This is a small tour on commands you will find useful when working with TRK (and Linux in general). Let 's take as a convention that commands you have to type are put between 'single quotes'. At the commandline you omit these quotes (unless I say not to).
What I 'm going to teach here is basically how you work with files, like copying, moving, editing, etc...
First, let's start with changing directories.
People that have worked with the commandline in Windows or Dos will recognize many things. The big difference with this is that directories in Linux are separated by forward slashes instead of backslashes in Windows. Another big difference is that Linux folders and files are case sensitive: capitals have to be typed as capitals, otherwise the file or folder will not be found.
The command to change a directory (or folder how it 's called in Windows) is 'cd'
f. i. you want to change to the directory /tmp you type 'cd /tmp'. If the folder contains spaces, there are two ways you can get into them: or you put the foldername between double quotes or you use so called escape characters to represent the spaces.
Let 's say we want to cd to the folder 'Documents and Settings' you can type 'cd "Documents and Settings"' or 'cd Documents\ and\ Settings' where the backslash (\) in Linux is used to 'escape' characters, i.e. you treat the characters litterally instead of as a control character. Enough of that.
Another way of easily changing directories is by typing the first letters of it and then pressing the tab-key. F.i. type 'cd Doc' and press tab. The command will complete as 'cd Documents\ and\ Settings'. If more files or folders match, the tab command will show you the possible options left. Very nice feature, saves you lots of time and painful fingers.
File copying, the second thing you 'll probably need.
Once you 're in the right directory, you need to be able to copy files to other locations.
Here 's how to do it, together with the most important switches.
Take a file called file1, located in /tmp/ and you want to copy it to /home: simple command 'cp /tmp/file1 /home' or when you first cd-ed to /tmp: 'cp file1 /home/'. Source-target.
Suppose you want to copy multiple files, you can use a wildcard with '*'. If /tmp contains file1 and file2 and copy them both at the same time: 'cp /tmp/file* /home/'
If you want to copy files and folders recursively, together with all the attributes, use the switch '-a'
To see what gets copied while it 's busy, add the '-v' parameter too (verbose).
Say /tmp contains 'file1', 'file2', a subfolder called 'testfolder' which also contains 'file3', then perform 'cp -av /tmp/* /home' This will copy the complete contents of /tmp, including subfolders to /home.
If cp asks you to overwrite already existing files, you can force that by adding '-f' (force) to your command:
'cp -avf /tmp/* /home'
Moving files. This is the same principle as copying files but easier, e.g.
'mv /tmp/* /home' moves all the contents, including subdirs to /home
Adding the parameters -v and f moves them verbosely without prompting to overwrite existing files.
Remove 1 file, example: 'rm /tmp/file1'
Remove files recursively, without prompting: 'rm -rf /tmp/*'
Viewing files and output of commands. This is a util you can use any time there 's too much output coming to your screen or you need to look into a file.
E.g.: 'more /tmp/file1' shows you the contents of file1, but gives it a page at a time. To go to the next page, press space. The arrows and enter key scroll down line by line.
You can use this command also in combination with other commands to halt their output so you can read what it says.
Example: 'dmesg | more' : 'dmesg' gives you the output of your kernel startup procedure and recent system messages, but it 's maybe about 300 lines of output. So in this case we so called "pipe" the output of 'dmesg' to 'more' using the "|" sign. In this way I have also explained you with an example the use of "command piping"
Continueing on this subject, let 's see what other uses command piping can do for us.
It can be used to filter out a certain line with a specific keyword.
Let 's say you want to know whether there 's a file called Document.doc' somewhere in a subdirectory, but you don 't know which. Then use this command from within the base directory you want to search in: 'find ./ | grep -i document.doc' (the -i parameter upper- or lowercase characters)
You can also pipe the output of a command to a file instead of the screen. F.i. to put the complete filelisting of a directory tree to a file, do like this 'find ./ > /tmp/filelist.txt'
Here 's quickly how to use vi, the most common text editor on Linux. Beware: this does not edit Word documents or any other document format that is in binary format.
Open a file or create a new file: 'vi /tmp/file1'
Move your cursor around with your arrows to the line you want to edit.
To insert text, type 'i', this will put you in insert mode. To remove text, use 'x', (go out of insert mode first with escape). To remove or cut a complete line, use 'dd'. You can paste this line elsewhere with 'p'.
This is basically editing in vi. To save a document, go out of insert mode and type ':wq' (colon write quit). To exit without saving: ':q!' (colon quit exclamation mark).
If you don 't like vi, you can use pico which is a bit simpler to use, but less common on the different Linux systems.
When working with Linux and more specifically here with Trinity Rescue Kit, it is imperative that you understand the way you "talk" to filesystems.
Whereas Windows just assigns a driveletter to any local filesystem it knows and finds (which is only NTFS and FAT), Linux does it all by invoking "mount" of a filesystem against a directory where you mount it.
Trinity Rescue Kit has a utility called "mountallfs" that searches for every filesystem on the local computer's disk drives and mounts it in a directory that has the same basename as the device where the filesystem resides. More on that later in this documentation. In other, normal Linux distributions, local filesystems are detected or created on install.
Let 's talk now how to perform manual mounting.
Mounting can be performed with any filesystem, regardless of it being local or on the network.
* Mounting a local filesystem can be done like this:
To know what device contains te filesystem you want to mount, you can look at a file called "/proc/partitions" This will tell you the partition lay-out of your disks, which will most likely contain filesystems. A common "/proc/partitions" file may look like this:
/dev/hda claims in fact the whole disk. Under Windows it is impossible to create a filesystem in there, under Linux it is possible but improbable and not recommended.
Most likely you will find a filesystem on /dev/hda1 and /dev/hda2, which will be you C: and D:-drive under Windows in general.
Mounting this is quite easy, in general you don 't have to give any paramters with it, Linux will detect the type of filesystem.
'mount /dev/hda1 /mnt0'
Trinity Rescue Kit by default has two directories for manual mounting of filesystems. You can create as many as you like, in as many subdirs as you like. That 's all I 'm going to explain about local filesystem mounting. I recommand you use "mountallfs". More on that later.
* Mounting network filesystems.
This is a very interesting bit, because with Trinity Rescue Kit you will want to evacuate your files to another computer. In TRK (and most other Linux distributions) it is possible to talk to Windows filesharing technology. For those who want to know the name of this technology, it 's called SMB (=Server Message Block). TRK can act as a client as well as a server. In this case we 're talking about TRK as a client.
Let 's say you have a running windows machine and you 've configured it to share "myshare". If you have not configured a share, you can connect to the c$ hidden share, but then you need to deactivate "Use simple simple filesharing" in the folder options of your Windows explorer. But let us take the "myshare" share.
For the ease of use, it 's a good thing to create a user on your Windows machine called "root", give him a password and make it an administrator. But that 's not really necessary, you can also use the local "administrator" account, this will just require you to add a parameter to the mount command.
Let 's take the case of the "myshare" share, your Windows pc has 10.0.0.5 as ip-address (always faster to just point to the ip-address instead of the name) and you 've created a local user called root. Then here 's the command: 'mount //10.0.0.5/myshare /mnt0'
You will get prompted for a password in if no output is given, your share should appear under /mnt0. Make sure "myshare" has enough permissions for the user "root"
If you don't want to create a user, you don 't want to create a share and you did disable simple filesharing (or your windows machine is member of a domain), you can go ahead like this:
'mount -o username=administrator //10.0.0.5/c$ /mnt0' , which will prompt for the password an give you the credentials of "administrator". You can already pass the password (e.g. blahblah) in the commandline if nobody is looking over your shoulder: 'mount -o username=administrator,password=blahblah //10.0.0.5/c$ /mnt0'
Below is a screenshot of a Windows PC that has opened the disk of a remote TRK booted machine.