Boot up, runlevels, system processes and shutdown
Linux systems have specific ways to start, stop and can be run in several different modes.
boot up
When a RHEL Linux system first boots, it looks in /boot
for the kernel it needs. The system knows to look there because of the GRUB boot loader is installed in the master boot sector of the primary hard drive. GRUB stands for GRand Unified Bootloader. The GRUB config file is found in {/boot/grub/grub.conf}}. Due to limitations of x86 architectures, that /boot
directory is almost always now put on its own small partition on the drive. It will typically be well under 300MB.
Once the kernel is in memory, the init
process starts and it uses the binaries in /sbin
(static or system binaries) to complete the hardware portion of the boot up process. Once the system is beyond the basic init process, the binaries in /bin
, /usr/sbin
and /usr/bin
are used to run all the rest of the system based on directions in the LIN:rc*
directories for the current LIN:runlevel. The /sbin
and /usr/sbin
directories have the system level tools. Most users that are not admins will never use these. In earlier days, the /sbin
directory binaries were statically compiled (the external libraries were compiled in so they would work when the probably crippled system was running in runlevel 1 (single user mode) and the /lib
and /usr/lib
partitions were not mounted.
Runlevels
Runlevels are used to divide the general operation of a Linux system into specific stages. There are 7 runlevels, 0 through 6. Of these, 4 are used to run the system (1,2,3 and 5), runlevel 4 is essentially unused. Runlevels 0 and 6 are used to halt and reboot the system respectively. Different system process are started and/or stopped in different runlevel. The chkconfig command is the best way to work with the various start up scripts for the runlevels.
- Runlevel 1 is special. It is a system repair or maintenance mode level. In this configuration, only the root user can log in, no networking is started, nothing is mounted from
/etc/fstab
and many normal environment variables are unset. Essentially, the system is in a limp-home mode. When doing things like changing drives around and altering the size of logical volumes going into runlevel 1 is pretty essential. - Runlevel 2 allows multiple non-root users to log in at a console but still networking is off.
- Runlevel 3 is fully multi-user and networked. This is the most common runlevel for servers. Apache, database and other servers don't need a gui environment wasting resources so this is perfect for them.
- Runlevel 5 is multi-user, networked and automatically runs the X-windows environment. This is a primary runlevel for desktop and workstation users.
- Runlevel 0 is a halt mode. If the default is set to this, the system will never boot.
- Runlevel 6 is the reboot mode. If the default is set to this the system will only restart forever.
How do you determine a systems default runlevel?
/sbin/runlevel N 5
which shows the default runlevel is 5 and the previous runlevel was not used (boot up)
The current runlevel of a running system can be changed by the root user withto change from, say, runlevel 3 to runlevel 5. If you run/sbin/telinit 5
from a shell window in X on a runlevel 5 system, you will most likely be unhappy with what happens as your entire X session dies.telinit 3
- Runlevel 1 is special. It is a system repair or maintenance mode level. In this configuration, only the root user can log in, no networking is started, nothing is mounted from
System processes
System processes are the services that run without a human login required. Some of these include databases and web servers as well as many less obvious services like networking and email. These services are started up during the various runlevel starts. They typically will have a username associated with their process (like postgres for the postgreSQL database server and apache for the httpd service). A key feature of these services is they run with UID's less than 500. By default, all normal UID's begin at 500 on RHEL systems.shutdown
shutdown triggers a change to either runlevel 0 or 6 depending on how its called. It is usually called asshutdown -r now
orshutdown -h now
where -r will reboot and -h will power down and not restart. It is also possible to include at the end a message broadcast to all users notifying of the shutdown.
LIN:page top
boot and run exercise
|
Answers
- Why is the
/boot/grub/grub.conf
file not readable by a normal user? LIN:hint- The grub.conf file must be root readable only as it may contain an MD5 hash of the password used to control how the system boots. By having that hash, an attacker can freely run a crypto attack and gain full access to the system at boot up.
- How many processes start up automatically in runlevel 5?
- There are many symlinks in
/etc/rc5.d
but only the one that start with an S are used during startup. The ones that begin with K are used during the Kill process (i.e. shutdown). The ordering is determined by the number.
So filter out the K's and then count the restls /etc/rc5.d/S* | wc -l 24
- There are many symlinks in
- How many processes start up automatically in runlevel 3?
- Same process as for runlevel 5 but look in the rc3.d directory
ls /etc/rc3.d/@* | wc -l
- Same process as for runlevel 5 but look in the rc3.d directory
- What would you do to change the default runlevel to be multi-user with networking but no X gui?
- Edit the file
/etc/inittab
and change the default line to beid:3:initdefault:
This can be done with a single sed linewhich uses thesed -i 's/\(id:\)[[:digit:]]/\13/' /etc/inittab
to first "remember" what's between the escaped parentheses and then the\( \)
\1
recalls it. There are up to 9 of the memory registers in sed. They are used as\2
,\3
, etc. They refer to the ordering in the pattern section of the sed line.
- Edit the file
- How many users on your system have a UID under 500?
for i in $(cat /etc/passwd | cut -f 3 -d ":"); do if [ $i -lt 500 ]; then echo $i; fi ; done | wc -l
cat /etc/passwd
dumps the contents of the file.cut -f 3 -d ":"
finds the third field only using the ":" as the separator. This generates the list of UID's from the passwd file.- The test for less than 500 is
if [LIN: $i -lt 500]
* simply echos the value to STDOUT where it is - counted using the line count ability of
wc
.- Or you can just count them manually and be totally unimpressive with your lack of script-fu