Embed Size (px)
Citation preview
Linux Laptop — Lenovi
Howard Gibson
2018/11/08
Contents
1 Introduction 1
1.1 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 Why Linux? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4.2 DVDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4.3 Gnome 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4.4 SElinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Hardware 4
2.1 Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.4 Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.5 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.6 Video Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.7 Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.8 Floppy Drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.9 Sound Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.10 Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.11 Keyboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.12 Webcam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.13 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.14 Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.15 Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
i
3 Installation 6
3.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2.1 Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2.2 Cracking . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.4 /usr/local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.5 Text Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.6 Root Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.7 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.8 Logging in for the first time . . . . . . . . . . . . . . . . . . . . . 11
3.9 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.10 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.11 As Installed Partitioning . . . . . . . . . . . . . . . . . . . . . . . 12
3.12 System Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.13 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.14 Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.15 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.16 Special Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.17 Startup Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.18 Extra Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.19 Not Free Software . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.20 Window Managers . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.20.1 Gnome 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.20.2 KDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.20.3 XFCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.20.4 FVWM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.20.5 LXDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.20.6 Cinnamon . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.21 Login Window (Display Managers) . . . . . . . . . . . . . . . . . 19
3.21.1 GDM Login (Preferred) . . . . . . . . . . . . . . . . . . . 19
3.21.2 SDDM Login (If GDM doesn’t work) . . . . . . . . . . . . 20
3.22 Fortune Cookie . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.23 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.24 Apache (httpd) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
ii
A Mounting a USB Stick While Installing 23
B Booting with GRUB 24
C Network Configuration 24
D Encryption 25
iii
iv
1
1 Introduction
1.1 Objective
• Provide detailed instructions on the current Linux installation on my lap-top. This is a rescue procedure, in case I have to re-install Linux.
• Provide new Linux users with a general example of how a Linux machineis installed and configured.
The OS is Fedora 27, downloaded 2018/04/18. This is a refurbished machine Ihave bought 2018/04/22 because my old Lenovo Thinkpad was showing signsof old age. I think things were about to break. It will be nice to have a 64 bitlaptop.
1.2 Copyright
This document is copyright c© 2018 by Howard Gibson. You may post this onweb pages and bulletin boards free of charge. All other rights are reserved.
1.3 Why Linux?
Linux is Free Software. Your computer should not be encumbered by copy-rights and Digital Rights Management (DRM). Proprietary software publishersare trying so hard to prevent unathorized copying that they can prevent youfrom installing and using copies you purchased, and are authorized to use. Also,if you cannot run the application you used to create your data, you don’t ownyour data!
Linux is not hard to install on most computers. The latest “bleeding edge”video and sound cards may give you trouble. If you are buying a new computer,you should do some research on the hardware. If your computer is older, Linuxshould have all the drivers you need. You need to research Linux support onprinters and scanners. Not everything works.
A basic Linux install will include some very good graphics programs, particularlyGIMP, a good substitute for Adobe Photoshop. Just about every programmingtool is available for Linux, except for the proprietary Microsoft ones like VisualBasic and C#.
Linux can run efficiently on older, slower computers, because you can selectsmaller, faster user interfaces and applications. Install the window managersXFCE and LXDE. Libre Office is a credible alternative to Microsoft Officebecause it is just about as bloated as Microsoft Office. Try the word processor
2 1 INTRODUCTION
AbiWord, and the spreadsheet Gnumeric. You could learn to use LATEX, whosefiles are edited with a text editor.1
Linux is less capable at video games and multimedia. There are lots of FreeSoftware computer games out there, but the best stuff is commercial and pro-prietary. Few publishers support Linux.
The big problem with Linux and multi-media is ideological. Most media formatsare proprietary. GNU and Linux are the work of Free Software people, who arereluctant to support proprietary formats. If you spend an hour or so surfingGNU.org , you will understand who you are dealing with. The GNU “Copy-left” really is a copyright. All copyrights are supported by the Free Softwarecommunity.
Linux can be made to support multi-media. I watch YouTube and Netflix onmy Linux box. I can watch most commercial DVDs. Don’t expect the FreeSoftware community to knock itself out to help you.
For more information on the thinking behind Free Software, just follow thelinks. You can get support for most media formats. Just search Google forLinux multi-media support.
1.4 Summary
1.4.1 Installation
I had no problems installing Fedora 27 on this machine. The default settings allworked. I had no problems with wireless networking. Not only did the installerconnect, Fedora connected automatically when I logged in for the first time.
This OS is installable by Linux geeks, and by ordinary mortals.
1.4.2 DVDs
Download install images from the internet. These can be burned to DVDs andCDs, which is what I normally do. You can copy the image to a USB stick.There are instructions for this on the internet. Many computer these days donot have CDROM/DVD readers.
If you are interested in Linux, buy one of the books. Periodically, I buy oneof the Linux Bibles. You get documentation, and you support the community.Before you visit the bookstore, check the internet and find out what versions ofLinux are current. The stores sell surprisingly old books, often on a shelf rightnext to the current book that you ought to be buying.
1 This document is maintained in LATEX. The best reference on LATEX is A Guide toLATEX 2ε by Helmut Kopka and Patrick W. Daly, Addison Wesley books. This book providesgood document templates. I have not found other references to be useful.
1.4 Summary 3
Figure 1: Virtual Windows on FVWM
1.4.3 Gnome 3
The default GUI with Fedora is Gnome. In the past, Gnome has been a verynice user interface, predictable to anyone coming out of the Windows world.The new Gnome 3 is very much fancier than Gnome 2, and it introduces allsorts of new paradigms to the user. I don’t like them.
Maybe you will like Gnome 3! Install the window managers XFCE and LXDE.These are small and fast, ideal for older, slower computers with limited RAM.They are predictable to a user coming out of the Windows world.
The thing that actually pisses me off about Gnome 3 is the implementation ofvirtual windows. This is a convenient feature of most X11 window managers,as shown by Figure 1 . I have set up my FVWM desktop to show nine win-dows, each selectable by a mouse click. I scatter my applications around thesewindows. Usually, I drop my email and web browser in one window, my filemanager in another window. Each big application I have running gets its ownwindow. I am one click away from whatever it is I want to do. Gnome 3 sup-ports virtual windows, but selection requires several mouse clicks. It is muchless convenient.
A Microsoft Windows user probably is not aware of virtual windows, and mightfind Gnome 3 to be okay. The other window managers still are better.
I know nothing about Macs. I have no idea of how all this looks to a Mac user.
4 2 HARDWARE
1.4.4 SElinux
SEcurity Enhanced Linux, according to Wikipedia2 . . .
is a Linux kernel security module that provides the mechanism forsupporting access control security policies, including United StatesDepartment of Defense style mandatory access controls (MAC).
SElinux is pissing me off less than it used to. I can always switch from enforcing
mode to permissive mode.
Security is good, I suppose. The command for checking SElinux is sealert.
2 Hardware
This is a Lenovo Thinkpad T440. I purchased it second hand at Laptops forLess, at 3358 Lakeshore Blvd, in Etobicoke, Ontario. The machine has noCD/DVD/Blu Ray, and no webcam. It does Bluetooth, badly. I belive this is ahardware problem, not a problem with Linux. On my old Thinkpad, Bluetoothworked fine.
I have a requirement to read CDs, so I purchased a USB DVD burner.
Otherise, this machine has four USB ports, and an SDHC port.
2.1 Laptop
Lenovo Thinkpad Model 6475GZ5, Serial Number R8-GEFYN 09/11
2.2 CPU
Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor DRAM Controller(rev 06)
2.3 Memory
It has 4GB in some form.
2.4 Hard Drive
ATA HGST HTS725050A7 500GB
2 Wikipedia as of 2014Aug15.
2.5 DVD 5
2.5 DVD
None.
2.6 Video Card
VGA compatible controller: Intel Corporation 4th Gen Core Processor Inte-grated Graphics Controller (rev 06)
2.7 Monitor
14.1” 1368x768, and 16 million colours
2.8 Floppy Drives
Not any more.
2.9 Sound Card
Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core ProcessorHD Audio Controller (rev 06)
2.10 Modem
None.
2.11 Keyboard
Laptop keyboard with touchpad and nipple.
2.12 Webcam
None. The following comments still are valid.
Gnome comes with something called cheese to operate webcams.
On another machine, I tried running cheese remotely, using another computeras the display. It could not find a device. This is good. We do not want thewebcam running remotely.
Recent articles in the news show that webcams and impressionable young girlsare a bad combination. I don’t have a young girl, impressionable or otherwise,so there is no problem for me. I will refrain from taking my clothes off whenasked. I promise.
6 3 INSTALLATION
Facebook is being blamed for recent teen suicides. Facebook does not have alive “please take your clothes off” feature. I suspect that the real culprit isSkype, which is available for Linux.
Like all other web-enabled devices, the webcam in your daughter’s bedroom willbe inaccessible to the internet if it does not exist.
2.13 Network
Ethernet controller: Intel Corporation Ethernet Connection I217-V (rev 05)
Network controller: Intel Corporation Wireless 7260 (rev c3)
2.14 Battery
6-cell 56 Wh battery
2.15 Slots
Realtek Semiconductor Co., Ltd. RTS5227 PCI Express Card Reader (rev 01)
3 Installation
3.1 Planning
This machine was purchased as a portable workstation, to be used when I amaway from my main computer. In many ways, this is not a demanding require-ment. I need adequate capability in terms of graphics, disk space and processingpower. I wanted it to be cheap, and I wanted some way to exchange informationwith my main computer.
3.2 Security
3.2.1 Theft
Laptops get stolen. I don’t want anyone to get at my personal information, likecredit cards, internet passwords and such. I leave this thing lying around.
No critical personal or other security sensitive stuff will be left on the laptop.Files will be stored on the laptop as needed. When I am done, I will transferthem back to the main computer, and delete them here.
In the past, I did not create a separate /home partition. This put my workingfiles in the same partition as root. This makes it impossible to reinstall theoperating system to get at the files in /home.
3.3 Partitioning 7
With Fedora 9 on, we can install encrypted file systems. This protects my data,and it makes my laptop unusable to thieves and other unauthorized persons.
My original scheme was to encrypt /home. Now, I have encrypted the entirehard drive. When I decrypt my primary partition, I have a bunch of logicalpartitions. See my appendix notes on encryption.
3.2.2 Cracking
Note how I use the term cracking, rather than hacking. The Free Software folkssee themselves as hackers. The bad guys who break into your computer shouldbe called crackers. There has been no discussion I am aware of on what whitefolks from Dixie think of this.
I connect to the internet using WiFi in coffee shops and bars. All protection ofthis machine must be done by the local firewall. I do not need remote access. Ido not need to share data.
I do check my machine’s security at Gibson Research. 3 Their Shields Upfeature checks all my system ports. I want to pass their “True Stealth” analysis,which requires that the machine be absolutely non-responsive to all networkcontacts, including ping.
This test must be performed at a bar or coffee shop that has no firewall protec-tion. Otherwise, you are testing their firewall, not yours. It is getting hard tofind establishments that do not have firewalls..
3.3 Partitioning
My entire hard drive will be encrypted. Here is my partitioning plan.
Partition Memory Filesystem/boot 1GB ext4root 150GB ext4swap 20GB swap/home 260GB ext4/usr/local 60GB ext4Total 500GB
The /boot partition must not be encrypted. Since everything else is encrypted,/boot must be separate.
If I allow a swap partition smaller than my RAM, the installation programcomplains, or at least, it has complained in the past. Disk space is cheap.
3no relation
8 3 INSTALLATION
3.4 /usr/local
The /usr/local partition is a traditional feature of UNIX and Linux. Thispartition is used to install optional software, usually compiled from source code.When the operating system is upgraded or re-istalled, /usr/local is left un-touched. A more recent concept is the /opt partition, often used for commercialsoftware. Back in the day, Linux geeks compiled the kernel, and when theywanted to install some new application, they downloaded the source code, andthey installed the executables and libraries in /usr/local. As applications getmore complex, it gets more and more complicated to debug the Makefiles. In-stallation programs like dnf and apt-get are able to update stuff they haveinstalled, including your kernel, and any applications you are relying on.
If you are not a dedicated UNIX/Linux geek, you need not bother with /usr/local
or /opt. Alternately, you can make the partitions small.
3.5 Text Editing
This document is written mostly with the text editor vim, a version of vi. Thisis an extremely efficient and productive editor once you learn it, especially ifyou are a touch typist, like me. It is especially efficient with large documents,since you can navigate by doing the text seaches through the command line.It is the text editor of UNIX and Linux geeks everywhere. Unfortunately, it ismindbogglingly not user friendly.
Linux newbies need to try something else. You need a text editor that runs ina terminal session. You don’t always have the X Window System running whenyou do administration.
The text editor nano, is available and strongly recommended. You navigatearound the text file using the arrow keys, just like you think it should. It has aCTRL key menu at the bottom of the screen.
When you are told to edit configuration files, use nano.
3.6 Root Access
On any UNIX OS, there are two ways to access the computer for system ad-ministration. You can log in as root, or you can use the command sudo.
Root is the super user. Root has read and write access to everything on thecomputer. Otherwise, root is a conventional account with password, and a homedirectory. In Fedora, this is /root. When you launch a terminal and log in asroot, your terminal prompt changes from “$” to “#”. When you are logged inas root, you are able to do serious damage to your computer.
To do system administration, you enter the command. . .
3.7 Installation 9
$ su -l
Password:
# nano /etc/passwd
You will be prompted for root’s password. Once you type it in successfully, theprompt will change to “#”, and you will have complete access to everything onyour computer. When the “#” prompt is visible, be very, very careful.
The alternative to having a root account is to set your systemm up for Sudo.There is no root account. To perform system administration tasks, you go. . .
$ sudo nano /etc/passwd
In this case, you will be prompted for your password. Once you type this in,your terminal has all the powers of a root account. Be very, very careful.
The older Fedoras set up the root account. As of Fedora 29, it’s sudo. Ubuntuand Macs set up Sudo.
In my notes that follow, any line starting with “#” is a command entered asroot.
3.7 Installation
I mean to do a wireless installation. I have not connected Ethernet.
1. I booted the laptop using the CD. The first thing that came up was aplain text menu. . .
• Start Fedora-Workstation-Live 27
• Test this media & start Fedora-Workstation-Live 27
• Troubleshooting
I chose to test my media, then install. Testing the media takes a while.
2. The boot routine loads the X Window System. This takes a while, and itspews a lot of text to the screen.
3. The first thing we see is the “Welcome to Fedora 27” window. We mustchoose between trying out Fedora, or installing it to our hard drive. Donot do this yet.
4. On the top bar of the computer screen, pull down the right-hand menuand verify that you have a network running. If you are installing withWiFi, you must select a network, and type in the encryption key.
5. Back to the window. I have been “trying Fedora” for quite a long timenow. Definitely, I want to “Install to hard drive”.
10 3 INSTALLATION
6. The next window asks what Language we want. There are a heck of a lotof language selections. On my screen, the default langugage was English(Canada).4 This is what I want. I clicked [Continue].
7. We are on the “Installation Summary” screen, and we see the following. . .
LOCALIZATIONKEYBOARD TIME & DATE
SYSTEMINSTALLATION DESTINATION NETWORK & HOST NAME
8. We already have done the keyboard. Click on “TIME & DATE”.
9. In the resulting TIME & DATE window, I clicked as closely as I could toToronto. The resulting red dot is closer to Huntsville, Ontario, but I haveselected the timezone America/Toronto. The “Network Time” button ison, which is goodl.5 Click [Done], at the top of the screen.
10. Next, I clicked on INSTALLATION DESTINATION.
11. I see one drive, ATA HGST HTS725050A7, 465.76GiB. This was auto-matically selected.
12. At the bottom of the screen, click on [Encrypt my data].
13. Under “Storage Configuration”, I selected [Custom].
14. Click [Done].
15. I was prompted for a passphrase. I typed one in.6
16. I am now in the “MANUAL PARTITIONING” screen. I can see twoheadings, “New Fedora 27 Installation”, and “Unknown”. On my machine,there are two ntfs parttions, which I will delete.
17. Click on an ntfs partition, and click on [-] at the bottom of the screen.Yes, I am sure I want to delete it.
18. Click on the other ntfs partition. Click [-], and yes, I am deleting it.
19. Click the [+] button at the bottom of the screen, and create partitions.Fedora insists on a /boot partition outside the encrypted partitions.
Partition Desired Capacity Label Actual CapacityDATA/usr/local 60GiB Local 55.88GiB/home 260GiB Home 250.61GiBSYSTEM/boot 1GB Boot 953MiB/ 150GB Root 139.7GiBswap 20GB Swap 18.63GB
4 If you are connected to the network, the installer knows where you are.5 The “Network Time” button requires the network. If it is off, you are not connected.6 Type in a good one. You cannot change this, easily. See appendix notes on encryption.
3.8 Logging in for the first time 11
This left 1.02MiB unused. Note how /boot is a standard partition. Allthe others are on a logical partition, which will be encrypted. Type in thepartition labels. This makes things more robust.
20. I clicked [Done], and it prompted me again for the encryption password.I just hit [Save Passphrase].
21. I was returned to the “MANUAL PARTITIONING” screen. I clicked[Done] again. This time, I listed the partititons it was about to destroy,and the new ones to be created. I clicked [Accept Changes].
22. We are back in the “INSTALLATION SUMMARY” window again. Clickon “NETWORK & HOST NAME”.
23. At the prompt, I typed in the name “Lenovi”, and I clicked [Done].
24. At the bottom of the screen, I hit [Begin Installation]. The time was10:30pm.
25. As the system installed, I saw two icons labelled ROOT PASSWORD and USER
CREATION. I click on ROOT PASSWORD, set it, and click [Done].
26. I clicked on USER CREATION, and created an account for myself. Do notcreate any more accounts at this stage. It will just overwrite the earlierones. You only get one user account at first boot. The program rates yourpassword, and it gives you a hard time if you try to type in a weak one.
27. The install finished at around 11:00pm. I hit [Reboot] at the bottom ofthe screen. I rebooted the computer.
28. Upon rebooting, the first thing I did was go into the BIOS and disableDVD booting.
3.8 Logging in for the first time
The Gnome login window with the user list was displayed. The visible user listis not acceptable. I will be fixing this. I logged in as me, and found myself inthe Gnome desktop.
When I logged in, I found I was connected to my network. My network keymust have been saved in my account during the install. Cool!
The “Welcome” screen allowed me to select a language again, and my keyboardagain.
The privacy screen came up with the following services that could be on oroff. . .
• “Location Services”
• “Automatic Problem Reporting”
12 3 INSTALLATION
This is a laptop that can operate in public, away from my firewall. I turnedeverything off.
The next window is “Online Accounts”. You can set up your accounts andpasswords for Google, Nextcloud, Microsoft and Facebook, if you wish.
I am “ready to go!”.
3.9 Firewall
In Gnome, locate the Firewall icon and click on it. I could not find it. I had totype “firewall” in the search window at the top of the screen. This brings upFirewalld, which has improved very much since I first encountered it.
Note the button next to the text “Configuration”. You can configure [Run-time], or [Permanent]. Select [Permanent].
Under “Zones”, I selected “external”. I went down through Services, Ports,Protocols and Source Ports, and I made sure everything was turned off. Mylaptop requires security. I would not be this paranoid with a desktop.
3.10 ssh
Ultimately, I do not want ssh (secure shell client) to work on this machine. Iwant no connections whatsoever to work from outside! For configuation pur-poses, I might want it to work.
In the firewall tool, select Configuration [Runtime], and under services, allowssd.
# systemctl enable sshd.service
# service sshd start
This runs sshd until I shut down the computer. This is good. Meanwhile, I canaccess Lenovi from my main computer.
3.11 As Installed Partitioning
The following output was done immediately after installing Linux, before I re-covered my /home and /usr/local data.
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 1865052 0 1865052 0% /dev
tmpfs 1878468 27880 1850588 2% /dev/shm
tmpfs 1878468 1836 1876632 1% /run
tmpfs 1878468 0 1878468 0% /sys/fs/cgroup
3.12 System Update 13
/dev/dm-2 143138972 9847728 125950496 8% /
tmpfs 1878468 2256 1876212 1% /tmp
/dev/sda1 944120 181292 697652 21% /boot
/dev/dm-6 257608092 20529288 223923376 9% /home
/dev/dm-7 57413472 8660928 45806396 16% /usr/local
tmpfs 375692 20 375672 1% /run/user/42
tmpfs 375692 44 375648 1% /run/user/1000
3.12 System Update
Let’s do it.
# dnf -y update
3.13 Networking
If you only have one computer, none of the following matters.
If you have multiple computers and you want them to talk to each other, youneed to manage host names and IP addresses. IP addresses are managed byyour router.
I updated /etc/hosts to list all the computers on my network.
I want to mount file system from my primary server. I updated /etc/fstab tomount directories from Rev.
rev:/home /rev nfs noauto,users,exec,rw 0 0
rev:/usr/local /revlocal nfs noauto,users,exec,rw 0 0
rev:/archive /archive nfs noauto,users,exec,rw 0 0
Having done this, I created the following directories. . .
# mkdir /rev
# mkdir /revlocal
# mkdir /archive
NFS is installed. All I have to do is run it!
# systemctl enable rpcbind
# systemctl enable rpcbind
Now, you need to configure your firewall as noted above, and make it allow NFS.
14 3 INSTALLATION
3.14 Wireless Networking
For Fedora 27, there have been no problems whatsoever with wireless network-ing. This is a huge improvement over earlier versions of Fedora.
3.15 Bluetooth
Bluetooth works fine on my old Thinkpad. It works erratically on this one. Ohwell.
3.16 Special Groups
I created the group prg, and I added myself to it. I set the /usr/local/src
file system to be owned by the group prg.
I set the sticky bit as follows. . .
# chgrp prg /usr/local/src
# chmod 1775 /usr/local/src
This make all files in /usr/local/src owned by the group prg.
3.17 Startup Scripts
Sometimes we want stuff to execute as the computer boots. Traditionally inUNIX, this was /etc/rc.local. This no longer works by default. For themoment, I need to disable ping, so that I can pass http://www.grc.com’s TrueStealth test.
The file is now /etc/rc.d/rc.local file.
# touch /etc/rc.d/rc.local
# chmod 755 /etc/rc.d/rc.local
Now, you can fire up your favourite text editor and edit /etc/rc.d/rc.local.
#!/bin/bash
# Lenovo rc.local
# Disable ping
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
exit 0
If you don’t do the exit 0 at the end, it will not work.
3.18 Extra Software 15
3.18 Extra Software
At this point, you have a GNU/Linux7 operating system with a browser, emailand an office suite. So far, so good. This might be all you need. There is alot of extra software out there, some of which you might want. The followingpackages are things I insist on installing. Probably, you want some of these.
nano emacs xemacs vim Text editors. The vi editor is not user friendly. Ifyou don’t understand it, you need nano. Emacs is the original GNU texteditor, originally written by Richard M. Stallman. Xemacs is a hackedversion of it with more features, that has not been updated in quite sometime. vim is a fancier version of vi.
dvd+rw-tools Command line tools for buring CDs, DVDs and BlueRays. Ineed this for my backups.
gimp Bitmap graphics. If you have a digital camera, you need the GIMP tofix and edit your pictures.
ufraw ufraw-gimp darktable Manage raw files from your digital camera.
perl-Image-ExifTool.noarch ExifTool is another useful utility for processinggraphics files. It allows you to attach metadata to your files. I use it inone of my scripts.
*sane* GNU support for your scanner (or my scanner anyway).
inkscape Another drawing program that may be interesting.
tetex latex2rtf xfig transfig pstoedit This is the Fedora distribution of LATEXthe text preparation language, used among other things, to prepare thisdocument. Xfig is a nice vector graphics program in its own right. Pstoeditconverts PostScript files to Xfig format, among other things. I used to in-stall latex2html, but it no longer works, and htlatex, part of the tetexpackage, does.
linuxdoc-tools This gives me sgml2html. I need this for an article on mywebsite.
librecad This is Free Software CAD that writes DXF files. There is commer-cial Freeware8 out there, but these could be discontinued at any time. Donot rely on it. LibreCAD is not suitable for commercial work, but it isfine for home projects.
openscad 3D CAD of some sort. I have not tried it yet.
7 The Free Sofware people want this to be called GNU/Linux. Most of the software youhave just installed is from GNU. Linux is just the kernal.
8 Freeware is free as in free beer, but otherwise, commercial software. Free Software is freeas in free speech, although it tends to be free, as in free beer.
16 3 INSTALLATION
freecad 3D parametric CAD!
sylpheed My favourite email program. I started using this because it workswell offline, an issue me at the time. I am kind of stuck with it because ituses the mh format, rather then the more popular mbox format files.
xpdf A small, faster, more secure PDF reader.
epiphany midori lynx seamonkey icecat Alternate browsers. Epiphany andMidori are small, fast browsers. Lynx is a text based browser. Seamonkeyis the complete web package put out by Mozilla. DNF did not work for it.I had to locate and download an RPM package. Icecat is a GNU approvedgekko browser.
freeglut-devel gcc-c++ libpng-devel yasm netpbm Software developmenttools.
ftp gftp File Transfer Protocol – useful for updating websites. ftfp is a GUIversion of this. I find it amazing that ftp is not installed by default on aLinux box!
abiword Smaller word processor.
gnumeric Smaller spreadsheet.
alpine Command line email tool (mbox format). This comes with the texteditor pico.
octave A cool and very useful math program. Gnuplot is a dependency, so thisis installed too.
audacity Sound processing
k3b, brasero CD/DVD/Blu-Ray burning
efax Every once in a blue moon, I send faxes.
compat-gcc-34-g77 g77, the GNU Fortran compiler.
aspell aspell-en Spelling checker and English dictionary
tnef Convert Microsoft email TNEF files to something readable.
minicom Terminal program for modem
wings 3D modeller
asunder CD ripper
FlightGear wesnoth freeciv Games. What fun!
arduino I have an Arduino board
3.19 Not Free Software 17
nmap Security tool.
You can install all of this with one call of dnf. . .
$ sudo dnf -y install nano emacs xemacs vim gimp ...
Find something else to do for a couple of hours.
Locate an rpm for epstopdf and install it. I use this with LATEX.
I went to Google and I downloaded and installed Google-chrome. This no longeris available for 32 bit machines, but Lenovi is not a 32 bit machine!
I also downloaded and installed Vivaldi, another web browser.
3.19 Not Free Software
Please read the sections above on Free Software. A big benefit of Free Softwareis that your data is stored in an open format. If your personal files are storedby a proprietary program in a proprietary format, it’s not really your data, isit?
Free Software is a good thing, but sometimes we are determined to read pro-prietary files. Google “rpmfusion”. There are free repositories which are okay.There are not-free repositories which are less okay. I installed both rpmfusions,then I installed the following. . .
xine Video program for Linux.
gxine User friendly front end for xine.
lame MP3 encoder for Linux
fuse-exfat Read Microsoft exfat format file systems.
unrar Unpack proprietary rar archives.
My car plays MP3 files. My camera uses exfat format on 64MB SDHC cards.I like watching videos, including ones from my cameras.
3.20 Window Managers
On a GNU/Linux desktop, the operating system boots. The X Window Systemis launched, then a Window Manager is launched. X11 provides the graphicalscreen and the mouse. The window manager provides the actual user interface.With multiple window managers, GNU/Linux can be made unrecognizable fromone login to the next. What fun!
I do not like the eye candy of Gnome and KDE. It looks cool, but it takesmemory and CPU cycles away from my applications. GNU/Linux is a popular
18 3 INSTALLATION
way to keep older computers running. Smaller, faster window managers aregood.
A good reason to install several window managers is that they all have theirown utilities, some of which work better than others.
3.20.1 Gnome 3
I hate it. This is one of the reasons I install everything else.
The objective of Gnome 3 is to unclutter everyone’s desktop. I am not sure thisis a problem. Some people like to work this way. If they get their work done,who cares? Meanwhile, it seems to take a maximum number of mouse clicks toget from one application to another.
Also, I do not like eye candy. Most of the time, you use the user interfaceto locate your files and launch applications. Any resources consumed by thewindow manager are not available for your application. This could be a problemif your application is a resource hog.
If you do not have Gnome installed on your Fedora machine, do this. . .
$ sudo dnf -y group install "Fedora Workstation"
3.20.2 KDE
I have never liked KDE much. I don’t like excessive eye candy. I never foundthe interface to be all that intuitive, although I might, if I used it more.
$ sudo dnf -y install @kde-desktop
There is nothing called KDE in the list of desktops you select from the GDMwindow. Look for “Plasma”.
3.20.3 XFCE
XFCE is a “lightweight” desktop environment. Its behaviour will be familiar totraditional Microsoft Windows users. It loads quickly. If you are not a dedicatedGNU/Linux geek, I strongly recommend this.
$ sudo dnf -y install @xfce
3.20.4 FVWM
This is my favourite window manager. I have been running it since 1996, and Ihave it working exactly the way I want it to.
$ sudo dnf -y install fvwm stalonetray gkrellm
I use stalonetray to embed Gnome and XFCE applets in FVWM’s buttons.Gkrellm is a system monitor I can embed in FVWM’s buttons.
3.21 Login Window (Display Managers) 19
3.20.5 LXDE
I like LXDE because I use its file manager, PCmanFM, in FVWM.
Like XFCE, it is a small, fast window manager that behaves a lot like a MicrosoftWindows PC.
$ sudo dnf -y install lxde-common
3.20.6 Cinnamon
Cinnamon is the old Gnome 2 interface, which I always liked.
$ sudo dnf -y install @cinnamon
3.21 Login Window (Display Managers)
3.21.1 GDM Login (Preferred)
Username display is unacceptable. I investigated, and found out how to turnoff user display on GDM. It used to not be possible to do this, which is why Igot interested on alternate display managers. I got the following from the helpfiles on http://www.gnome.org.
1. Create the GDM profile /etc/dconf/profile/gdm, with the following. . .
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults
2. Create the directory /etc/dconf/db/gdm.d.
$ sudo mkdir /etc/dconf/db/gdm.d
3. Create the keyfile /etc/dconf/db/gdm.d/00-login-screen containingthe following. . .
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true
4. Exit any applications you are running. When you restart GDM, you willbe logged out.
20 3 INSTALLATION
5. Update the system databases, and restart GDM. . .
$ sudo dconf update
$ sudo systemctl restart gdm.service
They used to have a convenient graphical tool that did this.
The original display manager, XDM, is still available to be downloaded and run,but it is absolutely basic, allowing you only to login. There is no control overyour window manager, or over rebooting and shutting down.
3.21.2 SDDM Login (If GDM doesn’t work)
GDM can have problems with Nvidia cards. If you have an Nvidia card, youmay have to run SDDM.
Open SDDM’s configuration file /etc/sddm.conf, for editing. Select a themethat does not display the user list
[Theme]
# Current theme name
#Current=01-breeze-fedora
Current=02-fedora # Use this theme!
#Current=breeze
To restart SDDM, exit any applications you are running9 and. . .
$ sudo systemctl restart sddm.service
The theme itself is configured by a file in /usr/share/sddm/themes. When Iused this on my desktop, I replaced the background graphic.
3.22 Fortune Cookie
It ain’t *NIX if there is no joke printed at the opening of each command shell.
If worst comes to worst, this is installable from a command line terminal, suchas the Gnome terminal.
9 Restarting the display manager logs you out.
3.23 Services 21
Red Hat (Fedora) Debian (Ubuntu)
$ sudo dnf -y install fortune-mod
I activated the fortune cookie by addingthe following lines to the very bottom of/etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/bin/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
$ sudo apt -y install fortune-mod
I activated the fortune cookie by addingthe following lines to the very bottom of/etc/profile
$ sudo nano /etc/profile
FORTUNE=/usr/games/fortune
if [ -x ${FORTUNE} ]; then
${FORTUNE}
fi
Make sure you scroll all the way to the bottom of /etc/profile before typinganything in.
The terminal that is launched by Gnome does not automatically run the FortuneCookie. Pull down the edit menu. Select Preferences. Select Profiles. Youshould see highlighted a profile called “Unnamed”. Click the Edit button. SelectCommand. Ensure you have highlighted the button “Run command as a loginshell”.
It will be worth it.
3.23 Services
Up until now, Fedora’s tool for managing services has been system-config-services.This allowed you to log in as root, turn stuff on and off, and make things turnon at boot.
No more.
You can still turn things on and off. Boot services are configured from thecommand line as follows. . .
# systemctl enable httpd.service
# systemctl enable network.service
3.24 Apache (httpd)
I want to run web pages from my personal account. Apache can be fairly easilymade to offer up html files sitting in the user’s public html directory. Apache’sdefault behavior is to not do this.
As of 2013Feb15, Fedora 18 installed httpd-2.4.3. The configuration files havechanged a bit, and Fedora is not doing things exactly the way the Apache manualsays.
22 3 INSTALLATION
The configuration file still is /etc/httpd/conf/httpd.conf. To activate userdirectories, Apache wants to uncomment the line. . .
#Include conf/extra/httpd-userdir.conf
This line is not in there anywhere. Nor is there a filesystem extra.
At the end of Fedora’s httpd.conf is the heading # Supplemental configuration,and the text. . .
IncludeOptional conf.d/*.conf
My interpretation of this is that all the *.conf files in there are being read.
Let us edit /etc/httpd/conf.d/userdir.conf.
Search for the string public html. There are two lines of code, separated by afew lines of comments as follows. . .
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disabled
#
# To enable requests to /~user/ to serve the user’s public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
You want to comment out UserDir disable, and uncomment UserDir public html
as follows. . .
# UserDir disable
...
UserDir public_html
Leave all the other stuff in, of course.
I enabled CGI scripts written in Perl.
Look below the UserDir section for the following lines. . .
23
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI
...
</Directory>
Add ExecCGI to the end of the Options if it is not already there.
Load /etc/httpd/conf/httpd.conf, and search for the line. . .
#AddHandler cgi-script .cgi
Uncomment it, and add .pl to the end of it so that we can execute Perl scripts.
I want to active a 404 error message for when people type in invalid web pages.
Edit /etc/httpd/conf/httpd.conf. There are a series of commented out linesstarting “ErrorDocument 404”. Add the following. . .
ErrorDocument 404 "Document not found!"
To activate httpd. . .
$ sudo systemctl enable httpd.service
$ sudo systemctl start httpd.service
To halt and restart httpd. . .
$ sudo service httpd restart
In the past, SElinux did not allow access to my public html, but it’s loggingroutine provided instructions for disabling this. I followed them, and it worked.
A Mounting a USB Stick While Installing
I was having some problems with my install, and I decided to mount myUSB stick. During the install routine, this is fairly easy. Hit ctrl+alt+f4.Log in as root. Insert your USB stick. You will see a gibberish message on thescreen with something like /dev/sdb. This is your USB device. You need tocreate a file system as a mount point, then mount your stick.
# /mdkir /usb
# mount /dev/sdb1 -o auto /usb
The mount command, above, specifies the device. Note that it is /dev/sdb1,not /dev/sdb. The -o auto tells Fedora to figure out the file system type. Youcould specify vfat, which probably is what it is, but why?
Now, you can copy files, or back up data. See my article on the UNIX CommandLine.
24 C NETWORK CONFIGURATION
B Booting with GRUB
I have had to boot Linux into Single user mode. It is not obvious how to dothis. This information comes from the Red Hat Linux 7.2 Bible, by ChristopherNegus. The publisher is Hungry Minds.
When you turn the machine on, you can either select the system you want toboot, or you can wait for the default. This gives you the standard boot. If youwant to do a non-standard boot, you must edit the boot process.
Select the kernel image you want booted, and hit the letter e. You will seesomething like the following on your screen. . .
GRUB version 0.90 (639K lower / 65530K upper memory
root (hd0,1)
kernel /boot/vmlinuz-2.43.7-10 ro root=/dev/hda3 hdc=ide-scsi
initrd /boot/initrd-2.4.7-10.img
There are some help notes immediately after this that I don’t feel like typing in.The above notes from from the Linux Bible, not from my Red Hat 7.3 laptop.I also cannot remember the value for upper memory.
The only line you should modify is the kernel one, which selects the boot image.
Position the cursor on the kernel line and press e.
To boot in single user mode, add the text linux 1.
Hit the letter b to boot the machine.
C Network Configuration
Fedoras now do the network configuration at install time. The following notesdescribe the resulting file setup, which I used to have to enter manually. Thisstuff is still worth knowing.
I went into/etc/sysconfig/network, and I set it up as follows. . .
NETWORKING=yes
HOSTNAME=Romin.eol.ca
The boot scripts in /etc/rc.d read this file and use the information to set thehostname at booting.10
I set up /etc/hosts as follows. . .
10 My laptop was called Romin back then.
25
127.0.0.1 Romin.eol.ca aspire
127.0.0.1 localhost.localdomain localhost
The domain Romin.eol.ca is a figment of my imagination. Way back then, Iconnected to the Internet using my main computer and its 56K modem.
D Encryption
These are general comments about encrypted file systems. Most of these com-ments apply to Microsoft Windows and Apple machines, as well as Linux.
As of 2018/02/07, I have encrypted my entire hard drive. My original Fedorasetup was an encrypted /home partition. When I attempted a Ubuntu install, itrefused. If the /tmp and swap partitions are not encrypted, some of the naughtystuff on /home can be accessed. Fedora does not care about this, but Ubuntuhas a point.
When I first encrypted a file system on Fedora 10 on an older laptop, I mistypedthe encryption key. Upon booting, I was unable to decrypt /home. After re-peated attempts, the machine shut down the X Window system and promptedme for root’s password. As root, there was no way to change the encryption keyor otherwise, decrypt the file system. It was possible to boot into single usermode and log in as root. There was no way to mount the partition. I loaded inthe install DVD and tried to repair the install. Again, I was prompted for the/home partition encryption key. It was impossible to re-install Linux withoutthe encryption key.
I booted into single user mode, again without the install DVD. As root, I refor-matted the /home partition. I rebooted with the install DVD, and I repeatedthe entire install process. It would have been possible to format and encryptthe /home partition from the command line, but I did not bother.
If you are running Fedora with an encrypted /home partition, it is not possibleto boot the machine into multi-user mode without the encryption key. You canboot into single user mode, but this is just a rescue procedure, and whoeveris doing it requires root’s password. No booting at all is possible with a fullyencrypted drive, without the encryption key.
Once the machine is booted, anyone with a user password can access your systemand read your data.
Anyone who must be able to boot your computer must be told the encryptionkey. This is not an issue with a personal laptop. It will be an issue on a serverif the wrong people are on vacation, out at lunch and/or run over by trucks.
If you write the raw partition out to tape or some other device, the data willbe encrypted. There is no convenient way to recover individual files from anencrypted backup. The backup media is unreadable without the encryption key.
26 D ENCRYPTION
If you write /home out to tape or some other device, the data will not beencrupted. If your backup is not encrypted, your backup media is readable bywhoever can get at it. Almost all of my backup recoveries have consisted ofme recovering individual files I have messed up somehow. If your data must besecure, you must keep your un-encrypted backups in a secure place.
Passwords and encryption keys11 are not the same thing. A password is storedon your drive somewhere, usually encrypted. When you log in, you are promptedfor the password, and what you type in is encrypted and compared with thestored, encrypted password.12 You can easily change your password.
An encryption key is used to encrypt your data. If your encryption key iscompromised, you must re-install the file system. Be very careful with yourencryption key.
Shutting down a laptop such that it must be rebooted in the presence of potentialhackers probably is a bad idea. If the laptop is being transported and operatedoutside a secure environment, it should be put to sleep, rather than shut down.
My old Acer Aspire had a bad keyboard. Often, it took multiple tries to typein the encryption key and get the thing booted. On at least one occasion, I hadto give up on using the laptop. If hackers had been watching me, they wouldhave had multiple opportunities to watch me type the key.
An encryption key is more secure if you are a touch typist, and you have a goodkeyboard.
Even an encrypted /home partition renders a laptop useless to anyone who doesnot have the key. A thief will be unable to boot the computer, much less readdata off of it. If the bad guys have stolen your computer, they can remove yourdrive, install it in their machine, and hack your encryption key by brute force.
Encrypting a workstation or file server probably is not worth the trouble. En-cryption really only works when the machine is shut down. Servers generallyare kept running. There should be no need to move these machines out of asecure area. An encryption key must be written out and stored in a companysafe, or some other secure area.
11 A lot of install instructions refer to keys as passwords.12 Not all applications encrypt passwords. Probably, there are online applications out there
that don’t. The passwords are visible in plain text to whoever is administering them. This isone of the reasons you do not re-use passwords.
