Booting
Contents
The Boot Process
- Load and initialize the kernal
- Detect and configure devices
- Create spontaneous processes
- Single user mode (if necessary)
- Execute startup scripts
- Enter multi-user mode
- Run xdm (if necessary)
The Mostly Hidden Part
Bootstrap
- ROM startup program executes.
- Load boot loader from the MBR and let the user choose the OS.
- Read the boot sector and load into memory - start sector of
a partition, or the first sector on a floppy.
| Offset | Length | Description |
| 0 | 3 | Jump Instruction (E9 offset) |
| 3 | 8 | OEM Name for OS |
| 11 | 2 | Bytes per sector |
| 13 | 1 | Sectors per cluster |
| 14 | 2 | Reserved sectors for boot record |
| 16 | 1 | Number of FAT's |
| 17 | 2 | Number of root directory entries |
| 19 | 2 | Logical sectors on device |
| 21 | 1 | Medium descriptor (obsolete) |
| 22 | 2 | Sectors per FAT |
| 24 | 2 | Sectors per track |
| 26 | 2 | Number of heads |
| 28 | 2 | Number of hidden sectors |
| 30 | N | Bootstrap program |
- Execute the jump instruction at offset zero in the boot sector
image, which will execute the bootstrap program.
- A typical bootstrap program will load the boot loader, such as LILO
or GRUB to manage the boot process.
- The boot loader will load vmlinuz (or whatever the kernel is)
into memory and jump to a startup location, which is usually a
jump to the OS initialization code.
- The kernel boot process sizes memory and tests devices.
- Then it creates a couple of spontaneous processes. The first is
process 0 (zero) or P0. It generally runs in the background as the
swapper or scheduler and if nothing else ever runs, regularly
wakes up to do housekeeping chores.
- The second is the init process, which is in charge of
the rest of the initialization.
In addition, when booting is complete,
it becomes the parent for every other process that runs. init
loads the file systems and other config information and then
starts through the system initialization.
If you do a ps ax on your
system you will see that a process named init has process ID
1 and is always running.
Of some interest is how GRUB (or some other boot loader) is involved
in this process. GRUB uses a two or three stage process to get from
an initial BIOS-loaded program to full Linux operation. This is trickier
than it might seem because initially, the BIOS doesn't know anything about
the file system and even for GRUB, there are different possible file
systems. The stage 1 loader is what is stored in the Master Boot
Record of the disk. It loads the stage 1.5 code from the unused sectors
in the first cyclinder after the MBR. This code has to be designed to
work with a specific file system so that it can find and load the stage
2 loader. The stage 2 loader is loaded into memory (at location 0x8000)
and it can find and read the configuration file (menu.lst, grub.conf,
or whatever). It does so and displays the boot menu. When a choice is
made, it loads the appropriate kernel into memory and Linux is on the way.
If you install Grub into the boot sector of a partition, it loads a
stage 1 loader which has been patched to find stage 2.
Initialization
- init gets it directions from /etc/inittab.
- The format is:
id : runlevels : action : process
- id = 1-4 character name that identifies this line
- runlevels = what runlevels this should be executed for
- 0 = halt
- 1 or S = single user
- 2 = multiuser without networking
- 3 = multiuser with networking
- 5 = run xdm
- 6 = reboot
- action = how to handle this process
- respawn - if it doesn't exist or dies, start it.
- wait - start and wait for termination
- once - start it upon init, and then go on
- boot - once, but only on boot
- bootwait - only on boot, but wait for completion
- off - if already running, kill it
- initdefault - what runlevel to stop at
- sysinit - execute before attempting to control the console
- powerfail - if the SIGPWR signal is sent
- powerwait - if the SIGPWR signal is sent
- powerokwait - if the SIGPWR signal is sent but power is restored
An example of inittab
- id:3:initdefault: - change 3 to 5 to run xdm on startup
- The current runlevel can be changed by entering telinit 1
where 1 is the runlevel. Be careful with this.
- telinit S - go to single user mode
- telinit 6 - reboot
- telinit 0 - halt
- telinit 5 - start xdm
- telinit q = inform init that inittab has changed
Startup Files
A major part of startup is running programs that perform some function
and quit or continue running as daemons. These programs are configured
and executed in the startup scripts.
Runlevels are simply different modes that the system can run in. A runlevel
can be configured to be anything that you want it to be (with some limits)
but they generally are defined as:
| Runlevel | Mode
|
|---|
| 0 | Halted (reserved for this use)
|
| 1 | Single user (reserved for this use)
|
| 2 | Multiuser without networking or unused
|
| 3 | Multiuser with networking
|
| 4 | Unused or multiuser with different functionality
|
| 5 | Multiuser with XDM login
|
| 6 | Rebooting (reserved for this use)
|
| 7-9 | Unused
|
- /etc/rc.d (some systems put them in /sbin, some in /usr)
- The rc.d directory has the following entries (Redhat Linux):
init.d/ rc0.d/ rc2.d/ rc4.d/ rc6.d/ rc.sysinit
rc rc1.d/ rc3.d/ rc5.d/ rc.local
- rc is an acronym for resource configuration and
hales back to the beginnings of Unix.
- rc is the master script that executes the others when called
by init (rc N).
- The first script run is controlled by the sysinit
action which normally runs /etc/rc.d/rc.sysinit.
This script does
some really basic stuff in the following order:
- Set up logging (/sbin/initlog)
- Set up a minimal network (/etc/sysconfig/network)
- Set script functions (/etc/init.d/functions)
- Print a banner
- Mount /proc
- Configure kernel params (sysctl -e -p /etc/sysctl.conf)
- Configure the clock (/etc/sysconfig/clock)
- Setup console and keyboard
- Turn on swapping (swapon -a -e)
- Initialize USB
- Perform fsck checking as necessary
- Mount root
- Set up disk parameters
- Update quotas
- Load modules
- Initialize RAID
- Mount file systems
- Initialize process accounting (/sbin/accton)
- Configure things not configured (root password, network,
time, authentication
- Clean up
- Then init looks for the rcN.d directory where N matches the
default runlevel. i.e. it executes /etc/rc.d/rc N .
/etc/rc starts or stops service processes
as specified by the links in this directory.
- rc.local is run after reaching the desired default runlevel. The
use of rc.local is falling into disuse, primarily because the
Linux companies are coopting it for their own uses.
- init.d contains scripts for starting and stopping all of the
various processes. The files in rcN.d typically point to these scripts.
- Listing of an example sendmail script -
(/etc/rc.d/init.d/sendmail).
- Notice that the script requires an option of "start" or "stop" to tell
it if it should start sendmail, or stop it. Also, restart and status.
- /var/run/runlevel.dir contains the current rc directory being
executed. It is placed there by rc so that processes can determine
what runlevel they are executing for.
init.d
Example listing of /etc/rc.d/init.d
- /etc/init.d/functions contains
- daemon - start a process
- killproc - kills a process
- pidofproc - to get the pid of a process from /var/run/.pid
- status - to get the status via a ps
- action - run an action and log the results
- Other utilities
An Example rc.1 File
Listing of an example rc.1.
At this level, most things are not running, only the S00single and S20random.
The ampersand (@) after each name indicates that it is a link, pointing
to a file in /etc/init.d.
An Example rc3.d
Listing of an example rc.3
Most things are starting up. The things that have K's are services that
I chose not to install. So it leaves them in the startup files in case
I change my mind, and changes the prefix from "S" to "K".
An Example rc6 target="_blank"
Listing of an example rc.6
Since runlevel 6 is the reboot runlevel, it shuts mosts of the services down.
rc
The rc script has some housekeeping chores, but essentially it
boils down to this when executed with rc N, where N is the
desired runlevel.
- Get a list of all of the files in rcN.d.
- Execute all of the files that begin with "K" (for kill)
with the command option "stop". This kills all processes
that should not be running for that run level. Note that it
checks in /var/lock/subsys to see if the process is running,
so the process has to write a lock file there as a flag.
- Execute all of the files that begin with "S" (for start)
with the command option "start". This starts all processes
that should be running at this runlevel.
- An Example rc File.
For example, if you look at just the sendmail scripts in the various
rc.d directories, you see:
| rc0.d | K30sendmail |
| rc1.d | K30sendmail |
| rc2.d | S80sendmail |
| rc3.d | S80sendmail |
| rc4.d | S80sendmail |
| rc5.d | S80sendmail |
| rc6.d | K30sendmail |
So as init brings the system up, it will first initialize by executing
rc.sysinit, then it will go through each level to the
default runlevel executing rc N starting sendmail if the link
name starts with an S.
A reboot will change the system runlevel to 6, which will execute
rc 6, which will cause sendmail to be killed.
If you executed telinit 1 on your system, it would immediately
go to runlevel 1, which would result in sendmail being killed.
If you look at some listings of rc.d directories, you can see
what happens at each level.
Trying to Tie It All Together
System Shutdown
You have already been introduced to the system shutdown command. In more
detail:
/sbin/shutdown [-t sec] [-arkhncfF] time [warning-message]
- time is the time to shutdown. This can be a time period
such as +5 for 5 minutes, or a specific time, such as
23:59. now is an acronym for +0.
- warning-message is the message sent to users. For example,
"I need the system, get off you worthless parasites"
- -t sec defines the number of seconds to delay telling the
users by sending the message.
- There are a bunch of options, the most useful of which are:
- -h is shutdown and halt
- -r is reboot
If neither -h or -r is given, the system goes to single user mode.
- -c is cancel a pending shutdown
- -k is don't really shutdown, just send the message.
A shutdown can also be started by entering the ubiquitous CTRL-ALT-DELETE
key stroke if configured in /etc/inittab. You probably want to disable
this in inittab if your system is physically available to people who are
untrustworthy or stupid.
/etc/sysconfig
Red Hat and other Linux companies have begun storing information regarding
system configuration in the directory /etc/sysconfig. This
directory contains files that give specific details of desired system
configuration. This is an improvement over the old system where data
was spread all across the system, but there has been no attempt to
standardize the organization. Typically, the directory would have the
following files and directories:
apmd hwconf named samba
apm-scripts/ i18n network sendmail
authconfig init networking/ squid
clock installinfo network-scripts/ syslog
console/ installinfo.rpmsave ntpd tux
desktop iptables pcmcia xinetd
gpm irda rawdevices yppasswdd
grub keyboard redhat-config-users
grub.rpmsave kudzu redhat-logviewer
harddisks mouse rhn/
The files here could have executable scripts, but most have
data in them. For example, a typical network file is:
NETWORKING=yes
HOSTNAME=cs25924.cs.montana.edu
GATEWAY=153.90.199.254
and a typical network-scripts/ifcfg-eth0 file is:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=153.90.199.255
IPADDR=153.90.199.125
NETMASK=255.255.248.0
NETWORK=153.90.192.0
ONBOOT=yes
One that is of interest to many users is
desktop which consists of one line indicating the desired
desktop for running X.
The various configuration tools in Red Hat modify these files so
that the changes are included when the system is initialized. If
you are manually configuring the system, you will need to modify
these files as well. Problematically, Red Hat and others don't document
the use of these files as well as they should. Fortunately, it isn't
hard to figure out how they are used.
A word of caution. Do not change these files unless you know what
you are doing. You could create major problems for you system. However,
if you are keeping your log carefully, you should be able to restore things.
Service Management
After the system has booted, you will find via a ps ax command
that there are quite a number of processes running on your system.
There are several things you might want to do about this:
- Stop them from starting up at all
- Stop them temporarily
- Stop and restart them
In order to stop a process from running at runlevels 3 and 5, you need to
go to those directories and change some process from Snnxx to
Kmmxx so that it is stopped rather than started. The nn
and mm values are not the same. Normally, processes that start
early should be stopped late and vice versa. If you compare the
links in rc3.d with those in rc1.d, you will see that in rc1.d, the
network link is K10network and in rc3.d it is S90network.
While not uniformly done in this manner, you can generally figure that
Snn should become Kmm, where mm is 100 - nn and conversely. If
possible, check the other directories to see what Linux uses. Most
user added services are S99's.
In order to stop a service temporarily, enter:
/usr/rc.d/init.d/servicename stop
where servicename is the name that Linux uses for the service. You
may have to list /etc/rc.d/init.d to get the name. If you need to start
a service, use:
/usr/rc.d/init.d/servicename start
Some of the scripts support a restart, which is handy when if you change
a configuration file and want the daemon to reread the file(s). Then
you can use:
/usr/rc.d/init.d/servicename restart
or
/usr/rc.d/init.d/servicename stop
/usr/rc.d/init.d/servicename start
Recently, some distributions of linux are including a link at
/etc/init.d
which points to /etc/rc.d/init.d, I assume to make is easier to find the
startup scripts. Hopefully that doesn't mean that they are going to then
hide them in some obscure place.
Assignment
- Modify the initdefault entry in your /etc/inittab to stop at
the S runlevel and reboot. You should stop at single user mode,
which is pretty handy. Change it back to its orginal value.
You can boot from single user mode to level 3 by entering
exit or CTRL-D.
- While running, change to single user mode with "telinit S" and
then change to runlevel 3 from single user mode with "telinit 3".
- Pick a process on your system that you are running but don't
necssarily need - good choices are the advanced power management
daemon (ampd) innd (news), nfs (network file
system), smb (samba) or httpd (web server). Change it from
running to not running by changing the name from S to
K and reboot. Before doing this, run "ps aux" to see
if it is running and then after rebooting. It should no longer
be in the process table you get from running ps.
You will
probably want to reverse this process when you get done testing.
If you are booting to XDM, you will have to change the process
list in runlevel 5 or in both runlevels 3 and 5.
- Change the ca entry in inittab to do something other than
a shutdown. For example, create a script named /tmp/block that
contains the following:
#! /bin/bash
echo "You can't do that"
Change the permissions on /tmp/block to 755.
You will need to run telinit q to get init to reread the
inittab file. Finally, you will probably have to be running
without X to get this to work as the X managers may modify
the keyboard handling. If you're running XDM, you can always
get there with telinit 3, right? Although, this means that
you may not get to save your current desktop configuration.
