Understanding How Red Hat Linux Boots

Understanding How Red Hat Linux Boots

It is important to learn the sequence in which Red Hat Linux starts processes as it boots. You can use this knowledge to start and stop services, such as the Web server and Network File System (NFS). The next few sections provide you with an overview of how Red Hat Linux boots and starts the initial set of processes. These sections also familiarize you with the shell scripts, called initscripts, that start various services on a Red Hat Linux system.

Understanding the init Process

When Red Hat Linux boots, it loads and runs the Linux kernel-the core operating-system program-from the hard disk. The Linux kernel is designed to run other programs. The kernel starts a process named init, which, in turn, starts the initial set of processes on your Linux system.

To see the processes currently running on the system, type the command ps ax | more. The first column in the output has the heading 'PID'; that column shows a number for each process. PID stands for process ID (identification), which is a sequential number assigned by the Linux kernel. Right at the beginning of the list of processes, you notice a process with a process ID (PID) of 1:

    1 ?        S      0:04 init

As you can see, init is the first process, and it has a PID of 1. Also, init starts all other processes in your Linux system. That's why init is referred to as the mother of all processes.

What the init process starts depends on the following:

  • The run level, which designates a system configuration in which only a selected group of processes exists

  • The contents of the /etc/inittab file, a text file that specifies the processes to start at different run levels

  • A number of shell scripts (called initscripts and located in the /etc/rc.d directory and its subdirectories) that are executed at a specific run level

Examining the /etc/inittab File

The /etc/inittab file is the key to understanding the processes that init starts at various run levels. You can look at the contents of the file by using the more command as follows:

more /etc/inittab

To see the contents of the /etc/inittab file with the more command, you do not have to log in as root.

The following is a listing of the /etc/inittab file on my Red Hat Linux system, which is set up for a graphical login screen:

# inittab       This file describes how the INIT process should set up
#               the system in a certain run-level.
# Author:       Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
#               Modified for RHS Linux by Marc Ewing and Donnie Barnes

# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)

# System initialization.

l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

# When our UPS tells us power has failed, assume we have a few minutes
# of power left.  Schedule a shutdown for 2 minutes from now.
# This does, of course, assume you have powered installed and your
# UPS connected and working correctly.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"

# If power was restored before the shutdown kicked in, cancel it.
pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6

# Run xdm in runlevel 5
# xdm is now a separate service
x:5:respawn:/etc/X11/prefdm -nodaemon

Lines that start with a hash mark (#) are comments. The first noncomment line in the /etc/inittab file specifies the default run level as follows:


Even though you do not know the syntax of the /etc/inittab file (and you really do not have to learn the syntax), you probably can guess that the 5 in that line denotes the default run level for the graphical login screen. Thus, if you want your system to run at level 3 after startup (for a plaintext-mode login screen), all you have to do is change 5 to 3.

Insider Insight 

Each entry in the /etc/inittab file specifies a process that init should start at one or more specified run levels. You simply concatenate all the run levels (for example, 235 for run levels 2, 3, and 5) at which the process should run. Each entry in the inittab file has four fields-separated by colons-in the following format:


Type man inittab to see the detailed syntax of the entries in the inittab file.

The fields in each entry of the inittab file have the following meanings:

  • The id field is a unique, 1- to 4-character identifier. The init process uses this field internally. You can employ any identifier you want, as long as you do not use the same identifier on more than one line. For example, si, x, and 1 are all valid identifiers.

  • The runlevels field is a sequence of zero or more characters, each denoting a run level. The line with the identifier 1, for example, applies to run levels 1 through 5; so the runlevels field for this entry is 12345. This field is ignored if the action field is set to sysinit, boot, or bootwait.

  • The action field tells the init process what to do with the entry. If this field is initdefault, for example, init interprets the runlevels field as the default run level. If this field is set to wait, init starts the process specified in the process field and waits until that process exits. Table 20-1 summarizes the valid action values you can use in the action field.

  • The process field specifies the process that init has to start. Of course, some settings of the action field require no process field. (When action is set to initdefault, for example, you don't need a process field.)

    Table 20-1: Valid Actions in /etc/inittab




    Restarts the process whenever it terminates


    Restarts the process once at the specified run level; init waits until that process exits


    Executes the process once at the specified run level


    Executes the process as the system boots, regardless of the run level (the runlevels field is ignored)


    Executes the process as the system boots; init waits for the process to exit (the runlevels field is ignored)


    Nothing happens for this action


    Executes the process at the specified run level, which must be one of a, b, or c


    Starts the system at this run level after it boots. The process field is ignored for this action.


    Executes the process as the system boots before any entries with the boot or bootwait actions (the runlevels field is ignored)


    Executes the process when init receives the SIGPWR signal, indicating that there is something wrong with the power. Then, init waits until the process exits.


    Similar to powerwait, except that init does not wait for the process to exit


    Executes the process when init receives a signal that the battery of the external uninterruptible power supply (UPS) is almost empty and the power is failing (provided that the external UPS and the monitoring process can detect this condition)


    Executes the process when init receives the SIGPWR signal and the /etc/powerstatus file contains the word OK (indicating that the power is back on)


    Executes the process when init receives the SIGINT signal, which occurs when you press Ctrl-Alt-Del. Typically, the process field should specify the /sbin/shutdown command with the -r option to reboot the PC.


    Executes the process when init receives a signal from the keyboard driver that a special key combination has been pressed. The key combination should be mapped to KeyboardSignal in the keymap file.

The process field is typically specified in terms of a shell script, which, in turn, can start several processes. The l5 entry in /etc/inittab, for example, is specified as follows:

l5:5:wait:/etc/rc.d/rc 5

This entry specifies that init should execute the file /etc/rc.d/rc with 5 as an argument. If you look at the file /etc/.rc.d/rc, you notice that it is a shell-script file. You can study this file to see how it starts various processes for run levels 1 through 5.

The last line of the /etc/inittab file starts the graphical login process with the following entry:

x:5:respawn:/etc/X11/prefdm -nodaemon

This command runs /etc/X11/prefdm, which is a shell script that starts the graphical display manager. The display manager, in turn, displays the graphical login dialog box that enables you to log into the system.


If you do not enable the graphical login screen during Red Hat installation (covered in Chapter 2), you can do so by editing the /etc/inittab file. Locate the line containing initdefault, and make sure that it reads as follows (the run level appearing between the two colons should be 5):

init 1

Before you edit the file, you should know that any errors in this file may prevent Red Hat Linux from starting up to a point at which you can log in. If you cannot log in, you cannot use your system. You should always try out a specific run level with the command before you actually change the default run level by editing the file. In case of errors in the file, you can type to enter single-user mode, and then edit the file to correct the error.

Trying out a New Run Level with the init Command

To try a new run level, you do not have to change the default run level in the /etc/ inittab file. If you log in as root, you can change the run level (and, consequently, the processes that run in Red Hat Linux) with the init command, which has the following format:

init runlevel

Here, runlevel must be a single character denoting the run level you want. To put the system in single-user mode, for example, type the following:

init 1

Thus, if you want to try run level 5 (assuming that your system is not set up for a graphical login screen yet) without changing the /etc/inittab file, enter the following command at the shell prompt:

init 5

The system should end all current processes and enter run level 5. By default, the init command waits 20 seconds before stopping all current processes and starting the new processes for run level 5.

Insider Insight 

To switch to run level 5 immediately, type the command init -t0 5. The number after the -t option indicates the number of seconds init waits before changing the run level.

You can also use the telinit command, which is simply a symbolic link to init. If you make changes to the /etc/inittab file and want init to reload its configuration file, use the command telinit q.

Understanding the Red Hat Linux initscripts

The init process runs a number of scripts at system startup. Notice the following lines that appear near the beginning of the /etc/inittab file:

# System initialization.

As the comment on the first line indicates, the second line causes init to run the /etc/rc.d/rc.sysinit script-the first Red Hat Linux startup script that init runs.

Manually Starting and Stopping Servers

The Red Hat Linux initscripts reside in the /etc/rc.d/init.d directory. You can manually invoke scripts in this directory to start, stop, or restart specific processes-usually servers. For example, to stop the Apache Web server (the program's name is httpd), type the following command:

/etc/rc.d/init.d/httpd stop

The /etc/init.d file is defined as a symbolic link to /etc/rc.d/init.d. Therefore, you can also execute the previous command as follows:

/etc/init.d/httpd stop

If httpd is already running and you want to restart it, all you have to do is change the stop to restart, like this:

/etc/init.d/httpd restart
Insider Insight 

/sbin/service provides a more logical way to start, stop, and restart services. When you log in as root, /sbin is already in your PATH environment, so you can execute the initscripts by using the service command with the following syntax:

service servicename action

where servicename is the name of the service and action is one of start, stop, or restart. The servicename is the name of the initscript in /etc/init.d directory. Typically, the initscript name is the same as the name of the server. For example, the initscript for the Web server (httpd) is also named httpd. Thus, you restart the Web service by typing service httpd restart.

You can enhance your systems-administration skills by familiarizing yourself with the initscripts in the /etc/init.d directory. To see its listing, type the following command:

ls /etc/init.d

Here's the output of that command on a Red Hat Linux 9 system:

aep1000  firstboot  isdn       network     pxe         snmpd      xfs
anacron  functions  kdcrotate  nfs         random      snmptrapd  xinetd
apmd     gpm        keytable   nfslock     rawdevices  squid      ypbind
atd      halt       killall    nscd        rhnsd       sshd       yppasswdd
autofs   httpd      kudzu      ntpd        saslauthd   syslog     ypserv
bcm5820  innd       lisa       pcmcia      sendmail    tux        ypxfrd
crond    iptables   named      portmap     single      vsftpd
cups     irda       netfs      postgresql  smb         winbind

The script names give you some clue about which server the script can start and stop. For example, the nfs script starts and stops the processes required for NFS (Network File System) services. At your leisure, you may want to study some of these scripts to see what each one does. You don't have to understand all the shell programming; the comments should help you learn the purpose of each script.

Insider Insight 

The servers that initscripts start are often referred to as daemons. In UNIX, daemon is just a term used to describe background processes that monitor and perform many critical system functions. Typically, a daemon is started when the system boots, and daemon processes run as long as the system is up. Most daemons have the capability to restart copies of themselves to handle specific tasks. Also, although this is not a rule, most daemons have names that end with d, such as crond, syslogd, klogd, xinetd, cupsd (the printer daemon), named, and httpd. Another characteristic of daemons is that they do not require user interaction, so no terminal devices are associated with a daemon.

Configuring Servers to Start Automatically at Boot Time

Although you can start, stop, and restart servers manually by using the scripts in the /etc/rc.d/init.d directory, you have to set up symbolic links in the scripts for an appropriate run level. For example, to start the DNS server-named-in run level 5, you need an S script in the run level 5 directory (/etc/rc.d/rc5.d). Furthermore, that S script should be a symbolic link to the /etc/rc.d/init.d/named file. You set up such symbolic links to configure servers to start automatically at boot time. Luckily, you do not have to do this job by hand. Instead, you can use the /sbin/chkconfig or /usr/sbin/ntsysv program.

Using chkconfig

The chkconfig program is a command-line utility for querying and updating the run-level scripts in Red Hat Linux. I introduce you to the chkconfig utility next, but you can learn more about its options by reading the chkconfig man page with the man chkconfig command.

For example, suppose that you want to automatically start the named server at run levels 3 and 5. All you need to do is log in as root, and type the following command at the shell prompt:

chkconfig --level 35 named on

To see the status of the named server, type the following command:

chkconfig --list named
named   0:off  1:off  2:off  3:on   4:off  5:on   6:off

The output shows you the status of the named server at run levels 0 through 6. As you can see, named is set to run as run levels 3 and 5. If you now look at the directories /etc/rc.d/rc3.d and /etc/rc.d/rc5.d, you see two new S scripts that are symbolic links to /etc/rc.d/init.d/named. Both of these S scripts are symbolic links to the same script; each link looks like this:

lrwxrwxrwx  1 root   root   15 Jan 20 21:08 S55named -> ../init.d/named

If you want to turn named off, you can do so with the following command:

chkconfig --level 35 named off

You can use chkconfig to see the status of all services, including the ones started through xinetd. For example, you can view the status of all services by typing the following command:

chkconfig --list | more

The output shows the standalone services started by initscripts as well as those managed by the xinetd server:

snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
gpm             0:off   1:off   2:on    3:on    4:on    5:on    6:off
kudzu           0:off   1:off   2:off   3:on    4:on    5:on    6:off
winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
ntpd            0:off   1:off   2:off   3:off   4:off   5:off   6:off
syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
netfs           0:off   1:off   2:off   3:on    4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
random          0:off   1:off   2:on    3:on    4:on    5:on    6:off
... many lines of output deleted ...
xinetd based services:
        chargen-udp:    off
        rsync:  off
        chargen:        off
        daytime-udp:    off
        daytime:        off
        echo-udp:       off
        echo:   off
        services:       off
        servers:        off
        time-udp:       off
        time:   off
        cups-lpd:       off
        sgi_fam:        on
        kotalk: off
        ktalk:  off
        imap:   off
        imaps:  off
        ipop2:  off
        ipop3:  off
        pop3s:  off
        finger: off
        ntalk:  off
        talk:   off
        telnet: on
        rexec:  off
        rlogin: off
        rsh:    off

The output shows the status of each service for each of the run levels from 0 through 6. For each run level, the service is either on or off. At the very end of the listing, chkconfig displays a list of the services that xinetd controls (see Chapter 6 for more information on xinetd). Each xinetd-based service is also marked on or off, depending on whether or not xinetd is configured to start the service.

Using the Red Hat Service Configuration Utility

If you don't like typing the chkconfig commands, you can use a graphical service configuration utility program to configure the services. To run the service configuration utility, log in as root and select Main Menu>System Settings>Server Settings>Services from the GNOME desktop. You can then turn services on or off from the service configuration window (see Figure 20-1).

Click To expand
Figure 20-1: Using the Red Hat Service Configuration Utility to Select the Services You Want to Start Automatically.

The service configuration utility shows the names of services in a scrolling list. Each line in the list shows the name of a service with a box in front of the name. A check mark in the box indicates that the service is already selected to start at boot time for the current run level. When the dialog box first appears, many services are already selected.

You can scroll up and down the list and click on the box to select or deselect a service. If you click the box, the check mark alternately turns on and off. To learn more about a service, click the service name and a brief description appears in the right-hand side of the window. For example, Figure 20-1 shows the help text for the atd service. Additionally, the utility also shows you whether the selected service is currently running or not.

After you select all the servers you want to start when the system boots, select File>Save Changes to save the changes. Then, select File>Quit to exit.


By default, the service configuration utility configures the selected services for the current run level. This means that if you are accessing it from the graphical desktop, the system is in run level 5 and the services you configure are set to start at run level 5. If you want to set up the services for a different level, select that run level from the Edit Runlevel menu.

Table 20-2 shows a list of the services, along with a brief description of each one. The first column shows the name of the service, which is the same as the name of the program that has to run to provide the service. You may not see all of these services listed when you run the service configuration utility on your system because the exact list of services depends on what is installed on your Red Hat Linux system.

Table 20-2: Some Common Services in Red Hat Linux

Service Name



Loads and unloads the driver for the Accelerated Encryption Processing card called the AEP1000, which can do encryption fast (use this only if you have the card installed in your system)


Executes commands that are scheduled to run periodically


Monitors the Advanced Power Management (APM) BIOS and logs the status of electric power (AC or battery backup)


Runs commands scheduled by the at and cron commands


Automatically mounts file systems (for example, when you insert a CD-ROM in the CD-ROM drive)


Loads and unloads the driver for Broadcom's BCM5820 Cryptonet SSL (Secure Sockets Layer) accelerator chip (use this service only if you have the hardware installed)


Runs user-specified programs according to a periodic schedule the crontab command has set


Runs the Common UNIX Printing System (CUPS) daemon (cupsd)


Enables applications to use the legacy LPD (line prinetr daemon) protocol to communicate with CUPS


Answers finger protocol requests (for user information, such as login name and last login time). You have to enable xinetd for this service to run.


Runs the first time you boot Red Hat Linux and enables you to set the date and time, create user accounts, register with Red Hat Network, and install other CD-ROMs


Enables use of mouse in text-mode screens


This is the Apache Web server


Allows remote IMAP (Internet Message Access Protocol) clients to download mail messages. You have to enable xinetd for this service to run.


Allows remote IMAP (Internet Message Access Protocol) clients with secure sockets layer (SSL) support to securely download mail messages. You have to enable xinetd for this service to run.


This is the InterNetNews daemon-the Internet news server you can use to support local newsgroups on your system.


Allows remote POP3 (Post Office Protocol version 3) clients to download mail messages. You have to enable xinetd for this service to run.


Automates a packet-filtering firewall with iptables


Supports communications with IrDA-compliant infrared devices in Linux (IrDA is a standard for infrared wireless communication at speeds ranging from 2400 bps to 4 Mbps.)


Starts and stops ISDN (Integrated Services Digital Network) services-a digital communication service over regular phone lines (enable only if you have ISDN service)


Loads selected keyboard map as specified in the file /etc/sysconfig/ keyboard. You should leave this service running on your system.


Probes for new hardware and configures changed hardware


Server that manages the queue of print jobs and sends the print jobs to the printer. You need this server if you want to do any printing from the Red Hat Linux system.


This is a server for the Domain Name System (DNS) that translates host names into IP addresses. You can run a copy on your system if you want.


Enables you to mount and unmount all network file systems (NFS, Samba, and Netware)


Enables you to activate or deactivate all network interfaces configured to start at system boot time


Enables sharing of file systems specified in the /etc/exports file using the Network File System (NFS) protocol


Provides file-locking capability for file systems exported using the Network File System (NFS) protocol, so that other systems (running NFS) can share files from your system


Provides support for chatting with users on different systems


This is the server for Network Time Protocol version 4 (NTPv4), which is used for synchronizing clocks on computers in a network


Provides support for PCMCIA devices


Allows remote POP3 (Post Office Protocol version 3) clients that support SSL to securely download mail messages. You have to enable xinetd for this service to run.


Server used by any software that relies on Remote Procedure Calls (RPC). For example, NFS requires the portmap service.


Starts or stops the PostgreSQL server that handles database requests. (PostgreSQL is a free database that comes with Red Hat Linux.)


Server for preboot execution environment (PXE) that's used to boot other systems over the network


Server needed to generate high-quality random numbers on the Red Hat Linux system


Assigns raw devices to block devices (needed for applications such as Oracle)


Supports remote execution with authentication based on user name and password. You have to enable xinetd for this service to run.


Periodically connects to the Red Hat Network Services servers to check for updates and notifications


Server that supports remote login. You have to enable xinetd for this service to run.


Server that supports remote execution of commands. You have to enable xinetd for this service to run.


Server that supports remote copying of files. You have to enable xinetd for this service to run.


Supports authentication using the Cyrus-SASL (Simple Authentication and Security Layer) software


Moves mail messages from one machine to another. Start this service if you want to send mail from your Red Hat Linux system. If you do not plan to use your Red Hat Linux system as a mail server, do not start the sendmail server because it can slow down the booting process and consume unnecessary resources.


Implements a file alternation monitor (FAM) that can be used to get reports when files change


Starts and stops the Samba smbd and nmbd services that support LAN Manager services on a Red Hat Linux system


Simple Network Management Protocol (SNMP) service used for network management functions


A caching server for Internet objects-anything that can be accessed through HTTP and FTP


Server for the OpenSSH (Secure Shell) secure remote login facility


Service used by many other programs (including other services) to log various error and status messages in a log file (usually, the /var/log/messages file). You should always run this service.


Server that supports chatting with users on other systems. You have to enable xinetd for this service to run.


Server that supports telnet remote login sessions. You have to enable xinetd for this service to run.


This is the kernel-based HTTP server


Very Secure FTP daemon for file transfers using the File Transfer Protocol (FTP)


Starts and stops the Samba winbindd server that provides a name switch capability similar to that provided by the /etc/nsswitch.conf file


Server that starts and stops the X Font Server


This is the Internet superserver, a replacement for the older inetd. It starts other Internet services, such as Telnet and FTP, whenever they are needed.


Service needed for password changes in Network Information System (NIS). You do not need to start yppasswdd unless you are using NIS.


The server for Network Information System (NIS). You do not need to start ypserv unless you are using NIS.


A server that helps ypserv. Start this service only if you are using Network Information System (NIS).