Creating a Dedicated
Knoppix Partition
Copyright (C) 2006 by Steve
Litt
[ Linux
Library | Knoppix
Knowhow | Troubleshooters.Com
| Email Steve Litt | Copyright Notice ]
Contents:
Disclaimer
Obviously, you use this document at your own risk. I am not responsible
for any damage or injury caused by your use of this document, or caused
by errors and/or omissions in this document. If that's not acceptable
to
you, you may not use this document. By using this document you are
accepting this disclaimer.
The Case for the Knoppix Partition
Hard disks are regularly separated from their computers. Perhaps a hard
disk is replaced, and is now lying around. Or perhaps it's replaced and
then you find a need to copy its data.
In such a case you have several alternatives. You can plug it into a
spare port of an existing computer. But in doing so, you need that
computer's existing operating system to read the disk, meaning you must
temporarily modify that operating system just to accommodate the new
disk, and remember to undo the modifications after removing the disk.
If you're like me, you don't want to do that.
One way to get away from changing the host computer is to boot a
Knoppix CD after plugging in the hard disk. Just plug in the hard disk,
either in addition to those already in the computer, or in place of
them. Either way, with no modification to the computer's existing
operating system, you can access the newly inserted hard disk.
The problem is, you're now running off a CD. If you modify /etc/fstab,
which will probably be necessary, such modifications will vanish the
next time you reboot the system. Any scripts you write will likewise
vanish. This places a lot of pressure on your technologists.
An alternative I like much better is to install a Knoppix partition on
every hard drive, or at least every hard drive of any importance --
especially dedicated data hard drives. The Knoppix partition costs only
4GB (2 for Knoppix, 2 for small amounts of data). It takes about 30
minutes to install. Using Grub, you
can multiboot between Windows, Knoppix, and other operating systems
that might cohabit the disk. As a matter of fact, I also recommend
installing a dedicated grub partition, but that's not essential for creating a Knoppix partition.
Once the Knoppix partition is installed, and its /etc/fstab has been modified to mount the partitions on the disk by meaningful names (instead of /mnt/hda5 and the like), it's trivial to access the data on the hard disk. Even without such /etc/fstab modifications, Knoppix itself usefully mounts all found partitions.
With the disk's onboard Knoppix running, transferring the data is as simple as an scp -rp command. Don't forget the -p or all modification times will be today -- definitely not what you want.
Perhaps the disk houses a Windows OS and Windows application created
data. Perhaps somebody hosed the registry, and you just want your data.
No problem -- mount it in Knoppix, and copy the data elsewhere.
Perhaps an employee played a rootkit infected
music CD on the computer. No problem -- those files that are so hidden
in Windows are totally visible in Linux -- you can diagnose the
situation without the Windows enforced obscurity.
I've saved a fortune in time with Knoppix partitions, and now put them on every hard disk I have. It's 4GB well spent.
How to Do It
What I'm doing these days is the second I buy a new hard drive, I
install a Knoppix partition and swap partition, perhaps also installing
a dedicated grub partition. Then I install everything else.
By installing Knoppix first, I minimize the risk of butchering existing
data or code. Then, after everything else is installed, I can simply
use Grub's root and setup commands to point from the MBR to wherever the boot loader is located. That works for me because I buy my own hard drives.
A small business that buys computers ready made could accomplish the
same thing by asking their (presumably small) supplier to format their
drives that way. Many local white box shops would be willing to do
that. A large organization might be able to convince a large supplier
to format their machines like that. Even a large company will often go
the extra mile to get an order for a few thousand computers.
If nothing else, Knoppix can be installed after the data or other operating system, even Windows. It's riskier, but doable.
As far as actually accomplishing it, you create a partition (4GB is big
enough for the operating system and a moderate amount of data), format
the partition with mkfs.ext3, fire up a Knoppix CD, and then use the knoppix-installer command to install to the partition.
The Case Against the Knoppix Partition
Automatically installing Knoppix on hard drives isn't for everyone. There are some disadvantages.
Most obvious, it costs disk space. If you buy a 400GB disk and use 4GB for Knoppix, you've lost 1% of your disk space.
Then there's the security issue. If Knoppix is on a disk that's
otherwise entirely data, if that disk is found by a curious or
malicious person, if that person puts the hard drive in a computer it's
likely to boot up and expose all partitions as mount point. Of course,
not putting on a Knoppix partition would only stop those without smarts
and desire, because most informed people know you can boot a Knoppix CD
and see all the partitions on the drive. Leaving off a Knoppix
partition would be security by obscurity.
The existence of the Knoppix partition could cause data loss, either
during installation, or later if an uninformed person boots the Knoppix
partition and fools around with the system.
The Knoppix partition could lead to a false sense of security. Although
the Knoppix partition would be a great way to recover data if the
operating system gets hosed (a mishap with regedit
for instance), or if for whatever reason the drive is separated from
its original computer. However, the Knoppix partition would probably
prove worthless in cases of data corruption at either the
sector/cylinder level (bad blocks and the like), and often at the file
system level.
Summary
Including a Knoppix partition on a hard disk can make it easier to
recover that disk's data in the event of an operating system meltdown
or separation from the original computer. In the case of Windows
operating systems, it can also reveal what would otherwise be hidden
directories and files, which could help in diagnosing root kits such as
those installed by music CDs.
Knoppix is easy to install. Simply create and format a partition to hold it, then boot a Knoppix CD and use the knoppix-installer command to install it.
A Knoppix partition isn't the answer to everything. It's no help in the
face of bad blocks (corruption at the sector/cylinder level), and might
not be of any help in the face of file system corruption. Installation
or use of a Knoppix partition could also cause data loss, especially in
the hands of an inexperienced practitioner. The Knoppix partition costs
a minimum of 2GB (4GB is better) of space on the disk. Installation of
a Knoppix partition makes it easier for unskilled and unmotivated
people to look at your data should they find your disk or discover the
alternate boot, although skilled and/or motivated people in physical
possession of the disk or computer could find plenty of ways to grab
your data without the Knoppix partition.
Personally, my policy is to install Knoppix on every hard drive I buy.
I believe it makes data recovery easier, and therefore limits the
opportunity for mistakes.
See also: [ Linux Library | Knoppix Knowhow | Troubleshooters.Com | Email Steve Litt | Copyright Notice ]
Copyright (C)2006
by Steve Litt. -- Legal