Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
INIT(8)			  BSD System Manager's Manual		       INIT(8)

     init -- process control initialization


     The init program is the last stage	of the boot process.  It normally runs
     the automatic reboot sequence as described	in reboot(8), and if this suc-
     ceeds, begins multi-user operation.  If the reboot	scripts	fail, init
     commences single user operation by	giving the super-user a	shell on the
     console.  The init	program	may be passed parameters from the boot program
     to	prevent	the system from	going multi-user and to	instead	execute	a sin-
     gle user shell without starting the normal	daemons.  The system is	then
     quiescent for maintenance work and	may later be made to go	to multi-user
     by	exiting	the single-user	shell (with ^D).  This causes init to run the
     /etc/rc start up command file in fastboot mode (skipping disk checks).

     If	the console entry in the ttys(5) file is marked	``insecure'', then
     init will require that the	superuser password be entered before the sys-
     tem will start a single-user shell.  The password check is	skipped	if the
     console is	marked as ``secure''.

     The kernel	runs with four different levels	of security.  Any superuser
     process can raise the security level, but only init can lower it.	The
     security levels are:

     -1	   Permanently insecure	mode - always run the system in	level 0	mode.
	   This	is the default initial value.

     0	   Insecure mode - immutable and append-only flags may be turned off.
	   All devices may be read or written subject to their permissions.

     1	   Secure mode - the system immutable and system append-only flags may
	   not be turned off; disks for	mounted	filesystems, /dev/mem, and
	   /dev/kmem may not be	opened for writing.

     2	   Highly secure mode -	same as	secure mode, plus disks	may not	be
	   opened for writing (except by mount(2)) whether mounted or not.
	   This	level precludes	tampering with filesystems by unmounting them,
	   but also inhibits running newfs(8) while the	system is multi-user.

     3	   Network secure mode - same as highly	secure mode, plus IP packet
	   filter rules	(see ipfw(8) and ipfirewall(4))	can not	be changed and
	   dummynet configuration can not be adjusted.

     If	the security level is initially	-1, then init leaves it	unchanged.
     Otherwise,	init arranges to run the system	in level 0 mode	while single
     user and in level 1 mode while multiuser.	If level 2 mode	is desired
     while running multiuser, it can be	set while single user, e.g., in	the
     startup script /etc/rc, using sysctl(8) to	set the	"kern.securelevel"
     variable to the required security level.

     In	multi-user operation, init maintains processes for the terminal	ports
     found in the file ttys(5).	 Init reads this file, and executes the	com-
     mand found	in the second field.  This command is usually getty(8);	getty
     opens and initializes the tty line	and executes the login(1) program.
     The login program,	when a valid user logs in, executes a shell for	that
     user.  When this shell dies, either because the user logged out or	an ab-
     normal termination	occurred (a signal), the init program wakes up,
     deletes the user from the utmp(5) file of current users and records the
     logout in the wtmp(5) file.  The cycle is then restarted by init execut-
     ing a new getty for the line.

     Line status (on, off, secure, getty, or window information) may be
     changed in	the ttys(5) file without a reboot by sending the signal	SIGHUP
     to	init with the command "kill -HUP 1".  On receipt of this signal, init
     re-reads the ttys(5) file.	 When a	line is	turned off in ttys(5), init
     will send a SIGHUP	signal to the controlling process for the session as-
     sociated with the line.  For any lines that were previously turned	off in
     the ttys(5) file and are now on, init executes a new getty	to enable a
     new login.	 If the	getty or window	field for a line is changed, the
     change takes effect at the	end of the current login session (e.g.,	the
     next time init starts a process on	the line).  If a line is commented out
     or	deleted	from ttys(5), init will	not do anything	at all to that line.
     However, it will complain that the	relationship between lines in the
     ttys(5) file and records in the utmp(5) file is out of sync, so this
     practice is not recommended.

     Init will terminate multi-user operations and resume single-user mode if
     sent a terminate (TERM) signal, for example, "kill	-TERM 1".  If there
     are processes outstanding that are	deadlocked (because of hardware	or
     software failure),	init will not wait for them all	to die (which might
     take forever), but	will time out after 30 seconds and print a warning

     Init will cease creating new getty's and allow the	system to slowly die
     away, if it is sent a terminal stop (TSTP)	signal,	i.e.  "kill -TSTP 1".
     A later hangup will resume	full multi-user	operations, or a terminate
     will start	a single user shell.  This hook	is used	by reboot(8) and

     Init will terminate all possible processes	(again,	it will	not wait for
     deadlocked	processes) and reboot the machine if sent the interrupt	(INT)
     signal, i.e.  "kill -INT 1".  This	is useful for shutting the machine
     down cleanly from inside the kernel or from X when	the machine appears to
     be	hung.

     When shutting down	the machine, init will try to run the /etc/rc.shutdown
     script. This script can be	used to	cleanly	terminate specific programs
     such as innd (the InterNetNews server).

     The role of init is so critical that if it	dies, the system will reboot
     itself automatically.  If,	at bootstrap time, the init process cannot be
     located, the system will panic with the message ``panic: "init died (sig-
     nal %d, exit %d)''.

     getty repeating too quickly on port %s, sleeping  A process being started
     to	service	a line is exiting quickly each time it is started.  This is
     often caused by a ringing or noisy	terminal line.	Init will sleep	for 10
     seconds, then continue trying to start the	process.

     some processes would not die; ps axl advised.  A process is hung and
     could not be killed when the system was shutting down.  This condition is
     usually caused by a process that is stuck in a device driver because of a
     persistent	device error condition.

     /dev/console   system console device
     /dev/tty*	    terminal ports found in ttys(5)
     /var/run/utmp  record of current users on the system
     /var/log/wtmp  record of all logins and logouts
     /etc/ttys	    the	terminal initialization	information file
     /etc/rc	    system startup commands
		    system shutdown commands

     kill(1), login(1),	sh(1), ipfirewall(4), ttys(5), crash(8), getty(8),
     halt(8), ipfw(8), rc(8), reboot(8), shutdown(8), sysctl(8)

     A init command appeared in	Version	6 AT&T UNIX.

     Systems without sysctl behave as though they have security	level -1.

     Setting the security level	above 1	too early in the boot sequence can
     prevent fsck(8) from repairing inconsistent filesystems.  The preferred
     location to set the security level	is at the end of /etc/rc after all
     multi-user	startup	actions	are complete.

4th Berkeley Distribution	April 18, 1994	     4th Berkeley Distribution


Want to link to this manual page? Use this URL:

home | help