|< Day Day Up >|
Built-in Diagnostic and Repair Tools
With a complex operating system like Tiger, things can sometimes go wrong, and the user is left with little recourse for solving the problem. Thankfully, operations such as repairing damaged operating system installations, resetting the root password, and fixing damaged disks can all be performed even if your machine is not properly booting into the operating system.
Mac OS 8 and 9, although they hid much of the system operation from the user, gave a clearer picture of what was going on during a system boot. When Tiger starts, dozens of support processes and drivers are loaded at the same time. If something fails, it is left to the imagination of the user to guess exactly what has gone wrong. In many cases, a user might not even be aware that there are problems with the system configuration because the boot process hides behind a simple GUI startup screen.
To view exactly what is happening as the system boots, you can hold down Command-V at power-on to force a verbose startup. The verbose boot displays all status and error messages while the computer starts. This can be a bit startling to many Mac users because instead of the usual blue or gray background present during startup, the screen will be black and filled with text. Windows and Linux users will feel right at home.
The verbose startup messages are similar to those contained in /var/log/system.log. For example:
Jun 29 17:30:30 localhost mach_kernel: .Display_RADEON: i2cPower 1 Jun 29 17:30:30 localhost mach_kernel: .Display_RADEON: user ranges num:1 start:9c008000 size:640080 Jun 29 17:30:30 localhost mach_kernel: .Display_RADEON: using (1600x1024@0Hz,32 bpp) Jun 29 17:30:30 localhost mach_kernel: AirPortDriver: Ethernet address 00:30:65:11:37:15 Jun 29 17:30:30 localhost mach_kernel: ether_ifattach called for en Jun 29 17:30:30 localhost mach_kernel: kmod_create: com.apple.nke.ppp (id 58), 6 pages loaded at 0xc20, header size 0x1000 Jun 29 17:30:30 localhost mach_kernel: kmod_create: com.apple.nke.SharedIP (id 59), 5 pages loaded at 0x0, header size 0x0 Jun 29 17:30:30 localhost mach_kernel: kmod_create: IPFirewall (id 60), 5 pages loaded at 0xc292000, header size 0x1000 Jun 29 17:30:30 localhost mach_kernel: ipfw_load Jun 29 17:30:30 localhost mach_kernel: IP packet filtering initialized, divert enabled, rule-based forwardingenabled, default to accept, logging disabled Jun 29 17:30:31 localhost sharity:  Sharity daemon version 2.4 started Jun 29 17:30:39 localhost ntpdate: ntpdate 4.0.95 Sat Feb 17 02:38:39 PST 2001 (1) Jun 29 17:30:43 localhost ntpdate: no server suitable for synchronization found Jun 29 17:30:43 localhost ntpd: ntpd 4.0.95 Thu Apr 26 13:40:11 PDT 2001 (1) Jun 29 17:30:43 localhost ntpd: precision = 7 usec Jun 29 17:30:43 localhost ntpd: frequency initialized 0.000 from /var/run/ntp.drift Jun 29 17:30:43 localhost ntpd: server 184.108.40.206 minpoll 12 maxpoll 17
This small sample of the verbose output shows the Apple Radeon driver loading, followed by the AirPort software, Classic SharedIP driver, firewall, Sharity, and ntp (network time protocol) software.
Interestingly enough, in capturing this example, I ascertained what I had suspected for several weeks: The ntpdate utility, which is responsible for automatically contacting a remote time server for synchronization, has been failing:
Jun 29 17:30:39 localhost ntpdate: ntpdate 4.0.95 Sat Feb 17 02:38:39 PST 2001 (1) Jun 29 17:30:43 localhost ntpdate: no server suitable for synchronization found
Similar feedback is provided for almost all the services on the computer, from low-level device drivers to Apache and Postfix. If your computer hangs during boot, you can use the Verbose startup mode to determine exactly where the sequence has gone amiss.
Getting Access to Your Drive on a Damaged System
The original Mac OS versions (7/8/9) allowed you to disable extensions by holding down the Shift key while booting your computer. This simplified the process of debugging by providing a way in to your computer so that you could figure out what software had been installed that was messing things up and then remove it.
Performing a Safe Boot
In Mac OS X, the "Classic" Extensions Off mode has been replaced with Safe Boot mode. In Safe Boot mode, only the components necessary to get your Mac booted and running are loaded. Additional software, even networking, is disabled.
When you're running in Safe Boot mode, you can manually remove any software you've added and perform most basic repair tasks from within the GUI. To start your computer in Safe Boot mode, hold down the Shift key while starting up, until the Tiger startup screen appears with the words Safe Boot. You can then release the Shift key and allow your Mac to finish booting.
Entering Single-User Mode
Another modification to the startup process is booting into Single-User mode. Holding down Command-S starts Tiger in Single-User mode, enabling an administrator to directly access the system through a command-line interface. This is a last-resort method of booting your computer that should be used only if absolutely necessary.
Single-User mode boots in a text-only fashion, just like the Verbose startup mode. The process finishes by dropping the user to a shell:
Singleuser boot -- fsck not done Root device is mounted read-only If you want to make modifications to files, run '/sbin/fsck -yk' first and them '/sbin/mount -uw /' localhost#
Repairing Filesystems: fsck
Using the fsck command, you can repair local filesystems from the command line. To fix a damaged filesystem, type fsck -fy at the single-user prompt. This is equivalent to running the First Aid Disk Utility:
brezup:root jray # fsck -fy ** /dev/rdisk0s9 ** Root file system ** Checking HFS Plus volume ** Checking Extents Overflow file. ** Checking Catalog file. ** Checking multi-linked files. ** Checking Catalog heirarchy. ** Checking volume bitmap. ** Checking volume information. ** The volume Shakey appears to be OK.
If an error occurs during this process, you might have to tell the system that it is okay to perform repairs. Table 29.10 lists additional command-line arguments for fsck.
When booted into Single-User mode, the filesystem is mounted as read-only as a precaution. If you've installed a new daemon or script that is stalling the system at startup, it would be useful to be able to edit files from within single-user mode. To mount the filesystem with write permissions, use /sbin/mount -uw /.
Again, be aware that changes made while in Single-User mode are made as the root user.
Logging In to the Console
If your problem lies not with the boot process, but with logging in, you might want to try a standard boot followed by a non-GUI login. To do this, you must have username and password fields enabled in the login window. If you do, allow the system to boot to a standard login window; then type >console as your username and click the Login button.
Your screen goes black, and you see a prompt similar to
Darwin/BSD (brezup.poisontooth.com) (console) login:
Type your username and password to log in and use the system via the console. Logging out of the console restarts the window manager and takes you back to a GUI login screen.
Mounting a Disk Using Target Disk Mode
A final option if your machine isn't booting at all is to use a second computer and attempt to access your drive through Target Disk mode. When a computer is placed into Target Disk mode, it can be connected via FireWire to another machine and will present its drive just like any other removable disk, enabling you to run repairs on the drive or at least copy critical information from the volume.
To start a computer in Target Disk mode, simply hold down the T key while turning on the machine. After a few seconds, a FireWire symbol will appear onscreen and the machine will be ready to be connected to another Macintosh computer for diagnostics, repair, or recovery.
Identifying Software Conflicts
When dealing with stalled startups, take the same approach as with extensions and control panels under Mac OS 8 and 9: Remove the last item to load before the system failure and then reboot.
Assuming that you haven't found what is crashing the machine in your system.log or by running a verbose boot, disable any new software that runs with root privileges or drivers for add-on devices. After you've gained access to your system (either through Safe Boot mode, Single User mode, or Console login), search the list of usual suspects to find newly installed files.
As you already know, both the /Library/Startupitems and /System/Library/ Startupitems directories contain the services that are started at boot time. If software in your auto-launch Login Items list is causing the problem, it's stored in ~/Library/ Preferences/loginwindow.plist. /Library/Components and /System/Library/ Extensions provide two more common hiding places for installed drivers and kernel extensions.
In addition, the /etc/hostconfig and /private/var/db/SystemConfiguration/_preferences.xml files hold information on your machine's network configuration and boot parameters. Although editing these files isn't a guaranteed cure for any problem, it's a good place to start.
Testing Kernel Extensions
If you suspect an extension is causing a problem but aren't sure, you can use the capability of Tiger to dynamically load and unload kernel extensions to test your hypothesis.
To list the currently loaded extensions, use the utility kextstat with the argument -k to hide kernel components (which you wouldn't want to touch):
brezup:jray jray $ kextstat -k Index Refs Address Size Wired Name (Version) <Linked Against> 16 11 0x402000 0xa000 0x9000 com.apple.iokit.IOPCIFamily (1.6) 17 0 0x40c000 0x8000 0x7000 com.apple.driver.AppleCore99PE 18 1 0x854000 0x4000 0x3000 com.apple.driver.IOPlatformFunction 20 0 0x49d000 0x7000 0x6000 com.apple.driver.AppleI2C (3.4.5d2) 21 2 0x43f000 0x3d000 0x3c000 com.apple.iokit.IOHIDFamily (1.4) 23 0 0x984000 0x3000 0x2000 com.apple.driver.AppleCore99NVRAM (1.1) 24 0 0x918000 0x9000 0x8000 com.apple.driver.AppleMacRiscPCI 25 1 0x84f000 0x5000 0x4000 com.apple.iokit.IOKeyLargo (1.6.0d4) 26 0 0x858000 0x7000 0x6000 com.apple.driver.AppleKeyLargo ... 79 1 0x594000 0x291000 0x290000 com.apple.NVDAResman (3.3.8) <78 76 16> 80 0 0x9a6000 0x82000 0x81000 com.apple.nvidia.nv10hal (3.3.8) 81 0 0x85f000 0x33000 0x32000 com.apple.GeForce (3.3.8) <79 78 76 16>
A normal system should have roughly 60 90 extensions loaded.
Each line contains the name of the extension and information about where it is loaded in memory. The fields you'll be most interested in are the Name field (such as com.apple.GeForce) and the Ref field. The Name field contains the name by which the system refers to the loaded extension and is what you will need to use to unload it. The Ref field contains the number of active references to that extension. If other components are using an extension, it cannot be unloaded. For example, the com.apple.NVDAResman extension has a reference count of 1, (which I happen to know is because it is being used by the com.apple.GeForce extension), so it cannot be unloaded without first unloading com.apple.GeForce.
Unloading an Extension: kextunload
To unload a kernel extension, you must be root (or use sudo) and issue the command kextunload -b <extension name>. For example, in the kextstat listing we looked at previously, to unload the com.apple.NVDAResman extension, you would type:
brezup:jray jray $ sudo kextunload -b com.apple.NVDAResman unload id com.apple.NVDAResman failed (result code 0xe00002c2)
This is syntactically correct, but the unload failed because of the reference count. To unload the extension, you must first unload com.apple.GeForce and then com.apple.NVDAResman:
brezup:jray jray $ sudo kextunload -b com.apple.GeForce unload id com.apple.GeForce succeeded (any personalities also unloaded) brezup:jray jray $ sudo kextunload -b com.apple.NVDAResman unload id com.apple.NVDAResman succeeded (any personalities also unloaded)
Loading an Extension: kextload
Loading an extension is virtually identical to unloading but uses the command kextload instead: kextload <path to extension>. For example, to reload the GeForce extension, you would type
brezup:jray jray $ sudo kextload /System/Library/Extensions/GeForce.kext kextload: /System/Library/Extensions/GeForce.kext loaded successfully
Reinstalling the Operating System
Most Windows users are familiar with the word reinstall. I've listened in on many support calls, only to hear the technician give up and tell the end user to reinstall. Unfortunately, Mac OS X users might find themselves doing the same thing. The difference, however, is that reinstalling Tiger does not replace your system accounts, information, or configuration.
I have found on numerous occasions that rerunning the Installer is the fastest and easiest way to return to a viable system. There are, however, a few drawbacks most notably, the system updates are replaced by the original version of the operating system. After running the Tiger Installer to recover a damaged system, be sure to open the /Library/Receipts folder, throw away any receipt files stored by system updates, and then manually force a software update to reinstall the latest versions of system updates and other support software.
Another anomaly is that if you've moved or removed any of the system-installed applications, they will be restored during the install process.
Restoring the Administrator Password
If an administrator password is forgotten or misplaced, Apple has provided a facility for restoring a password. Boot your computer from the Tiger install media (hold down the C key while turning on your computer with the media in the CD-ROM/DVD drive). When the Installer application starts, choose Reset Password from the Utilities menu. Figure 29.13 shows the interface to the Password Reset facility.
Figure 29.13. Use the boot media and Password Reset application to ease your forgetful head.
Detected bootable volumes are listed along the top of the window. Click the main boot drive to load the password database for that volume.
Next, use the pop-up menu to choose the user account that you want to reset. Fill in the new password in both of the password fields provided. Finally, click Save to store the new password.
This really isn't useful for much beyond resetting the administrator password. As long as there is access to the administrator account from the command line, you can easily use passwd <username> to reset the named user's password:
brezup:jray jray % sudo passwd jackd Changing password for jackd. New password: Retype new password:
|< Day Day Up >|