Troubleshooters.Com, T.C Linux Library and Knoppix Knowhow Present

Creating a Dedicated Knoppix Partition
Copyright (C) 2006 by Steve Litt

[ Linux Library | Knoppix Knowhow | Troubleshooters.Com | Email Steve Litt | Copyright Notice ]

Contents:

Disclaimer

Obviously, you use this document at your own risk. I am not responsible for any damage or injury caused by your use of this document, or caused by errors and/or omissions in this document. If that's not acceptable to you, you may not use this document. By using this document you are accepting this disclaimer.

The Case for the Knoppix Partition

Hard disks are regularly separated from their computers. Perhaps a hard disk is replaced, and is now lying around. Or perhaps it's replaced and then you find a need to copy its data.

In such a case you have several alternatives. You can plug it into a spare port of an existing computer. But in doing so, you need that computer's existing operating system to read the disk, meaning you must temporarily modify that operating system just to accommodate the new disk, and remember to undo the modifications after removing the disk. If you're like me, you don't want to do that.

One way to get away from changing the host computer is to boot a Knoppix CD after plugging in the hard disk. Just plug in the hard disk, either in addition to those already in the computer, or in place of them. Either way, with no modification to the computer's existing operating system, you can access the newly inserted hard disk.

The problem is, you're now running off a CD. If you modify /etc/fstab, which will probably be necessary, such modifications will vanish the next time you reboot the system. Any scripts you write will likewise vanish. This places a lot of pressure on your technologists.

An alternative I like much better is to install a Knoppix partition on every hard drive, or at least every hard drive of any importance -- especially dedicated data hard drives. The Knoppix partition costs only 4GB (2 for Knoppix, 2 for small amounts of data). It takes about 30 minutes to install. Using Grub, you can multiboot between Windows, Knoppix, and other operating systems that might cohabit the disk. As a matter of fact, I also recommend installing a dedicated grub partition, but that's not essential for creating a Knoppix partition.

Once the Knoppix partition is installed, and its /etc/fstab has been modified to mount the partitions on the disk by meaningful names (instead of /mnt/hda5 and the like), it's trivial to access the data on the hard disk. Even without such /etc/fstab modifications, Knoppix itself usefully mounts all found partitions.

With the disk's onboard Knoppix running, transferring the data is as simple as an scp -rp command. Don't forget the -p or all modification times will be today -- definitely not what you want.

Perhaps the disk houses a Windows OS and Windows application created data. Perhaps somebody hosed the registry, and you just want your data. No problem -- mount it in Knoppix, and copy the data elsewhere.

Perhaps an employee played a rootkit infected music CD on the computer. No problem -- those files that are so hidden in Windows are totally visible in Linux -- you can diagnose the situation without the Windows enforced obscurity.

I've saved a fortune in time with Knoppix partitions, and now put them on every hard disk I have. It's 4GB well spent.

How to Do It

What I'm doing these days is the second I buy a new hard drive, I install a Knoppix partition and swap partition, perhaps also installing a dedicated grub partition. Then I install everything else.

By installing Knoppix first, I minimize the risk of butchering existing data or code. Then, after everything else is installed, I can simply use Grub's root and setup commands to point from the MBR to wherever the boot loader is located. That works for me because I buy my own hard drives.

A small business that buys computers ready made could accomplish the same thing by asking their (presumably small) supplier to format their drives that way. Many local white box shops would be willing to do that. A large organization might be able to convince a large supplier to format their machines like that. Even a large company will often go the extra mile to get an order for a few thousand computers.

If nothing else, Knoppix can be installed after the data or other operating system, even Windows. It's riskier, but doable.

As far as actually accomplishing it, you create a partition (4GB is big enough for the operating system and a moderate amount of data), format the partition with mkfs.ext3, fire up a Knoppix CD, and then use the knoppix-installer command to install to the partition.

The Case Against the Knoppix Partition

Automatically installing Knoppix on hard drives isn't for everyone. There are some disadvantages.

Most obvious, it costs disk space. If you buy a 400GB disk and use 4GB for Knoppix, you've lost 1% of your disk space.

Then there's the security issue. If Knoppix is on a disk that's otherwise entirely data, if that disk is found by a curious or malicious person, if that person puts the hard drive in a computer it's likely to boot up and expose all partitions as mount point. Of course, not putting on a Knoppix partition would only stop those without smarts and desire, because most informed people know you can boot a Knoppix CD and see all the partitions on the drive. Leaving off a Knoppix partition would be security by obscurity.

The existence of the Knoppix partition could cause data loss, either during installation, or later if an uninformed person boots the Knoppix partition and fools around with the system.

The Knoppix partition could lead to a false sense of security. Although the Knoppix partition would be a great way to recover data if the operating system gets hosed (a mishap with regedit for instance), or if for whatever reason the drive is separated from its original computer. However, the Knoppix partition would probably prove worthless in cases of data corruption at either the sector/cylinder level (bad blocks and the like), and often at the file system level.

Summary

Including a Knoppix partition on a hard disk can make it easier to recover that disk's data in the event of an operating system meltdown or separation from the original computer. In the case of Windows operating systems, it can also reveal what would otherwise be hidden directories and files, which could help in diagnosing root kits such as those installed by music CDs.

Knoppix is easy to install. Simply create and format a partition to hold it, then boot a Knoppix CD and use the knoppix-installer command to install it.

A Knoppix partition isn't the answer to everything. It's no help in the face of bad blocks (corruption at the sector/cylinder level), and might not be of any help in the face of file system corruption. Installation or use of a Knoppix partition could also cause data loss, especially in the hands of an inexperienced practitioner. The Knoppix partition costs a minimum of 2GB (4GB is better) of space on the disk. Installation of a Knoppix partition makes it easier for unskilled and unmotivated people to look at your data should they find your disk or discover the alternate boot, although skilled and/or motivated people in physical possession of the disk or computer could find plenty of ways to grab your data without the Knoppix partition.

Personally, my policy is to install Knoppix on every hard drive I buy. I believe it makes data recovery easier, and therefore limits the opportunity for mistakes.


See also: [ Linux Library | Knoppix Knowhow | Troubleshooters.Com | Email Steve Litt | Copyright Notice ]

Copyright (C)2006 by Steve Litt. -- Legal