
177program.
178The
179.Nm login
180program, when a valid user logs in,
181executes a shell for that user. When this shell
182dies, either because the user logged out
183or an abnormal termination occurred (a signal),
184the
185.Nm
186utility wakes up, deletes the user
187from the
188.Xr utmp 5
189file of current users and records the logout in the
190.Xr wtmp 5
191file.
192The cycle is
193then restarted by
194.Nm
195executing a new
196.Nm getty
197for the line.
198.Pp
199The
200.Nm
201utility can also be used to keep arbitrary daemons running,
202automatically restarting them if they die.
203In this case, the first field in the
204.Xr ttys 5
205file must not reference the path to a configured device node
206and will be passed to the daemon
207as the final argument on its command line.
208This is similar to the facility offered in the
209.At V
210.Pa /etc/inittab .
211.Pp
212Line status (on, off, secure, getty, or window information)
213may be changed in the
214.Xr ttys 5
215file without a reboot by sending the signal
216.Dv SIGHUP
217to
218.Nm
219with the command
220.Dq Li "kill -HUP 1" .
221On receipt of this signal,
222.Nm
223re-reads the
224.Xr ttys 5
225file.
226When a line is turned off in
227.Xr ttys 5 ,
228.Nm
229will send a SIGHUP signal to the controlling process
230for the session associated with the line.
231For any lines that were previously turned off in the
232.Xr ttys 5
233file and are now on,
234.Nm
235executes the command specified in the second field.
236If the command or window field for a line is changed,
237the change takes effect at the end of the current
238login session (e.g., the next time
239.Nm
240starts a process on the line).
241If a line is commented out or deleted from
242.Xr ttys 5 ,
243.Nm
244will not do anything at all to that line.
245However, it will complain that the relationship between lines
246in the
247.Xr ttys 5
248file and records in the
249.Xr utmp 5
250file is out of sync,
251so this practice is not recommended.
252.Pp
253The
254.Nm
255utility will terminate multi-user operations and resume single-user mode
256if sent a terminate
257.Pq Dv TERM
258signal, for example,
259.Dq Li "kill \-TERM 1" .
260If there are processes outstanding that are deadlocked (because of
261hardware or software failure),
262.Nm
263will not wait for them all to die (which might take forever), but
264will time out after 30 seconds and print a warning message.
265.Pp
266The
267.Nm
268utility will cease creating new processes
269and allow the system to slowly die away, if it is sent a terminal stop
270.Pq Dv TSTP
271signal, i.e.\&
272.Dq Li "kill \-TSTP 1" .
273A later hangup will resume full
274multi-user operations, or a terminate will start a single-user shell.
275This hook is used by
276.Xr reboot 8
277and
278.Xr halt 8 .
279.Pp
280The
281.Nm
282utility will terminate all possible processes (again, it will not wait
283for deadlocked processes) and reboot the machine if sent the interrupt
284.Pq Dv INT
285signal, i.e.\&
286.Dq Li "kill \-INT 1".
287This is useful for shutting the machine down cleanly from inside the kernel
288or from X when the machine appears to be hung.
289.Pp
290The
291.Nm
292utility will do the same, except it will halt the machine if sent
293the user defined signal 1
294.Pq Dv USR1 ,
295or will halt and turn the power off (if hardware permits) if sent
296the user defined signal 2
297.Pq Dv USR2 .
298.Pp
299When shutting down the machine,
300.Nm
301will try to run the
302.Pa /etc/rc.shutdown
303script.
304This script can be used to cleanly terminate specific programs such
305as
306.Nm innd
307(the InterNetNews server).
308.Pp
309The role of
310.Nm
311is so critical that if it dies, the system will reboot itself
312automatically.
313If, at bootstrap time, the
314.Nm
315process cannot be located, the system will panic with the message
316.Dq "panic: init died (signal %d, exit %d)" .
317.Pp
318If run as a user process as shown in the second synopsis line,
319.Nm
320will emulate
321.At V
322behavior, i.e. super-user can specify the desired
323.Em run-level
324on a command line, and
325.Nm
326will signal the original
327(PID 1)
328.Nm
329as follows:
330.Bl -column Run-level SIGTERM
331.It Sy "Run-level Signal Action
332.It Cm 0 Ta Dv SIGUSR2 Ta "Halt and turn the power off"
333.It Cm 1 Ta Dv SIGTERM Ta "Go to single-user mode"
334.It Cm 6 Ta Dv SIGINT Ta "Reboot the machine"
335.It Cm c Ta Dv SIGTSTP Ta "Block further logins"
336.It Cm q Ta Dv SIGHUP Ta Rescan the
337.Xr ttys 5
338file
339.El
340.Sh DIAGNOSTICS
341.Bl -diag
342.It "getty repeating too quickly on port %s, sleeping."
343A process being started to service a line is exiting quickly
344each time it is started.
345This is often caused by a ringing or noisy terminal line.
346.Bf -emphasis
347Init will sleep for 30 seconds,
348then continue trying to start the process.
349.Ef
350.It "some processes would not die; ps axl advised."
351A process
352is hung and could not be killed when the system was shutting down.
353This condition is usually caused by a process
354that is stuck in a device driver because of
355a persistent device error condition.
356.El
357.Sh FILES
358.Bl -tag -width /etc/rc.shutdown -compact
359.It Pa /dev/console
360system console device
361.It Pa /dev/tty*
362terminal ports found in
363.Xr ttys 5
364.It Pa /var/run/utmp
365record of current users on the system
366.It Pa /var/log/wtmp
367record of all logins and logouts
368.It Pa /etc/ttys
369the terminal initialization information file
370.It Pa /etc/rc
371system startup commands
372.It Pa /etc/rc.shutdown
373system shutdown commands
374.El
375.Sh SEE ALSO
376.Xr kill 1 ,
377.Xr login 1 ,
378.Xr sh 1 ,
379.Xr dummynet 4 ,
380.Xr ipfirewall 4 ,
381.Xr kld 4 ,
382.Xr ttys 5 ,
383.Xr crash 8 ,
384.Xr getty 8 ,
385.Xr halt 8 ,
386.Xr ipfw 8 ,
387.Xr rc 8 ,
388.Xr reboot 8 ,
389.Xr shutdown 8 ,
390.Xr sysctl 8
391.Sh HISTORY
392An
393.Nm
394utility appeared in
395.At v6 .
396.Sh CAVEATS
397Systems without
398.Xr sysctl
399behave as though they have security level \-1.
400.Pp
401Setting the security level above 1 too early in the boot sequence can
402prevent
403.Xr fsck 8
404from repairing inconsistent file systems. The
405preferred location to set the security level is at the end of
406.Pa /etc/rc
407after all multi-user startup actions are complete.