Linux Startup Sequence
When a Linux machine comes to life, a particular sequence of events takes place.
When a machine power is turned on, a pre-determined address/command in ROM gets loaded into RAM and begins execution of the boot loader program.
The loader program loads the system kernel program, starts the kernel running and passes control to it (loader program dies). On some Linux implementations, the kernel is simply named Linux, while in Linux, the kernel is named vmlinuz.
Loaded kernel checks memory, checks and sets up device drivers, organizes memory, sets up file system, etc. It also begins to spawn processes, the most notable of these is the init process which has PID 1. The init program is responsible for creation of all subsequent processes and therefore is the (grand) parent of all processes. See the init man page.
Startup Sequence
/etc/inittab Tasks
The init process reads the /etc/inittab file and performs two primary tasks,
- Sets the system states for all process execution (i.e. run levels)
- starts a getty program running at each terminal port. The getty program displays the
loginprompt.
The getty process then waits (sleeps) for a user to enter their username.
User Login
As a user enters begins to enter a username, the getty process wakes up and is overwritten (exec’d) by the login program, which then begins execution. The login program displays the Password: prompt.
The login process verifies the username-password pair entered against a corresponding user record in the /etc/passwd file. If the username/password matches the password data in the /etc/passwd file, the startup application (as specified in the /etc/passwd file) is exec’d (This implies that the login process is overwritten by the startup application. While this is true in some implementations, in Linux, the login process forks the startup application and remains alive). If the username/password entry does not match, an error is given and access is denied.
If a Linux shell is the specified startup application (The startup application is typically a Linux shell, but it does not have to be, it could be another application program), the specific shell will read and execute the configuration program native to that shell, for example, ksh executes .profile, csh executes .cshrc, and bash executes .bashrc (Numerous files end with the letters rc (e.g. .bashrc) on Linux installations. The letter rc are historical in nature and are taken from the words run commands to indicate the intended purpose of the file.)
Password Verification
As mentioned above, after a user enters their username, they are prompted for their password, and their username/password entry is verified against a corresponding record in the /etc/passwd file. Each user with an account on a system has a single line record in the /etc/passwd file.
This record is built by system tools when an administrator creates a user account. This might be a little hard to believe, but the /etc/passwd file can be viewed by all users of a Linux system (feel free to try this on your system).
All /etc/passwd records consist of 7 fields, separated by colon : delimiters (although not all 7 fields may be populated or used). If fields are unpopulated, this may be inconsequential depending upon the field, or it may revert to a default value. The table below describes the 7 fields,
| Field | Description |
|---|---|
| 1 | the user’s login username |
| 2 | represents the random-length encryped password (if not an x); many modern versions of Linux use shadow passwords, in which this field will contain an x. |
| 3 | the user’s user id (uid) |
| 4 | the user’s group id (gid) |
| 5 | contains textual information about the user, such as the user’s name, or the department in which they work (data optional) 1 |
| 6 | the user’s login directory |
| 7 | the user’s startup application |