The boot process explained

In Linux, during boot up, the system looks for the boot sector on the hard disk. Once it finds the boot sector, it then searches for a boot loader. In turn, the boot loader loads the boot manager. In Linux, this will usually be either GRUB or GRUB2. After this stage, the user is presented with a boot menu. Finally, the user is given the opportunity to either select an operating system to load or edit an existing entry. The options available are usually going to be different versions of the Linux kernel. Sometimes, it might be an entirely different Linux distribution. However, in mixed environments, you may come into contact with another operating system, such as Microsoft Windows.

After the user selects a Linux kernel, depending on the Linux distribution release, a single process is started, known as init, which stands for initialization. init is often referred to as System V init or SysV because System V was the first commercial Unix operating system. Most early Linux distributions were identical to the System V operating system. The other daemon used to manage a Linux distribution is known as systemd, which stands for System Management Daemon. The following is a simple flow for the process that we just discussed:

Boot Sector > Boot Loader > Boot Menu  => OS loads

Before we go deeper, let's keep in mind one of the biggest differences between init and systemd: init starts scripts one at a time, whereas systemd starts multiple scripts parallel to each other. That being said, here is the output from the pstree command on a CentOS 5 system that uses init:

From the preceding output, we can see all of the processes originating from init; hence, they are considered child processes.

Another command we can leverage to see the actual process number being used by init is the ps command in our CentOS 5 system:

[philip@localhost Desktop]$ ps -aux
 Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
 USER PID %CPU  %MEM  VSZ RSS TTY STAT START TIME COMMAND
 root  1   0.3  0.1  19364 1524 ? Ss 05:48   0:01 /sbin/init
 root  2   0.0  0.0   0    0    ? S  05:48   0:00 [kthreadd]
 root  3   0.0  0.0   0    0    ? S  05:48   0:00 [migration/0]
 root  4   0.0  0.0   0    0    ? S  05:48   0:00 [ksoftirqd/0]
 root  5   0.0  0.0   0    0    ? S  05:48   0:00 [migration/0]
 root  6   0.0  0.0   0    0    ? S  05:48   0:00 [watchdog/0]
 root  7   0.2  0.0   0    0    ? S  05:48   0:00 [events/0]
 root  8   0.0  0.0   0    0    ? S  05:48   0:00 [cgroup]
 root  9   0.0  0.0   0    0    ? S  05:48   0:00 [khelper]
 root  10  0.0  0.0   0    0    ? S  05:48   0:00 [netns]
 root  11  0.0  0.0   0    0    ? S  05:48   0:00 [async/mgr]
 root  12  0.0  0.0   0    0    ? S  05:48   0:00 [pm]
 root  13  0.0  0.0   0    0    ? S  05:48   0:00 [sync_supers]
 root  14  0.0  0.0   0    0    ? S  05:48   0:00 [bdi-default]
 root  15  0.0  0.0   0    0    ? S  05:48   0:00 [kintegrityd/]
 root  16  0.5  0.0   0    0    ? S  05:48   0:01 [kblockd/0]

From the preceding output, we can see that the first process started is PID 1, and it is indeed the init process.

Here are some options that we can use with the ps command:

[philip@localhost Desktop]$ ps --help
 ********* simple selection ********* ********* selection by list *********
 -A all processes -C by command name
 -N negate selection -G by real group ID (supports names)
 -a all w/ tty except session leaders -U by real user ID (supports names)
 -d all except session leaders -g by session OR by effective group name
 -e all processes -p by process ID
 T all processes on this terminal -s processes in the sessions given
 a all w/ tty, including other users -t by tty
 g OBSOLETE -- DO NOT USE -u by effective user ID (supports names)
 r only running processes U processes for specified users
 x processes w/o controlling ttys t by tty
 *********** output format ********** *********** long options ***********
 -o,o user-defined -f full --Group --User --pid --cols --ppid
 -j,j job control s signal --group --user --sid --rows --info
 -O,O preloaded -o v virtual memory --cumulative --format --deselect
 -l,l long u user-oriented --sort --tty --forest --version
 -F extra full X registers --heading --no-heading --context
 ********* misc options *********
 -V,V show version L list format codes f ASCII art forest
 -m,m,-L,-T,H threads S children in sum -y change -l format
 -M,Z security data c true command name -c scheduling class
 -w,w wide output n numeric WCHAN,UID -H process hierarchy
 [philip@localhost Desktop]$ 

Now, let's turn our attention to systemd. We will run the pstree command on our Linux system:

From the preceding output, we can see all other processes being spawned by the system. These are known as child processes.

We can also run the pstree command on the CentOS 7 distro, and see similar results:

[philip@localhost ~]$ pstree
 systemd─┬─ModemManager───2*[{ModemManager}]
 ├─NetworkManager─┬─dhclient
 │ └─3*[{NetworkManager}]
 ├─VGAuthService
 ├─abrt-watch-log
 ├─abrtd
 ├─accounts-daemon───2*[{accounts-daemon}]
 ├─alsactl
 ├─anacron
 ├─at-spi-bus-laun─┬─dbus-daemon───{dbus-daemon}
 │ └─3*[{at-spi-bus-laun}]
 ├─at-spi2-registr───2*[{at-spi2-registr}]
 ├─atd
 ├─auditd─┬─audispd─┬─sedispatch
 │ │ └─{audispd}
 │ └─{auditd}
 ├─avahi-daemon───avahi-daemon
 ├─chronyd
 ├─colord───2*[{colord}]
 ├─crond
 ├─cupsd
 ├─2*[dbus-daemon───{dbus-daemon}]
 ├─dbus-launch
 ├─dconf-service───2*[{dconf-service}]
 ├─dnsmasq───dnsmasq

Now, let's check which process number systemd is using on the Linux system by using the ps command:

root@ubuntu:/home/philip# ps -aux
 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
 root 1 0.0 0.5 185620 4996 ? Ss Jun19 0:05 /lib/systemd/systemd --system --d
 root 2 0.0 0.0 0 0 ? S Jun19 0:00 [kthreadd]
 root 3 0.0 0.0 0 0 ? S Jun19 0:06 [ksoftirqd/0]
 root 5 0.0 0.0 0 0 ? S< Jun19 0:00 [kworker/0:0H]
 root 7 0.0 0.0 0 0 ? S Jun19 0:06 [rcu_sched]
 root 8 0.0 0.0 0 0 ? S Jun19 0:00 [rcu_bh]
 root 9 0.0 0.0 0 0 ? S Jun19 0:00 [migration/0]
 root 10 0.0 0.0 0 0 ? S Jun19 0:00 [watchdog/0]
 root 11 0.0 0.0 0 0 ? S Jun19 0:00 [kdevtmpfs]
 root 12 0.0 0.0 0 0 ? S< Jun19 0:00 [netns]
 root 13 0.0 0.0 0 0 ? S< Jun19 0:00 [perf]
 root 14 0.0 0.0 0 0 ? S Jun19 0:00 [khungtaskd]
 root 15 0.0 0.0 0 0 ? S< Jun19 0:00 [writeback]
 root 16 0.0 0.0 0 0 ? SN Jun19 0:00 [ksmd]
 root 17 0.0 0.0 0 0 ? SN Jun19 0:01 [khugepaged]
 root 18 0.0 0.0 0 0 ? S< Jun19 0:00 [crypto]
 root 19 0.0 0.0 0 0 ? S< Jun19 0:00 [kintegrityd]
 root 20 0.0 0.0 0 0 ? S< Jun19 0:00 [bioset]
 root 21 0.0 0.0 0 0 ? S< Jun19 0:00 [kblockd]
 root 22 0.0 0.0 0 0 ? S< Jun19 0:00 [ata_sff]
 root 23 0.0 0.0 0 0 ? S< Jun19 0:00 [md]
 root 24 0.0 0.0 0 0 ? S< Jun19 0:00 [devfreq_wq]

Some output is omitted for the sake of brevity.

From the preceding output, we can clearly see that the system is indeed listed as the first process started.

[philip@localhost Desktop]$ chkconfig
 NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
 abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
 acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off
 bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
 crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
 firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
 haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 htcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:off
 httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
 ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
 mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
 netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
 netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
 network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Some of the previous output is omitted for the sake of brevity.

In the preceding output, we are only shown daemons that use init. This is useful on systems running native init, such as earlier Linux distributions.

Here are the most commonly used options that can be passed with the chkconfig command for older Linux distributions that use init:

--level levels

Specifies the runlevels an operation should pertain to. It is given as a string of numbers from 0 to 6.

For example, --level 35 specifies runlevels 3 and 5.

--add name

This option adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel. If any runlevel is missing such an entry, chkconfig creates the appropriate entry, as specified by the default values in the init script. Note that default entries in LSB-delimited INIT INFO sections take precedence over the default runlevels in the initscript; if any required-start or required-stop entries are present, the start and stop priorities of the script will be adjusted to account for these dependencies.

 --del name

The service is removed from chkconfig management, and any symbolic links in /etc/rc[0-6].d that pertain to it are removed.

Note that future package installs for this service may run chkconfig --add, which will re-add such links.
To disable a service, run chkconfig name off.

--override name

If the service name is configured exactly as it would be if the --add option had been specified with no override file in /etc/chkconfig.d/name, and if /etc/chkconfig.d/name now exists and is specified differently from the base initscript, this changes the configuration for the service name to follow the overrides instead of the base configuration.

--list name

This option lists all of the services that chkconfig knows about, and whether they are stopped or started in each runlevel. If a name is specified, information is only displayed with regards to the service name.

To see the daemons started in newer Linux distributions, we will use the systemctl command:

[philip@localhost ~]$ systemctl
 add-requires hybrid-sleep reload-or-restart
 add-wants is-active reload-or-try-restart
 cancel is-enabled rescue
 cat is-failed reset-failed
 condreload isolate restart
 condrestart is-system-running set-default
 condstop kexec set-environment
 daemon-reexec kill set-property
 daemon-reload link show
 default list-dependencies show-environment
 delete list-jobs snapshot
 disable list-sockets start
 edit list-timers status
 emergency list-unit-files stop
 enable list-units suspend
 exit mask switch-root
 force-reload poweroff try-restart
 get-default preset unmask
 halt reboot unset-environment
 help reenable
 hibernate reload
 [philip@localhost ~]$ 

From the preceding output, we can see a variety of options that can be passed with the systemctl command; we will use the list-unit-files option with systemctl:

[philip@localhost ~]$ systemctl list-unit-files
 UNIT FILE                           STATE
 proc-sys-fs-binfmt_misc.automount   static
 dev-hugepages.mount                 static
 dev-mqueue.mount                    static
 proc-fs-nfsd.mount                  static
 proc-sys-fs-binfmt_misc.mount       static
 sys-fs-fuse-connections.mount       static
 sys-kernel-config.mount             static
 sys-kernel-debug.mount              static
 tmp.mount                           disabled
 var-lib-nfs-rpc_pipefs.mount        static
 brandbot.path                       disabled
 cups.path                           enabled
 systemd-ask-password-console.path   static
 systemd-ask-password-plymouth.path  static
 systemd-ask-password-wall.path      static

Some of the following output is omitted for the sake of brevity:

 umount.target                    static
 virt-guest-shutdown.target       static
 chrony-dnssrv@.timer             disabled
 fstrim.timer                     disabled
 mdadm-last-resort@.timer         static
 systemd-readahead-done.timer     indirect
 systemd-tmpfiles-clean.timer     static
392 unit files listed.

From the preceding output, we can see that 392 units are listed. We can be more specific and look for only the services that are enabled/running:

[philip@localhost ~]$ systemctl list-unit-files | grep enabled
 cups.path                                   enabled
 abrt-ccpp.service                           enabled
 abrt-oops.service                           enabled
 abrt-vmcore.service                         enabled
 abrt-xorg.service                           enabled
 abrtd.service                               enabled
 accounts-daemon.service                     enabled
 atd.service                                 enabled
 auditd.service                              enabled
 autovt@.service                             enabled
 avahi-daemon.service                        enabled
 bluetooth.service                           enabled
 chronyd.service                             enabled
 crond.service                               enabled
 cups.service                                enabled
 dbus-org.bluez.service                      enabled
 dbus-org.fedoraproject.FirewallD1.service   enabled
 dbus-org.freedesktop.Avahi.service          enabled
 dbus-org.freedesktop.ModemManager1.service  enabled
 dbus-org.freedesktop.NetworkManager.service enabled
 dbus-org.freedesktop.nm-dispatcher.service  enabled
 display-manager.service                     enabled
 dmraid-activation.service                   enabled
 firewalld.service                           enabled

Some of the preceding output is omitted for the sake of brevity.

We can also see the status, the directory from where the daemon is being executed, and the Process ID (PID) for a daemon with the systemctl command. We will use the status option as follows:

[philip@localhost ~]$ systemctl status sshd.service
 ● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-06-20 09:35:31 PDT; 1h 43min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1072 (sshd)
 CGroup: /system.slice/sshd.service
        └─1072 /usr/sbin/sshd -D
 [philip@localhost ~]$ 

We can also stop, start, restart, enable, and disable a daemon with the systemctl command. Let's say we want to stop the sshd service using the systemctl command. In this case, we would simply do this:

[philip@localhost ~]$ systemctl stop sshd

Now, as soon as we press Enter on the CentOS 7 system, we will get an authentication prompt because we are attempting to stop the sshd service as a standard user:

Now we'll enter the root password:

And now the sshd service has been stopped:

[philip@localhost ~]$ systemctl stop sshd
 [philip@localhost ~]$

Now let's recheck the status of the sshd service to confirm it has indeed stopped. We can do this using the systemctl command:

[philip@localhost ~]$ systemctl status sshd.service
 ● sshd.service - OpenSSH server daemon
    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
    Active: inactive (dead) since Wed 2018-06-20 11:20:16 PDT; 21min ago
      Docs: man:sshd(8)
            man:sshd_config(5)
  Main PID: 1072 (code=exited, status=0/SUCCESS)
 [philip@localhost ~]$ 

From the preceding code, we can conclude that the sshd service has been stopped.