minix/commands/de/README

157 lines
6.1 KiB
Text
Raw Normal View History

2005-04-21 16:53:53 +02:00
de - A Minix Disk Editor
Terrence W. Holm, Jan. 1989
INTRODUCTION
The de(1) disk editor allows a system administrator to
look at and modify a Minix file system device. Commands
allow movement throughout a file system device, displaying
information in a couple of formats, writing blocks from
the device onto another file, and rewriting words on the
disk.
A few changes to the Minix file system aid recovering files.
I-node numbers are retained in directory entries now (they
get moved to the end). And all the i-node information is not
zeroed-out when a file is unlinked. So, after a file is
accidently rm(1)'ed, you can find the old i-node, and then
manually (or automatically) go to each of the freed blocks
and write them to a new file.
USES FOR THE DISK EDITOR
1) EDUCATION. Students can look at a file system in
a painless manner. For example you don't have to
use od(1) to look at the zone numbers in i-nodes.
A simple assignment is to change the size of an un-mounted
floppy disk file system from 360 to 300 blocks. (A more
difficult assignment is to explain why this works, even
though fsck(1) and df(1) do not report the correct number
of free blocks. :-)
2) ADMINISTRATION. You can visually check inconsistencies
reported by fsck(1) before letting fsck(1) fix them.
You can change any word on the disk, this greatly simplifies
editing file system information. For example, changing the
size of a block special device is actually fun, no more
"blind" writing to your partitions.
Bit maps can be displayed with 2048 "bits" per screen,
(on the IBM/PC console), see how your zones are allocated!
3) RECOVERING LOST FILES. You can search a disk for an ASCII
string, once found, the block can be written out to a file.
A one line change to fs/path.c allows users to get the i-node
number for a file after it has been removed from a directory.
Another couple lines changed in the file system keep the
i-node information available until the i-node is reused
(normally this information is zeroed out when an i-node is
released.) This allows a de(1) user to go to a released
i-node, get all the block numbers, go to these blocks and
write them back to a new file.
The whole recovery process is automated by running "de -r file".
So, IF a file is unlink(2)'ed (eg. "rm file"), AND IF no one
allocates a new i-node or block in the mean-time, THEN you
can recover the file.
RECOVERY SECURITY
Normally Minix hard disk partitions are r/w only by the super-user,
and floppy disks are r/w by anyone. This means that only "root"
can look at hard disk partitions, but others can use de(1) to play
with their floppy disks.
When recovering files ("de -r file"), a user requires access to
the major file system partitions. This can be done by:
(a) Give everyone access to the hard disks. DON'T DO THIS, it
defeats all the file system protection we already have.
(b) Make de(1) set-uid "root". This is the way to go, IF you
are running a Minix system that has NO ACCESS from the
outside. This allows anyone to execute "de -r file", but only
root to use "de /dev/hd3". De(1) does some checking when
retrieving lost blocks, eg. making sure they really are
free blocks and making sure the user owned the i-node.
BUT, file system information has been lost when the file
was unlink(2)'ed, so de(1) can not be 100% sure that a
recovered block really belonged to the user. THIS IS A
SECURITY HOLE. [Since the only access to my machine is from
observable terminals and their associated humans, I run
de(1) as set-uid root.]
(c) Keep the disks rw-------, and don't set-uid de(1). This
means that only the super-user can recover lost files.
So, if you accidently "rm", you must tell the system
administrator to "su" and recover your file, (be sure to
inform the other users to stop whatever they are doing
until the file is restored).
INSTALLATION
- Install de.1 in /usr/man/cat1.
- Install the files: Makefile, README, de.h, de.c, de_stdin.c,
de_stdout.c, de_diskio.c and de_recover.c in commands/de.
Add -F and -T. to the Makefile, if necessary.
- "make" de(1). If a header file is not found, don't worry:
You probably have it somewhere, just link it to what de(1)
is looking for. This program also requires the subroutine
tolower(3), see EFTH MINIX report #50, if you don't have it.
- Do you really want set-uid root on de?
- Patch the files fs/path.c, fs/link.c and fs/open.c. If
you don't patch the file system then the recover option
"-r" and associated commands ('x' and 'X') will not work,
but de(1) is still functional and useful.
- "make" a new fs, using -DRECOVER. Rebuild a boot diskette.
USING DE(1) FOR THE FIRST TIME
De(1) starts up in "word" mode at block 0 of the specified
device. Hit the PGDN (or space bar) a few times, observing
all the information on the screen. Each PGUP/PGDN moves to
the next 1024 byte block, (de(1) only knows about 1 block per
zone file systems). Note that "word" mode only displays 32
bytes at a time, so you are only observing the first 32 bytes
in the first few blocks when you skip using PGDN.
Now go back to block 3, (zone bit map), using "g 3 ENTER".
Change to "map" mode "v m", and then use the down arrow key
to check each 2 Megs in the zone bit map.
Now change to "block" mode using "v b". And go to some data
block, eg. "g 1000 ENTER". Use PGUP/PGDN to see what data
is in each nearby block.
Remember 'h' gives you a help page.
Try some more commands, for example: 'END', 'I', '/'.
(Note: searching through a whole disk under Minix takes a
long time: 30-60 seconds per megabyte, depending on your
machine, drive and controller, [Minix is embarrassingly slow].)
Don't worry about looking at a mounted device, you must specify
the "-w" option before the 's' command is operational, and
this command is the only one which will try to modify the
contents of the device.
MINIX-ST
Please contact me if you are interesting in attempting a port
to MINIX-ST.