|
I just nuked /etc
OK, OK, I was doing something a little too quickly....
Do you ever get that feeling when the blood just drains out of your face? Yep. That one. Here's what happened. I'm working in a heterogeneous Windows/Linux networked environment. I've had a linux server with Samba loaded on it for quite a while, everything up and running fine, RH 8.0. Today, I wanted to backup some critical directories onto one of the W2K boxes, the sysadmin gave me a spot, I got hooked up to the shares with smbmount, setup on /mnt/halbackup. I started working with cpio, to copy the major user directories over to the W2K box, which worked fine. Logged in as root, got everything over there OK. Well, I figured I ought to copy /etc over there as well, issuing the following command: Quote:
So, I switched directories over to /mnt/halbackup/etc (I made sure I was in the backup location on the W2K box), and did and rm, a big one. I figured I would clear it out, and then re-run the script, recopying /etc back to the W2K box, and all the backups run over there would have my /etc nice and cozy on their global backup. And then it happened. I tried to cd to /etc, and there was no such directory. I tried to su, and there was no root user. I think that little -dereference flag to the cpio command somehow got me back to nuking the original /etc directory on my linux box! :cry: :cry: Can somebody help me? My machine is still alive, but I'm afraid to touch it, can't reboot it, can't login......help!!!!! |
Copy /etc from any other Linux machine you can find. The most important files are /etc/passwd and /etc/shadow.
|
Can I do this from the original system disks?
Thanks for your reply. I think I've got a bit of a chicken and egg problem. I don't have the permissions to copy into /etc (or create /etc), because there is no /etc/passwd.
Is it possible to boot from the system CD, recover a vanilla /etc, and setup a new root? I don't want to touch the rest of the disk, just get /etc back, with a root that will help me clean up the mess I've made. Thanks. |
I found a linux bootfloppy
Hi folks,
I found the boot floppy, and restarted linux Quote:
|
I think you need to boot with a system that can work on it's own eg Knoppix, or any other live distribution. There are some for floppys to. Check if they have support for your filesystems otherwise there's no much use of 'em ;)
|
I agree, Knoppix should be very good. One of the reasons is that it has its own /etc.
|
Thanks, dr_van_nostrand,
Unfortunately, I don't have access to Knoppix. I was hoping to be able to boot off the linux boot floppy, get in with root, and be able to create and populate /etc from the boot floppy. The problem is, I think it's looking for /etc on the hard drive in order to boot completely. Chickens and eggs chasing one another around.... Anybody know how I can get this to boot from the floppy, and recover /etc? (RH 8.0). If not, is it possible to do the same thing if I had the system CDs? TIA, Charlie |
welp, i don't know, but i think i'm takin a stab in the dark, but --
do you happen to have a linux cd that's bootable? or the recovery floppy that you can make during install?? I actually have a recovery cd that i got somewhere that has helped me out before... but usually if i hose my installation, i just blow the thing away and start over.. then copy all my other junk on there.... lol hmm.. the more i think about it tho, i think that both of those just "boot" the machine and then turn it over to the hard drive.. damn -- i'll check into that when i get to the house.. |
I'm home now too...
I would really appreciate any help. I brought the wounded machine home with me to my home network, where I have another working Linux machine (6.2), that I can hook it up to if that will help. I also have the boot CDs for 8.0 that the machine was originally built with.
I just don't know how I'm going to get at the drive when there's no passwd file to validate permissions, etc. Any help would be greatly appreciated. I have a bunch of really important stuff on this drive, that at a minimum, I need to find some way to get off of there. If I have to rebuild the box after that, well, that's the price of blowing your foot off. I need to get that other data off of there though. Any help would be hugely appreciated. Charlie |
I'll check it out when i go home in about 3 hours.
Don't feel bad, i've shot my own foot off many a time! I have learned.. SLOW DOWN AND READ IT 30 TIMES BEFORE YOU SMACK ENTER. ESPECIALLY AS ROOT!!!!!!!!!!! :) |
OK, I'm in with the rescue disk...
I booted into "linux rescue" mode from the RH 8.0 CD, and I'm in.
Of course, there's no /etc/fstab for the system to look at, so fsck complain that it's not there. Soooo.....Is there some magic way of mounting the physical drive to a file system without /etc/fstab? The one where I need to create /etc? Anybody have any ideas on what to do next? Charlie |
AFAIK, when you log in as root from a recovery disk, you completely blow by Linux's security measures. You can do anything you want to the box. At least, I can mount my Debian partitions and do whatever the hell I want to them from Slack. And vice versa - I switched my entire /tmp and /var partitions around in Slack from Debian. Dealing with /etc or /home should be no more difficult.
|
well, at least you are one step closer... :P
I will have to check my notes, and i will post what I got here in about 3 hours... I could have wrote a damn book by now with all my linux notes... :P |
...I know, I'm a wimp, but it's been a long day, and I may be in bed in 3 hours (US EST).
But that doesn't mean I'm not interested! I will check in in the morning. I realize this is time to tread very carefullly, and I'm not sure exactly which steps I should be taking. TIA for your help. I really appreciate it. Charlie |
yeah i get outta here @ 12 -- takes me bout 45 mins to get to the hizzouse... I'm in eastern tooo
|
My favorite rescue disk is Tom's Root/Boot. You can use it to boot up your 'broken' machine, then just mount the partition where you used to have /etc.
mount /dev/hdX# /mnt Set up your 'good' machine to allow ftp logins, then copy the 'good' /etc directory to the ftp root folder. You can then use wget on your broken machine (it's included on Tom's rt/bt) to copy the /etc directory from your 'good' machine to your 'broken' machine. Hopefully the configuration of your 'good' machine is similar enough to get you up and running. You'll have to edit /etc/fstab and /etc/lilo.conf, probably some other files as well. You may also have to chmod to change some permissions. Then you can use chroot to change your root password and to run lilo. Run 'man chroot' in Tom's for more info. Another option is to physically pull the hard drive from your 'broken' machine, install it in your 'good' machine, boot up, mount the /etc-less hard drive, and copy whatever data you need to the 'good' machine. And, while you have the hard drive mounted in your 'good' computer, you could pretty easily just copy the /etc directory over. Enjoy! --- Cerbere |
Can I do it with the RH 8.0 CD?
I've got the CD here, I've got it booted (linux rescue mode), with a command prompt.
However, when I issue the command Code:
mount /dev/hdaX /mntHow do I mount one of the drives so I can look at it, and write to it, without losing my path back to the code on the original CD? TIA, :study:Charlie Peppler:study: |
We can rebuild him...
OK, making progress now, still need help.
I've been able to mount the drive, now on /mnt/tmp, and I've been able to create the etc directory, and I can write to it. Now, what do I put in it? What are the critical files? I know passwd is key, perhaps I start with figuring out how to build that....any other next steps are welcome.... At least cheer for me! Charlie (still studying and trying to fix the problem) :study: |
>any other next steps are welcome....
... reinstall the initscripts pkg from the distro's install CD, that would take care of the most vital part ...iianm. |
OK, continuing to make progress..
After much hand writing of files, I now have the machine booting, and getting me to a login prompt.
I have a plain vanilla passwd file, with one line: root::0:0:root:/:/bin/bash When I type in "root" at the login prompt, and press return, it just gives me the login prompt again. I'm so close! I just need to get the files off of this box, and want to get the networking going, so I can FTP stuff off of it. Charlie |
>root::0:0:root:/:/bin/bash
I think the first dir in that line is the user's $HOME, so it should read, root::0:0:root:/root:/bin/bash |
Thanks, tried it, didn't help, how about setting up networking from rescue disk?
Thanks, UnTamed,
I tried what you recommended, with no effect. I do have /etc/securetty setup. I've converted over to shadow passwd with the Code:
pwconvI had to manually go out and find which of the partitions went into which locations in the file system (/var, /usr, /), peeking, and poking as I went, finally getting fstab rebuilt. I manually rebuilt inittab (following a model from another RH 6.2 Linux box). I manually rebuilt what looked like critical parts of /etc/rc.d/rc.sysinit I stopped short of manually recreating all of /etc/rc.d/ Man, this is getting depressing. I've been working at it all day. I have access to all of the disk now, it's just getting the darned configuration files setup properly. I know more now about the Linux startup procedure than I ever wanted to know! Would it be possible to setup networking using the rescue disk? :scratch: |
Quote:
|
Thanks Mara
Just an update. I finally got /etc patched up enough to get the data off of it, and reinstalled RH linux. Now I have a problem with an intel 845 graphics chipset, with X crashing. Good grief.
Charlie |
Hi,
Just a thought. Can you remove the hard drive from the "wounded machine" set it up in another linux machine as a slave drive. Boot the "host machine as per normal and mount the "wounded" drive (/mnt/linux_hospital?) then using the root of the healthy machine, copy it's /etc dir over and edit anything else you need to do? regards Mick |
Hey Mick,
This thread is over three months old, so I think Charlie's OK. And BTW, that solution is what I suggested in post #16 of this thread, so my opinion would be, "Yes, you can!" Enjoy! --- Cerbere |
Hi folks,
I'm sitting here with the (mostly) working machine next to me. It was about a two day process, with the wounded machine next to a healthy one, using the rescue disk to boot the wounded one, and then copying files onto it (using the floppy disk) from the healthy one, until I got networking going well enough to copy the critical application and data files off of it. Then I wiped the machine and rebuilt it, and put stuff back onto it. My only frustration was the fact that the graphics chip (I forget the model) was not supported by the most recent version of x86 (shipped with RHEL-3), so I still haven't been able to get X running on it, and it's not worth the pain to go scrambling for, since I use it entirely for Apache/fileserving/MySQL stuff. Moral of the story? Drop a safe on your toe, but don't nuke /etc. It's way more painful ;-) Charlie |
I've accidently deleted a whole hard drive(80 gig) of pirated media(and a few legit files). moral of my story, don't mount things in / and then accidently unzip something in there and delete all the non system folders.....
|
Maybe it is good to know that there are undelete tools for ext2 and maybe for others filesystems too. I myself have not used any of these tools so i can't recommend any.
|
| All times are GMT -5. The time now is 11:41 PM. |