Failinit - a really simple failsave init extension


Quick install
-------------
0. grab this package (failinit1.31.tar.gz) from
   URL ftp://sunsite.unc.edu/pub/Linux/system/Daemons/init/
1. make install
2. install sash from dbell@pdact.pd.necisa.oz.au found at
   URL ftp://sunsite.unc.edu/pub/Linux/system/Shells/sash.tar.gz
3. reboot and give lilo the command line
   linux fails lock
   (^^^^ or however your lilo boot kernel is named)


History
-------

V1.31:   Added  the scripts  failinit_remount  and failinit_remountall
which will be softlinked to /.remount and /.remountall respectively.

V1.30: LILO's 'auto' argument is now ignored (for 'lock' usage).

V1.20: Tries to  start  /sbin/sash, /bin/sash and /etc/sash, the Linux
stand alone shell from dbell@pdact.pd.necisa.oz.au.  I'm happy that  I
found this great shell on a file server.  Note that sash is much elder
than failinit but I first noted it's presence some days ago.


Warning
-------

THIS PACKAGE MAY BE CONSIDERED BETA, BECAUSE IT IS TESTED ON MY SYSTEM
ONLY. However I use it for years without trouble.


Purpose
-------

While configuring  Linux  I several  times screwed up  /etc/inittab or
/etc/rc.d/rc, such that no login showed up  any more.  The only way to
get into the system was to reboot from  the install floppy disk, which
is not very desireable.

For this purpose I designed failinit, which can  be placed in /etc and
can be  softlinked to  /etc/init,  such that  Linux boots this  before
/bin/init  or /sbin/init.  The  only thing  /etc/failinit  does, is to
spawn a shell if the  commandline to init  starts with  'fail' and  to
wait for this  shell to finish  if the first  argument is not  exactly
'fail' (for example 'fails').

Failinit now ignores  the  first argument of  a  command line if  this
first   argument is 'auto'.  This   is  needed, because LILO  prepends
'auto' to  the commandline if the  computer is rebooted without manual
interaction.   When  'auto' is present  and   the  second argument  is
'fail?' (?  is any not whitespace  letter), failinit beeps and waits a
certain timeout period for manual interaction of a  user.  If the user
does not  press  return, failinit  continues as if  option 'fail' were
present.  If the second argument is 'fail??*'  (* stands for anything)
failinit behaves as if no 'auto' where  present.  The idea behind this
manner is,   that if one accidentially forgets   to remove  the locked
line, the computer should still reboot normally after a power loss.

I "enjoyed" having  it while I was  tracing down a nasty problem  with
ext2fs   after a severe  system   crash which led  to an  ext2fs-panic
(buffer head pointer  is NULL) which  crashed linux again  right after
checking the filesystems   ...  (As of  linux-2.0.31-pre-10 this nasty
problem now is fixed in the standard kernel)


Hints
-----

If you don't know how to enter "fail" on the boot command line:

At boot time LILO  enables you to  enter something BEHIND the image to
load, which will be passed to init. (I use LILO only. But I think that
the other booters have similiar possiblilities.)

To boot in single user mode looks like: boot: linux S
And spawn a failshell, too, looks like: boot: linux fail S
To wait until it's finished looks like: boot: linux fails S
To lock this LILO-arguments looks like: boot: linux fails S lock
The first possibility is present without failinit, too.


Installing
----------

To install failinit, just unpack the archive and type
make install
Failinit then checks if it is installed properly.  If not you will get
a warning.

If there is a warning that ln -s /etc/failinit /etc/init failed:
DO NOT DELETE /etc/init UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING!
Elder (extremely old)  distributions had /etc/init. Nowadays init  can
be  found in /bin/init  or /sbin/init. Linux tries  to execute init in
following order (see /usr/src/linux/init/main.c):
/etc/init
/bin/init
/sbin/init
I don't write more, because if this  explaination does not help you in
case of  this problem, BETTER  DO NOT INSTALL   FAILINIT. It may break
your system.

If there  is a  warning  that ln -s  /etc/failinit_remount* /.remount*
failed: You can happily ignore  these. Both scripts  are only for your
convenience if  you want  to  remount your  filesystems. Look into the
scripts for more info.


Security issues and why
-----------------------

Newer sysvinits have the option -b to  boot into a fail shell. However
the root password is asked first.  This is awful  when you forgot your
root password or the person usually beeing root  on this machine is in
holidays.

Asking for the root password is a  real disadvantage in this case. But
asking for the root password is no advantage,  too, unless you disable
the linux option "init=xxx". With this option you can pass any program
to linux which should act like  /sbin/init - for  example you can pass
/bin/sh.  And who  ever has physically access to   the machine can  do
anything to it. So why bother sysops with a root password?

But failinit has the nice option for  lazy sysops who forget to remove
the emergency option from the locked lilo  command line. I once forgot
something like this on a Sun  and on saturday  the system rebooted due
to a power loss.  The system was located in  a room protected by alarm
over  weekends.  Now you must  know that it  was the local news server
with 1 GB input per day on a 64000 bit/s line.  It took 4 days for the
system to keep up again with its news feeds.

/etc/failinit and /sbin/sash are linked statically by default. Usually
/sbin/init  is dynamically linked in   most distributions.  This might
lead  to  problems if  you install new  shared   libraries which crash
/bin/sh  or /sbin/init.     With   only two  little  programs   linked
statically you  can protect yourself from  many worries. Both are easy
to install  on  top of  any distribution  without  interference to any
package.


Disclaimer
----------

I  am not liable for  any damage.  Use  at your own risk. No warranty.
This archive may be distributed according to the GNU GPL V2 or higher.
The file COPYING is no part of this archive to make it much smaller.

tino@augsburg.net
