From 8f8820e88a33687be3766077a52aef83a35959d6 Mon Sep 17 00:00:00 2001
From: Dru Lavigne <dru@FreeBSD.org>
Date: Tue, 22 Apr 2014 15:49:54 +0000
Subject: [PATCH] Move init section into Boot Process as the Last Stage. Format
 boot options as a table. Expand on single-user mode section. More commits to
 come.

Sponsored by:	iXsystems
---
 .../books/handbook/boot/chapter.xml           | 303 +++++++++---------
 1 file changed, 147 insertions(+), 156 deletions(-)

diff --git a/en_US.ISO8859-1/books/handbook/boot/chapter.xml b/en_US.ISO8859-1/books/handbook/boot/chapter.xml
index 07fc935c68..196935c0b0 100644
--- a/en_US.ISO8859-1/books/handbook/boot/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/boot/chapter.xml
@@ -345,7 +345,7 @@ boot:</screen>
 		specified options or kernel name.  Providing a kernel
 		name on the command-line is only applicable after an
 		<command>unload</command> has been issued.
-		Otherwise the previously-loaded kernel will be
+		Otherwise, the previously-loaded kernel will be
 		used.</entry>
 	    </row>
 
@@ -432,25 +432,16 @@ boot:</screen>
 	  </tbody>
 	</tgroup>
 	</table>
-      </sect2>
 
-      <sect2 xml:id="boot-loader-examples">
-	<title>Loader Examples</title>
-
-	<para>Here are some practical examples of loader usage:</para>
-
-	<itemizedlist>
-	  <listitem>
-	    <para>To boot the usual kernel in single-user
+	<para>Here are some practical examples of
+	  loader usage.  To boot the usual kernel in single-user
 	      mode<indexterm><primary>single-user
 		  mode</primary></indexterm>:</para>
 
 	    <screen><userinput>boot -s</userinput></screen>
-	  </listitem>
 
-	  <listitem>
-	    <para>To unload the usual kernel and modules, and then
-	      load the previous or another kernel:</para>
+	    <para>To unload the usual kernel and modules and then
+	      load the previous or another, specified kernel:</para>
 
 	    <screen><userinput>unload</userinput>
 <userinput>load <replaceable>kernel.old</replaceable></userinput></screen>
@@ -463,94 +454,183 @@ boot:</screen>
 	      system upgrade or before configuring a custom
 	      kernel.</para>
 
-	    <note>
 	      <para>Use the following to load the usual modules with
 		another kernel:</para>
 
 	      <screen><userinput>unload</userinput>
 <userinput>set kernel="<replaceable>kernel.old</replaceable>"</userinput>
-<userinput>boot-conf</userinput></screen></note>
-	  </listitem>
+<userinput>boot-conf</userinput></screen>
 
-	  <listitem>
 	    <para>To load an automated kernel configuration
 	      script:</para>
 
 	    <screen><userinput>load -t userconfig_script <replaceable>/boot/kernel.conf</replaceable></userinput></screen>
-	  </listitem>
-	</itemizedlist>
-    </sect2>
-
-    <sect2 xml:id="boot-kernel">
-      <title>Kernel Interaction During Boot</title>
 
       <indexterm>
 	<primary>kernel</primary>
 	<secondary>boot interaction</secondary>
       </indexterm>
+    </sect2>
 
-      <para>Once the kernel is loaded by either the default loader or
-	by boot2, which bypasses the loader, it examines any boot
-	flags and adjusts its behavior as necessary.</para>
+  <sect2 xml:id="boot-init">
+    <title>Last Stage</title>
+
+    <indexterm>
+      <primary>&man.init.8;</primary>
+    </indexterm>
+      <para>Once the kernel is loaded by either <application>loader</application> or
+	by <application>boot2</application>, which bypasses
+	<application>loader</application>, it examines any boot
+	flags and adjusts its behavior as necessary.  <xref
+	  linkend="boot-kernel"/> lists the commonly used boot flags.
+	Refer to &man.boot.8; for more information on the other
+	  boot flags.</para>
 
       <indexterm>
 	<primary>kernel</primary>
 	<secondary>bootflags</secondary>
       </indexterm>
 
-      <para>Here are the more common boot flags:</para>
+    <table xml:id="boot-kernel" frame="none" pgwide="1">
+      <title>Kernel Interaction During Boot</title>
 
-      <variablelist xml:id="boot-kernel-bootflags-list">
-	<varlistentry>
-	  <term><option>-a</option></term>
+      <tgroup cols="2">
+	<thead>
+	  <row>
+	    <entry>Option</entry>
+	    <entry>Description</entry>
+	  </row>
+	</thead> 
 
-	  <listitem>
-	    <para>During kernel initialization, ask for the device
-	      to mount as the root file system.</para>
-	  </listitem>
-	</varlistentry>
+	<tbody>
+	  <row>
+	    <entry><option>-a</option></entry>
+	  <entry>During kernel initialization, ask for the device
+	      to mount as the root file system.</entry>
+	  </row>
 
-	<varlistentry>
-	  <term><option>-C</option></term>
+	<row>
+	  <entry><option>-C</option></entry>
+	  <entry>Boot the root file system from a <acronym>CDROM</acronym>.</entry>
+	  </row>
 
-	  <listitem>
-	    <para>Boot from CDROM.</para>
-	  </listitem>
-	</varlistentry>
+	<row>
+	  <entry><option>-s</option></entry>
+	  <entry>Boot into single-user mode.</entry>
+	  </row>
 
-	<varlistentry>
-	  <term><option>-c</option></term>
+	<row>
+	  <entry><option>-v</option></entry>
+	  <entry>Be more verbose during kernel startup.</entry>
+	  </row>
+	</tbody>
+      </tgroup>
+    </table>
 
-	  <listitem>
-	    <para>Run UserConfig, the boot-time kernel
-	      configurator.</para>
-	  </listitem>
-	</varlistentry>
+    <para>Once the kernel has finished booting, it passes control to
+      the user process &man.init.8;, which is located at
+      <filename>/sbin/init</filename>, or the program path specified
+      in the <envar>init_path</envar> variable in
+      <command>loader</command>.  This is the last stage of the boot
+      process.</para>
 
-	<varlistentry>
-	  <term><option>-s</option></term>
+    <para>The boot sequence makes sure that the file systems available
+      on the system are consistent.  If a <acronym>UFS</acronym> file
+      system is not, and <command>fsck</command>
+      cannot fix the inconsistencies,
+      <application>init</application> drops the system into single-user mode so that the
+      system administrator can resolve the problem directly.  Otherwise,
+      the system boots into multi-user mode.</para>
 
-	  <listitem>
-	    <para>Boot into single-user mode.</para>
-	  </listitem>
-	</varlistentry>
+    <sect3 xml:id="boot-singleuser">
+      <title>Single-User Mode</title>
 
-	<varlistentry>
-	  <term><option>-v</option></term>
+      <indexterm><primary>single-user mode</primary></indexterm>
+      <indexterm><primary>console</primary></indexterm>
 
-	  <listitem>
-	    <para>Be more verbose during kernel startup.</para>
-	  </listitem>
-	</varlistentry>
-      </variablelist>
+      <para>A user can specify this mode by
+	booting with <option>-s</option>, or by
+	setting the <envar>boot_ single</envar> variable in
+	<application>loader</application>.  It can also be reached by
+	running <command>shutdown now</command> from
+	multi-user mode.  Single-user mode begins with this message:</para>
 
-      <note>
-	<para>Refer to &man.boot.8; for more information on the other
-	  boot flags.</para>
-      </note>
+	<programlisting>Enter full pathname of shell or RETURN for /bin/sh:</programlisting>
+
+      <para>If the user presses <keycap>Enter</keycap>, the system
+	will enter the default Bourne shell.  To specify a different
+	shell, input the full path to the shell.</para>
+
+      <para>Single-user mode is usually used to repair a system that will not
+	boot due to an inconsistent file system or an error in a boot
+	configuration file.  It can also be used to reset the
+	<systemitem class="username">root</systemitem> password when
+	it is unknown.  These actions are possible as the single-user
+	mode prompt gives full, local access to the system and its
+	configuration files.  There is no networking in this mode.</para>
+
+      <para>While single-user mode is useful for repairing a system,
+	it poses a security risk unless the system is in a physically
+	secure location.  By default, any user who can gain physical
+	access to a system will have full control of that system after
+	booting into single-user mode.</para>
+
+      <para>If the system <literal>console</literal> is changed to
+	<literal>insecure</literal> in <filename>/etc/ttys</filename>,
+	the system will first prompt for the <systemitem
+	  class="username">root</systemitem> password before
+	initiating single-user mode.  This adds a measure of security
+	while removing the ability to reset the <systemitem
+	  class="username">root</systemitem> password when it is
+	unknown.</para>
+
+      <example xml:id="boot-insecure-console">
+	<title>Configuring an Insecure Console in
+	  <filename>/etc/ttys</filename></title>
+
+	<programlisting># name  getty                           type    status          comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none                            unknown off <replaceable>insecure</replaceable></programlisting>
+      </example>
+
+	<para>An <literal>insecure</literal> console means that
+	  physical security to the console is considered to be
+	  insecure, so only someone who knows the <systemitem
+	    class="username">root</systemitem> password may use
+	  single-user mode.</para>
+    </sect3>
+
+    <sect3 xml:id="boot-multiuser">
+      <title>Multi-User Mode</title>
+
+      <indexterm><primary>multi-user mode</primary></indexterm>
+
+      <para>If <application>init</application> finds the file systems to be in order, or
+	once the user has finished their commands in single-user mode
+	and has typed <command>exit</command> to leave single-user mode,
+	the system enters
+	multi-user mode, in which it starts the resource configuration
+	of the system.</para>
+
+      <indexterm><primary>rc files</primary></indexterm>
+
+      <para>The resource configuration system reads in configuration
+	defaults from <filename>/etc/defaults/rc.conf</filename> and
+	system-specific details from
+	<filename>/etc/rc.conf</filename>.  It then proceeds to mount
+	the system file systems listed in
+	<filename>/etc/fstab</filename>.  It starts up networking
+	services, miscellaneous system daemons, then the startup
+	scripts of locally installed packages.</para>
+
+      <para>To learn more about the resource configuration system,
+	refer to &man.rc.8; and examine the scripts located in
+	<filename>/etc/rc.d</filename>.</para>
+    </sect3>
     </sect2>
   </sect1>
-
 <!--
     <sect2 id="boot-kernel-userconfig">
       <title>UserConfig: the Boot-time Kernel Configurator</title>
@@ -809,95 +889,6 @@ bitmap_name="<replaceable>/boot/splash.bin</replaceable>"</programlisting>
       &man.kenv.1;, &man.loader.conf.5;, and &man.loader.8;.</para>
   </sect1>
 
-  <sect1 xml:id="boot-init">
-    <title>Init: Process Control Initialization</title>
-
-    <indexterm>
-      <primary>&man.init.8;</primary>
-    </indexterm>
-
-    <para>Once the kernel has finished booting, it passes control to
-      the user process &man.init.8;, which is located at
-      <filename>/sbin/init</filename>, or the program path specified
-      in the <envar>init_path</envar> variable in
-      <command>loader</command>.</para>
-
-    <para>The boot sequence makes sure that the file systems available
-      on the system are consistent.  If they are not, and &man.fsck.8;
-      cannot fix the inconsistencies of a UFS file system,
-      &man.init.8; drops the system into single-user mode so that the
-      system administrator can resolve the problem directly.</para>
-
-    <sect2 xml:id="boot-singleuser">
-      <title>Single-User Mode</title>
-
-      <indexterm><primary>single-user mode</primary></indexterm>
-      <indexterm><primary>console</primary></indexterm>
-
-      <para>This mode can be reached through the automatic reboot
-	sequence, the user booting with <option>-s</option>, or by
-	setting the <envar>boot_ single</envar> variable in
-	&man.loader.8;.</para>
-
-      <para>It can also be reached by calling &man.shutdown.8; from
-	multi-user mode (<xref linkend="boot-multiuser"/>) without
-	including <option>-r</option> or <option>-h</option>.</para>
-
-      <para>If the system <literal>console</literal> is set to
-	<literal>insecure</literal> in <filename>/etc/ttys</filename>,
-	the system will prompt for the <systemitem
-	  class="username">root</systemitem> password before
-	initiating single-user mode.</para>
-
-      <example xml:id="boot-insecure-console">
-	<title>An Insecure Console in
-	  <filename>/etc/ttys</filename></title>
-
-	<programlisting># name  getty                           type    status          comments
-#
-# If console is marked "insecure", then init will ask for the root password
-# when going to single-user mode.
-console none                            unknown off insecure</programlisting>
-      </example>
-
-      <note>
-	<para>An <literal>insecure</literal> console means that
-	  physical security to the console is considered to be
-	  insecure, so only someone who knows the <systemitem
-	    class="username">root</systemitem> password may use
-	  single-user mode.  Thus, to add this measure of security,
-	  choose <literal>insecure</literal>, instead of the default
-	  of <literal>secure</literal>.</para>
-      </note>
-    </sect2>
-
-    <sect2 xml:id="boot-multiuser">
-      <title>Multi-User Mode</title>
-
-      <indexterm><primary>multi-user mode</primary></indexterm>
-
-      <para>If &man.init.8; finds the file systems to be in order, or
-	once the user has finished their commands in single-user mode
-	(<xref linkend="boot-singleuser"/>), the system enters
-	multi-user mode, in which it starts the resource configuration
-	of the system.</para>
-
-      <indexterm><primary>rc files</primary></indexterm>
-
-      <para>The resource configuration system reads in configuration
-	defaults from <filename>/etc/defaults/rc.conf</filename>, and
-	system-specific details from
-	<filename>/etc/rc.conf</filename>, and then proceeds to mount
-	the system file systems listed in
-	<filename>/etc/fstab</filename>.  It starts up networking
-	services, miscellaneous system daemons, then the startup
-	scripts of locally installed packages.</para>
-
-      <para>To learn more about the resource configuration system,
-	refer to &man.rc.8; and examine the scripts themselves.</para>
-    </sect2>
-  </sect1>
-
   <sect1 xml:id="boot-shutdown">
     <title>Shutdown Sequence</title>