Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
INIT(8)			  BSD System Manager's Manual		       INIT(8)

     init -- process control initialization

     init [0 | 1 | 6 | c | q]

     The init program is the last stage	of the boot process.  It normally runs
     the automatic reboot sequence as described	in rc(8), and if this suc-
     ceeds, begins multi-user operation.  If the reboot	scripts	fail, init
     commences single-user operation by	giving the super-user a	shell on the
     console.  The init	program	may be passed parameters from the boot program
     to	prevent	the system from	going multi-user and to	instead	execute	a sin-
     gle-user shell without starting the normal	daemons.  The system is	then
     quiescent for maintenance work and	may later be made to go	to multi-user
     by	exiting	the single-user	shell (with ^D).  This causes init to run the
     /etc/rc start up command file in fastboot mode (skipping disk checks).

     If	the console entry in the ttys(5) file is marked	"insecure", then init
     will require that the super-user password be entered before the system
     will start	a single-user shell.  The password check is skipped if the
     console is	marked as "secure".

     The kernel	runs with four different levels	of security.  Any super-user
     process can raise the security level, but no process can lower it.	 The
     security levels are:

     -1	   Permanently insecure	mode - always run the system in	level 0	mode.
	   This	is the default initial value.

     0	   Insecure mode - immutable and append-only flags may be turned off.
	   All devices may be read or written subject to their permissions.

     1	   Secure mode - the system immutable and system append-only flags may
	   not be turned off; disks for	mounted	filesystems, /dev/mem, and
	   /dev/kmem may not be	opened for writing; kernel modules (see
	   kld(4)) may not be loaded or	unloaded.

     2	   Highly secure mode -	same as	secure mode, plus disks	may not	be
	   opened for writing (except by mount(2)) whether mounted or not.
	   This	level precludes	tampering with filesystems by unmounting them,
	   but also inhibits running newfs(8) while the	system is multi-user.

	   In addition,	kernel time changes are	restricted to less than	or
	   equal to one	second.	 Attempts to change the	time by	more than this
	   will	log the	message	"Time adjustment clamped to +1 second".

     3	   Network secure mode - same as highly	secure mode, plus IP packet
	   filter rules	(see ipfw(8) and ipfirewall(4))	cannot be changed and
	   dummynet(4) configuration cannot be adjusted.

     If	the security level is initially	nonzero, then init leaves it un-
     changed.  Otherwise, init raises the level	to 1 before going multi-user
     for the first time.  Since	the level can not be reduced, it will be at
     least 1 for subsequent operation, even on return to single-user.  If a
     level higher than 1 is desired while running multi-user, it can be	set
     before going multi-user, e.g., by the startup script rc(8), using
     sysctl(8) to set the "kern.securelevel" variable to the required security

     In	multi-user operation, init maintains processes for the terminal	ports
     found in the file ttys(5).	 Init reads this file and executes the command
     found in the second field,	unless the first field refers to a device in
     /dev which	is not configured.  The	first field is supplied	as the final
     argument to the command.  This command is usually getty(8); getty opens
     and initializes the tty line and executes the login(1) program.  The
     login program, when a valid user logs in, executes	a shell	for that user.
     When this shell dies, either because the user logged out or an abnormal
     termination occurred (a signal), the init program wakes up, deletes the
     user from the utmp(5) file	of current users and records the logout	in the
     wtmp(5) file.  The	cycle is then restarted	by init	executing a new	getty
     for the line.

     Init can also be used to keep arbitrary daemons running, automatically
     restarting	them if	they die.  In this case, the first field in the
     ttys(5) file must not reference the path to a configured device node and
     will be passed to the daemon as the final argument	on its command line.
     This is similar to	the facility offered in	the AT&T System	V UNIX

     Line status (on, off, secure, getty, or window information) may be
     changed in	the ttys(5) file without a reboot by sending the signal	SIGHUP
     to	init with the command "kill -HUP 1".  On receipt of this signal, init
     re-reads the ttys(5) file.	 When a	line is	turned off in ttys(5), init
     will send a SIGHUP	signal to the controlling process for the session as-
     sociated with the line.  For any lines that were previously turned	off in
     the ttys(5) file and are now on, init executes the	command	specified in
     the second	field.	If the command or window field for a line is changed,
     the change	takes effect at	the end	of the current login session (e.g.,
     the next time init	starts a process on the	line).	If a line is commented
     out or deleted from ttys(5), init will not	do anything at all to that
     line.  However, it	will complain that the relationship between lines in
     the ttys(5) file and records in the utmp(5) file is out of	sync, so this
     practice is not recommended.

     Init will terminate multi-user operations and resume single-user mode if
     sent a terminate (TERM) signal, for example, "kill	-TERM 1".  If there
     are processes outstanding that are	deadlocked (because of hardware	or
     software failure),	init will not wait for them all	to die (which might
     take forever), but	will time out after 30 seconds and print a warning

     Init will cease creating new processes and	allow the system to slowly die
     away, if it is sent a terminal stop (TSTP)	signal,	i.e. "kill -TSTP 1".
     A later hangup will resume	full multi-user	operations, or a terminate
     will start	a single-user shell.  This hook	is used	by reboot(8) and

     Init will terminate all possible processes	(again,	it will	not wait for
     deadlocked	processes) and reboot the machine if sent the interrupt	(INT)
     signal, i.e. "kill	-INT 1".  This is useful for shutting the machine down
     cleanly from inside the kernel or from X when the machine appears to be

     Init will do the same, except it will halt	the machine if sent the	user
     defined signal 1 (USR1), or will halt and turn the	power off (if hardware
     permits) if sent the user defined signal 2	(USR2).

     When shutting down	the machine, init will try to run the /etc/rc.shutdown
     script.  This script can be used to cleanly terminate specific programs
     such as innd (the InterNetNews server).

     The role of init is so critical that if it	dies, the system will reboot
     itself automatically.  If,	at bootstrap time, the init process cannot be
     located, the system will panic with the message "panic: init died (signal
     %d, exit %d)".

     If	run as a user process as shown in the second synopsis line, init will
     emulate AT&T System V UNIX	behavior, i.e. super-user can specify the de-
     sired run-level on	a command line,	and init will signal the original (PID
     1)	init as	follows:

     Run-level	  Signal     Action
     0		  SIGUSR2    Halt and turn the power off
     1		  SIGTERM    Go	to single-user mode
     6		  SIGINT     Reboot the	machine
     c		  SIGTSTP    Block further logins
     q		  SIGHUP     Rescan the	ttys(5)	file

     getty repeating too quickly on port %s, sleeping.	A process being
     started to	service	a line is exiting quickly each time it is started.
     This is often caused by a ringing or noisy	terminal line.	Init will
     sleep for 30 seconds, then	continue trying	to start the process.

     some processes would not die; ps axl advised.  A process is hung and
     could not be killed when the system was shutting down.  This condition is
     usually caused by a process that is stuck in a device driver because of a
     persistent	device error condition.

     /dev/console      system console device
     /dev/tty*	       terminal	ports found in ttys(5)
     /var/run/utmp     record of current users on the system
     /var/log/wtmp     record of all logins and	logouts
     /etc/ttys	       the terminal initialization information file
     /etc/rc	       system startup commands
     /etc/rc.shutdown  system shutdown commands

     kill(1), login(1),	sh(1), dummynet(4), ipfirewall(4), kld(4), ttys(5),
     crash(8), getty(8), halt(8), ipfw(8), rc(8), reboot(8), shutdown(8),

     An	init command appeared in Version 6 AT&T	UNIX.

     Systems without sysctl behave as though they have security	level -1.

     Setting the security level	above 1	too early in the boot sequence can
     prevent fsck(8) from repairing inconsistent filesystems.  The preferred
     location to set the security level	is at the end of /etc/rc after all
     multi-user	startup	actions	are complete.

BSD				April 18, 1994				   BSD


Want to link to this manual page? Use this URL:

home | help