_________________________________________________________________________ Software Support Division subject: Single User Mini Unix(R) date: September 02, 1992 from: W. G. Simeon Org. 3B2 Systems Support Lisle IL ABSTRACT This paper is intended to be of assistance to legitimate Systems Administrators or Field Engineers. It is NOT intended to be a tutorial on how to bypass normal system security. This paper will discuss Single User Mini Unix or "Magic Mode" on the following AT&T platforms: o 3B2-300/310/400 o 3B2-500/600/700/1000 o 3B1|PC7300|UNIXPC o 6386/6486 Running Unix SVR3.*/SVR4.* On the 3B2 series, Single User Mini Unix is called "Magic Mode." On the other platforms, it does not have a name, but is functionally similar to Magic Mode. In effect, Single User Mini Unix is a bare bones Unix operating system, that enables you to mount the hard drive on a floppy or ICD1 (in __________ (R) Unix is a registered trademark of USL. 1. In Core Disk (RamDisk) Copyright c 1994 AT&T All Rights Reserved. - ii - the case of 3B2 500 and up) and make changes to the hard drive's files. The examples on the following pages will attempt to lead you through the process of booting a machine from a floppy disk or tape into Single User Mini Unix. Appendix A contains a tutorial on how to recover a forgotten root password. This is only ONE of the operations possible, but it is one that you may find useful. Copyright c 1994 AT&T All Rights Reserved. ________________________________________________________________________ Software Support Division subject: Single User Mini Unix(R) date: September 02, 1992 from: W. G. Simeon Org. 3B2 Systems Support Lisle IL TECHNICAL_MEMORANDUM 1. Single User Mini Unix on the 3B2 300/310/400 To invoke Single User Mini Unix on the 3B2 300/310/400, follow these steps. 1. Bring the machine to Firmware Mode in one of the following manners: a. If the machine is in Multi-User Mode and the root password is known, log in as root and execute 'shutdown -y -g0 -i5'. b. If the machine is in a "crashed" state (i.e. SYSTEM FAILURE...etc... displayed on console) then machine is already in Firmware mode. c. If the machine is powered on and you cannot run shutdown, hit the Standby (power) switch and allow the machine to perform it's shutdown, then follow steps in d. below. d. If the machine is powered off, power on the machine. Wait until the "SELF CHECK" has finished __________ (R) Unix is a registered trademark of USL. Copyright c 1994 AT&T All Rights Reserved. - 2 - and "DIAGNOSTICS" is displayed on the console, then press the reset button on the back of the machine. Wait for the "SYSTEM FAILURE" message to be displayed on the console. 2. After the machine is in the Firmware Mode, place the Essential_Utilities_Disk_1 2 in the floppy drive. Enter the Firmware password (usually 'mcp').3 When prompted for the file to boot, enter unix and then select the Floppy Drive (0) as the boot device. 3. When the initial menu appears, DO NOT ENTER ANY OF THE CHOICES! Instead enter magic mode and hit return. You will see the response POOF!, then get the menu again, with an additional choice of shell. Enter shell. You will see the '#' prompt. You are now in Single User Unix as the super user. 4. After getting the '#' prompt, the first thing you want to do is check the file system on the hard disk. This is done with the following command: fsck /dev/dsk/c1d0s0 5. The next task is to mount the hard disk on the floppy. The 'mount'4 command is not available, but there is an undocumented command, 'fsys' to accomplish the same thing. The command to mount the hard disk is: __________ 2. Since the boot diskette must be non-write protected, it is recommended that you use a copy of this diskette 3. The Console Terminal MUST be in Space or No parity mode in order to enter Firmware Mode. 4. On Unix SVR 3.1 and up, there are several pre-defined functions to assist in checking, mounting and unmounting the hard disk. You can see what is available by entering the command "set" at the root (#) prompt. These functions are not covered in this document as they are specific to certain versions of Unix. Copyright c 1994 AT&T All Rights Reserved. - 3 - fsys -m /install /dev/dsk/c1d0s0 This mounts the hard disk on the /install directory of the floppy. The directory /mnt may not exist on all Unix versions of the floppy, but /install does. 6. You now have all of the commands in the normal /bin and /etc directories available, however you MUST provide the complete path for each command. An example in Appendix A describes how to recover from a lost root password. 7. After completing any operations, you MUST unmount the hard disk root partition before rebooting the machine. To unmount the hard disk root partition, use the following command: fsys -u /dev/dsk/c1d0s0 8. The next step is to exit Single User Mini Unix. To do this, simply enter the exit command at the '#' prompt. You are now back at the menu. Select Quit and allow the machine to come back to Firmware mode. At the Firmware Mode prompt, enter the Firmware password, unix as the boot program and the hard drive as the boot device. Copyright c 1994 AT&T All Rights Reserved. - 4 - 2. Single User Mini Unix on the 3B2 500/600/700/1000 To invoke Single User Mini Unix on the 3B2 500/600/700/1000, follow these steps: 1. Bring the machine to Firmware Mode in one of the following manners: a. If the machine is in Multi-User Mode and the root password is known, log in as root and execute 'shutdown -y -g0 -i5'. b. If the machine is in a "crashed" state (i.e. SYSTEM FAILURE...etc... displayed on console) then machine is already in Firmware mode. c. If the machine is powered on and you cannot run shutdown, hit the Standby (power) switch and allow the machine to perform it's shutdown, then follow steps in d. below. d. If the machine is powered off, power on the machine. Wait until the "SELF CHECK" has finished and "DIAGNOSTICS" is displayed on the console, then press the reset button. Wait for the "SYSTEM FAILURE" message to be displayed on the console. 2. After the machine is in the Firmware Mode, place the Unix Distribution Tape in the Tape Drive and enter the Firmware password (usually mcp.)5 When prompted for the file to boot, enter unix and then select SCSI (1) and TAPE (1) as the boot device. 3. When the initial menu appears, DO_NOT_ENTER_ANY_OF_THE_CHOICES! Instead, enter magic mode and hit return. You will see POOF then get the menu again, with an additional choice of 'shell'. Enter shell. You will see the '#' prompt. You are now in Single User Unix as the super user. __________ 5. The Console Terminal MUST be in Space or No parity mode in order to enter Firmware Mode. Copyright c 1994 AT&T All Rights Reserved. - 5 - 4. After getting the '#' prompt, the first thing you need to to is check the hard disk file system. This is done with the following command: fsck /dev/dsk/c1t1d0s0 The special device file, /dev/dsk/c1t1d0s0 is the root file system on ALL 3B2 500/600/700/1000 type platforms, whether they are equipped with embedded scsi disk drives or an emulex controller. 5. The next task is to mount the hard disk on the ICD. The mount command is available when booting from tape, so enter the command: mount /dev/dsk/c1t1d0s0 /install The root partition is now mounted under the /install directory of the ICD, and all commands in the normal /bin and /etc directories are available, however you MUST provide the complete path for each command (i.e. /install/bin/ed /install/etc/passwd to edit the password file.) You may use the examples in Appendix A as a guide for operations on the 3B2 500/600/700/1000. 6. After completing any operations, you MUST unmount the hard disk root partition before rebooting the machine. To unmount the hard disk root partition, use the following command: umount /dev/dsk/c1t1d0s0 7. The next step is to exit Single User Mini Unix. To do this, simply enter the exit command at the '#' prompt. You are now back at the menu. Select Quit and allow the machine to power down. After it has powered down, simply turn it back on and allow it to boot normally. Copyright c 1994 AT&T All Rights Reserved. - 6 - 3. Single User Mini Unix on the PC7300|3B1|UNIXPC To invoke Single User Mini Unix in a usable manner on the PC7300|3B1|UNIXPC you will need the following: 1. Foundation Disk 2 Floppy_Boot_Disk 2. A non-write protected copy of Foundation Disk 3 Floppy_File_System To invoke Single User Unix perform the following: 1. Bring the machine to the Reboot_State by: a. Running Shutdown (preferred method!) Any user can run shutdown from his office window, by hitting the Cmd key (located on the upper right hand side of the keyboard) and selecting the Shutdown object in the displayed menu. Next, place the Floppy_Boot_Disk in the floppy drive and hit Return to reboot the machine. b. Placing the Floppy_Boot_Disk in the floppy drive and pressing the reset button on the back of the machine. 2. When prompted, place the non-write protected copy of the Floppy_File_System diskette in the drive and hit return. 3. Answer no to all questions asked, ESPECIALLY THE LAST ONE! 4. The machine will respond with a '#' root prompt. You are now in single user Unix with root permissions. 5. The fsck command is not provided on the Floppy File_System diskette, however the hard drive should already be mounted. You may check this for fact by entering the following command: mount The machine should respond with the following: /mnt on /dev/fp002 read/write on (date) Copyright c 1994 AT&T All Rights Reserved. - 7 - If the hard drive is not mounted, mount it with the following command: mount /dev/fp002 /mnt (The install directory is not available on the Floppy_File_System diskette, but the mnt directory is!) 6. The ENTIRE hard drive is now accessible to you, as the PC7300|3B1|UNIXPC normally has only one file system. All normal commands are accessible to you including all commands in /bin /etc and /usr/bin, but not all commands will work. (vi and some other commands depend on other files which they will not be able to find.) Commands MUST be preceded by their full path name (i.e. /mnt/bin/ed.) You may use the examples provided in Appendix A as a guide to the PC7300|3B1|UNIXPC, remembering to replace each instance of install in the example with mnt. 7. After completing any operations, you MUST unmount the hard disk root partition before rebooting the machine. To unmount the hard disk root partition, use the following command: umount /dev/dsk/fp002 8. The next step is to exit Single User Mini Unix. To do this, simply press the hardware reset button at the back of the machine. DO NOT REMOVE THE FLOPPY UNTIL THE MACHINE HAS BEEN RESET! Copyright c 1994 AT&T All Rights Reserved. - 8 - 4. Single User Mini UNIX for 6386/6486 running SysV/X86 To invoke Single User Unix on the 6386/64866 running SysV/X86_Rel_3* or SysV/X86_Rel_4* perform the following steps: 1. Locate the first diskette of the UNIX_SYSTEM_SOFTWARE shipped with the machine. For SysV/X86 Rel 3.* this would be the Base_System_ Package Disk 1. For SysV/X86 Rel 4.* this MAY be labeled SCSI_Boot_Disk_1 or ESDI_Boot_Disk_1. 2. If the machine is up and running, have any users log off. 3. Login as root or install (if you can) and perform a shutdown using the following command: shutdown -y -g0 -i0 If you can not login with an id capable of performing a shutdown, try to unmount any of the user file systems. Again you must have a login that has permission to perform this function. 4. Put the first diskette of the Unix_System_Software into the floppy drive and push the reset button. 5. The machine will reboot from the floppy diskette. - If you are booting Unix SysV/X86 Rel 4.*, you will be prompted for the second boot disk. Place it in the drive and hit return when prompted. The machine will eventually prompt you with a message asking if you wish to install UNIX on the Hard Drive. (The exact message depends on the Release of Unix you are using.) __________ 6. Information on Single User Mini UNIX for the 6386 was provided by Edward M. Flanagan, Technical Mgr. CS/TS Copyright c 1994 AT&T All Rights Reserved. - 9 - At this point, press the DELETE key (on the numeric pad... the other DELETE does not function.) You should get the '#' prompt. 6. You are now running UNIX on the FLOPPY (DO NOT REMOVE THE FLOPPY UNTIL THE END OF THIS PROCEDURE!) 7. After getting the '#' prompt, the next thing you want to do is to check the hard disk file systems. This is done with the following command under SysV/X86 Rel 3.*: /etc/fsck /dev/dsk/0s0 It is accomplished with one of the following commands under SysV/X86 Rel 4.*. If you are running the ESDI version of SysV/X86 Rel 4.* the command is: /etc/fsck /dev/dsk/0s1 If you are running the SCSI version of SysV/X86 Rel 4.* the command is: /etc/fsck /dev/dsk/c0t1d0s1 8. The next step is to mount the hard disk on the floppy. To do this use the following command under SysV/X86 Rel 3.*: /etc/mount /dev/dsk/0s0 /mnt Use one of the following commands for SysV/X86 Rel 4.*. For the ESDI version, use: /etc/mount /dev/dsk/0s1 /mnt and for the SCSI version, use: /etc/mount /dev/dsk/c0t1d0s1 /mnt The machine should respond with: Warning: mounted as /mnt The exact wording will vary with the release of Unix. Copyright c 1994 AT&T All Rights Reserved. - 10 - 9. You now have access to all the commands found in the normal /bin and /etc directories, but remember that all commands MUST be preceded by the complete path name. (i.e. /mnt/bin/ed) You may use the examples in Appendix A as a guide to operations on the 6386/6486 remembering to replace all instances of /install with /mnt. 10. After completing any operations, you MUST unmount the hard disk root partition before rebooting the machine. To unmount the hard disk root partition, use the following command under SysV/X86 Rel 3.*: umount /dev/dsk/0s1 To unmount the hard disk root partition under SysV/X86 Rel 4.* use one of the following commands: For the ESDI version, use umount /dev/dsk/0s1 And for the SCSI version, use umount /dev/dsk/c0t1d0s1 11. Verity that the command worked by entering the command: mount You should only get the '#' prompt back. 12. Press the reset button, REMOVE THE FLOPPY DISK and let the machine come back up. Copyright c 1994 AT&T All Rights Reserved. - 11 - 5. Appendix A 5.1 Replacing a lost or forgotten root password The following example will lead you through replacing a lost or forgotten root password. Conventions used in the example are: o Underlined words are CRT or Terminal output o Bold words are to be entered as they appear. o Words in parenthesis are comments. This example assumes that Single User Mini Unix is in effect and that the root partition of the hard drive has been mounted under the /install directory. Copyright c 1994 AT&T All Rights Reserved. - 12 - # /install/bin/ed /install/etc/passwd nnnn (the number of bytes in the password file) 1 (go to line 1) root:.DykqAdI3derg:0:1:0000-Admin(0000):/: (the root password entry) or root:x:0:1:0000-Admin(0000):/: (Indicates use of the /etc/shadow file) .t. (twin the current line) root:.DykqAdI3derg:0:1:0000-Admin(0000):/: (the twined password entry) s/:.............:/:: (13 dots) (remove the password from the twined entry) or s/:x:/:: (If /etc/shadow file used) root::0:1:0000-Admin(0000):/: (the entry with the password removed) s/root/toor (rename the twined entry toor) toor::0:1:0000-Admin(0000):/: (the new entry) w (write the changed file back to hard disk) nnnn (the number of bytes written q (exit ed) After the modifications to /etc/passwd or /etc/shadow have been made, you MUST unmount the hard disk root partition before rebooting the machine! 5.2 Setting inittab to boot to single user mode The following example will lead you through changing /etc/inittab to allow booting the machine into single user mode, instead of multi- user mode. o Underlined words are CRT or Terminal output o Bold words are to be entered as they appear. Copyright c 1994 AT&T All Rights Reserved. - 13 - o Words in parenthesis are comments. This example assumes that Single User Mini Unix is in effect and that the root partition of the hard drive has been mounted under the /install directory. # /install/bin/ed /install/etc/inittab nnnn (the number of bytes in the /etc/inittab file) 1 (go to the 1st line of the file) zu::sysinit:/etc/bzapunix /dev/console 2>&1 (the first line of inittab) /^is:/ (search for a line beginning with is:) is:2:initdefault: (the line showing the default init state) (The above line may be set to 3 for the default init state. In this case substitute 3 for 2 in the following line) s/2/S (Change 2 to S to boot up in single user mode) is:S:initdefault: (the changed line) w (write the file) nnnn (the number of bytes written to /etc/inittab) q (quit the file) After the modifications to /etc/inittab have been made, you MUST unmount the hard disk root partition before rebooting the machine! 5.3 Using chroot in Mini Unix The "chroot" command changes the root directory for one command listed on the command line for chroot. This allows you to change the root directory for an invocation of shell, and work as if /install were actually root. This allows commands such as pg, vi etc. to work correctly. The following will lead you through executing the chroot command and mounting all file systems. One use of this would be to either backup or restore files from magic mode using the tape drive on a system running SysV/X86 Rel 3.2 or 4.0 or on Copyright c 1994 AT&T All Rights Reserved. - 14 - a version 3 3B2 (3B2 500 and up) running SysV Rel 3.1.1 or higher. o Underlined words are CRT or Terminal output o Bold words are to be entered as they appear. o Words in parenthesis are comments. # chroot /install /bin/sh (execute the chroot command) # /etc/mountall (Mount all file systems) # PATH=/bin:/etc:/usr/bin: # export PATH At this point you may execute most normal commands. Some exceptions are any commands involving the floppy drive, if on a 3B2 Version 2 machine (3B2 300/310/400), or the tape drive on any 3B2. Use of the tape drive on Version 3 machines is covered in the next example. NOTICE: You MUST unmount the file systems before exiting the chroot shell by issuing the /etc/umountall command, and you MUST umount root partition before rebooting the machine! 5.4 Backing up or Restoring Files from Mini Unix To backup or restore files on SysV/X86 Rel 3.2 or 4.0 you need only use the normal device names for the tape drive in /dev/rmt. (i.e. /dev/rmt/c0s0 on an ESDI based system or /dev/rmt/c0t2d0s(0,1 or 2) on a SCSI based system. The following examples may be used on SysV/X86 systems by omitting the steps for building the special nodes, and substituting the normal device names for the special names. To accomplish this on a Release 3 3B2, you must build special device nodes to access the tape. There are two special device nodes required on a Release 3 3B2. These are major 1 minor 16 for a device to advance the tape to the next file and major 122 minor 0 for a device to read or write the tape. The following examples will lead you through restoring one file (such as filledt) from the Unix Operating System Utilities tape, and backing up an entire system from magic mode. Copyright c 1994 AT&T All Rights Reserved. - 15 - 5.4.1 Restoring a Single File on a 3B2 Version 3 System o Underlined words are CRT or Terminal output o Bold words are to be entered as they appear. o Words in parenthesis are comments. o Words enclosed in <> are control characters i.e. indicates a carriage return. This example assumes that Single User Mini Unix is in effect, that the root partition of the hard drive has been mounted under the /install directory, and that the Operating System Utilities tape has NOT been removed from the tape drive. # mknod tapedev c 1 16 (Make the "control node") # mknod Tape c 122 0 (Make the tape node) # /rstbin/tcset tapedev (Advance the tape to the next file mark) # cd /install (change to the hard drive mount point) # cpio -icvdumB -I/Tape 'filledt' (Restore the file) #_filledt (the restored file) (Cancel the rest of the restore) # cd / # sync;sync;sync (Update the superblock on the hard drive) # umount /install (Unmount the hard drive) NOTICE: You MUST unmount the hard disk root partition before rebooting the machine! 5.4.2 Doing a Complete Backup on a 3B2 Version 3 System o Underlined words are CRT or Terminal output o Bold words are to be entered as they appear. Copyright c 1994 AT&T All Rights Reserved. - 16 - o Words in parenthesis are comments. o Words enclosed in <> are control characters i.e. indicates a carriage return. This example assumes that Single User Mini Unix is in effect, that the root partition of the hard drive has been mounted under the /install directory, and that the Operating System Utilities tape has NOT been removed from the tape drive. # chroot /install /bin/sh (execute the chroot command) # mknod /tmp/Tape c 122 0 (make the restore tape node) # /etc/mountall (mount all file systems) # PATH=/bin:/usr/bin:/etc: # export PATH (set and export PATH) # find . -print | cpio -ocvB -O/tmp/Tape (Do the Backup) nnnn (The number of blocks written) # rm /tmp/Tape (remove the tape node) # /etc/umountall (Unmount all file systems) # exit (Exit the shell. Root is now returned to /) # umount /install (Unmount the hard drive) NOTICE: You MUST unmount the hard disk root partition before rebooting the machine! This is only one example of a cpio command. Any cpio command, either input or output can be done. Copyright c 1994 AT&T All Rights Reserved.