Tuesday, April 21, 2009

An abbreviated description of the Linux Boot up process

The LILO boot loader starts the kernel

The Linux kernel configured by lilo or rdev decompresses and must find and mount the root filesystem. If LILO or the kernel were not configured properly there can be a problem here.
The kernel after loading the root filesystem, starts the "init" program which may be located in /sbin/init. Reads /etc/inittab for configuration information.
/etc/inittab - init reads this file for configuration information. This file determines the starting run level and contains a line like:

/etc/rc.d/rc.sysinit - In this case this entry in "/etc/inittab" causes the script file "/etc/rc.d/rc.sysinit" to be run.
To add terminals or dial in modem lines on a system, add more lines in the /etc/inittab file, one for each terminal or dial in line similar to the following:
7:2345:respawn:/sbin/mingetty tty7

One of /etc/rc.d/rc or /etc/rc or /etc/init.d/rc is started from inittab which does initialization commands for boot at the set runlevel. This is done by running startup and shutdown scripts for various services to be run at the given run level.

/etc/rc.local is started from one of the startup scripts in the rc script file. This is where you should add custom features for your system.

getty - Init starts a separate getty (or mingetty) for each terminal for which logins are to be allowed. Getty is restarted by init after each user has logged out so new users can log in. Network logins are not done by getty but by a different deamon per way of logging in (telnet or rlogin handled by the inetd internet super daemon).

Getty outputs the welcome message in /etc/issue, reads the username and runs the login program. If the user is telnetting, the message in /etc/issue.net is first output.

The login program reads the password and runs the shell if the username and password are correct. The shell is based on entries in the /etc/passwd file and will run at the user's privilege level rather than with root privileges.

The shell (such as bash) runs the /etc/profile script file. However in the case of a system with shadow passwords, environment strings can be set first in a file called /etc/login.defs. Also a users resources can be limited in a file called /etc/limits. The $HOME/.bash_profile script is then run, but if it is missing /etc/.profile is run.

Pertinent files:

/dev/console - A virtual console device usually called /dev/ttyn where "n" is a terminal number.
/etc/ioctl.save - Contains the consoles ioctl(2) states
/var/run/utmp - A file where information on current system users is stored. The commands "w" and "who" can be used to display information in this file.
/var/log/wtmp - Has a record of all logins and logouts
/dev/initctl - Init's control fifo buffer file. Init listens on this fifo file for messages. Telinit uses this to communicate with init. The file initctl is not a script file.
/etc/passwd - Contains information about the user including the ID, name, home directory, and the path to the preferred shell program. If not using shadow passwords, this file may also contain user passwords.
In /etc/rc.d/rc0.d are kill and start scripts for various services. The kill scripts start with the letter "K" and the startup scripts start with the letter "S".