Linux Training : f. Boot up, runlevels, system processes and shutdown

This page last changed on Aug 13, 2013 by jkinney.

Home Page

Boot up, runlevels, system processes and shutdown

Linux systems have specific ways to start, stop and can be run in several different modes.

boot up

When a RHEL Linux system first boots, it looks in /boot for the kernel it needs. The system knows to look there because of the GRUB boot loader is installed in the master boot sector of the primary hard drive. GRUB stands for GRand Unified Bootloader. The GRUB config file is found in {/boot/grub/grub.conf}}. Due to limitations of x86 architectures, that /boot directory is almost always now put on its own small partition on the drive. It will typically be well under 300MB.
Once the kernel is in memory, the init process starts and it uses the binaries in /sbin (static or system binaries) to complete the hardware portion of the boot up process. Once the system is beyond the basic init process, the binaries in /bin, /usr/sbin and /usr/bin are used to run all the rest of the system based on directions in the LIN:rc* directories for the current LIN:runlevel. The /sbin and /usr/sbin directories have the system level tools. Most users that are not admins will never use these. In earlier days, the /sbin directory binaries were statically compiled (the external libraries were compiled in so they would work when the probably crippled system was running in runlevel 1 (single user mode) and the /lib and /usr/lib partitions were not mounted.

  • Runlevels

    Runlevels are used to divide the general operation of a Linux system into specific stages. There are 7 runlevels, 0 through 6. Of these, 4 are used to run the system (1,2,3 and 5), runlevel 4 is essentially unused. Runlevels 0 and 6 are used to halt and reboot the system respectively. Different system process are started and/or stopped in different runlevel. The chkconfig command is the best way to work with the various start up scripts for the runlevels.
    • Runlevel 1 is special. It is a system repair or maintenance mode level. In this configuration, only the root user can log in, no networking is started, nothing is mounted from /etc/fstab and many normal environment variables are unset. Essentially, the system is in a limp-home mode. When doing things like changing drives around and altering the size of logical volumes going into runlevel 1 is pretty essential.
    • Runlevel 2 allows multiple non-root users to log in at a console but still networking is off.
    • Runlevel 3 is fully multi-user and networked. This is the most common runlevel for servers. Apache, database and other servers don't need a gui environment wasting resources so this is perfect for them.
    • Runlevel 5 is multi-user, networked and automatically runs the X-windows environment. This is a primary runlevel for desktop and workstation users.
    • Runlevel 0 is a halt mode. If the default is set to this, the system will never boot.
    • Runlevel 6 is the reboot mode. If the default is set to this the system will only restart forever.

      (lightbulb) How do you determine a systems default runlevel?

      /sbin/runlevel
N 5

      which shows the default runlevel is 5 and the previous runlevel was not used (boot up)


      The current runlevel of a running system can be changed by the root user with 
      /sbin/telinit 5
      to change from, say, runlevel 3 to runlevel 5. If you run 
      telinit 3
      from a shell window in X on a runlevel 5 system, you will most likely be unhappy with what happens as your entire X session dies.

  • System processes

    System processes are the services that run without a human login required. Some of these include databases and web servers as well as many less obvious services like networking and email. These services are started up during the various runlevel starts. They typically will have a username associated with their process (like postgres for the postgreSQL database server and apache for the httpd service). A key feature of these services is they run with UID's less than 500. By default, all normal UID's begin at 500 on RHEL systems.

  • shutdown

    shutdown triggers a change to either runlevel 0 or 6 depending on how its called. It is usually called as shutdown -r now or shutdown -h now where -r will reboot and -h will power down and not restart. It is also possible to include at the end a message broadcast to all users notifying of the shutdown.
    LIN:page top
boot and run exercise
  1. Why is the /boot/grub/grub.conf file not readable by a normal user?
  2. How many processes start up automatically in runlevel 5?
  3. How many processes start up automatically in runlevel 3?
  4. What would you do to change the default runlevel to be multi-user with networking but no X gui?
  5. How many users on your system have a UID under 500?

Answers

Boot up, Runlevels and System Processes
  1. Why is the /boot/grub/grub.conf file not readable by a normal user? LIN:hint
    • The grub.conf file must be root readable only as it may contain an MD5 hash of the password used to control how the system boots. By having that hash, an attacker can freely run a crypto attack and gain full access to the system at boot up.
  2. How many processes start up automatically in runlevel 5?
    • There are many symlinks in /etc/rc5.d but only the one that start with an S are used during startup. The ones that begin with K are used during the Kill process (i.e. shutdown). The ordering is determined by the number.
      So filter out the K's and then count the rest 
      ls /etc/rc5.d/S* | wc -l
24
  3. How many processes start up automatically in runlevel 3?
    • Same process as for runlevel 5 but look in the rc3.d directory 
      ls /etc/rc3.d/@* | wc -l
  4. What would you do to change the default runlevel to be multi-user with networking but no X gui?
    • Edit the file /etc/inittab and change the default line to be id:3:initdefault:
      This can be done with a single sed line 
      sed -i 's/\(id:\)[[:digit:]]/\13/' /etc/inittab
      which uses the 
      \( \)
      to first "remember" what's between the escaped parentheses and then the \1 recalls it. There are up to 9 of the memory registers in sed. They are used as \2, \3, etc. They refer to the ordering in the pattern section of the sed line.
  5. How many users on your system have a UID under 500? 
    • for i in $(cat /etc/passwd | cut -f 3 -d ":"); do if [ $i -lt 500 ]; then echo $i; fi ; done | wc -l
    • cat /etc/passwd dumps the contents of the file.
    • cut -f 3 -d ":" finds the third field only using the ":" as the separator. This generates the list of UID's from the passwd file.
    • The test for less than 500 is if [LIN: $i -lt 500]* simply echos the value to STDOUT where it is
    • counted using the line count ability of wc.
      • Or you can just count them manually and be totally unimpressive with your lack of script-fu (thumbs down)