Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
INIT(8)			  BSD System Manager's Manual		       INIT(8)

     init -- process control initialization

     init [0 | 1 | 6 | c | q]

     The init utility is the last stage	of the boot process.  It normally runs
     the automatic reboot sequence as described	in rc(8), and if this suc-
     ceeds, begins multi-user operation.  If the reboot	scripts	fail, init
     commences single-user operation by	giving the super-user a	shell on the
     console.  The init	utility	may be passed parameters from the boot program
     to	prevent	the system from	going multi-user and to	instead	execute	a sin-
     gle-user shell without starting the normal	daemons.  The system is	then
     quiescent for maintenance work and	may later be made to go	to multi-user
     by	exiting	the single-user	shell (with ^D).  This causes init to run the
     /etc/rc start up command file in fastboot mode (skipping disk checks).

     If	the console entry in the ttys(5) file is marked	"insecure", then init
     will require that the super-user password be entered before the system
     will start	a single-user shell.  The password check is skipped if the
     console is	marked as "secure".

     The kernel	runs with five different levels	of security.  Any super-user
     process can raise the security level, but no process can lower it.	 The
     security levels are:

     -1	   Permanently insecure	mode - always run the system in	level 0	mode.
	   This	is the default initial value.

     0	   Insecure mode - immutable and append-only flags may be turned off.
	   All devices may be read or written subject to their permissions.

     1	   Secure mode - the system immutable and system append-only flags may
	   not be turned off; disks for	mounted	file systems, /dev/mem,
	   /dev/kmem and /dev/io (if your platform has it) may not be opened
	   for writing;	kernel modules (see kld(4)) may	not be loaded or un-

     2	   Highly secure mode -	same as	secure mode, plus disks	may not	be
	   opened for writing (except by mount(2)) whether mounted or not.
	   This	level precludes	tampering with file systems by unmounting
	   them, but also inhibits running newfs(8) while the system is	multi-

	   In addition,	kernel time changes are	restricted to less than	or
	   equal to one	second.	 Attempts to change the	time by	more than this
	   will	log the	message	"Time adjustment clamped to +1 second".

     3	   Network secure mode - same as highly	secure mode, plus IP packet
	   filter rules	(see ipfw(8), ipfirewall(4) and	pfctl(8)) cannot be
	   changed and dummynet(4) or pf(4) configuration cannot be adjusted.

     If	the security level is initially	nonzero, then init leaves it un-
     changed.  Otherwise, init raises the level	to 1 before going multi-user
     for the first time.  Since	the level cannot be reduced, it	will be	at
     least 1 for subsequent operation, even on return to single-user.  If a
     level higher than 1 is desired while running multi-user, it can be	set
     before going multi-user, e.g., by the startup script rc(8), using
     sysctl(8) to set the kern.securelevel variable to the required security

     If	init is	run in a jail, the security level of the "host system" will
     not be effected.  Part of the information set up in the kernel to support
     a jail is a per-jail "securelevel"	setting.  This allows running a	higher
     security level inside of a	jail than that of the host system.  See
     jail(8) for more information about	jails.

     In	multi-user operation, init maintains processes for the terminal	ports
     found in the file ttys(5).	 The init utility reads	this file and executes
     the command found in the second field, unless the first field refers to a
     device in /dev which is not configured.  The first	field is supplied as
     the final argument	to the command.	 This command is usually getty(8);
     getty opens and initializes the tty line and executes the login(1)	pro-
     gram.  The	login program, when a valid user logs in, executes a shell for
     that user.	 When this shell dies, either because the user logged out or
     an	abnormal termination occurred (a signal), the init utility wakes up,
     deletes the user from the utmp(5) file of current users and records the
     logout in the wtmp(5) file.  The cycle is then restarted by init execut-
     ing a new getty for the line.

     The init utility can also be used to keep arbitrary daemons running, au-
     tomatically restarting them if they die.  In this case, the first field
     in	the ttys(5) file must not reference the	path to	a configured device
     node and will be passed to	the daemon as the final	argument on its	com-
     mand line.	 This is similar to the	facility offered in the	AT&T System V
     UNIX /etc/inittab.

     Line status (on, off, secure, getty, or window information) may be
     changed in	the ttys(5) file without a reboot by sending the signal	SIGHUP
     to	init with the command "kill -HUP 1".  On receipt of this signal, init
     re-reads the ttys(5) file.	 When a	line is	turned off in ttys(5), init
     will send a SIGHUP	signal to the controlling process for the session as-
     sociated with the line.  For any lines that were previously turned	off in
     the ttys(5) file and are now on, init executes the	command	specified in
     the second	field.	If the command or window field for a line is changed,
     the change	takes effect at	the end	of the current login session (e.g.,
     the next time init	starts a process on the	line).	If a line is commented
     out or deleted from ttys(5), init will not	do anything at all to that
     line.  However, it	will complain that the relationship between lines in
     the ttys(5) file and records in the utmp(5) file is out of	sync, so this
     practice is not recommended.

     The init utility will terminate multi-user	operations and resume single-
     user mode if sent a terminate (TERM) signal, for example, "kill -TERM 1".
     If	there are processes outstanding	that are deadlocked (because of	hard-
     ware or software failure),	init will not wait for them all	to die (which
     might take	forever), but will time	out after 30 seconds and print a warn-
     ing message.

     The init utility will cease creating new processes	and allow the system
     to	slowly die away, if it is sent a terminal stop (TSTP) signal, i.e.
     "kill -TSTP 1".  A	later hangup will resume full multi-user operations,
     or	a terminate will start a single-user shell.  This hook is used by
     reboot(8) and halt(8).

     The init utility will terminate all possible processes (again, it will
     not wait for deadlocked processes)	and reboot the machine if sent the in-
     terrupt (INT) signal, i.e.	"kill -INT 1".	This is	useful for shutting
     the machine down cleanly from inside the kernel or	from X when the	ma-
     chine appears to be hung.

     The init utility will do the same,	except it will halt the	machine	if
     sent the user defined signal 1 (USR1), or will halt and turn the power
     off (if hardware permits) if sent the user	defined	signal 2 (USR2).

     When shutting down	the machine, init will try to run the /etc/rc.shutdown
     script.  This script can be used to cleanly terminate specific programs
     such as innd (the InterNetNews server).  If this script does not termi-
     nate within 120 seconds, init will	terminate it. The timeout can be con-
     figured via the sysctl(8) variable	kern.init_shutdown_timeout.

     The role of init is so critical that if it	dies, the system will reboot
     itself automatically.  If,	at bootstrap time, the init process cannot be
     located, the system will panic with the message "panic: init died (signal
     %d, exit %d)".

     If	run as a user process as shown in the second synopsis line, init will
     emulate AT&T System V UNIX	behavior, i.e.,	super-user can specify the de-
     sired run-level on	a command line,	and init will signal the original (PID
     1)	init as	follows:

     Run-level	  Signal     Action
     0		  SIGUSR2    Halt and turn the power off
     1		  SIGTERM    Go	to single-user mode
     6		  SIGINT     Reboot the	machine
     c		  SIGTSTP    Block further logins
     q		  SIGHUP     Rescan the	ttys(5)	file

     /dev/console      system console device
     /dev/tty*	       terminal	ports found in ttys(5)
     /var/run/utmp     record of current users on the system
     /var/log/wtmp     record of all logins and	logouts
     /etc/ttys	       the terminal initialization information file
     /etc/rc	       system startup commands
     /etc/rc.shutdown  system shutdown commands

     getty repeating too quickly on port %s, sleeping.	A process being
     started to	service	a line is exiting quickly each time it is started.
     This is often caused by a ringing or noisy	terminal line.	Init will
     sleep for 30 seconds, then	continue trying	to start the process.

     some processes would not die; ps axl advised.  A process is hung and
     could not be killed when the system was shutting down.  This condition is
     usually caused by a process that is stuck in a device driver because of a
     persistent	device error condition.

     kill(1), login(1),	sh(1), dummynet(4), ipfirewall(4), kld(4), pf(4),
     ttys(5), crash(8),	getty(8), halt(8), ipfw(8), jail(8), pfctl(8), rc(8),
     reboot(8),	shutdown(8), sysctl(8)

     An	init utility appeared in Version 6 AT&T	UNIX.

     Systems without sysctl(8) behave as though	they have security level -1.

     Setting the security level	above 1	too early in the boot sequence can
     prevent fsck(8) from repairing inconsistent file systems.	The preferred
     location to set the security level	is at the end of /etc/rc after all
     multi-user	startup	actions	are complete.

BSD			      September	15, 2005			   BSD


Want to link to this manual page? Use this URL:

home | help