Installation + Initial Setup

Installation + Initial Setup
— print (last updated: Jul 25, 2009) — print

There are three ways to "personalize" this online document by providing values relevant to you.

Initially you will need to create a login on the machine on which you're installing Ubuntu. It can be whatever you like. Personalize this document by replacing the generic LOGIN by the actual login:

ok
When the networking is set up, you will have to specify the name of the machine, which, in fully qualified name form, is MACHINE.cs.wcupa.edu. Personalize this document by replacing the generic, simple unqualified name, MACHINE, by its actual name:

ok
You will test secure shell access into your machine from the taz student server. Personalize this document by replacing the generic TAZLOGIN by the actual taz login:

ok

Ubuntu

The Ubuntu Linux distribution offers both desktop and server versions of the software. Within the desktop versions there is the standard version (the one most easily found on the Ubuntu website) and the alternative version, which permits more installation options. We are describing the standard desktop installation for version 9.04. The initial steps to get the installation up can be done on any machine without network connectivity.

Installation

Insert the Ubuntu installation CD and boot from it. On the Lenovo machines, type F12 (repeatedly) as soon as the system starts to come up (running the BIOS) until you summon up:

Startup Device Menu

Select and activate the CD (IDE CD) choice. The system will boot to begin installation. The first steps are to query for a language with which Ubuntu presents then presents the choices of what to do. Select:

Install Ubuntu

Then we proceed with the installation. The Forward button moves you through the seven easy steps.

Choose an installation Language (probably the default).
Time Zone Setup: America/New York (probably the default)
Keyboard Layout: USA/USA (probably the default).
Partitioner. Select:
```
 Use entire disk
```
This creates a standard partitioning with a minimal layout of root (/dev/sda1) + swap (/dev/sda5) providing a generous amount of swap space relative to the amount of RAM to be used for virtual memory. There are many other considerations for partitioning (see the discussion below).

Who Are You? This provides you with a login as a non-root administrative user:

What is your name?   full name
Login?               your taz login will simplify other things we do
Password:            your own favorite password (you'll keep this private)
Computer Name:       take whatever it gives you, we'll change it soon.

When you go forward from this point, the installation will attempt to block what it considers a "weak" password. You can, of course, decide to continue anyway.

Ready to install. There is no step 6 with this procedure. Click the Install button to proceed. It takes about 8 minutes.

After the installation is complete log in as the user you specified. The window manager is called GNOME. Linux is used with a wide variety of window managers, the most popular being GNOME and KDE. Ubuntu itself offers an alternative version called Kubuntu in which KDE is the default desktop.

Terminal + Browser

Probably the two most important features you'll need are access to a command shell and a web browser. The browser is already a panel item (on the top bar).

Bookmark the course website

It is often easier to follow along through the experiments in the course documents like this one by viewing them through the browser. The documents often contain hyperlinks and the code can often by copied and pasted. Towards this end, open Firefox and enter the course URL:

http://www.cs.wcupa.edu/rkline/gradlinux

Locate the course from the selection and and add it as a bookmark. Then access this document on-line.

Add a Terminal

Select

Applications Accessories Terminal

Right-click on Terminal and select: Add this launcher to panel

If you've never used a UNIX-like terminal shell, the most important commands are:

$ ls                   (list the files/directories)
$ cd some-directory    (change working directory)

Updates

An underlying process runs on your machine which detects available security updates and invokes the Update Manager with the option of installing them. Unless you're in the middle of something really urgent, it's a good idea to run these updates.

There are three common ways to do updates:

Update Manager, available through:
System Administration Update Manager
In general, click the Check button and go for the updates.
Synaptic Package Manager, available through:
System Administration Synaptic Package Manager.
Doing updates is a matter of three steps:
Reload, Mark All Upgrades, Apply
The advantage of this tool is that you can also perform installations of new packages.
Shell-based apt-get command. Updates with this is a two-step process done as root:
```
$ sudo apt-get update
$ sudo apt-get upgrade
```

Although the apt-get form may seem to be less desirable, you'll see that Ubuntu administrative documentation typically uses this command as the common way of telling the user (as administrator) which packages to install. The installation takes the form:

$ sudo apt-get install some-package-1 some-package-2 ...

This shell-based version may be the only available approach if you're accessing the machine through a secure-shell connection.

In contrast, Synaptic is usually the best choice to get information about packages if you don't know exactly what package choice to make and to know what the consequences of installing it will be.

aptitude

One issue with the "apt-get procedure" for upgrading is that this approach will not install a new kernel and you have little control over the procedure. The aptitude command provides a shell-based equivalent of synaptic. Although it may seem not quite as friendly, it actually has a drop-down menu system in the shell! In aptitude, a full upgrade can be done with three keystrokes: Ugg.

root, non-root & sudo

As a "normal", or "non-root" user on a system, with no administrative priviledges, virtually everything you create or edit are files are within your home directory:

/home/LOGIN

From the shell perspective, indication of your non-root status is the usage of the "$" marker as the prompt suffix. In contrast, as system administrator, most things you do are as root user. Any time your actions affect a file outside your home directory, you have to be root user to do so. There are two common ways to do so in Ubuntu systems:

Preface administrative commands with sudo
Use sudo to activate a root shell and run commands in the shell

The sudo application allows you to do other commands as root. In the most common, unrestricted manner, it allows you to do everything as root, subject to validation of being a suitable "sudo" user. Running commands as root via sudo is quite straightforward:

$ sudo some-command-as-root
[sudo] password for LOGIN:

For example, try doing a full listing the protected home directory of root:

$ ls -a /root
$ sudo ls -a /root

sudo doesn't always prompt for your password, just "the first time in a while" defined by some internal mechanism. We'll soon set this so that you can omit the password entry.

To run a root shell, one must use sudo to invoke the shell. There are several different ways to do so:

$ sudo -s             (root shell with minimal enviroment, stay where you are)
$ sudo su             (more of root's enviroment, stay where you are)
$ sudo su -           (root login environment, cd to /root)
$ sudo -H bash -l     (root login environment, stay where you are)

In each case, a root shell is evoked with the prompt:

For the most part, "sudo su" does the trick and it is the easiest to type; however, there are distinctions in the settings of the environment variables. It turns out that the last method, "sudo -H bash -l", is probably the "best," although somewhat cumbersome to type (which is why we want to have an alias for it).

There are several advantages to using a root shell over using sudo directly:

It's easier to give a series of commands, all as root, instead of prefacing each by "sudo."
When you're using sudo, you are still "normal user" up to the command's execution. One difference is that tab completion, using sudo, will not work on "root readable-only" directories. For example, compare:
```
$ sudo ls /root/.b[TAB][TAB]           (nothing)
```
and, after becoming root,
```
# ls /root/.b[TAB][TAB]
.bash_history  .bashrc        
```

Exit a root shell

The idea of being root is that you become root to do some administrative tasks, and then go back to "normal user." To exit a root shell, you can use the exit command:

# exit 
$ back to normal user

or more simply, press the control key and type letter "d" on an empty line. It's written this way:

# Ctrl-D
$ back to normal user

Tab completion

If you're familiar with tab completion you'll understand well the advantage of the latter point made above. Suppose I want to run the administrative command:

select-default-wordlist

My choices are:

$ sudo select-default-wordlist

$ sudo su
# select-default-wordlist

In both cases I can partially "generate" the full command with the TAB key by typing:

# sel[TAB]ect-d[TAB]efault-w[TAB]ordlist

The "ect", "efault", and "ordlist" portions of the command are generated by the [TAB] key. Also try typing:

# sel[TAB]ect[TAB][TAB]

to see all the commands which start with select.

Create the root password

You will probably never need to use the root password in an Ubuntu system since all administrative actions are effected through sudo. This is primarily needed to provide a means for the instructor to access your machine without having to reveal your user password.

$ sudo passwd
Enter new UNIX password:  THE-PASSWORD-I-GAVE-YOU
Retype new UNIX password: THE-PASSWORD-I-GAVE-YOU
passwd: password updated successfully

As normal user, the passwd command would ask you for your current password and disallow changing to what it considers a "weak" password. Test it out by doing:

$ su 
Password: THE-PASSWORD-I-GAVE-YOU
#

Notational conventions

There are three common symbols used when presenting Linux commands:

$      prompt for a non-root command
#      prompt for a root command
~      the user's home directory, only used for a non-root command

I need to emphasize that you should not be root when the ~ symbol is used, otherwise it will not refer to /home/LOGIN. The other point to make is that "#" also serves as the comment-line starter in Bash (as well as other script languages), and so there is potential confusion in its usage and you have to distinguish, by context, whether I mean:

# a-command-to-be-done-as-root

# a comment line from a (Bash) script

Editors

Linux systems provide a fantastic variety of editors which can be categorized, perhaps, like this:

non-graphical editors: the two common ones being vim (vi) and nano. Shell-based editors in Linux are called ncurses-based because they special terminal characteristics used to present the document for editing. They are invoked from a terminal shell like this:
```
$ vim some-file
$ nano some-file
```
If the file doesn't already exist, the editor effectively creates it. This presumes that a pre-exsting file is within the "current working directory," and so one must use cd to "navigate" to the correct directory Alternatively, you need not need navigate to the directory in question if you use the file's full path:
```
$ vim /path/to/some-file
```
The advantage of a non-graphical editor is that it may be the easiest way to edit a file remotely when no graphical interface is available. The other important usage is for low-level error recovery in which the administrator needs to access the system before a graphical interface is created. As Linux administrator you probably will need to use these at some point.
graphical editors: the default GNOME graphical editor is gedit; another good one is kate
IDEs (Integrated Developement Environments) like NetBeans, Eclipse, Quanta, etc.

There are several ways to access a file with a graphical editor:

From a terminal shell: navigate to the file's directory and do
```
$ gedit some-file &
```
The terminating "&"; is optional, but it is common practice because it backgrounds the editor process and returns access to the shell.
Invoke the editor from the menu and then open the file from the application. This is a commonly used by IDEs which often make it more convenient by remembering the last file(s) edited.
Activate the editor through the file itself in a graphical presentation, usually by double-clicking the file.

All methods must deal with how to "get the editor to the file." One significant advantage of the shell-based approach is that it the easiest way to use a graphical editor as root, for example:

$ sudo gedit some-file &

gedit

The gedit editor is found in the menu structure at

Applications Accessories Text Editor

There are a number of useful plugins which can be activated. Many of these are installable via:

$ sudo apt-get install gedit-plugins

nano

If you're not comfortable with vim (below), use the nano editor from the command-line. It has a simple control-character based system for getting in and out of the file.

vim

The historical choice of UNIX hackers is the vim editor, usually accessible as the vi command alias (the older version). Ubuntu desktop (at least in this Ubuntu version), installs a minimal version of vim (no syntax colorization, etc.), presumably because it assumes the typical desktop user is not a vim junkie. Install the truly improved version:

$ sudo apt-get install vim

Going a bit further, these are additional packages which may be of interest:

vim-full vim-doc vim-gtk vim-perl

Some basic vim operations are:

i, o, a:     enter insert mode from command mode
Esc:         leave insert mode
:            give a line command
:q!          quit without saving changes
:w           save changes
:x           save changes and quit (also :wq)

Two of the most useful features are

excellent syntax highlighting
last line remembering, meaning that vim will automatically jump to the position you were last at when you closed the file.

vim's features, for all users, can be controlled in the global features file /etc/vim/vimrc. Edit this file by doing:

$ sudo vim /etc/vim/vimrc

If you scroll down, you'll see the syntax highlighting already "turned on" in the lines

if has("syntax")
  syntax on
endif

Go further and look for the lines:

"if has("autocmd")
"  au BufReadPost * if line .....
"endif

The initial double-quote is a comment character. Remove it from these three lines. Another potentially useful thing is line numbering, but it can be an annoyance, so it's better to make it optional. If you want it, edit (create) ~/.vimrc

$ vim ~/.vimrc

and create one line in this file before saving and closing:

set number

To turn off line number in a file temporarily, use the command:

:set nonumber

Learning vim requires some practice. It probably is worth your while to run:

$ vimtutor

kate

kate is the default KDE editor. You can install it by:

$ sudo apt-get install kate

bluefish

A decent multi-purpose editor is bluefish. This is primarily an HTML editor (a good one), but it also can serve for text files, Java source files, etc. Install it as follows:

$ sudo apt-get install bluefish

gvim

This is, perhaps, a more palatable version of vim. It has buttons and menus to help you get going if you're not used to vim's cryptic keyboard commands. The "vim-full" package already installs it (you can see it in the Accessories menu).

xemacs/emacs

Some faculty (not mentioning any names) cannot imagine life without xemacs. If you adhere to this philosophy, go for it:

$ sudo apt-get install xemacs21

Take a look at some of the "suggested" packages and perhaps install those as well.

Easy sudo access

Since we become root so often, it's worthwhile to not have to key in our password. Ubuntu builds in a special way to have this take effect. We need to edit two system files:

/etc/group
/etc/sudoers      (the key control file for sudo)

Try to understand that whenever I say to "edit a (system) file," meaning any file that's not in your home directory, you have to do it as root. I'm going to refer to nano as the choice of editors, but you're welcome to use vim.

Add your login to the sudo group. Edit /etc/group:
```
$ sudo nano /etc/group
```
Scroll down looking for the line:
```
sudo:x:27:
```
Add your login to this line (replace YOUR-LOGIN appropriately):
```
sudo:x:27:LOGIN
```
Exit and save the changes. This same effect can be achieved via the system command:
```
$ sudo adduser LOGIN sudo
```
but it's useful to see exactly what is going on.
Make the sudo group relevant to the sudo command. Edit /etc/sudoers:
```
$ sudo nano /etc/sudoers
```
Look for the commented line:
```
# %sudo ALL=NOPASSWD: ALL
```
Uncomment it and move it to the last line, making the end of the file look like this:
```
%admin ALL=(ALL) ALL
%sudo ALL=NOPASSWD: ALL
```
Save the changes and exit. If you use vim instead of nano you have to use :x! to write and quit this file since it's marked as read-only for root — it's probably better to use sudoedit (see below).
Log out and log back in to pick up the changes. Run the command:
```
$ groups
```
and observe "sudo" listed among the groups to which you belong. Try it out:
```
$ sudo su
```

sudoedit & visudo

The sudo package provides a special executable sudoedit which combines the sudo+edit features. It defaults to the vim editor unless the EDITOR environment variable is specified. Thus:

$ sudoedit /etc/sudoers

will edit using vim. It actually edits a temporary file and then writes it back and so no special syntax is needed to save the changes. If you want to use nano you have to specify the EDITOR variable. The easiest way to do so is to with the env command

$ env EDITOR=nano sudoedit /etc/sudoers

The sudo package also provides a special executable visudo which has the sole purpose of editing /etc/sudoers. The equivalents of the above two commands using sudoedit would be, respectively:

$ sudo visudo
$ sudo env EDITOR=nano visudo

Network Configuration

Hostname

Edit /etc/hostname, change it to:

MACHINE.cs.wcupa.edu

Change the hostname by running:

$ sudo /etc/init.d/hostname.sh

network parameters

We want to set the IP address, gateway, etc.

Right-click on the networking icon in the upper panel (next to the sound icon).
Choose the Wired Tab, click the "Auto Eth0" line and select Edit.
Select the IPv4 Settings tab. Select Manual as the desired Method.

Click the Add button in the Addresses section and enter the information:

Address:  10.42.1.MACHINE's_octet
Netmask:  255.255.255.0
Gateway:  10.42.1.1

In the DNS servers line, enter: 10.42.1.21, 10.42.1.37
In the Search Domains line, enter: cs.wcupa.edu
Hit Apply then Close

Secure Shell service

Install secure shell server plus assorted security packages by doing:

$ sudo apt-get install openssh-server openssh-blacklist openssh-blacklist-extra

Ubuntu service installations automatically start the service and configure it to start automatically on boot.

Remote access to/from taz

The student taz server is the gateway to access of your machine from the outside world. Test it out by going through the student taz server:

[MACHINE]$ ssh TAZLOGIN@taz
[taz]$ ssh LOGIN@MACHINE

If the logins are the same on both client and server systems, you can omit the "...@" prefix.

Access your machine from home

As indicated above, because of the University firewall you have to go through the student taz server to get to your machine. If you have no choice and must use an Windows computer, then do the right thing – install Cygwin!. You're a Computer Scientist! Follow THIS LINK to a howto on Dr. Kline's website.

Services Management

Managing services means the ability to turn them off and on as needed. The Linux-common way to do so uses the shell with a command like:

$ sudo /etc/init.d/some-service [ start | stop | restart ]

For example, you can restart the ssh service by:

$ sudo /etc/init.d/ssh restart

Restart (and sometimes less-costly reload) operations are necessary after configuration changes. The other issue is having the service start automatically. For example, you want secure shell to start by itself on boot without user intervention. This is controlled by the presence of files in certain key directories. Try typing:

$  runlevel 
N 2

Your machine is "at runlevel 2". Then type:

$ ls -l /etc/rc2.d/S16ssh 
lrwxrwxrwx 1 root root ... /etc/rc2.d/S16ssh -> ../init.d/ssh

The file S16ssh is the "startup" link which runs the script /etc/init.d/ssh whenever the machine enters runlevel 2, which is the "usual" runlevel.

The most complete way of controlling the available services is via the executable sysv-rc-conf, which must be installed:

$ sudo apt-get install sysv-rc-conf
$ sudo sysv-rc-conf

Scroll down to see the ssh service started at runlevels 2-5. Type "q" to exit. Other levels 3-5 are alternative runlevels which are not of much interest to us.

Additional package installations

Install some (semi-) proprietary stuff. First of all, the flash plugin plus some common true-type fonts.

$ sudo apt-get install \
  flashplugin-installer msttcorefonts ttf-xfree86-nonfree

Next, the SUN Java stuff, which I find to be a bit better than the Open JDK stuff:

$ sudo apt-get install \
  sun-java6-jdk sun-java6-jre sun-java6-plugin sun-java6-fonts

The installation of some of these requires agreeing to a 'Distributor License' twice:

First, press the TAB key to highlight OK, then Enter.
Second, Press TAB key to get to "Yes", then Enter.

A useful package for configuring GNOME is:

$ sudo apt-get install gconf-editor

A useful package for software development is:

$ sudo apt-get install manpages-dev

Other Discussion Points

Disk partitions & Directories

Any Linux installation requires at least two disk partitions:

/: the root partition giving access to the entire file system
swap: for virtual memory

You can see choices Ubuntu made in its partitioning by running:

$ sudo fdisk -l /dev/sda

You'll see:

/dev/sda1   *           1        9328    74927128+  83  Linux
/dev/sda2            9329        9730     3229065    5  Extended
/dev/sda5            9329        9730     3229033+  82  Linux swap / Solaris

Intel systems support up to four primary partitions numbered 1, 2, 3, 4. One of these can be an extended partition which permits unlimited so called logical partitions numbered upwards from 5. The partition which contains the kernel and other boot files (in Linux, the /boot subdirectory) must reside on a primary partition.

You can see how much of a partition serving as a file system is being used by running the df command, such as:

$ df -m

Look for the /dev/sda1 line and observe that the initial system occupies only about 2.5 GB.

Depending on other considerations, these directories can occupy their own partitions:

/boot: containing the kernel(s), initial ramdisk and other boot-related configuration files (not the modules, which reside in /lib/modules). The size is 100-200MB. Other Linux distributions, such as Fedora and Gentoo favor having a boot partition.
/tmp: this directory is world writeable holding temporary files; it is often placed into a separate partition for security reasons; if used, a 1GB size is sufficient.
/var: this typically holds a number of directories which "vary" often, including system logs, print spool directory, web server documents, user mail, mysql databases, package manager files, etc.; if used, it should be given 3 GB, if possible.
/usr: the bulk of the package-oriented software goes here; about 95% of the original installation is within this directory
/usr/local: by convention, non-package oriented Linux software will try to install here; typically this is not split off as a separate partition, but can be if needed.
/home: user accounts; this is somewhat more volatile on a multi-user system and can be split off into a separate partition for security

Redhat-style installations also prefers boot, root, swap partitions with the root and swap being logical volume (LVM) partitions. LVM presumably allowss partition resizing to be done on the fly while the machine is running.

System directories

Here is a quick description of a number of common system directories.

/etc:              configuration files
/etc/skel:         directory to copy for new user
/dev:              device files
/lib, /usr/lib:    dynamic libaries (".so"), the kernel modules
/proc:             process information (this is a proc filesystem)
/bin, /usr/bin:    programs
/sbin, /usr/sbin:  programs which don't use dynamic libraries
/root:             the home directory for root

You can find out how much space a certain directory occupies by running the du command, such as

$ sudo du -s /etc      (some /etc files are root-accessible only)

RAM and Virtual Memory usage

Look at the memory size by running:

$ free

These machines have 2GB of RAM and the the size of swap space is about 1.5 * RAM. There is a certain point of confusion regarding how much swap do you need, since this is meant to act like overflow for physical memory. Other installations, such as Gentoo claim to need only ½M of swap regardless of the RAM size.