1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.7">
<TITLE>Yard Documentation: Using Yard -- detailed instructions</TITLE>
<LINK HREF="Yard_doc-6.html" REL=next>
<LINK HREF="Yard_doc-4.html" REL=previous>
<LINK HREF="Yard_doc.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="Yard_doc-6.html">Next</A>
<A HREF="Yard_doc-4.html">Previous</A>
<A HREF="Yard_doc.html#toc5">Contents</A>
<HR>
<H2><A NAME="s5">5. Using Yard -- detailed instructions</A></H2>
<P>
<P>
<H2><A NAME="ss5.1">5.1 Customizing Config.pl and Bootdisk_Contents</A>
</H2>
<P>
<P>If this is the first time you've used Yard, do the following:
<P>
<OL>
<LI>Edit the two files Config.pl and Bootdisk_Contents in this
directory. Both contain numerous comments which should explain in
detail the options you're asked to set and the allowable values.
<DL>
<P>
<DT><B>Config.pl</B><DD><P>This contains basic information about what devices you'll
be using and their capacities. Everything in it has to be in Perl syntax,
but it's all simple variable assignments so you don't need to know Perl.
<P>
<DT><B>Bootdisk_Contents</B><DD><P>This file specifies what your bootdisk
will contain. Review this file carefully, especially the selections
of <CODE>/etc</CODE> and /sbin files. Comments at the head of
the file describe the options. I have included everything necessary
for a simple boot sequence, but I don't know how much distributions
vary in their structure. I've used Yard with both Slackware and
RedHat with little modification.
<P>You will probably discover that the default Bootdisk_Contents
contains more files than you can fit on a rescue disk. This is
intentional: it is easier to delete unnecessary files from
Bootdisk_Contents than to guess what files should be added to a
minimal Bootdisk_Contents. Two other file sets are included
for illustration.
<P>
<OL>
<LI><CODE>Bootdisk_Contents.sample</CODE> is a reasonable set of rescue files
that fits on one disk.
</LI>
<LI><CODE>Bootdisk_Contents.minimal</CODE> is a small set of files.
</LI>
</OL>
<P>
</DL>
</LI>
</OL>
<P>
<P>Yard will catch many but not all errors. For example, if you change
/etc/inittab to use <CODE>getty_ps</CODE> instead of
<CODE>getty</CODE>, check_root_fs will make sure <CODE>getty_ps</CODE>
is included on the disk, but it won't warn you that the calling syntax is
different.
<P>Check the files in the <CODE>Replacements</CODE> subtree that comes with the Yard
distribution. By default, any file mentioned in <CODE>Bootdisk_Contents</CODE>
will be copied unchanged from your hard disk. Some things have to be
changed, however, since a rescue disk is pared-down and can't access the
hard disk during boot. You can specify that a different file be used in
place of one mentioned, eg:
<P>
<BLOCKQUOTE><CODE>
<PRE>
/etc/inittab <= ./Replacements/etc/inittab
</PRE>
</CODE></BLOCKQUOTE>
<P>This causes ./Replacements/etc/inittab (which comes with Yard) to
be used for /etc/inittab on the rescue disk. These replacement
files are very short so there isn't much to check.
<P>When you ran ``make copies'', the program <CODE>create_fstab.pl</CODE>
created the file ./Replacements/etc/fstab from your fstab.
Two modifications are done:
<P>
<OL>
<LI>Every device mentioned is given a <EM>noauto</EM> option so it won't
be mounted automatically when the rescue disk is used.
</LI>
<LI>The mount points are placed under /OLDROOT on the rescue
root filesystem. You can mount them manually under
/OLDROOT to re-create selectively your disk directory
structure. This makes repairing them easier and allows you to
chroot /OLDROOT to test the structure.
</LI>
</OL>
<P>If you have a /etc/lilo.conf, the <CODE>make copies</CODE> will also
create a file ./Replacements/etc/lilo.conf. If you intend to use
Lilo, check this file.
<P>
<H3>Dynamically loaded libraries.</H3>
<P>
<P>Your system may require dynamically loaded libraries that are not visible
to ldd. Brief comments on this are included in
<CODE>Bootdisk_Contents</CODE>, and explained here.
<P>
<H3>PAM (Pluggable Authentication Modules).</H3>
<P>
<P>If your system uses PAM (Pluggable Authentication Modules), you must make
some provision for it on your bootdisk or you will not be able to login.
PAM, briefly, is a sophisticated modular method for authenticating users
and controlling their access to services. An easy way to determine if your
system uses PAM is to check your hard disks's /etc directory
for a file pam.conf or a pam.d directory; if
either exists, you must provide some minimal PAM support. (Alternatively,
run ldd on your login executable; if the output
includes libpam.so, you need PAM.)
<P>Fortunately, security is usually of no concern with bootdisks, since anyone
who has physical access to a machine can usually do anything they want
anyway. Therefore, you can essentially disable PAM by creating a simple
/etc/pam.conf file in your root filesystem that looks like
this:
<P>
<HR>
<PRE>
OTHER auth optional /lib/security/pam_permit.so
OTHER account optional /lib/security/pam_permit.so
OTHER password optional /lib/security/pam_permit.so
OTHER session optional /lib/security/pam_permit.so
</PRE>
<HR>
<P>Also copy the file <CODE>/lib/security/pam_permit.so</CODE> to your root
filesystem. This library is only about 8K so it imposes minimal overhead.
<P>Note that this configuration allows anyone complete access to the files and
services on your machine. If you care about security on your bootdisk for
some reason, you'll have to copy some or all of your hard disk's PAM setup
to your root filesystem. Be sure to read the PAM documentation carefully,
and copy any libraries needed in /lib/security onto your root
filesystem.
<P>Yard's <CODE>check_root_fs</CODE> can detect whether you need PAM,
and will warn you if you have not configured it. It will also scan the
configuration file(s) and warn if you have specified a service with no
corresponding library.
<P>
<P>
<H3>NSS (Name Service Switch).</H3>
<P>
<P>If you are using glibc (aka libc6), you will have to make provisions for
name services or you will not be able to log in. The file
/etc/nsswitch.conf controls database lookups for various
servies. If you don't plan to access services from the network (eg, DNS or
NIS lookups), you need only prepare a simple nsswitch.conf
file that looks like this:
<P>
<HR>
<PRE>
passwd: files
shadow: files
group: files
hosts: files
services: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
automount: files
aliases: files
netgroup: files
publickey: files
</PRE>
<HR>
<P>This specifies that every service be provided only by local files. You
will also need to include <CODE>/lib/libnss_files.so.1</CODE>, which will
be loaded dynamically to handle the file lookups.
<P>If you plan to access the network from your bootdisk, you may want to
create a more elaborate nsswitch.conf file. See the
nsswitch man page for details. Keep in mind that you must
include a file <CODE>/lib/libnss_</CODE><I>service</I><CODE>.so.1</CODE>
for each <I>service</I> you specify.
<P>Yard's <CODE>check_root_fs</CODE> can detect whether you need to
configure NSS, and will warn you if you haven't. It will also scan the
configuration file and warn if you have specified a service with no
corresponding library.
<P>
<P>
<P>
<P>
<H2><A NAME="ss5.2">5.2 Making the root filesystem</A>
</H2>
<P>
<P>When you're done customizing these two files, su to root and run:
<BLOCKQUOTE><CODE>
<PRE>
make_root_fs
</PRE>
</CODE></BLOCKQUOTE>
<P>This program constructs an initial, uncompressed root filesystem that
the rescue floppy will contain. It works in four passes. First it
processes the <CODE>Bootdisk_Contents</CODE> file and notes special cases
(links and replacements). Next it sets up linked file chains
mentioned in the first step but not included. It looks for required
library files (eg, libc.so) and the loaders required for them.
Finally, it notes any hard-linked files. After that, if the files all
fit, it constructs the filesystem.
<P><CODE>make_root_fs</CODE> will produce occasional messages
showing what it's doing. Any errors should be prominent. Detailed
output will go to <CODE>make_root_fs.log</CODE> in case you want
to see exactly what the program did. If this is the first time you've
run <CODE>make_root_fs</CODE> for a bootdisk, you should review
the log file. In particular, Yard includes information about the
libraries needed by your chosen files, which is worth checking.
It is especially worth checking if you run out of space.
<P>When you are satisfied with the output, proceed to the next step. You
can also chdir to the mount directory and look at the rescue
filesystem as it will exist at boot time.
<P>
<P>
<P>
<H2><A NAME="ss5.3">5.3 Checking the root filesystem</A>
</H2>
<P>
<P>At this point, run:
<BLOCKQUOTE><CODE>
<PRE>
check_root_fs
</PRE>
</CODE></BLOCKQUOTE>
<P>This checks the root filesystem for errors and omissions. It knows about
the format of inittab, fstab, passwd, pam.conf, etc., and checks them for
problems. It also checks scripts for missing interpreters, missing files,
etc. It also checks configuration of PAM and NSS, mentioned in the
previous section.
<P>Look over the warnings and go back to step 1 if necessary. The warnings
are saved on <CODE>check_root_fs.log</CODE> for later inspection.
<P>Note that you may get a lot of warnings like:
<BLOCKQUOTE><CODE>
<PRE>
Home directory of userX (...) is missing
Shell of userX (/mnt/bin/bash) doesn't exist
</PRE>
</CODE></BLOCKQUOTE>
<P>You can ignore these if you don't intend to login as userX.
<P>
<P>
<H2><A NAME="ss5.4">5.4 Creating the complete rescue disk</A>
</H2>
<P>
<P>When you're satisfied with the output from
<CODE>check_root_fs</CODE>, unmount any existing floppy in the drive,
insert a new diskette, and run:
<BLOCKQUOTE><CODE>
<PRE>
write_rescue_disk
</PRE>
</CODE></BLOCKQUOTE>
<P>This prorgam takes your kernel and the (compressed) root filesystem and
produces a rescue disk from it. <CODE>write_rescue_disk</CODE>
shouldn't produce any errors at this point unless you've exceeded the
floppy capacity after compression. The program's output is copied to
<CODE>write_rescue_disk.log</CODE>.
<P>If you've selected the disk_set=DOUBLE option, the program will
write the kernel onto the first disk, then prompt you to change disks,
after which it will write the root disk.
<P>If you've selected the disk_set=SINGLE option and your
compressed filesystem is too large to be contained on a single floppy
with the kernel, the program will offer to create a double-disk set.
<P>If your compressed filesystem is too large to be contained on a
floppy, you can try formatting your floppy at a higher density. 1440K
is the default, but higher densities are possible with many drives (I
have an old, unexceptional floppy drive and BIOS that will support
densities up to 1722K). See
<BLOCKQUOTE>
man fd
</BLOCKQUOTE>
and
<BLOCKQUOTE>
man
fdformat
</BLOCKQUOTE>
for details.
<P>
<P>
<H2><A NAME="ss5.5">5.5 Benediction</A>
</H2>
<P>
<P>You're done. Shut down your system and try to boot from the
floppy(ies).
<P>If the boot fails, see the following section on Troubleshooting.
<P>Note that when you boot the rescue disk, it will not automatically mount
any of the devices mentioned in your /etc/fstab. This is intentional:
rescue disks are often used when a hard disk is inoperational or in an
inconsistent state, so hard disks should not automatically be mounted. If
you want to mount your other devices, you'll have to do that manually.
<P>The <CODE>create_fstab</CODE> script arranges for your existing hard disk
entries to be placed under /OLDROOT so you can mount them manually.
So from the rescue disk you can type:
<P>
<BLOCKQUOTE><CODE>
<PRE>
mount /OLDROOT
</PRE>
</CODE></BLOCKQUOTE>
<P>and your hard disk partition usually mounted as root will be mounted
under OLDROOT. For example, if you want to run a bash shell under
your old root filesystem, you may simply do:
<BLOCKQUOTE><CODE>
<PRE>
mount /OLDROOT
chdir /OLDROOT ; chroot /OLDROOT bash
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>
<P>
<HR>
<A HREF="Yard_doc-6.html">Next</A>
<A HREF="Yard_doc-4.html">Previous</A>
<A HREF="Yard_doc.html#toc5">Contents</A>
</BODY>
</HTML>
|
