|
|
| February 2001 | Get BSD | New to BSD? | Search BSD | Submit News | FAQ | Contact Us | Join Us |
|
With the February, '01 issue of the ``Help, I've Fallen'' column, we have several more of the frequently asked questions in BSD-land and our best answers. We begin the new century with a reprised question from the very first column in September, '98, touch upon some Linux and BSD comparisons, and discuss a safe way to experiment with any of your configuration files.
This issue, we're experimenting with linking to online manual pages. Manual pages give you far more detailed information that what we present here. In order to be "variantly-correct", links to the three major BSD variants' man pages, where available, are given in a form like this:
ls[fno]
The superscripted letters in brackets indicate FreeBSD, NetBSD, and OpenBSD. Send some feedback to me (David Leonard) if you like this or not.
Enjoy!
(Reprise from the September, 1998 issue. --Things have changed a wee bit for the latest FreeBSD release.)
In the future you might consider using sudo[o]. It allows you to avoid ever needing to login as root, which is a dangerous thing to do on a regular basis, anyway.
However, if you can't even login as anything, or if the computer is seriously sick, you will need to boot the system in single-user mode. This is like logging in as root without a password, and is done before the system has started up any standard services.
Once you're in as root, you can set a new root password with the passwd[fno] command. Running as root, passwd doesn't ask for the old password.
If you have physical access to the console, when BSD Unix boots, it often gives you an opportunity (through the console) to select either single-user or, the more "normal" multi-user mode.
How this is selected depends on what kind of computer you have and on what particular variant of BSD you are using. Sometimes it is chosen through a graphical checkbox (as with NetBSD/mac68k) or by the presence or absence of some flag passed to the kernel by the boot loader program.
For example, pmax and alpha need an 'a' flag (for "automatic") to tell the kernel to go multi-user; omitting it gets you single-user. Sparc and i386 need '-s' to tell the kernel to go single-user; omitting that gets you multi-user!
Once in single-user mode, you will probably be working in an alien system environment: the filesystems may not be clean, some may not be mounted; network programs will not work, and visual editors will not know about the console. This is the system at its rawest! To change the password you will, at the very least, need the root filesystem to be clean and mounted read-write.
Follows are specific instructions for each BSD variant on how to boot into single user and change a password; we assume that the machine has not been shut down "cleanly" (i.e. you hit the power switch!)
To boot to single-user mode in FreeBSD:
Reboot the system. You will see something like:
F1 FreeBSD F2 FreeBSD F3 FreeBSD F4 FreeBSD ... DDefault: F1
A lone hypen (-)
will appear for about two seconds. When you see that hypen, type
the two characters ``-s''. The boot process will stop and you will see:
>> FreeBSD/i386 BOOT boot: -s
Note that this should appear before the boot messages
that look like this:
>> FreeBSD/i386 bootstrap loader
You will shortly see some more boot messages and eventually:
Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [kernel] in 9 seconds...
Quickly, type a carriage-return (Enter key) to enter into single-user mode. After messages from the booting OS you will see:
Enter full pathname of shell or RETURN for /bin/sh:
Type another carriage-return, and then enter the following commands, some
of which may take a while to complete:
# fsck -p # mount -u / # passwd
These check the root (/) and usr (/usr) file systems and re-mounts / read-write. You can now simply type:
# passwd
and change the root password to whatever you'd like.
To bring the computer back into multi-user mode, just type:
# exit
boot> -sAfter a while, you'll see:
Enter pathname of shell or RETURN for /bin/sh:Press enter and run the following commands:
# fsck -p # mount -u / # passwd(Set your new root password)
# exit
Enter pathname of shell or RETURN for /bin/sh:Press enter and run the following commands:
# fsck -p # mount -u / # passwd(Set your new root password)
# exit
>>printenv boot boot=3/rz1/bsd -aBoot from that device, but omit the ``-a'':
>>boot 3/rz1/bsdAfter a while you'll see:
Enter pathname of shell or RETURN for /bin/sh:Press enter and run the following commands:
# fsck -p # mount -u / # passwd(Set your new root password)
# exit
Type b (boot), c (continue), or n (new command mode) >nAt the 'ok' prompt, boot with the ``-s'' flag:
ok boot -sAfter a while you'll see:
Enter pathname of shell or RETURN for /bin/sh:Press enter and run the following commands:
# fsck -p # mount -u / # passwd(Set your new root password)
# exit
>>>boot -flags ""After a while you'll see:
Enter pathname of shell or RETURN for /bin/sh:Press enter and run the following commands:
# fsck -p # mount -u / # passwd(Set your new root password)
# exit
Of course you may have to boot to single-user mode for
reasons other than having forgotten your root password.
For example, if you accidently hose something in /etc/ttys
and have a getty trying to spawn (and respawn, in an
infinite loop) you may be prevented from logging in as root
in multi-user mode.
A) The flags to "ps" vary on different operating systems. In general, the capabilities of "ps" are the same, but it may take a while to get used to the differences in the flags.
ps ax shows all processes
ps a shows all processes which are not daemons
ps shows all your processes which are not daemons
More information can be found by checking the manual pages.
You may care to compare the manual page for
ps[fno]
with Linux's documentation for ps(1) (not online).
A) There are any number of methods. One, in the OpenBSD system, is the zap program port.
NetBSD includes a killall program in the sysutils/psmisc-19 package.
FreeBSD includes a version of killall. FreeBSD also offers a port of
the Linux pstree, killall, and pidof commands. -- Note that this
port
(psmisc),
in /usr/ports/sysutils/psmisc, does not include the Linux fuser
command.
A related utility is `skill' that sends signals to processes given any combination of user names, ttys, commands, and pids. 'skill' is available in the FreeBSD ports system, and the NetBSD package system.
The more general approach, of course, is to look for your process with:
# ps -ax | egrep -w process-nameand kill each process by its process ID number, manually.
Finally, if you really want to kill all processes, use
shutdown[fno],
like this:
# shutdown now
without additional arguments. It will `nicely' kill all processes then bring
the system into single user mode. Typing exit or a control-D
in single-user mode brings
the system back to multi-user mode; and all without a reboot!
A) Sometimes the important config files are already backed up, nightly, in /var/backups. Have a look there first; it may be sufficient for what you need.
A more manual way to try out different configurations is to
make copies of each configuration file, before editing. i.e.:
# cp config-file config-file.old
and
# cp config-file config-file.new
Then you can edit config-file.new. For example:
# cp inetd.conf inetd.conf.old # cp inetd.conf inetd.conf.new
When you're ready to commit your changes you can
# rm inetd.conf && cp inetd.conf.new inetd.conf # ps -ax | egrep inetd # kill -HUP process-ID-of-inetd
If you want to have a record of your modifications to any configuration file, the RCS tools shine. For /etc/inetd.conf and other configuration files in /etc, do the following as root:
# cd /etc
# mkdir RCS
# ci inetd.conf
> saving original inetd.conf config file.
> .
# co -l inetd.conf
Then you can edit inetd.conf as you wish knowing that if you make a
mistake, you can go back by checking out an earlier version--even the
original version--of the file. By using the
rcsdiff[fno]
utility, you can
see the historical differences that you have made over time.
(Just imagine all the fun you can have some future late evening pouring over the history of all your changes over the years.... Oh, wow.)
However you want to play around, be sure you make at least one copy of the original file and know where it is!
(See the manual pages on ci[fno] and co[fno] for more information on what is going on).
A) Replace all "/usr/libexec/daemon-name"
with "/usr/libexec/tcpd" and
then if daemon-name is not found in /usr/libexec,
change it to a full pathname.
Example:
login stream tcp nowait root /usr/libexec/rlogind rlogind kx stream tcp nowait root /usr/X11R6/bin/kxd kxdbecomes
login stream tcp nowait root /usr/libexec/tcpd rlogind kx stream tcp nowait root /usr/libexec/tcpd /usr/X11R6/bin/ kxd
Note that not all services (notably ntalkd and rpc.*) are compatible with tcp wrappers.
When you make this change,
inetd[fno]
will start
tcpd[o]
rather than starting
the daemon directly. tcpd will check the hosts.allow and
hosts.deny
files, and manage access accordingly.
A) These files are in /usr/share/skel
for FreeBSD, NetBSD, and OpenBSD.
Gary Kline has been porting code since the late 1970's. When he isn't hacking code, he's hacking prose or pretend poetry, or listening to jazz radio and slurping down espresso.
For four years he has been writing the software equivalent of a mind-machine, dubbed Muuz, and has already released some alpha code for FreeBSD. Check the FreeBSD ports tree if you are interested. A new release in due in the first quarter of the new century...with luck!
http://muuz.deadbbs.com will have the documentation and source under CVS.
David Leonard is a PhD student in the Department of Computer Science and Electrical Engineering at the University of Queensland, Brisbane, Australia.
His area of research is QoS-adaptive component software architectures, and in his spare time is a developer for the OpenBSD project. That said, David enjoys living the quiet life with his wife, Kylie and cat, Mu. He especially enjoys frequenting Moreton Bay's many fabulous places to eat. Mmmmm!
Dirk Myers does things with words, perl, and Unix.
[mail]