309 lines
8.8 KiB
Groff
309 lines
8.8 KiB
Groff
.\" $NetBSD: init.8,v 1.20 2000/03/19 23:22:07 soren Exp $
|
|
.\"
|
|
.\" Copyright (c) 1980, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to Berkeley by
|
|
.\" Donn Seeley at Berkeley Software Design, Inc.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by the University of
|
|
.\" California, Berkeley and its contributors.
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)init.8 8.6 (Berkeley) 5/26/95
|
|
.\"
|
|
.Dd May 26, 1995
|
|
.Dt INIT 8
|
|
.Os BSD 4
|
|
.Sh NAME
|
|
.Nm init
|
|
.Nd process control initialization
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
program is the last stage of the boot process.
|
|
It normally runs the automatic reboot sequence as described in
|
|
.Xr reboot 8 ,
|
|
and if this succeeds, begins multi-user operation.
|
|
If the reboot scripts fail,
|
|
.Nm
|
|
commences single user operation by giving
|
|
the super-user a shell on the console.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
program may be passed parameters from the boot program to prevent
|
|
the system from going multi-user and to instead execute a single
|
|
user shell without starting the normal daemons.
|
|
The system is then quiescent for maintenance work and may later be
|
|
made to go to multi-user by exiting the single-user shell (with ^D).
|
|
This causes
|
|
.Nm
|
|
to run the
|
|
.Pa /etc/rc
|
|
start up command file in fastboot mode (skipping disk checks).
|
|
.Pp
|
|
If the
|
|
.Sq console
|
|
entry in the
|
|
.Xr ttys 5
|
|
file is marked ``insecure'', then
|
|
.Nm
|
|
will require that the superuser password be
|
|
entered before the system will start a single-user shell.
|
|
The password check is skipped if the
|
|
.Sq console
|
|
is marked as ``secure''.
|
|
.Pp
|
|
The kernel runs with four different levels of security.
|
|
Any superuser process can raise the security level, but only
|
|
.Nm
|
|
can lower it.
|
|
Security levels are defined as follows:
|
|
.Bl -tag -width flag
|
|
.It Ic -1
|
|
Permanently insecure mode \- always run system in level 0 mode.
|
|
.It Ic 0
|
|
Insecure mode \- immutable and append-only flags may be changed.
|
|
All devices may be read or written subject to their permissions.
|
|
.It Ic 1
|
|
Secure mode \- system immutable and system append-only flags may not
|
|
be turned off; disks for mounted filesystems,
|
|
.Pa /dev/mem ,
|
|
and
|
|
.Pa /dev/kmem
|
|
are read-only.
|
|
.It Ic 2
|
|
Highly secure mode \- same as secure mode, plus disks are always
|
|
read-only whether mounted or not, new disks may not be mounted,
|
|
and existing mounts may only be downgraded from read-write to read-only.
|
|
This level precludes tampering with filesystems by unmounting them,
|
|
but also inhibits running
|
|
.Xr newfs 8
|
|
while the system is multi-user.
|
|
|
|
The
|
|
.Xr settimeofday 2
|
|
system call can only advance the time.
|
|
|
|
The state of
|
|
.Xr ipf 8
|
|
(the in-kernel IP filtering facility) may not be changed.
|
|
|
|
Users may not change the per-process core name template format, only the
|
|
default can be changed.
|
|
|
|
Downgrading from highly secure mode to insecure mode (that is, to single-user
|
|
mode) always requires the root password to be entered on the console, whether
|
|
the console is marked as 'secure' in
|
|
.Pa /etc/ttys
|
|
or not.
|
|
.El
|
|
.Pp
|
|
Normally, the system runs in level 0 mode while single user
|
|
and in level 1 mode while multi-user.
|
|
If the level 2 mode is desired while running multi-user,
|
|
it can be set in the startup script
|
|
.Pa /etc/rc
|
|
using
|
|
.Xr sysctl 8 .
|
|
If it is desired to run the system in level 0 mode while multi-user,
|
|
the administrator must build a kernel with
|
|
.Sy options INSECURE
|
|
in the kernel configuration file, which initializes the kernel's
|
|
.Va securelevel
|
|
variable to -1.
|
|
See
|
|
.Xr options 4
|
|
and
|
|
.Xr config 8
|
|
for details.
|
|
.Pp
|
|
In multi-user operation,
|
|
.Nm
|
|
maintains
|
|
processes for the terminal ports found in the file
|
|
.Xr ttys 5 .
|
|
.Nm
|
|
reads this file, and executes the command found in the second field.
|
|
This command is usually
|
|
.Xr getty 8 ;
|
|
it opens and initializes the tty line and executes the
|
|
.Xr login 1
|
|
program.
|
|
The
|
|
.Xr login 1
|
|
program, when a valid user logs in, executes a shell for that user.
|
|
When this shell dies, either because the user logged out or an
|
|
abnormal termination occurred (a signal), the
|
|
.Nm
|
|
program wakes up, deletes the user from the
|
|
.Xr utmp 5
|
|
file of current users and records the logout in the
|
|
.Xr wtmp 5
|
|
file.
|
|
The cycle is
|
|
then restarted by
|
|
.Nm
|
|
executing a new
|
|
.Xr getty 8
|
|
for the line.
|
|
.pl +1
|
|
.Pp
|
|
Line status (on, off, secure, getty, or window information)
|
|
may be changed in the
|
|
.Xr ttys 5
|
|
file without a reboot by sending the signal
|
|
.Dv SIGHUP
|
|
to
|
|
.Nm
|
|
with the command
|
|
.Dq Li "kill \-s HUP 1" .
|
|
On receipt of this signal,
|
|
.Nm
|
|
re-reads the
|
|
.Xr ttys 5
|
|
file.
|
|
When a line is turned off in
|
|
.Xr ttys 5 ,
|
|
.Nm
|
|
will send a SIGHUP signal to the controlling process
|
|
for the session associated with the line.
|
|
For any lines that were previously turned off in the
|
|
.Xr ttys 5
|
|
file and are now on,
|
|
.Nm
|
|
executes a new
|
|
.Xr getty 8
|
|
to enable a new login.
|
|
If the getty or window field for a line is changed,
|
|
the change takes effect at the end of the current
|
|
login session (e.g., the next time
|
|
.Nm
|
|
starts a process on the line).
|
|
If a line is commented out or deleted from
|
|
.Xr ttys 5 ,
|
|
.Nm
|
|
will not do anything at all to that line.
|
|
However, it will complain that the relationship between lines
|
|
in the
|
|
.Xr ttys 5
|
|
file and records in the
|
|
.Xr utmp 5
|
|
file is out of sync,
|
|
so this practice is not recommended.
|
|
.Pp
|
|
.Nm
|
|
will terminate multi-user operations and resume single-user mode
|
|
if sent a terminate
|
|
.Pq Dv TERM
|
|
signal, for example,
|
|
.Dq Li "kill \-s TERM 1" .
|
|
If there are processes outstanding that are deadlocked (because of
|
|
hardware or software failure),
|
|
.Nm
|
|
will not wait for them all to die (which might take forever), but
|
|
will time out after 30 seconds and print a warning message.
|
|
.Pp
|
|
.Nm
|
|
will cease creating new
|
|
.Xr getty 8 Ns 's
|
|
and allow the system to slowly die away, if it is sent a terminal stop
|
|
.Pq Dv TSTP
|
|
signal, i.e.
|
|
.Dq Li "kill \-s TSTP 1" .
|
|
A later hangup will resume full
|
|
multi-user operations, or a terminate will start a single user shell.
|
|
This hook is used by
|
|
.Xr reboot 8
|
|
and
|
|
.Xr halt 8 .
|
|
.Pp
|
|
The role of
|
|
.Nm
|
|
is so critical that if it dies, the system will reboot itself
|
|
automatically.
|
|
If, at bootstrap time, the
|
|
.Nm
|
|
process cannot be located, the system will panic with the message
|
|
``panic: "init died (signal %d, exit %d)''.
|
|
.Sh DIAGNOSTICS
|
|
.Bl -diag
|
|
.It "getty repeating too quickly on port %s, sleeping"
|
|
A process being started to service a line is exiting quickly
|
|
each time it is started.
|
|
This is often caused by a ringing or noisy terminal line.
|
|
.Em "Init will sleep for 10 seconds" ,
|
|
.Em "then continue trying to start the process" .
|
|
.Pp
|
|
.It "some processes would not die; ps axl advised."
|
|
A process
|
|
is hung and could not be killed when the system was shutting down.
|
|
This condition is usually caused by a process
|
|
that is stuck in a device driver because of
|
|
a persistent device error condition.
|
|
.El
|
|
.Sh FILES
|
|
.Bl -tag -width /var/log/wtmp -compact
|
|
.It Pa /dev/console
|
|
System console device.
|
|
.It Pa /dev/tty*
|
|
Terminal ports found in
|
|
.Xr ttys 5 .
|
|
.It Pa /var/run/utmp
|
|
Record of Current users on the system.
|
|
.It Pa /var/log/wtmp
|
|
Record of all logins and logouts.
|
|
.It Pa /etc/ttys
|
|
The terminal initialization information file.
|
|
.It Pa /etc/rc
|
|
System startup commands.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr login 1 ,
|
|
.Xr kill 1 ,
|
|
.Xr sh 1 ,
|
|
.Xr options 4 ,
|
|
.Xr ttys 5 ,
|
|
.Xr config 8 ,
|
|
.Xr getty 8 ,
|
|
.Xr halt 8 ,
|
|
.Xr rc 8 ,
|
|
.Xr reboot 8 ,
|
|
.Xr shutdown 8
|
|
.Sh HISTORY
|
|
A
|
|
.Nm
|
|
command appeared in
|
|
.At v6 .
|
|
.Sh BUGS
|
|
Systems without
|
|
.Xr sysctl 8
|
|
behave as though they have security level \-1.
|