Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
INIT(8)			FreeBSD	System Manager's Manual		       INIT(8)

NAME
     init -- process control initialization

SYNOPSIS
     init
     init [0 | 1 | 6 | c | q]

DESCRIPTION
     The init utility is the last stage	of the boot process.  It normally runs
     the automatic reboot sequence as described	in rc(8), and if this suc-
     ceeds, begins multi-user operation.  If the reboot	scripts	fail, init
     commences single-user operation by	giving the super-user a	shell on the
     console.  The init	utility	may be passed parameters from the boot program
     to	prevent	the system from	going multi-user and to	instead	execute	a sin-
     gle-user shell without starting the normal	daemons.  The system is	then
     quiescent for maintenance work and	may later be made to go	to multi-user
     by	exiting	the single-user	shell (with ^D).  This causes init to run the
     /etc/rc start up command file in fastboot mode (skipping disk checks).

     If	the console entry in the ttys(5) file is marked	``insecure'', then
     init will require that the	super-user password be entered before the sys-
     tem will start a single-user shell.  The password check is	skipped	if the
     console is	marked as ``secure''.

     The kernel	runs with five different levels	of security.  Any super-user
     process can raise the security level, but no process can lower it.	 The
     security levels are:

     -1	   Permanently insecure	mode - always run the system in	level 0	mode.
	   This	is the default initial value.

     0	   Insecure mode - immutable and append-only flags may be turned off.
	   All devices may be read or written subject to their permissions.

     1	   Secure mode - the system immutable and system append-only flags may
	   not be turned off; disks for	mounted	file systems, /dev/mem,
	   /dev/kmem and /dev/io (if your platform has it) may not be opened
	   for writing;	kernel modules (see kld(4)) may	not be loaded or
	   unloaded.

     2	   Highly secure mode -	same as	secure mode, plus disks	may not	be
	   opened for writing (except by mount(2)) whether mounted or not.
	   This	level precludes	tampering with file systems by unmounting
	   them, but also inhibits running newfs(8) while the system is	multi-
	   user.

	   In addition,	kernel time changes are	restricted to less than	or
	   equal to one	second.	 Attempts to change the	time by	more than this
	   will	log the	message	``Time adjustment clamped to +1	second''.

     3	   Network secure mode - same as highly	secure mode, plus IP packet
	   filter rules	(see ipfw(8), ipfirewall(4) and	pfctl(8)) cannot be
	   changed and dummynet(4) or pf(4) configuration cannot be adjusted.

     If	the security level is initially	nonzero, then init leaves it
     unchanged.	 Otherwise, init raises	the level to 1 before going multi-user
     for the first time.  Since	the level cannot be reduced, it	will be	at
     least 1 for subsequent operation, even on return to single-user.  If a
     level higher than 1 is desired while running multi-user, it can be	set
     before going multi-user, e.g., by the startup script rc(8), using
     sysctl(8) to set the kern.securelevel variable to the required security
     level.

     If	init is	run in a jail, the security level of the ``host	system'' will
     not be effected.  Part of the information set up in the kernel to support
     a jail is a per-jail ``securelevel'' setting.  This allows	running	a
     higher security level inside of a jail than that of the host system.  See
     jail(8) for more information about	jails.

     In	multi-user operation, init maintains processes for the terminal	ports
     found in the file ttys(5).	 The init utility reads	this file and executes
     the command found in the second field, unless the first field refers to a
     device in /dev which is not configured.  The first	field is supplied as
     the final argument	to the command.	 This command is usually getty(8);
     getty opens and initializes the tty line and executes the login(1)	pro-
     gram.  The	login program, when a valid user logs in, executes a shell for
     that user.	 When this shell dies, either because the user logged out or
     an	abnormal termination occurred (a signal), the init utility wakes up,
     deletes the user from the utmp(5) file of current users and records the
     logout in the wtmp(5) file.  The cycle is then restarted by init execut-
     ing a new getty for the line.

     The init utility can also be used to keep arbitrary daemons running,
     automatically restarting them if they die.	 In this case, the first field
     in	the ttys(5) file must not reference the	path to	a configured device
     node and will be passed to	the daemon as the final	argument on its	com-
     mand line.	 This is similar to the	facility offered in the	AT&T System V
     UNIX /etc/inittab.

     Line status (on, off, secure, getty, or window information) may be
     changed in	the ttys(5) file without a reboot by sending the signal	SIGHUP
     to	init with the command ``kill -HUP 1''.	On receipt of this signal,
     init re-reads the ttys(5) file.  When a line is turned off	in ttys(5),
     init will send a SIGHUP signal to the controlling process for the session
     associated	with the line.	For any	lines that were	previously turned off
     in	the ttys(5) file and are now on, init executes the command specified
     in	the second field.  If the command or window field for a	line is
     changed, the change takes effect at the end of the	current	login session
     (e.g., the	next time init starts a	process	on the line).  If a line is
     commented out or deleted from ttys(5), init will not do anything at all
     to	that line.  However, it	will complain that the relationship between
     lines in the ttys(5) file and records in the utmp(5) file is out of sync,
     so	this practice is not recommended.

     The init utility will terminate multi-user	operations and resume single-
     user mode if sent a terminate (TERM) signal, for example, ``kill -TERM
     1''.  If there are	processes outstanding that are deadlocked (because of
     hardware or software failure), init will not wait for them	all to die
     (which might take forever), but will time out after 30 seconds and	print
     a warning message.

     The init utility will cease creating new processes	and allow the system
     to	slowly die away, if it is sent a terminal stop (TSTP) signal, i.e.
     ``kill -TSTP 1''.	A later	hangup will resume full	multi-user operations,
     or	a terminate will start a single-user shell.  This hook is used by
     reboot(8) and halt(8).

     The init utility will terminate all possible processes (again, it will
     not wait for deadlocked processes)	and reboot the machine if sent the
     interrupt (INT) signal, i.e. ``kill -INT 1''.  This is useful for shut-
     ting the machine down cleanly from	inside the kernel or from X when the
     machine appears to	be hung.

     The init utility will do the same,	except it will halt the	machine	if
     sent the user defined signal 1 (USR1), or will halt and turn the power
     off (if hardware permits) if sent the user	defined	signal 2 (USR2).

     When shutting down	the machine, init will try to run the /etc/rc.shutdown
     script.  This script can be used to cleanly terminate specific programs
     such as innd (the InterNetNews server).  If this script does not termi-
     nate within 120 seconds, init will	terminate it. The timeout can be con-
     figured via the sysctl(8) variable	kern.init_shutdown_timeout.

     The role of init is so critical that if it	dies, the system will reboot
     itself automatically.  If,	at bootstrap time, the init process cannot be
     located, the system will panic with the message ``panic: init died
     (signal %d, exit %d)''.

     If	run as a user process as shown in the second synopsis line, init will
     emulate AT&T System V UNIX	behavior, i.e.,	super-user can specify the
     desired run-level on a command line, and init will	signal the original
     (PID 1) init as follows:

     Run-level	  Signal     Action
     0		  SIGUSR2    Halt and turn the power off
     1		  SIGTERM    Go	to single-user mode
     6		  SIGINT     Reboot the	machine
     c		  SIGTSTP    Block further logins
     q		  SIGHUP     Rescan the	ttys(5)	file

FILES
     /dev/console      system console device
     /dev/tty*	       terminal	ports found in ttys(5)
     /var/run/utmp     record of current users on the system
     /var/log/wtmp     record of all logins and	logouts
     /etc/ttys	       the terminal initialization information file
     /etc/rc	       system startup commands
     /etc/rc.shutdown  system shutdown commands

DIAGNOSTICS
     getty repeating too quickly on port %s, sleeping.	A process being
     started to	service	a line is exiting quickly each time it is started.
     This is often caused by a ringing or noisy	terminal line.	Init will
     sleep for 30 seconds, then	continue trying	to start the process.

     some processes would not die; ps axl advised.  A process is hung and
     could not be killed when the system was shutting down.  This condition is
     usually caused by a process that is stuck in a device driver because of a
     persistent	device error condition.

SEE ALSO
     kill(1), login(1),	sh(1), dummynet(4), ipfirewall(4), kld(4), pf(4),
     ttys(5), crash(8),	getty(8), halt(8), ipfw(8), jail(8), pfctl(8), rc(8),
     reboot(8),	shutdown(8), sysctl(8)

HISTORY
     An	init utility appeared in Version 6 AT&T	UNIX.

CAVEATS
     Systems without sysctl(8) behave as though	they have security level -1.

     Setting the security level	above 1	too early in the boot sequence can
     prevent fsck(8) from repairing inconsistent file systems.	The preferred
     location to set the security level	is at the end of /etc/rc after all
     multi-user	startup	actions	are complete.

FreeBSD	10.1		      September	15, 2005		  FreeBSD 10.1

NAME | SYNOPSIS | DESCRIPTION | FILES | DIAGNOSTICS | SEE ALSO | HISTORY | CAVEATS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=init&sektion=8&manpath=FreeBSD+6.4-RELEASE>

home | help