Knoppix, which is a complete bootable Linux on a CD, has become my rescue disk of choice. An excellent introduction to Knoppix appeared in developerWorks a few months ago ("Knoppix gives bootable, one-disk Linux" by Cameron Laird).
My old mainstays were Tom's Root Boot, "The most GNU/Linux on one floppy disk," and Peter Anvin's SuperRescue CD, "An overfeatured rescue CD." Both are first-rate Linux rescue disks. One of my favorite show-off tricks is to do a complete bare-metal system rebuild, using only a Tom's Root Boot disk and an Internet connection.
As CD-ROMs became standard on PCs, I wore out several SuperRescue CDs. However, it is based on Red Hat 7.2, which is a great Red Hat but is also an old Red Hat. So, 7.2 does not have the hardware support, such as USB or wireless, found in later distributions.
Knoppix, the hot new kid on the block, offers some great features:
- First-rate hardware detection and support, including PCMCIA, USB, and wireless
- Latest and greatest Debian and KDE
- Fast booting, usually around two minutes
- Commercially produced disks that can be purchased for a minimal price
That last bit didn't become important to me until I moved to an area with no high-speed Internet. Dial-up only, which made 700 MB downloads rather impractical.
Knoppix incorporates the best of Debian, KDE, and its own system utilities. In this article, we'll look at how to do things both from the command line and using graphical utilities. Be sure to use values appropriate for your systems, such as partition numbers, filenames, and network hosts.
If you want to run KDE or any other graphical desktop or window manager, you'll want at least 96 MB of RAM and a Pentium equivalent or better. In text mode, without X, it needs 20 MB to be happy and will even run on an old 486. It will use your existing Linux swap file.
After booting up the Knoppix CD, it will pause at a command prompt for 30 seconds, then continue booting. There are a large number of boot options; hit F2 to see them. For example, this is how I boot Knoppix 3.2 on one of my test systems:
knoppix lang=us knoppix wheelmouse knoppix desktop=icewm
The default keyboard mapping is German, so I always boot with
knoppix lang=us. By default, Knoppix boots to the KDE desktop.
knoppix 2 boots to text mode, without starting X.
failsafe starts up with minimal hardware detection.
Knoppix runs entirely in memory, or if you want to sound "leet," in a ramdisk. In fact you can see the ramdisk in the file tree. Remember, sometimes it will be slow, because it must fetch executables from the CD, which is slower than a hard drive. It can be installed to a hard disk, but that is a topic for another day.
This is the most common scenario. Something goes haywire, and boom, no boot. No problem: boot up Knoppix and find all your local partitions nicely iconicized on the KDE desktop. (Or cruise the file tree to /mnt.) Click on the correct icon, and there are all your files. But they are wisely mounted read-only. Again, no problem: right-click the desktop icon to bring up a nice menu with a "Change read/write mode" option. This mounts the filesystem on the partition as read/write. Now you can edit any file.
The default user is
knoppix. For operations that require root
privileges, you need to
su to root and assign a root password:
To mount a filesystem read/write from the command line:
root@ttyp0[knoppix]# mount -t reiserfs -o rw /dev/hda5 /mnt/hda5
root@ttyp0[knoppix]# umount /mnt/hda5
If you get an error message "Could not unmount device, device is
busy," something is reading the filesystem. Close files and
cd out of the
How do you know what mountpoint and filesystem to specify? Just read /etc/fstab:
root@ttyp0[knoppix]# cat /etc/fstab
# Added by Knoppix
/dev/hda5 /mnt/hda5 reiserfs noauto,users,exec 0 0
Before going on a mad config file editing spree, it often pays to examine hardware information. Knoppix excels at this, as it has the latest editions of Linux's excellent hardware and system utilities: fdisk, lspci, iwconfig, ifconfig, dmesg, /proc, and so forth. (Checking hardware information is also handy for testing a system for Linux compatibility before you buy it. Sound cards, softmodems, and wireless NICs are especially troublesome; manufacturers often change the chipsets without changing the model numbers, and you need to know the chipsets to determine if Linux drivers are available. The Knoppix CD also contains a number of sound files, for quick sound testing, starting with "OpenMusic" on the welcome screen.)
fdisk -ldisplays all partitions on all hard drives.
lspci -vgives detailed information about every device and chipset connected to the PCI bus.
cat /proc/cpuinfotells exactly what CPU is installed.
ifconfigdisplays, and also manipulates, network interface settings. Most commonly Ethernet cards and ppp, the modem interface.
iwconfigis like ifconfig, but for wireless network cards.
man dmesgisn't all that helpful if you're not a kernel hacker. Just using
dmesg | grep <device>is a useful troubleshooting and system discovery tool. To see everything, run
dmesgwith no options.
And of course KDE provides a nice GUI to see all this; go to System > Info Center.
Usually the first rescue chore is to copy data files off of the troubled drive. This is my favorite method when there are large numbers of files to copy: install a second hard drive, then boot Knoppix, then copy files from the old disk to the new disk. Even if you don't have nice hot-swappable drives or removable drive cages, it takes just a couple of minutes to pop the case open and hook one up. Do you have a brand new blank drive, or an old one that needs to be wiped clean and reformatted? No problem, do the disk preparation from Knoppix.
First, install the second hard drive. Then boot Knoppix and open a
root shell. If there are partitions already on the second disk, simply
re-format whatever ones you need. Note that SCSI drives are designated
sd, while IDE drives are
hd. This command displays the existing disk partitions; be
sure to use values appropriate for your system:
root@ttyp0[knoppix]# fdisk -l /dev/hdb
To format a disk partition:
root@ttyp0[knoppix]# mkfs.ext2 -c /dev/hdb1
This creates a plain-vanilla ext2 filesystem.
-c checks for bad
blocks. Of course, you can make it anything you like: ext3, ReiserFS,
root@ttyp0[knoppix]# mke2fs -j -c /dev/hdb1
root@ttyp0[knoppix]# mkreiserfs /dev/hdb1
What, no partitions? First, here's how to create them the command-line
fdisk. It's medium-safe to futz with fdisk, as changes
are not written to disk until you give the command to do so. So, you can
try different options and preview the partition table before committing
to any changes. This sequence of commands creates a single partition:
root@ttyp0[knoppix]# fdisk /dev/hdb
Type "m" at any time to display a table of
fdisk commands. Then, type "n" to create a new partition. Now, type "p" to create a primary partition. Hit Enter twice to accept the defaults. Or, if you don't want to use the whole disk, hit Enter once to accept the default starting point, then select the size you want:
Hit "p" at any time to preview the new partition table. When everything looks good, press "w" to write the changes to disk. By default,
fdisk creates a "type 83" partition, which means Linux. To see a list of partition types, press "l". To change the partition type, hit "t". Want to delete a partition? Easy as pie: press "d" and follow the prompts.
Even easier is firing up KDE and using QTParted (System > QTParted). QTParted creates, deletes, and non-destructively moves and resizes partitions (even NTFS). So, you can make room to copy your data without losing anything.
I like graphical file managers. It's a lot simpler to drag and drop than to type out long command strings. Click on the icons on the KDE desktop that represent your source drive and the drive you want to copy them to. Each one opens in its own file manager, for fast and easy drag and drop. Be sure to make the destination drive writeable.
Remember to create a directory to move files into:
# mkdir /mnt/hdb1/home/carla/backup
# cp -r /mnt/hda5/home/carla /mnt/hdb1/home/carla/backup
You'll need two hard drives the same size, or a destination drive
larger than the source drive. Make sure no partitions are mounted on
either drive. In this example /dev/hda is the source drive,
/dev/hdb is the destination drive. The
dd command makes an exact, byte-for-byte copy, including the MBR (master boot record):
# dd if=/dev/hda of=/dev/hdb
Are you losing track of what's mounted, and in what state? No problem, here comes
/proc to the rescue:
# cat /proc/mounts
This displays all mounted filesystems, the filesystem types, read/write
status, and other attributes. How many hard drives are on the system? One of these will tell you (and remember, SCSI drives are
sd, IDE are
# fdisk -l
# dmesg | grep hd
# dmesg | grep sd
KDE and Knoppix make this easy. Assuming there is a CD writer on the system, simply right-click on the desktop icon for the partition containing your files, and you will see "Create Data CD with K3b." Do File > New Project, drag and drop the files you want to copy, and there you go. K3b is very good at autodetecting and autoconfiguring your CD drives; it should do it all for you. If something goes awry, please refer to the developerWorks article "Burning CDs on Linux", which also teaches how to burn CDs from the command line.
Zip drives, floppy disks, and USB storage devices will be automatically recognized by Knoppix, and icons will be placed on the desktop. Simply make the drive you want to copy files to writeable, then drag and drop until it's all done.
You can configure Knoppix to connect to a network, just like any other Linux. Knoppix has its own graphical configuration utility: on the main menu find Knoppix > Network/Internet. Again Knoppix's excellent hardware detection comes into play; it even works on wireless NICs (assuming it's a wireless NIC that is supported in Linux!). Simply answer a series of questions, and you're done.
It's just as easy from the command line. As root, run:
Once your network settings are configured, there are several options
for transferring files.
cp is fine for locally mounted filesystems. Copying files over an untrusted network should be done with
scp (secure copy), and in fact Knoppix won't let you use anything else.
scp uses ssh for encrypted file transfer and lets you move files without setting up NFS or Samba. You'll need an ssh server running somewhere on the network to receive the files. This command copies an entire directory:
# scp -rp /mnt/hda5/home/carla 192.168.1.5:/home/carla/tmp
What, you have no ssh server? If you really do not yet have ssh installed, here is a quick-start guide to running SSH. But before using it for even routine remote administration tasks, you should study ssh in more depth. Note also that there have been a number of important security patches issued recently.
OpenSSH comes with all major Linux distributions, and yours should already
have it. (To find out, type
locate sshd.) If not, download and install it. It doesn't need to be on a special machine; any Linux PC can run SSH. Start it up like so:
# /etc/init.d/ssh start
Then, all you need is for the same user to have accounts on both machines.
Using root is easiest, but potentially dangerous. And, of course, you can
create user accounts on Knoppix as needed, with
scp command as in the example above, and there you go.
The first time you connect, you'll get a "The authenticity of host X can't be established...are you sure you want to continue connecting?" message. Answer "yes." It will ask for the root password of the SSH server, and then you're home free. To move files as a non-root user:
# scp -rp /mnt/hda5/home/carla firstname.lastname@example.org:/home/carla/tmp
This lets you operate on the host system, as though you were logged into it directly. Identify the partition the host system is on, then open a Knoppix root shell and mount it:
root@ttyp0[knoppix]# mount /dev/hda1 /mnt/hda1
root@ttyp0[knoppix]# chroot /mnt/hda1
Running programs from a CD can cause some odd troubles, especially on notebooks. It is common for power management to mess up a Knoppix session: when you wake up the machine, Knoppix doesn't respond to commands anymore. The only cure I know is to disable power management, or simply hit the power switch and start over.
Sometimes Knoppix gets stuck during boot, and hangs partway into KDE
(or any X session) startup. Switch to the first virtual console
(Ctrl + Alt + F1) to see the live system messages; this should tell you where
the problem is. Hit Alt + F5 to get back to the default X session. For
example, on one of my test systems it got stuck doing SCSI detection. Why?
Who knows. I disabled SCSI detection by adding
knoppix no scsi to the boot command, and that took care of it.
Linux has always inspired amazing creativity. Knoppix has taken off in a big way, and there are dozens of inventive Knoppix-inspired projects, such as Inside Security Rescue Toolkit, OpenGroupware Knoppix, Damn Small Linux, and Overclockix. See the Resources section below for more information and links to how-tos for making your own customized Knoppix distribution.
As always, man pages, while not exactly riveting reading, contain complete command and option listings. The following man pages are most useful in rescue operations:
- man fdisk
- man mkfs
- man fstab
- man ifconfig
- man mount
- man proc
- man dmesg
- man iwconfig
- man chroot
- man scp
- man sshd
- man dd
- man lspci
- "Knoppix gives bootable, one-disk Linux" (developerWorks, February 2003) by Cameron Laird is an excellent introduction to Knoppix.
- Knoppix.org is the official site, by the author of Knoppix, Klaus Knopper.
- The primo Knoppix resource, Knoppix.net, includes user forums, Wikis, how-tos, and links to the dozens of projects inspired by Knoppix -- such as making your own customized Live Linux CD, running Knoppix on a hard drive, creative uses of USB pen drives, tiny Linuxes, and more.
- Knoppix Customizations are unoffical Knoppix modifications, including Oralux, with a number of braille drivers, the Norwegian-language SkoleKNOPPIX, and many more.
- The tutorial "Build a Linux test network" (developerWorks, May 2003) includes good GRUB instructions; refer to this for help with curing boot problems.
- "Burning CDs on Linux" (developerWorks, April 2003) shows how to burn CDs from the command line.
- If you're new to Linux development, check out the "Speed-start your Linux app" page, developerWorks' resource for developing Linux applications on IBM middleware.
- The Debian GNU/Linux Network Administrator's Manual is an invaluable resource.
- We also recommend Wireless LAN resources for Linux, a comprehensive guide to wireless networking. This site covers everything you need to know about wireless networking on Linux, so please refer to this if you have trouble making a wireless connection during your rescue operations.
- Before Knoppix, Carla's lifesavers were Tom's Root Boot (or tomsrtbt) and Peter Anvin's SuperRescue CD.
- The searchable CERT Coordination Center at Carnegie Mellon University has vulnerability information for various implementations of SSH and other software. A great resource!
- You'll find all the answers in the Secure Shell FAQ.
- OpenSSH is a free and open source implementation of ssh.
- Members of the IBM Linux Technology Center contribute to a number of device-related projects for Linux, including the APC Modem (Mwave) driver, BlueDrekar Middleware transport driver, the Hotplug Project, and USB on Linux, among others. You'll find a complete list of Linux Technology Center-supported projects on the LTC Web site.
- You'll find more Linux articles and tutorials in the developerWorks Linux zone.
Carla Schroder is a freelance PC tamer and author, administering Linux and Windows systems for small businesses and writing how-tos for real people. Carla discovered computers and high-tech around 1994, and is living proof that self-taught middle-aged persons make fine computer gurus. Watch for her upcoming O'Reilly book, The Linux Cookbook.